unionpei 0.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 3c36dce06744feba796985728071df04f0ddd51e44f7ad666a9c7e4bb7ff7004
+  data.tar.gz: 99bcbe8926142f141ca88553d6b23c5635c380e275336f1ff452edc62e34f5c5
+SHA512:
+  metadata.gz: b28982c26e99784beebb5331fe113fba53264666f76661ab67fd20647679c67892266c3e21f5e43fdc73ca50314833f8717b68650bb1dd0e261c405059fcf691
+  data.tar.gz: d77a75a98af0f0d5dbbce5bac5f2e2780fcf022019306a4ed649c7710f8ef4cdd595264e63ed9b985eeb4e348f02ceb17a7779b68e766d5f749f0871631dbed3

data/lib/unionpei.rb

@@ -0,0 +1,9 @@
+module UnionPei; end
+
+require 'unionpei/version'
+require 'unionpei/sdk_config'
+require 'unionpei/log_util'
+require 'unionpei/cert_util'
+require 'unionpei/sdk_util'
+require 'unionpei/acp_service'
+require 'unionpei/payment'

data/lib/unionpei/acp_sdk.ini

@@ -0,0 +1,73 @@
+;;;;;;;;;;;;;;SDK配置文件（证书方式签名）;;;;;;;;;;;;;;;;
+; 说明：
+; 1. 使用时请删除后缀的“.证书”，并将此文件复制到根文件夹下替换原来的acp_sdk.ini。
+; 2. 具体配置项请根据注释修改。
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+[acpsdk]
+;;;;;;;;;;;;;;;;;;;;;;;;;;入网测试环境交易发送地址（线上测试需要使用生产环境交易请求地址）;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+;;交易请求地址
+acpsdk.frontTransUrl=https://gateway.test.95516.com/gateway/api/frontTransReq.do
+acpsdk.backTransUrl=https://gateway.test.95516.com/gateway/api/backTransReq.do
+acpsdk.singleQueryUrl=https://gateway.test.95516.com/gateway/api/queryTrans.do
+acpsdk.batchTransUrl=https://gateway.test.95516.com/gateway/api/batchTrans.do
+acpsdk.fileTransUrl=https://filedownload.test.95516.com/
+acpsdk.appTransUrl=https://gateway.test.95516.com/gateway/api/appTransReq.do
+acpsdk.cardTransUrl=https://gateway.test.95516.com/gateway/api/cardTransReq.do
+
+;以下缴费产品使用，其余产品用不到
+acpsdk.jfFrontTransUrl=https://gateway.test.95516.com/jiaofei/api/frontTransReq.do
+acpsdk.jfBackTransUrl=https://gateway.test.95516.com/jiaofei/api/backTransReq.do
+acpsdk.jfSingleQueryUrl=https://gateway.test.95516.com/jiaofei/api/queryTrans.do
+acpsdk.jfCardTransUrl=https://gateway.test.95516.com/jiaofei/api/cardTransReq.do
+acpsdk.jfAppTransUrl=https://gateway.test.95516.com/jiaofei/api/appTransReq.do
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; 报文版本号，固定5.1.0，请勿改动
+acpsdk.version=5.1.0
+
+; 签名方式，证书方式固定01，请勿改动
+acpsdk.signMethod=01
+
+; 是否验证验签证书的CN，测试环境请设置false，生产环境请设置true。非false的值默认都当true处理。
+acpsdk.ifValidateCNName=false
+
+; 是否验证https证书，测试环境请设置false，生产环境建议优先尝试true，不行再false。非true的值默认都当false处理。
+acpsdk.ifValidateRemoteCert=false
+
+;后台通知地址，填写后台接收银联前台通知的地址
+acpsdk.backUrl=http://222.222.222.222:8080/backRcvResponse
+
+;前台通知地址，填写后台接收银联后台通知的地址，必须外网能访问
+acpsdk.frontUrl=http://localhost:8080/frontRcvResponse
+
+;;;;;;;;;;;;;;;;;;;;;;;;;入网测试环境签名证书配置 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; 多证书的情况证书路径为代码指定，可不对此块做配置。
+; 签名证书路径，必须使用绝对路径，如果不想使用绝对路径，可以自行实现相对路径获取证书的方法；测试证书所有商户共用开发包中的测试签名证书，生产环境请从cfca下载得到。
+; 测试环境证书位于assets/测试环境证书/文件夹下，请复制到d:/certs文件夹。生产环境证书由业务部门邮件发送。
+; windows样例：
+acpsdk.signCert.path=certs/acp_test_sign.pfx
+; linux样例（注意：在linux下读取证书需要保证证书有被应用读的权限）（后续其他路径配置也同此条说明）
+;acpsdk.signCert.path=/SERVICE01/usr/ac_frnas/conf/ACPtest/ac00000000000001.pfx
+
+; 签名证书密码，测试环境固定000000，生产环境请修改为从cfca下载的正式证书的密码，正式环境证书密码位数需小于等于6位，否则上传到商户服务网站会失败
+acpsdk.signCert.pwd=000000
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;加密证书配置;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; 敏感信息加密证书路径(商户号开通了商户对敏感信息加密的权限，需要对 卡号accNo，pin和phoneNo，cvn2，expired加密（如果这些上送的话），对敏感信息加密使用)
+acpsdk.encryptCert.path=certs/acp_test_enc.cer
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;验签证书配置;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; 验签中级证书（证书位于assets/测试环境证书/文件夹下，请复制到d:/certs文件夹）
+acpsdk.middleCert.path=certs/acp_test_middle.cer
+; 验签根证书（证书位于assets/测试环境证书/文件夹下，请复制到d:/certs文件夹）
+acpsdk.rootCert.path=certs/acp_test_root.cer
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;日志配置;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; 日志打印路径，linux注意要有写权限
+acpsdk.log.file.path=upacp_sdk_ruby.log
+; 日志级别，debug级别会打印密钥，生产请用info或以上级别
+acpsdk.log.level=DEBUG

data/lib/unionpei/acp_service.rb

@@ -0,0 +1,104 @@
+require 'openssl'
+require 'base64'
+require_relative 'log_util'
+require_relative 'sdk_config'
+require_relative 'sdk_util'
+
+module UnionPei
+  class AcpService
+    def AcpService.sign(req, certPath=SDKConfig.instance.signCertPath, certPwd=SDKConfig.instance.signCertPwd)
+      SDKUtil.buildSignature(req, certPath, certPwd)
+    end
+
+    def AcpService.signByCertInfo(req, certPath, certPwd)
+      SDKUtil.buildSignature(req, certPath, certPwd)
+    end
+
+    def AcpService.signBySecureKey(req, secureKey)
+      SDKUtil.buildSignature(req, nil, nil, secureKey)
+    end
+
+    def AcpService.validate(resp)
+      SDKUtil.verify(resp)
+    end
+
+    def AcpService.validateBySecureKey(resp, secureKey)
+      SDKUtil.verifyBySecureKey(resp, secureKey)
+    end
+
+    def AcpService.post(params, url)
+      content = SDKUtil.createLinkString(params, false, true)
+      respString = SDKUtil.post(url, content)
+      resp = SDKUtil.parseQString(respString)
+      return resp
+    end
+
+    def AcpService.createAutoFormHtml(params, reqUrl)
+      return SDKUtil.createAutoFormHtml(params, reqUrl)
+    end
+
+    def AcpService.getCustomerInfo(customerInfo)
+      if(customerInfo == nil or customerInfo.length == 0)
+          return ""
+      end
+      return Base.encode64("{" + SDKUtil.createLinkString(customerInfo,false,false)+"}").gsub(/\n|\r/, '')
+    end
+
+    def AcpService.getCustomerInfoWithEncrypt(customerInfo)
+      if(customerInfo == nil or customerInfo.length == 0)
+        return ""
+      end
+      encryptedInfo = {}
+      for key in customerInfo.keys
+        if (key == 'phoneNo' or key == 'cvn2' or key == 'expired')
+          encryptedInfo[key] = customerInfo.delete(key)
+        end
+      end
+      if (encryptedInfo.length > 0)
+        encryptedInfo = SDKUtil.createLinkString(encryptedInfo, false, false)
+        encryptedInfo = AcpService.encryptData(encryptedInfo, SDKConfig.instance.encryptCertPath)
+        customerInfo['encryptedInfo'] = encryptedInfo
+      end
+      return Base64.encode64("{" + SDKUtil.createLinkString(customerInfo,false,false)+"}").gsub(/\n|\r/, '')
+    end
+
+    def AcpService.parseCustomerInfo(customerInfostr, certPath=SDKConfig.instance.signCertPath, certPwd=SDKConfig.instance.signCertPwd)
+      customerInfostr = Base64.decode64(customerInfostr)
+      customerInfostr = customerInfostr[1, customerInfostr.length-1]
+      customerInfo = SDKUtil.parseQString(customerInfostr)
+      if customerInfo['encryptedInfo']
+        encryptedInfoStr = customerInfo.delete('encryptedInfo')
+        encryptedInfoStr = AcpService.decryptData(encryptedInfoStr, certPath, certPwd)
+        encryptedInfo = SDKUtil.parseQString(encryptedInfoStr)
+        for key in encryptedInfo.keys
+          customerInfo[key] = encryptedInfo[key]
+        end
+      end
+      return customerInfo
+    end
+
+    def AcpService.getEncryptCertId
+      return CertUtil.getEncryptCertId
+    end
+
+    def AcpService.encryptData(data, certPath=SDKConfig.instance.encryptCertPath)
+        return SDKUtil.encryptPub(data, certPath)
+    end
+
+    def AcpService.decryptData(data, certPath=SDKConfig.instance.signCertPath, certPwd=SDKConfig.instance.signCertPwd)
+        return SDKUtil.decryptPri(data, certPath, certPwd)
+    end
+
+    def AcpService.deCodeFileContent(params, fileDirectory)
+        return SDKUtil.deCodeFileContent(params, fileDirectory)
+    end
+
+    def AcpService.enCodeFileContent(path)
+        return SDKUtil.enCodeFileContent(path)
+    end
+
+    def AcpService.updateEncryptCert(params)
+        return SDKUtil.getEncryptCert(params)
+    end
+  end
+end

data/lib/unionpei/cert_util.rb

@@ -0,0 +1,193 @@
+require 'openssl'
+require 'base64'
+require_relative 'log_util'
+require_relative 'sdk_config'
+
+
+module UnionPei
+  UNIONPAY_CNNAME = "中国银联股份有限公司"
+
+  class Cert
+    attr_accessor :cert, :certId, :key
+    @certId
+    @key
+    @cert
+  end
+
+  class CertUtil
+
+    @@signCerts = {}
+    @@encryptCert = {}
+    @@verifyCerts = {} #5.0.0验签证书，key是certId
+    @@verifyCerts5_1_0 = {} #5.1.0验签证书，key是base64的证书内容
+    @@middleCert = nil
+    @@rootCert = nil
+
+    private
+    def CertUtil.initSignCert(certPath, certPwd)
+      if !certPath || !certPwd
+        LogUtil.info("signCertPath or signCertPwd is none, exit initSignCert")
+        return
+      end
+      LogUtil.info("读取签名证书……")
+      cert = Cert.new
+      file = IO.binread(certPath)
+      p12 = OpenSSL::PKCS12.new(file, certPwd)
+      cert.certId = p12.certificate.serial.to_s
+      cert.cert = p12.certificate
+      cert.key = p12.key
+      @@signCerts[certPath] = cert
+      LogUtil.info("签名证书读取成功，序列号：" + cert.certId)
+    end
+
+    def CertUtil.initEncryptCert(certPath=SDKConfig.instance.encryptCertPath)
+        if !certPath
+          LogUtil.info("encryptCertPath is none, exit initEncryptCert")
+          return
+        end
+        LogUtil.info("读取加密证书……")
+        cert = Cert.new
+        file = IO.binread(certPath)
+        x509Cert = OpenSSL::X509::Certificate.new(file)
+        cert.cert = x509Cert
+        cert.certId = x509Cert.serial.to_s
+        cert.key = x509Cert.public_key
+        @@encryptCert[certPath] = cert
+        LogUtil.info("加密证书读取成功，序列号：" + cert.certId)
+    end
+
+    def CertUtil.initRootCert()
+      if @@rootCert
+        return
+      end
+      if !SDKConfig.instance.rootCertPath
+        LogUtil.info("rootCertPath is none, exit initRootCert")
+        return
+      end
+      LogUtil.info("start initRootCert")
+      file = IO.binread(SDKConfig.instance.rootCertPath)
+      x509Cert = OpenSSL::X509::Certificate.new(file)
+      @@rootCert = x509Cert
+      LogUtil.info("initRootCert succeed")
+    end
+
+    def CertUtil.initMiddleCert()
+      if @@middleCert
+        return
+      end
+      if !SDKConfig.instance.middleCertPath
+        LogUtil.info("middleCertPath is none, exit initMiddleCert")
+        return
+      end
+      LogUtil.info("start initMiddleCert")
+      file = IO.binread(SDKConfig.instance.middleCertPath)
+      x509Cert = OpenSSL::X509::Certificate.new(file)
+      @@middleCert = x509Cert
+      LogUtil.info("initMiddleCert succeed")
+    end
+
+    public
+    def CertUtil.getSignPriKey(certPath=SDKConfig.instance.signCertPath, certPwd=SDKConfig.instance.signCertPwd)
+      if !@@signCerts[certPath]
+        CertUtil.initSignCert(certPath, certPwd)
+      end
+      @@signCerts[certPath].key
+    end
+
+    def CertUtil.getSignCertId(certPath=SDKConfig.instance.signCertPath, certPwd=SDKConfig.instance.signCertPwd)
+      if !@@signCerts[certPath]
+        CertUtil.initSignCert(certPath, certPwd)
+      end
+      @@signCerts[certPath].certId
+    end
+
+    def CertUtil.getEncryptKey(certPath=SDKConfig.instance.encryptCertPath)
+      if !@@encryptCert[certPath]
+        CertUtil.initEncryptCert(certPath)
+      end
+      @@encryptCert[certPath].key
+    end
+
+    def CertUtil.getEncryptCertId(certPath=SDKConfig.instance.encryptCertPath)
+      if !@@encryptCert[certPath]
+        CertUtil.initEncryptCert(certPath)
+      end
+      @@encryptCert[certPath].certId
+    end
+
+    def CertUtil.verifyAndGetVerifyKey(certBase64String)
+
+      if @@verifyCerts5_1_0[certBase64String]
+        return @@verifyCerts5_1_0[certBase64String].key
+      end
+      initMiddleCert
+      initRootCert
+
+      x509Cert = OpenSSL::X509::Certificate.new(certBase64String)
+
+      cert = Cert.new
+      cert.cert = x509Cert
+      cert.certId = x509Cert.serial.to_s
+      cert.key = x509Cert.public_key
+
+      store = OpenSSL::X509::Store.new
+      store.purpose = OpenSSL::X509::PURPOSE_ANY
+      store.add_cert(x509Cert)
+      store.add_cert(@@middleCert)
+      store.add_cert(@@rootCert)
+      if !store.verify(x509Cert)
+        LogUtil.error("validate signPubKeyCert by cert chain failed, error=" + store.error + ", error string=" + store.error_string)
+        return nil
+      end
+
+      sSubject = x509Cert.subject.to_s
+      ss = sSubject.split("@")
+      if ss.length <= 2
+        LogUtil.error("error sSubject: " + sSubject)
+        return nil
+      end
+      cn = ss[2];
+      if SDKConfig.instance.ifValidateCNName
+        if UNIONPAY_CNNAME != cn
+          LogUtil.error("cer owner is not CUP:" + cn)
+          return nil
+        elsif UNIONPAY_CNNAME != cn and cn != "00040000:SIGN" #测试环境目前是00040000:SIGN
+          LogUtil.error("cer owner is not CUP:" + cn)
+          return nil
+        end
+      end
+
+      LogUtil.info("validate signPubKeyCert by cert succeed: " + certBase64String)
+      @@verifyCerts5_1_0[certBase64String] = cert;
+      return @@verifyCerts5_1_0[certBase64String].key
+
+      # 用bc的jar用中级证书验证可以单独验时间，然后再用中级证书验一下，但为了和谐统一，目前改store验证书链验证了。
+      # if Time.new<x509Cert.not_before or Time.new>x509Cert.not_after
+      #   LogUtil..info("verifyPubKeyCert has expired")
+      #   return nil
+      # end
+      # if x509Cert.verify(@@middleKey)
+      #   return x509Cert.public_key
+      # else
+      #   LogUtil.info("validate signPubKeyCert by rootCert failed")
+      #   return nil
+      # end
+    end
+
+    def CertUtil.getDecryptPriKey(certPath=SDKConfig.instance.signCertPath, certPwd=SDKConfig.instance.signCertPwd)
+      if !@@signCerts[certPath]
+        CertUtil.initSignCert(certPath, certPwd)
+      end
+      @@signCerts[certPath].key
+    end
+
+    def CertUtil.resetEncryptCertPublicKey()
+      @@encryptCert = {}
+      CertUtil.initEncryptCert
+    end
+
+    def CertUtil.getX509Cert(strCert)
+      OpenSSL::X509::Certificate.new(strCert)
+    end
+  end
+end

data/lib/unionpei/log_util.rb

@@ -0,0 +1,82 @@
+# coding: utf-8
+
+require 'singleton'
+require 'logger'
+require 'net/https'
+require 'uri'
+require_relative 'sdk_config'
+
+module UnionPei
+  class LogUtil
+
+    @@logger = nil
+
+    private_class_method :new
+
+    private
+
+    def LogUtil.getLogger
+      if !@@logger
+        puts "init LogUtil"
+        if SDKConfig.instance.logFilePath.nil?
+          @@logger = Logger.new(STDOUT)
+        else
+          @@logger = Logger.new(SDKConfig.instance.logFilePath)
+        end
+        @@logger.datetime_format = '%Y-%m-%d %H:%M:%S'
+        @@logger.formatter = proc do |severity, datetime, progname, msg|
+          "#{datetime} [#{severity}] #{progname}: #{msg}\n"
+        end
+        @@logger.level = case SDKConfig.instance.logLevel.upcase
+                         when 'INFO' then
+                           Logger::INFO
+                         when 'DEBUG' then
+                           Logger::DEBUG
+                         when 'WARN' then
+                           Logger::WARN
+                         when 'ERROR' then
+                           Logger::ERROR
+                         when 'FATAL' then
+                           Logger::FATAL
+                         else
+                           Logger::UNKNOWN
+                       end
+      end
+      p = LogUtil.parse_caller(caller(0)[2]) #可能有多线程问题？我才不管哼
+      @@logger.progname = p[0].to_s + ":" + p[1].to_s
+      @@logger
+    end
+
+    def LogUtil.parse_caller(at)
+      if /^(.+?):(\d+)(?::in `(.*)')?/ =~ at
+        file = $1
+        line = $2.to_i
+        method = $3
+        [file, line, method]
+      end
+    end
+
+    public
+
+    def LogUtil.info(msg)
+      LogUtil.getLogger.info(msg)
+    end
+
+    def LogUtil.debug(msg)
+      LogUtil.getLogger.debug(msg)
+    end
+
+    def LogUtil.warn(msg)
+      LogUtil.getLogger.warn(msg)
+    end
+
+    def LogUtil.error(msg)
+      LogUtil.getLogger.error(msg)
+    end
+
+    def LogUtil.fatal(msg)
+      LogUtil.getLogger.fatal(msg)
+    end
+
+  end
+end

data/lib/unionpei/payment.rb

@@ -0,0 +1,42 @@
+#encoding: utf-8
+require "date"
+require_relative 'sdk_config'
+require_relative 'acp_service'
+
+module UnionPei
+  class Payment
+    class << self
+      def B2C
+        req = {}
+
+        req["version"] = UnionPei::SDKConfig.instance.version
+        req["encoding"] = UnionPei::SDKConfig.instance.encoding
+        req["signMethod"] = UnionPei::SDKConfig.instance.signMethod
+
+        req["frontUrl"] = UnionPei::SDKConfig.instance.frontUrl
+        req["backUrl"] = UnionPei::SDKConfig.instance.backUrl
+
+        req["txnType"] = "01"
+        req["txnSubType"] = "01"
+        req["bizType"] = "000201" # 000201 是b2c / 000202 是 b2b
+        req["channelType"] = "07"
+        req["currencyCode"] = "156"
+        req["txnAmt"] = "881000"
+
+        req["merId"] = "777290058189920"
+        req["orderId"] = DateTime.parse(Time.now.to_s).strftime("%Y%m%d%H%M%S").to_s
+        req["txnTime"] = DateTime.parse(Time.now.to_s).strftime("%Y%m%d%H%M%S").to_s
+        req["accessType"] = "0"
+
+        #签名示例
+        UnionPei::AcpService.sign(req)
+        url = UnionPei::SDKConfig.instance.frontTransUrl
+
+        #前台自提交表单示例
+        resp = UnionPei::AcpService.createAutoFormHtml(req, url)
+        resp
+      end
+    end
+  end
+end
+

data/lib/unionpei/sdk_config.rb

@@ -0,0 +1,76 @@
+# coding: utf-8
+
+require 'iniparse'
+require 'singleton'
+
+module UnionPei
+  class SDKConfig
+    include Singleton
+    attr_reader :frontTransUrl, :singleQueryUrl, :backTransUrl, :batchTransUrl, :fileTransUrl, :appTransUrl,
+                :cardTransUrl, :jfFrontTransUrl, :jfSingleQueryUrl, :jfBackTransUrl, :jfCardTransUrl,
+                :jfAppTransUrl, :qrcBackTransUrl, :qrcB2cIssBackTransUrl, :qrcB2cMerBackTransUrl,
+                :signMethod, :version, :ifValidateCNName, :ifValidateRemoteCert, :signCertPath, :signCertPwd,
+                :validateCertDir, :encryptCertPath, :rootCertPath, :middleCertPath, :frontUrl, :backUrl,
+                :encoding, :secureKey, :logFilePath, :logLevel
+
+    def initialize
+
+      path = File.dirname(__FILE__)
+      ini = IniParse.parse(File.read("#{path}/acp_sdk.ini").force_encoding("UTF-8"))
+      puts 'load config: ' + "#{path}/acp_sdk.ini"
+
+      @frontTransUrl = ini["acpsdk"]["acpsdk.frontTransUrl"]
+      @singleQueryUrl = ini["acpsdk"]["acpsdk.singleQueryUrl"]
+      @backTransUrl = ini["acpsdk"]["acpsdk.backTransUrl"]
+      @batchTransUrl = ini["acpsdk"]["acpsdk.batchTransUrl"]
+      @fileTransUrl = ini["acpsdk"]["acpsdk.fileTransUrl"]
+      @appTransUrl = ini["acpsdk"]["acpsdk.appTransUrl"]
+      @cardTransUrl = ini["acpsdk"]["acpsdk.cardTransUrl"]
+
+      @jfFrontTransUrl = ini["acpsdk"]["acpsdk.jfFrontTransUrl"]
+      @jfSingleQueryUrl = ini["acpsdk"]["acpsdk.jfSingleQueryUrl"]
+      @jfBackTransUrl = ini["acpsdk"]["acpsdk.jfBackTransUrl"]
+      @jfCardTransUrl = ini["acpsdk"]["acpsdk.jfCardTransUrl"]
+      @jfAppTransUrl = ini["acpsdk"]["acpsdk.jfAppTransUrl"]
+
+      @qrcBackTransUrl = ini["acpsdk"]["acpsdk.qrcBackTransUrl"]
+      @qrcB2cIssBackTransUrl = ini["acpsdk"]["acpsdk.qrcB2cIssBackTransUrl"]
+      @qrcB2cMerBackTransUrl = ini["acpsdk"]["acpsdk.qrcB2cMerBackTransUrl"]
+
+      @signMethod = ini["acpsdk"]["acpsdk.signMethod"]
+      @signMethod = @signMethod.to_s if !@signMethod.nil?
+      @version = ini["acpsdk"]["acpsdk.version"]
+      @version = "5.0.0" if @version.nil?
+
+      @ifValidateCNName = ini["acpsdk"]["acpsdk.ifValidateCNName"]
+      @ifValidateCNName = true if @ifValidateCNName.nil?
+      @ifValidateRemoteCert = ini["acpsdk"]["acpsdk.ifValidateRemoteCert"]
+      @ifValidateRemoteCert = false if @ifValidateRemoteCert.nil?
+
+      @signCertPath = ini["acpsdk"]["acpsdk.signCert.path"]
+      @signCertPwd = ini["acpsdk"]["acpsdk.signCert.pwd"]
+      @signCertPwd = @signCertPwd.to_s if !@signCertPwd.nil?
+
+      @validateCertDir = ini["acpsdk"]["acpsdk.validateCert.dir"]
+      @encryptCertPath = ini["acpsdk"]["acpsdk.encryptCert.path"]
+      @rootCertPath = ini["acpsdk"]["acpsdk.rootCert.path"]
+      @middleCertPath = ini["acpsdk"]["acpsdk.middleCert.path"]
+
+      @frontUrl = ini["acpsdk"]["acpsdk.frontUrl"]
+      @backUrl = ini["acpsdk"]["acpsdk.backUrl"]
+
+      @encoding = ini["acpsdk"]["acpsdk.encoding"]
+      @secureKey = ini["acpsdk"]["acpsdk.secureKey"]
+      @secureKey = @secureKey.to_s if !@secureKey.nil?
+
+      @logFilePath = ini["acpsdk"]["acpsdk.log.file.path"]
+      @logLevel = ini["acpsdk"]["acpsdk.log.level"]
+
+      @encoding = 'UTF-8'
+
+    end
+  end
+end
+
+
+

data/lib/unionpei/sdk_util.rb

@@ -0,0 +1,350 @@
+require 'singleton'
+require 'logger'
+require 'net/https'
+require 'uri'
+require 'base64'
+require "zlib"
+require_relative 'sdk_config'
+require_relative 'cert_util'
+
+
+module UnionPei
+  class SDKUtil
+
+    def SDKUtil.post(url, content)
+      LogUtil.info("post url:["+url+"]")
+      LogUtil.info("post content:["+content+"]")
+      uri = URI.parse(url)
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = true if uri.scheme == "https"
+      if !SDKConfig.instance.ifValidateRemoteCert
+        http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      end
+      res = http.post(uri.path, content).body.force_encoding(SDKConfig.instance.encoding)
+      LogUtil.info('resp:['+res+']')
+      return res
+    end
+
+    def SDKUtil.createLinkString(para, sort, encode)
+      linkString = ""
+      keys = para.keys
+      if sort
+        keys = keys.sort
+      end
+      for key in keys
+        value = para[key]
+        #         print(key + ":" + value)
+        if encode
+          value = URI.encode_www_form_component(value)
+        end
+        # print(str(type(key))+":"+str(type(value))+":"+str(key)+":"+str(value))
+        linkString = linkString + key + "=" + value + "&"
+      end
+      linkString = linkString[0, linkString.length - 1]
+      #    print (linkString)
+      return linkString
+    end
+
+    def SDKUtil.filterNoneValue(para)
+      keys = para.keys
+      for key in keys
+        value = para[key]
+        if !value or value == ""
+          para.delete(key)
+        end
+      end
+    end
+
+    def SDKUtil.buildSignature(req, signCertPath=SDKConfig.instance.signCertPath, signCertPwd=SDKConfig.instance.signCertPwd, secureKey=SDKConfig.instance.secureKey)
+
+      SDKUtil.filterNoneValue(req)
+      if !req["signMethod"]
+        LogUtil.error("signMethod must not null")
+        return nil
+      end
+      if !req["version"]
+        LogUtil.error("version must not null")
+        return nil
+      end
+      if "01" == req["signMethod"]
+        req["certId"] = CertUtil.getSignCertId(signCertPath, signCertPwd)
+        LogUtil.info("=== start to sign ===")
+        prestr = SDKUtil.createLinkString(req, true, false)
+        LogUtil.info("sorted: [" + prestr + "]")
+        prestr = SDKUtil.sha256(prestr)
+        LogUtil.info("sha256: [" + prestr + "]")
+        LogUtil.info("sign cert: [" + signCertPath + "], pwd: [" + signCertPwd + "]")
+        key = CertUtil.getSignPriKey(signCertPath, signCertPwd)
+        signature = Base64.encode64(key.sign('sha256', prestr)).gsub(/\n|\r/, '')
+        LogUtil.info("signature: [" + signature + "]")
+      elsif "11" == req["signMethod"]
+        LogUtil.info("=== start to sign ===")
+        prestr = createLinkString(req, true, false)
+        LogUtil.info("sorted: [" + prestr + "]")
+        if secureKey.nil?
+          LogUtil.error("secureKey must not null")
+          return nil
+        end
+        prestr = prestr + "&" + sha256(secureKey)
+        LogUtil.debug("before final sha256: [" + prestr + "]")
+        signature = SDKUtil.sha256(prestr)
+        LogUtil.info("signature: [" + signature + "]")
+      elsif "12" == ["signMethod"]
+        LogUtil.error("sm3算法暂未实现，请勿使用。")
+        return nil
+      else
+        LogUtil.info("invalid signMethod: [" + req["signMethod"].to_s + "]")
+      end
+      LogUtil.info("=== end of sign ===")
+      req["signature"] = signature
+      return signature
+    end
+
+    def SDKUtil.paraFilter(para)
+      result = {}
+      for key in para.keys
+        if (key == "signature" or para[key] == "")
+          next
+        else
+          result[key] = para[key]
+        end
+      end
+      return result
+    end
+
+    def SDKUtil.sha256(data)
+      OpenSSL::Digest::SHA256.digest(data).unpack("H*")[0].downcase
+    end
+
+    def SDKUtil.putKeyValueToMap(temp, isKey, key, m, decode)
+      if isKey
+        m[key.to_s] = ""
+      else
+        if decode
+          temp = URI.decode_www_form_component(temp)
+        end
+        m[key.to_s] = temp
+      end
+    end
+
+    def SDKUtil.parseQString(respString, decode=false)
+      resp = {}
+      temp = ""
+      key = ""
+      isKey = true
+      isOpen = false;
+      openName = "\0";
+
+      for curChar in respString.split("") #遍历整个带解析的字符串
+        if (isOpen)
+          if (curChar == openName)
+            isOpen = false
+          end
+          temp = temp + curChar
+        elsif (curChar == "{")
+          isOpen = true
+          openName = "}"
+          temp = temp + curChar
+        elsif (curChar == "[")
+          isOpen = true
+          openName = "]"
+          temp = temp + curChar
+        elsif (isKey and curChar == "=")
+          key = temp
+          temp = ""
+          isKey = false
+        elsif (curChar == "&" and not isOpen) # 如果读取到&分割符
+          SDKUtil.putKeyValueToMap(temp, isKey, key, resp, decode)
+          temp = ""
+          isKey = true
+        else
+          temp = temp + curChar
+        end
+      end
+      SDKUtil.putKeyValueToMap(temp, isKey, key, resp, decode)
+      return resp
+    end
+
+    def SDKUtil.verify(resp)
+      if !resp["signMethod"]
+        LogUtil.error("signMethod must not null")
+        return nil
+      end
+      if !resp["version"]
+        LogUtil.error("version must not null")
+        return nil
+      end
+      if !resp["signature"]
+        LogUtil.error("signature must not null")
+        return nil
+      end
+      signMethod = resp["signMethod"]
+      version = resp["version"]
+      result = false
+      if "01" == signMethod
+        LogUtil.info("=== start to verify signature ===")
+        signature = resp.delete("signature")
+        LogUtil.info("signature: [" + signature + "]")
+        prestr = SDKUtil.createLinkString(resp, true, false)
+        LogUtil.info("sorted: [" + prestr + "]")
+        prestr = SDKUtil.sha256(prestr)
+        LogUtil.info("sha256: [" + prestr + "]")
+        key = CertUtil.verifyAndGetVerifyKey(resp["signPubKeyCert"])
+        if !key
+          LogUtil.info("no cert was found by signPubKeyCert: " + resp["signPubKeyCert"])
+          result = false
+        else
+          signature = Base64.decode64(signature)
+          result = key.verify("sha256", signature, prestr)
+        end
+        LogUtil.info("verify signature " + (result ? "succeed" : "fail"))
+        LogUtil.info("=== end of verify signature ===")
+        return result
+      elsif "11" == signMethod or "12" == signMethod
+        return SDKUtil.verifyBySecureKey(resp, SDKConfig.instance.secureKey)
+      else
+        LogUtil.info("Error signMethod [" + signMethod + "] in validate. ")
+        return false
+      end
+    end
+
+    def SDKUtil.verifyBySecureKey(resp, secureKey)
+      if resp["signMethod"].nil?
+        LogUtil.error("signMethod must not null")
+        return nil
+      end
+      if resp["signature"].nil?
+        LogUtil.error("signature must not null")
+        return nil
+      end
+      signMethod = resp["signMethod"]
+      result = false
+      LogUtil.info("=== start to verify signature ===")
+      if "11" == signMethod
+        signature = resp.delete("signature")
+        LogUtil.info("signature: [" + signature+ "]")
+        prestr = createLinkString(resp, true, false)
+        LogUtil.info("sorted: [" + prestr + "]")
+        beforeSha256 = prestr + "&" + sha256(secureKey)
+        LogUtil.debug("before final sha256: [" + beforeSha256 + "]")
+        afterSha256 = sha256(beforeSha256)
+        result = (afterSha256 == signature)
+        if !result
+          LogUtil.debug("after final sha256: [" + afterSha256 + "]")
+        end
+      elsif "12" == signMethod
+        LogUtil.error("sm3算法暂未实现，请勿使用。")
+      else
+        LogUtil.info("Error signMethod [" + signMethod.to_s + "] in validate. ")
+      end
+      LogUtil.info("verify signature " + (result ? "succeed" : "fail"))
+      LogUtil.info("=== end of verify signature ===")
+      return result
+    end
+
+    def SDKUtil.createAutoFormHtml(params, reqUrl)
+      result = "<html><head>    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" + SDKConfig.instance.encoding + "\" /></head><body onload=\"javascript:document.pay_form.submit();\">    <form id=\"pay_form\" name=\"pay_form\" action=\"" + reqUrl + "\" method=\"post\">"
+      for key in params.keys
+        value = params[key]
+        result += "    <input type=\"hidden\" name=\"" + key + "\" id=\"" + key +"\" value=\""+ value +"\" />\n"
+      end
+      result += "<!-- <input type=\"submit\" type=\"hidden\">-->    </form></body></html>"
+      LogUtil.info("auto post html:" + result)
+      return result
+    end
+
+    def SDKUtil.encryptPub(data, certPath=SDKConfig.instance.encryptCertPath)
+      rsaKey = CertUtil.getEncryptKey(certPath)
+      result = rsaKey.public_encrypt(data)
+      result = Base64.encode64(result).gsub(/\n|\r/, '')
+      return result
+    end
+
+    def SDKUtil.decryptPri(data, certPath=SDKConfig.instance.signCertPath, certPwd=SDKConfig.instance.signCertPwd)
+      pkey = CertUtil.getDecryptPriKey(certPath, certPwd)
+      data = Base64.decode64(data)
+      result = pkey.private_decrypt(data)
+      return result
+    end
+
+    def SDKUtil.deCodeFileContent(params, fileDirectory)
+      if !params["fileContent"]
+        return false
+      end
+      LogUtil.info("---------处理后台报文返回的文件---------")
+      fileContent = params["fileContent"]
+      if !fileContent
+        LogUtil.info("文件内容为空")
+        return false
+      end
+      fileContent = Zlib::Inflate.inflate(Base64.decode64(fileContent))
+      filePath = ''
+      if !params["fileName"]
+        LogUtil.info("文件名为空")
+        filePath = fileDirectory + "/" + params["merId"] + "_" + params["batchNo"] + "_" + params["txnTime"] + ".txt"
+      else
+        filePath = fileDirectory + "/" + params['fileName']
+      end
+      output = File.new(filePath, 'w')
+      if !output
+        LogUtil.error "Unable to open file!"
+        return false
+      end
+      output.syswrite(fileContent)
+      LogUtil.info "文件位置 >:" + filePath
+      output.close
+      return true
+    end
+
+    def SDKUtil.enCodeFileContent(path)
+      fileContent = IO.binread(path)
+      fileContent = Base64.encode64(Zlib::Deflate.deflate(fileContent)).gsub(/\n|\r/, '')
+    end
+
+    def SDKUtil.getEncryptCert(params)
+      if params['encryptPubKeyCert'].nil? or params['certType'].nil?
+        LogUtil.error("encryptPubKeyCert or certType is null")
+        return -1
+      end
+      strCert = params['encryptPubKeyCert']
+      certType = params['certType']
+
+      x509Cert = CertUtil.getX509Cert(strCert)
+      if "01" == certType
+        # 更新敏感信息加密公钥
+        if x509Cert.serial.to_s == CertUtil.getEncryptCertId
+          return 0
+        end
+        localCertPath = SDKConfig.instance.encryptCertPath
+        newLocalCertPath = SDKUtil.genBackupName(localCertPath)
+        # 将本地证书进行备份存储
+        File.rename(localCertPath, newLocalCertPath)
+        f = File.new(localCertPath, "w")
+        if !f
+          LogUtil.error 'Unable to open file!'
+          return -1
+        end
+        f.syswrite(strCert)
+        f.close
+        LogUtil.info('save new encryptPubKeyCert success')
+        CertUtil.resetEncryptCertPublicKey
+        return 1
+      elsif "02" == certType
+        return 0
+      else
+        LogUtil.error("unknown cerType:"+certType)
+        return -1
+      end
+    end
+
+    def SDKUtil.genBackupName(fileName)
+      i = fileName.rindex('.')
+      leftFileName = fileName[0, i]
+      rightFileName = fileName[i + 1, fileName.length - i]
+      newFileName = leftFileName + '_backup' + '.' + rightFileName
+      return newFileName
+    end
+  end
+end
+
+

data/lib/unionpei/version.rb

@@ -0,0 +1,9 @@
+# coding: utf-8
+
+module UnionPei
+  class Version
+    def self.to_string
+      "0.0.1"
+    end
+  end
+end

metadata

@@ -0,0 +1,79 @@
+--- !ruby/object:Gem::Specification
+name: unionpei
+version: !ruby/object:Gem::Version
+  version: 0.0.0
+platform: ruby
+authors:
+- Shuang
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2021-05-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: iniparse
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: jruby-openssl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: An unofficial unionpay gem
+email: memorycancel@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/unionpei.rb
+- lib/unionpei/acp_sdk.ini
+- lib/unionpei/acp_service.rb
+- lib/unionpei/cert_util.rb
+- lib/unionpei/log_util.rb
+- lib/unionpei/payment.rb
+- lib/unionpei/sdk_config.rb
+- lib/unionpei/sdk_util.rb
+- lib/unionpei/version.rb
+homepage: https://rubygems.org/gems/unionpei
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.4
+signing_key: 
+specification_version: 4
+summary: An unofficial unionpay gem
+test_files: []