抖音的回调签名和支付签名是不一样的
不废话,直接上代码
protected static $appId = "";
protected static $secret = "";
protected static $salt = "";
protected static $token = "";
public function getNotifySign(array $body, string $secret)
{
$filtered = [];
foreach ($body as $key => $value) {
if (in_array($key, ['msg_signature', 'type'])) {
continue;
}
$filtered[] =is_string($value)? trim($value): $value;
}
$filtered[] = trim($secret);
sort($filtered, SORT_STRING);
$filtered = trim(implode('', $filtered));
return sha1($filtered);
}
/**
* @param $outOrderNo
* @param $totalAmount
* @param $subject
* @param $body
* @param $validTimestamp
* @param $notifyUrl
* @return array|string
*/
private static function CreateOrder($outOrderNo, $totalAmount, $subject, $body, $validTimestamp, $notifyUrl)
{
$params = [
'app_id' => self::$appId,
'out_order_no' => $outOrderNo,
'total_amount' => $totalAmount,
'subject' => $subject,
'body' => $body,
'valid_time' => $validTimestamp,
'notify_url' => $notifyUrl,
//'cp_extra' => $cpExtra,
//'thirdparty_id' => $thirdPartyId,
//'disable_msg' => $disableMsg,
//'msg_page' => $msgPage,
//'store_uid' => $storeUid
];
$params = array_filter($params);
$params['sign'] = self::signature($params, self::$salt);
//var_dump($params);die;
return self::post(
'https://developer.toutiao.com/api/apps/ecpay/v1/create_order',
$params
);
}
/**
* @param array $body
* @param string $secret
* @return string
*/
protected static function signature(array $body, string $secret): string
{
$filtered = [];
foreach ($body as $key => $value) {
if (in_array($key, ['sign', 'app_id', 'thirdparty_id'])) {
continue;
}
$filtered[] =
is_string($value)
? trim($value)
: $value;
}
$filtered[] = trim($secret);
sort($filtered, SORT_STRING);
return md5(trim(implode('&', $filtered)));
}
/**
* post request
* @param string $uri
* @param array $params
* @param array $headers
* @return string
*/
private static function post(string $uri, array $params = [], array $headers = []): array
{
$headers[] = 'Content-type: application/json';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $uri);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($params));
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$output = curl_exec($ch);
curl_close($ch);
return json_decode($output, true);
}
1.如果出现回调签名验证失败,请先检测各方面配置参数是否有问题
2.如果没问题那尽可能是接收的json数据被转义了,导致签名不一致
可以使用htmlspecialchars_decode进行处理然后拍在签名
