123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129 |
- <?php namespace Api\Lib\Platform;
- use Dever;
- class Ssl
- {
- public function __construct($field)
- {
- $this->field = $field;
- }
- public function encrypt($id, $value)
- {
- $config = $this->config($id, 1, $value);
- if ($config) {
- if ($config['type'] == 1) {
- # 非对称
- openssl_public_encrypt($config['value'], $value, $config['cert'], $config['option']);
- } elseif ($config['type'] == 2 && $config['cipher_algo']) {
- # 对称
- $value = openssl_encrypt($config['value'], $config['cipher_algo'], $config['cert'], $config['option'], $config['iv'], $config['tag'], $config['aad'], $config['tag_len']);
- } elseif ($config['type'] == 3 && $config['cipher_algo']) {
- # 签名
- openssl_sign($config['value'], $value, $config['cert'], $config['cipher_algo']);
- }
- if ($config['after'] == 2) {
- $value = base64_encode($value);
- }
- }
-
- return $value;
- }
- public function decrypt($id, $value, $data = '')
- {
- if (is_array($value)) {
- $value = Dever::json_encode($value);
- }
- $config = $this->config($id, 2, $value);
- if ($config) {
- if ($config['type'] == 1) {
- # 非对称
- openssl_public_decrypt($config['value'], $value, $config['cert'], $config['option']);
- } elseif ($config['type'] == 2 && $config['cipher_algo']) {
- # 对称
- $value = openssl_decrypt($config['value'], $config['cipher_algo'], $config['cert'], $config['option'], $config['iv'], $config['tag'], $config['aad']);
- } elseif ($config['type'] == 3 && $config['cipher_algo']) {
- # 签名验证
- $value = openssl_verify($data, $config['value'], $config['cert'], $config['cipher_algo']);
- }
- }
-
- return $value;
- }
- protected function config($id, $type, $value)
- {
- $config = Dever::db('platform_ssl', 'api')->find($id);
- if (!$config) {
- return false;
- }
- $config['value'] = $value;
- $key = $type == 1 ? 'encrypt' : 'decrypt';
- $this->cert($config, $key);
- if (!$config['cert']) {
- return false;
- }
- if ($type == 2 && $config['after'] == 2) {
- $config['value'] = base64_decode($config['value']);
- }
- # 对称加密需要特殊处理一下
- if ($config['type'] == 2) {
- if (!$config['option']) {
- $config['option'] = 'OPENSSL_NO_PADDING';
- }
- $config['option'] = constant($config['option']);
- if ($config['option'] === null) {
- $config['option'] = OPENSSL_NO_PADDING;
- }
- $config['iv'] = $this->field->{$config['iv']} ?? $config['iv'];
- $config['aad'] = $this->field->{$config['aad']} ?? $config['aad'];
- if ($config['tag_len']) {
- $config['tag'] = substr($config['value'], -$config['tag_len']);
- $config['value'] = substr($config['value'], 0, -$config['tag_len']);
- }
- if (!$config['tag']) {
- $config['tag'] = null;
- }
- }
- return $config;
- }
- protected function cert(&$config, $key)
- {
- $config['cert_type'] = $config[$key . '_cert_type'];
- $config['cert'] = $config[$key . '_cert'];
- $config['cert_id'] = $config[$key . '_cert_id'];
-
- if ($config['cert_type'] == 3) {
- # 公钥
- $config['cert'] = $this->field->{$config['cert']} ?? $config['cert'];
- } else {
- $cert = false;
- #$set = Dever::db('platform_cert', 'api')->find($config['cert_id']);
- # 获取账户里的cert
- $project = $this->field->account_project;
- $account_id = $this->field->account_id;
- if ($project && $account_id) {
- $cert = Dever::db('account_cert', $project)->find(array('account_id' => $account_id, 'platform_cert_id' => $config['cert_id']), array('order' => 'edate desc'));
- }
- if (!$cert) {
- $config['cert'] = false;
- return $config;
- }
- $this->field->setNumber($cert['number']);
- if ($config['cert_type'] == 2) {
- $key = 'private';
- $method = 'openssl_get_privatekey';
- } else {
- $key = 'public';
- $method = 'openssl_x509_read';
- }
- if ($cert[$key]) {
- $config['cert'] = $cert[$key];
- $config['cert'] = $method($config['cert']);
- }
- }
- }
- }
|