package com.ruoyi.order.tools.auth;
|
|
import com.wechat.pay.contrib.apache.httpclient.auth.Verifier;
|
|
import java.math.BigInteger;
|
import java.security.InvalidKeyException;
|
import java.security.NoSuchAlgorithmException;
|
import java.security.Signature;
|
import java.security.SignatureException;
|
import java.security.cert.X509Certificate;
|
import java.util.Base64;
|
import java.util.Map;
|
|
public class CloudCertificatesVerifier implements Verifier {
|
|
public static final String CACHE_KEY = "CLOUD_CERTIFICATES_CACHE";
|
|
private final CacheService cacheService;
|
|
|
public CloudCertificatesVerifier(CacheService cacheService) {
|
this.cacheService = cacheService;
|
}
|
|
private boolean verify(X509Certificate certificate, byte[] message, String signature) {
|
try {
|
Signature sign = Signature.getInstance("SHA256withRSA");
|
sign.initVerify(certificate);
|
sign.update(message);
|
return sign.verify(Base64.getDecoder().decode(signature));
|
} catch (NoSuchAlgorithmException e) {
|
throw new RuntimeException("当前Java环境不支持SHA256withRSA", e);
|
} catch (SignatureException e) {
|
throw new RuntimeException("签名验证过程发生了错误", e);
|
} catch (InvalidKeyException e) {
|
throw new RuntimeException("无效的证书", e);
|
}
|
}
|
|
@Override
|
public boolean verify(String serialNumber, byte[] message, String signature) {
|
BigInteger val = new BigInteger(serialNumber, 16);
|
Map<BigInteger, X509Certificate> certificates = cacheService.getMap(CACHE_KEY);
|
return certificates.containsKey(val) && verify(certificates.get(val), message, signature);
|
}
|
|
@Override
|
public X509Certificate getValidCertificate() {
|
return null;
|
}
|
}
|
