将exec openssl转换为php openssl命令

Question

尝试在我的本地Wamp2.4服务器上对Paypal使用动态加密。Openssl安装在Apache中，并在PHP中启用。使用exec Openssl失败。有没有人能提供一些建议，或者如果你觉得把下面的PHP代码转换成PHP Openssl请求的代码真的很慷慨(首选方法)？顺便说一句，我已经尝试了两个OPENSSL文件指针，都找到了，但都不起作用。

    function paypal_encrypt($hash)
    {
//Sample PayPal Button Encryption: Copyright 2006-2010 StellarWebSolutions.com
//Not for resale - license agreement at
//http://www.stellarwebsolutions.com/en/eula.php
$MY_KEY_FILE='paypal/encrypt/myprivate_key.pem';
$MY_CERT_FILE='paypal/encrypt/mypublic_cert.pem';
$PAYPAL_CERT_FILE='paypal/encrypt/paypal_cert.pem';
$OPENSSL='../../bin/apache/Apache2.4.4/bin/openssl.exe';
$OPENSSL='../../bin/apache/Apache2.4.4/conf/openssl.cnf';

if (!file_exists($MY_KEY_FILE)) {
    echo "ERROR: MY_KEY_FILE $MY_KEY_FILE not found\n";
}
if (!file_exists($MY_CERT_FILE)) {
    echo "ERROR: MY_CERT_FILE $MY_CERT_FILE not found\n";
}
if (!file_exists($PAYPAL_CERT_FILE)) {
    echo "ERROR: PAYPAL_CERT_FILE $PAYPAL_CERT_FILE not found\n";
}
if (!file_exists($OPENSSL)) {
    echo "ERROR: Openssl $OPENSSL not found\n";
}


//Assign Build Notation for PayPal Support
$hash['bn']= 'StellarWebSolutions.PHP_EWP2';

$data = "";
foreach ($hash as $key => $value) {
    if ($value != "") {
        //echo "Adding to blob: $key=$value\n";
        $data .= "$key=$value\n";
    }
}
echo $data;

$openssl_cmd = "($OPENSSL smime -sign -signer $MY_CERT_FILE -inkey $MY_KEY_FILE " .
                    "-outform der -nodetach -binary <<_EOF_\n$data\n_EOF_\n) | " .
                    "$OPENSSL smime -encrypt -des3 -binary -outform pem $PAYPAL_CERT_FILE";

exec($openssl_cmd, $output, $error);

if (!$error) {
    return implode("\n",$output);
} else {
    return $error."ERROR: encryption failed";
}

}

Answer 1

经过几个小时的尝试和搜索，我已经成功地做到了这一点。终于找到了这个very helpful article

下面是简化的代码

function paypal_ewp_encrypt_data( $hash, $certs ){
            $temp_files_dir_path = ''; // a directory php have write access where we will write temporary files and delete afterwards.

            $data = 'cert_id=' . $certs->paypal_cert_id;
            foreach ($hash as $key => $value) {
                if ($value != "") {
                    $data .= "\n$key=$value";
                }
            }

            $unique_id = uniqid(time());

            $data_file_in = $temp_files_dir_path . DIRECTORY_SEPARATOR . $unique_id . "-data-in.txt"; // raw data fie
            $data_file_out = $temp_files_dir_path . DIRECTORY_SEPARATOR . $unique_id . "-data-out.txt";// signed data file
            $enc_file_out = $temp_files_dir_path . DIRECTORY_SEPARATOR . $unique_id . "-enc-out.txt"; // encrypted data file

            $fp = fopen( $data_in, "w" );
            fwrite($fp, $data);
            fclose($fp);

            if( ! openssl_pkcs7_sign(
                $data_file_in, $data_file_out, 'file://' . $certs->public_key,
                array( 'file://' . $certs->private_key, ''),
                array(),
                PKCS7_BINARY)
            ){
                return false;
            }

            $data_out_data = explode("\n\n", file_get_contents($data_out));

            $out = fopen($data_out, 'wb');
            fwrite($out, base64_decode($data_out_data[1]));
            fclose($out);

            if( ! openssl_pkcs7_encrypt(
                $data_file_out, $enc_file_out,
                'file://' . $certs->paypal_public_key, array(),
                PKCS7_BINARY, OPENSSL_CIPHER_3DES )
            ){
                return false;
            }

            $en_data = explode("\n\n", file_get_contents($enc_file_out) );
            $en_data = $en_data[1];

            $en_data = "-----BEGIN PKCS7-----" . str_replace("\n", "", $en_data ) . "-----END PKCS7-----";

            // delete files
            @unlink($data_file_in);
            @unlink($data_file_out);
            @unlink($enc_file_out);

            $paypal_array = array(
                'cmd' => '_s-' . $hash['cmd'], // use _s- before the cmd
                'encrypted' => $en_data
            );
}

function certs(){
    $certs = new stdClass();
    $certs->public_key = '' // absolute path to your public key file
    $certs->private_key = '' // absolute path to your private key file
    $certs->paypal_public_key = '' // absolute path to paypal public key file
    $certs->paypal_cert_id = '' // given cert id after you upload the public key to paypal website.
}

实现

$hash = array(
    // key value pair of paypal form variables
);

$certs = certs();

$data = paypal_ewp_encrypt_data($hash, $certs);

Data是创建表单字段所需的键值对的php数组。使用key作为名称，使用value作为字段值。