Z-Blog Wiki

本页面只读。您可以查看源文件，但不能更改它。如果您觉得这是系统错误，请联系管理员。
====== 验证服务端 ======

验证系统会对验证结果加密后，通知到开发者设置的回调地址。HTTP方法为POST，Content-Type为application/zblogverify。

Body的加密方式为：RSA(base64(AES_KEY) + '.' + base64(AES_IV) + '.' + HS256(realData) + '.' + timestamp) + '.' + AES(realData)

RSA公钥和HMAC-SHA256密钥见示例代码。

===== 明文数据格式 =====
<code javascript>
{
	"id": "65fbe736-aa01-4d60-946a-64da5e1bccd7", /* 本次校验的唯一ID，每一次校验返回值都不同 */
	"from": "initiative", /* 校验来源 */
	"error": {
		"number": 0, /* 错误编号 */
		"message": "OK", /* 错误信息 */
		"verified": true, /* 是否验证成功 */
		"cracking": false, /* 疑似破解 */
		"user": {
			"message": "面向用户的错误信息" 
		}
	},
	"appId": "应用ID",
	"host": "网站", 
	"user": {
		"id": "应用中心ID",
		"username": "用户账号" 
	},
        "modified": "应用最后修改日期",
	"license": {
		"appId": "授权文件保存的应用ID", 
		"userId": "授权文件保存的用户ID", 
		"timestamp": "授权文件生成时间戳" 
	}
}</code>

===== 示例代码 =====

==== PHP ====

以下代码仅能运行于PHP 5.3+。请注意，以下代码不对重放攻击做出保证，在入库前请先确认ID是否唯一。

<code php>
<?php
function getVerifyData($data) {
	$publicKey = openssl_pkey_get_public('-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoH4uiMZYWy1sOXuq4YAA
MtyrAtUcWHOXalSAmtDs1FA2H8fTBbEF+gnvg83Byp/mIvHMIaXc7RPIniwoMgDo
Xo3H0GquBEOH4YoufIqfRFGFwnBw7V1KNv9Iw4XpmBYEboD5HT4PLuoUvSP78iWK
7kMMsYsYOVi7EPn8DbPZbvxnrDXkJmkj3l8YhGWtAjbFU7XgyEKEKBTes9fcxWSW
GCdd1jV9oXcV9EQRkRr50wMvydgIWAAWvcVZ5zzK4sZelZDaGz7yEXG/Q1F1Xp3e
GcC057CQoaEzuTQILUCypiNeQpKdzGXxwyp+Q6DAYITjyFBjQ5WbQiSaZtCPV5D9
lwIDAQAB
-----END PUBLIC KEY-----');
	$rsaDecrypted = '';
	$explodeData = explode('.', $data);
	$rsaEncrypted = $explodeData[0];
	$aesEncrypted = $explodeData[1];
	openssl_public_decrypt(base64_decode($rsaEncrypted), $rsaDecrypted, $publicKey);
	$aesInfo = explode('.', $rsaDecrypted);
	$aesKey = base64_decode($aesInfo[0]);
	$aesIv = base64_decode($aesInfo[1]);
	$hash = $aesInfo[2];
	$data = openssl_decrypt(base64_decode($aesEncrypted), 'aes-256-cbc', $aesKey, OPENSSL_RAW_DATA, $aesIv);
	if (hash_hmac('sha256', $data, 'zblogverification') === $hash) {
		return json_decode($data, false);
	} else {
		throw new Exception('Hash error!');
	}
}

$object = getVerifyData(file_get_contents('php://input'));

if ($object->error->verified) {
	echo '验证通过';
}

var_dump($object);
</code>

===== 测试数据 =====
<code>
I2laGrrpKLU3U5mgc3Lm2GIcqmSRftNpeEbwX/Gru52RjIYhODQQKB4LHEEhXO3rsSaGb0yQ6vOXkxbDt9ngcWy9AxZjODLQNzXQnrtYqIJdzcjxe7c2vOHjJpatH8FxJjO3qezb4iLMaLNiOqIyQJ/zUTC20EbH830IftjTNBx6OXdBe8fk0yeUnxbJ5QJxphj6N5FJF9V6k0eh168pHw4aG+jv45/J/j8OUG9TjVoKV51rKl5saEGdejtFYzWMA6s/Pej15AELGdEWc9HvAhFPh/OTzBBFvjzgbJGP+l+W1WMa7yiaswkDm/sXpJjZ5xSNy+4zsZ39rZBBoDQduw==.9LSx78/iYd+z6q7NqvmzsGt+fryyQmYW5vfdbtqNSnhwjk+iQutQRgwCcZq1agHgwfGxUizth3VIYrkh5f5WSd1EJbFP7raFog0tZM6kW9knIZoXAMALvY0a0qTriL/g97ESpz+ao4kVJ7rm9yCDM0Q/VytrecOa+8guIE9g9/i/3eZhW0Qe15bFi5K5YT91o/S5oXnGpl1musAf4prvQL+7OKJiVS5pdh6zXaK9aI3WS9GNj4i2w80Al9IvBaU6mtMNfX/4WbC6QEKnQ9Zhrzz5lSG1j1uXDaflfYfPN8rDbzy3OLMj7za9ivsn9hryGqj0Rc2ek3ECyjk2IT/DxY+17QfW+89erxVe5eosIO7w2uFBG50b6GSxnfL9ocGjNdCa9lYyOvZOrgZbTayCAjTTuDIBhhNuu1XpMixals3LZ3e7WE27PiRGvUMIGxH6sK0IbnzXg5/RiCMY8BhOwzooQcYQY7Oll++LJcgK1FvQw9e0TXg+LSspwwILlcCGjN3gnzWRgt3e3Jreb+vKx9FqXXQD5pIEHrrcLVaG7cOaNrHJnP/cRyyqNlWIVaco2JcTUnXvqfQQM7m3d1aXEg==</code>
Z-Blog Wiki

用户工具

站点工具

页面工具
