Skip to content

Commit

Permalink
add aes encrypt
Browse files Browse the repository at this point in the history
  • Loading branch information
iGoogle-ink committed Oct 1, 2023
1 parent b692e09 commit b2ba9c0
Show file tree
Hide file tree
Showing 4 changed files with 38 additions and 19 deletions.
45 changes: 30 additions & 15 deletions alipay/client.go
Original file line number Diff line number Diff line change
@@ -1,17 +1,18 @@
package alipay

import (
"context"
"crypto/rsa"
"crypto/sha1"
"crypto/sha256"
"encoding/base64"
"encoding/json"
"fmt"
"hash"
"sync"
"time"

"github.com/go-pay/gopay"
"github.com/go-pay/gopay/pkg/aes"
"github.com/go-pay/gopay/pkg/util"
"github.com/go-pay/gopay/pkg/xhttp"
"github.com/go-pay/gopay/pkg/xlog"
Expand All @@ -30,7 +31,8 @@ type Client struct {
SignType string
AppAuthToken string
IsProd bool
bodySize int // http response body size(MB), default is 10MB
aesKey string // biz_content 加密的 AES KEY
ivKey []byte
privateKey *rsa.PrivateKey
aliPayPublicKey *rsa.PublicKey // 支付宝证书公钥内容 alipayPublicCert.crt
autoSign bool
Expand Down Expand Up @@ -91,18 +93,10 @@ func (a *Client) SetBodySize(sizeMB int) {
}
}

// Deprecated
// 推荐使用 PostAliPayAPISelfV2()
// 示例:请参考 client_test.go 的 TestClient_PostAliPayAPISelf() 方法
func (a *Client) PostAliPayAPISelf(ctx context.Context, bm gopay.BodyMap, method string, aliRsp any) (err error) {
var bs []byte
if bs, err = a.doAliPay(ctx, bm, method); err != nil {
return err
}
if err = json.Unmarshal(bs, aliRsp); err != nil {
return err
}
return nil
// SetAESKey 设置 biz_content 的AES加密key,设置此参数默认开启 biz_content 参数加密
func (a *Client) SetAESKey(aesKey string) {
a.aesKey = aesKey
a.ivKey = []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
}

// Deprecated
Expand Down Expand Up @@ -197,7 +191,20 @@ func (a *Client) pubParamsHandle(bm gopay.BodyMap, method, bizContent string, au
pubBody.Set("auth_token", authToken[0])
}
if bizContent != util.NULL {
pubBody.Set("biz_content", bizContent)
if a.aesKey == util.NULL {
pubBody.Set("biz_content", bizContent)
} else {
// AES Encrypt biz_content
encryptBizContent, err := a.encryptBizContent(bizContent)
if err != nil {
return "", fmt.Errorf("EncryptBizContent Error: %w", err)
}
if a.DebugSwitch == gopay.DebugOn {
xlog.Debugf("Alipay_Origin_BizContent: %s", bizContent)
xlog.Debugf("Alipay_Encrypt_BizContent: %s", encryptBizContent)
}
pubBody.Set("biz_content", encryptBizContent)
}
}
// sign
sign, err := a.getRsaSign(pubBody, pubBody.GetString("sign_type"))
Expand Down Expand Up @@ -242,3 +249,11 @@ func (a *Client) checkPublicParam(bm gopay.BodyMap) {
bm.Set("app_auth_token", a.AppAuthToken)
}
}

func (a *Client) encryptBizContent(originData string) (string, error) {
encryptData, err := aes.CBCEncrypt([]byte(originData), []byte(a.aesKey), a.ivKey)
if err != nil {
return "", err
}
return base64.StdEncoding.EncodeToString(encryptData), nil
}
3 changes: 3 additions & 0 deletions alipay/client_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,9 @@ func TestMain(m *testing.M) {
SetReturnUrl("https://www.fmm.ink").
SetNotifyUrl("https://www.fmm.ink")

// 设置biz_content加密KEY,设置此参数默认开启加密(目前未测试成功)
//client.SetAESKey("KvKUTqSVZX2fUgmxnFyMaQ==")

// 自动同步验签(只支持证书模式)
// 传入 支付宝公钥证书 alipayPublicCert.crt 内容
client.AutoVerifySign(cert.AlipayPublicContentRSA2)
Expand Down
6 changes: 2 additions & 4 deletions alipay/common_api.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,7 @@ func FormatURLParam(body gopay.BodyMap) (urlParam string) {
// encryptedData:包括敏感数据在内的完整用户信息的加密数据
// secretKey:AES密钥,支付宝管理平台配置
// beanPtr:需要解析到的结构体指针
// 文档:https://opendocs.alipay.com/mini/introduce/aes
// 文档:https://opendocs.alipay.com/open/common/104567
// 文档:https://opendocs.alipay.com/common/02mse3
func DecryptOpenDataToStruct(encryptedData, secretKey string, beanPtr any) (err error) {
if encryptedData == util.NULL || secretKey == util.NULL {
return errors.New("encryptedData or secretKey is null")
Expand Down Expand Up @@ -76,8 +75,7 @@ func DecryptOpenDataToStruct(encryptedData, secretKey string, beanPtr any) (err
// DecryptOpenDataToBodyMap 解密支付宝开放数据到 BodyMap
// encryptedData:包括敏感数据在内的完整用户信息的加密数据
// secretKey:AES密钥,支付宝管理平台配置
// 文档:https://opendocs.alipay.com/mini/introduce/aes
// 文档:https://opendocs.alipay.com/open/common/104567
// 文档:https://opendocs.alipay.com/common/02mse3
func DecryptOpenDataToBodyMap(encryptedData, secretKey string) (bm gopay.BodyMap, err error) {
if encryptedData == util.NULL || secretKey == util.NULL {
return nil, errors.New("encryptedData or secretKey is null")
Expand Down
3 changes: 3 additions & 0 deletions doc/alipay.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,9 @@ SetReturnUrl("https://www.fmm.ink"). // 设置返回URL
SetNotifyUrl("https://www.fmm.ink"). // 设置异步通知URL
SetAppAuthToken() // 设置第三方应用授权

// 设置biz_content加密KEY,设置此参数默认开启加密
client.SetAESKey("1234567890123456")

// 自动同步验签(只支持证书模式)
// 传入 alipayPublicCert.crt 内容
client.AutoVerifySign([]byte("alipayPublicCert.crt bytes"))
Expand Down

0 comments on commit b2ba9c0

Please sign in to comment.