**API接口数据安全之授权码sign**
>[success] 1. ASE加密方式加密
~~~
class Aes{
private $key = null;
/**
*@param String $key 密钥
*@return String
*/
public funciton __construct(){
//配置文件中的asekey 服务端及客户端必须保持一致 且加密key必须为16 、32、64位
$this->key = C('app.asekey');
}
/**
*加密
*@param String input 加密的字符串
*@param String key 解密的key
*@return HexString
*/
public function encrypt($input=''){
$size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128,MCRYPT_MODE_ECB); // 获得加密算法的分组大小
$input = $this->pkcs5_pad($ipunt,$size);
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128,'',MCRYPT_MODE_ECB,'');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_RAND);
mcrypt_generic_init($td,$this->key,$iv);
$data = mcrypt_generic($td,$input);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
$result = base64_encode($data);
return $result;
}
/**
*填充方式 pkcs5
*@param String text 原始字符串
*@param String blocksize 加密长度
*@return String
*/
private function pkcs5_pad($text,$blocksize){
$pad = $blocksize-(strlen($text) % $blocksize);
return $text.str_repeat(chr($pad),$pad);
}
/**
*解密
*@param String str 加密的字符串
*@param String key 解密的key
*@return String
*/
public function decrypt($str){
$decryted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128,$this->key,base64_decode($str),MCRYPT_MODE_ECB);
$dec_s = strlen($decryted);
$padding = ord($decryted[$dec_s-1]);
$decryted = substr($decryted,0,-$padding);
return $decryted;
}
}
~~~
>[success]2.生成加密后的sign
~~~
/**
*生成请求的sign
*@param array $data
*@return string
*/
function setSign($data=array()){
//1.按字段排序
ksort($data);
// 2.拼接字符串数据 &
$string = http_build_query($data);
// 3.通过aes来加密
$sign = (new Aes())->encrypt($string);
return $sign;
}
//示例
$data = [
'did' => '12345dg',
'version' => '1.0'
];
$sign = setSign($data); //ne2qhhj4x3abeHKH+mhNV04USjWNzhkA5bcB7bxH4EA=
~~~
>[success]3.解密sign
~~~
$sign = "ne2qhhj4x3abeHKH+mhNV04USjWNzhkA5bcB7bxH4EA=";
echo (new Aes())->decrypt($sign); // did=12345dg&version=1.0
~~~
>[success]4.校验客户端的sign
~~~
/**
*@param Stirng clientSign 通过客户端的header头传递过来
*@param Array data 客户端提交过来的字段
*@return boolen
*/
function checkSign($clientSign='',$data=array()){
if(empty($clientSign)){
return false;
}
$checkSign = setSign($data); // 生成sign
if($clientSign != $checkSign){
return false;
}
return true;
}
~~~
**函数**
>[danger] parse_str() 函数的使用
~~~
$str = "did=12345dg&version=1.0";
parse_str($str,$arr);
var_dump($arr);die;
结果为:
array(2) {
["did"]=>
string(7) "12345dg"
["version"]=>
string(3) "1.0"
}
~~~
>[danger]http_build_query()函数的使用
~~~
$data = array(
'did'=> '12345dg',
'version'=> '1.0'
);
$str = http_build_query($data);
echo $str; // did=12345dg&version=1.0 将数组以&拼接
~~~
