RSA2 签名算法+JWT
Window 的openssl的安装包的下载地址为:
http://slproweb.com/products/Win32OpenSSL.html
//生成原始 RSA私钥文件
openssl genrsa -out rsa_private_key.pem 2048
//将原始 RSA私钥转换为 pkcs8格式
openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt -out private_key.pem
//生成RSA公钥
openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
//我们将私钥rsa_private_key.pem用在服务器端,公钥发放给android跟ios等前端。
PHP-RSA2签名验证代码如下
class Rsa2
{
private static $PRIVATE_KEY = 'rsa_private_key.pem 内容';
private static $PUBLIC_KEY = 'rsa_public_key.pem 内容';
/**
* 获取私钥
* @return bool|resource
*/
private static function getPrivateKey()
{
$privKey = self::$PRIVATE_KEY;
return openssl_pkey_get_private($privKey);
}
/**
* 获取公钥
* @return bool|resource
*/
private static function getPublicKey()
{
$publicKey = self::$PUBLIC_KEY;
return openssl_pkey_get_public($publicKey);
}
/**
* 创建签名
* @param string $data 数据
* @return null|string
*/
public function createSign($data = '')
{
if (!is_string($data)) {
return null;
}
return openssl_sign(
$data,
$sign,
self::getPrivateKey(),
OPENSSL_ALGO_SHA256
) ? base64_encode($sign) : null;
}
/**
* 验证签名
* @param string $data 数据
* @param string $sign 签名
* @return bool
*/
public function verifySign($data = '', $sign = '')
{
if (!is_string($sign) || !is_string($sign)) {
return false;
}
return (bool)openssl_verify(
$data,
base64_decode($sign),
self::getPublicKey(),
OPENSSL_ALGO_SHA256
);
}
}
//PHP 调用
require_once "Rsa2.php";
$rsa2 = new Rsa2();
$data = 'my data'; //待签名字符串这里应该有appid或者key
$strSign = $rsa2->createSign($data); //生成签名
var_dump($strSign);
$is_ok = $rsa2->verifySign($data, $strSign); //验证签名
var_dump($is_ok);
第三方插件->调用苹果为例子
Lcobucci\JWT
require "vendor/autoload.php";
use Lcobucci\JWT\Configuration;
use Lcobucci\JWT\Signer\Ecdsa\Sha256;
use Lcobucci\JWT\Signer\Key\InMemory;
// 1. Create a Client Secret生成配置对象
$config = Configuration::forSymmetricSigner(
Sha256::create(),
InMemory::file(__DIR__ . '/private-key.pem')//这里是上面的所指的秘钥
);
$client_id = 'SEARCHADS.27478e71-3bb0-4588-998c-182e2b405577';
$team_id = '5SEARCHADS.27478e71-3bb0-4588-998c-182e2b405577';
$key_id = 'bacaebda-e219-41ee-a907-e2c25b24d1b2';
$audience = "https://appleid.apple.com";
$alg = "ES256";
$now = new DateTimeImmutable();
$token = $config->builder()
->issuedBy($team_id)//
->permittedFor($audience)//接收人
->issuedAt($now)//签发时间
->relatedTo($client_id)
->expiresAt($now->modify('+180 days'))//过期时间
->withHeader('alg', $alg)
->withHeader('kid', $key_id)
->getToken($config->signer(), $config->signingKey());//签名
$client_secret = $token->toString();
echo "clientSecret 建议保存,有效期可设置最长 180 天\n";
echo $client_secret;
echo "\n";
// 2. 获取Token令牌
$postdata = http_build_query(
array(
'grant_type' => 'client_credentials',
'scope' => 'searchadsorg',
'client_id' => $client_id,
'client_secret' => $client_secret
)
);
$opts = array('http' =>
array(
'method' => 'POST',
'header' => "Content-Type: application/x-www-form-urlencoded"."Host: appleid.apple.com",
'content' => $postdata
)
);
$context = stream_context_create($opts);
$contents = file_get_contents('https://appleid.apple.com/auth/oauth2/token', false, $context);
$results = json_decode($contents);
echo "access_token 有效期1个小时\n";
echo $results->access_token;
echo "\n";
上一篇: jquery检测绑定什么事件