PHP7.0下钉钉回调接口注册

php, 程序源码 标签 ,

在测试的时候遇到很多问题,注意回调地址“http://test.com/dingding”是错误的,需要改成 “http://test.com/dingding/”;提示“返回文本非success”一般是加密的方式不对。回调接口返回给钉钉的json数据,需要对success按相关算法生成encrypt。完了还得生成消息体签名 msg_signature ;在返回success加密中的“ msg_len为4字节的msg长度,网络字节序; ”还是没搞明白,但是本文使用php版的sdk可以不用考虑具体的过程调用就行。

可以下载官方的demo修改:

php库和demo: 库地址:https://github.com/injekt/openapi-demo-php/tree/master/isv/crypto
demo地址:https://github.com/injekt/openapi-demo-php/blob/master/isv/receive.php

官方的demo会在php7中报错,主要是构造类,改为__construct就可以了

function __construct($k){

	$this->key = base64_decode($k . "=");        //为变量赋值

	}
	
/*	function Prpcrypt($k)
	{
		$this->key = base64_decode($k . "=");
	}*/

下面直接上源码。

一、文件 regist.php(第一次访问本文件以注册) index.php用于回调的地址,注册回调地址时阿里会访问该地址,并回传阿里一个经过加密的success信息 DingtalkCrypt.php、errorCode.php、pkcs7Encoder.php、sha1.php

<?php
//regist.php

include "TopSdk.php";// 需要下载钉钉的sdk包
//////////////////开始之前需要参考钉钉开发接口先获取到accesstoken

$c = new DingTalkClient(DingTalkConstant::$CALL_TYPE_OAPI, DingTalkConstant::$METHOD_POST , DingTalkConstant::$FORMAT_JSON);
$req = new OapiCallBackRegisterCallBackRequest;
$req->setUrl("https://www.testweb.cn/dingding/");//接收事件回调的url,必须是公网可以访问的url地址

$aes_key="123456789012345678901234567890aq";
$aes_key_encode=base64_encode($aes_key);
$aes_key_encode=substr($aes_key_encode,0,-1);//去掉= 号
$req->setAesKey($aes_key_encode);//	数据加密密钥。用于回调数据的加密,长度固定为43个字符,从a-z, A-Z, 0-9共62个字符中选取,您可以随机生成,ISV(服务提供商)推荐使用注册套件时填写的EncodingAESKey
$req->setToken("123456");

$list=array(
	0=>'user_add_org',
	1=>'user_modify_org',
	2=>'user_leave_org'
	);
$req->setCallBackTag(json_encode($list));//call_back_tag  Array[String]  需要监听的事件类型
$resp=$c->execute($req,$accessToken, "https://oapi.dingtalk.com/call_back/register_call_back");

//$resp->errcode==0?'':die('注册接口失败'.json_encode($resp));
var_dump($resp);
<?php
//index.php  用于处理回调

$corpId='dingf3b97f65az9685fd35c2f4357ebt378f';//必填,企业ID

$aes_key="123456789012345678901234567890aq";
$aes_key_encode=base64_encode($aes_key);
$aes_key_encode=substr($aes_key_encode,0,-1);//去掉= 号
$signature=$_GET['signature'];
$timeget=$_GET['timestamp'];
$nonce=$_GET['nonce'];
$str= 'success';

$token="123456";
/*
msg_encrypt = Base64_Encode( AES_Encrypt[random(16B) + msg_len(4B) + msg + $key] )。

AES加密的buf由16个字节的随机字符串、4个字节的msg长度、明文msg和$key组成。其中msg_len为msg的字节数,网络字节序。

对于ISV开发来说,$key填写对应的suiteKey。

对于定制服务商开发来说,$key填写对应的customKey。

对于企业内部开发来说,$key填写企业的Corpid。
*/
include "TopSdk.php";
include('DingtalkCrypt.php');
$suiteKey=$corpId;
$msg=$str;
$timeStamp=$timeget;
$encryptMsg = "";
$crypt = new DingtalkCrypt($token, $aes_key_encode, $suiteKey); //token是注册接口时的随机字符串 regist.php与index.php 这里都使用'123456',两个文件的token要一样
$res = $crypt->EncryptMsg($msg, $timeStamp, $nonce, $encryptMsg);
//var_dump($res);//返回的字符串已经base64encode过了

echo $res;
<?php
//DingtalkCrypt.php
include_once "sha1.php";
include_once "pkcs7Encoder.php";
include_once "errorCode.php";
class DingtalkCrypt
{
	private $m_token;
	private $m_encodingAesKey;
	private $m_suiteKey;
	
/*	public function DingtalkCrypt($token, $encodingAesKey, $suiteKey)
	{
		$this->m_token = $token;
		$this->m_encodingAesKey = $encodingAesKey;
		$this->m_suiteKey = $suiteKey;
	}*/
		function __construct($token, $encodingAesKey, $suiteKey){

	$this->m_token = $token;
		$this->m_encodingAesKey = $encodingAesKey;
		$this->m_suiteKey = $suiteKey;

	}
	
    
	public function EncryptMsg($plain, $timeStamp, $nonce, &$encryptMsg)
	{
		$pc = new Prpcrypt($this->m_encodingAesKey);
		$array = $pc->encrypt($plain, $this->m_suiteKey);
		$ret = $array[0];
		if ($ret != 0) {
			return $ret;
		}
		if ($timeStamp == null) {
			$timeStamp = time();
		}
		$encrypt = $array[1];
		$sha1 = new SHA1;
		$array = $sha1->getSHA1($this->m_token, $timeStamp, $nonce, $encrypt);
		$ret = $array[0];
		if ($ret != 0) {
			return $ret;
		}
		$signature = $array[1];
		$encryptMsg = json_encode(array(
			"msg_signature" => $signature,
			"encrypt" => $encrypt,
			"timeStamp" => $timeStamp,
			"nonce" => $nonce
		));
	//	return ErrorCode::$OK;
		return $encryptMsg;
	}
	public function DecryptMsg($signature, $timeStamp = null, $nonce, $encrypt, &$decryptMsg)
	{
		if (strlen($this->m_encodingAesKey) != 43) {
			return ErrorCode::$IllegalAesKey;
		}
		$pc = new Prpcrypt($this->m_encodingAesKey);
		if ($timeStamp == null) {
			$timeStamp = time();
		}
		$sha1 = new SHA1;
		$array = $sha1->getSHA1($this->m_token, $timeStamp, $nonce, $encrypt);
		$ret = $array[0];
		if ($ret != 0) {
			return $ret;
		}
		$verifySignature = $array[1];
		if ($verifySignature != $signature) {
			return ErrorCode::$ValidateSignatureError;
		}
		$result = $pc->decrypt($encrypt, $this->m_suiteKey);
		if ($result[0] != 0) {
			return $result[0];
		}
		$decryptMsg = $result[1];
		return ErrorCode::$OK;
	}
}

<?php
//errorCode.php
/**
 * error code 说明.
 * <ul>
 *    <li>-900004: encodingAesKey 非法</li>
 *    <li>-900005: 签名验证错误</li>
 *    <li>-900006: sha加密生成签名失败</li>
 *    <li>-900007: aes 加密失败</li>
 *    <li>-900008: aes 解密失败</li>
 *    <li>-900010: suiteKey 校验错误</li>
 * </ul>
 */
class ErrorCode
{
	public static $OK = 0;
	
	public static $IllegalAesKey = 900004;
	public static $ValidateSignatureError = 900005;
	public static $ComputeSignatureError = 900006;
	public static $EncryptAESError = 900007;
	public static $DecryptAESError = 900008;
	public static $ValidateSuiteKeyError = 900010;
}
?>
<?php
//pkcs7Encoder.php
include_once "errorCode.php";
class PKCS7Encoder
{
	public static $block_size = 32;
	function encode($text)
	{
		$block_size = PKCS7Encoder::$block_size;
		$text_length = strlen($text);
		$amount_to_pad = PKCS7Encoder::$block_size - ($text_length % PKCS7Encoder::$block_size);
		if ($amount_to_pad == 0) {
			$amount_to_pad = PKCS7Encoder::block_size;
		}
		$pad_chr = chr($amount_to_pad);
		$tmp = "";
		for ($index = 0; $index < $amount_to_pad; $index++) {
			$tmp .= $pad_chr;
		}
		return $text . $tmp;
	}
	function decode($text)
	{
		$pad = ord(substr($text, -1));
		if ($pad < 1 || $pad > PKCS7Encoder::$block_size) {
			$pad = 0;
		}
		return substr($text, 0, (strlen($text) - $pad));
	}
}
class Prpcrypt
{
	public $key;
	
	
	function __construct($k){

	$this->key = base64_decode($k . "=");        //为变量赋值

	}
	
/*	function Prpcrypt($k)
	{
		$this->key = base64_decode($k . "=");
	}*/
	public function encrypt($text, $corpid)
	{
		try {
			//获得16位随机字符串,填充到明文之前
			$random = $this->getRandomStr();
			$text = $random . pack("N", strlen($text)) . $text . $corpid;
			// 网络字节序
			$size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
			$module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
			$iv = substr($this->key, 0, 16);
			//使用自定义的填充方式对明文进行补位填充
			$pkc_encoder = new PKCS7Encoder;
			$text = $pkc_encoder->encode($text);
			mcrypt_generic_init($module, $this->key, $iv);
			//加密
			$encrypted = mcrypt_generic($module, $text);
			mcrypt_generic_deinit($module);
			mcrypt_module_close($module);
			//print(base64_encode($encrypted));
			//使用BASE64对加密后的字符串进行编码
			return array(ErrorCode::$OK, base64_encode($encrypted));
		} catch (Exception $e) {
			print $e;
			return array(ErrorCode::$EncryptAESError, null);
		}
	}
	public function decrypt($encrypted, $corpid)
	{
		try {
			$ciphertext_dec = base64_decode($encrypted);
			$module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
			$iv = substr($this->key, 0, 16);
			mcrypt_generic_init($module, $this->key, $iv);
			$decrypted = mdecrypt_generic($module, $ciphertext_dec);
			mcrypt_generic_deinit($module);
			mcrypt_module_close($module);
		} catch (Exception $e) {
			return array(ErrorCode::$DecryptAESError, null);
		}
		try {
			//去除补位字符
			$pkc_encoder = new PKCS7Encoder;
			$result = $pkc_encoder->decode($decrypted);
			//去除16位随机字符串,网络字节序和AppId
			if (strlen($result) < 16)
				return "";
			$content = substr($result, 16, strlen($result));
			$len_list = unpack("N", substr($content, 0, 4));
			$xml_len = $len_list[1];
			$xml_content = substr($content, 4, $xml_len);
			$from_corpid = substr($content, $xml_len + 4);
		} catch (Exception $e) {
			print $e;
			return array(ErrorCode::$DecryptAESError, null);
		}
		if ($from_corpid != $corpid)
			return array(ErrorCode::$ValidateSuiteKeyError, null);
		return array(0, $xml_content);
	}
	function getRandomStr()
	{
		$str = "";
		$str_pol = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz";
		$max = strlen($str_pol) - 1;
		for ($i = 0; $i < 16; $i++) {
			$str .= $str_pol[mt_rand(0, $max)];
		}
		return $str;
	}
}
?>
<?php
//sha1.php
include_once "errorCode.php";
class SHA1
{
	public function getSHA1($token, $timestamp, $nonce, $encrypt_msg)
	{
		try {
			$array = array($encrypt_msg, $token, $timestamp, $nonce);
			sort($array, SORT_STRING);
			$str = implode($array);
			return array(ErrorCode::$OK, sha1($str));
		} catch (Exception $e) {
			print $e . "\n";
			return array(ErrorCode::$ComputeSignatureError, null);
		}
	}
}
?>

如果一直返回非success,请确保页面没有其他输出,file_put_contents之类的函数也不要使用!切记,我就是使用了file_put_contents结果钉钉解密成功,加密的也能解密,返回的也是json字符串,但就是报错,直接注释该语句就行。可能是file_put_contents操作的文件被其他进程占用导致的。

如果上面还是解决不了,请把php的调试模式打开,显示所有的notice、warning、error信息,或者到网站错误日志里面去查找原因,把错误信息解决掉。

基于互联网精神,在注明出处的前提下本站文章可自由转载!

本文链接:https://ranjuan.cn/php7-0下钉钉回调接口注册/

赞赏

微信赞赏支付宝赞赏

2条评论

疯花血月 发布于下午3:55 - 2020年10月7日

按照你的代码,注册好回调接口,只是在解密
$res = $crypt->DecryptMsg($signature, $timestamp, $nonce, $encrypt, $encryptMsg);
时候出现900005的错误,签名验证错误。请问这要怎样解决,试了好几天都没解决。请求帮助一下。

回复
php7.1版本下钉钉回调接口(解决undefined function) – 染卷 发布于下午11:11 - 2019年10月29日

[…] php下使用钉钉回调的方法参考我之前的文章: https://ranjuan.cn/php7-0%E4%B8%8B%E9%92%89%E9%92%89%E5%9B%9E%E8%B0%83%E6%8E%A5%E5%8F%A3%E6%B3%A8%E5&#8230; […]

回复

发表评论