= 5.3.0, PHP 7) */ class DingCallbackCrypto { /** * @param token 钉钉开放平台上，开发者设置的token * @param encodingAesKey 钉钉开放台上，开发者设置的EncodingAESKey * @param corpId 企业自建应用-事件订阅, 使用appKey * 企业自建应用-注册回调地址, 使用corpId * 第三方企业应用, 使用suiteKey */ private $m_token; private $m_encodingAesKey; private $m_corpId; //注意这里修改为构造函数 function __construct($token, $encodingAesKey, $ownerKey) { $this->m_token = $token; $this->m_encodingAesKey = $encodingAesKey; $this->m_corpId = $ownerKey; } public function getEncryptedMap($plain){ $timeStamp = time(); $pc = new Prpcrypt($this->m_encodingAesKey); $nonce= $pc->getRandomStr(); return $this->getEncryptedMapDetail($plain, $timeStamp, $nonce); } /** * 加密回调信息 */ public function getEncryptedMapDetail($plain, $timeStamp, $nonce) { $pc = new Prpcrypt($this->m_encodingAesKey); $array = $pc->encrypt($plain, $this->m_corpId); $ret = $array[0]; if ($ret != 0) { //return $ret; // return ['ErrorCode'=>$ret, 'data' => '']; throw new \Exception('AES加密错误',ErrorCode::$EncryptAESError); } if ($timeStamp == null) { $timeStamp = time(); } $encrypt = $array[1]; $sha1 = new SHA1; $array = $sha1->getSHA1($this->m_token, $timeStamp, $nonce, $encrypt); $ret = $array[0]; if ($ret != 0) { //return $ret; throw new \Exception('ComputeSignatureError',ErrorCode::$ComputeSignatureError); } $signature = $array[1]; $encryptMsg = json_encode(array( "msg_signature" => $signature, "encrypt" => $encrypt, "timeStamp" => $timeStamp, "nonce" => $nonce )); return $encryptMsg; } /** * 解密回调信息 */ public function getDecryptMsg($signature, $timeStamp = null, $nonce, $encrypt) { if (strlen($this->m_encodingAesKey) != 43) { //return ErrorCode::$IllegalAesKey; // return ['ErrorCode'=>ErrorCode::$IllegalAesKey, 'data' => '']; throw new \Exception('IllegalAesKey',ErrorCode::$IllegalAesKey); } $pc = new Prpcrypt($this->m_encodingAesKey); if ($timeStamp == null) { $timeStamp = time(); } $sha1 = new SHA1; $array = $sha1->getSHA1($this->m_token, $timeStamp, $nonce, $encrypt); $ret = $array[0]; if ($ret != 0) { //return $ret; // return ['ErrorCode'=>$ret, 'data' => '']; throw new \Exception('ComputeSignatureError',ErrorCode::$ComputeSignatureError); } $verifySignature = $array[1]; if ($verifySignature != $signature) { //return ErrorCode::$ValidateSignatureError; //return ['ErrorCode'=>ErrorCode::$ValidateSignatureError, 'data' => '']; throw new \Exception('ValidateSignatureError',ErrorCode::$ValidateSignatureError); } $result = $pc->decrypt($encrypt, $this->m_corpId); if ($result[0] != 0) { //return $result[0]; // return ['ErrorCode'=>$result[0], 'data' => '']; throw new \Exception('DecryptAESError',ErrorCode::$DecryptAESError); } $decryptMsg = $result[1]; //return ErrorCode::$OK; return $decryptMsg; } } class SHA1 { public function getSHA1($token, $timestamp, $nonce, $encrypt_msg) { try { $array = array($encrypt_msg, $token, $timestamp, $nonce); sort($array, SORT_STRING); $str = implode($array); return array(ErrorCode::$OK, sha1($str)); } catch (\Exception $e) { print $e . "\n"; return array(ErrorCode::$ComputeSignatureError, null); } } } /** * error code 说明. *

*
• -900004: encodingAesKey 非法
*
• -900005: 签名验证错误
*
• -900006: sha加密生成签名失败
*
• -900007: aes 加密失败
*
• -900008: aes 解密失败
*
• -900010: suiteKey 校验错误
*

*/ class ErrorCode { public static $OK = 0; public static $IllegalAesKey = 900004; public static $ValidateSignatureError = 900005; public static $ComputeSignatureError = 900006; public static $EncryptAESError = 900007; public static $DecryptAESError = 900008; public static $ValidateSuiteKeyError = 900010; } class PKCS7Encoder { public static $block_size = 32; function encode($text) { $block_size = PKCS7Encoder::$block_size; $text_length = strlen($text); $amount_to_pad = PKCS7Encoder::$block_size - ($text_length % PKCS7Encoder::$block_size); if ($amount_to_pad == 0) { $amount_to_pad = PKCS7Encoder::$block_size; } $pad_chr = chr($amount_to_pad); $tmp = ""; for ($index = 0; $index < $amount_to_pad; $index++) { $tmp .= $pad_chr; } return $text . $tmp; } function decode($text) { $pad = ord(substr($text, -1)); if ($pad < 1 || $pad > PKCS7Encoder::$block_size) { $pad = 0; } return substr($text, 0, (strlen($text) - $pad)); } } class Prpcrypt { public $key; function __construct($k) { $this->key = base64_decode($k . "="); } public function encrypt($text, $corpid) { try { //获得16位随机字符串，填充到明文之前 $random = $this->getRandomStr(); $text = $random . pack("N", strlen($text)) . $text . $corpid; $iv = substr($this->key, 0, 16); // 网络字节序 // $size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); // $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''); //使用自定义的填充方式对明文进行补位填充 $pkc_encoder = new PKCS7Encoder; $text = $pkc_encoder->encode($text); // mcrypt_generic_init($module, $this->key, $iv); // //加密 // $encrypted = mcrypt_generic($module, $text); // mcrypt_generic_deinit($module); // mcrypt_module_close($module); $encrypted = openssl_encrypt($text, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv ); //print(base64_encode($encrypted)); //使用BASE64对加密后的字符串进行编码 return array(ErrorCode::$OK, base64_encode($encrypted)); } catch (\Exception $e) { print $e; return array(ErrorCode::$EncryptAESError, null); } } public function decrypt($encrypted, $corpid) { try { $ciphertext_dec = base64_decode($encrypted); // $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''); $iv = substr($this->key, 0, 16); // mcrypt_generic_init($module, $this->key, $iv); // $decrypted = mdecrypt_generic($module, $ciphertext_dec); // mcrypt_generic_deinit($module); // mcrypt_module_close($module); $decrypted = openssl_decrypt ( $ciphertext_dec, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv ); // return $decrypted; } catch (\Exception $e) { return array(ErrorCode::$DecryptAESError, null); } try { //去除补位字符 $pkc_encoder = new PKCS7Encoder; $result = $pkc_encoder->decode($decrypted); //去除16位随机字符串,网络字节序和AppId if (strlen($result) < 16) return ""; $content = substr($result, 16, strlen($result)); $len_list = unpack("N", substr($content, 0, 4)); $xml_len = $len_list[1]; $xml_content = substr($content, 4, $xml_len); $from_corpid = substr($content, $xml_len + 4); } catch (\Exception $e) { print $e; return array(ErrorCode::$DecryptAESError, null); } if ($from_corpid != $corpid) return array(ErrorCode::$ValidateSuiteKeyError, null); return array(0, $xml_content); } function getRandomStr() { $str = ""; $str_pol = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz"; $max = strlen($str_pol) - 1; for ($i = 0; $i < 16; $i++) { $str .= $str_pol[mt_rand(0, $max)]; } return $str; } } ///** // * 以下为开发者需要自行构造的接口(也就是回调url)，接口内调用demo类中的解密和加密方法即可 // */ // //function test_demo(){ // // 构造加解密方法 // $crypt = new DingCallbackCrypto("token", "aes_key", "ownerKey"); // // 解密方法； data为钉钉服务器请求开发者该接口时携带的参数(msg_signature,timeStamp和nonce在request中，encrypt在body中) // $text = $crypt->getDecryptMsg($data->msg_signature, $data->timeStamp, $data->nonce, $data->encrypt); // var_dump($text); // // 加密返回；参数固定传success字符串，该方法得到的信息直接返回给钉钉服务器即可 // $res = $crypt->getEncryptedMap("success"); // var_dump($res); //} // //test_demo();