refactor: Adjusted the signature generation method to create signatur…

…es for JS payment (V3).
EasyAbp · Jan 7, 2024 · 36a799c · 36a799c
1 parent 6d6afbc
commit 36a799c
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 16 deletions.
diff --git a/...yAbp.Abp.WeChat.Pay.Abstractions/RequestHandling/Dtos/GetJsSdkWeChatPayParametersInput.cs b/...yAbp.Abp.WeChat.Pay.Abstractions/RequestHandling/Dtos/GetJsSdkWeChatPayParametersInput.cs
@@ -1,11 +1,13 @@
 using System;
 using System.ComponentModel.DataAnnotations;
+using JetBrains.Annotations;
 
 namespace EasyAbp.Abp.WeChat.Pay.RequestHandling.Dtos;
 
 [Serializable]
 public class GetJsSdkWeChatPayParametersInput
 {
+    [CanBeNull]
     public string MchId { get; set; }
 
     [Required]

diff --git a/src/Pay/EasyAbp.Abp.WeChat.Pay/Security/CertificatesManager.cs b/src/Pay/EasyAbp.Abp.WeChat.Pay/Security/CertificatesManager.cs
@@ -1,5 +1,8 @@
 using System;
 using System.Collections.Concurrent;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
 using System.Threading.Tasks;
 using EasyAbp.Abp.WeChat.Pay.Options;
 using Volo.Abp.BlobStoring;
@@ -36,6 +39,14 @@ public async Task<WeChatPayCertificate> GetCertificateAsync(string mchId)
                 new WeChatPayCertificate(options.MchId, certificateBytes, options.CertificateSecret))).Value;
     }
 
+    public string GetSignature(string pendingSignature, WeChatPayCertificate certificate)
+    {
+        var privateKey = certificate.X509Certificate.GetRSAPrivateKey();
+        var signDataBytes = privateKey.SignData(Encoding.UTF8.GetBytes(pendingSignature), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+
+        return Convert.ToBase64String(signDataBytes);
+    }
+
     protected virtual async Task<byte[]> GetX509CertificateBytesAsync(AbpWeChatPayOptions options)
     {
         if (options.CertificateBlobName.IsNullOrEmpty())

diff --git a/src/Pay/EasyAbp.Abp.WeChat.Pay/Security/ICertificatesManager.cs b/src/Pay/EasyAbp.Abp.WeChat.Pay/Security/ICertificatesManager.cs
@@ -16,4 +16,12 @@ public interface ICertificatesManager
     /// <exception cref="ArgumentNullException">当证书的 BLOB 不存在时抛出此异常。</exception>
     /// <exception cref="NullReferenceException">无法获取证书时会抛出此异常。</exception>
     Task<WeChatPayCertificate> GetCertificateAsync(string mchId);
+
+    /// <summary>
+    /// 使用微信支付证书对待签名字符串进行签名。
+    /// </summary>
+    /// <param name="pendingSignature">等待签名的字符串。</param>
+    /// <param name="certificate">用于签名的证书实例。</param>
+    /// <returns>具体的签名数据，使用 Base64 编码。</returns>
+    string GetSignature(string pendingSignature, WeChatPayCertificate certificate);
 }
diff --git a/src/Pay/EasyAbp.Abp.WeChat.Pay/Security/WeChatPayAuthorizationGenerator.cs b/src/Pay/EasyAbp.Abp.WeChat.Pay/Security/WeChatPayAuthorizationGenerator.cs
@@ -1,8 +1,4 @@
-using System;
-using System.Net.Http;
-using System.Security.Cryptography;
-using System.Security.Cryptography.X509Certificates;
-using System.Text;
+using System.Net.Http;
 using System.Threading.Tasks;
 using EasyAbp.Abp.WeChat.Common.Extensions;
 using EasyAbp.Abp.WeChat.Pay.ApiRequests;
@@ -21,7 +17,7 @@ public class WeChatPayAuthorizationGenerator : IWeChatPayAuthorizationGenerator,
     /// 授权(Authorization)标头的认证类型。
     /// </summary>
     public const string AuthorizationScheme = "WECHATPAY2-SHA256-RSA2048";
-    
+
     private readonly IAbpWeChatPayOptionsProvider _weChatPayOptionsProvider;
     private readonly ICertificatesManager _certificatesManager;
 
@@ -41,17 +37,9 @@ public async Task<string> GenerateAuthorizationAsync(HttpMethod method, string u
         var requestModel = new WeChatPayApiRequestModel(method, url, body, timeStamp, nonceStr);
         var pendingSignature = requestModel.GetPendingSignatureString();
         var certificate = await _certificatesManager.GetCertificateAsync(mchId);
-        var signString = RsaSign(pendingSignature, certificate);
+        var signString = _certificatesManager.GetSignature(pendingSignature, certificate);
 
         return
             $"{AuthorizationScheme} mchid=\"{options.MchId}\",nonce_str=\"{nonceStr}\",timestamp=\"{timeStamp}\",serial_no=\"{certificate.X509Certificate.SerialNumber}\",signature=\"{signString}\"";
     }
-
-    private string RsaSign(string pendingSignature, WeChatPayCertificate certificate)
-    {
-        var privateKey = certificate.X509Certificate.GetRSAPrivateKey();
-        var signDataBytes = privateKey.SignData(Encoding.UTF8.GetBytes(pendingSignature), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
-
-        return Convert.ToBase64String(signDataBytes);
-    }
 }
diff --git a/src/Pay/EasyAbp.Abp.WeChat.Pay/Security/WeChatPayCertificate.cs b/src/Pay/EasyAbp.Abp.WeChat.Pay/Security/WeChatPayCertificate.cs
@@ -28,7 +28,7 @@ public sealed class WeChatPayCertificate
     /// </summary>
     /// <param name="mchId">商户号。</param>
     /// <param name="certificateBytes">X509 证书实例。</param>
-    /// <param name="password">X509 证书的哈希值，用于快速比对证书是否发生变化。</param>
+    /// <param name="password">X509 证书的密码。</param>
     public WeChatPayCertificate(string mchId, byte[] certificateBytes, string password)
     {
         MchId = mchId;