DotNetCore.SKIT.FlurlHttpCl…/src/SKIT.FlurlHttpClient.Wechat.TenpayV3/Extensions/__Internal/WechatTenpayClientSigningExtensions.cs

using System;
using System.Threading;
using System.Threading.Tasks;

namespace SKIT.FlurlHttpClient.Wechat.TenpayV3
{
    using SKIT.FlurlHttpClient.Primitives;
    using SKIT.FlurlHttpClient.Wechat.TenpayV3.Constants;
    using SKIT.FlurlHttpClient.Wechat.TenpayV3.Settings;

    internal static class WechatTenpayClientSigningExtensions
    {
        public static ErroredResult VerifySignature(this WechatTenpayClient client, string strTimestamp, string strNonce, string strContent, string strSignature, string strSignScheme, string strSerialNumber)
        {
            if (client is null) throw new ArgumentNullException(nameof(client));

            switch (client.PlatformAuthScheme)
            {
                case PlatformAuthScheme.Certificate:
                    {
                        CertificateEntry? entry = client.PlatformCertificateManager.GetEntry(strSerialNumber);
                        if (!entry.HasValue)
                        {
                            return ErroredResult.Fail(new Exception($"The platform certificate manager does not contain a certificate matched the serial number \"{strSerialNumber}\"."));
                        }

                        return GenerateSignatureResultByCertificate(
                            scheme: strSignScheme,
                            certificate: entry.Value.Certificate,
                            message: GenerateMessageForSignature(timestamp: strTimestamp, nonce: strNonce, body: strContent),
                            signature: strSignature
                        );
                    }

                case PlatformAuthScheme.PublicKey:
                    {
                        PublicKeyEntry? entry = client.PlatformPublicKeyManager.GetEntry(strSerialNumber);
                        if (!entry.HasValue)
                        {
                            return ErroredResult.Fail(new Exception($"The platform public key manager does not contain a key matched the serial number \"{strSerialNumber}\"."));
                        }

                        return GenerateSignatureResultByPublicKey(
                            scheme: strSignScheme,
                            publicKey: entry.Value.PublicKey,
                            message: GenerateMessageForSignature(timestamp: strTimestamp, nonce: strNonce, body: strContent),
                            signature: strSignature
                        );
                    }

                default:
                    return ErroredResult.Fail(new Exception($"Unsupported platform auth scheme: \"{client.PlatformAuthScheme}\"."));
            }
        }

        public static async Task<ErroredResult> VerifySignatureAsync(this WechatTenpayClient client, string strTimestamp, string strNonce, string strContent, string strSignature, string strSignScheme, string strSerialNumber, CancellationToken cancellationToken = default)
        {
            if (client is null) throw new ArgumentNullException(nameof(client));

            switch (client.PlatformAuthScheme)
            {
                case PlatformAuthScheme.Certificate:
                    {
                        if (client.PlatformCertificateManager is not ICertificateManagerAsync)
                        {
                            // 降级为同步调用
                            return VerifySignature(client, strTimestamp, strNonce, strContent, strSignature, strSignScheme, strSerialNumber);
                        }

                        CertificateEntry? entry = await ((ICertificateManagerAsync)client.PlatformCertificateManager).GetEntryAsync(strSerialNumber, cancellationToken).ConfigureAwait(false);
                        if (!entry.HasValue)
                        {
                            return ErroredResult.Fail(new Exception($"The platform certificate manager does not contain a certificate matched the serial number \"{strSerialNumber}\"."));
                        }

                        return GenerateSignatureResultByCertificate(
                            scheme: strSignScheme,
                            certificate: entry.Value.Certificate,
                            message: GenerateMessageForSignature(timestamp: strTimestamp, nonce: strNonce, body: strContent),
                            signature: strSignature
                        );
                    }

                case PlatformAuthScheme.PublicKey:
                    {
                        if (client.PlatformCertificateManager is not IPublicKeyManagerAsync)
                        {
                            // 降级为同步调用
                            return VerifySignature(client, strTimestamp, strNonce, strContent, strSignature, strSignScheme, strSerialNumber);
                        }

                        PublicKeyEntry? entry = await ((IPublicKeyManagerAsync)client.PlatformPublicKeyManager).GetEntryAsync(strSerialNumber, cancellationToken).ConfigureAwait(false);
                        if (!entry.HasValue)
                        {
                            return ErroredResult.Fail(new Exception($"The platform public key manager does not contain a key matched the serial number \"{strSerialNumber}\"."));
                        }

                        return GenerateSignatureResultByPublicKey(
                            scheme: strSignScheme,
                            publicKey: entry.Value.PublicKey,
                            message: GenerateMessageForSignature(timestamp: strTimestamp, nonce: strNonce, body: strContent),
                            signature: strSignature
                        );
                    }

                default:
                    return ErroredResult.Fail(new Exception($"Unsupported platform auth scheme: \"{client.PlatformAuthScheme}\"."));
            }
        }

        private static string GenerateMessageForSignature(string timestamp, string nonce, string body)
        {
            return $"{timestamp}\n{nonce}\n{body}\n";
        }

        private static ErroredResult GenerateSignatureResultByCertificate(string scheme, string certificate, string message, string signature)
        {
            string publicKey = string.Empty;

            switch (scheme)
            {
                case SignSchemes.WECHATPAY2_RSA_2048_WITH_SHA256:
                    {
                        try
                        {
                            publicKey = Utilities.RSAUtility.ExportPublicKeyFromCertificate(certificate);
                        }
                        catch (Exception ex)
                        {
                            return ErroredResult.Fail(ex);
                        }
                    }
                    break;

                case SignSchemes.WECHATPAY2_SM2_WITH_SM3:
                    {
                        try
                        {
                            publicKey = Utilities.SM2Utility.ExportPublicKeyFromCertificate(certificate);
                        }
                        catch (Exception ex)
                        {
                            return ErroredResult.Fail(ex);
                        }
                    }
                    break;
            }

            return GenerateSignatureResultByPublicKey(scheme, publicKey, message, signature);
        }

        private static ErroredResult GenerateSignatureResultByPublicKey(string scheme, string publicKey, string message, string signature)
        {
            ErroredResult result;

            switch (scheme)
            {
                case SignSchemes.WECHATPAY2_RSA_2048_WITH_SHA256:
                    {
                        try
                        {
                            bool valid = Utilities.RSAUtility.VerifyWithSHA256(
                                publicKeyPem: publicKey,
                                messageData: message,
                                encodingSignature: new EncodedString(signature, EncodingKinds.Base64)
                            );
                            if (valid)
                                result = ErroredResult.Ok();
                            else
                                result = ErroredResult.Fail(new Exception($"Signature does not match. Maybe \"{signature}\" is an illegal signature."));
                        }
                        catch (Exception ex)
                        {
                            result = ErroredResult.Fail(ex);
                        }
                    }
                    break;

                case SignSchemes.WECHATPAY2_SM2_WITH_SM3:
                    {
                        try
                        {
                            bool valid = Utilities.SM2Utility.VerifyWithSM3(
                                publicKeyPem: publicKey,
                                messageData: message,
                                encodingSignature: new EncodedString(signature, EncodingKinds.Base64)
                            );
                            if (valid)
                                result = ErroredResult.Ok();
                            else
                                result = ErroredResult.Fail(new Exception($"Signature does not match. Maybe \"{signature}\" is an illegal signature."));
                        }
                        catch (Exception ex)
                        {
                            result = ErroredResult.Fail(ex);
                        }
                    }
                    break;

                default:
                    {
                        result = ErroredResult.Fail(new Exception($"Unsupported signing scheme: \"{scheme}\"."));
                    }
                    break;
            }

            return result;
        }
    }
}
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00			`using System;`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`using System.Threading;`
			`using System.Threading.Tasks;`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00
			`namespace SKIT.FlurlHttpClient.Wechat.TenpayV3`
			`{`
refactor(tenpayv3): 优化加解密及哈希算法工具类 2024-02-05 10:53:59 +08:00			`using SKIT.FlurlHttpClient.Primitives;`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`using SKIT.FlurlHttpClient.Wechat.TenpayV3.Constants;`
feat(tenpayv3): 随官方更新商户进件结算账号相关接口模型 2023-03-30 21:40:48 +08:00			`using SKIT.FlurlHttpClient.Wechat.TenpayV3.Settings;`

feat(tenpayv3): 升级公共组件 2024-01-29 23:12:37 +08:00			`internal static class WechatTenpayClientSigningExtensions`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00			`{`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`public static ErroredResult VerifySignature(this WechatTenpayClient client, string strTimestamp, string strNonce, string strContent, string strSignature, string strSignScheme, string strSerialNumber)`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00			`{`
feat(tenpayv3): 升级公共组件 2024-01-29 23:12:37 +08:00			`if (client is null) throw new ArgumentNullException(nameof(client));`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00
feat(tenpayv3): 适配微信支付平台公钥认证方案 2024-11-05 21:19:50 +08:00			`switch (client.PlatformAuthScheme)`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`{`
feat(tenpayv3): 适配微信支付平台公钥认证方案 2024-11-05 21:19:50 +08:00			`case PlatformAuthScheme.Certificate:`
			`{`
			`CertificateEntry? entry = client.PlatformCertificateManager.GetEntry(strSerialNumber);`
			`if (!entry.HasValue)`
			`{`
			`return ErroredResult.Fail(new Exception($"The platform certificate manager does not contain a certificate matched the serial number \"{strSerialNumber}\"."));`
			`}`

			`return GenerateSignatureResultByCertificate(`
			`scheme: strSignScheme,`
			`certificate: entry.Value.Certificate,`
			`message: GenerateMessageForSignature(timestamp: strTimestamp, nonce: strNonce, body: strContent),`
			`signature: strSignature`
			`);`
			`}`

			`case PlatformAuthScheme.PublicKey:`
			`{`
			`PublicKeyEntry? entry = client.PlatformPublicKeyManager.GetEntry(strSerialNumber);`
			`if (!entry.HasValue)`
			`{`
			`return ErroredResult.Fail(new Exception($"The platform public key manager does not contain a key matched the serial number \"{strSerialNumber}\"."));`
			`}`

			`return GenerateSignatureResultByPublicKey(`
			`scheme: strSignScheme,`
			`publicKey: entry.Value.PublicKey,`
			`message: GenerateMessageForSignature(timestamp: strTimestamp, nonce: strNonce, body: strContent),`
			`signature: strSignature`
			`);`
			`}`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00
feat(tenpayv3): 适配微信支付平台公钥认证方案 2024-11-05 21:19:50 +08:00			`default:`
			`return ErroredResult.Fail(new Exception($"Unsupported platform auth scheme: \"{client.PlatformAuthScheme}\"."));`
			`}`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`}`

			`public static async Task<ErroredResult> VerifySignatureAsync(this WechatTenpayClient client, string strTimestamp, string strNonce, string strContent, string strSignature, string strSignScheme, string strSerialNumber, CancellationToken cancellationToken = default)`
			`{`
			`if (client is null) throw new ArgumentNullException(nameof(client));`

feat(tenpayv3): 适配微信支付平台公钥认证方案 2024-11-05 21:19:50 +08:00			`switch (client.PlatformAuthScheme)`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`{`
feat(tenpayv3): 适配微信支付平台公钥认证方案 2024-11-05 21:19:50 +08:00			`case PlatformAuthScheme.Certificate:`
			`{`
			`if (client.PlatformCertificateManager is not ICertificateManagerAsync)`
			`{`
			`// 降级为同步调用`
			`return VerifySignature(client, strTimestamp, strNonce, strContent, strSignature, strSignScheme, strSerialNumber);`
			`}`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00
feat(tenpayv3): 适配微信支付平台公钥认证方案 2024-11-05 21:19:50 +08:00			`CertificateEntry? entry = await ((ICertificateManagerAsync)client.PlatformCertificateManager).GetEntryAsync(strSerialNumber, cancellationToken).ConfigureAwait(false);`
			`if (!entry.HasValue)`
			`{`
			`return ErroredResult.Fail(new Exception($"The platform certificate manager does not contain a certificate matched the serial number \"{strSerialNumber}\"."));`
			`}`

			`return GenerateSignatureResultByCertificate(`
			`scheme: strSignScheme,`
			`certificate: entry.Value.Certificate,`
			`message: GenerateMessageForSignature(timestamp: strTimestamp, nonce: strNonce, body: strContent),`
			`signature: strSignature`
			`);`
			`}`

			`case PlatformAuthScheme.PublicKey:`
			`{`
			`if (client.PlatformCertificateManager is not IPublicKeyManagerAsync)`
			`{`
			`// 降级为同步调用`
			`return VerifySignature(client, strTimestamp, strNonce, strContent, strSignature, strSignScheme, strSerialNumber);`
			`}`

			`PublicKeyEntry? entry = await ((IPublicKeyManagerAsync)client.PlatformPublicKeyManager).GetEntryAsync(strSerialNumber, cancellationToken).ConfigureAwait(false);`
			`if (!entry.HasValue)`
			`{`
			`return ErroredResult.Fail(new Exception($"The platform public key manager does not contain a key matched the serial number \"{strSerialNumber}\"."));`
			`}`

			`return GenerateSignatureResultByPublicKey(`
			`scheme: strSignScheme,`
			`publicKey: entry.Value.PublicKey,`
			`message: GenerateMessageForSignature(timestamp: strTimestamp, nonce: strNonce, body: strContent),`
			`signature: strSignature`
			`);`
			`}`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00
feat(tenpayv3): 适配微信支付平台公钥认证方案 2024-11-05 21:19:50 +08:00			`default:`
			`return ErroredResult.Fail(new Exception($"Unsupported platform auth scheme: \"{client.PlatformAuthScheme}\"."));`
			`}`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`}`

			`private static string GenerateMessageForSignature(string timestamp, string nonce, string body)`
			`{`
			`return $"{timestamp}\n{nonce}\n{body}\n";`
			`}`

			`private static ErroredResult GenerateSignatureResultByCertificate(string scheme, string certificate, string message, string signature)`
feat(tenpayv3): 适配微信支付平台公钥认证方案 2024-11-05 21:19:50 +08:00			`{`
			`string publicKey = string.Empty;`

			`switch (scheme)`
			`{`
			`case SignSchemes.WECHATPAY2_RSA_2048_WITH_SHA256:`
			`{`
			`try`
			`{`
			`publicKey = Utilities.RSAUtility.ExportPublicKeyFromCertificate(certificate);`
			`}`
			`catch (Exception ex)`
			`{`
			`return ErroredResult.Fail(ex);`
			`}`
			`}`
			`break;`

			`case SignSchemes.WECHATPAY2_SM2_WITH_SM3:`
			`{`
			`try`
			`{`
			`publicKey = Utilities.SM2Utility.ExportPublicKeyFromCertificate(certificate);`
			`}`
			`catch (Exception ex)`
			`{`
			`return ErroredResult.Fail(ex);`
			`}`
			`}`
			`break;`
			`}`

			`return GenerateSignatureResultByPublicKey(scheme, publicKey, message, signature);`
			`}`

			`private static ErroredResult GenerateSignatureResultByPublicKey(string scheme, string publicKey, string message, string signature)`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`{`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`ErroredResult result;`

feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`switch (scheme)`
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00			`{`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`case SignSchemes.WECHATPAY2_RSA_2048_WITH_SHA256:`
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00			`{`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`try`
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00			`{`
feat(tenpayv3): 适配微信支付平台公钥认证方案 2024-11-05 21:19:50 +08:00			`bool valid = Utilities.RSAUtility.VerifyWithSHA256(`
			`publicKeyPem: publicKey,`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`messageData: message,`
			`encodingSignature: new EncodedString(signature, EncodingKinds.Base64)`
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00			`);`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`if (valid)`
			`result = ErroredResult.Ok();`
			`else`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`result = ErroredResult.Fail(new Exception($"Signature does not match. Maybe \"{signature}\" is an illegal signature."));`
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00			`}`
			`catch (Exception ex)`
			`{`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`result = ErroredResult.Fail(ex);`
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00			`}`
			`}`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`break;`
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`case SignSchemes.WECHATPAY2_SM2_WITH_SM3:`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00			`{`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`try`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00			`{`
feat(tenpayv3): 适配微信支付平台公钥认证方案 2024-11-05 21:19:50 +08:00			`bool valid = Utilities.SM2Utility.VerifyWithSM3(`
			`publicKeyPem: publicKey,`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`messageData: message,`
			`encodingSignature: new EncodedString(signature, EncodingKinds.Base64)`
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00			`);`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`if (valid)`
			`result = ErroredResult.Ok();`
			`else`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`result = ErroredResult.Fail(new Exception($"Signature does not match. Maybe \"{signature}\" is an illegal signature."));`
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00			`}`
			`catch (Exception ex)`
			`{`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`result = ErroredResult.Fail(ex);`
feat(tenpayv3): 适配国密接入模式 2022-11-13 23:17:18 +08:00			`}`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00			`}`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`break;`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00
			`default:`
			`{`
feat(work): 异步的消息加解密密钥管理器feat(tenpayv3): 异步的平台证书管理器 2024-02-06 11:23:04 +08:00			`result = ErroredResult.Fail(new Exception($"Unsupported signing scheme: \"{scheme}\"."));`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00			`}`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00			`break;`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00			`}`
feat(tenpayv3): 基于 ErroredResult 改造验签相关扩展方法 2024-02-05 15:58:42 +08:00
			`return result;`
feat(tenpaybusiness): 导入项目 2022-05-09 19:28:47 +08:00			`}`
			`}`
			`}`