using Alipay.AopSdk.Core.Util;
|
using Alipay.EasySDK.Kernel;
|
using LifePayment.Domain.Shared;
|
using Microsoft.AspNetCore.Authentication;
|
using Microsoft.AspNetCore.Authorization;
|
using Microsoft.AspNetCore.Http;
|
using Microsoft.Extensions.Logging;
|
using Microsoft.Extensions.Options;
|
using Microsoft.Extensions.Primitives;
|
using Newtonsoft.Json;
|
using System;
|
using System.Collections.Generic;
|
using System.IdentityModel.Tokens.Jwt;
|
using System.Linq;
|
using System.Security.Authentication;
|
using System.Security.Claims;
|
using System.Text;
|
using System.Text.Encodings.Web;
|
using System.Threading.Tasks;
|
using ZeroD.Util;
|
|
namespace LifePayment.Domain
|
{
|
public class AliPayAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
|
{
|
private readonly IOptionsMonitor<Config> _optionsMonitor;
|
private Config _config;
|
|
public AliPayAuthenticationHandler(
|
IOptionsMonitor<AuthenticationSchemeOptions> options,
|
ILoggerFactory logger,
|
UrlEncoder encoder,
|
ISystemClock clock,
|
IOptionsMonitor<Config> optionsMonitor) : base(options, logger, encoder, clock)
|
{
|
_optionsMonitor = optionsMonitor;
|
}
|
|
protected async override Task<AuthenticateResult> HandleAuthenticateAsync()
|
{
|
string str = string.Empty;
|
Request.EnableBuffering();
|
var bytes = new byte[Request.ContentLength ?? 0];
|
var bt = 1;
|
while (bt > 0)
|
{
|
bt = await Request.Body.ReadAsync(bytes, 0, (int)(Request.ContentLength ?? 0));
|
}
|
|
str = Encoding.Default.GetString(bytes);
|
Logger.LogError("信任签回调验签{0}", str);
|
Request.Body.Position = 0;
|
if (!str.IsNullOrEmpty())
|
{
|
var endPoint = Request.HttpContext.GetEndpoint();
|
if (endPoint?.Metadata.GetMetadata<IAllowAnonymous>() != null)
|
{
|
return AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), AliPaySignAuthenticationDefaults.AuthenticationScheme));
|
}
|
|
StringValues app_id;
|
var app_idSuccess = Request.Form.TryGetValue("app_id", out app_id);
|
if (!app_idSuccess)
|
{
|
return AuthenticateResult.Fail(new AuthenticationException("app_id不可为空"));
|
}
|
|
StringValues msg_method;
|
var msg_methodSuccess = Request.Form.TryGetValue("msg_method", out msg_method);
|
if (!msg_methodSuccess)
|
{
|
return AuthenticateResult.Fail(new AuthenticationException("msg_method不可为空"));
|
}
|
|
switch (msg_method)
|
{
|
case AliPayEcsignConstant.AliPayEcsignApiMethod.SignorderSigned:
|
_config = _optionsMonitor.Get(AliPayEcsignConstant.OptionsName);
|
break;
|
default:
|
_config = _optionsMonitor.CurrentValue;
|
break;
|
}
|
|
SortedDictionary<string, string> dic = new SortedDictionary<string, string>();
|
Request.Form.ToList().ForEach(r =>
|
{
|
if (!r.Value.FirstOrDefault().IsNullOrEmpty())
|
{
|
dic.Add(r.Key, r.Value);
|
}
|
});
|
|
Logger.LogError("信任签回调验签2{0}", dic.ObjectToJson());
|
bool signVerified = AlipaySignature.RSACheckV1(dic, _config.AlipayPublicKey, "UTF-8", _config.SignType, false);
|
if (signVerified)
|
{
|
var claimIdentity = new ClaimsIdentity("AliPayIdentity");
|
claimIdentity.AddClaim(new Claim(nameof(app_id), app_id));
|
var principal = new ClaimsPrincipal(claimIdentity);
|
return AuthenticateResult.Success(new AuthenticationTicket(principal, AliPaySignAuthenticationDefaults.AuthenticationScheme));
|
}
|
}
|
|
return AuthenticateResult.Fail(new AuthenticationException("验签失败"));
|
}
|
}
|
}
|
