//支付提交
public ActionResult PayPost(Models.B2CInfo order)
{
//组装xml
String xml = DataUtils.getXmlString(order);
byte[] bytes = System.Text.Encoding.UTF8.GetBytes(xml);
//转成 Base64 形式的 System.String
string xmlData = Convert.ToBase64String(bytes);
string tranCode = appSetting.postPayCode;
//私钥
string privateKey = appSetting.privateKey;
//公钥
string publicKey = appSetting.publicKey;
string sign = RSAFromPkcs8.sign(xml, privateKey, "UTF-8");
string merchantId = order.merchantId;
//发送数据拼接
string param = "xmlData=" + xmlData + "&tranCode=WGZF001" + "&reqOrdId=" + order.reqOrdId + "&signData=" + sign + "&merchantId=" + order.merchantId;
string response = HttpClient.HttpPost(order.postUrl, param);
B2C.Models.RecallObject recall = JsonHelper.JsonStringToObj <B2C.Models.RecallObject>(response);
//返回数据签名验证后生成二维码
// string ec = recall.encryptData;
string recallstring = DataUtils.DecodeBase64("utf-8", recall.encryptData);
if (RSAFromPkcs8.verify(recallstring, recall.sign, publicKey, "UTF-8"))
{
string url = DataUtils.getValue(recallstring, "qrCode");
if (order.tranCode.Equals("01"))
{
//支付宝
// GenerateQRCode.GenerateQRByThoughtWorks(url, DataUtils.getValue(recallstring, "reqOrdId"), memoryAddress);
}
else
{
//微信
// GenerateQRCode.GenerateQRByThoughtWorks(url, DataUtils.getValue(recallstring, "reqOrdId"), memoryAddress);
}
}
string result = Newtonsoft.Json.JsonConvert.SerializeObject(order);
ViewData["merchant"] = order;
return(View());
}
public ActionResult VerifyAliPay(String orderId, String result)
{
Orders order = entities.Orders.Find(orderId);
if (order == null)
{
return(Json(new { code = 201, desc = "指定订单不存在" }));
}
NimUser user = entities.NimUser.Single(o => o.Username == order.UserName);
//如果异步通知成功,直接返回
if (order.TradeStatus == "TRADE_SUCCESS" || order.TradeStatus == "TRADE_FINISHED")
{
//平衡学币
user.NimUserEx.Coins = order.Coin + (user.NimUserEx.Coins ?? 0);
order.IsBalance = 1;
entities.SaveChanges();
return(Json(new { code = 200, desc = "支付成功", info = new { user.Username, Nickname = user.NimUserEx.Name, user.NimUserEx.Coins } }));
}
//如果服务端没有收到异步通知的时候,则要验证客户端发过来的同步通知(https://doc.open.alipay.com/doc2/detail.htm?spm=0.0.0.0.bsvyrx&treeId=59&articleId=103665&docType=1)
//1、原始数据是否跟商户请求支付的原始数据一致(必须验证这个);
//2、验证这个签名是否能通过。上述1、2通过后,在sign字段中success = true才是可信的。
//构建原始数据,并验证是否一致,比如如果订单号不存在,那么就会验证不成功
String orderString = OrderUtil.getOrderInfo(order);
if (!result.Contains(orderString))
{
return(Json(new { code = 201, desc = "数据验证不通过" }));
}
//验证数据的签名,以[&sign_type="RSA"&sign=]为界,前面的为(原始数据&支付结果),后面的为带双引号的签名结果,在验证签名时,记录把开头和结尾的引号trim掉
String[] a = result.Split(new String[] { "&sign_type=\"RSA\"&sign=" }, StringSplitOptions.None);
bool isPass = RSAFromPkcs8.verify(a[0], a[1].Trim(new char[] { '"' }), Config.Public_key, Config.Input_charset);
if (!isPass)
{
return(Json(new { code = 201, desc = "数据签名不相符" }));
}
//验证是否包含""这样的支付结果
if (!a[0].Contains("&success=\"true\""))
{
return(Json(new { code = 201, desc = "支付失败" }));
}
order.TradeNo = "";
order.TradeStatus = "COMPLETED";//只说明是同步验证成功,应该尽量依靠服务器异步验证
if (order.IsBalance != 1)
{
user.NimUserEx.Coins = order.Coin + (user.NimUserEx.Coins ?? 0);
order.IsBalance = 1;
}
entities.SaveChanges();
return(Json(new { code = 200, desc = "支付成功", info = new { user.Username, Nickname = user.NimUserEx.Name, user.NimUserEx.Coins } }));
}
