feat(tenpayv3): 新增从证书导出颁发时间与过期时间的工具方法

2025-12-29 18:04:42 +08:00 · 2021-12-02 14:50:24 +08:00
parent 3e9470af6b
commit 9423dd5642
3 changed files with 71 additions and 13 deletions
--- a/src/SKIT.FlurlHttpClient.Wechat.TenpayV3/Settings/CertificateEntry.cs
+++ b/src/SKIT.FlurlHttpClient.Wechat.TenpayV3/Settings/CertificateEntry.cs
@@ -35,16 +35,29 @@ namespace SKIT.FlurlHttpClient.Wechat.TenpayV3.Settings
            if (string.IsNullOrEmpty(serialNumber))
                throw new ArgumentException("The value of `serialNumber` can not be empty.", nameof(serialNumber));
            if (string.IsNullOrEmpty(certificate))
-                throw new ArgumentException("The value of `certificate` can not be empty.", nameof(serialNumber));
+                throw new ArgumentException("The value of `certificate` can not be empty.", nameof(certificate));
            if (!certificate.Trim().StartsWith("-----BEGIN CERTIFICATE-----") || !certificate.Trim().EndsWith("-----END CERTIFICATE-----"))
-                throw new ArgumentException("The value of `certificate` is an invalid certificate file content.", nameof(serialNumber));
+                throw new ArgumentException("The value of `certificate` is an invalid certificate file content.", nameof(certificate));

            SerialNumber = serialNumber;
            Certificate = certificate;
            EffectiveTime = effectiveTime;
            ExpireTime = expireTime;
        }
-    
+
+        public CertificateEntry(string certificate)
+        {
+            if (string.IsNullOrEmpty(certificate))
+                throw new ArgumentException("The value of `certificate` can not be empty.", nameof(certificate));
+            if (!certificate.Trim().StartsWith("-----BEGIN CERTIFICATE-----") || !certificate.Trim().EndsWith("-----END CERTIFICATE-----"))
+                throw new ArgumentException("The value of `certificate` is an invalid certificate file content.", nameof(certificate));
+
+            SerialNumber = Utilities.RSAUtility.ExportSerialNumber(certificate);
+            Certificate = certificate;
+            EffectiveTime = Utilities.RSAUtility.ExportEffectiveTime(certificate);
+            ExpireTime = Utilities.RSAUtility.ExportExpireTime(certificate);
+        }
+
        public CertificateEntry(Models.QueryCertificatesResponse.Types.Certificate cert)
            : this(cert.SerialNumber, cert.EncryptCertificate.CipherText, cert.EffectiveTime, cert.ExpireTime)
        { 
@@ -71,7 +84,7 @@ namespace SKIT.FlurlHttpClient.Wechat.TenpayV3.Settings

        public override int GetHashCode()
        {
-            return SerialNumber.GetHashCode();
+            return SerialNumber?.GetHashCode() ?? base.GetHashCode();
        }

        public static bool operator ==(CertificateEntry left, CertificateEntry right)
--- a/src/SKIT.FlurlHttpClient.Wechat.TenpayV3/Utilities/RSAUtility.cs
+++ b/src/SKIT.FlurlHttpClient.Wechat.TenpayV3/Utilities/RSAUtility.cs
@@ -1,6 +1,5 @@
 using System;
 using System.IO;
-using System.Security.Cryptography;
 using System.Text;
 using System.Text.RegularExpressions;
 using Org.BouncyCastle.Crypto;
@@ -222,7 +221,33 @@ namespace SKIT.FlurlHttpClient.Wechat.TenpayV3.Utilities
            if (certificate == null) throw new ArgumentNullException(nameof(certificate));

            X509Certificate cert = ParseX509Certificate(certificate);
-            return cert.CertificateStructure.SerialNumber.Value.ToString();
+            return cert.SerialNumber.ToString(16);
+        }
+
+        /// <summary>
+        /// <para>从 CRT/CER 证书中导出证书颁发时间。</para>
+        /// </summary>
+        /// <param name="certificate">证书（PEM 格式）。</param>
+        /// <returns>证书颁发时间。</returns>
+        public static DateTimeOffset ExportEffectiveTime(string certificate)
+        {
+            if (certificate == null) throw new ArgumentNullException(nameof(certificate));
+
+            X509Certificate cert = ParseX509Certificate(certificate);
+            return new DateTimeOffset(cert.NotBefore);
+        }
+
+        /// <summary>
+        /// <para>从 CRT/CER 证书中导出证书过期时间。</para>
+        /// </summary>
+        /// <param name="certificate">证书（PEM 格式）。</param>
+        /// <returns>证书过期时间。</returns>
+        public static DateTimeOffset ExportExpireTime(string certificate)
+        {
+            if (certificate == null) throw new ArgumentNullException(nameof(certificate));
+
+            X509Certificate cert = ParseX509Certificate(certificate);
+            return new DateTimeOffset(cert.NotAfter);
        }

        private static byte[] ConvertPkcs8PrivateKeyToByteArray(string privateKey)
@@ -243,12 +268,6 @@ namespace SKIT.FlurlHttpClient.Wechat.TenpayV3.Utilities
            return Convert.FromBase64String(publicKey);
        }

-        private static RsaKeyParameters ConvertCertificateToPublicKeyParams(string certificate)
-        {
-            X509Certificate cert = ParseX509Certificate(certificate);
-            return (RsaKeyParameters)cert.GetPublicKey();
-        }
-
        private static X509Certificate ParseX509Certificate(string certificate)
        {
            using (TextReader sreader = new StringReader(certificate))
@@ -258,6 +277,12 @@ namespace SKIT.FlurlHttpClient.Wechat.TenpayV3.Utilities
            }
        }

+        private static RsaKeyParameters ConvertCertificateToPublicKeyParams(string certificate)
+        {
+            X509Certificate cert = ParseX509Certificate(certificate);
+            return (RsaKeyParameters)cert.GetPublicKey();
+        }
+
        private static byte[] SignWithSHA256(RsaKeyParameters rsaKeyParams, byte[] plainBytes)
        {
            ISigner signer = SignerUtilities.GetSigner(RSA_SIGNER_ALG);