2022-11-13 23:17:18 +08:00
using System ;
2022-05-09 19:28:47 +08:00
namespace SKIT.FlurlHttpClient.Wechat.TenpayV3
{
internal static class WechatTenpayClientSignExtensions
{
2022-11-13 23:17:18 +08:00
public static bool VerifySignature ( this WechatTenpayClient client , string strTimestamp , string strNonce , string strContent , string strSignature , string strSignatureScheme , string strSerialNumber , out Exception ? error )
2022-05-09 19:28:47 +08:00
{
2022-11-13 23:17:18 +08:00
if ( client = = null ) throw new ArgumentNullException ( nameof ( client ) ) ;
2022-05-09 19:28:47 +08:00
2022-11-13 23:17:18 +08:00
switch ( strSignatureScheme )
{
case Constants . SignSchemes . WECHATPAY2_RSA_2048_WITH_SHA256 :
{
if ( client . PlatformCertificateManager = = null )
{
error = new Exception ( "The platform certificate manager is not initialized." ) ;
return false ;
}
2022-05-09 19:28:47 +08:00
2022-11-13 23:17:18 +08:00
var entry = client . PlatformCertificateManager . GetEntry ( strSerialNumber ) ;
if ( ! entry . HasValue )
{
2023-03-22 21:49:33 +08:00
error = new Exception ( $"There is no platform certificate matched the serial number: \" { strSerialNumber } \ ". Please make sure you have downloaded platform certificates first." ) ;
2022-11-13 23:17:18 +08:00
return false ;
}
2022-05-09 19:28:47 +08:00
2022-11-13 23:17:18 +08:00
if ( ! Settings . CertificateEntry . ALGORITHM_TYPE_RSA . Equals ( entry . Value . AlgorithmType ) )
{
error = new Exception ( $"The platform certificate with serial number: \" { strSerialNumber } \ " is not for RSA." ) ;
return false ;
}
2022-05-09 19:28:47 +08:00
2022-11-13 23:17:18 +08:00
error = null ;
try
{
return Utilities . RSAUtility . VerifyWithSHA256ByCertificate (
certificate : entry . Value . Certificate ,
message : GenerateMessageForSignature ( timestamp : strTimestamp , nonce : strNonce , body : strContent ) ,
signature : strSignature
) ;
}
catch ( Exception ex )
{
error = ex ;
return false ;
}
}
case Constants . SignSchemes . WECHATPAY2_SM2_WITH_SM3 :
2022-05-09 19:28:47 +08:00
{
2022-11-13 23:17:18 +08:00
if ( client . PlatformCertificateManager = = null )
{
error = new Exception ( "The platform certificate manager is not initialized." ) ;
return false ;
}
var entry = client . PlatformCertificateManager . GetEntry ( strSerialNumber ) ;
if ( ! entry . HasValue )
2022-05-09 19:28:47 +08:00
{
2023-03-22 21:49:33 +08:00
error = new Exception ( $"There is no platform certificate matched the serial number: \" { strSerialNumber } \ ". Please make sure you have downloaded platform certificates first." ) ;
2022-11-13 23:17:18 +08:00
return false ;
}
2022-05-09 19:28:47 +08:00
2022-11-13 23:17:18 +08:00
if ( ! Settings . CertificateEntry . ALGORITHM_TYPE_SM2 . Equals ( entry . Value . AlgorithmType ) )
{
error = new Exception ( $"The platform certificate with serial number: \" { strSerialNumber } \ " is not for SM2." ) ;
return false ;
2022-05-09 19:28:47 +08:00
}
2022-11-13 23:17:18 +08:00
error = null ;
try
{
return Utilities . SM2Utility . VerifyWithSM3ByCertificate (
certificate : entry . Value . Certificate ,
message : GenerateMessageForSignature ( timestamp : strTimestamp , nonce : strNonce , body : strContent ) ,
signature : strSignature
) ;
}
catch ( Exception ex )
{
error = ex ;
return false ;
}
2022-05-09 19:28:47 +08:00
}
default :
{
2022-11-13 23:17:18 +08:00
error = new Exception ( $"Unsupported signature scheme: \" { strSignatureScheme } \ "." ) ;
2022-05-09 19:28:47 +08:00
return false ;
}
}
}
2022-11-13 23:17:18 +08:00
private static string GenerateMessageForSignature ( string timestamp , string nonce , string body )
2022-05-09 19:28:47 +08:00
{
return $"{timestamp}\n{nonce}\n{body}\n" ;
}
}
}
