From 1954e59bb41dc54bd75a251e3eec9120ae692083 Mon Sep 17 00:00:00 2001
From: gazebo <gazeboxu@gmail.com>
Date: Tue, 4 Feb 2020 17:14:05 +0800
Subject: [PATCH] =?UTF-8?q?=E5=BE=AE=E4=BF=A1=E6=94=AF=E4=BB=98=E6=94=AF?=
 =?UTF-8?q?=E6=8C=81HMAC-SHA256?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 platformapi/wxpayapi/callback.go |  3 ++-
 platformapi/wxpayapi/wxpayapi.go | 27 +++++++++++++++++++++------
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/platformapi/wxpayapi/callback.go b/platformapi/wxpayapi/callback.go
index acb4c27c..488a12db 100644
--- a/platformapi/wxpayapi/callback.go
+++ b/platformapi/wxpayapi/callback.go
@@ -171,8 +171,9 @@ func (a *API) getCallbackMsg(msgBody string) (msg *CallbackMsg, callbackResponse
 	reqInfo := utils.Interface2String(mapData["req_info"])
 	transactionID := utils.Interface2String(mapData["transaction_id"])
 	if reqInfo == "" && transactionID != "" { // 对于支付结果通知进行签名验证（退款结果通知不支持验证）
+		sigType := utils.Interface2String(mapData[sigTypeKey])
 		sign := utils.Interface2String(mapData[sigKey])
-		desiredSign := a.signParam(mapData)
+		desiredSign := a.signParam(sigType, mapData)
 		if desiredSign != sign {
 			return nil, Err2CallbackResponse(fmt.Errorf("desiredSign:%s <> sign:%s", desiredSign, sign), "")
 		}
diff --git a/platformapi/wxpayapi/wxpayapi.go b/platformapi/wxpayapi/wxpayapi.go
index 732e0a45..efc135d5 100644
--- a/platformapi/wxpayapi/wxpayapi.go
+++ b/platformapi/wxpayapi/wxpayapi.go
@@ -2,7 +2,9 @@ package wxpayapi
 
 import (
 	"bytes"
+	"crypto/hmac"
 	"crypto/md5"
+	"crypto/sha256"
 	"crypto/tls"
 	"encoding/xml"
 	"fmt"
@@ -26,9 +28,10 @@ const (
 	ResponseCodeSuccess = "SUCCESS"
 	ResponseCodeFail    = "FAIL"
 
-	sigKey     = "sign"
-	sigTypeKey = "sign_type"
-	sigType    = "MD5"
+	sigKey        = "sign"
+	sigTypeKey    = "sign_type"
+	sigTypeMd5    = "MD5"
+	sigTypeSha256 = "HMAC-SHA256"
 )
 
 const (
@@ -265,7 +268,7 @@ func (a *API) GetMchID() string {
 	return a.mchID
 }
 
-func (a *API) signParam(params map[string]interface{}) (sig string) {
+func (a *API) signParam(signType string, params map[string]interface{}) (sig string) {
 	var valueList []string
 	for k, v := range params {
 		if k != sigKey {
@@ -277,7 +280,17 @@ func (a *API) signParam(params map[string]interface{}) (sig string) {
 	sort.Sort(sort.StringSlice(valueList))
 	valueList = append(valueList, fmt.Sprintf("key=%s", a.appKey))
 	sig = strings.Join(valueList, "&")
-	sig = fmt.Sprintf("%X", md5.Sum([]byte(sig)))
+	var binSig []byte
+	if signType == sigTypeMd5 {
+		binSig2 := md5.Sum([]byte(sig))
+		binSig = binSig2[:]
+	} else if signType == sigTypeSha256 {
+		mac := hmac.New(sha256.New, []byte(a.appKey))
+		mac.Write([]byte(sig))
+		binSig = mac.Sum(nil)
+	}
+	sig = fmt.Sprintf("%X", binSig)
+	// baseapi.SugarLogger.Debug(sig)
 	return sig
 }
 
@@ -293,8 +306,10 @@ func (a *API) AccessAPI(action string, requestParam IRequestBase) (retVal map[st
 	requestParam.SetAppID(a.appID)
 	requestParam.SetMchID(a.mchID)
 	requestParam.SetNonceStr(utils.GetUUID())
+	sigType := sigTypeSha256
+	// sigType := sigTypeMd5
 	requestParam.SetSignType(sigType)
-	signStr := a.signParam(utils.Struct2FlatMap(requestParam))
+	signStr := a.signParam(sigType, utils.Struct2FlatMap(requestParam))
 	requestParam.SetSign(signStr)
 
 	fullURL := utils.GenerateGetURL(prodURL, action, nil)