صفحهٔ اصلی گشت‌و‌گذار راهنما
ثبت نام ورود
php_group
/
kly_api
2
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
درخت: 22c5d4089e
شاخه‌ها تگ‌ها
kly_api
/
base
/
composer
/
vendor
/
bin
/
CertificateDownloader.php

CertificateDownloader.php 8.7 KB
تاريخچه خام

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235 
  1. #!/usr/bin/env php
    2. 

  2. <?php declare(strict_types=1);
    3. 

  3. 

  4. // load autoload.php
    5. 

  5. $possibleFiles = [__DIR__.'/../vendor/autoload.php', __DIR__.'/../../../autoload.php', __DIR__.'/../../autoload.php'];
    6. 

  6. $file = null;
    7. 

  7. foreach ($possibleFiles as $possibleFile) {
    8. 

  8.     if (\file_exists($possibleFile)) {
    9. 

  9.         $file = $possibleFile;
    10. 

  10.         break;
    11. 

  11.     }
    12. 

  12. }
    13. 

  13. if (null === $file) {
    14. 

  14.     throw new \RuntimeException('Unable to locate autoload.php file.');
    15. 

  15. }
    16. 

  16. 

  17. require_once $file;
    18. 

  18. unset($possibleFiles, $possibleFile, $file);
    19. 

  19. 

  20. use GuzzleHttp\Middleware;
    21. 

  21. use GuzzleHttp\Utils;
    22. 

  22. use GuzzleHttp\Exception\RequestException;
    23. 

  23. use Psr\Http\Message\ResponseInterface;
    24. 

  24. use WeChatPay\Builder;
    25. 

  25. use WeChatPay\ClientDecoratorInterface;
    26. 

  26. use WeChatPay\Crypto\AesGcm;
    27. 

  27. 

  28.  /**
    29. 

  29.   * CertificateDownloader class
    30. 

  30.   */
    31. 

  31. class CertificateDownloader
    32. 

  32. {
    33. 

  33.     private const DEFAULT_BASE_URI = 'https://api.mch.weixin.qq.com/';
    34. 

  34. 

  35.     public function run(): void
    36. 

  36.     {
    37. 

  37.         $opts = $this->parseOpts();
    38. 

  38. 

  39.         if (!$opts || isset($opts['help'])) {
    40. 

  40.             $this->printHelp();
    41. 

  41.             return;
    42. 

  42.         }
    43. 

  43.         if (isset($opts['version'])) {
    44. 

  44.             static::prompt(ClientDecoratorInterface::VERSION);
    45. 

  45.             return;
    46. 

  46.         }
    47. 

  47.         $this->job($opts);
    48. 

  48.     }
    49. 

  49. 

  50.     /**
    51. 

  51.      * Before `verifier` executing, decrypt and put the platform certificate(s) into the `$certs` reference.
    52. 

  52.      *
    53. 

  53.      * @param string $apiv3Key
    54. 

  54.      * @param array<string,?string> $certs
    55. 

  55.      *
    56. 

  56.      * @return callable(ResponseInterface)
    57. 

  57.      */
    58. 

  58.     private static function certsInjector(string $apiv3Key, array &$certs): callable {
    59. 

  59.         return static function(ResponseInterface $response) use ($apiv3Key, &$certs): ResponseInterface {
    60. 

  60.             $body = (string) $response->getBody();
    61. 

  61.             /** @var object{data:array<object{encrypt_certificate:object{serial_no:string,nonce:string,associated_data:string}}>} $json */
    62. 

  62.             $json = Utils::jsonDecode($body);
    63. 

  63.             $data = \is_object($json) && isset($json->data) && \is_array($json->data) ? $json->data : [];
    64. 

  64.             \array_map(static function($row) use ($apiv3Key, &$certs) {
    65. 

  65.                 $cert = $row->encrypt_certificate;
    66. 

  66.                 $certs[$row->serial_no] = AesGcm::decrypt($cert->ciphertext, $apiv3Key, $cert->nonce, $cert->associated_data);
    67. 

  67.             }, $data);
    68. 

  68. 

  69.             return $response;
    70. 

  70.         };
    71. 

  71.     }
    72. 

  72. 

  73.     /**
    74. 

  74.      * @param array<string,string|true> $opts
    75. 

  75.      *
    76. 

  76.      * @return void
    77. 

  77.      */
    78. 

  78.     private function job(array $opts): void
    79. 

  79.     {
    80. 

  80.         static $certs = ['any' => null];
    81. 

  81. 

  82.         $outputDir = $opts['output'] ?? \sys_get_temp_dir();
    83. 

  83.         $apiv3Key = (string) $opts['key'];
    84. 

  84. 

  85.         $instance = Builder::factory([
    86. 

  86.             'mchid'      => $opts['mchid'],
    87. 

  87.             'serial'     => $opts['serialno'],
    88. 

  88.             'privateKey' => \file_get_contents((string)$opts['privatekey']),
    89. 

  89.             'certs'      => &$certs,
    90. 

  90.             'base_uri'   => (string)($opts['baseuri'] ?? self::DEFAULT_BASE_URI),
    91. 

  91.         ]);
    92. 

  92. 

  93.         /** @var \GuzzleHttp\HandlerStack $stack */
    94. 

  94.         $stack = $instance->getDriver()->select(ClientDecoratorInterface::JSON_BASED)->getConfig('handler');
    95. 

  95.         // The response middle stacks were executed one by one on `FILO` order.
    96. 

  96.         $stack->after('verifier', Middleware::mapResponse(static::certsInjector($apiv3Key, $certs)), 'injector');
    97. 

  97.         $stack->before('verifier', Middleware::mapResponse(static::certsRecorder((string) $outputDir, $certs)), 'recorder');
    98. 

  98. 

  99.         $instance->chain('v3/certificates')->getAsync(
    100. 

  100.             ['debug' => true]
    101. 

  101.         )->otherwise(static function($exception) {
    102. 

  102.             static::prompt($exception->getMessage());
    103. 

  103.             if ($exception instanceof RequestException && $exception->hasResponse()) {
    104. 

  104.                 /** @var ResponseInterface $response */
    105. 

  105.                 $response = $exception->getResponse();
    106. 

  106.                 static::prompt((string) $response->getBody(), '', '');
    107. 

  107.             }
    108. 

  108.             static::prompt($exception->getTraceAsString());
    109. 

  109.         })->wait();
    110. 

  110.     }
    111. 

  111. 

  112.     /**
    113. 

  113.      * After `verifier` executed, wrote the platform certificate(s) onto disk.
    114. 

  114.      *
    115. 

  115.      * @param string $outputDir
    116. 

  116.      * @param array<string,?string> $certs
    117. 

  117.      *
    118. 

  118.      * @return callable(ResponseInterface)
    119. 

  119.      */
    120. 

  120.     private static function certsRecorder(string $outputDir, array &$certs): callable {
    121. 

  121.         return static function(ResponseInterface $response) use ($outputDir, &$certs): ResponseInterface {
    122. 

  122.             $body = (string) $response->getBody();
    123. 

  123.             /** @var object{data:array<object{effective_time:string,expire_time:string:serial_no:string}>} $json */
    124. 

  124.             $json = Utils::jsonDecode($body);
    125. 

  125.             $data = \is_object($json) && isset($json->data) && \is_array($json->data) ? $json->data : [];
    126. 

  126.             \array_walk($data, static function($row, $index, $certs) use ($outputDir) {
    127. 

  127.                 $serialNo = $row->serial_no;
    128. 

  128.                 $outpath = $outputDir . \DIRECTORY_SEPARATOR . 'wechatpay_' . $serialNo . '.pem';
    129. 

  129. 

  130.                 static::prompt(
    131. 

  131.                     'Certificate #' . $index . ' {',
    132. 

  132.                     '    Serial Number: ' . static::highlight($serialNo),
    133. 

  133.                     '    Not Before: ' . (new \DateTime($row->effective_time))->format(\DateTime::W3C),
    134. 

  134.                     '    Not After: ' . (new \DateTime($row->expire_time))->format(\DateTime::W3C),
    135. 

  135.                     '    Saved to: ' . static::highlight($outpath),
    136. 

  136.                     '    You may confirm the above infos again even if this library already did(by Crypto\Rsa::verify):',
    137. 

  137.                     '      ' . static::highlight(\sprintf('openssl x509 -in %s -noout -serial -dates', $outpath)),
    138. 

  138.                     '    Content: ', '', $certs[$serialNo], '',
    139. 

  139.                     '}'
    140. 

  140.                 );
    141. 

  141. 

  142.                 \file_put_contents($outpath, $certs[$serialNo]);
    143. 

  143.             }, $certs);
    144. 

  144. 

  145.             return $response;
    146. 

  146.         };
    147. 

  147.     }
    148. 

  148. 

  149.     /**
    150. 

  150.      * @param string $thing
    151. 

  151.      */
    152. 

  152.     private static function highlight(string $thing): string
    153. 

  153.     {
    154. 

  154.         return \sprintf("\x1B[1;32m%s\x1B[0m", $thing);
    155. 

  155.     }
    156. 

  156. 

  157.     /**
    158. 

  158.      * @param string $messages
    159. 

  159.      */
    160. 

  160.     private static function prompt(...$messages): void
    161. 

  161.     {
    162. 

  162.         \array_walk($messages, static function (string $message): void { \printf('%s%s', $message, \PHP_EOL); });
    163. 

  163.     }
    164. 

  164. 

  165.     /**
    166. 

  166.      * @return ?array<string,string|true>
    167. 

  167.      */
    168. 

  168.     private function parseOpts(): ?array
    169. 

  169.     {
    170. 

  170.         $opts = [
    171. 

  171.             [ 'key', 'k', true ],
    172. 

  172.             [ 'mchid', 'm', true ],
    173. 

  173.             [ 'privatekey', 'f', true ],
    174. 

  174.             [ 'serialno', 's', true ],
    175. 

  175.             [ 'output', 'o', false ],
    176. 

  176.             // baseuri can be one of 'https://api2.mch.weixin.qq.com/', 'https://apihk.mch.weixin.qq.com/'
    177. 

  177.             [ 'baseuri', 'u', false ],
    178. 

  178.         ];
    179. 

  179. 

  180.         $shortopts = 'hV';
    181. 

  181.         $longopts = [ 'help', 'version' ];
    182. 

  182.         foreach ($opts as $opt) {
    183. 

  183.             [$key, $alias] = $opt;
    184. 

  184.             $shortopts .= $alias . ':';
    185. 

  185.             $longopts[] = $key . ':';
    186. 

  186.         }
    187. 

  187.         $parsed = \getopt($shortopts, $longopts);
    188. 

  188. 

  189.         if (!$parsed) {
    190. 

  190.             return null;
    191. 

  191.         }
    192. 

  192. 

  193.         $args = [];
    194. 

  194.         foreach ($opts as $opt) {
    195. 

  195.             [$key, $alias, $mandatory] = $opt;
    196. 

  196.             if (isset($parsed[$key]) || isset($parsed[$alias])) {
    197. 

  197.                 $possiable = $parsed[$key] ?? $parsed[$alias] ?? '';
    198. 

  198.                 $args[$key] = (string) (\is_array($possiable) ? $possiable[0] : $possiable);
    199. 

  199.             } elseif ($mandatory) {
    200. 

  200.                 return null;
    201. 

  201.             }
    202. 

  202.         }
    203. 

  203. 

  204.         if (isset($parsed['h']) || isset($parsed['help'])) {
    205. 

  205.             $args['help'] = true;
    206. 

  206.         }
    207. 

  207.         if (isset($parsed['V']) || isset($parsed['version'])) {
    208. 

  208.             $args['version'] = true;
    209. 

  209.         }
    210. 

  210.         return $args;
    211. 

  211.     }
    212. 

  212. 

  213.     private function printHelp(): void
    214. 

  214.     {
    215. 

  215.         static::prompt(
    216. 

  216.             'Usage: 微信支付平台证书下载工具 [-hV]',
    217. 

  217.             '                    -f=<privateKeyFilePath> -k=<apiv3Key> -m=<merchantId>',
    218. 

  218.             '                    -s=<serialNo> -o=[outputFilePath] -u=[baseUri]',
    219. 

  219.             'Options:',
    220. 

  220.             '  -m, --mchid=<merchantId>   商户号',
    221. 

  221.             '  -s, --serialno=<serialNo>  商户证书的序列号',
    222. 

  222.             '  -f, --privatekey=<privateKeyFilePath>',
    223. 

  223.             '                             商户的私钥文件',
    224. 

  224.             '  -k, --key=<apiv3Key>       APIv3密钥',
    225. 

  225.             '  -o, --output=[outputFilePath]',
    226. 

  226.             '                             下载成功后保存证书的路径,可选,默认为临时文件目录夹',
    227. 

  227.             '  -u, --baseuri=[baseUri]    接入点,可选,默认为 ' . self::DEFAULT_BASE_URI,
    228. 

  228.             '  -V, --version              Print version information and exit.',
    229. 

  229.             '  -h, --help                 Show this help message and exit.', ''
    230. 

  230.         );
    231. 

  231.     }
    232. 

  232. }
    233. 

  233. 

  234. // main
    235. 

  235. (new CertificateDownloader())->run();
    236.