WXBizDataCrypt.php 3.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
  1. <?php
  2. // +----------------------------------------------------------------------
  3. // | 萤火商城系统 [ 致力于通过产品和服务,帮助商家高效化开拓市场 ]
  4. // +----------------------------------------------------------------------
  5. // | Copyright (c) 2017~2024 https://www.yiovo.com All rights reserved.
  6. // +----------------------------------------------------------------------
  7. // | Licensed 这不是一个自由软件,不允许对程序代码以任何形式任何目的的再发行
  8. // +----------------------------------------------------------------------
  9. // | Author: 萤火科技 <admin@yiovo.com>
  10. // +----------------------------------------------------------------------
  11. declare (strict_types=1);
  12. namespace app\common\library\wechat;
  13. /**
  14. * 微信数据加解密
  15. * Class WXBizDataCrypt
  16. * @package app\common\library\wechat
  17. */
  18. class WXBizDataCrypt
  19. {
  20. private $sessionKey;
  21. /**
  22. * 构造函数
  23. * @param string|null $sessionKey 用户在小程序登录后获取的会话密钥
  24. */
  25. public function __construct(?string $sessionKey = null)
  26. {
  27. $this->sessionKey = $sessionKey ?: substr(md5(php_uname()), 0, 24);
  28. }
  29. /**
  30. * 检验数据的真实性,并且获取解密后的明文.
  31. * @param string $encryptedData 加密的用户数据
  32. * @param string $iv 与用户数据一同返回的初始向量
  33. * @param mixed $content 解密后的原文
  34. * @return int 成功0,失败返回对应的错误码
  35. */
  36. public function decryptData(string $encryptedData, string $iv, &$content): int
  37. {
  38. if (strlen($this->sessionKey) != 24) {
  39. return ErrorCode::$IllegalAesKey;
  40. }
  41. if (strlen($iv) != 24) {
  42. return ErrorCode::$IllegalIv;
  43. }
  44. $aesKey = base64_decode($this->sessionKey);
  45. $aesIV = base64_decode($iv);
  46. $aesCipher = base64_decode($encryptedData);
  47. $result = openssl_decrypt($aesCipher, 'AES-128-CBC', $aesKey, 1, $aesIV);
  48. if (empty($result)) {
  49. return ErrorCode::$IllegalBuffer;
  50. }
  51. $resultArr = json_decode($result, true);
  52. if (empty($resultArr)) {
  53. return ErrorCode::$IllegalBuffer;
  54. }
  55. $content = $resultArr;
  56. return ErrorCode::$OK;
  57. }
  58. /**
  59. * 检验数据的真实性,并且获取加密后的密文.
  60. * @param string $plaintext 要加密的用户数据
  61. * @param string $iv 与用户数据一同返回的初始向量
  62. * @param string $encryptedData 加密后的数据
  63. * @return int 成功0,失败返回对应的错误码
  64. */
  65. public function encryptData(string $plaintext, string $iv, string &$encryptedData): int
  66. {
  67. if (strlen($this->sessionKey) != 24) {
  68. return ErrorCode::$IllegalAesKey;
  69. }
  70. if (strlen($iv) != 24) {
  71. return ErrorCode::$IllegalIv;
  72. }
  73. $aesKey = base64_decode($this->sessionKey);
  74. $aesIV = base64_decode($iv);
  75. $ciphertext = openssl_encrypt($plaintext, 'AES-128-CBC', $aesKey, 1, $aesIV);
  76. if ($ciphertext == NULL) {
  77. return ErrorCode::$IllegalBuffer;
  78. }
  79. $encryptedData = base64_encode($ciphertext);
  80. return ErrorCode::$OK;
  81. }
  82. /**
  83. * 生成一个伪随机字节串
  84. * @return string
  85. */
  86. public function createIv(): string
  87. {
  88. $ivlen = openssl_cipher_iv_length('AES-128-CBC');
  89. $iv = openssl_random_pseudo_bytes($ivlen);
  90. return base64_encode($iv);
  91. }
  92. }