微信支付支持HMAC-SHA256

2020-02-04 17:14:05 +08:00
parent b2f2a3bb4e
commit 1954e59bb4
2 changed files with 23 additions and 7 deletions
--- a/platformapi/wxpayapi/callback.go
+++ b/platformapi/wxpayapi/callback.go
@@ -171,8 +171,9 @@ func (a *API) getCallbackMsg(msgBody string) (msg *CallbackMsg, callbackResponse
 	reqInfo := utils.Interface2String(mapData["req_info"])
 	transactionID := utils.Interface2String(mapData["transaction_id"])
 	if reqInfo == "" && transactionID != "" { // 对于支付结果通知进行签名验证（退款结果通知不支持验证）
+		sigType := utils.Interface2String(mapData[sigTypeKey])
 		sign := utils.Interface2String(mapData[sigKey])
-		desiredSign := a.signParam(mapData)
+		desiredSign := a.signParam(sigType, mapData)
 		if desiredSign != sign {
 			return nil, Err2CallbackResponse(fmt.Errorf("desiredSign:%s <> sign:%s", desiredSign, sign), "")
 		}
--- a/platformapi/wxpayapi/wxpayapi.go
+++ b/platformapi/wxpayapi/wxpayapi.go
@@ -2,7 +2,9 @@ package wxpayapi

 import (
 	"bytes"
+	"crypto/hmac"
 	"crypto/md5"
+	"crypto/sha256"
 	"crypto/tls"
 	"encoding/xml"
 	"fmt"
@@ -26,9 +28,10 @@ const (
 	ResponseCodeSuccess = "SUCCESS"
 	ResponseCodeFail    = "FAIL"

-	sigKey     = "sign"
-	sigTypeKey = "sign_type"
-	sigType    = "MD5"
+	sigKey        = "sign"
+	sigTypeKey    = "sign_type"
+	sigTypeMd5    = "MD5"
+	sigTypeSha256 = "HMAC-SHA256"
 )

 const (
@@ -265,7 +268,7 @@ func (a *API) GetMchID() string {
 	return a.mchID
 }

-func (a *API) signParam(params map[string]interface{}) (sig string) {
+func (a *API) signParam(signType string, params map[string]interface{}) (sig string) {
 	var valueList []string
 	for k, v := range params {
 		if k != sigKey {
@@ -277,7 +280,17 @@ func (a *API) signParam(params map[string]interface{}) (sig string) {
 	sort.Sort(sort.StringSlice(valueList))
 	valueList = append(valueList, fmt.Sprintf("key=%s", a.appKey))
 	sig = strings.Join(valueList, "&")
-	sig = fmt.Sprintf("%X", md5.Sum([]byte(sig)))
+	var binSig []byte
+	if signType == sigTypeMd5 {
+		binSig2 := md5.Sum([]byte(sig))
+		binSig = binSig2[:]
+	} else if signType == sigTypeSha256 {
+		mac := hmac.New(sha256.New, []byte(a.appKey))
+		mac.Write([]byte(sig))
+		binSig = mac.Sum(nil)
+	}
+	sig = fmt.Sprintf("%X", binSig)
+	// baseapi.SugarLogger.Debug(sig)
 	return sig
 }

@@ -293,8 +306,10 @@ func (a *API) AccessAPI(action string, requestParam IRequestBase) (retVal map[st
 	requestParam.SetAppID(a.appID)
 	requestParam.SetMchID(a.mchID)
 	requestParam.SetNonceStr(utils.GetUUID())
+	sigType := sigTypeSha256
+	// sigType := sigTypeMd5
 	requestParam.SetSignType(sigType)
-	signStr := a.signParam(utils.Struct2FlatMap(requestParam))
+	signStr := a.signParam(sigType, utils.Struct2FlatMap(requestParam))
 	requestParam.SetSign(signStr)

 	fullURL := utils.GenerateGetURL(prodURL, action, nil)