From 514605bca8aeb2801fa3673f29fa1f82ceed9074 Mon Sep 17 00:00:00 2001 From: wucongxing <815046773@qq.com> Date: Tue, 18 Apr 2023 16:39:37 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9ca=E5=BC=80=E5=85=B7=E5=A4=84?= =?UTF-8?q?=E6=96=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- extend/Ca/Base.php | 105 +++++++++++++ extend/Ca/CaOffline.php | 327 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 432 insertions(+) create mode 100644 extend/Ca/Base.php create mode 100644 extend/Ca/CaOffline.php diff --git a/extend/Ca/Base.php b/extend/Ca/Base.php new file mode 100644 index 0000000..dee9ee2 --- /dev/null +++ b/extend/Ca/Base.php @@ -0,0 +1,105 @@ +container = ApplicationContext::getContainer(); + $this->client = $this->container->get(Client::class); + } + + /** + * 封装公共请求 + * @param string $path + * @param array $arg + * @return mixed + * @throws GuzzleException + */ + protected function httpRequest(string $path, array $arg = []): mixed + { + $option = [ + "headers" => [ + "app_id" => $this->app_id, + "signature" => $this->getRequestSign($arg), + ], + ]; + + $arg = array_merge($arg, $option); + + $response = $this->client->post($path, $arg); + + if ($response->getStatusCode() != '200') { + // 请求失败 + throw new BusinessException($response->getBody()->getContents()); + } + $body = json_decode($response->getBody(), true); + dump($body); + if (empty($body)) { + // 返回值为空 + throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR)); + } + + if ($body['result_code'] != 0) { + // 请求失败 + if (!empty($body['result_msg'])) { + throw new BusinessException($body['result_msg']); + } + throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR)); + } + + return $body['body']; + } + + /** + * 获取请求签名 + * @param array $data + * @return string + */ + protected function getRequestSign(array $data): string + { + $sign_data = array(); + if (isset($data['form_params'])) { + $sign_data = $data['form_params']; + } + + if (isset($data['multipart'])) { + foreach ($data['multipart'] as $item) { + // pdf进行签章时,此参数为文件流,不参与签名 + if ($item['name'] == "pdfFile") { + continue; + } + + $sign_data[$item['name']] = $item['contents']; + } + } + + if (!empty($sign_data)){ + ksort($sign_data); + $data = implode('&', $sign_data); + }else{ + $data = ""; + } + + return hash_hmac("sha1", $data, $this->secret); + } +} \ No newline at end of file diff --git a/extend/Ca/CaOffline.php b/extend/Ca/CaOffline.php new file mode 100644 index 0000000..ffcc56c --- /dev/null +++ b/extend/Ca/CaOffline.php @@ -0,0 +1,327 @@ +app_id = $offline['app_id']; + $this->api_url = $offline['app_id']; + $this->secret = $offline['secret']; + } + + /** + * 获取云证书 + * @param array $data + * @param string $type + * @return mixed + */ + public function getCloudCert(array $data,string $type = "Personal"): mixed + { + $option = [ + 'form_params' => [ + 'entityId' => $data['user_id'], // 用户唯一标识,由业务系统定义 + 'entityType' => $type,// 用户类型,可选值[Personal/Organizational] + 'pin' => $data['user_id'], // 证书PIN码 + 'cardNumber' => $data['card_num'], // 证件号码(个人身份证;企业统一社会信用代码) + ] + ]; + + try { + $response = $this->httpRequest($this->api_url . '/cloud-certificate-service' . '/api/cloudCert/open/v2/cert/offlineAuthCertEnroll', $option); + if (empty($response)) { + // 返回值为空 + throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR)); + } + return $response; + } catch (GuzzleException $e) { + throw new BusinessException($e->getMessage()); + } + } + + /** + * 获取云证书签名 + * @param string $user_id + * @param string $pin + * @param array $data + * @return mixed + */ + public function getCertSign(string $user_id, string $pin, array $data): mixed + { + $option = [ + 'form_params' => [ + 'entityId' => $user_id, // 用户唯一标识,由业务系统定义 + 'toSign' => hash_hmac("sha1", json_encode($data, JSON_UNESCAPED_UNICODE), $this->secret), // 签名原文 + 'pin' => $pin, // 证书PIN码 + ] + ]; + + try { + $response = $this->httpRequest( + $this->api_url . '/cloud-certificate-service' . '/api/cloudCert/open/cert/sign', + $option + ); + if (empty($response)) { + // 返回值为空 + throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR)); + } + return $response; + } catch (GuzzleException $e) { + throw new BusinessException($e->getMessage()); + } + } + + // PKCS7签名验证接口 + // 对客户端签名信息进行验证,返回证书信息,同时可以配置回调服务,在验证成功后回调业务系统 + public function verifyPkcs7(string $sign_p7, array $data) + { + $generator = $this->container->get(IdGeneratorInterface::class); + + $option = [ + 'form_params' => [ + 'opType' => "签名验证", + 'requestId' => $generator->generate(),// 业务流水号,唯一 + 'signedData' => $sign_p7, // 签名值:签名接口返回的signP7 + 'toSign' => hash_hmac("sha1", json_encode($data, JSON_UNESCAPED_UNICODE), $this->secret), // 签名原文 + ] + ]; + + dump($option); + + try { + $response = $this->httpRequest( + $this->api_url . '/signgw-service/api/signature/verifyPkcs7', + $option + ); + if (empty($response)) { + // 返回值为空 + throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR)); + } + return $response; + } catch (GuzzleException $e) { + throw new BusinessException($e->getMessage()); + } + } + + /** + * 添加签章配置 + * @param string $user_id 用户id + * @param string $card_num 身份证号 + * @param array $data + * @return bool + */ + public function addUserSignConfig(string $user_id, string $card_num, array $data): bool + { + $option = [ + 'form_params' => [ + 'userId' => $user_id,//用户标识信息(为云证书entityId) + 'configKey' => $user_id, // 签章配置唯一标识,一张云证书配置一个 + 'keypairType' => "3", // 秘钥类型(3云证书) + 'certSn' => $card_num, // 证书序列号,使用医生身份证号即可 + 'signType' => "4", // 签章方式(签章类型; 4客户端坐标签章;5客户端关键字签章;) + 'signParam' => $data['sign_param'], // 签章配置,JSON + 'sealImg' => $data['seal_img'], // 签章图片,base64格式 + 'sealType' => "4", + 'signTemplate' => "0", + ] + ]; + + try { + $response = $this->httpRequest( + $this->api_url . '/signature-server/api/open/signature/userSignConfig', + $option + ); + + return true; + } catch (GuzzleException $e) { + throw new BusinessException($e->getMessage()); + } + } + + /** + * 删除签章配置 + * @param string $user_id + * @return bool + */ + public function deleteUserSignConfig(string $user_id): bool + { + $option = [ + 'form_params' => [ + 'userId' => $user_id,//用户标识信息(为云证书entityId) + 'configKey' => $user_id, // 签章配置唯一标识,一张云证书配置一个 + ] + ]; + + try { + $this->httpRequest( + $this->api_url . '/signature-server/api/open/signature/delSignConfig', + $option + ); + return true; + } catch (GuzzleException $e) { + throw new BusinessException($e->getMessage()); + } + } + + /** + * 获取用户签章图片 + * @param string $user_id + * @return mixed + */ + public function getFetchUserSeal(string $user_id): mixed + { + $option = [ + 'form_params' => [ + 'userId' => $user_id,//用户标识信息(为云证书entityId) + ] + ]; + + try { + $response = $this->httpRequest( + $this->api_url . '/signature-server/api/open/signature/fetchUserSeal', + $option + ); + if (empty($response)) { + // 返回值为空 + throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR)); + } + return $response; + } catch (GuzzleException $e) { + throw new BusinessException($e->getMessage()); + } + } + + /** + * PDF添加电子签章 + * @param string $user_id + * @param array $data + * @return mixed + */ + public function addSignPdf(string $user_id, array $data): mixed + { + $option = [ + 'multipart' => [ + [ + 'name' => 'pdfFile', + 'contents' => $data['pdf_file'],// 待签章PDF文件(字节流) + ], + [ + 'name' => 'userId', + 'contents' => $user_id, // 用户标识信息 + ], + [ + 'name' => 'configKey', + 'contents' => $user_id, // 签章配置唯一标识 + ], + [ + 'name' => 'signParams', + 'contents' => $data['sign_param'],// 签章参数,JSON格式数据,如果不指定,那么以签章配置接口配置为准 + ], + [ + 'name' => 'cloudCertPass', + 'contents' => $user_id,// 云证书PIN码,云证书签章时使用 + ], + ] + ]; + + try { + $response = $this->httpRequest( + $this->api_url . '/signature-server/api/open/signature/signPdf', + $option + ); + + if (empty($response)) { + // 返回值为空 + throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR)); + } + return $response; + } catch (GuzzleException $e) { + throw new BusinessException($e->getMessage()); + } + } + + /** + * 下载签章的pdf文件 + * @param string $user_id + * @param string $file_id + * @return mixed + */ + public function getSignedFile(string $entity_id, string $file_id): mixed + { + $arg = [ + 'form_params' => [ + 'userId' => $entity_id,// 用户标识信息(为云证书entityId) + 'fileId' => $file_id,// 签章接口返回的文件标识 + ] + ]; + + try { + $option = [ + "headers" => [ + "app_id" => $this->app_id, + "signature" => $this->getRequestSign($arg), + ], + ]; + + $option = array_merge($arg, $option); + + $response = $this->client->post($this->api_url . '/signature-server/api/open/signature/fetchSignedFile', $option); + + if ($response->getStatusCode() != '200') { + // 请求失败 + throw new BusinessException($response->getBody()->getContents()); + } + + // 将 Stream 对象转换为字符串 + return (string)$response->getBody()->getContents(); + } catch (GuzzleException $e) { + throw new BusinessException($e->getMessage()); + } + } + + /** + * PDF签章文件验证 + * @param array $data + * @return mixed + */ + public function verifyPdf(array $data): mixed + { + $option = [ + 'multipart' => [ + [ + 'name' => 'pdfFile', + 'contents' => $data['pdf_file'],// 待签章PDF文件(字节流) + ], + ] + ]; + + try { + $response = $this->httpRequest( + $this->api_url . '/signature-server/api/open/signature/verifyPdf', + $option + ); + + if (empty($response)) { + // 返回值为空 + throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR)); + } + return $response; + } catch (GuzzleException $e) { + throw new BusinessException($e->getMessage()); + } + } +} \ No newline at end of file