private async Task <string> LoadAlipayPublicKeyAsync(CertItem certItem, AlipayOptions options) { // 为空时添加本地支付宝公钥证书密钥 if (_publicKeyManager.IsEmpty) { _publicKeyManager.TryAdd(options.AlipayPublicCertSN, options.AlipayPublicKey); } // 如果响应的支付宝公钥证书序号已经缓存过,则直接使用缓存的公钥 if (_publicKeyManager.TryGetValue(certItem.CertSN, out var publicKey)) { return(publicKey); } // 否则重新下载新的支付宝公钥证书并更新缓存 var model = new AlipayOpenAppAlipaycertDownloadModel { AlipayCertSn = certItem.CertSN }; var req = new AlipayOpenAppAlipaycertDownloadRequest(); req.SetBizModel(model); var response = await CertificateExecuteAsync(req, options); if (response.IsError) { throw new AlipayException("支付宝公钥证书校验失败,请确认是否为支付宝签发的有效公钥证书"); } if (!AlipayCertUtil.IsTrusted(response.AlipayCertContent, options.AlipayRootCert)) { throw new AlipayException("支付宝公钥证书校验失败,请确认是否为支付宝签发的有效公钥证书"); } var alipayCert = AlipayCertUtil.Parse(response.AlipayCertContent); var alipayCertSN = AlipayCertUtil.GetCertSN(alipayCert); var alipayCertPublicKey = AlipayCertUtil.GetCertPublicKey(alipayCert); _publicKeyManager.TryAdd(alipayCertSN, alipayCertPublicKey); return(alipayCertPublicKey); }
/// <summary> /// /// </summary> /// <param name="certItem"></param> /// <returns></returns> private async Task <String> LoadAlipayPublicKey(CertItem certItem) { //如果响应的支付宝公钥证书序号已经缓存过,则直接使用缓存的公钥 if (certEnvironment.ContainsAlipayPublicKey(certItem.CertSN)) { return(certEnvironment.GetAlipayPublicKey(certItem.CertSN)); } //否则重新下载新的支付宝公钥证书并更新缓存 AlipayOpenAppAlipaycertDownloadRequest request = new AlipayOpenAppAlipaycertDownloadRequest { BizContent = "{\"alipay_cert_sn\":\"" + certItem.CertSN + "\"}" }; AlipayOpenAppAlipaycertDownloadResponse response = await CertificateExecute(request); if (response.IsError) { throw new Exception("支付宝公钥证书校验失败,请确认是否为支付宝签发的有效公钥证书"); } string alipayCertBase64 = response.AlipayCertContent; byte[] alipayCertBytes = Convert.FromBase64String(alipayCertBase64); string alipayCertContent = Encoding.UTF8.GetString(alipayCertBytes); if (!AntCertificationUtil.IsTrusted(alipayCertContent, certEnvironment.RootCertContent)) { throw new Exception("支付宝公钥证书校验失败,请确认是否为支付宝签发的有效公钥证书"); } X509Certificate alipayCert = AntCertificationUtil.ParseCert(alipayCertContent); String alipayCertSN = AntCertificationUtil.GetCertSN(alipayCert); string newAlipayPublicKey = AntCertificationUtil.ExtractPemPublicKeyFromCert(alipayCert); certEnvironment.AddNewAlipayPublicKey(alipayCertSN, newAlipayPublicKey); return(newAlipayPublicKey); }
private async Task CheckResponseCertSignAsync <T>(IAlipayRequest <T> request, string body, bool isError, IAlipayParser <T> parser, AlipayOptions options) where T : AlipayResponse { var certItem = parser.GetCertItem(request, body); if (certItem == null) { throw new AlipayException("cert check fail: Body is Empty!"); } if (!string.IsNullOrEmpty(certItem.CertSN)) { // 为空时添加本地支付宝公钥证书密钥 if (_publicKeyManager.IsEmpty) { _publicKeyManager.TryAdd(options.AlipayPublicCertSN, options.AlipayPublicKey); } // 如果返回的支付宝公钥证书序列号与本地支付宝公钥证书序列号不匹配,通过返回的支付宝公钥证书序列号去网关拉取新的支付宝公钥证书 if (!_publicKeyManager.ContainsKey(certItem.CertSN)) { var model = new AlipayOpenAppAlipaycertDownloadModel { AlipayCertSn = certItem.CertSN }; var req = new AlipayOpenAppAlipaycertDownloadRequest(); req.SetBizModel(model); var response = await CertificateExecuteAsync(req, options); if (response.IsError) { throw new AlipayException("支付宝公钥证书校验失败,请确认是否为支付宝签发的有效公钥证书"); } if (!AntCertificationUtil.IsTrusted(response.AlipayCertContent, options.RootCert)) { throw new AlipayException("支付宝公钥证书校验失败,请确认是否为支付宝签发的有效公钥证书"); } var alipayCert = AntCertificationUtil.ParseCert(response.AlipayCertContent); var alipayCertSN = AntCertificationUtil.GetCertSN(alipayCert); var alipayCertPublicKey = AntCertificationUtil.ExtractPemPublicKeyFromCert(alipayCert); _publicKeyManager.TryAdd(alipayCertSN, alipayCertPublicKey); } // 针对成功结果且有支付宝公钥的进行验签 if (_publicKeyManager.TryGetValue(certItem.CertSN, out var alipayPublicKey)) { if (!isError || isError && !string.IsNullOrEmpty(certItem.Sign)) { var rsaCheckContent = AlipaySignature.RSACheckContent(certItem.SignSourceDate, certItem.Sign, alipayPublicKey, options.Charset, options.SignType); if (!rsaCheckContent) { // 针对JSON \/问题,替换/后再尝试做一次验证 if (!string.IsNullOrEmpty(certItem.SignSourceDate) && certItem.SignSourceDate.Contains("\\/")) { var srouceData = certItem.SignSourceDate.Replace("\\/", "/"); var jsonCheck = AlipaySignature.RSACheckContent(srouceData, certItem.Sign, alipayPublicKey, options.Charset, options.SignType); if (!jsonCheck) { throw new AlipayException("cert check fail: check Cert and Data Fail JSON also"); } } else { throw new AlipayException("cert check fail: check Cert and Data Fail!"); } } } } else { throw new AlipayException("cert check fail: check Cert and Data Fail! CertSN non-existent"); } } }