优惠券订单及其他脚本

SecurityClient.php 14KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543
  1. <?php
  2. include './SecurityUtil.php';
  3. include './SecretGetRequest.php';
  4. include './TopSdkFeedbackUploadRequest.php';
  5. include './iCache.php';
  6. include '../../TopSdk.php';
  7. class SecurityClient
  8. {
  9. private $topClient ;
  10. private $randomNum ;
  11. private $securityUtil;
  12. private $cacheClient = null;
  13. function __construct($client, $random)
  14. {
  15. define('APP_SECRET_TYPE','2');
  16. define('APP_USER_SECRET_TYPE','3');
  17. $this->topClient = $client;
  18. $this->randomNum = $random;
  19. $this->securityUtil = new SecurityUtil();
  20. }
  21. /**
  22. * 设置缓存处理器
  23. */
  24. function setCacheClient($cache)
  25. {
  26. $this->cacheClient = $cache;
  27. }
  28. /**
  29. * 密文检索,在秘钥升级场景下兼容查询
  30. *
  31. * @see #search(String, String, String, Long)
  32. * @return
  33. */
  34. function searchPrevious($data,$type,$session = null)
  35. {
  36. return $this->searchInner($data,$type,$session,-1);
  37. }
  38. /**
  39. * 密文检索(每个用户单独分配秘钥)
  40. *
  41. * @see #search(String, String, String, Long)
  42. * @return
  43. */
  44. function search($data,$type,$session = null)
  45. {
  46. return $this->searchInner($data,$type,$session,null);
  47. }
  48. /**
  49. * 密文检索。 手机号码格式:$base64(H-MAC(phone后4位))$ simple格式:base64(H-MAC(滑窗))
  50. *
  51. * @param data
  52. * 明文数据
  53. * @param type
  54. * 加密字段类型(例如:simple\phone)
  55. * @param session
  56. * 用户身份,用户级加密必填
  57. * @param version
  58. * 秘钥历史版本
  59. * @return
  60. */
  61. function searchInner($data, $type, $session,$version)
  62. {
  63. if(empty($data) || empty($type)){
  64. return $data;
  65. }
  66. $secretContext = null;
  67. $secretContext = $this->callSecretApiWithCache($session,$version);
  68. $this->incrCounter(3,$type,$secretContext,true);
  69. if(empty($secretContext) || empty($secretContext->secret)) {
  70. return $data;
  71. }
  72. return $this->securityUtil->search($data, $type,$secretContext);
  73. }
  74. /**
  75. * 单条数据解密,使用appkey级别公钥
  76. * 非加密数据直接返回原文
  77. */
  78. function decryptPublic($data,$type)
  79. {
  80. return $this->decrypt($data,$type,null);
  81. }
  82. /**
  83. * 单条数据解密
  84. * 非加密数据直接返回原文
  85. */
  86. function decrypt($data,$type,$session)
  87. {
  88. if(empty($data) || empty($type)){
  89. return $data;
  90. }
  91. $secretData = $this->securityUtil->getSecretDataByType($data,$type);
  92. if(empty($secretData)){
  93. return $data;
  94. }
  95. if($this->securityUtil->isPublicData($data,$type)){
  96. $secretContext = $this->callSecretApiWithCache(null,$secretData->secretVersion);
  97. } else {
  98. $secretContext = $this->callSecretApiWithCache($session,$secretData->secretVersion);
  99. }
  100. $this->incrCounter(2,$type,$secretContext,true);
  101. return $this->securityUtil->decrypt($data,$type,$secretContext);
  102. }
  103. /**
  104. * 多条数据解密,使用appkey级别公钥
  105. * 非加密数据直接返回原文
  106. */
  107. function decryptBatchPublic($array,$type)
  108. {
  109. if(empty($array) || empty($type)){
  110. return null;
  111. }
  112. $result = array();
  113. foreach ($array as $value) {
  114. $secretData = $this->securityUtil->getSecretDataByType($value,$type);
  115. $secretContext = $this->callSecretApiWithCache(null,$secretData->secretVersion);
  116. if(empty($secretData)){
  117. $result[$value] = $value;
  118. }else{
  119. $result[$value] = $this->securityUtil->decrypt($value,$type,$secretContext);
  120. $this->incrCounter(2,$type,$secretContext,true);
  121. }
  122. $this->flushCounter($secretContext);
  123. }
  124. return $result;
  125. }
  126. /**
  127. * 多条数据解密,必须是同一个type和用户,返回结果是 KV结果
  128. * 非加密数据直接返回原文
  129. */
  130. function decryptBatch($array,$type,$session)
  131. {
  132. if(empty($array) || empty($type)){
  133. return null;
  134. }
  135. $result = array();
  136. foreach ($array as $value) {
  137. $secretData = $this->securityUtil->getSecretDataByType($value,$type);
  138. if(empty($secretData)){
  139. $result[$value] = $value;
  140. } else if($this->securityUtil->isPublicData($value,$type)){
  141. $appContext = $this->callSecretApiWithCache(null,$secretData->secretVersion);
  142. $result[$value] = $this->securityUtil->decrypt($value,$type,$appContext);
  143. $this->incrCounter(2,$type,$appContext,false);
  144. $this->flushCounter($appContext);
  145. } else {
  146. $secretContext = $this->callSecretApiWithCache($session,$secretData->secretVersion);
  147. $result[$value] = $this->securityUtil->decrypt($value,$type,$secretContext);
  148. $this->incrCounter(2,$type,$secretContext,false);
  149. $this->flushCounter($secretContext);
  150. }
  151. }
  152. return $result;
  153. }
  154. /**
  155. * 使用上一版本秘钥解密,app级别公钥
  156. */
  157. function decryptPreviousPublic($data,$type)
  158. {
  159. $secretContext = $this->callSecretApiWithCache(null,-1);
  160. return $this->securityUtil->decrypt($data,$type,$secretContext);
  161. }
  162. /**
  163. * 使用上一版本秘钥解密,一般只用于更新秘钥
  164. */
  165. function decryptPrevious($data,$type,$session)
  166. {
  167. if($this->securityUtil->isPublicData($data,$type)){
  168. $secretContext = $this->callSecretApiWithCache(null,-1);
  169. } else {
  170. $secretContext = $this->callSecretApiWithCache($session,-1);
  171. }
  172. return $this->securityUtil->decrypt($data,$type,$secretContext);
  173. }
  174. /**
  175. * 加密单条数据,使用app级别公钥
  176. */
  177. function encryptPublic($data,$type,$version = null)
  178. {
  179. return $this->encrypt($data,$type,null,$version);
  180. }
  181. /**
  182. * 加密单条数据
  183. */
  184. function encrypt($data,$type,$session = null,$version = null)
  185. {
  186. if(empty($data) || empty($type)){
  187. return null;
  188. }
  189. $secretContext = $this->callSecretApiWithCache($session,null);
  190. $this->incrCounter(1,$type,$secretContext,true);
  191. return $this->securityUtil->encrypt($data,$type,$version,$secretContext);
  192. }
  193. /**
  194. * 加密多条数据,使用app级别公钥
  195. */
  196. function encryptBatchPublic($array,$type,$version = null)
  197. {
  198. if(empty($array) || empty($type)){
  199. return null;
  200. }
  201. $secretContext = $this->callSecretApiWithCache(null,null);
  202. $result = array();
  203. foreach ($array as $value) {
  204. $result[$value] = $this->securityUtil->encrypt($value,$type,$version,$secretContext);
  205. $this->incrCounter(1,$type,$secretContext,false);
  206. }
  207. $this->flushCounter($secretContext);
  208. return $result;
  209. }
  210. /**
  211. * 加密多条数据,必须是同一个type和用户,返回结果是 KV结果
  212. */
  213. function encryptBatch($array,$type,$session,$version = null)
  214. {
  215. if(empty($array) || empty($type)){
  216. return null;
  217. }
  218. $secretContext = $this->callSecretApiWithCache($session,null);
  219. $result = array();
  220. foreach ($array as $value) {
  221. $result[$value] = $this->securityUtil->encrypt($value,$type,$version,$secretContext);
  222. $this->incrCounter(1,$type,$secretContext,false);
  223. }
  224. $this->flushCounter($secretContext);
  225. return $result;
  226. }
  227. /**
  228. * 使用上一版本秘钥加密,使用app级别公钥
  229. */
  230. function encryptPreviousPublic($data,$type)
  231. {
  232. $secretContext = $this->callSecretApiWithCache(null,-1);
  233. $this->incrCounter(1,$type,$secretContext,true);
  234. return $this->securityUtil->encrypt($data,$type,$secretContext->version,$secretContext);
  235. }
  236. /**
  237. * 使用上一版本秘钥加密,一般只用于更新秘钥
  238. */
  239. function encryptPrevious($data,$type,$session)
  240. {
  241. $secretContext = $this->callSecretApiWithCache($session,-1);
  242. $this->incrCounter(1,$type,$secretContext,true);
  243. return $this->securityUtil->encrypt($data,$type,$secretContext);
  244. }
  245. /**
  246. * 根据session生成秘钥
  247. */
  248. function initSecret($session)
  249. {
  250. return $this->callSecretApiWithCache($session,null);
  251. }
  252. function buildCacheKey($session,$secretVersion)
  253. {
  254. if(empty($session)){
  255. return $this->topClient->getAppkey();
  256. }
  257. if(empty($secretVersion)){
  258. return $session ;
  259. }
  260. return $session.'_'.$secretVersion ;
  261. }
  262. function generateCustomerSession($userId)
  263. {
  264. return '_'.$userId ;
  265. }
  266. /**
  267. * 判断是否是已加密的数据
  268. */
  269. function isEncryptData($data,$type)
  270. {
  271. if(empty($data) || empty($type)){
  272. return false;
  273. }
  274. return $this->securityUtil->isEncryptData($data,$type);
  275. }
  276. /**
  277. * 判断是否是已加密的数据,数据必须是同一个类型
  278. */
  279. function isEncryptDataArray($array,$type)
  280. {
  281. if(empty($array) || empty($type)){
  282. return false;
  283. }
  284. return $this->securityUtil->isEncryptDataArray($array,$type);
  285. }
  286. /**
  287. * 判断数组中的数据是否存在密文,存在任何一个返回true,否则false
  288. */
  289. function isPartEncryptData($array,$type)
  290. {
  291. if(empty($array) || empty($type)){
  292. return false;
  293. }
  294. return $this->securityUtil->isPartEncryptData($array,$type);
  295. }
  296. /**
  297. * 获取秘钥,使用缓存
  298. */
  299. function callSecretApiWithCache($session,$secretVersion)
  300. {
  301. if($this->cacheClient)
  302. {
  303. $time = time();
  304. $cacheKey = $this->buildCacheKey($session,$secretVersion);
  305. $secretContext = $this->cacheClient->getCache($cacheKey);
  306. if($secretContext)
  307. {
  308. if($this->canUpload($secretContext)){
  309. if($this->report($secretContext)){
  310. $this->clearReport($secretContext);
  311. }
  312. }
  313. }
  314. if($secretContext && $secretContext->invalidTime > $time)
  315. {
  316. return $secretContext;
  317. }
  318. }
  319. $secretContext = $this->callSecretApi($session,$secretVersion);
  320. if($this->cacheClient)
  321. {
  322. $secretContext->cacheKey = $cacheKey;
  323. $this->cacheClient->setCache($cacheKey,$secretContext);
  324. }
  325. return $secretContext;
  326. }
  327. function incrCounter($op,$type,$secretContext,$flush)
  328. {
  329. if($op == 1){
  330. switch ($type) {
  331. case 'nick':
  332. $secretContext->encryptNickNum ++ ;
  333. break;
  334. case 'simple':
  335. $secretContext->encryptSimpleNum ++ ;
  336. break;
  337. case 'receiver_name':
  338. $secretContext->encryptReceiverNameNum ++ ;
  339. break;
  340. case 'phone':
  341. $secretContext->encryptPhoneNum ++ ;
  342. break;
  343. default:
  344. break;
  345. }
  346. }else if($op == 2){
  347. switch ($type) {
  348. case 'nick':
  349. $secretContext->decryptNickNum ++ ;
  350. break;
  351. case 'simple':
  352. $secretContext->decryptSimpleNum ++ ;
  353. break;
  354. case 'receiver_name':
  355. $secretContext->decryptReceiverNameNum ++ ;
  356. break;
  357. case 'phone':
  358. $secretContext->decryptPhoneNum ++ ;
  359. break;
  360. default:
  361. break;
  362. }
  363. }else{
  364. switch ($type) {
  365. case 'nick':
  366. $secretContext->searchNickNum ++ ;
  367. break;
  368. case 'simple':
  369. $secretContext->searchSimpleNum ++ ;
  370. break;
  371. case 'receiver_name':
  372. $secretContext->searchReceiverNameNum ++ ;
  373. break;
  374. case 'phone':
  375. $secretContext->searchPhoneNum ++ ;
  376. break;
  377. default:
  378. break;
  379. }
  380. }
  381. if($flush && $this->cacheClient){
  382. $this->cacheClient->setCache($secretContext->cacheKey,$secretContext);
  383. }
  384. }
  385. function flushCounter($secretContext)
  386. {
  387. if($this->cacheClient){
  388. $this->cacheClient->setCache($secretContext->cacheKey,$secretContext);
  389. }
  390. }
  391. function clearReport($secretContext)
  392. {
  393. $secretContext->encryptPhoneNum = 0;
  394. $secretContext->encryptNickNum = 0;
  395. $secretContext->encryptReceiverNameNum = 0;
  396. $secretContext->encryptSimpleNum = 0;
  397. $secretContext->encryptSearchNum = 0;
  398. $secretContext->decryptPhoneNum = 0;
  399. $secretContext->decryptNickNum = 0;
  400. $secretContext->decryptReceiverNameNum = 0;
  401. $secretContext->decryptSimpleNum = 0;
  402. $secretContext->decryptSearchNum = 0;
  403. $secretContext->searchPhoneNum = 0;
  404. $secretContext->searchNickNum = 0;
  405. $secretContext->searchReceiverNameNum = 0;
  406. $secretContext->searchSimpleNum = 0;
  407. $secretContext->searchSearchNum = 0;
  408. $secretContext->lastUploadTime = time();
  409. }
  410. function canUpload($secretContext)
  411. {
  412. $current = time();
  413. if($current - $secretContext->lastUploadTime > 300){
  414. return true;
  415. }
  416. return false;
  417. }
  418. /*
  419. * 上报信息
  420. */
  421. function report($secretContext)
  422. {
  423. $request = new TopSdkFeedbackUploadRequest;
  424. $request->setContent($secretContext->toLogString());
  425. if(empty($secretContext->session)){
  426. $request->setType(APP_SECRET_TYPE);
  427. }else{
  428. $request->setType(APP_USER_SECRET_TYPE);
  429. }
  430. $response = $this->topClient->execute($request,$secretContext->session);
  431. if($response->code == 0){
  432. return true;
  433. }
  434. return false;
  435. }
  436. /**
  437. * 获取秘钥,不使用缓存
  438. */
  439. function callSecretApi($session,$secretVersion)
  440. {
  441. $request = new TopSecretGetRequest;
  442. $request->setRandomNum($this->randomNum);
  443. if($secretVersion)
  444. {
  445. if(intval($secretVersion) < 0 || $session == null){
  446. $session = null;
  447. $secretVersion = -1 * intval($secretVersion < 0);
  448. }
  449. $request->setSecretVersion($secretVersion);
  450. }
  451. $topSession = $session;
  452. if($session != null && $session[0] == '_')
  453. {
  454. $request->setCustomerUserId(substr($session,1));
  455. $topSession = null;
  456. }
  457. $response = $this->topClient->execute($request,$topSession);
  458. if($response->code != 0){
  459. throw new Exception($response->msg);
  460. }
  461. $time = time();
  462. $secretContext = new SecretContext();
  463. $secretContext->maxInvalidTime = $time + intval($response->max_interval);
  464. $secretContext->invalidTime = $time + intval($response->interval);
  465. $secretContext->secret = strval($response->secret);
  466. $secretContext->session = $session;
  467. if(!empty($response->app_config)){
  468. $tmpJson = json_decode($response->app_config);
  469. $appConfig = array();
  470. foreach ($tmpJson as $key => $value){
  471. $appConfig[$key] = $value;
  472. }
  473. $secretContext->appConfig = $appConfig;
  474. }
  475. if(empty($session)){
  476. $secretContext->secretVersion = -1 * intval($response->secret_version);
  477. }else{
  478. $secretContext->secretVersion = intval($response->secret_version);
  479. }
  480. return $secretContext;
  481. }
  482. }
  483. ?>