修复证书序列号读取问题

* Compare serialNo using uppercase * Make ext-bcmath optional in composer.json * (fix) Fix read serialNumber of certificate
wechatpay-apiv3 · Oct 15, 2019 · 118602b · 118602b
1 parent 5fe454f
commit 118602b
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 15 deletions.
diff --git a/.gitignore b/.gitignore
@@ -2,6 +2,7 @@
 
 composer.phar
 /vendor/
+test/
 
 # Commit your application's lock file https://getcomposer.org/doc/01-basic-usage.md#commit-your-composer-lock-file-to-version-control
 # You may choose to ignore a library lock file http://getcomposer.org/doc/02-libraries.md#lock-file

diff --git a/composer.json b/composer.json
@@ -1,6 +1,6 @@
 {
     "name": "wechatpay/wechatpay-guzzle-middleware",
-    "version": "0.1.0",
+    "version": "0.1.1",
     "description": "WechatPay API V3 Guzzle Middleware",
     "type": "library",
     "keywords": [
@@ -10,8 +10,7 @@
     "license": "Apache-2.0",
     "require": {
         "php": ">=5.5",
-        "ext-openssl": "*",
-        "ext-bcmath": "*"
+        "ext-openssl": "*"
     },
     "require-dev": {
         "guzzlehttp/guzzle": "^6.3"
@@ -20,6 +19,7 @@
         "psr-4": { "WechatPay\\GuzzleMiddleware\\" : "src/" }
     },
     "suggest": {
+        "ext-bcmath": "Require bcmath in php 5.* version.",
         "guzzlehttp/guzzle": "For using wechatpay guzzle middleware."
     }
 }
diff --git a/src/Auth/CertificateVerifier.php b/src/Auth/CertificateVerifier.php
@@ -55,6 +55,7 @@ public function __construct(array $certificates)
      */
     public function verify($serialNumber, $message, $signature)
     {
+        $serialNumber = \strtoupper(\ltrim($serialNumber, '0')); // trim leading 0 and uppercase
         if (!isset($this->publicKeys[$serialNumber])) {
             return false;
         }
@@ -77,21 +78,31 @@ public function verify($serialNumber, $message, $signature)
     protected function parseSerialNo($certificate)
     {
         $info = \openssl_x509_parse($certificate);
-        if (!isset($info['serialNumber'])) {
+        if (!isset($info['serialNumber']) && !isset($info['serialNumberHex'])) {
             throw new \InvalidArgumentException('证书格式错误');
         }
 
-        $serialNo = $info['serialNumber'];
-        if (\is_int($serialNo)) {
-            return \strtoupper(\dechex($serialNo));
+        $serialNo = '';
+        // PHP 7.0+ provides serialNumberHex field
+        if (isset($info['serialNumberHex'])) {
+            $serialNo = $info['serialNumberHex'];
+        } else {
+            // PHP use i2s_ASN1_INTEGER in openssl to convert serial number to string,
+            // i2s_ASN1_INTEGER may produce decimal or hexadecimal format,
+            // depending on the version of openssl and length of data.
+            if (\strtolower(\substr($info['serialNumber'], 0, 2)) == '0x') { // HEX format
+                $serialNo = \substr($info['serialNumber'], 2);
+            } else { // DEC format
+                $value = $info['serialNumber'];
+                $hexvalues = ['0','1','2','3','4','5','6','7',
+                    '8','9','A','B','C','D','E','F'];
+                while ($value != '0') {
+                    $serialNo = $hexvalues[\bcmod($value, '16')].$serialNo;
+                    $value = \bcdiv($value, '16', 0);
+                }
+            }
         }
-        $hexvalues = ['0','1','2','3','4','5','6','7',
-               '8','9','A','B','C','D','E','F'];
-        $hexval = '';
-        while ($serialNo != '0') {
-            $hexval = $hexvalues[\bcmod($serialNo, '16')].$hexval;
-            $serialNo = \bcdiv($serialNo, '16', 0);
-        }
-        return $hexval;
+
+        return \strtoupper($serialNo);
     }
 }