unionpei 1.1.0 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +17 -0
- data/Gemfile +6 -0
- data/Rakefile +11 -0
- data/certs/acp_test_enc.cer +25 -0
- data/certs/acp_test_middle.cer +23 -0
- data/certs/acp_test_root.cer +22 -0
- data/certs/acp_test_sign.pfx +0 -0
- data/install.sh +2 -0
- data/lib/unionpei/acp_service.rb +37 -42
- data/lib/unionpei/cert_util.rb +61 -82
- data/lib/unionpei/log_util.rb +24 -30
- data/lib/unionpei/payment.rb +50 -51
- data/lib/unionpei/sdk_config.rb +47 -47
- data/lib/unionpei/sdk_util.rb +164 -186
- data/lib/unionpei/version.rb +2 -6
- data/lib/unionpei.rb +5 -2
- data/readme.txt +25 -0
- data/unionpei.gemspec +31 -0
- metadata +84 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ab2f6a36a20d9faf9d86114493a7ec077afd68a937cc8f321a9b721d72ec5765
|
4
|
+
data.tar.gz: 3430627f305f5772463bead2e8ca45b39414b023a02da1d7856433216fc2b16c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 179c56aac0e48f0938de414db3a46978d3ac6d46b03cad194cbeada375c4e028778a1aa68083910ef71f39e7112538cd3999ca7d0504e4f73bc80c06bee82ab2
|
7
|
+
data.tar.gz: 7097aaa2fd90dae33c6426a583c6d5deefdf231dbfe7ca5a00f4524f5134767849e0cc50b52d4e6415e2e3ace6790337f0a17770cb9e901e68fee014ffe207b0
|
data/.gitignore
ADDED
data/Gemfile
ADDED
data/Rakefile
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
-----BEGIN CERTIFICATE-----
|
2
|
+
MIIEPzCCAyegAwIBAgIFEDl2NhIwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UEBhMC
|
3
|
+
Q04xMDAuBgNVBAoTJ0NoaW5hIEZpbmFuY2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhv
|
4
|
+
cml0eTEXMBUGA1UEAxMOQ0ZDQSBURVNUIE9DQTEwHhcNMjAwOTExMDI0MzI2WhcN
|
5
|
+
MjUwOTExMDI0MzI2WjBzMQswCQYDVQQGEwJDTjESMBAGA1UEChMJQ0ZDQSBPQ0Ex
|
6
|
+
MQ0wCwYDVQQLEwRZQ0NBMRUwEwYDVQQLEwxJbmRpdmlkdWFsLTExKjAoBgNVBAMM
|
7
|
+
IVlDQ0FA5rWL6K+V5L2/55SoQDAwMDQwMDAwOlNJR05AMTCCASIwDQYJKoZIhvcN
|
8
|
+
AQEBBQADggEPADCCAQoCggEBALUwYYpqUXZyDAu0gX5d8XkiUfFxdCan/VyLa6Cz
|
9
|
+
KH38cjX0QZIShn/O6Cw2hn2WurP/r3LdopLRzTHI0vIDJpQY/0Y135QHRFZHkAH0
|
10
|
+
omRTfAZ/atePnRF7VW766LGhR5n05h1nITDHlzCZYPSumpDPpVcJj4y30+G3A5Ou
|
11
|
+
1VVAsuLi48XtGIKwRX6gMXI+P75RwHSmPt5/pHlEPT6wUbmF0HBoF2gRBpYZwiSK
|
12
|
+
51Z52XUVEk96reolFFLu/9qyL767/v2izd5YuN9i7oSXNw1gDYcLnAuww6V6BUnK
|
13
|
+
Kq4KUG6H3Lz3WyXbEay72f12A5pnHWDjLEOwJ2SG1VVMLN8CAwEAAaOB9DCB8TAf
|
14
|
+
BgNVHSMEGDAWgBTPcJ1h6518Lrj3ywJA9wmd/jN0gDBIBgNVHSAEQTA/MD0GCGCB
|
15
|
+
HIbvKgEBMDEwLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuY2ZjYS5jb20uY24vdXMv
|
16
|
+
dXMtMTQuaHRtMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly91Y3JsLmNmY2EuY29t
|
17
|
+
LmNuL1JTQS9jcmw3NTM3Ni5jcmwwCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSwaOVL
|
18
|
+
eW+I7Pm7C8lXu94+MTXAzjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQw
|
19
|
+
DQYJKoZIhvcNAQEFBQADggEBADhYan/FCZWzD0BS+KvZivpp498eWRqzXjH2QkBv
|
20
|
+
IDYv2+Ntue66WxECMW7i9+RZVjyMeYbFkoxVEcg0cE/mcHOnqd1mTBpeb62NRbWR
|
21
|
+
OuquWHxcdIHJ/TjGX8+NwtpAKsn/IvTdEBz+EOOzmXuxNqNxV3Gg7Ay3YavWZzci
|
22
|
+
h9GEAQ11WKAjaNqq+XO6dDwBSVEQEkvHqf1DeqCZ9wl58I4MvUmAI7wKfnoonquu
|
23
|
+
1wCNMxnkHYS5EAk1Zb0nsprjz771+YZI6ai/I2ehn8hyUR46TYmPMn0WyaXkmEO7
|
24
|
+
ig055dazyfvMinsHmKyLa/yJvQMlZIWtsKzaNG4ikdA+ELQ=
|
25
|
+
-----END CERTIFICATE-----
|
@@ -0,0 +1,23 @@
|
|
1
|
+
-----BEGIN CERTIFICATE-----
|
2
|
+
MIIDzjCCAragAwIBAgIKGNDz/H99Hd/CxjANBgkqhkiG9w0BAQUFADBZMQswCQYD
|
3
|
+
VQQGEwJDTjEwMC4GA1UEChMnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24g
|
4
|
+
QXV0aG9yaXR5MRgwFgYDVQQDEw9DRkNBIFRFU1QgQ1MgQ0EwHhcNMTIwODMwMDMx
|
5
|
+
NDMzWhcNMzEwNTExMDMxNDMzWjBYMQswCQYDVQQGEwJDTjEwMC4GA1UEChMnQ2hp
|
6
|
+
bmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRcwFQYDVQQDEw5D
|
7
|
+
RkNBIFRFU1QgT0NBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALiL
|
8
|
+
J/BrdvHSbXNfLIMTwUg9tDtVjMRGXOl6aZnu9IpxjI5SMUJ4hVwgJnmbTokxs6GF
|
9
|
+
IXKsCLSm5H1jHLI22ysc/ltByEybLWj5jjJuC9+Uknbl3/Ls1RBG6MogUCqZckuo
|
10
|
+
hKrf5DmlV3C/jVLxGn3pUeanvmqVUi4TKpXxgm5QqKSPF8VtQY4qCpNcQwwZqbMr
|
11
|
+
D+IfJtfpGAeVrP+Kg6i1t65seeEnVSaLhqpRUDU0PTblOuUv3OhiKJWA3cYWxUrg
|
12
|
+
7U7SIHNJLSEUWmjy4mKty+g7Cnjzt29F9qXFb6oB2mR8yt4GHCilw1Rc5RBXY63H
|
13
|
+
eTuOwdtGE3M2p7Q++OECAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBR03sWNCn0QGqpp
|
14
|
+
g1tNIc6Gm8xxODAMBgNVHRMEBTADAQH/MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6
|
15
|
+
Ly8yMTAuNzQuNDIuMy90ZXN0cmNhL1JTQS9jcmwxLmNybDALBgNVHQ8EBAMCAQYw
|
16
|
+
HQYDVR0OBBYEFM9wnWHrnXwuuPfLAkD3CZ3+M3SAMA0GCSqGSIb3DQEBBQUAA4IB
|
17
|
+
AQC0JOazrbkk0XMxMMeBCc3lgBId1RjQLgWUZ7zaUISpPstGIrE5A9aB6Ppq0Sxl
|
18
|
+
pt2gkFhPEKUqgOFN1CzCDEbP3n4H0chqK1DOMrgTCD8ID5UW+ECTYNe35rZ+1JiF
|
19
|
+
lOPEhFL3pv6XSkiKTfDnjum8+wFwUBGlfoWK1Hcx0P2Hk1jcZZKwGTx1IAkesF83
|
20
|
+
pufhxHE2Ur7W4d4tfp+eC7XXcA91pdd+VUrAfkj9eKHcDEYZz66HvHzmt6rtJVBa
|
21
|
+
pwrtCi9pW3rcm8c/1jSnEETZIaokai0fD7260h/LkD/GrNCibSWxFj1CqyP9Y5Yv
|
22
|
+
cj6aA5LnUcJYeNkrQ3V4XvVc
|
23
|
+
-----END CERTIFICATE-----
|
@@ -0,0 +1,22 @@
|
|
1
|
+
-----BEGIN CERTIFICATE-----
|
2
|
+
MIIDkzCCAnugAwIBAgIKUhN+zB19hbc65jANBgkqhkiG9w0BAQUFADBZMQswCQYD
|
3
|
+
VQQGEwJDTjEwMC4GA1UEChMnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24g
|
4
|
+
QXV0aG9yaXR5MRgwFgYDVQQDEw9DRkNBIFRFU1QgQ1MgQ0EwHhcNMTIwODI5MDUw
|
5
|
+
MTI5WhcNMzIwODI5MDUwMTI5WjBZMQswCQYDVQQGEwJDTjEwMC4GA1UEChMnQ2hp
|
6
|
+
bmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRgwFgYDVQQDEw9D
|
7
|
+
RkNBIFRFU1QgQ1MgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa
|
8
|
+
rMJGruH6rOBPFxUI7T1ybydSRRtOM1xvkVjQNX0qmYir8feE6Tb0ctgtKR7a20DI
|
9
|
+
YCj9kZ5ANBQqjRcj3Soq9XH3cirqhYHJ723OKyTpS0RPQ0N6vtVt3P5JQ+ztjWHd
|
10
|
+
qIbbTOQ6O024TGTiqi6uHgMuz9/OVur81X3a5YVkK7jFeZ9o8cTcvQxD853/1sgZ
|
11
|
+
QcmR9aUSw0RXH4XFLTrn7n4QSfWKiNotlD8Ag5gS1pH9ONUb6nGkMn3gh1xfJqjm
|
12
|
+
ONMSknPXTGiNpXtqvYi8oIvByVCbUDO59IwPP1r1SYyE3P8Nr7DdQRu0KQSdXLoG
|
13
|
+
iugSR3fn+toObVAQmplDAgMBAAGjXTBbMB8GA1UdIwQYMBaAFHTexY0KfRAaqmmD
|
14
|
+
W00hzoabzHE4MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBR0
|
15
|
+
3sWNCn0QGqppg1tNIc6Gm8xxODANBgkqhkiG9w0BAQUFAAOCAQEAM0eTkM35D4hj
|
16
|
+
RlGC63wY0h++wVPUvOrObqAVBbzEEQ7ScBienmeY8Q6lWMUTXM9ALibZklpJPcJv
|
17
|
+
3ntht7LL6ztd4wdX7E9RzZCQnRvbL9A/BU3NxWdeSpCg/OyPod5oCKP+6Uc7kApi
|
18
|
+
F9OtYNWnt3l2Zp/NiedzEQD8H4qEWQLAq+0dFo5BkfVhb/jPcktndpfPOuH1IMhP
|
19
|
+
tVcvo6jpFHw4U/nP2Jv59osIE97KJz/SPt2JAYnZOlIDqWwp9/Afvt0/MDr8y0PK
|
20
|
+
Q9c6eqIzBx7a9LpUTUl5u1jS+xSDZ/KF2lXnjwaFp7jICLWEMlBstCoogi7KwH9A
|
21
|
+
LpJP7/dj9g==
|
22
|
+
-----END CERTIFICATE-----
|
Binary file
|
data/install.sh
ADDED
data/lib/unionpei/acp_service.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
#
|
1
|
+
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'openssl'
|
4
4
|
require 'base64'
|
@@ -8,99 +8,94 @@ require_relative 'sdk_util'
|
|
8
8
|
|
9
9
|
module UnionPei
|
10
10
|
class AcpService
|
11
|
-
def
|
11
|
+
def self.sign(req, certPath = SDKConfig.instance.signCertPath, certPwd = SDKConfig.instance.signCertPwd)
|
12
12
|
SDKUtil.buildSignature(req, certPath, certPwd)
|
13
13
|
end
|
14
14
|
|
15
|
-
def
|
15
|
+
def self.signByCertInfo(req, certPath, certPwd)
|
16
16
|
SDKUtil.buildSignature(req, certPath, certPwd)
|
17
17
|
end
|
18
18
|
|
19
|
-
def
|
19
|
+
def self.signBySecureKey(req, secureKey)
|
20
20
|
SDKUtil.buildSignature(req, nil, nil, secureKey)
|
21
21
|
end
|
22
22
|
|
23
|
-
def
|
23
|
+
def self.validate(resp)
|
24
24
|
SDKUtil.verify(resp)
|
25
25
|
end
|
26
26
|
|
27
|
-
def
|
27
|
+
def self.validateBySecureKey(resp, secureKey)
|
28
28
|
SDKUtil.verifyBySecureKey(resp, secureKey)
|
29
29
|
end
|
30
30
|
|
31
|
-
def
|
31
|
+
def self.post(params, url)
|
32
32
|
content = SDKUtil.createLinkString(params, false, true)
|
33
33
|
respString = SDKUtil.post(url, content)
|
34
|
-
|
35
|
-
return resp
|
34
|
+
SDKUtil.parseQString(respString)
|
36
35
|
end
|
37
36
|
|
38
|
-
def
|
39
|
-
|
37
|
+
def self.createAutoFormHtml(params, reqUrl)
|
38
|
+
SDKUtil.createAutoFormHtml(params, reqUrl)
|
40
39
|
end
|
41
40
|
|
42
|
-
def
|
43
|
-
if
|
44
|
-
|
45
|
-
|
46
|
-
return Base.encode64("{" + SDKUtil.createLinkString(customerInfo,false,false)+"}").gsub(/\n|\r/, '')
|
41
|
+
def self.getCustomerInfo(customerInfo)
|
42
|
+
return '' if customerInfo.nil? || customerInfo.length.zero?
|
43
|
+
|
44
|
+
Base.encode64("{#{SDKUtil.createLinkString(customerInfo, false, false)}}").gsub(/\n|\r/, '')
|
47
45
|
end
|
48
46
|
|
49
|
-
def
|
50
|
-
if
|
51
|
-
|
52
|
-
end
|
47
|
+
def self.getCustomerInfoWithEncrypt(customerInfo)
|
48
|
+
return '' if customerInfo.nil? || customerInfo.length.zero?
|
49
|
+
|
53
50
|
encryptedInfo = {}
|
54
|
-
|
55
|
-
if (key == 'phoneNo'
|
56
|
-
encryptedInfo[key] = customerInfo.delete(key)
|
57
|
-
end
|
51
|
+
customerInfo.each_key do |key|
|
52
|
+
encryptedInfo[key] = customerInfo.delete(key) if (key == 'phoneNo') || (key == 'cvn2') || (key == 'expired')
|
58
53
|
end
|
59
|
-
if
|
54
|
+
if encryptedInfo.length.positive?
|
60
55
|
encryptedInfo = SDKUtil.createLinkString(encryptedInfo, false, false)
|
61
56
|
encryptedInfo = AcpService.encryptData(encryptedInfo, SDKConfig.instance.encryptCertPath)
|
62
57
|
customerInfo['encryptedInfo'] = encryptedInfo
|
63
58
|
end
|
64
|
-
|
59
|
+
Base64.encode64("{#{SDKUtil.createLinkString(customerInfo, false, false)}}").gsub(/\n|\r/, '')
|
65
60
|
end
|
66
61
|
|
67
|
-
def
|
62
|
+
def self.parseCustomerInfo(customerInfostr, certPath = SDKConfig.instance.signCertPath, certPwd = SDKConfig.instance.signCertPwd)
|
68
63
|
customerInfostr = Base64.decode64(customerInfostr)
|
69
|
-
customerInfostr = customerInfostr[1, customerInfostr.length-1]
|
64
|
+
customerInfostr = customerInfostr[1, customerInfostr.length - 1]
|
70
65
|
customerInfo = SDKUtil.parseQString(customerInfostr)
|
71
66
|
if customerInfo['encryptedInfo']
|
72
67
|
encryptedInfoStr = customerInfo.delete('encryptedInfo')
|
73
68
|
encryptedInfoStr = AcpService.decryptData(encryptedInfoStr, certPath, certPwd)
|
74
69
|
encryptedInfo = SDKUtil.parseQString(encryptedInfoStr)
|
75
|
-
|
70
|
+
encryptedInfo.each_key do |key|
|
76
71
|
customerInfo[key] = encryptedInfo[key]
|
77
72
|
end
|
78
73
|
end
|
79
|
-
|
74
|
+
customerInfo
|
80
75
|
end
|
81
76
|
|
82
|
-
def
|
83
|
-
|
77
|
+
def self.getEncryptCertId
|
78
|
+
CertUtil.getEncryptCertId
|
84
79
|
end
|
85
80
|
|
86
|
-
def
|
87
|
-
|
81
|
+
def self.encryptData(data, certPath = SDKConfig.instance.encryptCertPath)
|
82
|
+
SDKUtil.encryptPub(data, certPath)
|
88
83
|
end
|
89
84
|
|
90
|
-
def
|
91
|
-
|
85
|
+
def self.decryptData(data, certPath = SDKConfig.instance.signCertPath, certPwd = SDKConfig.instance.signCertPwd)
|
86
|
+
SDKUtil.decryptPri(data, certPath, certPwd)
|
92
87
|
end
|
93
88
|
|
94
|
-
def
|
95
|
-
|
89
|
+
def self.deCodeFileContent(params, fileDirectory)
|
90
|
+
SDKUtil.deCodeFileContent(params, fileDirectory)
|
96
91
|
end
|
97
92
|
|
98
|
-
def
|
99
|
-
|
93
|
+
def self.enCodeFileContent(path)
|
94
|
+
SDKUtil.enCodeFileContent(path)
|
100
95
|
end
|
101
96
|
|
102
|
-
def
|
103
|
-
|
97
|
+
def self.updateEncryptCert(params)
|
98
|
+
SDKUtil.getEncryptCert(params)
|
104
99
|
end
|
105
100
|
end
|
106
101
|
end
|
data/lib/unionpei/cert_util.rb
CHANGED
@@ -1,37 +1,31 @@
|
|
1
|
-
#
|
1
|
+
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'openssl'
|
4
4
|
require 'base64'
|
5
5
|
require_relative 'log_util'
|
6
6
|
require_relative 'sdk_config'
|
7
7
|
|
8
|
-
|
9
8
|
module UnionPei
|
10
|
-
UNIONPAY_CNNAME =
|
9
|
+
UNIONPAY_CNNAME = '中国银联股份有限公司'
|
11
10
|
|
12
11
|
class Cert
|
13
12
|
attr_accessor :cert, :certId, :key
|
14
|
-
@certId
|
15
|
-
@key
|
16
|
-
@cert
|
17
13
|
end
|
18
14
|
|
19
15
|
class CertUtil
|
20
|
-
|
21
16
|
@@signCerts = {}
|
22
17
|
@@encryptCert = {}
|
23
|
-
@@verifyCerts = {} #5.0.0验签证书,key是certId
|
24
|
-
@@verifyCerts5_1_0 = {} #5.1.0验签证书,key是base64的证书内容
|
18
|
+
@@verifyCerts = {} # 5.0.0验签证书,key是certId
|
19
|
+
@@verifyCerts5_1_0 = {} # 5.1.0验签证书,key是base64的证书内容
|
25
20
|
@@middleCert = nil
|
26
21
|
@@rootCert = nil
|
27
22
|
|
28
|
-
|
29
|
-
def CertUtil.initSignCert(certPath, certPwd)
|
23
|
+
def self.initSignCert(certPath, certPwd)
|
30
24
|
if !certPath || !certPwd
|
31
|
-
LogUtil.info(
|
25
|
+
LogUtil.info('signCertPath or signCertPwd is none, exit initSignCert')
|
32
26
|
return
|
33
27
|
end
|
34
|
-
LogUtil.info(
|
28
|
+
LogUtil.info('读取签名证书……')
|
35
29
|
cert = Cert.new
|
36
30
|
file = IO.binread(certPath)
|
37
31
|
p12 = OpenSSL::PKCS12.new(file, certPwd)
|
@@ -39,89 +33,76 @@ module UnionPei
|
|
39
33
|
cert.cert = p12.certificate
|
40
34
|
cert.key = p12.key
|
41
35
|
@@signCerts[certPath] = cert
|
42
|
-
LogUtil.info("
|
43
|
-
end
|
44
|
-
|
45
|
-
def CertUtil.initEncryptCert(certPath=SDKConfig.instance.encryptCertPath)
|
46
|
-
if !certPath
|
47
|
-
LogUtil.info("encryptCertPath is none, exit initEncryptCert")
|
48
|
-
return
|
49
|
-
end
|
50
|
-
LogUtil.info("读取加密证书……")
|
51
|
-
cert = Cert.new
|
52
|
-
file = IO.binread(certPath)
|
53
|
-
x509Cert = OpenSSL::X509::Certificate.new(file)
|
54
|
-
cert.cert = x509Cert
|
55
|
-
cert.certId = x509Cert.serial.to_s
|
56
|
-
cert.key = x509Cert.public_key
|
57
|
-
@@encryptCert[certPath] = cert
|
58
|
-
LogUtil.info("加密证书读取成功,序列号:" + cert.certId)
|
36
|
+
LogUtil.info("签名证书读取成功,序列号:#{cert.certId}")
|
59
37
|
end
|
60
38
|
|
61
|
-
def
|
62
|
-
|
39
|
+
def self.initEncryptCert(certPath = SDKConfig.instance.encryptCertPath)
|
40
|
+
unless certPath
|
41
|
+
LogUtil.info('encryptCertPath is none, exit initEncryptCert')
|
63
42
|
return
|
64
43
|
end
|
65
|
-
|
66
|
-
|
44
|
+
LogUtil.info('读取加密证书……')
|
45
|
+
cert = Cert.new
|
46
|
+
file = IO.binread(certPath)
|
47
|
+
x509Cert = OpenSSL::X509::Certificate.new(file)
|
48
|
+
cert.cert = x509Cert
|
49
|
+
cert.certId = x509Cert.serial.to_s
|
50
|
+
cert.key = x509Cert.public_key
|
51
|
+
@@encryptCert[certPath] = cert
|
52
|
+
LogUtil.info("加密证书读取成功,序列号:#{cert.certId}")
|
53
|
+
end
|
54
|
+
|
55
|
+
def self.initRootCert
|
56
|
+
return if @@rootCert
|
57
|
+
|
58
|
+
unless SDKConfig.instance.rootCertPath
|
59
|
+
LogUtil.info('rootCertPath is none, exit initRootCert')
|
67
60
|
return
|
68
61
|
end
|
69
|
-
LogUtil.info(
|
62
|
+
LogUtil.info('start initRootCert')
|
70
63
|
file = IO.binread(SDKConfig.instance.rootCertPath)
|
71
64
|
x509Cert = OpenSSL::X509::Certificate.new(file)
|
72
65
|
@@rootCert = x509Cert
|
73
|
-
LogUtil.info(
|
66
|
+
LogUtil.info('initRootCert succeed')
|
74
67
|
end
|
75
68
|
|
76
|
-
def
|
77
|
-
if @@middleCert
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
LogUtil.info("middleCertPath is none, exit initMiddleCert")
|
69
|
+
def self.initMiddleCert
|
70
|
+
return if @@middleCert
|
71
|
+
|
72
|
+
unless SDKConfig.instance.middleCertPath
|
73
|
+
LogUtil.info('middleCertPath is none, exit initMiddleCert')
|
82
74
|
return
|
83
75
|
end
|
84
|
-
LogUtil.info(
|
76
|
+
LogUtil.info('start initMiddleCert')
|
85
77
|
file = IO.binread(SDKConfig.instance.middleCertPath)
|
86
78
|
x509Cert = OpenSSL::X509::Certificate.new(file)
|
87
79
|
@@middleCert = x509Cert
|
88
|
-
LogUtil.info(
|
80
|
+
LogUtil.info('initMiddleCert succeed')
|
89
81
|
end
|
90
82
|
|
91
|
-
|
92
|
-
|
93
|
-
if !@@signCerts[certPath]
|
94
|
-
CertUtil.initSignCert(certPath, certPwd)
|
95
|
-
end
|
83
|
+
def self.getSignPriKey(certPath = SDKConfig.instance.signCertPath, certPwd = SDKConfig.instance.signCertPwd)
|
84
|
+
CertUtil.initSignCert(certPath, certPwd) unless @@signCerts[certPath]
|
96
85
|
@@signCerts[certPath].key
|
97
86
|
end
|
98
87
|
|
99
|
-
def
|
100
|
-
|
101
|
-
CertUtil.initSignCert(certPath, certPwd)
|
102
|
-
end
|
88
|
+
def self.getSignCertId(certPath = SDKConfig.instance.signCertPath, certPwd = SDKConfig.instance.signCertPwd)
|
89
|
+
CertUtil.initSignCert(certPath, certPwd) unless @@signCerts[certPath]
|
103
90
|
@@signCerts[certPath].certId
|
104
91
|
end
|
105
92
|
|
106
|
-
def
|
107
|
-
|
108
|
-
CertUtil.initEncryptCert(certPath)
|
109
|
-
end
|
93
|
+
def self.getEncryptKey(certPath = SDKConfig.instance.encryptCertPath)
|
94
|
+
CertUtil.initEncryptCert(certPath) unless @@encryptCert[certPath]
|
110
95
|
@@encryptCert[certPath].key
|
111
96
|
end
|
112
97
|
|
113
|
-
def
|
114
|
-
|
115
|
-
CertUtil.initEncryptCert(certPath)
|
116
|
-
end
|
98
|
+
def self.getEncryptCertId(certPath = SDKConfig.instance.encryptCertPath)
|
99
|
+
CertUtil.initEncryptCert(certPath) unless @@encryptCert[certPath]
|
117
100
|
@@encryptCert[certPath].certId
|
118
101
|
end
|
119
102
|
|
120
|
-
def
|
103
|
+
def self.verifyAndGetVerifyKey(certBase64String)
|
104
|
+
return @@verifyCerts5_1_0[certBase64String].key if @@verifyCerts5_1_0[certBase64String]
|
121
105
|
|
122
|
-
if @@verifyCerts5_1_0[certBase64String]
|
123
|
-
return @@verifyCerts5_1_0[certBase64String].key
|
124
|
-
end
|
125
106
|
initMiddleCert
|
126
107
|
initRootCert
|
127
108
|
|
@@ -137,31 +118,31 @@ module UnionPei
|
|
137
118
|
store.add_cert(x509Cert)
|
138
119
|
store.add_cert(@@middleCert)
|
139
120
|
store.add_cert(@@rootCert)
|
140
|
-
|
141
|
-
LogUtil.error("validate signPubKeyCert by cert chain failed, error
|
121
|
+
unless store.verify(x509Cert)
|
122
|
+
LogUtil.error("validate signPubKeyCert by cert chain failed, error=#{store.error}, error string=#{store.error_string}")
|
142
123
|
return nil
|
143
124
|
end
|
144
125
|
|
145
126
|
sSubject = x509Cert.subject.to_s
|
146
|
-
ss = sSubject.split(
|
127
|
+
ss = sSubject.split('@')
|
147
128
|
if ss.length <= 2
|
148
|
-
LogUtil.error("error sSubject: "
|
129
|
+
LogUtil.error("error sSubject: #{sSubject}")
|
149
130
|
return nil
|
150
131
|
end
|
151
|
-
cn = ss[2]
|
132
|
+
cn = ss[2]
|
152
133
|
if SDKConfig.instance.ifValidateCNName
|
153
134
|
if UNIONPAY_CNNAME != cn
|
154
|
-
LogUtil.error("cer owner is not CUP
|
135
|
+
LogUtil.error("cer owner is not CUP:#{cn}")
|
155
136
|
return nil
|
156
|
-
elsif UNIONPAY_CNNAME != cn
|
157
|
-
LogUtil.error("cer owner is not CUP
|
137
|
+
elsif (UNIONPAY_CNNAME != cn) && (cn != '00040000:SIGN') # 测试环境目前是00040000:SIGN
|
138
|
+
LogUtil.error("cer owner is not CUP:#{cn}")
|
158
139
|
return nil
|
159
140
|
end
|
160
141
|
end
|
161
142
|
|
162
|
-
LogUtil.info("validate signPubKeyCert by cert succeed: "
|
163
|
-
@@verifyCerts5_1_0[certBase64String] = cert
|
164
|
-
|
143
|
+
LogUtil.info("validate signPubKeyCert by cert succeed: #{certBase64String}")
|
144
|
+
@@verifyCerts5_1_0[certBase64String] = cert
|
145
|
+
@@verifyCerts5_1_0[certBase64String].key
|
165
146
|
|
166
147
|
# 用bc的jar用中级证书验证可以单独验时间,然后再用中级证书验一下,但为了和谐统一,目前改store验证书链验证了。
|
167
148
|
# if Time.new<x509Cert.not_before or Time.new>x509Cert.not_after
|
@@ -176,19 +157,17 @@ module UnionPei
|
|
176
157
|
# end
|
177
158
|
end
|
178
159
|
|
179
|
-
def
|
180
|
-
|
181
|
-
CertUtil.initSignCert(certPath, certPwd)
|
182
|
-
end
|
160
|
+
def self.getDecryptPriKey(certPath = SDKConfig.instance.signCertPath, certPwd = SDKConfig.instance.signCertPwd)
|
161
|
+
CertUtil.initSignCert(certPath, certPwd) unless @@signCerts[certPath]
|
183
162
|
@@signCerts[certPath].key
|
184
163
|
end
|
185
164
|
|
186
|
-
def
|
165
|
+
def self.resetEncryptCertPublicKey
|
187
166
|
@@encryptCert = {}
|
188
167
|
CertUtil.initEncryptCert
|
189
168
|
end
|
190
169
|
|
191
|
-
def
|
170
|
+
def self.getX509Cert(strCert)
|
192
171
|
OpenSSL::X509::Certificate.new(strCert)
|
193
172
|
end
|
194
173
|
end
|
data/lib/unionpei/log_util.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
#
|
1
|
+
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'singleton'
|
4
4
|
require 'logger'
|
@@ -8,74 +8,68 @@ require_relative 'sdk_config'
|
|
8
8
|
|
9
9
|
module UnionPei
|
10
10
|
class LogUtil
|
11
|
-
|
12
11
|
@@logger = nil
|
13
12
|
|
14
13
|
private_class_method :new
|
15
14
|
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
@@logger = Logger.new(SDKConfig.instance.logFilePath)
|
24
|
-
end
|
15
|
+
def self.getLogger
|
16
|
+
unless @@logger
|
17
|
+
@@logger = if SDKConfig.instance.logFilePath.nil?
|
18
|
+
Logger.new($stdout)
|
19
|
+
else
|
20
|
+
Logger.new(SDKConfig.instance.logFilePath)
|
21
|
+
end
|
25
22
|
@@logger.datetime_format = '%Y-%m-%d %H:%M:%S'
|
26
23
|
@@logger.formatter = proc do |severity, datetime, progname, msg|
|
27
24
|
"#{datetime} [#{severity}] #{progname}: #{msg}\n"
|
28
25
|
end
|
29
26
|
@@logger.level = case SDKConfig.instance.logLevel.upcase
|
30
|
-
when 'INFO'
|
27
|
+
when 'INFO'
|
31
28
|
Logger::INFO
|
32
|
-
when 'DEBUG'
|
29
|
+
when 'DEBUG'
|
33
30
|
Logger::DEBUG
|
34
|
-
when 'WARN'
|
31
|
+
when 'WARN'
|
35
32
|
Logger::WARN
|
36
|
-
when 'ERROR'
|
33
|
+
when 'ERROR'
|
37
34
|
Logger::ERROR
|
38
|
-
when 'FATAL'
|
35
|
+
when 'FATAL'
|
39
36
|
Logger::FATAL
|
40
37
|
else
|
41
38
|
Logger::UNKNOWN
|
42
|
-
|
39
|
+
end
|
43
40
|
end
|
44
41
|
p = LogUtil.parse_caller(caller(0)[2])
|
45
|
-
@@logger.progname = p[0]
|
42
|
+
@@logger.progname = "#{p[0]}:#{p[1]}"
|
46
43
|
@@logger
|
47
44
|
end
|
48
45
|
|
49
|
-
def
|
46
|
+
def self.parse_caller(at)
|
50
47
|
if /^(.+?):(\d+)(?::in `(.*)')?/ =~ at
|
51
|
-
file =
|
52
|
-
line =
|
53
|
-
method =
|
48
|
+
file = Regexp.last_match(1)
|
49
|
+
line = Regexp.last_match(2).to_i
|
50
|
+
method = Regexp.last_match(3)
|
54
51
|
[file, line, method]
|
55
52
|
end
|
56
53
|
end
|
57
54
|
|
58
|
-
|
59
|
-
|
60
|
-
def LogUtil.info(msg)
|
55
|
+
def self.info(msg)
|
61
56
|
LogUtil.getLogger.info(msg)
|
62
57
|
end
|
63
58
|
|
64
|
-
def
|
59
|
+
def self.debug(msg)
|
65
60
|
LogUtil.getLogger.debug(msg)
|
66
61
|
end
|
67
62
|
|
68
|
-
def
|
63
|
+
def self.warn(msg)
|
69
64
|
LogUtil.getLogger.warn(msg)
|
70
65
|
end
|
71
66
|
|
72
|
-
def
|
67
|
+
def self.error(msg)
|
73
68
|
LogUtil.getLogger.error(msg)
|
74
69
|
end
|
75
70
|
|
76
|
-
def
|
71
|
+
def self.fatal(msg)
|
77
72
|
LogUtil.getLogger.fatal(msg)
|
78
73
|
end
|
79
|
-
|
80
74
|
end
|
81
75
|
end
|