appcenter:verification:callback:server
这是本文档旧的修订版!
验证服务端
验证系统会对验证结果加密后,通知到开发者设置的回调地址。HTTP方法为POST,Content-Type为application/zblogverify。
Body的加密方式为:RSA(base64(AES_KEY) + '.' + base64(AES_IV) + '.' + HS256(realData) + '.' + timestamp) + '.' + AES(realData)
RSA公钥和HMAC-SHA256密钥见示例代码。
明文数据格式
{ "id": "65fbe736-aa01-4d60-946a-64da5e1bccd7", /* 本次校验的唯一ID,每一次校验返回值都不同 */ "from": "initiative", /* 校验来源 */ "error": { "number": 0, /* 错误编号 */ "message": "OK", /* 错误信息 */ "verified": true, /* 是否验证成功 */ "cracking": false, /* 疑似破解 */ "user": { "message": "面向用户的错误信息" } }, "appId": "应用ID", "host": "网站", "user": { "id": "应用中心ID", "username": "用户账号" }, "license": { "appId": "授权文件保存的应用ID", "userId": "授权文件保存的用户ID", "timestamp": "授权文件生成时间戳" } }
示例代码
PHP
以下代码仅能运行于PHP 5.3+。请注意,以下代码不对重放攻击做出保证,在入库前请先确认ID是否唯一。
<?php function getVerifyData($data) { $publicKey = openssl_pkey_get_public('-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoH4uiMZYWy1sOXuq4YAA MtyrAtUcWHOXalSAmtDs1FA2H8fTBbEF+gnvg83Byp/mIvHMIaXc7RPIniwoMgDo Xo3H0GquBEOH4YoufIqfRFGFwnBw7V1KNv9Iw4XpmBYEboD5HT4PLuoUvSP78iWK 7kMMsYsYOVi7EPn8DbPZbvxnrDXkJmkj3l8YhGWtAjbFU7XgyEKEKBTes9fcxWSW GCdd1jV9oXcV9EQRkRr50wMvydgIWAAWvcVZ5zzK4sZelZDaGz7yEXG/Q1F1Xp3e GcC057CQoaEzuTQILUCypiNeQpKdzGXxwyp+Q6DAYITjyFBjQ5WbQiSaZtCPV5D9 lwIDAQAB -----END PUBLIC KEY-----'); $rsaDecrypted = ''; $explodeData = explode('.', $data); $rsaEncrypted = $explodeData[0]; $aesEncrypted = $explodeData[1]; openssl_public_decrypt(base64_decode($rsaEncrypted), $rsaDecrypted, $publicKey); $aesInfo = explode('.', $rsaDecrypted); $aesKey = base64_decode($aesInfo[0]); $aesIv = base64_decode($aesInfo[1]); $hash = $aesInfo[2]; $data = openssl_decrypt(base64_decode($aesEncrypted), 'aes-256-cbc', $aesKey, OPENSSL_RAW_DATA, $aesIv); if (hash_hmac('sha256', $data, 'zblogverification') === $hash) { return json_decode($data, false); } else { throw new Exception('Hash error!'); } } $object = getVerifyData(file_get_contents('php://input')); if ($object->error->verified) { echo '验证通过'; } var_dump($object);
测试数据
VmoHZWV+gC2F9P1jL201K/29HN8oQTjlrw9D47cm5A25UPI0WHkZ2mRQj+gHkx/6gYX1irxAyGdoV8MeT3nXKDzytQMIwseXCWh9qRrWJKxJH1RTri8CxNrOs0J6m94DPdfvdu0++Fw9n7CGC84RLpJ3NFRs+0+bjT8+zMJlxa8kigXtJq4wDWCP1aKtlfKrk6Mj3U3jovmTo3E3rBK0nPdsx1W9lXffuOs7eBxTT0nIK6YUW/lGvKk1aleT1jmakpvL8O2/51/Hl1gy5lu1H0YVYTfXq8AOWigE9TFOWBaSHjPv1/FDRLlK8wYZDUXQ9cNy1mNAB1NB+1TdlxPrMg==.gCiFZBu3itYPokvZA57y4uZk+8Nzx/5UAUuYndVrlg4ZorT3jKYufpr0dt29DYasuyIRZBsl6yd9veYK+ev1wJdgOa7MgQqEYDoj52oohsJVjkkyJtAxZ0DajnzN4S6DZzQYsyHE7qSNL1p8fpf4/rMNAvaRDhQAt3+mzBDDq4XuvikphSkgtLKEfNgR/fSMbVgRKmau/F4mB94gJtJMjlO0ArBlk8XjcQmNv0s01PLP5suwXYdSiv4YYhuC5mw0GouKenzN4vaScwYCNPoJcXpxJKIgZkxwLII7n49HOgEeI+RczBCj+33amMjsSyD0DHjsUTZbsD0AGHt64NDcXW950PCeb3x+aT73SqpEM+F4BGA+lYVZ8J/jLe1pBO+1uRsojhqYbeQ0/Zy14ROjIHxc0yihOjHzXj8bR2Xzu6zEfBrLDWJqBA1fGgBIb/BtJ8uDtsj5YIJzSJnsAmcw5pNd4vy/Gp8n0XxV6zIWSOqexaYsuxfJJnFlV6pWSdp0
appcenter/verification/callback/server.1522948879.txt · 最后更改: 2018/04/06 01:21 由 zsx
除额外注明的地方外,本维基上的内容按下列许可协议发布: CC Attribution-Noncommercial-Share Alike 4.0 International
