public async Task <SDKAtivator> ExecuteSDKAsync(IWechatPaySDK ativator, WechatOptions options)
{
var resp = new SDKAtivator
{
AppId = options.AppId,
TimeStamp = DateTimeOffset.Now.ToUnixTimeSeconds(),
NonceStr = Guid.NewGuid().ToString("N"),
Package = ativator.GetPackage()
};
string message = $"{resp.AppId}\n{resp.TimeStamp}\n{resp.NonceStr}\n{resp.Package}\n";
using (RSA rsa = options.Certificate.GetRSAPrivateKey())
{
byte[] data = Encoding.UTF8.GetBytes(message);
resp.PaySign = Convert.ToBase64String(rsa.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1));
}
return(await Task.FromResult(resp));
}
public async Task <T> ExecuteNofityAsync <T>(WechatPayHeader header, WechatNotificationPayload <T> notification, WechatOptions options) where T : WechatPayNotification
{
try
{
await ValidateSignAsync(header, JsonSerializer.Serialize(notification, notification.GetType()), options);
byte[] decryptRawContent;
switch (notification?.EncryptInfo.Algorithm)
{
case "AEAD_AES_256_GCM":
{
decryptRawContent = notification.EncryptInfo.Decrypt(options.APISecret);
}
break;
default:
throw new Exception("Unsupported Encrypt Algorithm!");
}
notification.WechatPayNotification = JsonSerializer.Deserialize <T>(decryptRawContent);
}
catch (Exception ex)
{
throw ex;
}
return(notification.WechatPayNotification);
}
/// <summary>
/// 获取平台证书
/// </summary>
/// <param name="serialNo"></param>
/// <param name="options"></param>
/// <returns></returns>
private async Task <X509Certificate2> GetPlatformCertificateAsync(string serialNo, WechatOptions options)
{
var certificate = PlateformCertificateManager.CertificateManager[serialNo];
if (certificate != null)
{
return(certificate);
}
var response = await ExecuteRequestAsync(new WechatPayPlatformCertificateRequest(), options);
if (response.Data.Equals(null) || response.Data.Length == 0)
{
throw new Exception("GET PLATFORM CERTIFICATE FAILED!");
}
foreach (var item in response.Data)
{
switch (item.EncryptInfo.Algorithm)
{
case "AEAD_AES_256_GCM":
{
PlateformCertificateManager.CertificateManager[serialNo] = new X509Certificate2(item.EncryptInfo.Decrypt(options.APISecret));
}
break;
default:
throw new Exception("Unsupported Encrypt Algorithm!");
}
}
return(PlateformCertificateManager.CertificateManager[serialNo]);
}
public async Task <T> ExecuteRequestAsync <T>(IWechatPayRequestSDK <T> request, WechatOptions options) where T : WechatPayRequestSDKResponse
{
using HttpClient client = new HttpClient();
var(headers, responseContent, sdkResponse) = await client.ExecuteResponseAsync(request, options);
if (request.ValidateResponse())
{
try
{
await ValidateSignAsync(headers, responseContent, options);
}
catch (Exception ex)
{
sdkResponse.Code = "400";
sdkResponse.Message = ex.Message;
}
}
return(sdkResponse);
}
/// <summary>
/// 验证应答签名
/// </summary>
/// <param name="header"></param>
/// <param name="responseContent"></param>
/// <param name="options"></param>
/// <returns></returns>
private async Task ValidateSignAsync(WechatPayHeader header, string responseContent, WechatOptions options)
{
if (string.IsNullOrWhiteSpace(header?.Nonce) || string.IsNullOrWhiteSpace(header.SerialNo) || string.IsNullOrWhiteSpace(header.Signature) || string.IsNullOrWhiteSpace(header.TimeStamp))
{
throw new ArgumentException();
}
var certificate = await GetPlatformCertificateAsync(header.SerialNo, options);
if (certificate == null)
{
throw new Exception("Can't Get PLATFORM CERTIFICATE");
}
string message = $"{header.TimeStamp}\n{header.Nonce}\n{responseContent}\n";
using var rsa = certificate.GetRSAPublicKey();
if (!rsa.VerifyData(Encoding.UTF8.GetBytes(message), Convert.FromBase64String(header.Signature), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1))
{
throw new Exception("Validate Sinature Failed!");
}
}
