1024programmer Asp.Net c# .net framework implements WeChat payment v3 h5 payment signature verification

c# .net framework implements WeChat payment v3 h5 payment signature verification

c# .net framework implements WeChat payment v3 h5 payment signature verification

Interface Document: WeChat Payment-Developer Documentation (qq.com)

         public const string transactions_url = "https://api.mch.weixin.qq.com/v3/pay/transactions/h5";
         public static string certPath = AppDomain.CurrentDomain.BaseDirectory + @"\cert\apiclient_cert.p12";
         public static string certificatesPath = AppDomain.CurrentDomain.BaseDirectory + @"\cert\certificates_cert.pem"; // The callback decryption certificate is obtained according to the interface and saved as pem suffix. I saved it manually after requesting it.  No code written to save
         private static string certPassword = "888888888"; //certificate password of .p12
         public string BuildAuth(string mchid, string serial_no, string method, string uri, string body)
         var timestamp = DateTimeOffset.Now.ToUnixTimeSeconds();
         string nonce = Guid.NewGuid().ToString();
         //Construct signature string
         //HTTP request method\n + URL\n + request timestamp\n + request random string\n + request message body\n
         string message = method + "\n" + uri + "\n" + timestamp + "\n" + nonce + "\n" + body + "\n";
         string signature = GenerateSignature(message);

         //The merchant number mchid of the merchant who initiated the request (including directly connected merchants, service providers or channel providers)
         //Merchant API certificate serial number serial_no, used to declare the certificate used
         //Request a random string nonce_str
         // timestamp timestamp
         //signature valuesignature
         return "mchid=\"" + mchid + "\",nonce_str=\"" + nonce + "\",timestamp=\"" + timestamp + "\",serial_no=\"" + serial_no + "\",  signature=\"" + signature + "\"";

         /// Generate signature
         public static string GenerateSignature(string message)
         X509Certificate2 cert = new X509Certificate2(certPath, certPassword, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
         RSA PrivateKey = cert.GetRSAPrivateKey();
         byte[] dataBytes = Encoding.UTF8.GetBytes(message);
         byte[] signatureBytes = PrivateKey.SignData(dataBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
         return Convert.ToBase64String(signatureBytes);

         /// Verify callback signature
         public static bool VerifySignature(string signature, string timestamp, string nonce, string body)
         //Response timestamp\n
         //Response random string\n
         //Response message body\n
         X509Certificate2 wechatCert = new X509Certificate2(certificatesPath); //, X509KeyStorageFlags.MachineKeySet |
         string combinedString = string.Format("{0}\n{1}\n{2}\n", timestamp, nonce, body);
         byte[] buff = Encoding.UTF8.GetBytes(combinedString);
         var rsaPar = wechatCert.GetRSAPublicKey().ExportParameters(false);
         var rsa = new RSACryptoServiceProvider();
         return rsa.VerifyData(buff, CryptoConfig.MapNameToOID("SHA256"), Convert.FromBase64String(signature));

         #region Encryption and decryption

         public static string AesGcmDecrypt(string associatedData, string nonce, string ciphertext, string apikey)
         GcmBlockCipher gcmBlockCipher = new GcmBlockCipher(new AesEngine());
         AeadParameters aeadParameters = new AeadParameters(
         new KeyParameter(Encoding.UTF8.GetBytes(apikey)),
         gcmBlockCipher.Init(false, aeadParameters);

         byte[] data = Convert.FromBase64String(ciphertext);
         byte[] plaintext = new byte[gcmBlockCipher.GetOutputSize(data.Length)];
         int length = gcmBlockCipher.ProcessBytes(data, 0, data.Length, plaintext, 0);
         gcmBlockCipher.DoFinal(plaintext, length);
         return Encoding.UTF8.GetString(plaintext);

The problems encountered are

  1. The signature cannot be verified

  The generated signature cannot be verified \n Do not add escape characters

  2. The request sent is always 400. Use the tool to request the correctoften. The code doesn’t work.
 UserAgent = “m.cnblogs.com/WebRequest”;
 Just don’t leave it blank. You can fill in your own URL.

 3. The certificate for callback decryption is obtained by yourself. You can obtain the certificate file and save it with the suffix .pem
   Get the platform certificate list – Document Center – WeChat Payment Merchant Platform (qq.com)

  4. After requesting the h5_url, you can splice the specified jump afterwards Redirect link https://wx.tenpay.com/cgi-bin/mmpayweb-bin/checkmweb?prepay_id=wx2916263004719461949c84457c735b0000&package=2150917749&redirect_url=System.Web.HttpUtility.UrlEncode(“https://www.cnblogs.com/MIMU86” )

5. If the iPhone is not the default browser, it will jump to the default browser and there is no solution

This article is from the internet and does not represent1024programmerPosition, please indicate the source when reprinting:https://www.1024programmer.com/811176

author: admin

Previous article
Next article

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact Us

Contact us


Online consultation: QQ交谈

E-mail: [email protected]

Working hours: Monday to Friday, 9:00-17:30, holidays off

Follow wechat
Scan wechat and follow us

Scan wechat and follow us

Follow Weibo
Back to top