gdxz/hospital-applets-api
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: gdxz:f9ba59aa55668e45484006e2a4c2e5b0cf5ebe93
Branches Tags
gdxz:master
gdxz:dev
..
compare: gdxz:1bd00bdceacbf08d353e434397c9fb59799c24d3
Branches Tags
gdxz:dev
gdxz:master

No commits in common. "f9ba59aa55668e45484006e2a4c2e5b0cf5ebe93" and "1bd00bdceacbf08d353e434397c9fb59799c24d3" have entirely different histories.
f9ba59aa55 ... 1bd00bdcea

14 changed files with 1044 additions and 21 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -4,9 +4,9 @@
*.patch
.idea/
.git/
docs/
runtime/
vendor/
docs/
.phpintel/
.env
.DS_Store

32
app/Services/CaService.php
View File

@ -12,7 +12,8 @@ use App\Model\UserDoctor;
use App\Model\UserDoctorInfo;
use App\Model\UserPharmacistInfo;
use Extend\Alibaba\Oss;
use Extend\Ca\CaOnline;
use Extend\Ca\Ca;
use Extend\Ca\CaGatewayFactory;
use Hyperf\Utils\WaitGroup;
use Intervention\Image\ImageManager;
use Swoole\Coroutine\Channel;
@ -23,6 +24,8 @@ use TCPDF;
*/
class CaService extends BaseService
{
protected Ca $caGateway;
// 疾病名称
protected string $icd_name;
@ -63,6 +66,8 @@ class CaService extends BaseService
* @param int $type 类型 1:医院 2:医生 3:药师
*/
public function __construct(array|object $order_prescription,int $type,string|int $user_id = ""){
$this->caGateway = $this->buildGateway();
// 获取用户、医院签名图片地址、用户标识信息
if ($type == 1){
// 医院
@ -223,13 +228,18 @@ class CaService extends BaseService
$this->prescription_pdf_oss_path = "applet/prescription/" . $order_prescription_id. '.pdf';
}
protected function buildGateway(): Ca
{
return CaGatewayFactory::makeScene('prescription');
}
/**
* 获取云证书签名+验证云证书签名
* @param array|object $order_prescription
*/
public function getVerifyCertSign(array|object $order_prescription)
{
$CaOnline = new CaOnline();
$caGateway = $this->caGateway;
// 获取云证书签名
$data = array();
@ -254,11 +264,10 @@ class CaService extends BaseService
$data['product'][] = $product;
}
dump($this->entity_id);
$cert_sign_result = $CaOnline->getCertSign($this->entity_id, $this->entity_id, $data);
$cert_sign_result = $caGateway->getCertSign($this->entity_id, $this->entity_id, $data);
// 验证云证书签名 验证无需处理,只要不返回错误即可
$CaOnline->verifyPkcs7($cert_sign_result['signP7'], $data);
$caGateway->verifyPkcs7($cert_sign_result['signP7'], $data);
$this->cert_serial_number = $cert_sign_result['certSerialnumber'];
}
@ -421,8 +430,7 @@ class CaService extends BaseService
*/
public function downCaPdfToLocal(string $file_id): void
{
$CaOnline = new CaOnline();
$prescription_pdf_result = $CaOnline->getSignedFile($this->entity_id, $file_id);
$prescription_pdf_result = $this->caGateway->getSignedFile($this->entity_id, $file_id);
$file = fopen($this->prescription_pdf_local_path, "w");
fwrite($file, $prescription_pdf_result);
@ -436,9 +444,7 @@ class CaService extends BaseService
*/
public function downCaPdfToOss(string $file_id): string
{
$CaOnline = new CaOnline();
$prescription_pdf_result = $CaOnline->getSignedFile($this->entity_id, $file_id);
$prescription_pdf_result = $this->caGateway->getSignedFile($this->entity_id, $file_id);
// 上传oss
$oss = new Oss();
@ -498,7 +504,7 @@ class CaService extends BaseService
],
];
$CaOnline = new CaOnline();
$caGateway = $this->caGateway;
// 检测是否已添加签章配置
$params = array();
@ -514,7 +520,7 @@ class CaService extends BaseService
$data['sign_param'] = json_encode($sign_param);
$data['seal_img'] = $sign_image;
$CaOnline->addUserSignConfig($this->entity_id,$this->card_num,$data);
$caGateway->addUserSignConfig($this->entity_id,$this->card_num,$data);
$params = array();
$params['cert_id'] = $user_ca_cert['cert_id'];
@ -535,7 +541,7 @@ class CaService extends BaseService
$data = array();
$data['sign_param'] = json_encode($sign_param);
$data['pdf_file'] = $pdf_file;
$sign_pdf_result = $CaOnline->addSignPdf($this->entity_id, $data);
$sign_pdf_result = $caGateway->addSignPdf($this->entity_id, $data);
if (empty($sign_pdf_result[0]['fileId'])) {
throw new BusinessException("处方签章失败");
}

1
app/Services/OrderPrescriptionService.php
View File

@ -152,7 +152,6 @@ class OrderPrescriptionService extends BaseService
throw new BusinessException("医生开方日期错误");
}
dump($user_id);
$CaService = new CaService($order_prescription,$type,$user_id);
// 获取云证书签名+验证云证书签名

1
app/Services/UserDoctorService.php
View File

@ -1761,7 +1761,6 @@ class UserDoctorService extends BaseService
}else{
$user_id = $user_info['user_id'];
}
dump($user_info['user_id']);
$prescription_open_result = $OrderPrescriptionService->openPrescription($order_prescription->order_prescription_id,2,$user_id);
if (empty($prescription_open_result['prescription_img_oss_path']) || empty($prescription_open_result['file_id'])){
Db::rollBack();

24
config/config.php
View File

@ -108,6 +108,30 @@ return [
"secret" => env('CA_ONLINE_APP_SECRET', 'adf718ebc1fb4bb7b158de9117d1313a'),
"api_url" => env('CA_ONLINE_API_URL', 'http://testmicrosrv.scca.com.cn:9527'),
],
'gateway' => [
'driver' => env('CA_DRIVER', 'v2'), //legacy 老版本 v2新版本
'mode' => env('CA_MODE', 'online'),
'prescription' => [
'driver' => env('CA_PRESCRIPTION_DRIVER', env('CA_DRIVER', 'v2')),//legacy 老版本 v2新版本
'mode' => env('CA_PRESCRIPTION_MODE', env('CA_MODE', 'online')),
],
],
'v2' => [
'offline' => [
'app_id' => env('CA_V2_OFFLINE_APP_ID', ''),
'secret' => env('CA_V2_OFFLINE_SECRET', ''),
'api_url' => env('CA_V2_OFFLINE_API_URL', 'http://testmicrosrv.scca.com.cn:9527'),
'enable_auth_signature' => env('CA_V2_OFFLINE_ENABLE_AUTH_SIGNATURE', true),
],
'online' => [
'app_id' => env('CA_V2_ONLINE_APP_ID', 'SCCA1951838127584579586'),
'secret' => env('CA_V2_ONLINE_SECRET', 'a26bf6c8b78b4099939ab09accbc9a80'),
'api_url' => env('CA_V2_ONLINE_API_URL', 'http://testmicrosrv.scca.com.cn:9527'),
'notify_url' => env('CA_V2_ONLINE_NOTIFY_URL', ''),
'jump_url' => env('CA_V2_ONLINE_JUMP_URL', ''),
'enable_auth_signature' => env('CA_V2_ONLINE_ENABLE_AUTH_SIGNATURE', true),
],
],
],
'prescription_platform' => [ // 处方平台
"client_id" => env('PRE_PLAT_CLIENT_ID', 'ZD-004'),

37
extend/Ca/CaGatewayFactory.php Normal file
View File

@ -0,0 +1,37 @@
<?php
namespace Extend\Ca;
use App\Exception\BusinessException;
use Extend\Ca_V2\CaOffline as CaOfflineV2;
use Extend\Ca_V2\CaOnline as CaOnlineV2;
class CaGatewayFactory
{
public static function makeScene(string $scene): Ca
{
$sceneConfig = config("ca.gateway.{$scene}", []);
if (!is_array($sceneConfig)) {
throw new BusinessException("不支持的CA场景配置: {$scene}");
}
$driver = (string) ($sceneConfig['driver'] ?? config('ca.gateway.driver', 'legacy'));
$mode = (string) ($sceneConfig['mode'] ?? config('ca.gateway.mode', 'online'));
return self::make($mode, $driver);
}
public static function make(?string $mode = null, ?string $driver = null): Ca
{
$resolvedMode = strtolower($mode ?: (string) config('ca.gateway.mode', 'online'));
$resolvedDriver = strtolower($driver ?: (string) config('ca.gateway.driver', 'legacy'));
return match ([$resolvedDriver, $resolvedMode]) {
['legacy', 'online'] => new CaOnline(),
['legacy', 'offline'] => new CaOffline(),
['v2', 'online'] => new CaOnlineV2(),
['v2', 'offline'] => new CaOfflineV2(),
default => throw new BusinessException("不支持的CA驱动配置: {$resolvedDriver}/{$resolvedMode}"),
};
}
}

247
extend/Ca_V2/Ca.php Normal file
View File

@ -0,0 +1,247 @@
<?php
namespace Extend\Ca_V2;
use App\Constants\HttpEnumCode;
use App\Exception\BusinessException;
use Extend\Ca\Ca as LegacyCa;
use GuzzleHttp\Exception\GuzzleException;
use Hyperf\Snowflake\IdGeneratorInterface;
abstract class Ca extends LegacyCa
{
protected array $config = [];
protected function initConfig(string $configKey, string $label): void
{
$config = config($configKey, []);
if (!$this->isValidConfig($config)) {
throw new BusinessException("缺少{$label}配置");
}
$this->config = $config;
$this->app_id = $config['app_id'];
$this->api_url = rtrim($config['api_url'], '/');
$this->secret = $config['secret'];
}
protected function isValidConfig(mixed $config): bool
{
if (!is_array($config)) {
return false;
}
return !empty($config['app_id']) && !empty($config['api_url']) && !empty($config['secret']);
}
protected function buildSignPayload(array $data): string
{
$signData = [];
if (isset($data['form_params'])) {
$signData = $data['form_params'];
}
if (isset($data['multipart'])) {
foreach ($data['multipart'] as $item) {
if (($item['name'] ?? '') === 'pdfFile') {
continue;
}
$signData[$item['name']] = $item['contents'];
}
}
if (empty($signData)) {
return '';
}
ksort($signData);
return implode('&', $signData);
}
protected function getAuthSignature(array $data): string
{
return hash('sha256', $this->buildSignPayload($data));
}
protected function shouldAttachAuthSignature(string $path): bool
{
$enabled = filter_var((string) ($this->config['enable_auth_signature'] ?? false), FILTER_VALIDATE_BOOLEAN);
if (!$enabled) {
return false;
}
return str_contains($path, '/api/cloudCert/open/v2/cert/')
|| str_contains($path, '/api/cloudCert/open/v3/cert/')
|| str_contains($path, '/api/certgw/certapi/')
|| str_contains($path, '/v5/api/certgw/certapi/');
}
protected function buildCertSignPayload(array $data): string
{
$payload = json_encode($data, JSON_UNESCAPED_UNICODE);
if ($payload === false) {
throw new BusinessException('CA V2签名原文序列化失败');
}
return $payload;
}
protected function buildCertSignTransportPayload(array $data): string
{
return base64_encode($this->buildCertSignPayload($data));
}
protected function resolveCertSerialnumber(string $entityId, array $response): string
{
return (string) ($response['certSerialnumber'] ?? $response['certSn'] ?? '');
}
protected function normalizeCertSignResponse(string $entityId, array $response): array
{
if (empty($response['signP7']) && !empty($response['requestId'])) {
$result = $this->getCertSignResult((string) $response['requestId']);
if (is_array($result) && !empty($result['signP7'])) {
$response = array_merge($response, $result);
}
}
if (empty($response['signP7'])) {
if (!empty($response['signUrl'])) {
throw new BusinessException('当前证书未开启免密签署,返回的是页面签署链接,暂不支持服务端自动完成');
}
throw new BusinessException('CA V2签名响应缺少signP7');
}
if (empty($response['certSerialnumber'])) {
$response['certSerialnumber'] = $this->resolveCertSerialnumber($entityId, $response);
}
return $response;
}
protected function getOptionalConfig(string $key): string
{
return trim((string) ($this->config[$key] ?? ''));
}
public function getCertSign(string $user_id, string $pin, array $data): mixed
{
$generator = $this->container->get(IdGeneratorInterface::class);
$payload = $this->buildCertSignTransportPayload($data);
$option = [
'form_params' => [
'entityId' => $user_id,
'requestId' => (string) $generator->generate(),
'businessType' => 'certSign',
'toSign' => $payload,
'extParam' => json_encode(['toSignEncoding' => 'base64'], JSON_UNESCAPED_UNICODE),
],
];
$notifyUrl = $this->getOptionalConfig('notify_url');
if ($notifyUrl !== '') {
$option['form_params']['notifyUrl'] = $notifyUrl;
}
$jumpUrl = $this->getOptionalConfig('jump_url');
if ($jumpUrl !== '') {
$option['form_params']['jumpUrl'] = $jumpUrl;
}
try {
$response = $this->httpRequest($this->api_url . '/open/api/data/certSign', $option);
if (empty($response)) {
throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR));
}
return $this->normalizeCertSignResponse($user_id, $response);
} catch (GuzzleException $e) {
throw new BusinessException($e->getMessage());
}
}
public function getCertSignResult(string $requestId): mixed
{
$option = [
'form_params' => [
'requestId' => $requestId,
],
];
try {
return $this->httpRequest($this->api_url . '/open/api/data/getCertSignResult', $option);
} catch (GuzzleException $e) {
throw new BusinessException($e->getMessage());
}
}
public function verifyPkcs7(string $sign_p7, array $data)
{
$generator = $this->container->get(IdGeneratorInterface::class);
$option = [
'form_params' => [
'opType' => '签名验证',
'requestId' => $generator->generate(),
'signedData' => $sign_p7,
'toSign' => $this->buildCertSignTransportPayload($data),
],
];
try {
$response = $this->httpRequest(
$this->api_url . '/signgw-service/api/signature/verifyPkcs7',
$option
);
if (empty($response)) {
throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR));
}
return $response;
} catch (GuzzleException $e) {
throw new BusinessException($e->getMessage());
}
}
public function httpRequest(string $path, array $arg = []): mixed
{
$headers = [
'app_id' => $this->app_id,
'signature' => $this->getRequestSign($arg),
];
if ($this->shouldAttachAuthSignature($path)) {
$headers['authSignature'] = $this->getAuthSignature($arg);
}
$arg['headers'] = array_merge($arg['headers'] ?? [], $headers);
$response = $this->client->post($path, $arg);
if ($response->getStatusCode() != '200') {
throw new BusinessException($response->getBody()->getContents());
}
$body = json_decode($response->getBody(), true);
if (empty($body)) {
throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR));
}
if ($body['result_code'] != 0) {
if (!empty($body['result_msg'])) {
throw new BusinessException($body['result_msg']);
}
throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR));
}
return $body['body'];
}
public function getRequestSign(array $data): string
{
return hash_hmac('sha1', $this->buildSignPayload($data), $this->secret);
}
}

42
extend/Ca_V2/CaOffline.php Normal file
View File

@ -0,0 +1,42 @@
<?php
namespace Extend\Ca_V2;
use App\Constants\HttpEnumCode;
use App\Exception\BusinessException;
use GuzzleHttp\Exception\GuzzleException;
class CaOffline extends Ca
{
public function __construct()
{
parent::__construct();
$this->initConfig('ca.v2.offline', 'ca_v2_offline');
}
public function getCloudCert(array $data, string $type = 'Personal'): mixed
{
$option = [
'form_params' => [
'entityId' => $data['user_id'],
'entityType' => $type,
'pin' => $data['user_id'],
'cardNumber' => $data['card_num'],
],
];
try {
$response = $this->httpRequest(
$this->api_url . '/cloud-certificate-service/api/cloudCert/open/v2/cert/offlineAuthCertEnroll',
$option
);
if (empty($response)) {
throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR));
}
return $response;
} catch (GuzzleException $e) {
throw new BusinessException($e->getMessage());
}
}
}

152
extend/Ca_V2/CaOnline.php Normal file
View File

@ -0,0 +1,152 @@
<?php
namespace Extend\Ca_V2;
use App\Constants\HttpEnumCode;
use App\Exception\BusinessException;
use GuzzleHttp\Exception\GuzzleException;
class CaOnline extends Ca
{
public function __construct()
{
parent::__construct();
$this->initConfig('ca.v2.online', 'ca_v2_online');
}
public function getCloudCert(array $data, string $type = 'Personal'): mixed
{
$option = [
'form_params' => [
'entityId' => $data['user_id'],
'entityType' => $type,
'personalPhone' => (string) $data['mobile'],
'personalName' => $data['card_name'] ?? '',
'personalIdNumber' => $data['card_num'] ?? '',
'orgName' => $data['org_name'] ?? '',
'orgNumber' => $data['org_number'] ?? '',
'pin' => $data['user_id'],
'province' => '四川省',
'locality' => '成都市',
'authType' => '实人认证',
'authTime' => $this->getAuthTime(),
'authResult' => '认证通过',
'authNoticeType' => '数字证书申请告知',
],
];
try {
$response = $this->httpRequest(
$this->api_url . '/cloud-certificate-service/api/cloudCert/open/v2/cert/certEnroll',
$option
);
if (empty($response)) {
throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR));
}
return $response;
} catch (GuzzleException $e) {
throw new BusinessException($e->getMessage());
}
}
public function removeCloudCert(array $data): mixed
{
$option = [
'form_params' => [
'entityId' => $data['user_id'],
'pin' => $data['user_id'],
'authType' => '实人认证',
'authTime' => $this->getAuthTime(),
'authResult' => '认证通过',
'authNoticeType' => '数字证书吊销告知',
],
];
try {
$response = $this->httpRequest(
$this->api_url . '/cloud-certificate-service/api/cloudCert/open/v2/cert/certRevoke',
$option
);
if (empty($response)) {
throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR));
}
return $response;
} catch (GuzzleException $e) {
throw new BusinessException($e->getMessage());
}
}
public function renewCloudCert(array $data): mixed
{
$option = [
'form_params' => [
'entityId' => $data['user_id'],
'pin' => $data['user_id'],
'authType' => '实人认证',
'authTime' => $this->getAuthTime(),
'authResult' => '认证通过',
'authNoticeType' => '数字证书更新告知',
],
];
try {
$response = $this->httpRequest(
$this->api_url . '/cloud-certificate-service/api/cloudCert/open/v2/cert/certRenew',
$option
);
if (empty($response)) {
throw new BusinessException(HttpEnumCode::getMessage(HttpEnumCode::SERVER_ERROR));
}
return $response;
} catch (GuzzleException $e) {
throw new BusinessException($e->getMessage());
}
}
public function getServiceUrl(array $data): mixed
{
$option = [
'form_params' => $data,
];
try {
return $this->httpRequest($this->api_url . '/open/api/data/getServiceUrl', $option);
} catch (GuzzleException $e) {
throw new BusinessException($e->getMessage());
}
}
public function getPasswordLessSignInfo(string $entityId): mixed
{
$option = [
'form_params' => [
'entityId' => $entityId,
],
];
try {
return $this->httpRequest($this->api_url . '/open/api/data/passwordLessSignInfo', $option);
} catch (GuzzleException $e) {
throw new BusinessException($e->getMessage());
}
}
protected function resolveCertSerialnumber(string $entityId, array $response): string
{
$serialNumber = parent::resolveCertSerialnumber($entityId, $response);
if ($serialNumber !== '') {
return $serialNumber;
}
$signInfo = $this->getPasswordLessSignInfo($entityId);
return (string) ($signInfo['certSn'] ?? '');
}
protected function getAuthTime(): string
{
return (string) round(microtime(true) * 1000);
}
}

258
runtime_ca_doc.html Normal file
View File

File diff suppressed because one or more lines are too long

258
runtime_ca_doc_after_jwt.html Normal file
View File

File diff suppressed because one or more lines are too long

1
runtime_ca_doc_verified.html Normal file
View File

@ -0,0 +1 @@


BIN
runtime_calc.wasm Normal file
View File

Binary file not shown.