-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathwxpayv3.go
536 lines (506 loc) · 14.3 KB
/
wxpayv3.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
package mcommon
import (
"bytes"
"crypto"
"crypto/aes"
"crypto/cipher"
"crypto/md5"
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
"encoding/base64"
"encoding/pem"
"encoding/xml"
"fmt"
"io/ioutil"
"net/url"
"strconv"
"time"
"github.com/gin-gonic/gin"
jsoniter "github.com/json-iterator/go"
"github.com/parnurzeal/gorequest"
)
// StWxPayRawResp 回复
type StWxPayRawResp struct {
ID string `json:"id"`
CreateTime time.Time `json:"create_time"`
ResourceType string `json:"resource_type"`
EventType string `json:"event_type"`
Summary string `json:"summary"`
Resource struct {
OriginalType string `json:"original_type"`
Algorithm string `json:"algorithm"`
Ciphertext string `json:"ciphertext"`
AssociatedData string `json:"associated_data"`
Nonce string `json:"nonce"`
} `json:"resource"`
}
// StWxPayResp 回复
type StWxPayResp struct {
Mchid string `json:"mchid"`
Appid string `json:"appid"`
OutTradeNo string `json:"out_trade_no"`
TransactionID string `json:"transaction_id"`
TradeType string `json:"trade_type"`
TradeState string `json:"trade_state"`
TradeStateDesc string `json:"trade_state_desc"`
BankType string `json:"bank_type"`
Attach string `json:"attach"`
SuccessTime time.Time `json:"success_time"`
Payer struct {
Openid string `json:"openid"`
} `json:"payer"`
Amount struct {
Total int `json:"total"`
PayerTotal int `json:"payer_total"`
Currency string `json:"currency"`
PayerCurrency string `json:"payer_currency"`
} `json:"amount"`
}
// StWxRefundCb 回调
type StWxRefundCb struct {
XMLName xml.Name `xml:"root"`
Text string `xml:",chardata"`
OutRefundNo string `xml:"out_refund_no"`
OutTradeNo string `xml:"out_trade_no"`
RefundAccount string `xml:"refund_account"`
RefundFee string `xml:"refund_fee"`
RefundID string `xml:"refund_id"`
RefundRecvAccout string `xml:"refund_recv_accout"`
RefundRequestSource string `xml:"refund_request_source"`
RefundStatus string `xml:"refund_status"`
SettlementRefundFee string `xml:"settlement_refund_fee"`
SettlementTotalFee string `xml:"settlement_total_fee"`
SuccessTime string `xml:"success_time"`
TotalFee string `xml:"total_fee"`
TransactionID string `xml:"transaction_id"`
}
type StWxV3RefundResp struct {
Amount struct {
Currency string `json:"currency"`
DiscountRefund int `json:"discount_refund"`
PayerRefund int `json:"payer_refund"`
PayerTotal int `json:"payer_total"`
Refund int `json:"refund"`
SettlementRefund int `json:"settlement_refund"`
SettlementTotal int `json:"settlement_total"`
Total int `json:"total"`
} `json:"amount"`
Channel string `json:"channel"`
CreateTime time.Time `json:"create_time"`
FundsAccount string `json:"funds_account"`
OutRefundNo string `json:"out_refund_no"`
OutTradeNo string `json:"out_trade_no"`
PromotionDetail []interface{} `json:"promotion_detail"`
RefundID string `json:"refund_id"`
Status string `json:"status"`
TransactionID string `json:"transaction_id"`
UserReceivedAccount string `json:"user_received_account"`
Code string `json:"code"`
Message string `json:"message"`
}
type StWxV3RefundCb struct {
ID string `json:"id"`
CreateTime time.Time `json:"create_time"`
ResourceType string `json:"resource_type"`
EventType string `json:"event_type"`
Summary string `json:"summary"`
Resource struct {
OriginalType string `json:"original_type"`
Algorithm string `json:"algorithm"`
Ciphertext string `json:"ciphertext"`
AssociatedData string `json:"associated_data"`
Nonce string `json:"nonce"`
} `json:"resource"`
}
type StWxV3RefundCbContent struct {
Mchid string `json:"mchid"`
OutTradeNo string `json:"out_trade_no"`
TransactionID string `json:"transaction_id"`
OutRefundNo string `json:"out_refund_no"`
RefundID string `json:"refund_id"`
RefundStatus string `json:"refund_status"`
SuccessTime time.Time `json:"success_time"`
Amount struct {
Total int `json:"total"`
Refund int `json:"refund"`
PayerTotal int `json:"payer_total"`
PayerRefund int `json:"payer_refund"`
} `json:"amount"`
UserReceivedAccount string `json:"user_received_account"`
}
// RsaSign 签名
func RsaSign(signContent string, privateKey *rsa.PrivateKey, hash crypto.Hash) (string, error) {
shaNew := hash.New()
shaNew.Write([]byte(signContent))
hashed := shaNew.Sum(nil)
signature, err := rsa.SignPKCS1v15(rand.Reader, privateKey, hash, hashed)
if err != nil {
return "", err
}
return base64.StdEncoding.EncodeToString(signature), nil
}
// WxPayV3SignStr 获取签名结果
func WxPayV3SignStr(key *rsa.PrivateKey, cols []string) (string, error) {
var buf bytes.Buffer
for _, col := range cols {
buf.WriteString(col)
buf.WriteString("\n")
}
sign, err := RsaSign(buf.String(), key, crypto.SHA256)
if err != nil {
return "", err
}
return sign, nil
}
// WxPayV3Sign v3签名
func WxPayV3Sign(mchid, keySerial string, key *rsa.PrivateKey, req *gorequest.SuperAgent) (*gorequest.SuperAgent, error) {
timestamp := time.Now().Unix()
nonce := GetUUIDStr()
uri, err := url.Parse(req.Url)
if err != nil {
return nil, err
}
var bodyBytes []byte
if req.Method == "POST" {
request, err := req.MakeRequest()
if err != nil {
return nil, err
}
bodyReader, err := request.GetBody()
if err != nil {
return nil, err
}
bodyBytes, err = ioutil.ReadAll(bodyReader)
if err != nil {
return nil, err
}
}
sign, err := WxPayV3SignStr(key, []string{
req.Method,
uri.Path,
strconv.FormatInt(timestamp, 10),
nonce,
string(bodyBytes),
})
if err != nil {
return nil, err
}
auth := fmt.Sprintf(
`WECHATPAY2-SHA256-RSA2048 mchid="%s",nonce_str="%s",signature="%s",timestamp="%d",serial_no="%s"`,
mchid,
nonce,
sign,
timestamp,
keySerial,
)
req = req.
Set("Authorization", auth).
Set("Accept", "application/json").
Set("User-Agent", "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50")
return req, nil
}
// WxPayV3Decrype 解密
func WxPayV3Decrype(key string, cipherStr, nonce, associatedData string) (string, error) {
keyBytes := []byte(key)
nonceBytes := []byte(nonce)
associatedDataBytes := []byte(associatedData)
ciphertext, err := base64.StdEncoding.DecodeString(cipherStr)
if err != nil {
return "", err
}
block, err := aes.NewCipher(keyBytes)
if err != nil {
return "", err
}
aesgcm, err := cipher.NewGCM(block)
if err != nil {
return "", err
}
plaintext, err := aesgcm.Open(nil, nonceBytes, ciphertext, associatedDataBytes)
if err != nil {
return "", err
}
return string(plaintext), nil
}
// WxPayV3CheckSign v3签名验证
func WxPayV3CheckSign(header map[string][]string, body []byte, cerStr string) error {
if len(cerStr) == 0 {
return fmt.Errorf("no cer")
}
timestamp, err := WxPayV3GetHeaderByKey(header, "Wechatpay-Timestamp")
if err != nil {
return err
}
nonce, err := WxPayV3GetHeaderByKey(header, "Wechatpay-Nonce")
if err != nil {
return err
}
signature, err := WxPayV3GetHeaderByKey(header, "Wechatpay-Signature")
if err != nil {
return err
}
checkStr := timestamp + "\n" + nonce + "\n" + string(body) + "\n"
block, _ := pem.Decode([]byte(cerStr))
var cert *x509.Certificate
cert, err = x509.ParseCertificate(block.Bytes)
if err != nil {
return err
}
rsaPublicKey := cert.PublicKey.(*rsa.PublicKey)
oldSign, err := base64.StdEncoding.DecodeString(signature)
if err != nil {
return err
}
hashed := sha256.Sum256([]byte(checkStr))
err = rsa.VerifyPKCS1v15(rsaPublicKey, crypto.SHA256, hashed[:], oldSign)
return err
}
// WxPayV3GetHeaderByKey 获取头
func WxPayV3GetHeaderByKey(header map[string][]string, key string) (string, error) {
v, ok := header[key]
if !ok {
return "", fmt.Errorf("no key %s", key)
}
if len(v) == 0 {
return "", fmt.Errorf("key empty %s", key)
}
return v[0], nil
}
// WxPayV3GetPrepay 获取预支付信息
func WxPayV3GetPrepay(keySerial string, key *rsa.PrivateKey, appID, mchID, openID, payBody, outTradeNo, cbURL string, totalFee int64, expireAt time.Time) (gin.H, string, error) {
req := gorequest.New().
Post("https://api.mch.weixin.qq.com/v3/pay/transactions/jsapi").
Send(
H{
"appid": appID,
"mchid": mchID,
"description": payBody,
"out_trade_no": outTradeNo,
"time_expire": expireAt.Format(time.RFC3339),
"notify_url": cbURL,
"amount": H{
"total": totalFee,
},
"payer": H{
"openid": openID,
},
},
)
req, err := WxPayV3Sign(
mchID,
keySerial,
key,
req,
)
if err != nil {
return nil, "", err
}
_, body, errs := req.EndBytes()
if errs != nil {
return nil, "", errs[0]
}
var prepayResp struct {
PrepayID string `json:"prepay_id"`
}
err = jsoniter.Unmarshal(body, &prepayResp)
if err != nil {
return nil, "", err
}
if len(prepayResp.PrepayID) == 0 {
return nil, "", fmt.Errorf("get prepay id err: %s", body)
}
v, err := WxPayV3SignPrepayid(key, appID, prepayResp.PrepayID)
if err != nil {
return nil, "", err
}
return v, prepayResp.PrepayID, nil
}
// WxPayV3SignPrepayid 签名prepayid
func WxPayV3SignPrepayid(key *rsa.PrivateKey, appID, prepayid string) (gin.H, error) {
objTimestamp := strconv.FormatInt(time.Now().Unix(), 10)
objNonce := GetUUIDStr()
objCol := fmt.Sprintf("prepay_id=%s", prepayid)
objSign, err := WxPayV3SignStr(
key,
[]string{
appID,
objTimestamp,
objNonce,
objCol,
},
)
if err != nil {
return nil, err
}
v := gin.H{
"timeStamp": objTimestamp,
"nonceStr": objNonce,
"package": objCol,
"signType": "RSA",
"paySign": objSign,
}
return v, nil
}
// WxPayV3DecodePayResp 解析支付回调
func WxPayV3DecodePayResp(v3Key string, body []byte, mchid, appid string) (*StWxPayResp, error) {
var rawResp StWxPayRawResp
err := jsoniter.Unmarshal(body, &rawResp)
if err != nil {
return nil, err
}
if rawResp.EventType != "TRANSACTION.SUCCESS" {
return nil, fmt.Errorf("error event_type: %s", rawResp.EventType)
}
if rawResp.ResourceType != "encrypt-resource" {
return nil, fmt.Errorf("error resource_type: %s", rawResp.ResourceType)
}
originalType := rawResp.Resource.OriginalType
if originalType != "transaction" {
return nil, fmt.Errorf("error original_type: %s", originalType)
}
algorithm := rawResp.Resource.Algorithm
if algorithm != "AEAD_AES_256_GCM" {
return nil, fmt.Errorf("error algorithm: %s", algorithm)
}
ciphertext := rawResp.Resource.Ciphertext
associatedData := rawResp.Resource.AssociatedData
nonce := rawResp.Resource.Nonce
plain, err := WxPayV3Decrype(
v3Key,
ciphertext,
nonce,
associatedData,
)
if err != nil {
return nil, err
}
var finalResp StWxPayResp
err = jsoniter.Unmarshal([]byte(plain), &finalResp)
if err != nil {
return nil, err
}
if finalResp.Mchid != mchid {
return nil, fmt.Errorf("mchid error")
}
if finalResp.Appid != appid {
return nil, fmt.Errorf("appid error")
}
if finalResp.TradeState != "SUCCESS" {
return nil, fmt.Errorf("error trade_state: %s", finalResp.TradeState)
}
return &finalResp, nil
}
// WxPayCheckRefundCb 验证回调
func WxPayCheckRefundCb(mchKey string, body []byte) (*StWxRefundCb, error) {
mchKeyMd5 := fmt.Sprintf("%x", md5.Sum([]byte(mchKey)))
bodyMap, err := XMLWalk(body)
if err != nil {
// 返回数据
return nil, err
}
reqInfo, ok := bodyMap["req_info"]
if !ok {
return nil, fmt.Errorf("no key req_info %s", body)
}
reqInfoStr, ok := reqInfo.(string)
if !ok {
return nil, fmt.Errorf("error format req_info: %s", body)
}
reqInfoBytes, err := base64.StdEncoding.DecodeString(reqInfoStr)
if err != nil {
return nil, err
}
reqInfoFull, err := DecryptAesEcb(reqInfoBytes, []byte(mchKeyMd5))
if err != nil {
return nil, err
}
var bodyXML StWxRefundCb
err = xml.Unmarshal(reqInfoFull, &bodyXML)
if err != nil {
return nil, err
}
return &bodyXML, nil
}
// WxPayV3Refunds 退款
func WxPayV3Refunds(keySerial string, key *rsa.PrivateKey, mchID, transactionID, outRefundNo, cbURL string, totalFee, refundFee int64) (*StWxV3RefundResp, error) {
req := gorequest.New().
Post("https://api.mch.weixin.qq.com/v3/refund/domestic/refunds").
Send(
H{
"transaction_id": transactionID,
"out_refund_no": outRefundNo,
"notify_url": cbURL,
"amount": H{
"refund": refundFee,
"total": totalFee,
"currency": "CNY",
},
},
)
req, err := WxPayV3Sign(
mchID,
keySerial,
key,
req,
)
if err != nil {
return nil, err
}
_, body, errs := req.EndBytes()
if errs != nil {
return nil, errs[0]
}
Log.Debugf("body: %s", body)
var resp StWxV3RefundResp
err = jsoniter.Unmarshal(body, &resp)
if err != nil {
return nil, err
}
if resp.Code != "" {
return nil, fmt.Errorf("refund err: %s", body)
}
return &resp, nil
}
// WxPayV3DecodeRefundsCb 解析退款回调
func WxPayV3DecodeRefundsCb(v3Key string, body []byte) (*StWxV3RefundCbContent, error) {
var rawResp StWxV3RefundCb
err := jsoniter.Unmarshal(body, &rawResp)
if err != nil {
return nil, err
}
if rawResp.EventType != "REFUND.SUCCESS" {
return nil, fmt.Errorf("error event_type: %s", rawResp.EventType)
}
if rawResp.ResourceType != "encrypt-resource" {
return nil, fmt.Errorf("error resource_type: %s", rawResp.ResourceType)
}
originalType := rawResp.Resource.OriginalType
if originalType != "refund" {
return nil, fmt.Errorf("error original_type: %s", originalType)
}
algorithm := rawResp.Resource.Algorithm
if algorithm != "AEAD_AES_256_GCM" {
return nil, fmt.Errorf("error algorithm: %s", algorithm)
}
ciphertext := rawResp.Resource.Ciphertext
associatedData := rawResp.Resource.AssociatedData
nonce := rawResp.Resource.Nonce
plain, err := WxPayV3Decrype(
v3Key,
ciphertext,
nonce,
associatedData,
)
if err != nil {
return nil, err
}
Log.Debugf("plain: %s", plain)
var content StWxV3RefundCbContent
err = jsoniter.Unmarshal([]byte(plain), &content)
if err != nil {
return nil, err
}
return &content, nil
}