public async Task <T> ExecuteNofityAsync <T>(WechatPayHeader header, WechatNotificationPayload <T> notification, WechatOptions options) where T : WechatPayNotification
{
try
{
await ValidateSignAsync(header, JsonSerializer.Serialize(notification, notification.GetType()), options);
byte[] decryptRawContent;
switch (notification?.EncryptInfo.Algorithm)
{
case "AEAD_AES_256_GCM":
{
decryptRawContent = notification.EncryptInfo.Decrypt(options.APISecret);
}
break;
default:
throw new Exception("Unsupported Encrypt Algorithm!");
}
notification.WechatPayNotification = JsonSerializer.Deserialize <T>(decryptRawContent);
}
catch (Exception ex)
{
throw ex;
}
return(notification.WechatPayNotification);
}
/// <summary>
/// 验证应答签名
/// </summary>
/// <param name="header"></param>
/// <param name="responseContent"></param>
/// <param name="options"></param>
/// <returns></returns>
private async Task ValidateSignAsync(WechatPayHeader header, string responseContent, WechatOptions options)
{
if (string.IsNullOrWhiteSpace(header?.Nonce) || string.IsNullOrWhiteSpace(header.SerialNo) || string.IsNullOrWhiteSpace(header.Signature) || string.IsNullOrWhiteSpace(header.TimeStamp))
{
throw new ArgumentException();
}
var certificate = await GetPlatformCertificateAsync(header.SerialNo, options);
if (certificate == null)
{
throw new Exception("Can't Get PLATFORM CERTIFICATE");
}
string message = $"{header.TimeStamp}\n{header.Nonce}\n{responseContent}\n";
using var rsa = certificate.GetRSAPublicKey();
if (!rsa.VerifyData(Encoding.UTF8.GetBytes(message), Convert.FromBase64String(header.Signature), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1))
{
throw new Exception("Validate Sinature Failed!");
}
}
