DotNetCore.SKIT.FlurlHttpCl…/src/SKIT.FlurlHttpClient.Wechat.TenpayV3/Extensions/__Internal/WechatTenpayClientSigningExtensions.cs

using System;
using System.Threading;
using System.Threading.Tasks;

namespace SKIT.FlurlHttpClient.Wechat.TenpayV3
{
    using SKIT.FlurlHttpClient.Primitives;
    using SKIT.FlurlHttpClient.Wechat.TenpayV3.Constants;
    using SKIT.FlurlHttpClient.Wechat.TenpayV3.Settings;

    internal static class WechatTenpayClientSigningExtensions
    {
        public static ErroredResult VerifySignature(this WechatTenpayClient client, string strTimestamp, string strNonce, string strContent, string strSignature, string strSignScheme, string strSerialNumber)
        {
            if (client is null) throw new ArgumentNullException(nameof(client));

            CertificateEntry? entry = client.PlatformCertificateManager.GetEntry(strSerialNumber);
            if (!entry.HasValue)
            {
                return ErroredResult.Fail(new Exception($"The platform certificate manager does not contain a certificate with serial number \"{strSerialNumber}\"."));
            }

            return GenerateSignatureResultByCertificate(
                scheme: strSignScheme,
                certificate: entry.Value.Certificate,
                message: GenerateMessageForSignature(timestamp: strTimestamp, nonce: strNonce, body: strContent),
                signature: strSignature
            );
        }

        public static async Task<ErroredResult> VerifySignatureAsync(this WechatTenpayClient client, string strTimestamp, string strNonce, string strContent, string strSignature, string strSignScheme, string strSerialNumber, CancellationToken cancellationToken = default)
        {
            if (client is null) throw new ArgumentNullException(nameof(client));

            if (client.PlatformCertificateManager is not ICertificateManagerAsync)
            {
                // 降级为同步调用
                return VerifySignature(client, strTimestamp, strNonce, strContent, strSignature, strSignScheme, strSerialNumber);
            }

            CertificateEntry? entry = await ((ICertificateManagerAsync)client.PlatformCertificateManager).GetEntryAsync(strSerialNumber, cancellationToken).ConfigureAwait(false);
            if (!entry.HasValue)
            {
                return ErroredResult.Fail(new Exception($"The platform certificate manager does not contain a certificate with serial number \"{strSerialNumber}\"."));
            }

            return GenerateSignatureResultByCertificate(
                scheme: strSignScheme,
                certificate: entry.Value.Certificate,
                message: GenerateMessageForSignature(timestamp: strTimestamp, nonce: strNonce, body: strContent),
                signature: strSignature
            );
        }

        private static string GenerateMessageForSignature(string timestamp, string nonce, string body)
        {
            return $"{timestamp}\n{nonce}\n{body}\n";
        }

        private static ErroredResult GenerateSignatureResultByCertificate(string scheme, string certificate, string message, string signature)
        {
            ErroredResult result;

            switch (scheme)
            {
                case SignSchemes.WECHATPAY2_RSA_2048_WITH_SHA256:
                    {
                        try
                        {
                            bool valid = Utilities.RSAUtility.VerifyWithSHA256ByCertificate(
                                certificatePem: certificate,
                                messageData: message,
                                encodingSignature: new EncodedString(signature, EncodingKinds.Base64)
                            );
                            if (valid)
                                result = ErroredResult.Ok();
                            else
                                result = ErroredResult.Fail(new Exception($"Signature does not match. Maybe \"{signature}\" is an illegal signature."));
                        }
                        catch (Exception ex)
                        {
                            result = ErroredResult.Fail(ex);
                        }
                    }
                    break;

                case SignSchemes.WECHATPAY2_SM2_WITH_SM3:
                    {
                        try
                        {
                            bool valid = Utilities.SM2Utility.VerifyWithSM3ByCertificate(
                                certificatePem: certificate,
                                messageData: message,
                                encodingSignature: new EncodedString(signature, EncodingKinds.Base64)
                            );
                            if (valid)
                                result = ErroredResult.Ok();
                            else
                                result = ErroredResult.Fail(new Exception($"Signature does not match. Maybe \"{signature}\" is an illegal signature."));
                        }
                        catch (Exception ex)
                        {
                            result = ErroredResult.Fail(ex);
                        }
                    }
                    break;

                default:
                    {
                        result = ErroredResult.Fail(new Exception($"Unsupported signing scheme: \"{scheme}\"."));
                    }
                    break;
            }

            return result;
        }
    }
}
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00			`using System;`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`using System.Threading;`
			`using System.Threading.Tasks;`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00
			`namespace SKIT.FlurlHttpClient.Wechat.TenpayV3`
			`{`
refactor(tenpayv3): 优化加解密及哈希算法工具类 2024-02-05 10:53:59 +08:00			`using SKIT.FlurlHttpClient.Primitives;`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`using SKIT.FlurlHttpClient.Wechat.TenpayV3.Constants;`
feat(tenpayv3): 随官方更新商户进件结算账号相关接口模型 2023-03-30 21:40:48 +08:00			`using SKIT.FlurlHttpClient.Wechat.TenpayV3.Settings;`

feat(tenpayv3): 升级公共组件 2024-01-29 23:12:37 +08:00			`internal static class WechatTenpayClientSigningExtensions`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00			`{`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`public static ErroredResult VerifySignature(this WechatTenpayClient client, string strTimestamp, string strNonce, string strContent, string strSignature, string strSignScheme, string strSerialNumber)`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00			`{`
feat(tenpayv3): 升级公共组件 2024-01-29 23:12:37 +08:00			`if (client is null) throw new ArgumentNullException(nameof(client));`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`CertificateEntry? entry = client.PlatformCertificateManager.GetEntry(strSerialNumber);`
			`if (!entry.HasValue)`
			`{`
			`return ErroredResult.Fail(new Exception($"The platform certificate manager does not contain a certificate with serial number \"{strSerialNumber}\"."));`
			`}`

			`return GenerateSignatureResultByCertificate(`
			`scheme: strSignScheme,`
			`certificate: entry.Value.Certificate,`
			`message: GenerateMessageForSignature(timestamp: strTimestamp, nonce: strNonce, body: strContent),`
			`signature: strSignature`
			`);`
			`}`

			`public static async Task<ErroredResult> VerifySignatureAsync(this WechatTenpayClient client, string strTimestamp, string strNonce, string strContent, string strSignature, string strSignScheme, string strSerialNumber, CancellationToken cancellationToken = default)`
			`{`
			`if (client is null) throw new ArgumentNullException(nameof(client));`

			`if (client.PlatformCertificateManager is not ICertificateManagerAsync)`
			`{`
			`// 降级为同步调用`
			`return VerifySignature(client, strTimestamp, strNonce, strContent, strSignature, strSignScheme, strSerialNumber);`
			`}`

			`CertificateEntry? entry = await ((ICertificateManagerAsync)client.PlatformCertificateManager).GetEntryAsync(strSerialNumber, cancellationToken).ConfigureAwait(false);`
			`if (!entry.HasValue)`
			`{`
			`return ErroredResult.Fail(new Exception($"The platform certificate manager does not contain a certificate with serial number \"{strSerialNumber}\"."));`
			`}`

			`return GenerateSignatureResultByCertificate(`
			`scheme: strSignScheme,`
			`certificate: entry.Value.Certificate,`
			`message: GenerateMessageForSignature(timestamp: strTimestamp, nonce: strNonce, body: strContent),`
			`signature: strSignature`
			`);`
			`}`

			`private static string GenerateMessageForSignature(string timestamp, string nonce, string body)`
			`{`
			`return $"{timestamp}\n{nonce}\n{body}\n";`
			`}`

			`private static ErroredResult GenerateSignatureResultByCertificate(string scheme, string certificate, string message, string signature)`
			`{`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`ErroredResult result;`

feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`switch (scheme)`
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00			`{`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`case SignSchemes.WECHATPAY2_RSA_2048_WITH_SHA256:`
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00			`{`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`try`
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00			`{`
refactor: 在 .NET 5.0+ 目标框架下将 AES、RSA 算法工具类的部分实现使用标准库原生方式重写 2024-05-21 16:01:20 +08:00			`bool valid = Utilities.RSAUtility.VerifyWithSHA256ByCertificate(`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`certificatePem: certificate,`
			`messageData: message,`
			`encodingSignature: new EncodedString(signature, EncodingKinds.Base64)`
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00			`);`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`if (valid)`
			`result = ErroredResult.Ok();`
			`else`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`result = ErroredResult.Fail(new Exception($"Signature does not match. Maybe \"{signature}\" is an illegal signature."));`
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00			`}`
			`catch (Exception ex)`
			`{`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`result = ErroredResult.Fail(ex);`
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00			`}`
			`}`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`break;`
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`case SignSchemes.WECHATPAY2_SM2_WITH_SM3:`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00			`{`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`try`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00			`{`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`bool valid = Utilities.SM2Utility.VerifyWithSM3ByCertificate(`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`certificatePem: certificate,`
			`messageData: message,`
			`encodingSignature: new EncodedString(signature, EncodingKinds.Base64)`
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00			`);`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`if (valid)`
			`result = ErroredResult.Ok();`
			`else`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`result = ErroredResult.Fail(new Exception($"Signature does not match. Maybe \"{signature}\" is an illegal signature."));`
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00			`}`
			`catch (Exception ex)`
			`{`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`result = ErroredResult.Fail(ex);`
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00			`}`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00			`}`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`break;`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00
			`default:`
			`{`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`result = ErroredResult.Fail(new Exception($"Unsupported signing scheme: \"{scheme}\"."));`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00			`}`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`break;`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00			`}`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00
			`return result;`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00			`}`
			`}`
			`}`