public async Task <WeChatPayPlatformCertificate> GetCertificateAsync(IWeChatPayClient client, WeChatPayOptions options)
{
// 如果证书序列号已缓存,则直接使用缓存的
var platformCert = _certDictionary.Values.Where(cert => cert.EffectiveTime <DateTime.Now && cert.ExpireTime> DateTime.Now).FirstOrDefault();
if (platformCert != null)
{
return(platformCert);
}
// 否则重新下载新的平台证书
var request = new WeChatPayCertificatesRequest();
var response = await client.ExecuteAsync(request, options);
foreach (var certificate in response.Certificates)
{
// 若证书序列号未被缓存,解密证书并加入缓存
if (!_certDictionary.ContainsKey(certificate.SerialNo))
{
switch (certificate.EncryptCertificate.Algorithm)
{
case nameof(AEAD_AES_256_GCM):
{
var certStr = AEAD_AES_256_GCM.Decrypt(certificate.EncryptCertificate.Nonce, certificate.EncryptCertificate.Ciphertext, certificate.EncryptCertificate.AssociatedData, options.V3Key);
var cert = new WeChatPayPlatformCertificate
{
SerialNo = certificate.SerialNo,
EffectiveTime = DateTime.Parse(certificate.EffectiveTime),
ExpireTime = DateTime.Parse(certificate.ExpireTime),
Certificate = new X509Certificate2(Encoding.ASCII.GetBytes(certStr))
};
_certDictionary.TryAdd(certificate.SerialNo, cert);
}
break;
default:
throw new WeChatPayException($"Unknown algorithm: {certificate.EncryptCertificate.Algorithm}");
}
}
}
// 重新从缓存获取
platformCert = _certDictionary.Values.Where(cert => cert.EffectiveTime <DateTime.Now && cert.ExpireTime> DateTime.Now).FirstOrDefault();
if (platformCert != null)
{
return(platformCert);
}
else
{
throw new WeChatPayException("Download certificates failed!");
}
}
/// <summary>
/// 将加密报文解密并反序列化
/// https://pay.weixin.qq.com/wiki/doc/apiv3/wechatpay/wechatpay4_2.shtml
/// </summary>
public T Parse(string body, string v3key)
{
T result = null;
var notifyCiphertext = default(NotifyCiphertext);
var resourcePlaintext = string.Empty;
try
{
if (body.StartsWith("{") && body.EndsWith("}"))
{
notifyCiphertext = JsonSerializer.Deserialize <NotifyCiphertext>(body, jsonSerializerOptions);
}
}
catch { }
switch (notifyCiphertext.Resource.Algorithm)
{
case nameof(AEAD_AES_256_GCM):
{
resourcePlaintext = AEAD_AES_256_GCM.Decrypt(notifyCiphertext.Resource.Nonce, notifyCiphertext.Resource.Ciphertext, notifyCiphertext.Resource.AssociatedData, v3key);
}
break;
default:
throw new WeChatPayException("Unknown algorithm!");
}
try
{
result = JsonSerializer.Deserialize <T>(resourcePlaintext, jsonSerializerOptions);
}
catch { }
if (result == null)
{
result = Activator.CreateInstance <T>();
}
result.Body = body;
result.NotifyCiphertext = notifyCiphertext;
result.ResourcePlaintext = resourcePlaintext;
return(result);
}
private async Task <X509Certificate2> LoadPlatformCertificateAsync(string serial, WeChatPayOptions options)
{
// 如果证书序列号已缓存,则直接使用缓存的
if (_platformCertificateManager.TryGetValue(serial, out var certificate2))
{
return(certificate2);
}
// 否则重新下载新的平台证书
var request = new WeChatPayCertificatesRequest();
var response = await ExecuteAsync(request, options);
foreach (var certificate in response.Certificates)
{
// 若证书序列号未被缓存,解密证书并加入缓存
if (!_platformCertificateManager.ContainsKey(certificate.SerialNo))
{
switch (certificate.EncryptCertificate.Algorithm)
{
case nameof(AEAD_AES_256_GCM):
{
var certStr = AEAD_AES_256_GCM.Decrypt(certificate.EncryptCertificate.Nonce, certificate.EncryptCertificate.Ciphertext, certificate.EncryptCertificate.AssociatedData, options.V3Key);
var cert = new X509Certificate2(Encoding.UTF8.GetBytes(certStr));
_platformCertificateManager.TryAdd(certificate.SerialNo, cert);
}
break;
default:
throw new WeChatPayException($"Unknown algorithm: {certificate.EncryptCertificate.Algorithm}");
}
}
}
// 重新从缓存获取
if (_platformCertificateManager.TryGetValue(serial, out certificate2))
{
return(certificate2);
}
else
{
throw new WeChatPayException("Download certificates failed!");
}
}