mirror of
https://gitee.com/fudiwei/DotNetCore.SKIT.FlurlHttpClient.Wechat.git
synced 2025-09-21 02:58:06 +08:00
feat(tenpayv3): 适配国密接入模式
This commit is contained in:
Fu Diwei
@@ -1,70 +1,98 @@
|
||||
using System;
|
||||
using System;
|
||||
|
||||
namespace SKIT.FlurlHttpClient.Wechat.TenpayV3
|
||||
{
|
||||
internal static class WechatTenpayClientSignExtensions
|
||||
{
|
||||
public static bool VerifySignature(this WechatTenpayClient client, string strTimestamp, string strNonce, string strBody, string strSignature, string strSerialNumber)
|
||||
{
|
||||
return VerifySignature(client, strTimestamp, strNonce, strBody, strSignature, strSerialNumber, Constants.SignSchemes.WECHATPAY2_SHA256_RSA2048, out _);
|
||||
}
|
||||
|
||||
public static bool VerifySignature(this WechatTenpayClient client, string strTimestamp, string strNonce, string strBody, string strSignature, string strSerialNumber, string strSignScheme)
|
||||
{
|
||||
return VerifySignature(client, strTimestamp, strNonce, strBody, strSignature, strSerialNumber, strSignScheme, out _);
|
||||
}
|
||||
|
||||
public static bool VerifySignature(this WechatTenpayClient client, string strTimestamp, string strNonce, string strBody, string strSignature, string strSerialNumber, out Exception? error)
|
||||
{
|
||||
return VerifySignature(client, strTimestamp, strNonce, strBody, strSignature, strSerialNumber, Constants.SignSchemes.WECHATPAY2_SHA256_RSA2048, out error);
|
||||
}
|
||||
|
||||
public static bool VerifySignature(this WechatTenpayClient client, string strTimestamp, string strNonce, string strBody, string strSignature, string strSerialNumber, string strSignScheme, out Exception? error)
|
||||
public static bool VerifySignature(this WechatTenpayClient client, string strTimestamp, string strNonce, string strContent, string strSignature, string strSignatureScheme, string strSerialNumber, out Exception? error)
|
||||
{
|
||||
if (client == null) throw new ArgumentNullException(nameof(client));
|
||||
|
||||
switch (strSignScheme)
|
||||
switch (strSignatureScheme)
|
||||
{
|
||||
case Constants.SignSchemes.WECHATPAY2_SHA256_RSA2048:
|
||||
case Constants.SignSchemes.WECHATPAY2_RSA_2048_WITH_SHA256:
|
||||
{
|
||||
if (client.PlatformCertificateManager != null)
|
||||
if (client.PlatformCertificateManager == null)
|
||||
{
|
||||
try
|
||||
{
|
||||
var cert = client.PlatformCertificateManager.GetEntry(strSerialNumber);
|
||||
if (!cert.HasValue)
|
||||
{
|
||||
error = new Exceptions.WechatTenpayEventVerificationException("There is no platform certificate matched the serial number.");
|
||||
return false;
|
||||
}
|
||||
|
||||
error = null;
|
||||
return Utilities.RSAUtility.VerifyWithSHA256ByCertificate(
|
||||
certificate: cert.Value.Certificate,
|
||||
plainText: GetPlainTextForSignature(timestamp: strTimestamp, nonce: strNonce, body: strBody),
|
||||
signature: strSignature
|
||||
);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
error = ex;
|
||||
return false;
|
||||
}
|
||||
error = new Exception("The platform certificate manager is not initialized.");
|
||||
return false;
|
||||
}
|
||||
|
||||
error = new Exception("There is no platform certificate in the certificate manager.");
|
||||
return false;
|
||||
var entry = client.PlatformCertificateManager.GetEntry(strSerialNumber);
|
||||
if (!entry.HasValue)
|
||||
{
|
||||
error = new Exception($"There is no platform certificate matched the serial number: \"{strSerialNumber}\", please make sure you have downloaded platform certificates first.");
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!Settings.CertificateEntry.ALGORITHM_TYPE_RSA.Equals(entry.Value.AlgorithmType))
|
||||
{
|
||||
error = new Exception($"The platform certificate with serial number: \"{strSerialNumber}\" is not for RSA.");
|
||||
return false;
|
||||
}
|
||||
|
||||
error = null;
|
||||
try
|
||||
{
|
||||
return Utilities.RSAUtility.VerifyWithSHA256ByCertificate(
|
||||
certificate: entry.Value.Certificate,
|
||||
message: GenerateMessageForSignature(timestamp: strTimestamp, nonce: strNonce, body: strContent),
|
||||
signature: strSignature
|
||||
);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
error = ex;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
case Constants.SignSchemes.WECHATPAY2_SM2_WITH_SM3:
|
||||
{
|
||||
if (client.PlatformCertificateManager == null)
|
||||
{
|
||||
error = new Exception("The platform certificate manager is not initialized.");
|
||||
return false;
|
||||
}
|
||||
|
||||
var entry = client.PlatformCertificateManager.GetEntry(strSerialNumber);
|
||||
if (!entry.HasValue)
|
||||
{
|
||||
error = new Exception($"There is no platform certificate matched the serial number: \"{strSerialNumber}\", please make sure you have downloaded platform certificates first.");
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!Settings.CertificateEntry.ALGORITHM_TYPE_SM2.Equals(entry.Value.AlgorithmType))
|
||||
{
|
||||
error = new Exception($"The platform certificate with serial number: \"{strSerialNumber}\" is not for SM2.");
|
||||
return false;
|
||||
}
|
||||
|
||||
error = null;
|
||||
try
|
||||
{
|
||||
return Utilities.SM2Utility.VerifyWithSM3ByCertificate(
|
||||
certificate: entry.Value.Certificate,
|
||||
message: GenerateMessageForSignature(timestamp: strTimestamp, nonce: strNonce, body: strContent),
|
||||
signature: strSignature
|
||||
);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
error = ex;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
default:
|
||||
{
|
||||
error = new Exception("Unsupported sign scheme.");
|
||||
error = new Exception($"Unsupported signature scheme: \"{strSignatureScheme}\".");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private static string GetPlainTextForSignature(string timestamp, string nonce, string body)
|
||||
private static string GenerateMessageForSignature(string timestamp, string nonce, string body)
|
||||
{
|
||||
return $"{timestamp}\n{nonce}\n{body}\n";
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user