public void should_return_false_when_cert_sign_invalid() { Assert.AreEqual(AntCertificationUtil.IsTrusted(BadSignRsaClientCert, RsaRootCa), false); }
private async Task CheckResponseCertSignAsync <T>(IAlipayRequest <T> request, string body, bool isError, IAlipayParser <T> parser, AlipayOptions options) where T : AlipayResponse { var certItem = parser.GetCertItem(request, body); if (certItem == null) { throw new AlipayException("cert check fail: Body is Empty!"); } if (!string.IsNullOrEmpty(certItem.CertSN)) { // 为空时添加本地支付宝公钥证书密钥 if (_publicKeyManager.IsEmpty) { _publicKeyManager.TryAdd(options.AlipayPublicCertSN, options.AlipayPublicKey); } // 如果返回的支付宝公钥证书序列号与本地支付宝公钥证书序列号不匹配,通过返回的支付宝公钥证书序列号去网关拉取新的支付宝公钥证书 if (!_publicKeyManager.ContainsKey(certItem.CertSN)) { var model = new AlipayOpenAppAlipaycertDownloadModel { AlipayCertSn = certItem.CertSN }; var req = new AlipayOpenAppAlipaycertDownloadRequest(); req.SetBizModel(model); var response = await CertificateExecuteAsync(req, options); if (response.IsError) { throw new AlipayException("支付宝公钥证书校验失败,请确认是否为支付宝签发的有效公钥证书"); } if (!AntCertificationUtil.IsTrusted(response.AlipayCertContent, options.RootCert)) { throw new AlipayException("支付宝公钥证书校验失败,请确认是否为支付宝签发的有效公钥证书"); } var alipayCert = AntCertificationUtil.ParseCert(response.AlipayCertContent); var alipayCertSN = AntCertificationUtil.GetCertSN(alipayCert); var alipayCertPublicKey = AntCertificationUtil.ExtractPemPublicKeyFromCert(alipayCert); _publicKeyManager.TryAdd(alipayCertSN, alipayCertPublicKey); } // 针对成功结果且有支付宝公钥的进行验签 if (_publicKeyManager.TryGetValue(certItem.CertSN, out var alipayPublicKey)) { if (!isError || isError && !string.IsNullOrEmpty(certItem.Sign)) { var rsaCheckContent = AlipaySignature.RSACheckContent(certItem.SignSourceDate, certItem.Sign, alipayPublicKey, options.Charset, options.SignType); if (!rsaCheckContent) { // 针对JSON \/问题,替换/后再尝试做一次验证 if (!string.IsNullOrEmpty(certItem.SignSourceDate) && certItem.SignSourceDate.Contains("\\/")) { var srouceData = certItem.SignSourceDate.Replace("\\/", "/"); var jsonCheck = AlipaySignature.RSACheckContent(srouceData, certItem.Sign, alipayPublicKey, options.Charset, options.SignType); if (!jsonCheck) { throw new AlipayException("cert check fail: check Cert and Data Fail JSON also"); } } else { throw new AlipayException("cert check fail: check Cert and Data Fail!"); } } } } else { throw new AlipayException("cert check fail: check Cert and Data Fail! CertSN non-existent"); } } }
public void should_return_true_when_use_rsa_root_ca_check_rsa_client_cert() { Assert.AreEqual(AntCertificationUtil.IsTrusted(RsaClientCert, RsaRootCa), true); }