官方暫時沒有維護應答與通知簽名的驗證C#示例,找了些資料被困擾了一天終於調試通了,貼出來下 。
此類提供兩個方法:
1.敏感信息加密,如身份證、銀行卡號。(特約商戶進件接口需要);
2.應答與通知簽驗簽(商戶必須驗證回調的簽名,以確保回調是由微信支付發送,避免劫持修改數據。)。
/// <summary>
/// 使用微信支付平台證書公鑰加密驗簽
/// https://wechatpay-api.gitbook.io/wechatpay-api-v3/qian-ming-zhi-nan-1/qian-ming-yan-zheng
/// </summary>
public class WXPlatform
{
public string PublicKey { get; private set; }
private byte[] _publicKeyBytes { get; set; }
/// <summary>
/// 構造方法
/// </summary>
/// <param name="publickey">-----BEGIN CERTIFICATE----- 開頭的string,轉為bytes->不需要每次都去</param>
public WXPlatform(string publickey)
{
this.PublicKey = publickey;
this._publicKeyBytes = Encoding.UTF8.GetBytes(publickey);
}
/// <summary>
/// 最終提交請求時,需對敏感信息加密,如身份證、銀行卡號。
/// 加密算法是RSA,使用從接口下載到的公鑰進行加密,非后台下載到的私鑰。
/// </summary>
/// <param name="text">要加密的明文</param>
/// <param name="publicKey"> </param>
/// <returns></returns>
public string Encrypt(string text)
{
var x509 = new X509Certificate2(this._publicKeyBytes);
using (var rsa = (RSACryptoServiceProvider)x509.PublicKey.Key)
{
var buff = rsa.Encrypt(Encoding.UTF8.GetBytes(text), true);
return Convert.ToBase64String(buff);
}
}
/// <summary>
/// 驗證簽名
/// </summary>
/// <param name="signedString">私鑰加密串-Wechatpay-Signature</param>
/// <param name="signSourceString">驗簽名串-應答時間戳\n應答隨機串\n應答報文主體\n</param>
/// <returns></returns>
public bool VerifySign(string signedString, string signSourceString)
{
var x509 = new X509Certificate2(this._publicKeyBytes);
using (var rsa = (RSACryptoServiceProvider)x509.PublicKey.Key)
{
using (var sha256 = new SHA256CryptoServiceProvider())
{
var b = rsa.VerifyData(Encoding.UTF8.GetBytes(signSourceString), sha256, Convert.FromBase64String(signedString));
return b;
}
}
}
}
在微信社區發布的地址:https://developers.weixin.qq.com/community/develop/article/doc/000aca9b4906480daef9a62215b413