当先锋百科网

首页 1 2 3 4 5 6 7

1.获取Authorization Code

2.通过Authorization Code获取Access Token

3.通过AccessToken获取用户的个人信息

注意:签名的时候是所有参数都要传过去

appId和appSecrect自己去农行创建应用,请自行替换,代码中展示的是demo

signCertPath:是私钥的绝对路径

private $appId = "24501a5d-e841-4827-b2b3-d14a9ea3fba4";
private $appSecret = "cff054d1d7c84036a3dc160f9457e5f423704b15";
private $config = [
            'signCertPath'=> Url::to("@common/helpers/ABC_OpenBank_ThridPart_Test.pfx"),
            'signCertPwd'=>"111111",
        ];

public function getUserInfo($accessToken ='')
{
    if(!$accessToken)
    {
        $accessToken = $this->getToken();
        if(empty($accessToken))
        {
            echo "access_token未获取";exit;
        }
    }

    $key = substr($this->appSecret,0,24);
    $iv  = substr($this->appSecret,24);

    $biz_data = "";
    $encrypt_data = openssl_encrypt($biz_data,"aes192",$key,false,$iv);
    $data["appid"] = $this->appId;
    $data["biz_data"] = $biz_data;
    $data["sign_type"] = "SHA256";
    $data["timestamp"] = date('Y-m-d H:i:s',time());
    $data["encrypt_data"] = $encrypt_data;
    $data["encrypt_type"] = "AES";
    $data['nonce'] = $this->getRandom(32);//生成32位随机谁
    $data["sign"] = $this->_makeSign($data);//使用私钥进行签名;

    $header = [
        "Authorization:Bearer".$accessToken,
        "Content-type:application/json"
    ];

    $api_url = "https://openbank.abchina.com/GateWay/openabc/api/ket/userinfo/v1";

    $result2 = $this->http_post2($api_url, $data, $header);

    $result2 = @json_decode($result2,true);

    return $result2;
}

private function getRandom($param){
    $str="0123456789abcdefghijklmnopqrstuvwxyz";
    $key = "";
    for($i=0;$i<$param;$i++)
    {
        $key .= $str[mt_rand(0,32)];    //生成php随机数
    }
    return $key;
}

	//对数据进行签名
private function _makeSign(array $data)
{

	$signData = '';
	ksort($data);
	foreach ($data as $k => $v){
		if (empty($v) || $v=='' || $v == null)
			continue;
		else
			$signData .= $v.'@';
	}

	$signData = trim($signData, '@');

	$pkcs12=file_get_contents($this->config['signCertPath']);
	$certs=array();
	//1、读取证书
	openssl_pkcs12_read($pkcs12,$certs,$this->config['signCertPwd']);

	if(!empty($certs))
	{
		//2、验证证书是否在有效期内
		$cer = openssl_x509_parse($certs['cert']);
//            var_dump($certs);exit;
		$t = time();
		if ($t < $cer['validFrom_time_t'] || $t > $cer['validTo_time_t']) {
			throw new Exception("不在有效期内!");
		}
		//3、取得密钥
		$pkey = openssl_pkey_get_private($certs['pkey']);

		//加密 OPENSSL_ALGO_SHA1 OPENSSL_ALGO_SHA256
		if(!openssl_sign($signData, $signature, $pkey, OPENSSL_ALGO_SHA256))
		{
			return null;
		}
		openssl_free_key($pkey);

		$signature = base64_encode($signature);
		return $signature;
	}
	return '';
}

protected function http_post2($url, $data,$header = array()) {
    if(!is_array($data))
        return array();

    $data = @json_encode($data);
    $ch = curl_init();

    curl_setopt($ch, CURLOPT_URL,$url);
    if($header){
        curl_setopt($ch, CURLOPT_HTTPHEADER,$header);
    }
    curl_setopt($ch, CURLOPT_HEADER,0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,FALSE);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
    curl_setopt($ch, CURLOPT_TIMEOUT, 60);//超时时间
    $res = curl_exec($ch);
    curl_close($ch);
    return $res;
}
 

感谢@jian简减提供帮助

参考地址:PHP对接农行快e通授权登录_jian简减的博客-CSDN博客