1 year ago · b8ab9d7a9e
--- a/application/api/controller/HuiPay.php
+++ b/application/api/controller/HuiPay.php
@@ -23,7 +23,7 @@ class HuiPay extends Api
 
				     protected $noNeedLogin = ['vip_recharge', 'gold_recharge', 'pay', 'pay_notify'];
			
 
				     protected $noNeedRight = '*';
			
 
				     // h5 跳转小程序
			
 
				-    const H5 = 'https://h5-min-pay-1gczed24bbbe3db8-1317709175.tcloudbaseapp.com/suning-pay.html';
			
 
				+    const H5 = 'https://mp-pay-0gk77hzo6366ff37-1320524135.tcloudbaseapp.com';
			
 
				 
			
 
				     public function _initialize()
			
 
				     {
			
@@ -107,7 +107,7 @@ class HuiPay extends Api
 
				             }
			
 
				 
			
 
				             // h5跳转小程序支付链接
			
 
				-            $url = self::H5 . "?order_no={$pay_no}";
			
 
				+            $url = self::H5 . "?order_no={$pay_no}&money=$money";
			
 
				             Db::commit();
			
 
				             $this->success('success', [
			
 
				                 'url' => $url
			
@@ -198,7 +198,7 @@ class HuiPay extends Api
 
				             }
			
 
				 
			
 
				             // h5跳转小程序支付链接
			
 
				-            $url = self::H5 . "?order_no={$pay_no}";
			
 
				+            $url = self::H5 . "?order_no={$pay_no}&money=$money";
			
 
				             Db::commit();
			
 
				             $this->success('success', [
			
 
				                 'url' => $url
			
@@ -269,9 +269,9 @@ class HuiPay extends Api
 
				     public function pay_notify(Request $request)
			
 
				     {
			
 
				         $params = $request->param();
			
 
				-
			
 
				+        $resp_data_json = $params['resp_data'] ?? '';
			
 
				         // 消息主体信息
			
 
				-        $resp_data = json_decode(stripslashes(htmlspecialchars_decode($params['resp_data'] ?? '')), true);
			
 
				+        $resp_data = json_decode(stripslashes(htmlspecialchars_decode($resp_data_json)), true);
			
 
				         unset($params['resp_data']);
			
 
				 
			
 
				         LogUtil::info('支付回调参数', self::LOG_MODULE, __FUNCTION__, [
			
@@ -281,7 +281,7 @@ class HuiPay extends Api
 
				 
			
 
				         // 校验签名
			
 
				         $huiPay = new PayUtil();
			
 
				-        if (!$huiPay->checkSign($params['sign'],$resp_data)){
			
 
				+        if (!$huiPay->checkSign($params['sign'],$resp_data_json)){
			
 
				             LogUtil::info('签名校验失败', self::LOG_MODULE, __FUNCTION__);
			
 
				             return self::response201('签名校验失败');
			
 
				         }
			
--- a/application/utils/PayUtil.php
+++ b/application/utils/PayUtil.php
@@ -13,6 +13,7 @@ class PayUtil
 
				         'sys_id' => '6666000145960408',
			
 
				         'product_id' => 'YMFZS',
			
 
				         'rsaPrivateKey' => 'MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCWjQ+o6u8TgOQETBJs/OebvIZMLZ7J0kyAfyKXECl44R2EvfOWTNhtnDc6ZuaXegBoNo8u+skVxzy8k+unoBNghpct/BCaXc2op0F/3/3kc+Y5I74PX2lF//4MvCNP1ia+ykfHJkdnlfz2W8c2Tc1L311PPQ4dsB0c6mup/NjV1DX0WkAXWsMCHSss1iRLLb5mqVJtCkSbPmuSZV+bm+JASsD5goo32245HxqNbjKm/fi+OfZ9ONKl0wT+Ch5SQEbQAr61yhIyHdlqc7o7xupbYFKjT4ez8Y3VU4U1uKu57x2cKI0ETwsASALDqgvYS6mFjJFC3LcEjskyAAi1a+HNAgMBAAECggEABvS1iIRyT2BhKKGrKEX3HYb0XYiuEX0Z88Xr/zbL873S81MjcgpS5Z2WH6ipds44PphmvTDxIYR3Fe9vr+sBejA9w+4lhjxXSDeSGypqPKfuNy2jlmo+HvHY9xWqPAIVADOwZU8rdWnEqk1LQwMNPTgww3x6rnx4m+Fo4A3Cpv54vrK7f4fTUaaD8gHRFkSkkCvNJYEZdd5OLqCKwuAwL6vxwhX/tBuNa+zltw+9fV+FCnaBlkVncU8j8os7FBoT7MTbMoijDG78b1feUofuWUmn4A+lb/hH9R2zTNaTlGzTdyj/hybkPmz3TMPsymzIxpr239z8HZvVfnBiScFUAQKBgQDhj/mGKM7tkYuR+gRgBwlvtsPyru3DmaqabkweBz6nL9c7F5bVrLuoSZRkZTEfwU/lHDpRPqP6elLdv7NQvPt6deXZIt+LqXHcFr8k/l0xhT4EaUcYjVyj0rVfLrjM8y4yVruDEJm9d3PjYoe4vF2+TSZ3gXqwEOCflVB2Xk9eDQKBgQCq3dPb5Xj+O/8IaiGnLP/iED7hJ27EupR9MbvNS760e03dTHePKnfoeVJve06cx380RLM2mEicFUz7ee1+Kvu/79v4OabBn9WDDFMME0nb52FyRDf9jkG6jB2bKP8olVhufCvhsjxJXXCNepAZwi3m4CgWz5km3AMe77f276liwQKBgGkY9GKWURRQZH+3xqIXpUXwGozRBOfGib869Sxoo8Cygc5+x0D4ItfesM22eJUbNWbDKEkCrtTeeg3obFyKMYJ1vIrXvOEOKocp8hYCjtmsA6F6jC3cb/XFD80xr9mO1U+PKf9/lKK7LbwdBLAG1Ib+25WDNu8ibgbtQ3hjqQdhAoGBAJMHcyjDm4vZgKly+iZq2H1k0VbZob1zeBcK1rnfteiEOgp1pGPzfV70FvWLO6g5GsKVY0lVXRXCVo4G61AoGJ2e/r/ojBANQ6MS1duMNYAe6IF1JmDvKqwlqcw8SORZLtFT1EbQIoRW/WUg1CL2Lp1+wcBvPzBrHdxfFwRMUouBAoGBAKusKZFR5bqj5NDb3Uli3D0H48PxTOq5iNvkG9L/wUfUTV1p1e0bnQ+ViEmh6LdLEuvVnClDTFuyaxFe3mp0lREcPYsdk4sYXkBvTO5B7CkoVtoNLPZxfYEDRkDbCQ9LniE155qP0ikEhf4pQRB2RNuC0DfO2O5uoYXdp+uFiuNt',
			
 
				+        'rsaPublicKey' => 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlo0PqOrvE4DkBEwSbPznm7yGTC2eydJMgH8ilxApeOEdhL3zlkzYbZw3Ombml3oAaDaPLvrJFcc8vJPrp6ATYIaXLfwQml3NqKdBf9/95HPmOSO+D19pRf/+DLwjT9YmvspHxyZHZ5X89lvHNk3NS99dTz0OHbAdHOprqfzY1dQ19FpAF1rDAh0rLNYkSy2+ZqlSbQpEmz5rkmVfm5viQErA+YKKN9tuOR8ajW4ypv34vjn2fTjSpdME/goeUkBG0AK+tcoSMh3ZanO6O8bqW2BSo0+Hs/GN1VOFNbirue8dnCiNBE8LAEgCw6oL2EuphYyRQty3BI7JMgAItWvhzQIDAQAB',
			
 
				         'huiRsaPublicKey' => 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkA7CU0t1vIlnRC8vT2pD2CiSUb5KpVI2lOzHaNlxAQyFRfTfe4xAFw2XMxYvv4f2jgWlQwYTC13+m9aboQglzJtw7VXtw4G8I5DEDnYOiU2Z2vC/TaRFw3OLICk7H8WuWKN6Rn2iiVsauh+Jy31G9MOlUbFbIQjfw1J0NIbscbUsvCwUrc1DG3onM1aFTyFjTTmLYw7SjCkX7T4SKaBfP6Nqn87d8fkrcP6ruXHt4Zmf6xAFcTBuwpw9FRjzHn4bpxDatFleO9KFqHoBTDe0EGWHWhmShG7Mn1ubAGWJ/OUe9CLEOKVSnNYtR7MFlhoO+DmYlz5iSy7lYWmS6sTpGwIDAQAB',
			
 
				     ];
			
 
				 
			
@@ -64,8 +65,7 @@ class PayUtil
 
				 
			
 
				     public function checkSign($signature, $data)
			
 
				     {
			
 
				-        dd($this->verifySign_sort($signature,$data,$this->config['huiRsaPublicKey']));
			
 
				-        return $this->verifySign_sort($signature,$data,$this->config['huiRsaPublicKey']);
			
 
				+        return $this->verifySign($signature,$data,$this->config['huiRsaPublicKey']);
			
 
				     }
			
 
				 
			
 
				     /**
			
@@ -90,24 +90,18 @@ class PayUtil
 
				     }
			
 
				 
			
 
				     /**
			
 
				-     * 汇付公钥验签（对数据源排序），可用于 V2 版本接口返回数据验签
			
 
				+     * 使用公钥验签，可用于异步应答验签
			
 
				      *
			
 
				      * @param string $signature 签文
			
 
				-     * @param array $data 原数据(array)
			
 
				+     * @param string $data 原数据(string)
			
 
				      * @param string $rsaPublicKey 公钥
			
 
				      * @param int $alg 默认 OPENSSL_ALGO_SHA256
			
 
				+     *
			
 
				      * @return false|int 验证结果：成功/失败
			
 
				      */
			
 
				-    private function verifySign_sort($signature, $data, $rsaPublicKey, $alg = OPENSSL_ALGO_SHA256)
			
 
				-    {
			
 
				-        $key = "-----BEGIN PUBLIC KEY-----\n" . wordwrap($rsaPublicKey, 64, "\n", true) . "\n-----END PUBLIC KEY-----";
			
 
				-        ksort($data);
			
 
				-        try {
			
 
				-            return openssl_verify(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE), base64_decode($signature), $key, $alg);
			
 
				-        } catch (\Exception $e) {
			
 
				-            $this->message = $e->getMessage();
			
 
				-            return false;
			
 
				-        }
			
 
				+    public static function verifySign($signature, $data, $rsaPublicKey, $alg=OPENSSL_ALGO_SHA256){
			
 
				+        $key = "-----BEGIN PUBLIC KEY-----\n".wordwrap($rsaPublicKey, 64, "\n", true)."\n-----END PUBLIC KEY-----";
			
 
				+        return openssl_verify($data, base64_decode($signature), $key, $alg);
			
 
				     }
			
 
				 
			
 
				     private function success($message = '', $data = [])