private async Task <string> LoadAlipayPublicKeyAsync(CertItem certItem, AlipayOptions options)
{
//为空时添加默认支付宝公钥证书密钥
if (_certificateManager.IsEmpty)
{
_certificateManager.TryAdd(options.AlipayPublicCertSN, options.AlipayPublicCertKey);
}
//如果响应的支付宝公钥证书序号已经缓存过,则直接使用缓存的公钥
if (_certificateManager.TryGet(certItem.CertSN, out var publicKey))
{
return(publicKey);
}
//否则重新下载新的支付宝公钥证书并更新缓存
var request = new AlipayOpenAppAlipaycertDownloadRequest
{
BizContent = "{\"alipay_cert_sn\":\"" + certItem.CertSN + "\"}"
};
var response = await CertificateExecuteAsync(request, options);
if (response.IsError)
{
throw new AlipayException("支付宝公钥证书校验失败,请确认是否为支付宝签发的有效公钥证书");
}
var alipayCertBase64 = response.AlipayCertContent;
var alipayCertBytes = Convert.FromBase64String(alipayCertBase64);
var alipayCertContent = Encoding.UTF8.GetString(alipayCertBytes);
if (!AntCertificationUtil.IsTrusted(alipayCertContent, options.RootCert))
{
throw new AlipayException("支付宝公钥证书校验失败,请确认是否为支付宝签发的有效公钥证书");
}
var alipayCert = AntCertificationUtil.ParseCert(alipayCertContent);
var alipayCertSN = AntCertificationUtil.GetCertSN(alipayCert);
var newAlipayPublicKey = AntCertificationUtil.ExtractPemPublicKeyFromCert(alipayCert);
_certificateManager.TryAdd(alipayCertSN, newAlipayPublicKey);
return(newAlipayPublicKey);
}
private async Task <string> LoadAlipayPublicKeyAsync(CertItem certItem, AlipayOptions options)
{
// 为空时添加本地支付宝公钥证书密钥
if (_publicKeyManager.IsEmpty)
{
_publicKeyManager.TryAdd(options.AlipayPublicCertSN, options.AlipayPublicKey);
}
// 如果响应的支付宝公钥证书序号已经缓存过,则直接使用缓存的公钥
if (_publicKeyManager.TryGetValue(certItem.CertSN, out var publicKey))
{
return(publicKey);
}
// 否则重新下载新的支付宝公钥证书并更新缓存
var model = new AlipayOpenAppAlipaycertDownloadModel
{
AlipayCertSn = certItem.CertSN
};
var req = new AlipayOpenAppAlipaycertDownloadRequest();
req.SetBizModel(model);
var response = await CertificateExecuteAsync(req, options);
if (response.IsError)
{
throw new AlipayException("支付宝公钥证书校验失败,请确认是否为支付宝签发的有效公钥证书");
}
if (!AlipayCertUtil.IsTrusted(response.AlipayCertContent, options.AlipayRootCert))
{
throw new AlipayException("支付宝公钥证书校验失败,请确认是否为支付宝签发的有效公钥证书");
}
var alipayCert = AlipayCertUtil.Parse(response.AlipayCertContent);
var alipayCertSN = AlipayCertUtil.GetCertSN(alipayCert);
var alipayCertPublicKey = AlipayCertUtil.GetCertPublicKey(alipayCert);
_publicKeyManager.TryAdd(alipayCertSN, alipayCertPublicKey);
return(alipayCertPublicKey);
}
private String LoadAlipayPublicKey(CertItem certItem)
{
//如果响应的支付宝公钥证书序号已经缓存过,则直接使用缓存的公钥
if (certEnvironment.ContainsAlipayPublicKey(certItem.CertSN))
{
return(certEnvironment.GetAlipayPublicKey(certItem.CertSN));
}
//否则重新下载新的支付宝公钥证书并更新缓存
AlipayOpenAppAlipaycertDownloadRequest request = new AlipayOpenAppAlipaycertDownloadRequest
{
BizContent = "{\"alipay_cert_sn\":\"" + certItem.CertSN + "\"}"
};
AlipayOpenAppAlipaycertDownloadResponse response = CertificateExecute(request);
if (response.IsError)
{
throw new AopException("支付宝公钥证书校验失败,请确认是否为支付宝签发的有效公钥证书");
}
string alipayCertBase64 = response.AlipayCertContent;
byte[] alipayCertBytes = Convert.FromBase64String(alipayCertBase64);
string alipayCertContent = Encoding.UTF8.GetString(alipayCertBytes);
if (!AntCertificationUtil.IsTrusted(alipayCertContent, certEnvironment.RootCertContent))
{
throw new AopException("支付宝公钥证书校验失败,请确认是否为支付宝签发的有效公钥证书");
}
X509Certificate alipayCert = AntCertificationUtil.ParseCert(alipayCertContent);
String alipayCertSN = AntCertificationUtil.GetCertSN(alipayCert);
string newAlipayPublicKey = AntCertificationUtil.ExtractPemPublicKeyFromCert(alipayCert);
certEnvironment.AddNewAlipayPublicKey(alipayCertSN, newAlipayPublicKey);
return(newAlipayPublicKey);
}
private void CheckResponseCertSign <T>(IAopRequest <T> request, string responseBody, bool isError, IAopParser <T> parser) where T : AopResponse
{
if (request.GetApiName().Equals("alipay.open.app.alipaycert.download"))
{
return;
}
CertItem certItem = parser.GetCertItem(request, responseBody);
if (certItem == null)
{
throw new AopException("sign check fail: Body is Empty!");
}
if (!isError || (isError && !string.IsNullOrEmpty(certItem.Sign)))
{
String currentAlipayPublicKey = LoadAlipayPublicKey(certItem);
bool rsaCheckContent = AlipaySignature.RSACheckContent(certItem.SignSourceDate, certItem.Sign, currentAlipayPublicKey, charset, signType, false);
if (!rsaCheckContent)
{
if (!string.IsNullOrEmpty(certItem.SignSourceDate) && certItem.SignSourceDate.Contains("\\/"))
{
string sourceData = certItem.SignSourceDate.Replace("\\/", "/");
bool jsonCheck = AlipaySignature.RSACheckContent(sourceData, certItem.Sign, currentAlipayPublicKey, charset, signType, false);
if (!jsonCheck)
{
throw new AopException("sign check fail: check Sign and Data Fail JSON also");
}
}
else
{
throw new AopException("sign check fail: check Sign and Data Fail!");
}
}
}
}
