No Description

http_server_sample.php 2.8KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114
  1. <?php
  2. function get_by_url($url)
  3. {
  4. $ch = curl_init();
  5. curl_setopt($ch, CURLOPT_URL, $url);
  6. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  7. curl_setopt($ch, CURLOPT_HEADER, 0);
  8. $output = curl_exec($ch);
  9. curl_close($ch);
  10. return $output;
  11. }
  12. function verify($data, $signature, $pubKey)
  13. {
  14. $res = openssl_get_publickey($pubKey);
  15. $result = (bool) openssl_verify($data, base64_decode($signature), $res);
  16. openssl_free_key($res);
  17. return $result;
  18. }
  19. if (!function_exists('getallheaders'))
  20. {
  21. function getallheaders()
  22. {
  23. $headers = array();
  24. foreach ($_SERVER as $name => $value)
  25. {
  26. if (substr($name, 0, 5) == 'HTTP_')
  27. {
  28. $headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
  29. }
  30. }
  31. return $headers;
  32. }
  33. }
  34. // 1. get the headers and check the signature
  35. $tmpHeaders = array();
  36. $headers = getallheaders();
  37. foreach ($headers as $key => $value)
  38. {
  39. if (0 === strpos($key, 'x-mns-'))
  40. {
  41. $tmpHeaders[$key] = $value;
  42. }
  43. }
  44. ksort($tmpHeaders);
  45. $canonicalizedMNSHeaders = implode("\n", array_map(function ($v, $k) { return $k . ":" . $v; }, $tmpHeaders, array_keys($tmpHeaders)));
  46. $method = $_SERVER['REQUEST_METHOD'];
  47. $canonicalizedResource = $_SERVER['REQUEST_URI'];
  48. error_log($canonicalizedResource);
  49. $contentMd5 = '';
  50. if (array_key_exists('Content-MD5', $headers))
  51. {
  52. $contentMd5 = $headers['Content-MD5'];
  53. }
  54. else if (array_key_exists('Content-md5', $headers))
  55. {
  56. $contentMd5 = $headers['Content-md5'];
  57. }
  58. $contentType = '';
  59. if (array_key_exists('Content-Type', $headers))
  60. {
  61. $contentType = $headers['Content-Type'];
  62. }
  63. $date = $headers['Date'];
  64. $stringToSign = strtoupper($method) . "\n" . $contentMd5 . "\n" . $contentType . "\n" . $date . "\n" . $canonicalizedMNSHeaders . "\n" . $canonicalizedResource;
  65. error_log($stringToSign);
  66. $publicKeyURL = base64_decode($headers['x-mns-signing-cert-url']);
  67. $publicKey = get_by_url($publicKeyURL);
  68. $signature = $headers['Authorization'];
  69. $pass = verify($stringToSign, $signature, $publicKey);
  70. if (!$pass)
  71. {
  72. error_log("verify signature fail");
  73. http_response_code(400);
  74. return;
  75. }
  76. // 2. now parse the content
  77. $content = file_get_contents("php://input");
  78. error_log($content);
  79. if (!empty($contentMd5) && $contentMd5 != base64_encode(md5($content)))
  80. {
  81. error_log("md5 mismatch");
  82. http_response_code(401);
  83. return;
  84. }
  85. $msg = new SimpleXMLElement($content);
  86. echo "\n______________________________________________________\n";
  87. echo "TopicName: " . $msg->TopicName . "\n";
  88. echo "SubscriptionName: " . $msg->SubscriptionName . "\n";
  89. echo "MessageId: " . $msg->MessageId . "\n";
  90. echo "MessageMD5: " . $msg->MessageMD5 . "\n";
  91. echo "Message: " . $msg->Message . "\n";
  92. echo "______________________________________________________\n";
  93. http_response_code(200);
  94. ?>