using System;
using System.Text;
namespace SKIT.FlurlHttpClient.Wechat.TenpayV3
{
///
/// 为 提供回调通知事件签名验证的扩展方法。
///
public static class WechatTenpayClientEventVerificationExtensions
{
///
/// 验证回调通知事件签名。
/// REF: https://pay.weixin.qq.com/wiki/doc/apiv3/wechatpay/wechatpay4_1.shtml
/// REF: https://pay.weixin.qq.com/wiki/doc/apiv3_partner/wechatpay/wechatpay4_1.shtml
///
///
/// 微信回调通知中的 Wechatpay-Timestamp 字段。
/// 微信回调通知中的 Wechatpay-Nonce 字段。
/// 微信回调通知中请求正文。
/// 微信回调通知中的 Wechatpay-Signature 字段。
/// 微信回调通知中的 Wechatpay-Serial 字段。
///
public static bool VerifyEventSignature(
this WechatTenpayClient client,
string callbackTimestamp,
string callbackNonce,
string callbackBody,
string callbackSignature,
string callbackSerialNumber)
{
return VerifyEventSignature(client, callbackTimestamp, callbackNonce, callbackBody, callbackSignature, callbackSerialNumber, out _);
}
///
/// 验证回调通知事件签名。
/// REF: https://pay.weixin.qq.com/wiki/doc/apiv3/wechatpay/wechatpay4_1.shtml
/// REF: https://pay.weixin.qq.com/wiki/doc/apiv3_partner/wechatpay/wechatpay4_1.shtml
///
///
/// 微信回调通知中的 Wechatpay-Timestamp 字段。
/// 微信回调通知中的 Wechatpay-Nonce 字段。
/// 微信回调通知中请求正文。
/// 微信回调通知中的 Wechatpay-Signature 字段。
/// 微信回调通知中的 Wechatpay-Serial 字段。
///
///
///
public static bool VerifyEventSignature(
this WechatTenpayClient client,
string callbackTimestamp,
string callbackNonce,
string callbackBody,
string callbackSignature,
string callbackSerialNumber,
out Exception? error)
{
if (client == null) throw new ArgumentNullException(nameof(client));
if (callbackTimestamp == null) throw new ArgumentNullException(nameof(callbackTimestamp));
if (callbackNonce == null) throw new ArgumentNullException(nameof(callbackNonce));
if (callbackBody == null) throw new ArgumentNullException(nameof(callbackBody));
if (callbackSignature == null) throw new ArgumentNullException(nameof(callbackSignature));
if (callbackSerialNumber == null) throw new ArgumentNullException(nameof(callbackSerialNumber));
if (client.CertificateManager != null)
{
try
{
var cert = client.CertificateManager.GetEntry(callbackSerialNumber);
if (!cert.HasValue)
{
error = new Exceptions.WechatTenpayEventVerificationException("Verify signature of event failed, because there is no platform certificate matched the serial number.");
return false;
}
error = null;
return Utilities.RSAUtility.VerifyWithSHA256ByCertificate(
certificate: cert.Value.Certificate,
plainText: GetPlainTextForSignature(timestamp: callbackTimestamp, nonce: callbackNonce, body: callbackBody),
signature: callbackSignature
);
}
catch (Exception ex)
{
error = new Exceptions.WechatTenpayEventVerificationException("Verify signature of event failed. Please see the `InnerException` for more details.", ex);
return false;
}
}
error = new Exceptions.WechatTenpayEventVerificationException("Verify signature of event failed, because there is no platform certificate in the manager.");
return false;
}
private static string GetPlainTextForSignature(string timestamp, string nonce, string body)
{
return $"{timestamp}\n{nonce}\n{body}\n";
}
}
}