2021-05-10 15:30:00 +08:00
|
|
|
|
using System;
|
2021-12-03 16:27:13 +08:00
|
|
|
|
using System.Linq;
|
2021-11-25 18:05:22 +08:00
|
|
|
|
using System.Reflection;
|
2021-05-10 15:30:00 +08:00
|
|
|
|
|
|
|
|
|
|
namespace SKIT.FlurlHttpClient.Wechat.TenpayV3
|
|
|
|
|
|
{
|
|
|
|
|
|
/// <summary>
|
2021-11-25 18:42:54 +08:00
|
|
|
|
/// 为 <see cref="WechatTenpayClient"/> 提供响应模型敏感数据解密的扩展方法。
|
2021-05-10 15:30:00 +08:00
|
|
|
|
/// </summary>
|
|
|
|
|
|
public static class WechatTenpayClientResponseDecryptionExtensions
|
|
|
|
|
|
{
|
|
|
|
|
|
/// <summary>
|
2021-11-25 18:42:54 +08:00
|
|
|
|
/// <para>解密响应中返回的敏感数据。该方法会改变传入的响应模型对象。</para>
|
2021-05-10 15:30:00 +08:00
|
|
|
|
/// </summary>
|
|
|
|
|
|
/// <param name="client"></param>
|
|
|
|
|
|
/// <param name="response"></param>
|
|
|
|
|
|
/// <returns></returns>
|
2021-11-25 18:05:22 +08:00
|
|
|
|
public static TResponse DecryptResponseSensitiveProperty<TResponse>(this WechatTenpayClient client, TResponse response)
|
|
|
|
|
|
where TResponse : WechatTenpayResponse
|
2021-05-10 15:30:00 +08:00
|
|
|
|
{
|
|
|
|
|
|
if (client == null) throw new ArgumentNullException(nameof(client));
|
|
|
|
|
|
if (response == null) throw new ArgumentNullException(nameof(response));
|
|
|
|
|
|
|
|
|
|
|
|
if (!response.IsSuccessful())
|
2021-07-30 20:08:23 +08:00
|
|
|
|
throw new Exceptions.WechatTenpayResponseDecryptionException("Decrypt response failed, because the response is not successful.");
|
2021-05-10 15:30:00 +08:00
|
|
|
|
|
2021-11-25 18:05:22 +08:00
|
|
|
|
try
|
2021-05-10 15:30:00 +08:00
|
|
|
|
{
|
2021-11-25 18:05:22 +08:00
|
|
|
|
// [GET] /certificates 接口的响应模型需特殊处理
|
|
|
|
|
|
if (response is Models.QueryCertificatesResponse queryCertificatesResponse)
|
2021-05-10 15:30:00 +08:00
|
|
|
|
{
|
2021-11-25 18:05:22 +08:00
|
|
|
|
if (queryCertificatesResponse.CertificateList == null)
|
|
|
|
|
|
return response;
|
2021-05-10 15:30:00 +08:00
|
|
|
|
|
2021-11-25 18:05:22 +08:00
|
|
|
|
foreach (var certificateModel in queryCertificatesResponse.CertificateList)
|
2021-05-10 15:30:00 +08:00
|
|
|
|
{
|
2021-11-25 18:05:22 +08:00
|
|
|
|
if (Constants.EncryptionAlgorithms.AEAD_AES_256_GCM.Equals(certificateModel.EncryptCertificate?.Algorithm))
|
2021-05-10 15:30:00 +08:00
|
|
|
|
{
|
2021-11-25 18:42:54 +08:00
|
|
|
|
if (string.IsNullOrEmpty(client.Credentials.MerchantCertPrivateKey))
|
|
|
|
|
|
throw new Exceptions.WechatTenpayResponseDecryptionException("Decrypt response failed, because there is no merchant private key.");
|
|
|
|
|
|
|
2021-06-07 00:28:00 +08:00
|
|
|
|
certificateModel.EncryptCertificate.CipherText = Utilities.AESUtility.DecryptWithGCM(
|
2021-07-27 00:50:03 +08:00
|
|
|
|
key: client.Credentials.MerchantV3Secret,
|
2021-06-07 00:28:00 +08:00
|
|
|
|
iv: certificateModel.EncryptCertificate.Nonce,
|
|
|
|
|
|
aad: certificateModel.EncryptCertificate.AssociatedData,
|
2021-05-10 15:30:00 +08:00
|
|
|
|
cipherText: certificateModel.EncryptCertificate.CipherText
|
|
|
|
|
|
);
|
|
|
|
|
|
}
|
2021-11-25 18:05:22 +08:00
|
|
|
|
else
|
2021-05-10 15:30:00 +08:00
|
|
|
|
{
|
2021-11-25 18:05:22 +08:00
|
|
|
|
throw new Exceptions.WechatTenpayResponseDecryptionException("Unsupported decryption algorithm.");
|
2021-05-10 15:30:00 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-11-25 18:05:22 +08:00
|
|
|
|
return response;
|
2021-05-10 15:30:00 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-12-03 16:27:13 +08:00
|
|
|
|
bool requireDecrypt = response.GetType().GetCustomAttributes<WechatTenpaySensitiveAttribute>(inherit: true).Any();
|
|
|
|
|
|
if (requireDecrypt)
|
2021-05-10 15:30:00 +08:00
|
|
|
|
{
|
2021-12-03 16:27:13 +08:00
|
|
|
|
// 遍历并解密被标记为敏感数据的字段
|
2021-12-03 16:53:00 +08:00
|
|
|
|
Utilities.ReflectionUtility.ReplacePropertyStringValue(ref response, (target, currentProp, oldValue) =>
|
2021-05-10 15:30:00 +08:00
|
|
|
|
{
|
2021-12-03 16:53:00 +08:00
|
|
|
|
var attr = currentProp.GetCustomAttribute<WechatTenpaySensitivePropertyAttribute>();
|
2021-12-03 16:27:13 +08:00
|
|
|
|
if (attr == null)
|
2021-12-03 16:53:00 +08:00
|
|
|
|
return (false, oldValue);
|
2021-12-03 16:27:13 +08:00
|
|
|
|
|
|
|
|
|
|
if (Constants.EncryptionAlgorithms.RSA_2048_PKCS8_ECB.Equals(attr.Algorithm))
|
|
|
|
|
|
{
|
2021-12-03 16:53:00 +08:00
|
|
|
|
string newValue = Utilities.RSAUtility.DecryptWithECB(
|
2021-12-03 16:27:13 +08:00
|
|
|
|
privateKey: client.Credentials.MerchantCertPrivateKey,
|
2021-12-03 16:53:00 +08:00
|
|
|
|
cipherText: oldValue
|
2021-12-03 16:27:13 +08:00
|
|
|
|
);
|
2021-12-03 16:53:00 +08:00
|
|
|
|
return (true, newValue);
|
2021-12-03 16:27:13 +08:00
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new Exceptions.WechatTenpayResponseDecryptionException("Unsupported decryption algorithm.");
|
|
|
|
|
|
}
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
2021-07-19 22:05:59 +08:00
|
|
|
|
}
|
2021-11-25 18:05:22 +08:00
|
|
|
|
catch (Exception ex) when (!(ex is Exceptions.WechatTenpayResponseDecryptionException))
|
2021-07-19 21:02:25 +08:00
|
|
|
|
{
|
2021-11-25 18:05:22 +08:00
|
|
|
|
throw new Exceptions.WechatTenpayResponseDecryptionException("Decrypt response failed. Please see the `InnerException` for more details.", ex);
|
2021-07-19 21:02:25 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return response;
|
|
|
|
|
|
}
|
2021-05-10 15:30:00 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
