开发文档地址:
https://openbank.abchina.com/Portal/serIntroduced/fastEtransfer.html
授权登录农行暂时是没有php版本,而且文档中API参数没有说明,示例传参有一些错误,下面我就来说说我遇到的坑
1.一般授权登录需要获取用户信息,首先要进行一下两步(具体获取看开发文档):
1.获取Authorization Code
2.通过Authorization Code获取Access Token
2.通过AccessToken获取用户的个人信息 :
访问资源服务器的接口使用方法,在访问特定的接口时需要在Header头部加入Authorization,值为”Bearer accessToken” 。
“encrypt_data”: “ENCRYPTDATA”,encrypt_data这个参数不是要你传 "encrypt_data"这个值,是传biz_data使用AES加密后的字符串
AES具体加密请查看我上一篇文章
代码详细说明请求接口参数传递加密及返回参数解密
public function getUserInfo(){
$appSecret='';//查看自己的配置
$key=substr($this->config['appSecret'],0,24);
$iv = substr($this->config['appSecret'],24);
$encrypt_data=$this->encrypt($data ['biz_data'], $key,$iv);
$data ['sign_type'] = 'SHA256';
$data ['timestamp'] = date("Y-m-d H:i:s",time());
$data ['encrypt_data'] = $encrypt_data;
$data ['encrypt_type'] = 'AES';
$data ['nonce'] = $this->getRandom(32);//生成32位随机谁
$data ['sign'] = $this->_makeSign($data);//使用私钥进行签名
$api_url = ‘https://openbank.abchina.com/GateWay/openabc/api/ket/userinfo/v1‘;
$result2 = $this->http_post2($api_url, $data, $header);
$result2 = @json_decode($result2,true);
if($result2['code'] == '0000' && $result2['biz_encrypt']){
//对biz_encrypt解密
$biz_encrypt = $result2['biz_encrypt'];
$biz_encrypt_result =$this->decrypt($biz_encrypt,$key,$iv);
$biz_encrypt = json_decode($biz_encrypt_result,true);
if($biz_encrypt['RetCode'] == '0000'){
$this->abcLogin($biz_encrypt);
}
private function getRandom($param){
$str="0123456789abcdefghijklmnopqrstuvwxyz";
$key = "";
for($i=0;$i<$param;$i++)
{
$key .= $str{mt_rand(0,32)}; //生成php随机数
}
return $key;
}
//对数据进行签名
private function _makeSign(array $data)
{
$signData = '';
ksort($data);
foreach ($data as $k => $v){
if (!$v || $v==' ')
continue;
$signData .= $v.'@';
}
$signData = trim($signData, '@');
$pkcs12=file_get_contents(‘test.pfx’);
$keyPass = '******';//pfx证书密码;
$certs=array();
openssl_pkcs12_read($pkcs12,$certs,$keyPass)
$privateKey = $certs['pkey'];
//加密
openssl_sign($signData, $signature, $pkey, OPENSSL_ALGO_SHA256);
openssl_free_key($pkey);
$signature = base64_encode($signature);
return $signature;
}
protected function http_post2($url, $data,$header = array()) {
if(!is_array($data))
return array();
$data = @json_encode($data);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
if($header){
curl_setopt($ch, CURLOPT_HTTPHEADER,$header);
}
curl_setopt($ch, CURLOPT_HEADER,0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_TIMEOUT, 60);//超时时间
$res = curl_exec($ch);
curl_close($ch);
return $res;
}
//解密
function decrypt($code,$key,$iv) {
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
mcrypt_generic_init($td, $key, $iv);
$str = mdecrypt_generic($td, base64_decode($code));
mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return $this->strippadding($str);
}
