|
$certificate = self::getCertificate(Storage::path('public/' . $fileinfo['filename'] . '/apiclient_cert.pem')); |
|
|
|
// 微信支付平台证书 |
|
$wechatPayCertificate = self::getWechatPayCertificatePath($apiV3key, $certificate, Storage::path('public/' . $fileinfo['filename'] . '/apiclient_key.pem'), Storage::path('public/' . $fileinfo['filename'])); |
|
$wechatPayCertificateInfo = self::getCertificate(Storage::path('public/' . $fileinfo['filename'] . '/' . $wechatPayCertificate['serialNumber'] . '/wechatpay_cert.pem')); |
|
|
|
Storage::deleteDirectory('public/cert'); |
|
Storage::makeDirectory('public/cert'); |
|
Storage::makeDirectory('public/cert/' . $wechatPayCertificateInfo['serialNumber']); |
|
Storage::copy('public/' . $fileinfo['filename'] . '/apiclient_cert.pem', 'public/cert/apiclient_cert.pem'); |
|
Storage::copy('public/' . $fileinfo['filename'] . '/apiclient_key.pem', 'public/cert/apiclient_key.pem'); |
|
Storage::copy('public/' . $fileinfo['filename'] . '/' . $wechatPayCertificateInfo['serialNumber'] . '/wechatpay_cert.pem', 'public/cert/' . $wechatPayCertificateInfo['serialNumber'] . '/wechatpay_cert.pem'); |
|
Storage::deleteDirectory('public/' . $fileinfo['filename']); |
web的根目录是在public,如果没做安全防范,恶意请求可以通过web方式直接下载到商户私钥文件cert/apiclient_key.pem,存在安全隐患。
项目用到了Redis,建议抛弃文件存储,商户私钥、商户证书、平台证书均可以以base64-string形式存储在库中,\WeChatPay\Rsa::from 支持无感加载,详情可参考:
从证书中提取公钥 详见 PHP openssl_x509_parse 返回值。
加载时仅需增加协议即形如 Rsa::from('public.spki://' . $i_am_a_base64_string_without_envelope, Rsa::KEY_TYPE_PUBLIC)。
当然Rsa::from也支持原样以文件内容为字符串形式加载私钥及证书,详细用法可参考上述 RsaTest测试用例覆盖方法。
