2022-11-13 23:17:18 +08:00
|
|
|
using System;
|
2022-05-09 19:28:47 +08:00
|
|
|
|
|
|
|
|
namespace SKIT.FlurlHttpClient.Wechat.TenpayV3
|
|
|
|
|
{
|
2024-02-05 10:53:59 +08:00
|
|
|
using SKIT.FlurlHttpClient.Primitives;
|
2023-03-30 21:40:48 +08:00
|
|
|
using SKIT.FlurlHttpClient.Wechat.TenpayV3.Settings;
|
|
|
|
|
|
2024-01-29 23:12:37 +08:00
|
|
|
internal static class WechatTenpayClientSigningExtensions
|
2022-05-09 19:28:47 +08:00
|
|
|
{
|
2024-01-29 23:12:37 +08:00
|
|
|
public static bool VerifySignature(this WechatTenpayClient client, string strTimestamp, string strNonce, string strContent, string strSignature, string strSignScheme, string strSerialNumber, out Exception? error)
|
2022-05-09 19:28:47 +08:00
|
|
|
{
|
2024-01-29 23:12:37 +08:00
|
|
|
if (client is null) throw new ArgumentNullException(nameof(client));
|
2022-05-09 19:28:47 +08:00
|
|
|
|
2024-01-29 23:12:37 +08:00
|
|
|
switch (strSignScheme)
|
2022-11-13 23:17:18 +08:00
|
|
|
{
|
|
|
|
|
case Constants.SignSchemes.WECHATPAY2_RSA_2048_WITH_SHA256:
|
|
|
|
|
{
|
2024-01-29 23:12:37 +08:00
|
|
|
if (client.PlatformCertificateManager is null)
|
2022-11-13 23:17:18 +08:00
|
|
|
{
|
|
|
|
|
error = new Exception("The platform certificate manager is not initialized.");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2022-05-09 19:28:47 +08:00
|
|
|
|
2023-03-30 21:40:48 +08:00
|
|
|
CertificateEntry? entry = client.PlatformCertificateManager.GetEntry(strSerialNumber);
|
2022-11-13 23:17:18 +08:00
|
|
|
if (!entry.HasValue)
|
|
|
|
|
{
|
2024-01-29 23:12:37 +08:00
|
|
|
error = new Exception($"The platform certificate manager does not contain a certificate with serial number \"{strSerialNumber}\".");
|
2022-11-13 23:17:18 +08:00
|
|
|
return false;
|
|
|
|
|
}
|
2022-05-09 19:28:47 +08:00
|
|
|
|
2023-03-30 21:40:48 +08:00
|
|
|
if (!CertificateEntry.ALGORITHM_TYPE_RSA.Equals(entry.Value.AlgorithmType))
|
2022-11-13 23:17:18 +08:00
|
|
|
{
|
2024-01-29 23:12:37 +08:00
|
|
|
error = new Exception($"The platform certificate with serial number \"{strSerialNumber}\" is not for RSA.");
|
2022-11-13 23:17:18 +08:00
|
|
|
return false;
|
|
|
|
|
}
|
2022-05-09 19:28:47 +08:00
|
|
|
|
2022-11-13 23:17:18 +08:00
|
|
|
error = null;
|
|
|
|
|
try
|
|
|
|
|
{
|
2024-02-05 10:53:59 +08:00
|
|
|
return Utilities.RSAUtility.VerifyByCertificate(
|
|
|
|
|
certificatePem: entry.Value.Certificate,
|
2022-11-13 23:17:18 +08:00
|
|
|
message: GenerateMessageForSignature(timestamp: strTimestamp, nonce: strNonce, body: strContent),
|
2024-02-05 10:53:59 +08:00
|
|
|
encodingSignature: new EncodedString(strSignature, EncodingKinds.Base64)
|
2022-11-13 23:17:18 +08:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
catch (Exception ex)
|
|
|
|
|
{
|
|
|
|
|
error = ex;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
case Constants.SignSchemes.WECHATPAY2_SM2_WITH_SM3:
|
2022-05-09 19:28:47 +08:00
|
|
|
{
|
2024-01-29 23:12:37 +08:00
|
|
|
if (client.PlatformCertificateManager is null)
|
2022-11-13 23:17:18 +08:00
|
|
|
{
|
|
|
|
|
error = new Exception("The platform certificate manager is not initialized.");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-30 21:40:48 +08:00
|
|
|
CertificateEntry? entry = client.PlatformCertificateManager.GetEntry(strSerialNumber);
|
2022-11-13 23:17:18 +08:00
|
|
|
if (!entry.HasValue)
|
2022-05-09 19:28:47 +08:00
|
|
|
{
|
2024-01-29 23:12:37 +08:00
|
|
|
error = new Exception($"The platform certificate manager does not contain a certificate with serial number \"{strSerialNumber}\".");
|
2022-11-13 23:17:18 +08:00
|
|
|
return false;
|
|
|
|
|
}
|
2022-05-09 19:28:47 +08:00
|
|
|
|
2023-03-30 21:40:48 +08:00
|
|
|
if (!CertificateEntry.ALGORITHM_TYPE_SM2.Equals(entry.Value.AlgorithmType))
|
2022-11-13 23:17:18 +08:00
|
|
|
{
|
2024-01-29 23:12:37 +08:00
|
|
|
error = new Exception($"The platform certificate with serial number \"{strSerialNumber}\" is not for SM2.");
|
2022-11-13 23:17:18 +08:00
|
|
|
return false;
|
2022-05-09 19:28:47 +08:00
|
|
|
}
|
|
|
|
|
|
2022-11-13 23:17:18 +08:00
|
|
|
error = null;
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
return Utilities.SM2Utility.VerifyWithSM3ByCertificate(
|
2024-02-05 10:53:59 +08:00
|
|
|
certificatePem: entry.Value.Certificate,
|
2022-11-13 23:17:18 +08:00
|
|
|
message: GenerateMessageForSignature(timestamp: strTimestamp, nonce: strNonce, body: strContent),
|
2024-02-05 10:53:59 +08:00
|
|
|
encodingSignature: new EncodedString(strSignature, EncodingKinds.Base64)
|
2022-11-13 23:17:18 +08:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
catch (Exception ex)
|
|
|
|
|
{
|
|
|
|
|
error = ex;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2022-05-09 19:28:47 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
{
|
2024-01-29 23:12:37 +08:00
|
|
|
error = new Exception($"Unsupported signing scheme: \"{strSignScheme}\".");
|
2022-05-09 19:28:47 +08:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-13 23:17:18 +08:00
|
|
|
private static string GenerateMessageForSignature(string timestamp, string nonce, string body)
|
2022-05-09 19:28:47 +08:00
|
|
|
{
|
|
|
|
|
return $"{timestamp}\n{nonce}\n{body}\n";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
