Class: Wechatpay::Api::V3::Client

Inherits:

Object

• Object
• Wechatpay::Api::V3::Client

Includes:

JSAPI, Trade

Defined in:

lib/wechatpay/api/v3/client.rb

Constant Summary

SCHEMA =

'WECHATPAY2-SHA256-RSA2048'.freeze

Instance Attribute Summary

• #appid ⇒ Object readonly

  Returns the value of attribute appid.

• #key ⇒ Object readonly

  Returns the value of attribute key.

• #logger ⇒ Object

  Returns the value of attribute logger.

• #mch_id ⇒ Object readonly

  Returns the value of attribute mch_id.

• #rsa_key ⇒ Object readonly

  Returns the value of attribute rsa_key.

• #serial_no ⇒ Object readonly

  Returns the value of attribute serial_no.

• #site ⇒ Object

  Returns the value of attribute site.

Instance Method Summary

• #authorization_header(http_method, path, body) ⇒ Object
• #authorization_params(http_method, path, body) ⇒ Object
• #cert ⇒ Object
• #connection ⇒ Object
• #dechipher(data, nonce, auth_data) ⇒ Object
• #decrypt(cipher_text, nonce, auth_data) ⇒ Object
• #get(path, params = nil) ⇒ Object
• #handle(resp) ⇒ Object
• #initialize(appid, mch_id, **opts) ⇒ Client constructor

  A new instance of Client.

• #post(path, data, **headers) ⇒ Object
• #sign_content(content) ⇒ Object
• #sign_with(body, method, path, timestamp, rnd) ⇒ Object
• #update_certs ⇒ Object
• #verify(headers, body) ⇒ Object

Methods included from JSAPI

#js_prepay, #js_sign

Methods included from Trade

#notice

Constructor Details

#initialize(appid, mch_id, **opts) ⇒ Client

Returns a new instance of Client.

# File 'lib/wechatpay/api/v3/client.rb', line 18

def initialize(appid, mch_id, **opts)
  @appid = appid
  @mch_id = mch_id
  @rsa_key = OpenSSL::PKey::RSA.new opts[:cert] if opts[:cert]
  @serial_no = opts[:cert_no]
  @key = opts[:key]
  @site = opts[:site] || 'https://api.mch.weixin.qq.com'

  @logger = Logger.new(STDOUT)
end

Instance Attribute Details

#appid ⇒ Object (readonly)

Returns the value of attribute appid.

# File 'lib/wechatpay/api/v3/client.rb', line 13

def appid
  @appid
end

#key ⇒ Object (readonly)

Returns the value of attribute key.

# File 'lib/wechatpay/api/v3/client.rb', line 13

def key
  @key
end

#logger ⇒ Object

Returns the value of attribute logger.

# File 'lib/wechatpay/api/v3/client.rb', line 14

def logger
  @logger
end

#mch_id ⇒ Object (readonly)

Returns the value of attribute mch_id.

# File 'lib/wechatpay/api/v3/client.rb', line 13

def mch_id
  @mch_id
end

#rsa_key ⇒ Object (readonly)

Returns the value of attribute rsa_key.

# File 'lib/wechatpay/api/v3/client.rb', line 13

def rsa_key
  @rsa_key
end

#serial_no ⇒ Object (readonly)

Returns the value of attribute serial_no.

# File 'lib/wechatpay/api/v3/client.rb', line 13

def serial_no
  @serial_no
end

#site ⇒ Object

Returns the value of attribute site.

# File 'lib/wechatpay/api/v3/client.rb', line 14

def site
  @site
end

Instance Method Details

#authorization_header(http_method, path, body) ⇒ Object

# File 'lib/wechatpay/api/v3/client.rb', line 97

def authorization_header(http_method, path, body)
  [SCHEMA, authorization_params(http_method, path, body)].join ' '
end

#authorization_params(http_method, path, body) ⇒ Object

# File 'lib/wechatpay/api/v3/client.rb', line 101

def authorization_params(http_method, path, body)
  timestamp = Time.now.to_i
  rnd = SecureRandom.hex
  signature = sign_with(body, http_method, path, timestamp, rnd)
  [
    "mchid=\"#{mch_id}\"", "serial_no=\"#{serial_no}\"", "nonce_str=\"#{rnd}\"",
    "timestamp=\"#{timestamp}\"", "signature=\"#{signature}\""
  ].join(',')
end

#cert ⇒ Object

# File 'lib/wechatpay/api/v3/client.rb', line 65

def cert
  Wechatpay::Api::V3::Cert.instance.load || update_certs
end

#connection ⇒ Object

# File 'lib/wechatpay/api/v3/client.rb', line 29

def connection
  Faraday.new(url: @site) do |conn|
    conn.request :retry
    conn.response :logger
    # conn.response :raise_error
    conn.adapter :net_http
  end
end

#dechipher(data, nonce, auth_data) ⇒ Object

# File 'lib/wechatpay/api/v3/client.rb', line 119

def dechipher(data, nonce, auth_data)
  chipher = OpenSSL::Cipher.new 'aes-256-gcm'
  chipher.decrypt
  chipher.key = key
  chipher.iv = nonce
  chipher.padding = 0
  chipher.auth_data = auth_data
  chipher.auth_tag = data[-16, 16]
  chipher
end

#decrypt(cipher_text, nonce, auth_data) ⇒ Object

# File 'lib/wechatpay/api/v3/client.rb', line 111

def decrypt(cipher_text, nonce, auth_data)
  raise :cipher_text_invalid if (cipher_text.try(:length) || 0) < 16

  data = Base64.strict_decode64(cipher_text)
  dec = dechipher(data, nonce, auth_data)
  dec.update(data[0, data.length - 16]).tap { |s| logger.debug "DEC: #{s}" } + dec.final
end

#get(path, params = nil) ⇒ Object

# File 'lib/wechatpay/api/v3/client.rb', line 38

def get(path, params = nil)
  resp = connection.get(path, params) do |req|
    path = req.path
    path = [req.path, Faraday::Utils.build_query(req.params)].join('?') unless params.nil? || params.empty?
    req.headers['Authorization'] = authorization_header('GET', path, nil)
    req.headers['Accept'] = 'application/json'
  end
  handle resp
end

#handle(resp) ⇒ Object

# File 'lib/wechatpay/api/v3/client.rb', line 77

def handle(resp)
  logger.debug { "HANDLE RESPONSE: #{resp.inspect}" }
  data = resp.body
  raise :empty_body unless data && !data.empty?

  MultiJson.load data, symbolize_keys: true
end

#post(path, data, **headers) ⇒ Object

# File 'lib/wechatpay/api/v3/client.rb', line 48

def post(path, data, **headers)
  body = data.is_a?(Hash) ? MultiJson.dump(data) : data
  resp = connection.post(path, body, headers) do |req|
    req.headers['Authorization'] = authorization_header('POST', path, body)
    req.headers['Accept'] = 'application/json'
  end
  handle resp
end

#sign_content(content) ⇒ Object

# File 'lib/wechatpay/api/v3/client.rb', line 91

def sign_content(content)
  digest = OpenSSL::Digest::SHA256.new
  signed = rsa_key.sign(digest, content)
  Base64.strict_encode64 signed
end

#sign_with(body, method, path, timestamp, rnd) ⇒ Object

# File 'lib/wechatpay/api/v3/client.rb', line 85

def sign_with(body, method, path, timestamp, rnd)
  str = [method, path, timestamp, rnd, body].join("\n") + "\n"
  logger.debug { "Sign Content: #{str.inspect}" }
  sign_content(str)
end

#update_certs ⇒ Object

# File 'lib/wechatpay/api/v3/client.rb', line 69

def update_certs
  certs = get('/v3/certificates')[:data]
  certs.map do |raw|
    Wechatpay::Api::V3::Cert.instance.update(raw, &method(:decrypt))
  end
  Wechatpay::Api::V3::Cert.instance
end

#verify(headers, body) ⇒ Object

# File 'lib/wechatpay/api/v3/client.rb', line 57

def verify(headers, body)
  sha256 = OpenSSL::Digest::SHA256.new
  key = cert.certificate.public_key
  sign = Base64.strict_decode64(headers['Wechatpay-Signature'])
  data = %w[Wechatpay-Timestamp Wechatpay-Nonce].map { |k| headers[k] }
  key.verify sha256, sign, data.append(body).join("\n") + "\n"
end