1.获取Authorization Code
2.通过Authorization Code获取Access Token
3.通过AccessToken获取用户的个人信息
注意:签名的时候是所有参数都要传过去
appId和appSecrect自己去农行创建应用,请自行替换,代码中展示的是demo
signCertPath:是私钥的绝对路径
private $appId = "24501a5d-e841-4827-b2b3-d14a9ea3fba4";
private $appSecret = "cff054d1d7c84036a3dc160f9457e5f423704b15";
private $config = [
'signCertPath'=> Url::to("@common/helpers/ABC_OpenBank_ThridPart_Test.pfx"),
'signCertPwd'=>"111111",
];
public function getUserInfo($accessToken ='')
{
if(!$accessToken)
{
$accessToken = $this->getToken();
if(empty($accessToken))
{
echo "access_token未获取";exit;
}
}
$key = substr($this->appSecret,0,24);
$iv = substr($this->appSecret,24);
$biz_data = "";
$encrypt_data = openssl_encrypt($biz_data,"aes192",$key,false,$iv);
$data["appid"] = $this->appId;
$data["biz_data"] = $biz_data;
$data["sign_type"] = "SHA256";
$data["timestamp"] = date('Y-m-d H:i:s',time());
$data["encrypt_data"] = $encrypt_data;
$data["encrypt_type"] = "AES";
$data['nonce'] = $this->getRandom(32);//生成32位随机谁
$data["sign"] = $this->_makeSign($data);//使用私钥进行签名;
$header = [
"Authorization:Bearer".$accessToken,
"Content-type:application/json"
];
$api_url = "https://openbank.abchina.com/GateWay/openabc/api/ket/userinfo/v1";
$result2 = $this->http_post2($api_url, $data, $header);
$result2 = @json_decode($result2,true);
return $result2;
}
private function getRandom($param){
$str="0123456789abcdefghijklmnopqrstuvwxyz";
$key = "";
for($i=0;$i<$param;$i++)
{
$key .= $str[mt_rand(0,32)]; //生成php随机数
}
return $key;
}
//对数据进行签名
private function _makeSign(array $data)
{
$signData = '';
ksort($data);
foreach ($data as $k => $v){
if (empty($v) || $v=='' || $v == null)
continue;
else
$signData .= $v.'@';
}
$signData = trim($signData, '@');
$pkcs12=file_get_contents($this->config['signCertPath']);
$certs=array();
//1、读取证书
openssl_pkcs12_read($pkcs12,$certs,$this->config['signCertPwd']);
if(!empty($certs))
{
//2、验证证书是否在有效期内
$cer = openssl_x509_parse($certs['cert']);
// var_dump($certs);exit;
$t = time();
if ($t < $cer['validFrom_time_t'] || $t > $cer['validTo_time_t']) {
throw new Exception("不在有效期内!");
}
//3、取得密钥
$pkey = openssl_pkey_get_private($certs['pkey']);
//加密 OPENSSL_ALGO_SHA1 OPENSSL_ALGO_SHA256
if(!openssl_sign($signData, $signature, $pkey, OPENSSL_ALGO_SHA256))
{
return null;
}
openssl_free_key($pkey);
$signature = base64_encode($signature);
return $signature;
}
return '';
}
protected function http_post2($url, $data,$header = array()) {
if(!is_array($data))
return array();
$data = @json_encode($data);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
if($header){
curl_setopt($ch, CURLOPT_HTTPHEADER,$header);
}
curl_setopt($ch, CURLOPT_HEADER,0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_TIMEOUT, 60);//超时时间
$res = curl_exec($ch);
curl_close($ch);
return $res;
}
感谢@jian简减提供帮助