拉卡拉

630d73a7 · wangp · 9bfde828 · 630d73a7
Commit 630d73a7 authored Jul 18, 2023 by wangp
Hide whitespace changes
Inline Side-by-side

Showing with 111 additions and 89 deletions

notice.go controller/api/v1/pay/notice.go +111 -89

No files found.
--- a/controller/api/v1/pay/notice.go
+++ b/controller/api/v1/pay/notice.go
 package pay

 import (
+	"crypto"
+	"crypto/rsa"
+	"crypto/sha1"
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/pem"
 	"fmt"
 	"github.com/gin-gonic/gin"
+	"io/ioutil"
 	"system_pay/controller/base"
 	"system_pay/models"
 	"system_pay/repository/pay"
@@ -39,7 +46,7 @@ func (l *PayController) WxNotice(c *gin.Context) {
 	//fmt.Println(ph2)

 	//验证签名
-	//_, err := verySignByPublicKey(c)
+	//err := test_ver2()
 	//if err != nil {
 	//	fmt.Println("verySignByPublicKey err: ", err)
 	//	response := new(base.ResponseDataWxNotice)
@@ -48,7 +55,20 @@ func (l *PayController) WxNotice(c *gin.Context) {
 	//	base.ResponseWxNotice(c, response)
 	//	return
 	//}
+	//fmt.Println("test_ver ok")
+	//base.ResponseWxNotice(c, nil)
+	//return

+	//_, err = testCert(c)
+	//if err != nil {
+	//	fmt.Println("verySignByPublicKey err: ", err)
+	//	response := new(base.ResponseDataWxNotice)
+	//	response.Code = "FAIL"
+	//	response.Message = "验证签名失败"
+	//	base.ResponseWxNotice(c, response)
+	//	return
+	//}
+	//
 	ph := new(models.WxNoticeInput)
 	err := c.ShouldBindJSON(ph)
 	if err != nil {
@@ -67,99 +87,101 @@ func (l *PayController) WxNotice(c *gin.Context) {
 	base.ResponseWxNotice(c, response)
 }

-//func verify(c *gin.Context) error {
-//	//String appid = getHeadValue(response, "Lklapi-Appid");
-//	//String lklapiSerial = getHeadValue(response, "Lklapi-Serial");
-//	//String timestamp = getHeadValue(response, "Lklapi-Timestamp");
-//	//String nonce = getHeadValue(response, "Lklapi-Nonce");
-//	//String signature = getHeadValue(response, "Lklapi-Signature");
-//	//String responseStr = IOUtils.toString(response.getEntity().getContent(), ENCODING);
-//	//
-//	//System.out.println("responseStr  " + responseStr);
-//	//
-//	//String source = appid + "\n" + lklapiSerial + "\n" + timestamp + "\n" + nonce + "\n" + responseStr + "\n";
-//
-//	appid := c.GetHeader("Lklapi-Appid")
-//	lklapiSerial := c.GetHeader("Lklapi-Serial")
-//	timestamp := c.GetHeader("Lklapi-Timestamp")
-//	nonce := c.GetHeader("Lklapi-Nonce")
-//	signature := c.GetHeader("Lklapi-Signature")
-//	responseStr := c.GetHeader("")
-//
-//	source := appid + "\n" + lklapiSerial + "\n" + timestamp + "\n" + nonce + "\n" + responseStr + "\n";
-//
-//	rtn, err := utils.VerifyDerCert([]byte(source), "./cert/lkl-apigw-v2.cer")
-//	if err == nil {
-//		fmt.Println("验证签名成功！")
-//		return errors.New("验证签名成功！")
-//	} else {
-//		fmt.Println("验证签名失败！")
-//		return err
-//	}
-//	fmt.Println(rtn)
-//	return errors.New("wangpei签名测试中。。。。。")
-//}
+func test_ver2() error {
+	// 1、读取公钥文件，获取公钥字节
+	//rootPEM, err := ioutil.ReadFile("./cert/prod/saas/api_cert.cer")
+	//certPEM, err := ioutil.ReadFile("./cert/prod/saas/lkl-apigw-v1.cer")
+	certPEM, err := ioutil.ReadFile("./cert/dev/lkl-apigw-v2.cer")
+	if err != nil {
+		fmt.Println("ioutil.ReadFile failed")
+	}

-//func verySignByPublicKey(c *gin.Context) (bool, error) {
-//
-//	//publicKey string, data []byte, signData []byte
-//	//String responseStr = IOUtils.toString(response.getEntity().getContent(), ENCODING);
-//	appid := c.GetHeader("Lklapi-Appid")
-//	lklapiSerial := c.GetHeader("Lklapi-Serial")
-//	timestamp := c.GetHeader("Lklapi-Timestamp")
-//	nonce := c.GetHeader("Lklapi-Nonce")
-//	signature := c.GetHeader("Lklapi-Signature")
-//	responseStr := c.GetHeader("")
-//
-//	data := appid + "\n" + lklapiSerial + "\n" + timestamp + "\n" + nonce + "\n" + responseStr + "\n";
-//fmt.Println("verySignByPublicKey start...")
-//fmt.Println(data)
-//fmt.Println("signature="+signature)
-//
-//	// 1、读取公钥文件，获取公钥字节
-//	//path_cert := setting.Conf.Lakala.BkPathCert
-//	publicKey, err := ioutil.ReadFile("./cert/dev/lkl-apigw-v2.cer")
-//	if err != nil {
-//		return false, err
-//	}
-//	// 2、解码私钥字节，生成加密对象
-//	block, _ := pem.Decode(publicKey)
-//	if block == nil {
-//		return false, errors.New("私钥信息错误！")
-//	}
-//	// 3、解析DER编码的私钥，生成私钥对象
-//	pubKey, err := x509.ParsePKIXPublicKey(block.Bytes)
+	block, _ := pem.Decode([]byte(certPEM))
+	if block == nil {
+		fmt.Println("failed to parse certificate PEM")
+	}
+	cert, err := x509.ParseCertificate(block.Bytes)
+	if err != nil {
+		fmt.Println("failed to parse certificate: " + err.Error())
+	}
+
+	timestamp := "1630905585";
+	nonce := "9003323344";
+	signature := "tnjIAcEISq/ClrOppv/nojeZnE/pB1wNfQC/hMTME+rQMapWzvs9v1J68ueDpVzs1RW22dNotmUVy2sM6thNFRkaOx4qQGslX6kIttwvlsJsSEIR3qrjdPdUAkbP2KDRLujspxE9X0daJ6BU+rOoJ8p4c6y1/QSOMtDJoO3EABOF4O6RFHR3N7JW8o4qcf7lOOO7D4rlAB2vw6tV8WeG+OEyJ++Q0K3V1oM5uJEIPPuJkb2qlEqVYKiYLyvIdEJ1Z5qMbC9U7rKuHdeTQPl7last/h5nd6WauzDfYPKlAjZBEPYjiDqRv6Dm+4FeNtALoy6Mg7Ruxeq1pJudfj0iKg==";
+	reqBody := "{\"payOrderNo\":\"21090611012001970631000463034\",\"merchantOrderNo\":\"CH2021090613190866292\",\"orderInfo\":null,\"merchantNo\":\"822126090640003\",\"termId\":\"47781282\",\"tradeMerchantNo\":\"822126090640003\",\"tradeTermId\":\"47781282\",\"channelId\":\"10000038\",\"currency\":\"156\",\"amount\":1,\"tradeType\":\"PAY\",\"payStatus\":\"S\",\"notifyStatus\":0,\"orderCreateTime\":\"2021-09-06T05:19:43.000+00:00\",\"orderEfficientTime\":\"2021-09-06T05:19:43.000+00:00\",\"extendField\":null,\"payTime\":\"2021-09-06T05:19:43.000+00:00\",\"remark\":\"\",\"noticeNum\":1,\"sign\":null,\"notifyUrl\":null,\"notifyMode\":\"2\",\"payInfo\":\"1#1#ALIPAY#0#2021090622001432581427657317\",\"lklOrderNo\":\"2021090666210003610012\",\"crdFlg\":\"92\",\"payerId1\":\"2088702852632582\",\"payerId2\":\"rob***@126.com\",\"smCrdFlg\":\"01\",\"tradeTime\":\"20210906131943\",\"accountChannelOrderNo\":\"2021090622001432581427657317\",\"actualPayAmount\":1,\"logNo\":\"66210003610012\"}";
+
+	preSignData := timestamp +"\n" + nonce + "\n" +reqBody + "\n";
+
+	//fmt.Println("SignatureAlgorithm=")
+	//fmt.Println(cert.SignatureAlgorithm)
+	//sign := cert.Signature
+
+	//err = cert.CheckSignature(cert.SignatureAlgorithm, []byte(preSignData), []byte(signature))
+	//if err != nil {
+	//	fmt.Println("failed to CheckSignature: " + err.Error())
+	//	return err
+	//}
+
+	//证书 => 公钥
+	publicKey := cert.PublicKey.(*rsa.PublicKey)
+
+	sign, err := base64.StdEncoding.DecodeString(signature)
+	if err != nil {
+		return err
+	}
+	hash := sha1.New()
+	hash.Write([]byte(preSignData))
+	//err = RsaVerySignWithSha1Base64(originalData, signData, publicKey)
+	err = rsa.VerifyPKCS1v15(publicKey, crypto.SHA1, hash.Sum(nil), sign)
+	if err != nil {
+		fmt.Println("failed to VerifyPKCS1v15: " + err.Error())
+		return err
+	}
+
+	//opts := x509.VerifyOptions{
+	//	//DNSName: "mail.google.com",
+	//	//Roots:   roots,
+	//}
+	//
+	//if _, err := cert.Verify(opts); err != nil {
+	//	fmt.Println("failed to verify certificate: " + err.Error())
+	//}
+	fmt.Println("wangpei test ok")
+	return nil
+}
+
+//（4）验签：对采用sha1算法进行签名后转base64格式的数据进行验签
+func RsaVerySignWithSha1Base64(originalData, signData, pubKey string) error{
+	sign, err := base64.StdEncoding.DecodeString(signData)
+	if err != nil {
+		return err
+	}
+	//public, _ := base64.StdEncoding.DecodeString(pubKey)
+	public := []byte(pubKey)
+	pub, err := x509.ParsePKIXPublicKey(public)
+	if err != nil {
+		return err
+	}
+	hash := sha1.New()
+	hash.Write([]byte(originalData))
+	return rsa.VerifyPKCS1v15(pub.(*rsa.PublicKey), crypto.SHA1, hash.Sum(nil), sign)
+}
+
+//func VerifyWithPublicKey(signData string, srcData []byte, publicKey string) error {
+//	defer GetTimer("公钥验签")()
+//	key, err := decodePublicKey(publicKey)
 //	if err != nil {
-//		return false, err
+//		return err
 //	}
 //
-//	hashed := sha256.Sum256([]byte(data))
-//
-//	fmt.Println("pubKey.(*rsa.PublicKey): ", pubKey.(*rsa.PublicKey))
-//
-//	pubK := pubKey.(*rsa.PublicKey)
-//
-//	sig, err := base64.StdEncoding.DecodeString(signature)
-//
-//	err = rsa.VerifyPKCS1v15(pubK, crypto.SHA256, hashed[:], sig)
+//	bytes, err := base64.StdEncoding.DecodeString(signData)
 //	if err != nil {
-//		return false, err
-//	}
-//
-//	return true, nil
-//}
-
-//const (
-//	PEM_BEGIN = "-----BEGIN RSA PRIVATE KEY-----\n"
-//	PEM_END   = "\n-----END RSA PRIVATE KEY-----"
-//)
-//
-//func FormatPrivateKey(privateKey string) string {
-//	if !strings.HasPrefix(privateKey, PEM_BEGIN) {
-//		privateKey = PEM_BEGIN + privateKey
+//		return err
 //	}
-//	if !strings.HasSuffix(privateKey, PEM_END) {
-//		privateKey = privateKey + PEM_END
+//	hashed := sha256.Sum256(srcData)
+//	err = rsa.VerifyPKCS1v15(key, crypto.SHA256, hashed[:], bytes)
+//	if err != nil {
+//		return err
 //	}
-//	return privateKey
+//	return nil
 //}
\ No newline at end of file