public async Task <T> ExecuteNofityAsync <T>(WechatPayHeader header, WechatNotificationPayload <T> notification, WechatOptions options) where T : WechatPayNotification { try { await ValidateSignAsync(header, JsonSerializer.Serialize(notification, notification.GetType()), options); byte[] decryptRawContent; switch (notification?.EncryptInfo.Algorithm) { case "AEAD_AES_256_GCM": { decryptRawContent = notification.EncryptInfo.Decrypt(options.APISecret); } break; default: throw new Exception("Unsupported Encrypt Algorithm!"); } notification.WechatPayNotification = JsonSerializer.Deserialize <T>(decryptRawContent); } catch (Exception ex) { throw ex; } return(notification.WechatPayNotification); }
/// <summary> /// 验证应答签名 /// </summary> /// <param name="header"></param> /// <param name="responseContent"></param> /// <param name="options"></param> /// <returns></returns> private async Task ValidateSignAsync(WechatPayHeader header, string responseContent, WechatOptions options) { if (string.IsNullOrWhiteSpace(header?.Nonce) || string.IsNullOrWhiteSpace(header.SerialNo) || string.IsNullOrWhiteSpace(header.Signature) || string.IsNullOrWhiteSpace(header.TimeStamp)) { throw new ArgumentException(); } var certificate = await GetPlatformCertificateAsync(header.SerialNo, options); if (certificate == null) { throw new Exception("Can't Get PLATFORM CERTIFICATE"); } string message = $"{header.TimeStamp}\n{header.Nonce}\n{responseContent}\n"; using var rsa = certificate.GetRSAPublicKey(); if (!rsa.VerifyData(Encoding.UTF8.GetBytes(message), Convert.FromBase64String(header.Signature), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)) { throw new Exception("Validate Sinature Failed!"); } }