|
|
@@ -22,35 +22,37 @@ class DingTalkCrypto
|
|
|
* @param string $encrypt 消息体 encrypt
|
|
|
* @return array|false
|
|
|
*/
|
|
|
- public function decryptMsg(string $signature, string $timestamp, string $nonce, string $encrypt)
|
|
|
+ public function decryptMsg(string $msgSignature, string $timestamp, string $nonce, string $encrypt)
|
|
|
{
|
|
|
- // 1. 验签(官方:token + timestamp + nonce + encrypt)
|
|
|
- $tmpStr = $this->token . $timestamp . $nonce . $encrypt;
|
|
|
+ // 验签
|
|
|
+ $tmpArr = [$this->token, $timestamp, $nonce, $encrypt];
|
|
|
+ sort($tmpArr, SORT_STRING);
|
|
|
+ $tmpStr = implode('', $tmpArr);
|
|
|
$hash = sha1($tmpStr);
|
|
|
- if ($hash !== $signature) {
|
|
|
+ if ($hash !== $msgSignature) {
|
|
|
return false;
|
|
|
}
|
|
|
|
|
|
- // 2. 解密 AES-256-CBC
|
|
|
- $aesKey = base64_decode($this->encodingAesKey); // 官方不加 "="
|
|
|
+ // AES 解密
|
|
|
+ $aesKey = base64_decode($this->encodingAesKey . '='); // 补足 padding
|
|
|
$iv = substr($aesKey, 0, 16);
|
|
|
$cipherText = base64_decode($encrypt);
|
|
|
-
|
|
|
$decrypted = openssl_decrypt($cipherText, 'AES-256-CBC', $aesKey, OPENSSL_ZERO_PADDING, $iv);
|
|
|
if ($decrypted === false) return false;
|
|
|
|
|
|
- // 3. 去 padding
|
|
|
+ // 去掉 padding
|
|
|
$decrypted = $this->pkcs7Unpad($decrypted);
|
|
|
|
|
|
- // 4. 去掉前 16 位随机字符串
|
|
|
+ // 去掉前16位随机字符串
|
|
|
$content = substr($decrypted, 16);
|
|
|
|
|
|
- // 5. 读取消息长度
|
|
|
+ // 读取消息长度
|
|
|
$lenList = unpack("N", substr($content, 0, 4));
|
|
|
$jsonLen = $lenList[1];
|
|
|
|
|
|
- // 6. 获取消息 JSON
|
|
|
+ // 获取 JSON
|
|
|
$json = substr($content, 4, $jsonLen);
|
|
|
+
|
|
|
return json_decode($json, true);
|
|
|
}
|
|
|
|
cqp