Merge branch 'master' into constant_design

TeaDrinkerPlus · TeaDrinkerPlus · commit 1af2286b01e8 · 2024-05-28T19:48:09.000+08:00
# Conflicts:
#	README.md
#	pom.xml
#	src/main/java/com/alipay/global/api/model/constants/ProductSceneConstants.java
diff --git a/src/main/java/com/alipay/global/api/DefaultAlipayClient.java b/src/main/java/com/alipay/global/api/DefaultAlipayClient.java
@@ -1,14 +1,14 @@
 package com.alipay.global.api;
 
+import java.util.Map;
+
 import com.alipay.global.api.exception.AlipayApiException;
 import com.alipay.global.api.net.DefaultHttpRPC;
 import com.alipay.global.api.net.HttpRpcResult;
 
-import java.util.Map;
-
-public class DefaultAlipayClient extends BaseAlipayClient{
+public class DefaultAlipayClient extends BaseAlipayClient {
 
-    public DefaultAlipayClient(String gatewayUrl, String merchantPrivateKey, String alipayPublicKey ){
+    public DefaultAlipayClient(String gatewayUrl, String merchantPrivateKey, String alipayPublicKey) {
         super(gatewayUrl, merchantPrivateKey, alipayPublicKey);
     }
 
@@ -17,11 +17,11 @@ public Map<String, String> buildCustomHeader() {
         return null;
     }
 
-    public HttpRpcResult sendRequest(String requestUrl, String httpMethod, Map<String, String> header, String reqBody)throws AlipayApiException {
+    public HttpRpcResult sendRequest(String requestUrl, String httpMethod, Map<String, String> header, String reqBody) throws AlipayApiException {
         HttpRpcResult httpRpcResult;
         try {
             httpRpcResult = DefaultHttpRPC.doPost(requestUrl, header, reqBody);
-        } catch (Exception e){
+        } catch (Exception e) {
             throw new AlipayApiException(e);
         }
         return httpRpcResult;
diff --git a/src/main/java/com/alipay/global/api/tools/WebhookTool.java b/src/main/java/com/alipay/global/api/tools/WebhookTool.java
@@ -0,0 +1,43 @@
+package com.alipay.global.api.tools;
+
+import com.alipay.global.api.exception.AlipayApiException;
+
+public class WebhookTool {
+
+    /**
+     * Check webhook signature
+     *
+     * @param requestUri      your webhook endpoint, domain part excluded, sample: /payNotify
+     * @param httpMethod      http method
+     * @param clientId        your clientId, sample: SANDBOX_5X00000000000000
+     * @param requestTime     requestTime from http header, sample: 2019-01-01T01:01:01Z
+     * @param signature       signature from http header, sample: algorithm=RSA256,keyVersion=1,signature=xxx
+     * @param notifyBody      notify body
+     * @param alipayPublicKey alipay public key
+     * @return
+     * @throws AlipayApiException
+     */
+    public static boolean checkSignature(String requestUri, String httpMethod, String clientId, String requestTime,
+                                         String signature, String notifyBody, String alipayPublicKey) throws AlipayApiException {
+        String realSignature = "";
+
+        // get valid part from raw signature
+        if (signature == null || signature.isEmpty()) {
+            throw new RuntimeException("empty notify signature");
+        } else {
+            String[] parts = signature.split("signature=");
+            if (parts.length > 1) {
+                realSignature = parts[1];
+            }
+        }
+
+        try {
+            // verify signature
+            return SignatureTool.verify(httpMethod, requestUri, clientId, requestTime, notifyBody, realSignature, alipayPublicKey);
+        } catch (Exception e) {
+            throw new AlipayApiException(e);
+        }
+
+    }
+
+}
