hitsword
/
fastadmin
mirror of https://gitee.com/karson/fastadmin.git
1
0
Fork 0
Code Issues Releases Wiki Activity
fastadmin/extend/fast/payment/Alipay.php

448 lines
17 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

<?php
namespace fast\payment;
use DOMDocument;
use Exception;
/**
* 支付宝
* @link https://github.com/mytharcher/alipay-php-sdk
*/
class Alipay
{
const SERVICE = 'create_direct_pay_by_user';
const SERVICE_WAP = 'alipay.wap.trade.create.direct';
const SERVICE_WAP_AUTH = 'alipay.wap.auth.authAndExecute';
const SERVICE_APP = 'mobile.securitypay.pay';
const GATEWAY = 'https://mapi.alipay.com/gateway.do?';
const GATEWAY_MOBILE = 'http://wappaygw.alipay.com/service/rest.htm?';
const VERIFY_URL = 'http://notify.alipay.com/trade/notify_query.do?';
const VERIFY_URL_HTTPS = 'https://mapi.alipay.com/gateway.do?service=notify_verify&';
// 配置信息在实例化时传入,以下为范例
private $config = array(
// 即时到账方式
'payment_type' => 1,
// 传输协议
'transport' => 'http',
// 编码方式
'input_charset' => 'utf-8',
// 签名方法
'sign_type' => 'MD5',
// 证书路径
'cacert' => './cacert.pem',
//验签公钥地址
'public_key_path' => './alipay_public_key.pem',
'private_key_path' => '',
// 支付完成异步通知调用地址
// 'notify_url' => 'http://'.$_SERVER['HTTP_HOST'].'/order/callback_alipay/notify',
// 支付完成同步返回地址
// 'return_url' => 'http://'.$_SERVER['HTTP_HOST'].'/order/callback_alipay/return',
// 支付宝商家 ID
'partner' => '2088xxxxxxxx',
// // 支付宝商家 KEY
'key' => 'xxxxxxxxxxxx',
// // 支付宝商家注册邮箱
'seller_email' => 'email@domain.com'
);
private $is_mobile = FALSE;
public $service = self::SERVICE;
public $gateway = self::GATEWAY;
/**
* 配置
* @param $options array 配置信息
* @param null $type string 类型 wap app
*/
public function __construct($options = [], $type = null)
{
if ($config = Config::get('payment.alipay'))
{
$this->config = array_merge($this->config, $config);
}
$this->config = array_merge($this->config, is_array($options) ? $options : []);
$this->is_mobile = (($type == 'wap' || $type === true) ? true : false);
if ($this->is_mobile)
{
$this->gateway = self::GATEWAY_MOBILE;
}
if ($type == 'wap' || $type === true)
{
$this->service = self::SERVICE_WAP;
}
elseif ($type == 'app')
{
$this->service = self::SERVICE_APP;
}
}
/**
* 生成请求参数的签名
*
* @param $params <Array>
* @return <String>
*
*/
function signParameters($params)
{
// 支付宝的签名串必须是未经过 urlencode 的字符串
// 不清楚为何 PHP 5.5 里没有 http_build_str() 方法
$paramStr = urldecode(http_build_query($params));
switch (strtoupper(trim($this->config['sign_type'])))
{
case "MD5" :
$result = md5($paramStr . $this->config['key']);
break;
case "RSA" :
case "0001" :
$priKey = file_get_contents($this->config['private_key_path']);
$res = openssl_get_privatekey($priKey);
openssl_sign($paramStr, $sign, $res);
openssl_free_key($res);
//base64编码
$result = base64_encode($sign);
break;
default :
$result = "";
}
return $result;
}
/**
* 准备签名参数
*
* @param $params <Array>
* $params['out_trade_no'] 唯一订单编号
* $params['subject']
* $params['total_fee']
* $params['body']
* $params['show_url']
* $params['anti_phishing_key']
* $params['exter_invoke_ip']
* $params['it_b_pay']
* $params['_input_charset']
* @return <Array>
*/
function prepareParameters($params)
{
$default = array(
'service' => $this->service,
'partner' => $this->config['partner'],
'_input_charset' => trim(strtolower($this->config['input_charset']))
);
if (!$this->is_mobile)
{
$default = array_merge($default, array(
'payment_type' => $this->config['payment_type'],
'seller_id' => $this->config['partner'],
'notify_url' => $this->config['notify_url'],
));
if (isset($this->config['return_url']))
{
$default['return_url'] = $this->config['return_url'];
}
}
$params = $this->filterSignParameter(array_merge($default, (array) $params));
ksort($params);
reset($params);
return $params;
}
/**
* 生成签名后的请求参数
*
*/
function buildSignedParameters($params)
{
$params = $this->prepareParameters($params);
$params['sign'] = $this->signParameters($params);
if ($params['service'] != self::SERVICE_WAP && $params['service'] != self::SERVICE_WAP_AUTH)
{
$params['sign_type'] = strtoupper(trim($this->config['sign_type']));
}
return $params;
}
/**
* https://doc.open.alipay.com/doc2/detail.htm?spm=a219a.7629140.0.0.NgdeQA&treeId=59&articleId=103663&docType=1
* 服务端生成app支付使用的参数以及签名
* @param $params <Array>
* @return <Array>
*/
function buildSignedParametersForApp($params)
{
$params = $this->prepareParameters($params);
$params['sign'] = urlencode($this->signParameters($params));
$params['sign_type'] = 'RSA';
$paramStr = [];
foreach ($params as $k => &$param)
{
$param = '"' . $param . '"';
$paramStr[] = $k . '=' . $param;
}
return implode('&', $paramStr);
}
/**
* 生成请求参数的发送表单HTML
*
* 其实这个函数没有必要,更应该使用签名后的参数自己组装,只不过有时候方便就从官方 SDK 里留下了。
*
* @param $params <Array> 请求参数(未签名的)
* @param $method <String> 请求方法默认post可选 get
* @param $target <String> 提交目标默认_self
* @return <String>
*
*/
function buildRequestFormHTML($params, $method = 'post', $target = '_self')
{
$params = $this->buildSignedParameters($params);
$html = '<meta charset="' . $this->config['input_charset'] . '" /><form id="alipaysubmit" name="alipaysubmit" action="' . $this->gateway . ' _input_charset="' . trim(strtolower($this->config['input_charset'])) . '" method="' . $method . ' target="$target">';
foreach ($params as $key => $value)
{
$html .= "<input type='hidden' name='$key' value='$value'/>";
}
$html .= "</form><script>document.forms['alipaysubmit'].submit();</script>";
return $html;
}
/**
* 准备移动网页支付的请求参数
*
* 移动网页支付接口不同,需要先服务器提交一次请求,拿到返回 token 再返回客户端发起真实支付请求。
* 该方法只完成第一次服务端请求,生成参数后需要客户端另行处理(可调用`buildRequestFormHTML`生成表单提交)。
*
* @param $params <Array>
* $params['out_trade_no'] 订单唯一编号
* $params['subject'] 商品标题
* $params['total_fee'] 支付总费用
* $params['merchant_url'] 商品链接地址
* $params['req_id'] 请求唯一 ID
* $params['it_b_pay'] 超期时间(秒)
* @return <Array>/<NULL>
*/
function prepareMobileTradeData($params)
{
// 不要用 SimpleXML 来构建 xml 结构,因为有第一行文档申明支付宝验证不通过
$xml_str = '<direct_trade_create_req>' .
'<notify_url>' . $this->config['notify_url'] . '</notify_url>' .
'<call_back_url>' . $this->config['return_url'] . '</call_back_url>' .
'<seller_account_name>' . $this->config['seller_email'] . '</seller_account_name>' .
'<out_trade_no>' . $params['out_trade_no'] . '</out_trade_no>' .
'<subject>' . htmlspecialchars($params['subject'], ENT_XML1, 'UTF-8') . '</subject>' .
'<total_fee>' . $params['total_fee'] . '</total_fee>' .
'<merchant_url>' . $params['merchant_url'] . '</merchant_url>' .
(isset($params['it_b_pay']) ? '<pay_expire>' . $params['it_b_pay'] . '</pay_expire>' : '') .
'</direct_trade_create_req>';
$request_data = $this->buildSignedParameters(array(
'service' => $this->service,
'partner' => $this->config['partner'],
'sec_id' => $this->config['sign_type'],
'format' => 'xml',
'v' => '2.0',
'req_id' => $params['req_id'],
'req_data' => $xml_str
));
$url = $this->gateway;
$input_charset = trim(strtolower($this->config['input_charset']));
if (trim($input_charset) != '')
{
$url = $url . "_input_charset=" . $input_charset;
}
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true); //SSL证书认证
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2); //严格认证
curl_setopt($curl, CURLOPT_CAINFO, $this->config['cacert']); //证书地址
curl_setopt($curl, CURLOPT_HEADER, 0); // 过滤HTTP头
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); // 显示输出结果
curl_setopt($curl, CURLOPT_POST, true); // post传输数据
curl_setopt($curl, CURLOPT_POSTFIELDS, $request_data); // post传输数据
$responseText = curl_exec($curl);
//var_dump( curl_error($curl) );//如果执行curl过程中出现异常可打开此开关以便查看异常内容
curl_close($curl);
if (empty($responseText))
{
return NULL;
}
parse_str($responseText, $responseData);
if (empty($responseData['res_data']))
{
return NULL;
}
if ($this->config['sign_type'] == '0001')
{
$responseData['res_data'] = $this->rsaDecrypt($responseData['res_data'], $this->config['private_key_path']);
}
//token从res_data中解析出来也就是说res_data中已经包含token的内容
$doc = new DOMDocument();
$doc->loadXML($responseData['res_data']);
$responseData['request_token'] = $doc->getElementsByTagName("request_token")->item(0)->nodeValue;
$xml_str = '<auth_and_execute_req>' .
'<request_token>' . $responseData['request_token'] . '</request_token>' .
'</auth_and_execute_req>';
return array(
'service' => self::SERVICE_WAP_AUTH,
'partner' => $this->config['partner'],
'sec_id' => $this->config['sign_type'],
'format' => 'xml',
'v' => '2.0',
'req_data' => $xml_str
);
}
/**
* 支付完成验证返回参数(包含同步和异步)
*
* @return <Boolean>
*/
function verifyCallback()
{
$async = empty($_GET);
$data = $async ? $_POST : $_GET;
if (empty($data))
{
return FALSE;
}
$signValid = $this->verifyParameters($data, $data["sign"]);
$notify_id = isset($data['notify_id']) ? $data['notify_id'] : NULL;
if ($async && $this->is_mobile)
{
//对notify_data解密
if ($this->config['sign_type'] == '0001')
{
$data['notify_data'] = $this->rsaDecrypt($data['notify_data'], $this->config['private_key_path']);
}
//notify_id从decrypt_post_para中解析出来也就是说decrypt_post_para中已经包含notify_id的内容
$doc = new DOMDocument();
$doc->loadXML($data['notify_data']);
$notify_id = $doc->getElementsByTagName('notify_id')->item(0)->nodeValue;
}
//获取支付宝远程服务器ATN结果验证是否是支付宝发来的消息
$responseTxt = 'true';
if (!empty($notify_id))
{
$responseTxt = $this->verifyFromServer($notify_id);
}
//验证
//$signValid的结果不是true与安全校验码、请求时的参数格式带自定义参数等、编码格式有关
//$responsetTxt的结果不是true与服务器设置问题、合作身份者ID、notify_id一分钟失效有关
return $signValid && preg_match("/true$/i", $responseTxt);
}
function verifyParameters($params, $sign)
{
$params = $this->filterSignParameter($params);
if (isset($params['notify_data']))
{
$params = array(
'service' => $params['service'],
'v' => $params['v'],
'sec_id' => $params['sec_id'],
'notify_data' => $params['notify_data']
);
}
else
{
ksort($params);
reset($params);
}
$content = urldecode(http_build_query($params));
switch (strtoupper(trim($this->config['sign_type'])))
{
case "MD5" :
return md5($content . $this->config['key']) == $sign;
case "RSA" :
case "0001" :
return $this->rsaVerify($content, $this->config['public_key_path'], $sign);
default :
return FALSE;
}
}
/**
* 过滤参数,去除sign/sign_type参数
* @param $params
* @return <Array>
*/
function filterSignParameter($params)
{
$result = array();
foreach ($params as $key => $value)
{
if ($key != 'sign' && $key != 'sign_type' && $value)
{
$result[$key] = $value;
}
}
return $result;
}
function verifyFromServer($notify_id)
{
$transport = strtolower(trim($this->config['transport']));
$partner = trim($this->config['partner']);
$veryfy_url = ($transport == 'https' ? self::VERIFY_URL_HTTPS : self::VERIFY_URL) . "partner=$partner&notify_id=$notify_id";
$curl = curl_init($veryfy_url);
curl_setopt($curl, CURLOPT_HEADER, 0); // 过滤HTTP头
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true); //SSL证书认证
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2); //严格认证
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); // 显示输出结果
curl_setopt($curl, CURLOPT_CAINFO, $this->config['cacert']); //证书地址
$responseText = curl_exec($curl);
// var_dump( curl_error($curl) );//如果执行curl过程中出现异常可打开此开关以便查看异常内容
curl_close($curl);
return $responseText;
}
/**
* RSA验签,注意验签的公钥是支付宝的公钥,不是自己生成的rsa公钥,可以在淘宝的demo中获得
* @param $data string 待签名数据
* @param $ali_public_key_path string 支付宝的公钥文件路径
* @param $sign string 要校对的的签名结果
* @return <Boolean> 验证结果
* @throws Exception
*/
function rsaVerify($data, $ali_public_key_path, $sign)
{
$pubKey = file_get_contents($ali_public_key_path);
$res = openssl_get_publickey($pubKey);
if (!$res)
{
throw new Exception('公钥格式错误');
}
$result = (bool) openssl_verify($data, base64_decode($sign), $res);
openssl_free_key($res);
return $result;
}
/**
* RSA解密
* @param $content string 需要解密的内容,密文
* @param $private_key_path string 商户私钥文件路径
* @return string 解密后内容,明文
*/
function rsaDecrypt($content, $private_key_path)
{
$priKey = file_get_contents($private_key_path);
$res = openssl_get_privatekey($priKey);
//用base64将内容还原成二进制
$content = base64_decode($content);
//把需要解密的内容按128位拆开解密
$result = '';
for ($i = 0; $i < strlen($content) / 128; $i++)
{
$data = substr($content, $i * 128, 128);
openssl_private_decrypt($data, $decrypt, $res);
$result .= $decrypt;
}
openssl_free_key($res);
return $result;
}
}
Reference in New Issue View Git Blame Copy Permalink