package com.oying.modules.hwc.utils;
|
|
import com.oying.exception.BadRequestException;
|
import com.oying.modules.security.config.SwiftPassProperties;
|
import com.oying.utils.enums.PayTypeEnum;
|
import lombok.extern.slf4j.Slf4j;
|
import org.apache.commons.codec.binary.Base64;
|
|
import java.nio.charset.StandardCharsets;
|
import java.util.Map;
|
|
/**
|
* @author zeming.fan@swiftpass.cn
|
*/
|
@Slf4j
|
public class SignUtil {
|
|
/**
|
* 请求时根据不同签名方式去生成不同的sign
|
*/
|
public static String getSign(String signType, String preStr, SwiftPassProperties properties, PayTypeEnum status) {
|
if ("RSA_1_256".equals(signType)) {
|
try {
|
return SignUtil.sign(preStr, "RSA_1_256", properties.getMchPrivateKey());
|
} catch (Exception e1) {
|
log.error(e1.getMessage(), e1);
|
throw new BadRequestException(e1.getMessage());
|
}
|
} else {
|
switch (status) {
|
case HWC:
|
return MD5.sign(preStr, "&key=" + properties.getKey(), "utf-8");
|
case HWC2:
|
return MD5.sign(preStr, "&key=" + properties.getKey2(), "utf-8");
|
}
|
throw new BadRequestException("汇旺财类型错误");
|
}
|
}
|
|
/**
|
* 对返回参数的验证签名
|
*/
|
public static boolean verifySign(String sign, String signType, Map<String, String> resultMap, SwiftPassProperties properties, PayTypeEnum status) throws Exception {
|
if ("RSA_1_256".equals(signType)) {
|
Map<String, String> params = SignUtils.paraFilter(resultMap);
|
StringBuilder builder = new StringBuilder((params.size() + 1) * 10);
|
SignUtils.buildPayParams(builder, params, false);
|
String preStr = builder.toString();
|
return !SignUtil.verifySign(preStr, sign, "RSA_1_256", properties.getPlatPublicKey());
|
} else if ("MD5".equals(signType)) {
|
switch (status) {
|
case HWC:
|
return !SignUtils.checkParam(resultMap, properties.getKey());
|
case HWC2:
|
return !SignUtils.checkParam(resultMap, properties.getKey2());
|
}
|
throw new BadRequestException("汇旺财类型错误");
|
}
|
return true;
|
}
|
|
/**
|
* RSA_1_256 验证签名
|
*/
|
public static boolean verifySign(String preStr, String sign, String signType, String platPublicKey) throws Exception {
|
// 调用这个函数前需要先判断是MD5还是RSA
|
// 商户的验签函数要同时支持MD5和RSA
|
RSAUtil.SignatureSuite suite;
|
if ("RSA_1_1".equals(signType)) {
|
suite = RSAUtil.SignatureSuite.SHA1;
|
} else if ("RSA_1_256".equals(signType)) {
|
suite = RSAUtil.SignatureSuite.SHA256;
|
} else {
|
throw new Exception("不支持的签名方式");
|
}
|
return RSAUtil.verifySign(suite, preStr.getBytes(StandardCharsets.UTF_8), Base64.decodeBase64(sign.getBytes(StandardCharsets.UTF_8)),
|
platPublicKey);
|
}
|
|
/**
|
* RSA_1_256生成不同的sign
|
*/
|
public static String sign(String preStr, String signType, String mchPrivateKey) throws Exception {
|
RSAUtil.SignatureSuite suite;
|
if ("RSA_1_1".equals(signType)) {
|
suite = RSAUtil.SignatureSuite.SHA1;
|
} else if ("RSA_1_256".equals(signType)) {
|
suite = RSAUtil.SignatureSuite.SHA256;
|
} else {
|
throw new Exception("不支持的签名方式");
|
}
|
byte[] signBuf = RSAUtil.sign(suite, preStr.getBytes(StandardCharsets.UTF_8),
|
mchPrivateKey);
|
return new String(Base64.encodeBase64(signBuf), StandardCharsets.UTF_8);
|
}
|
}
|
