跨境商品支付接入

common/helpers/UPOP/PaySign.php

@@ -60,13 +60,32 @@ class PaySign {
         }
     }
 
+    public function decodeData($encryptKey, $signData, $encryptData)
+    {
+        // 商户RSA私钥
+        $private_rsa_key = file_get_contents($this->getPath() . $this->agencyId . '/' . $this->agencyId.  '.pem');
+        // 平台RSA公钥
+        $public_rsa_key = file_get_contents($this->getPath() . $this->agencyId . '/' . 'GHT_ROOT.pem');
+        // encryptKey RSA解密
+        $rootAesKey = $this->rsaDecode($encryptKey, $private_rsa_key);
+        // encryptData AES解密
+        $payload = $this->aesDecode($encryptData, $rootAesKey);
+        // 用平台公钥对signData验签
+        if ($this->verifySign($payload, $signData, $public_rsa_key)) {
+            return json_decode($payload, true);
+        } else {
+            // 验签失败
+            return false;
+        }
+    }
+
     private function aesEncode($data, $aes_key): string
     {
         $encrypt_data = openssl_encrypt($this->pad($data), "aes-128-ecb", $aes_key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING);
         return base64_encode($encrypt_data);
     }
 
-    public function aesDecode($data,$aes_key)
+    public function aesDecode($data, $aes_key)
     {
         $data = base64_decode($data);
         return openssl_decrypt($data, "aes-128-ecb", $aes_key, OPENSSL_RAW_DATA);
@@ -108,7 +127,7 @@ class PaySign {
 
     private function verifySign($data, $signData, $public_rsa_key): bool
     {
-        $signData =base64_decode($signData);
+        $signData = base64_decode($signData);
         $res = openssl_get_publickey($public_rsa_key);
         $result = openssl_verify($data, $signData, $res);
         openssl_free_key($res);

frontendApi/modules/v1/controllers/ShopController.php

@@ -765,38 +765,25 @@ class ShopController extends BaseController {
      * @throws \Exception
      */
     public function actionUpopWebhook() {
-        if (\Yii::$app->request->isPost) {
-            $data = \Yii::$app->request->post();
-            $type = 'post';
-        } elseif (\Yii::$app->request->isGet) {
-            $data = \Yii::$app->request->get();
-            $type = 'get';
-        } else {
-            $data = '.................';
-            $type = '.................';
+        $rawPostData = \Yii::$app->request->post();
+        LoggerTool::debug(['UPOP - webhook: (init).', $rawPostData]);
+
+        // signData agencyId encryptKey encryptData
+        $agencyId = $rawPostData['agencyId'] ?? '';
+        $signData = $rawPostData['signData'] ?? '';
+        $encryptKey = $rawPostData['encryptKey'] ?? '';
+        $encryptData = $rawPostData['encryptData'] ?? '';
+        // 终端号
+        if (!$agencyId || $agencyId != \Yii::$app->params['UPOP']['agencyId']) {
+            LoggerTool::error([sprintf('UPOP - webhook: (error). agencyId {%s} does not exits or error.', $agencyId)]);
+
+            echo 'success';
+            return http_response_code(200);
         }
+        // 解密
+        $response = (new PaySign())->decodeData($encryptKey, $signData, $encryptData);
+        LoggerTool::info([sprintf('UPOP - webhook: (error). agencyId {%s}', $response)]);
 
-        LoggerTool::info(['actionUpopWebhook', $type, $data]);
-
-
-        // 支付成功的webhook.
-//        $rawPostData = file_get_contents('php://input');
-//        LoggerTool::debug(['actionUpopWebhook', $rawPostData]);
-//
-//        $data = [];
-//        if (strlen($rawPostData) > 0) {
-//            $rawPostArray = explode('&', $rawPostData);
-//            foreach ($rawPostArray as $raw) {
-//                $raw = explode('=', $raw);
-//                if (count($raw) == 2)
-//                    $data[$raw[0]] = urldecode($raw[1]);
-//            }
-//        }
-//
-//        LoggerTool::info(['actionUpopWebhook', $data]);
-
-        // 支付webhook回调日志
-        //Tool::approachOrderCall($data);
 
 //        try {
 //            // 订单状态