Exemplo n.º 1
0
        //支付提交
        public ActionResult PayPost(Models.B2CInfo order)
        {
            //组装xml
            String xml = DataUtils.getXmlString(order);

            byte[] bytes = System.Text.Encoding.UTF8.GetBytes(xml);
            //转成 Base64 形式的 System.String
            string xmlData  = Convert.ToBase64String(bytes);
            string tranCode = appSetting.postPayCode;
            //私钥
            string privateKey = appSetting.privateKey;
            //公钥
            string publicKey  = appSetting.publicKey;
            string sign       = RSAFromPkcs8.sign(xml, privateKey, "UTF-8");
            string merchantId = order.merchantId;
            //发送数据拼接
            string param    = "xmlData=" + xmlData + "&tranCode=WGZF001" + "&reqOrdId=" + order.reqOrdId + "&signData=" + sign + "&merchantId=" + order.merchantId;
            string response = HttpClient.HttpPost(order.postUrl, param);

            B2C.Models.RecallObject recall = JsonHelper.JsonStringToObj <B2C.Models.RecallObject>(response);
            //返回数据签名验证后生成二维码
            // string ec = recall.encryptData;
            string recallstring = DataUtils.DecodeBase64("utf-8", recall.encryptData);

            if (RSAFromPkcs8.verify(recallstring, recall.sign, publicKey, "UTF-8"))
            {
                string url = DataUtils.getValue(recallstring, "qrCode");
                if (order.tranCode.Equals("01"))
                {
                    //支付宝
                    // GenerateQRCode.GenerateQRByThoughtWorks(url, DataUtils.getValue(recallstring, "reqOrdId"), memoryAddress);
                }
                else
                {
                    //微信
                    //   GenerateQRCode.GenerateQRByThoughtWorks(url, DataUtils.getValue(recallstring, "reqOrdId"), memoryAddress);
                }
            }
            string result = Newtonsoft.Json.JsonConvert.SerializeObject(order);

            ViewData["merchant"] = order;
            return(View());
        }
Exemplo n.º 2
0
        public ActionResult VerifyAliPay(String orderId, String result)
        {
            Orders order = entities.Orders.Find(orderId);

            if (order == null)
            {
                return(Json(new { code = 201, desc = "指定订单不存在" }));
            }

            NimUser user = entities.NimUser.Single(o => o.Username == order.UserName);

            //如果异步通知成功,直接返回
            if (order.TradeStatus == "TRADE_SUCCESS" || order.TradeStatus == "TRADE_FINISHED")
            {
                //平衡学币
                user.NimUserEx.Coins = order.Coin + (user.NimUserEx.Coins ?? 0);
                order.IsBalance      = 1;
                entities.SaveChanges();

                return(Json(new { code = 200, desc = "支付成功", info = new { user.Username, Nickname = user.NimUserEx.Name, user.NimUserEx.Coins } }));
            }

            //如果服务端没有收到异步通知的时候,则要验证客户端发过来的同步通知(https://doc.open.alipay.com/doc2/detail.htm?spm=0.0.0.0.bsvyrx&treeId=59&articleId=103665&docType=1)
            //1、原始数据是否跟商户请求支付的原始数据一致(必须验证这个);
            //2、验证这个签名是否能通过。上述1、2通过后,在sign字段中success = true才是可信的。

            //构建原始数据,并验证是否一致,比如如果订单号不存在,那么就会验证不成功
            String orderString = OrderUtil.getOrderInfo(order);

            if (!result.Contains(orderString))
            {
                return(Json(new { code = 201, desc = "数据验证不通过" }));
            }

            //验证数据的签名,以[&sign_type="RSA"&sign=]为界,前面的为(原始数据&支付结果),后面的为带双引号的签名结果,在验证签名时,记录把开头和结尾的引号trim掉
            String[] a      = result.Split(new String[] { "&sign_type=\"RSA\"&sign=" }, StringSplitOptions.None);
            bool     isPass = RSAFromPkcs8.verify(a[0], a[1].Trim(new char[] { '"' }), Config.Public_key, Config.Input_charset);

            if (!isPass)
            {
                return(Json(new { code = 201, desc = "数据签名不相符" }));
            }

            //验证是否包含""这样的支付结果
            if (!a[0].Contains("&success=\"true\""))
            {
                return(Json(new { code = 201, desc = "支付失败" }));
            }

            order.TradeNo     = "";
            order.TradeStatus = "COMPLETED";//只说明是同步验证成功,应该尽量依靠服务器异步验证

            if (order.IsBalance != 1)
            {
                user.NimUserEx.Coins = order.Coin + (user.NimUserEx.Coins ?? 0);
                order.IsBalance      = 1;
            }

            entities.SaveChanges();
            return(Json(new { code = 200, desc = "支付成功", info = new { user.Username, Nickname = user.NimUserEx.Name, user.NimUserEx.Coins } }));
        }