//对称验签
public function signature()
{
$pv = $_POST;
$SIGN_KEY = 'm17xjmf2b4evd52exh7v40dcveqzyko5'; // 和前端一致
// 1. 时间戳过期判断(60秒)
if (abs(time() - $pv['timestamp']) > 60) {
return json(['code' => 401, 'msg' => '签名已过期']);
}
$clientSign = $_SERVER['HTTP_X_SIGNATURE']; //获取客户端签名
if ($clientSign === '') {
return json(['code' => 402, 'msg' => '签名失败']);
}
// 2. 排序拼接字符串
ksort($pv);
$str = http_build_query($pv, '', '&');
// 3. 生成后端签名
$serverSign = hash('sha256', $str . '&secretkey=' . $SIGN_KEY);
// 4. 对比验证
if ($serverSign === $clientSign) {
return json(['code' => 200, 'msg' => '验签成功']);
} else {
return json(['code' => 403, 'msg' => '验签失败']);
}
}
//非对称验签
public function signature2()
{
// 私钥(后端保密)
$PRIVATE_KEY = <<<EOD
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDaSRnGZ80Wu2wg
pRKlt1/94XaK+xB5uXGu5BFkOlygvd+vSxZwTDBn/mL62oP5/jxCPPIfrJUwgbz4
quW39fmMhjeUOphnL+q8xAbjLOf7fFoXDHGGnzKCy2qCzcXH5aU3H4+r2GgU95LQ
pUb8uky/LMTPXVjg2NU+16niaHHzftTX9zrKS4Sq28jBOwEOI5OGZbJ+Q/0Szzvi
1uEZosRTA01zFYa3UC7Dqc11bf6AQ8ANysLpFbRNbExDEIa3bb29qdoME5sUjJmI
2qRIEqF5QKFvptn65g8X0doQUVKaxULx6q4HzcHtPacp6y8Qo8SpOhO/h4uNX3Nl
kjvtwb7VAgMBAAECggEALhqWeRNfe9emJNb4s0uh2KuQMBaLCkqiuj+tdK/m9IRm
BE4ltR5CcxSFr1oL2fdantrkgNAgypf8Y8Ekt9AaHxYSExq1KcYzHB+DHORVMwa2
uHuGVtq0/m8cVfhEN85HMPdXjwIsKZGIzsy5y5NFtnMsNmgO556km5tNZGaO+tCB
AiX4ZwV+xaI5RR5hxOs5B6dTHoljHoDLPE024yDPfiwANiczVuWeKg8ZMt0HKCTO
xMUqgYnSc2MQFucFD8eVyD6mJcbfi0Pzj6kXGbe4WO3uzKmfB9SZ13fnYYX9MiR4
zh/VezfdbpvSlUYi7VES4Ogg2V04PbydGx6i49mI2QKBgQD49dMPkqUCLwLw3Jyy
Q5QGbPuCNhQ+q5qPPAswwNE9Mw0Yg/KbpahfTfOT6f61w08w4gw8mmPrQ3whqhC1
Ev+gEgje7jVWGH0yGi0PSoSLUl87En4odte+g/PDDAnd9TNesOyl4ElAe24qoP6O
QupI+lY1mqLbi2OLK/03QfkzJwKBgQDgdTpaGdbbpKCagPCXc0kgE6zKkKziLGUi
elOjUg4ap8HcRNm6BRk8UvS2dPD3fSZwvKGAczvBBuCHoBSk8ejtVEDNdusndwVA
+Jj3Eeu0RG3s9JVozkylppaviE3XZ5UqhY7QSB3saFrpmELrYh+3fpnbhvyNeryj
/EJiijCLowKBgC705rc0OI094rcdVSzGVEAWBCYeHxlm8oL7lzy90XlSjLDIClVT
HHvFTyDh7JnJ2cDlkdtIX3o7Q0lyMy6EA9TkMeoiUcsIWWy+xSryKifBBJc2uLbX
G4AikTKDrcTAf8znX+s1b3uLDE9cCEc61cen9+SqYvc3xjG0vVDTz7XXAoGBAJXS
ifWUY89OjwkyYeWlxTzNBTxc35lEqukdn/BXGCUAryz5JB+/wX17ne6gFiwMdHkx
39dek5cfoQXGe6Ex/BlWcL70zrgUAQTCK1BXvO4h8wIErCo98flsPg7Cu7q5YF72
sUIjsR2Y9n4P7TMy1xrjPY3EB5XkREBtZF5kAU1jAoGBAM5PG+LghP5rbOCSVSoq
/nG0jFIoqrckEL5QtwsOFr/6/R+lJpfLF+Mvs4VKz94vOGGkRGDR0fH7Ev/LCjY3
tcZwU2BPc8AQsE0Xe76ZYOLinBuc/JAKNaTeCyuQDJwInJCuJOuy0cKgYzzDPNF0
hwOf1OONVkvTakW6Go7u84QB
-----END PRIVATE KEY-----
EOD;
$pv = $_POST;
// 1. 时间戳过期判断(60秒)
if (abs(time() - $pv['timestamp']) > 60) {
return json(['code' => 401, 'msg' => '签名已过期']);
}
// 排序
ksort($pv);
$paramStr = http_build_query($pv, '', '&');
$clientSign = $_SERVER['HTTP_X_SIGNATURE'] ?? ''; //获取客户端签名
if ($clientSign === '') {
return json(['code' => 402, 'msg' => '签名失败']);
}
// ==========================
// 正确验签(无任何报错)
// ==========================
$key = openssl_pkey_get_private($PRIVATE_KEY);
openssl_private_decrypt(base64_decode($clientSign), $decryptedHash, $key);
$serverHash = hash('sha256', $paramStr);
$verify = $decryptedHash === $serverHash ? 1 : 0;
if ($verify) {
return json(['code' => 200, 'msg' => '验签成功']);
} else {
return json(['code' => 403, 'msg' => '验签失败']);
}
}
