更新

PaymentServer/src/main/java/com/zhongshu/payment/server/core/service/pay/impl/unionFrictionlessPay/UnionNotifyService.java

@@ -7,19 +7,28 @@ import com.github.microservice.core.helper.JsonHelper;
 import com.github.microservice.net.ResultContent;
 import com.github.microservice.stream.PaymentStreamType;
 import com.github.microservice.stream.model.SignModel;
+import com.zhongshu.card.client.service.feign.OperationLogsFeignService;
 import com.zhongshu.payment.client.payModel.unionFrictionlessPay.model.PayNotifyResponse;
 import com.zhongshu.payment.client.payModel.unionFrictionlessPay.model.SignNotifyParam;
+import com.zhongshu.payment.server.core.service.base.SuperService;
+import com.zhongshu.payment.server.core.service.pay.impl.unionFrictionlessPay.config.UnionPaymentConfig;
+import com.zhongshu.payment.server.core.utils.AesUtils;
 import jakarta.servlet.ServletInputStream;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
+import org.bouncycastle.jce.ECNamedCurveTable;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import java.io.BufferedReader;
 import java.io.InputStreamReader;
+import java.security.*;
 import java.util.Enumeration;
+import java.util.HashMap;
 import java.util.LinkedHashMap;
 import java.util.Map;
 
@@ -29,7 +38,7 @@ import java.util.Map;
  */
 @Slf4j
 @Service
-public class UnionNotifyService {
+public class UnionNotifyService extends SuperService {
 
     @Autowired
     JsonHelper jsonHelper;
@@ -37,6 +46,9 @@ public class UnionNotifyService {
     @Autowired
     StreamHelper streamHelper;
 
+    @Autowired
+    OperationLogsFeignService operationLogsFeignService;
+
     /**
      * 无感支付签约回调 （解约也调用该接口）
      *
@@ -54,12 +66,15 @@ public class UnionNotifyService {
         while ((s = bufferedReader.readLine()) != null) {
             stringBuffer.append(s);
         }
+        Map<String, String> header = new HashMap<>();
         log.info("stringBuffer: {}", stringBuffer.toString());
+
         Enumeration<String> exception = request.getHeaderNames();
         while (exception.hasMoreElements()) {
             String key = exception.nextElement();
             String value = request.getHeader(key);
             log.info("key: {}, value: {}", key, value);
+            header.put(key, value);
         }
 
         String authorization = request.getHeader("X-Authorization");
@@ -69,13 +84,37 @@ public class UnionNotifyService {
             log.info("key: {}, values: {}", key, values);
             paramMap.put(key, values[0]);
         });
+
+        Security.addProvider(new BouncyCastleProvider());
+        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(
+                "EC",
+                "BC");
         JSONObject jsonObject = new JSONObject(paramMap);
 
+        ECNamedCurveParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec("sm2p256v1");
+        keyPairGenerator.initialize(ecSpec);
+        KeyPair keyPair = keyPairGenerator.generateKeyPair();
+
+        Signature signature = Signature.getInstance("SM3withSM2", "BC");
+        signature.initVerify(keyPair.getPublic());
+        signature.update("Hello, SM2".getBytes());
+        log.info("验证signature: {}", signature.verify(jsonObject.toString().getBytes()));
 
         SignNotifyParam signNotifyParam = new SignNotifyParam();
         BeanUtils.copyProperties(paramMap, signNotifyParam);
         log.info("签约通知字符串：{} {}", contractNo, paramMap);
 
+        PublicKey publicKey = AesUtils.initializeSM3WithSM2PublicKey(
+                UnionPaymentConfig.notifySecret.getBytes());
+        // 创建 Signature 对象，指定验签算法为 SM3withSM2
+        Signature signature1 = Signature.getInstance("SM3withSM2");
+        // 初始化 Signature 对象，使用公钥进行验签
+        signature1.initVerify(publicKey);
+        // 更新待验签的数据
+        signature1.update(jsonObject.toString().getBytes());
+        // 进行验签并获取验证结果
+        boolean verifyResult = signature1.verify(authorization.getBytes());
+
 
         SignModel signModel = new SignModel();
         streamHelper.send(PaymentStreamType.UnionFrictionStateStream.name(), signModel);

PaymentServer/src/main/java/com/zhongshu/payment/server/core/utils/AesUtils.java

@@ -3,10 +3,15 @@ package com.zhongshu.payment.server.core.utils;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
+import java.security.KeyFactory;
 import java.security.MessageDigest;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.spec.X509EncodedKeySpec;
 import java.util.Base64;
 
 import static org.apache.tomcat.util.buf.HexUtils.toHexString;
@@ -81,4 +86,13 @@ public class AesUtils {
         return str;
     }
 
+    public static PublicKey initializeSM3WithSM2PublicKey(byte[] publicKeyBytes) throws Exception {
+        // 将字节转换为PublicKey
+        Security.addProvider(new BouncyCastleProvider());
+        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKeyBytes);
+        KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
+        PublicKey publicKey = keyFactory.generatePublic(keySpec);
+        return publicKey;
+    }
+
 }

PaymentServer/src/main/java/com/zhongshu/payment/server/core/utils/Test.java

@@ -0,0 +1,42 @@
+package com.zhongshu.payment.server.core.utils;
+
+import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
+import org.bouncycastle.jce.ECNamedCurveTable;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
+
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Security;
+import java.security.Signature;
+
+/**
+ * @author TRX
+ * @date 2024/8/31
+ */
+@Slf4j
+public class Test {
+
+    @SneakyThrows
+    public static void main(String[] args) {
+        Security.addProvider(new BouncyCastleProvider());
+
+        // Generate key pair
+        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "BC");
+        ECNamedCurveParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec("sm2p256v1");
+        keyPairGenerator.initialize(ecSpec);
+        KeyPair keyPair = keyPairGenerator.generateKeyPair();
+
+        // Sign
+        Signature signature = Signature.getInstance("SM3withSM2", "BC");
+        signature.initSign(keyPair.getPrivate());
+        signature.update("Hello, SM2".getBytes());
+        byte[] sig = signature.sign();
+
+        // Verify
+        signature.initVerify(keyPair.getPublic());
+        signature.update("Hello, SM2".getBytes());
+        System.out.println("Signature verified: " + signature.verify(sig));
+    }
+}