From 401042c4f1a08ea604c63a7edc6c30f27aea340e Mon Sep 17 00:00:00 2001
From: Anyon <zoujingli@qq.com>
Date: Tue, 25 Dec 2018 10:15:33 +0800
Subject: [PATCH] =?UTF-8?q?[=E6=9B=B4=E6=96=B0]=E5=A2=9E=E5=8A=A0RSA?=
 =?UTF-8?q?=E7=AD=BE=E5=90=8D=E6=94=AF=E6=8C=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 WeChat/Contracts/BasicAliPay.php | 18 ++++++++++++++----
 _test/alipay.php                 |  2 ++
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/WeChat/Contracts/BasicAliPay.php b/WeChat/Contracts/BasicAliPay.php
index cce79b9..878b696 100644
--- a/WeChat/Contracts/BasicAliPay.php
+++ b/WeChat/Contracts/BasicAliPay.php
@@ -74,7 +74,7 @@ abstract class BasicAliPay
             'charset'   => empty($options['charset']) ? 'utf-8' : $options['charset'],
             'format'    => 'JSON',
             'version'   => '1.0',
-            'sign_type' => 'RSA2',
+            'sign_type' => empty($options['sign_type']) ? 'RSA2' : $options['sign_type'],
             'timestamp' => date('Y-m-d H:i:s'),
         ]);
         if (isset($options['notify_url']) && $options['notify_url'] !== '') {
@@ -162,8 +162,14 @@ abstract class BasicAliPay
     {
         $content = wordwrap($this->config->get('public_key'), 64, "\n", true);
         $res = "-----BEGIN PUBLIC KEY-----\n{$content}\n-----END PUBLIC KEY-----";
-        if (openssl_verify(json_encode($data, 256), base64_decode($sign), $res, OPENSSL_ALGO_SHA256) !== 1) {
-            throw new InvalidResponseException('Data signature verification failed.');
+        if ($this->options->get('sign_type') === 'RSA2') {
+            if (openssl_verify(json_encode($data, 256), base64_decode($sign), $res, OPENSSL_ALGO_SHA256) !== 1) {
+                throw new InvalidResponseException('Data signature verification failed.');
+            }
+        } else {
+            if (openssl_verify(json_encode($data, 256), base64_decode($sign), $res, OPENSSL_ALGO_SHA1) !== 1) {
+                throw new InvalidResponseException('Data signature verification failed.');
+            }
         }
         return $data;
     }
@@ -176,7 +182,11 @@ abstract class BasicAliPay
     {
         $content = wordwrap($this->config->get('private_key'), 64, "\n", true);
         $string = "-----BEGIN RSA PRIVATE KEY-----\n{$content}\n-----END RSA PRIVATE KEY-----";
-        openssl_sign($this->getSignContent($this->options->get(), true), $sign, $string, OPENSSL_ALGO_SHA256);
+        if ($this->options->get('sign_type') === 'RSA2') {
+            openssl_sign($this->getSignContent($this->options->get(), true), $sign, $string, OPENSSL_ALGO_SHA256);
+        } else {
+            openssl_sign($this->getSignContent($this->options->get(), true), $sign, $string, OPENSSL_ALGO_SHA1);
+        }
         return base64_encode($sign);
     }
 
diff --git a/_test/alipay.php b/_test/alipay.php
index 818498f..25a7379 100644
--- a/_test/alipay.php
+++ b/_test/alipay.php
@@ -15,6 +15,8 @@
 return [
     // 沙箱模式
     'debug'       => true,
+    // 签名类型（RSA|RSA2）
+    'sign_type'   => "RSA2",
     // 应用ID
     'appid'       => '2016090900468879',
     // 支付宝公钥(1行填写，特别注意，这里是支付宝公钥，不是应用公钥，最好从开发者中心的网页上去复制)