- 授权事件接收URL 实现
-
验证票据
验证票据(component_verify_ticket),在第三方平台创建审核通过后,微信服务器会向其 ”授权事件接收URL” 每隔 10 分钟以 POST 的方式推送 component_verify_ticket 接收 POST 请求后,只需直接返回字符串 success。为了加强安全性,postdata 中的 xml 将使用服务申请时的加解密 key 来进行加密伪代码
- 注册路由
bp.add_url_rule('/api/Receive/SysMsg', view_func=receive_sys_msg, methods=['POST'])- 接收方法实现
import xml.etree.cElementTree as ET # 微信xml解析包 from tool.WXBizMsgCryptPython import WXBizMsgCrypt def receive_sys_msg(): """ 验证票据 :return: """ # 以表单形式发送数据 log.info("验证票据接口调用开始---------------------") request_param = request.args.to_dict() log.info('request 信息为: {}'.format(request_param)) log.info('request.data 信息为: {}'.format(request.data)) post_data = str(request.data, encoding="utf-8") _ = auth_callback(request_param, post_data) log.info("验证票据接口调用结束---------------------") return "success" def auth_callback(req_data, post_data): """ 授权回调方法 第三方平台创建审核通过后,微信服务器会向其 ”授权事件接收URL” 每隔 10 分钟以 POST 的方式推送 component_verify_ticket :param req_data: :param post_data: :return: """ # 获取配置文件中的 第三方平台的token, appid, aes_key token = Config.config_dict.get("wx_token") appid = Config.config_dict.get("wx_app_id") encodingAESKey = Config.config_dict.get("wx_encoding_aes_key") timestamp = req_data.get("timestamp") msg_sign = req_data.get("msg_signature") nonce = req_data.get("nonce") # 对微信推动的xml数据进行过滤防止解析失败 post_data = post_data.replace("\n", "").replace(" ", "") log.info("req_data:{0}".format(req_data)) log.info("post_data xml:{0}".format(post_data)) try: xml_tree = ET.fromstring(post_data) encrypt = xml_tree.find("Encrypt") except Exception as e: log.error("解析微信 xml 失败") # 格式化post data, 拿到密文,并替换模板xml from_xml_template = """<xml><ToUserName><![CDATA[toUser]]></ToUserName><Encrypt><![CDATA[{0}]]></Encrypt></xml>""" from_xml = from_xml_template.format(encrypt.text) decrypt_test = WXBizMsgCrypt(token, encodingAESKey, appid) ret, decryp_xml = decrypt_test.DecryptMsg(from_xml, msg_sign, timestamp, nonce) log.info("解密 XML 数据 ret:{0}".format(ret)) log.info("解密 XML 数据 decryp_xml:{0}".format(decryp_xml)) # 解密数据获取 ComponentVerifyTicket try: xml_tree = ET.fromstring(decryp_xml) ComponentVerifyTicket = xml_tree.find("ComponentVerifyTicket") InfoType = xml_tree.find("InfoType") log.info("解密 XML 数据 InfoType:{0}".format(InfoType.text)) # 获取验证票据逻辑 if InfoType.text == "component_verify_ticket": # 保存 ComponentVerifyTicket 到 redis 中, 有效时间为12小时 redis_key = REDIS_TICKET_TEMPLATE.format(Config.config_dict.get("wx_app_id")) log.info("解密 XML 数据 ComponentVerifyTicket:{0}".format(ComponentVerifyTicket.text)) # 解析出来的数据,前面加了一个伪头,需要截取 component_verify_ticket = ComponentVerifyTicket.text[9:] # 保存到 redis 中, 设置过期时间为12小时 set_redis_info(redis_key, component_verify_ticket, 12 * 60) except Exception as e: log.info("err:".format(e)) return True
WXBizMsgCryptPython.py
不得不吐槽,微信提供的python包版本居然还是2.* 的...
# !/usr/bin/env python
# -*- encoding:utf-8 -*-
"""
python3对公众平台发送给公众账号的消息加解密代码.支持中文.
"""
# ------------------------------------------------------------------------
import base64
import string
import random
import hashlib
import time
import struct
import binascii
from Crypto.Cipher import AES
import xml.etree.cElementTree as ET
import socket
# import ierror
# import base_service.wechat.ierror
WXBizMsgCrypt_OK = 0
WXBizMsgCrypt_ValidateSignature_Error = -40001
WXBizMsgCrypt_ParseXml_Error = -40002
WXBizMsgCrypt_ComputeSignature_Error = -40003
WXBizMsgCrypt_IllegalAesKey = -40004
WXBizMsgCrypt_ValidateAppid_Error = -40005
WXBizMsgCrypt_EncryptAES_Error = -40006
WXBizMsgCrypt_DecryptAES_Error = -40007
WXBizMsgCrypt_IllegalBuffer = -40008
WXBizMsgCrypt_EncodeBase64_Error = -40009
WXBizMsgCrypt_DecodeBase64_Error = -40010
WXBizMsgCrypt_GenReturnXml_Error = -40011
""" AES加解密用 pycrypto """
class FormatException(Exception):
pass
def throw_exception(message, exception_class=FormatException):
"""my define raise exception function"""
raise exception_class(message)
class SHA1:
"""计算公众平台的消息签名接口"""
def getSHA1(self, token, timestamp, nonce, encrypt):
"""用SHA1算法生成安全签名
@param token: 票据
@param timestamp: 时间戳
@param encrypt: 密文
@param nonce: 随机字符串
@return: 安全签名
"""
try:
token = token.decode()
sortlist = [token, timestamp, nonce, encrypt]
sortlist.sort()
sha = hashlib.sha1()
sha.update("".join(sortlist).encode("utf8"))
return WXBizMsgCrypt_OK, sha.hexdigest()
except Exception as e:
print(e)
return WXBizMsgCrypt_ComputeSignature_Error, None
class XMLParse(object):
"""提供提取消息格式中的密文及生成回复消息格式的接口"""
# xml消息模板
AES_TEXT_RESPONSE_TEMPLATE = """<xml>
<Encrypt><![CDATA[%(msg_encrypt)s]]></Encrypt>
<MsgSignature><![CDATA[%(msg_signaturet)s]]></MsgSignature>
<TimeStamp>%(timestamp)s</TimeStamp>
<Nonce><![CDATA[%(nonce)s]]></Nonce>
</xml>"""
def extract(self, xmltext):
"""提取出xml数据包中的加密消息
@param xmltext: 待提取的xml字符串
@return: 提取出的加密消息字符串
"""
try:
xml_tree = ET.fromstring(xmltext)
encrypt = xml_tree.find("Encrypt")
touser_name = xml_tree.find("ToUserName")
return WXBizMsgCrypt_OK, encrypt.text, touser_name.text
except Exception as e:
print(e)
return WXBizMsgCrypt_ParseXml_Error, None, None
def generate(self, encrypt, signature, timestamp, nonce):
"""生成xml消息
@param encrypt: 加密后的消息密文
@param signature: 安全签名
@param timestamp: 时间戳
@param nonce: 随机字符串
@return: 生成的xml字符串
"""
resp_dict = {
'msg_encrypt': encrypt,
'msg_signaturet': signature,
'timestamp': timestamp,
'nonce': nonce,
}
resp_xml = self.AES_TEXT_RESPONSE_TEMPLATE % resp_dict
return resp_xml
class PKCS7Encoder(object):
"""提供基于PKCS7算法的加解密接口"""
block_size = 32
def encode(self, text):
""" 对需要加密的明文进行填充补位
@param text: 需要进行填充补位操作的明文
@return: 补齐明文字符串
"""
text_length = len(text)
# 计算需要填充的位数
amount_to_pad = self.block_size - (text_length % self.block_size)
if amount_to_pad == 0:
amount_to_pad = self.block_size
# 获得补位所用的字符
pad = chr(amount_to_pad).encode()
return text + pad * amount_to_pad
def decode(self, decrypted):
"""删除解密后明文的补位字符
@param decrypted: 解密后的明文
@return: 删除补位字符后的明文
"""
pad = ord(decrypted[-1])
if pad < 1 or pad > 32:
pad = 0
return decrypted[:-pad]
class Prpcrypt(object):
"""提供接收和推送给公众平台消息的加解密接口"""
def __init__(self, key):
# self.key = base64.b64decode(key+"=")
self.key = key
# 设置加解密模式为AES的CBC模式
self.mode = AES.MODE_CBC
def encrypt(self, text, appid):
"""对明文进行加密
@param text: 需要加密的明文
@return: 加密得到的字符串
"""
# 16位随机字符串添加到明文开头
len_str = struct.pack("I", socket.htonl(len(text.encode())))
# text = self.get_random_str() + binascii.b2a_hex(len_str).decode() + text + appid
text = self.get_random_str() + len_str + text.encode() + appid
# 使用自定义的填充方式对明文进行补位填充
pkcs7 = PKCS7Encoder()
text = pkcs7.encode(text)
# 加密
cryptor = AES.new(self.key, self.mode, self.key[:16])
try:
ciphertext = cryptor.encrypt(text)
# 使用BASE64对加密后的字符串进行编码
return WXBizMsgCrypt_OK, base64.b64encode(ciphertext).decode('utf8')
except Exception as e:
return WXBizMsgCrypt_EncryptAES_Error, None
def decrypt(self, text, appid):
"""对解密后的明文进行补位删除
@param text: 密文
@return: 删除填充补位后的明文
"""
try:
cryptor = AES.new(self.key, self.mode, self.key[:16])
# 使用BASE64对密文进行解码,然后AES-CBC解密
plain_text = cryptor.decrypt(base64.b64decode(text))
except Exception as e:
print(e)
return WXBizMsgCrypt_DecryptAES_Error, None
try:
# pad = ord(plain_text[-1])
pad = plain_text[-1]
# 去掉补位字符串
# pkcs7 = PKCS7Encoder()
# plain_text = pkcs7.encode(plain_text)
# 去除16位随机字符串
content = plain_text[16:-pad]
xml_len = socket.ntohl(struct.unpack("I", content[: 4])[0])
xml_content = content[4: xml_len + 4]
from_appid = content[xml_len + 4:]
except Exception as e:
return WXBizMsgCrypt_IllegalBuffer, None
if from_appid != appid:
return WXBizMsgCrypt_ValidateAppid_Error, None
return 0, xml_content.decode()
def get_random_str(self):
""" 随机生成16位字符串
@return: 16位字符串
"""
rule = string.ascii_letters + string.digits
str = random.sample(rule, 16)
return "".join(str).encode()
class WXBizMsgCrypt(object):
# 构造函数
# @param sToken: 公众平台上,开发者设置的Token
# @param sEncodingAESKey: 公众平台上,开发者设置的EncodingAESKey
# @param sAppId: 企业号的AppId
def __init__(self, sToken, sEncodingAESKey, sAppId):
try:
self.key = base64.b64decode(sEncodingAESKey + "=")
assert len(self.key) == 32
except Exception:
throw_exception("[error]: EncodingAESKey unvalid !", FormatException)
# return WXBizMsgCrypt_IllegalAesKey)
self.token = sToken.encode()
self.appid = sAppId.encode()
def EncryptMsg(self, sReplyMsg, sNonce, timestamp=None):
# 将公众号回复用户的消息加密打包
# @param sReplyMsg: 企业号待回复用户的消息,xml格式的字符串
# @param sTimeStamp: 时间戳,可以自己生成,也可以用URL参数的timestamp,如为None则自动用当前时间
# @param sNonce: 随机串,可以自己生成,也可以用URL参数的nonce
# sEncryptMsg: 加密后的可以直接回复用户的密文,包括msg_signature, timestamp, nonce, encrypt的xml格式的字符串,
# return:成功0,sEncryptMsg,失败返回对应的错误码None
pc = Prpcrypt(self.key)
ret, encrypt = pc.encrypt(sReplyMsg, self.appid)
if ret != 0:
return ret, None
if timestamp is None:
timestamp = str(int(time.time()))
# 生成安全签名
sha1 = SHA1()
ret, signature = sha1.getSHA1(self.token, timestamp, sNonce, encrypt)
if ret != 0:
return ret, None
xmlParse = XMLParse()
return ret, xmlParse.generate(encrypt, signature, timestamp, sNonce)
def DecryptMsg(self, sPostData, sMsgSignature, sTimeStamp, sNonce):
# 检验消息的真实性,并且获取解密后的明文
# @param sMsgSignature: 签名串,对应URL参数的msg_signature
# @param sTimeStamp: 时间戳,对应URL参数的timestamp
# @param sNonce: 随机串,对应URL参数的nonce
# @param sPostData: 密文,对应POST请求的数据
# xml_content: 解密后的原文,当return返回0时有效
# @return: 成功0,失败返回对应的错误码
# 验证安全签名
xmlParse = XMLParse()
ret, encrypt, touser_name = xmlParse.extract(sPostData)
if ret != 0:
return ret, None
sha1 = SHA1()
ret, signature = sha1.getSHA1(self.token, sTimeStamp, sNonce, encrypt)
if ret != 0:
return ret, None
if not signature == sMsgSignature:
return WXBizMsgCrypt_ValidateSignature_Error, None
pc = Prpcrypt(self.key)
ret, xml_content = pc.decrypt(encrypt, self.appid)
return ret, xml_content
网友评论