====== 验证服务端 ======

验证系统会对验证结果加密后，通知到开发者设置的回调地址。HTTP方法为POST，Content-Type为application/zblogverify。

Body的加密方式为：RSA(base64(AES_KEY) + '.' + base64(AES_IV) + '.' + HS256(realData) + '.' + timestamp) + '.' + AES(realData)

RSA公钥和HMAC-SHA256密钥见示例代码。

===== 明文数据格式 =====
<code javascript>
{
	"id": "65fbe736-aa01-4d60-946a-64da5e1bccd7", /* 本次校验的唯一ID，每一次校验返回值都不同 */
	"from": "initiative", /* 校验来源 */
	"error": {
		"number": 0, /* 错误编号 */
		"message": "OK", /* 错误信息 */
		"verified": true, /* 是否验证成功 */
		"cracking": false, /* 疑似破解 */
		"user": {
			"message": "面向用户的错误信息" 
		}
	},
	"appId": "应用ID",
	"host": "网站", 
	"user": {
		"id": "应用中心ID",
		"username": "用户账号" 
	},
        "modified": "应用最后修改日期（时间戳）",
	"license": {
		"appId": "授权文件保存的应用ID", 
		"userId": "授权文件保存的用户ID", 
		"timestamp": "授权文件生成时间戳" 
	}
}</code>

===== 示例代码 =====

==== PHP ====

以下代码仅能运行于PHP 5.3+。请注意，以下代码不对重放攻击做出保证，在入库前请先确认ID是否唯一。

<code php>
<?php
function getVerifyData($data) {
	$publicKey = openssl_pkey_get_public('-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoH4uiMZYWy1sOXuq4YAA
MtyrAtUcWHOXalSAmtDs1FA2H8fTBbEF+gnvg83Byp/mIvHMIaXc7RPIniwoMgDo
Xo3H0GquBEOH4YoufIqfRFGFwnBw7V1KNv9Iw4XpmBYEboD5HT4PLuoUvSP78iWK
7kMMsYsYOVi7EPn8DbPZbvxnrDXkJmkj3l8YhGWtAjbFU7XgyEKEKBTes9fcxWSW
GCdd1jV9oXcV9EQRkRr50wMvydgIWAAWvcVZ5zzK4sZelZDaGz7yEXG/Q1F1Xp3e
GcC057CQoaEzuTQILUCypiNeQpKdzGXxwyp+Q6DAYITjyFBjQ5WbQiSaZtCPV5D9
lwIDAQAB
-----END PUBLIC KEY-----');
	$rsaDecrypted = '';
	$explodeData = explode('.', $data);
	$rsaEncrypted = $explodeData[0];
	$aesEncrypted = $explodeData[1];
	openssl_public_decrypt(base64_decode($rsaEncrypted), $rsaDecrypted, $publicKey);
	$aesInfo = explode('.', $rsaDecrypted);
	$aesKey = base64_decode($aesInfo[0]);
	$aesIv = base64_decode($aesInfo[1]);
	$hash = $aesInfo[2];
	$data = openssl_decrypt(base64_decode($aesEncrypted), 'aes-256-cbc', $aesKey, OPENSSL_RAW_DATA, $aesIv);
	if (hash_hmac('sha256', $data, 'zblogverification') === $hash) {
		return json_decode($data, false);
	} else {
		throw new Exception('Hash error!');
	}
}

$object = getVerifyData(file_get_contents('php://input'));

if ($object->error->verified) {
	echo '验证通过';
}

var_dump($object);
</code>

===== 测试数据 =====
<code>
PpBHLt70jUUpA1TdP38tm68bVWxRKDA69GqR04PA6on3lcGAwz2s8Dj4qMvCuMosI67b1JNFVELfMmxt1RfKQsSS2vLtIVdblDbmZCBptNd5IYNx2qFZFQQ5Hju3bhwR9VDW8fcy63bEOpWVYxAEhQXT3ztaLZn63gJhpDemA06Emxv6VJgxfe9uLTX31FCDfg6yd+JQwAIVuh5HMFJoaLYVIZxSEoUrGXDGjt59Wryw2encyuf38qYxvYmf5w63xA+8eYYsERniT2qZGedKClWohHfXuN0B+lThS09oCf0NjbH+WDZcaAT8UlYERVpgLCL+3/VsJxArZuw93KfrlA==.5cDLuSbOnDZVNmEzHCLRtykNilD5VIQqGYai8vmaxljONFjCNDKQIFJ7n4LEZMzp8Bm9VXJx0Qen6cMpPOwVh/iOWJvs9RudeWplBrHk9g46Oy0kcYtnW1i5Egf19uhSk+ku2a0G/E9PSLc+AhwzsKL5NHHodE8tXAA1EzDrq1y49FPBfv6ZVLD4McWATVEYs4A7UBhnfdOiQmkvZxCldWQ78KKUZJcp/K+slhQQAuBW/bcaRpV2b2QbuHa5OCg+UX3rkDPpzDcg761Tn1jJviREkppIKTZHKtlYpYU6ZDDyXxxexqw+dVJQHL71vD9rPeB16dLIaDttbTG+vz6cF7ANM502rRUaazRIY+0Y0Ctwnq9PgHBnZ9AMrw54gulI72E3gwkaLrXXbeEnl7WxSN3D0U8V9NYjjTC7QCmSVfepO4Syl4IMBd5JT/mouIrjrM94qkOwXpAGM91K6Vs3iYZKYVdFSStJySN0sZs81eJe8k+syLY1HeMZQI5HcE+XhgAV07/pf3TDdIXrQNQnkcIDbGg8cWRwZ24aLb68TAm+2ZLL29W87doqe5xkBC3rL0jWt8jtlEx4rZAgzyltOg==</code>
===== 服务端插件 =====
你可以直接使用如上代码自行搭建服务端系统，也可以直接使用插件，并在应用中心后台填写回调地址即可:https://bbs.zblogcn.com/thread-94905-1-1.html