钉钉回调消息对接
Thinkphp5对接钉钉
<?php
namespace dingding;
/**
* PHP7.1及其之上版本的回调加解密类库
* 该版本依赖openssl_encrypt方法加解密,注意版本依赖 (PHP 5 >= 5.3.0, PHP 7)
*/
class DingCallbackCrypto
{
/**
* @param token 钉钉开放平台上,开发者设置的token
* @param encodingAesKey 钉钉开放台上,开发者设置的EncodingAESKey
* @param corpId 企业自建应用-事件订阅, 使用appKey
* 企业自建应用-注册回调地址, 使用corpId
* 第三方企业应用, 使用suiteKey
*/
private $m_token;
private $m_encodingAesKey;
private $m_corpId;
//注意这里修改为构造函数
function __construct($token, $aes_key, $appkey)
{
$this->m_token = $token;
$this->m_encodingAesKey = $aes_key;
$this->m_corpId = $appkey;
}
public function getEncryptedMap($plain){
$timeStamp = time();
$pc = new Prpcrypt($this->m_encodingAesKey);
$nonce= $pc->getRandomStr();
return $this->getEncryptedMapDetail($plain, $timeStamp, $nonce);
}
/**
* 加密回调信息
*/
public function getEncryptedMapDetail($plain, $timeStamp, $nonce)
{
$pc = new Prpcrypt($this->m_encodingAesKey);
$array = $pc->encrypt($plain, $this->m_corpId);
$ret = $array[0];
if ($ret != 0) {
//return $ret;
return ['ErrorCode'=>$ret, 'data' => ''];
//throw new Exception('AES加密错误',ErrorCode::$EncryptAESError);
}
if ($timeStamp == null) {
$timeStamp = time();
}
$encrypt = $array[1];
$sha1 = new SHA1;
$array = $sha1->getSHA1($this->m_token, $timeStamp, $nonce, $encrypt);
$ret = $array[0];
if ($ret != 0) {
return $ret;
// throw new Exception('ComputeSignatureError',ErrorCode::$ComputeSignatureError);
}
$signature = $array[1];
$encryptMsg = json_encode(array(
"msg_signature" => $signature,
"encrypt" => $encrypt,
"timeStamp" => $timeStamp,
"nonce" => $nonce
));
return $encryptMsg;
}
/**
* 解密回调信息
*/
public function getDecryptMsg($signature, $timeStamp = null, $nonce, $encrypt)
{
if (strlen($this->m_encodingAesKey) != 43) {
//return ErrorCode::$IllegalAesKey;
return ['ErrorCode'=>ErrorCode::$IllegalAesKey, 'data' => ''];
//throw new Exception('IllegalAesKey',ErrorCode::$IllegalAesKey);
}
$pc = new Prpcrypt($this->m_encodingAesKey);
if ($timeStamp == null) {
$timeStamp = time();
}
$sha1 = new SHA1;
$array = $sha1->getSHA1($this->m_token, $timeStamp, $nonce, $encrypt);
$ret = $array[0];
if ($ret != 0) {
//return $ret;
return ['ErrorCode'=>$ret, 'data' => ''];
//throw new Exception('ComputeSignatureError',ErrorCode::$ComputeSignatureError);
}
$verifySignature = $array[1];
if ($verifySignature != $signature) {
//return ErrorCode::$ValidateSignatureError;
return ['ErrorCode'=>ErrorCode::$ValidateSignatureError, 'data' => ''];
//throw new Exception('ValidateSignatureError',ErrorCode::$ValidateSignatureError);
}
$result = $pc->decrypt($encrypt, $this->m_corpId);
if ($result[0] != 0) {
//return $result[0];
return ['ErrorCode'=>$result[0], 'data' => ''];
//throw new Exception('DecryptAESError',ErrorCode::$DecryptAESError);
}
$decryptMsg = $result[1];
//return ErrorCode::$OK;
return $decryptMsg;
}
}
class SHA1
{
public function getSHA1($token, $timestamp, $nonce, $encrypt_msg)
{
try {
$array = array($encrypt_msg, $token, $timestamp, $nonce);
sort($array, SORT_STRING);
$str = implode($array);
return array(ErrorCode::$OK, sha1($str));
} catch (Exception $e) {
print $e . "\n";
return array(ErrorCode::$ComputeSignatureError, null);
}
}
}
/**
* error code 说明.
* <ul>
* <li>-900004: encodingAesKey 非法</li>
* <li>-900005: 签名验证错误</li>
* <li>-900006: sha加密生成签名失败</li>
* <li>-900007: aes 加密失败</li>
* <li>-900008: aes 解密失败</li>
* <li>-900010: suiteKey 校验错误</li>
* </ul>
*/
class ErrorCode
{
public static $OK = 0;
public static $IllegalAesKey = 900004;
public static $ValidateSignatureError = 900005;
public static $ComputeSignatureError = 900006;
public static $EncryptAESError = 900007;
public static $DecryptAESError = 900008;
public static $ValidateSuiteKeyError = 900010;
}
class PKCS7Encoder
{
public static $block_size = 32;
function encode($text)
{
$block_size = PKCS7Encoder::$block_size;
$text_length = strlen($text);
$amount_to_pad = PKCS7Encoder::$block_size - ($text_length % PKCS7Encoder::$block_size);
if ($amount_to_pad == 0) {
$amount_to_pad = PKCS7Encoder::block_size;
}
$pad_chr = chr($amount_to_pad);
$tmp = "";
for ($index = 0; $index < $amount_to_pad; $index++) {
$tmp .= $pad_chr;
}
return $text . $tmp;
}
function decode($text)
{
$pad = ord(substr($text, -1));
if ($pad < 1 || $pad > PKCS7Encoder::$block_size) {
$pad = 0;
}
return substr($text, 0, (strlen($text) - $pad));
}
}
class Prpcrypt
{
public $key;
function __construct($k){//这个方法很关键
$this->key = base64_decode($k . "=");
}
/**function Prpcrypt($k)
{
$this->key = base64_decode($k . "=");
}**/
public function encrypt($text, $corpid)
{
try {
//获得16位随机字符串,填充到明文之前
$random = $this->getRandomStr();
$text = $random . pack("N", strlen($text)) . $text . $corpid;
//$this->key = base64_decode('GJkRbBVD8PPn86587aCNRmkvbWs4COxbyjqSMX9LOhE' . "=");
$iv = substr($this->key, 0, 16);
// 网络字节序
// $size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
// $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
//使用自定义的填充方式对明文进行补位填充
$pkc_encoder = new PKCS7Encoder;
$text = $pkc_encoder->encode($text);
// mcrypt_generic_init($module, $this->key, $iv);
// //加密
// $encrypted = mcrypt_generic($module, $text);
// mcrypt_generic_deinit($module);
// mcrypt_module_close($module);
$encrypted = openssl_encrypt($text, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv );
//print(base64_encode($encrypted));
//使用BASE64对加密后的字符串进行编码
return array(ErrorCode::$OK, base64_encode($encrypted));
} catch (Exception $e) {
print $e;
return array(ErrorCode::$EncryptAESError, null);
}
}
public function decrypt($encrypted, $corpid)
{
try {
$ciphertext_dec = base64_decode($encrypted);
// $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
$iv = substr($this->key, 0, 16);
// mcrypt_generic_init($module, $this->key, $iv);
// $decrypted = mdecrypt_generic($module, $ciphertext_dec);
// mcrypt_generic_deinit($module);
// mcrypt_module_close($module);
$decrypted = openssl_decrypt ( $ciphertext_dec, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv );
// return $decrypted;
} catch (Exception $e) {
return array(ErrorCode::$DecryptAESError, null);
}
try {
//去除补位字符
$pkc_encoder = new PKCS7Encoder;
$result = $pkc_encoder->decode($decrypted);
//去除16位随机字符串,网络字节序和AppId
if (strlen($result) < 16)
return "";
$content = substr($result, 16, strlen($result));
$len_list = unpack("N", substr($content, 0, 4));
$xml_len = $len_list[1];
$xml_content = substr($content, 4, $xml_len);
$from_corpid = substr($content, $xml_len + 4);
} catch (Exception $e) {
print $e;
return array(ErrorCode::$DecryptAESError, null);
}
if ($from_corpid != $corpid)
return array(ErrorCode::$ValidateSuiteKeyError, null);
return array(0, $xml_content);
}
function getRandomStr()
{
$str = substr(md5(time()),8,16);
return $str;
}
}
?>
1、将php文件复制到 /extend/dingding/DingCallbackCrypto.php 文件夹下
2、引用它
<?php
namespace app\home\controller;
use dingding\DingCallbackCrypto;//引用它
use think\Controller;
class Index extends Controller{
/**
钉钉回调消息
**/
public function index(){
$signature = input('signature',false);
$msg_signature = input('msg_signature',false);
$timestamp = input('timestamp',false);
$nonce = input('nonce',false);
$appkey = config('dd_appkey');
$dd_token = config('dd_token');
$dd_aes_key = config('dd_aes_key');
$postStr = file_get_contents("php://input");
$post_json = json_decode($postStr,true);
$DingCallbackCrypto = new DingCallbackCrypto($dd_token,$dd_aes_key,$appkey);
$dd_json = $DingCallbackCrypto->getDecryptMsg($msg_signature,$timestamp,$nonce,$post_json['encrypt']);//解密
$dd_json = json_decode($dd_json,true);
if($dd_json['EventType']=='check_url'){
//设置订阅事件时使用
$res = $DingCallbackCrypto->getEncryptedMap("success");//加密
echo $res;
}else{
//接收订阅事件时使用
$data['detail'] = json_encode($dd_json);
$data['create_time'] = date('Y-m-d H:i:s');
db('notice_event')->insert($data);
}
exit();
}
