1:   2:   3:   4:   5:   6:   7:   8:   9:  10:  11:  12:  13:  14:  15:  16:  17:  18:  19:  20:  21:  22:  23:  24:  25:  26:  27:  28:  29:  30:  31:  32:  33:  34:  35:  36:  37:  38:  39:  40:  41:  42:  43:  44:  45:  46:  47:  48:  49:  50:  51:  52:  53:  54:  55:  56:  57:  58:  59:  60:  61:  62:  63:  64:  65:  66:  67:  68:  69:  70:  71:  72:  73:  74:  75:  76:  77:  78:  79:  80:  81:  82:  83:  84:  85:  86:  87:  88:  89:  90:  91:  92:  93:  94:  95:  96:  97:  98:  99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 

<?php
/**
 * 认证
 * @author ******@baidu.com
 **/
namespace Baidu\Duer\Botsdk;

class Certificate{
    private $verifyRequestSign = false;
    /**
     * @param string $privateKeyContent 私钥内容，使用监控统计功能或者推送功能需要提供
     * @return null
     */
    public function __construct($privateKeyContent = '') {
        //TODO data: requestbody + timespan
        //$this->data = json_encode($request->getData());
        $this->data = file_get_contents("php://input");
        $this->privateKey = $privateKeyContent;
        $this->verifyRequestSign = false;
    }

    /**
     * 开启验证请求参数签名，阻止非法请求
     *
     * @param null
     * @return null
     */
    public function enableVerifyRequestSign() {
        $this->verifyRequestSign = true; 
    }

    /**
     * 关闭验证请求参数签名
     *
     * @param null
     * @return null
     */
    public function disableVerifyRequestSign() {
        $this->verifyRequestSign = false; 
    }

    /**
     * @param null
     * @return resource
     */
    private function getRequestPublicKey() {
        //TODO get from head 
        //$filename = dirname(__file__).'/cacert.pem';
        $filename = $_SERVER['HTTP_SIGNATUREURL'];
        if(!$filename) {
            return; 
        }

        $cache = dirname(__file__).'/'.md5($filename);
        $content = '';
        if(!file_exists($cache)) {
            $content = file_get_contents($filename);
            if(!$content) {
                return; 
            }

            file_put_contents($cache, $content);
        }

        $content = file_get_contents($cache); 

        return openssl_pkey_get_public($content);
    }

    /**
     * @desc 验证请求者是否合法
     * @param null
     * @return boolean
     */
    public function verifyRequest() {
        if(!$this->verifyRequestSign) {
            return true; 
        }

        $publicKey = $this->getRequestPublicKey(); 
        if(!$publicKey || !$this->data) {
            return false; 
        }

        $encryptedData = '';
        // 公钥解密
        $verify = openssl_verify($this->data, base64_decode($this->getRequestSig()), $publicKey, OPENSSL_ALGO_SHA1);

        return $verify == 1;
        //openssl_public_decrypt(base64_decode($this->getRequestSig()), $encryptedData, $publicKey);
        //$sig = sha1($this->data);
        //return $encryptedData == $sig;
    }

    /**
     * 生成签名，当使用DuerOS统计功能或者推送消息
     * @param string $content 待签名内容
     * @return string|boolean
     */
    public function getSig($content) {
        if(!$this->privateKey || !$content) {
            return false;
        }
        $privateKey = openssl_pkey_get_private($this->privateKey, '');
        $encryptedData = '';
        // 私钥加密
        openssl_sign($content, $encryptedData, $privateKey, OPENSSL_ALGO_SHA1);
        return base64_encode($encryptedData);
    }

    /**
     * @param null
     * @return string
     */
    private function getRequestSig() {
        //TODO: get from http request
        return  $_SERVER['HTTP_SIGNATURE'];

        //for test
        //return $this->getSig(file_get_contents(dirname(__file__).'/privkey.pem')); 
    }
}