private async Task <string> LoadAlipayPublicKeyAsync(CertItem certItem, AlipayOptions options) { //为空时添加默认支付宝公钥证书密钥 if (_certificateManager.IsEmpty) { _certificateManager.TryAdd(options.AlipayPublicCertSN, options.AlipayPublicCertKey); } //如果响应的支付宝公钥证书序号已经缓存过,则直接使用缓存的公钥 if (_certificateManager.TryGet(certItem.CertSN, out var publicKey)) { return(publicKey); } //否则重新下载新的支付宝公钥证书并更新缓存 var request = new AlipayOpenAppAlipaycertDownloadRequest { BizContent = "{\"alipay_cert_sn\":\"" + certItem.CertSN + "\"}" }; var response = await CertificateExecuteAsync(request, options); if (response.IsError) { throw new AlipayException("支付宝公钥证书校验失败,请确认是否为支付宝签发的有效公钥证书"); } var alipayCertBase64 = response.AlipayCertContent; var alipayCertBytes = Convert.FromBase64String(alipayCertBase64); var alipayCertContent = Encoding.UTF8.GetString(alipayCertBytes); if (!AntCertificationUtil.IsTrusted(alipayCertContent, options.RootCert)) { throw new AlipayException("支付宝公钥证书校验失败,请确认是否为支付宝签发的有效公钥证书"); } var alipayCert = AntCertificationUtil.ParseCert(alipayCertContent); var alipayCertSN = AntCertificationUtil.GetCertSN(alipayCert); var newAlipayPublicKey = AntCertificationUtil.ExtractPemPublicKeyFromCert(alipayCert); _certificateManager.TryAdd(alipayCertSN, newAlipayPublicKey); return(newAlipayPublicKey); }
private async Task <string> LoadAlipayPublicKeyAsync(CertItem certItem, AlipayOptions options) { // 为空时添加本地支付宝公钥证书密钥 if (_publicKeyManager.IsEmpty) { _publicKeyManager.TryAdd(options.AlipayPublicCertSN, options.AlipayPublicKey); } // 如果响应的支付宝公钥证书序号已经缓存过,则直接使用缓存的公钥 if (_publicKeyManager.TryGetValue(certItem.CertSN, out var publicKey)) { return(publicKey); } // 否则重新下载新的支付宝公钥证书并更新缓存 var model = new AlipayOpenAppAlipaycertDownloadModel { AlipayCertSn = certItem.CertSN }; var req = new AlipayOpenAppAlipaycertDownloadRequest(); req.SetBizModel(model); var response = await CertificateExecuteAsync(req, options); if (response.IsError) { throw new AlipayException("支付宝公钥证书校验失败,请确认是否为支付宝签发的有效公钥证书"); } if (!AlipayCertUtil.IsTrusted(response.AlipayCertContent, options.AlipayRootCert)) { throw new AlipayException("支付宝公钥证书校验失败,请确认是否为支付宝签发的有效公钥证书"); } var alipayCert = AlipayCertUtil.Parse(response.AlipayCertContent); var alipayCertSN = AlipayCertUtil.GetCertSN(alipayCert); var alipayCertPublicKey = AlipayCertUtil.GetCertPublicKey(alipayCert); _publicKeyManager.TryAdd(alipayCertSN, alipayCertPublicKey); return(alipayCertPublicKey); }
private String LoadAlipayPublicKey(CertItem certItem) { //如果响应的支付宝公钥证书序号已经缓存过,则直接使用缓存的公钥 if (certEnvironment.ContainsAlipayPublicKey(certItem.CertSN)) { return(certEnvironment.GetAlipayPublicKey(certItem.CertSN)); } //否则重新下载新的支付宝公钥证书并更新缓存 AlipayOpenAppAlipaycertDownloadRequest request = new AlipayOpenAppAlipaycertDownloadRequest { BizContent = "{\"alipay_cert_sn\":\"" + certItem.CertSN + "\"}" }; AlipayOpenAppAlipaycertDownloadResponse response = CertificateExecute(request); if (response.IsError) { throw new AopException("支付宝公钥证书校验失败,请确认是否为支付宝签发的有效公钥证书"); } string alipayCertBase64 = response.AlipayCertContent; byte[] alipayCertBytes = Convert.FromBase64String(alipayCertBase64); string alipayCertContent = Encoding.UTF8.GetString(alipayCertBytes); if (!AntCertificationUtil.IsTrusted(alipayCertContent, certEnvironment.RootCertContent)) { throw new AopException("支付宝公钥证书校验失败,请确认是否为支付宝签发的有效公钥证书"); } X509Certificate alipayCert = AntCertificationUtil.ParseCert(alipayCertContent); String alipayCertSN = AntCertificationUtil.GetCertSN(alipayCert); string newAlipayPublicKey = AntCertificationUtil.ExtractPemPublicKeyFromCert(alipayCert); certEnvironment.AddNewAlipayPublicKey(alipayCertSN, newAlipayPublicKey); return(newAlipayPublicKey); }
private void CheckResponseCertSign <T>(IAopRequest <T> request, string responseBody, bool isError, IAopParser <T> parser) where T : AopResponse { if (request.GetApiName().Equals("alipay.open.app.alipaycert.download")) { return; } CertItem certItem = parser.GetCertItem(request, responseBody); if (certItem == null) { throw new AopException("sign check fail: Body is Empty!"); } if (!isError || (isError && !string.IsNullOrEmpty(certItem.Sign))) { String currentAlipayPublicKey = LoadAlipayPublicKey(certItem); bool rsaCheckContent = AlipaySignature.RSACheckContent(certItem.SignSourceDate, certItem.Sign, currentAlipayPublicKey, charset, signType, false); if (!rsaCheckContent) { if (!string.IsNullOrEmpty(certItem.SignSourceDate) && certItem.SignSourceDate.Contains("\\/")) { string sourceData = certItem.SignSourceDate.Replace("\\/", "/"); bool jsonCheck = AlipaySignature.RSACheckContent(sourceData, certItem.Sign, currentAlipayPublicKey, charset, signType, false); if (!jsonCheck) { throw new AopException("sign check fail: check Sign and Data Fail JSON also"); } } else { throw new AopException("sign check fail: check Sign and Data Fail!"); } } } }