Merge remote-tracking branch 'origin/xin' into pxb

彭雪彬

2025-07-14 c1d20b425b10e8ba59f102dd1ab413055883eed0

 oying-system/src/main/java/com/oying/modules/hwc/utils/SignUtil.java

New file
@@ -0,0 +1,96 @@
package com.oying.modules.hwc.utils;

import com.oying.exception.BadRequestException;
import com.oying.modules.security.config.SwiftPassProperties;
import com.oying.utils.enums.PayTypeEnum;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.codec.binary.Base64;

import java.nio.charset.StandardCharsets;
import java.util.Map;

/**
 * @author zeming.fan@swiftpass.cn
 */
@Slf4j
public class SignUtil {

    /**
     * 请求时根据不同签名方式去生成不同的sign
     */
    public static String getSign(String signType, String preStr, SwiftPassProperties properties, PayTypeEnum status) {
        if ("RSA_1_256".equals(signType)) {
            try {
                return SignUtil.sign(preStr, "RSA_1_256", properties.getMchPrivateKey());
            } catch (Exception e1) {
                log.error(e1.getMessage(), e1);
                throw new BadRequestException(e1.getMessage());
            }
        } else {
            switch (status) {
                case HWC:
                    return MD5.sign(preStr, "&key=" + properties.getKey(), "utf-8");
                case HWC2:
                    return MD5.sign(preStr, "&key=" + properties.getKey2(), "utf-8");
            }
            throw new BadRequestException("汇旺财类型错误");
        }
    }

    /**
     * 对返回参数的验证签名
     */
    public static boolean verifySign(String sign, String signType, Map<String, String> resultMap, SwiftPassProperties properties, PayTypeEnum status) throws Exception {
        if ("RSA_1_256".equals(signType)) {
            Map<String, String> params = SignUtils.paraFilter(resultMap);
            StringBuilder builder = new StringBuilder((params.size() + 1) * 10);
            SignUtils.buildPayParams(builder, params, false);
            String preStr = builder.toString();
            return !SignUtil.verifySign(preStr, sign, "RSA_1_256", properties.getPlatPublicKey());
        } else if ("MD5".equals(signType)) {
            switch (status) {
                case HWC:
                    return !SignUtils.checkParam(resultMap, properties.getKey());
                case HWC2:
                    return !SignUtils.checkParam(resultMap, properties.getKey2());
            }
            throw new BadRequestException("汇旺财类型错误");
        }
        return true;
    }

    /**
     * RSA_1_256 验证签名
     */
    public static boolean verifySign(String preStr, String sign, String signType, String platPublicKey) throws Exception {
        // 调用这个函数前需要先判断是MD5还是RSA
        // 商户的验签函数要同时支持MD5和RSA
        RSAUtil.SignatureSuite suite;
        if ("RSA_1_1".equals(signType)) {
            suite = RSAUtil.SignatureSuite.SHA1;
        } else if ("RSA_1_256".equals(signType)) {
            suite = RSAUtil.SignatureSuite.SHA256;
        } else {
            throw new Exception("不支持的签名方式");
        }
        return RSAUtil.verifySign(suite, preStr.getBytes(StandardCharsets.UTF_8), Base64.decodeBase64(sign.getBytes(StandardCharsets.UTF_8)),
                platPublicKey);
    }

    /**
     * RSA_1_256生成不同的sign
     */
    public static String sign(String preStr, String signType, String mchPrivateKey) throws Exception {
        RSAUtil.SignatureSuite suite;
        if ("RSA_1_1".equals(signType)) {
            suite = RSAUtil.SignatureSuite.SHA1;
        } else if ("RSA_1_256".equals(signType)) {
            suite = RSAUtil.SignatureSuite.SHA256;
        } else {
            throw new Exception("不支持的签名方式");
        }
        byte[] signBuf = RSAUtil.sign(suite, preStr.getBytes(StandardCharsets.UTF_8),
                mchPrivateKey);
        return new String(Base64.encodeBase64(signBuf), StandardCharsets.UTF_8);
    }
}