通过 
搜索
搜索ampersa / json-signer
使用带签名的哈希验证JSON字符串
1.3
2019-01-30 22:10 UTC
Requires
- php: >=5.4
Requires (Dev)
- phpunit/phpunit: ~4.0
README
使用带签名的哈希对JSON字符串进行签名并验证签名字符串。
版本 1.3
安装
通过composer进行安装
composer require ampersa/json-signer
使用方法
要签名一个JSON字符串,将签名密钥传递给新的Signer对象并调用sign(),传入JSON字符串
$signer = new \Ampersa\JsonSigner\Signer('SIGNINGKEY'); $signed = $signer->sign('{"key1":"value1","array1":{"key2":"value2","key3":"value3"}}'); // Returns: {"key1":"value1","array1":{"key2":"value2","key3":"value3"},"__s":"6bf4dbb38474dfbffa5980cae38d0e24fe73100e710f6a97efc8fb3620655ab0"}
或者,要返回签名并保持JSON字符串不变,调用signature(),传入JSON字符串
$signer = new \Ampersa\JsonSigner\Signer('SIGNINGKEY'); $signed = $signer->signature('{"key1":"value1","array1":{"key2":"value2","key3":"value3"}}'); // Returns: 6bf4dbb38474dfbffa5980cae38d0e24fe73100e710f6a97efc8fb3620655ab0
要验证已签名的JSON字符串,调用verify(),传入已签名的JSON字符串
$signer = new \Ampersa\JsonSigner\Signer('SIGNINGKEY'); $signed = $signer->verify('{"key1":"value1","array1":{"key2":"value2","key3":"value3"},"__s":"6bf4dbb38474dfbffa5980cae38d0e24fe73100e710f6a97efc8fb3620655ab0"}'); // Returns: true
单独验证签名与将签名作为verify()的第二个参数传入一样简单
$signer = new \Ampersa\JsonSigner\Signer('SIGNINGKEY'); $signed = $signer->verify('{"key1":"value1","array1":{"key2":"value2","key3":"value3"}}', '6bf4dbb38474dfbffa5980cae38d0e24fe73100e710f6a97efc8fb3620655ab0'); // Returns: true
签名者
包含2个签名类
- AppendSigner
- PackageSigner
签名者默认为AppendSigner,将签名密钥附加到JSON对象。
PackageSigner将原始JSON对象和签名密钥打包到一个新的父对象中,即
$signer = (new \Ampersa\JsonSigner\Signer('SIGNINGKEY')) ->setSigner(new \Ampersa\JsonSigner\Signers\PackageSigner); $signed = $signer->sign('{"key1":"value1","array1":{"key2":"value2","key3":"value3"}}'); // Returns: {"__orig":{"key1":"value1","array1":{"key2":"value2","key3":"value3"}},"__s":"6bf4dbb38474dfbffa5980cae38d0e24fe73100e710f6a97efc8fb3620655ab0"} $signer = (new \Ampersa\JsonSigner\Signer('SIGNINGKEY')) ->setSigner(new \Ampersa\JsonSigner\Signers\PackageSigner); $signed = $signer->verify('{"__orig":{"key1":"value1","array1":{"key2":"value2","key3":"value3"}},"__s":"6bf4dbb38474dfbffa5980cae38d0e24fe73100e710f6a97efc8fb3620655ab0"}'); // Returns: true
确保在签名和验证时使用正确的签名者类
签名者类也可以直接访问
$signer = new \Ampersa\JsonSigner\Signers\PackageSigner('SIGNINGKEY'); $signed = $signer->sign('{"key1":"value1","array1":{"key2":"value2","key3":"value3"}}'); // Returns: {"__orig":{"key1":"value1","array1":{"key2":"value2","key3":"value3"}},"__s":"6bf4dbb38474dfbffa5980cae38d0e24fe73100e710f6a97efc8fb3620655ab0"}
配置
###签名密钥 设置用于在签名字符串中保存签名所使用的密钥。这可以用来避免与现有密钥冲突。
如果对已包含签名密钥的字符串调用sign(),将抛出异常
$signer = new \Ampersa\JsonSigner\Signer('SIGNINGKEY'); $signer->setSignatureKey('customSignature'); $signed = $signer->sign('{"key1":"value1","array1":{"key2":"value2","key3":"value3"}}'); // Returns: {"key1":"value1","array1":{"key2":"value2","key3":"value3"},"customSignature":"6bf4dbb38474dfbffa5980cae38d0e24fe73100e710f6a97efc8fb3620655ab0"}
###哈希算法 签名者默认使用SHA256作为签名算法。这可以通过第二个构造参数或通过setAlgorithm()进行更改
$signer = new \Ampersa\JsonSigner\Signer('SIGNINGKEY', 'md5'); $signed = $signer->sign('{"key1":"value1","array1":{"key2":"value2","key3":"value3"}}'); // Returns: {"key1":"value1","array1":{"key2":"value2","key3":"value3"},"__s":"2eedf7bd7c18ae0e8db2f6dc86f5df57"} $signer = new \Ampersa\JsonSigner\Signer('SIGNINGKEY'); $signer->setAlgorithm('sha1'); $signed = $signer->sign('{"key1":"value1","array1":{"key2":"value2","key3":"value3"}}'); // Returns: {"key1":"value1","array1":{"key2":"value2","key3":"value3"},"__s":"e8d409703677aef50b897fa0e0cb7fc6898ae690"}
###包密钥 当使用PackageSigner类时,您可以设置用于在签名字符串中保存原始JSON包的密钥
$signer = new \Ampersa\JsonSigner\Signers\PackageSigner('SIGNINGKEY'); $signer->setPackageKey('package'); $signed = $signer->sign('{"key1":"value1","array1":{"key2":"value2","key3":"value3"}}'); // Returns: {"package": {"key1":"value1","array1":{"key2":"value2","key3":"value3"}},"customSignature":"6bf4dbb38474dfbffa5980cae38d0e24fe73100e710f6a97efc8fb3620655ab0"}