验证从 PayPal 收到的 Webhook 时遇到问题。可用的示例并不多,集成商也没有足够的加密知识来完成任务。
遵循的指南是网络钩子通知 https://developer.paypal.com/docs/integration/direct/webhooks/notification-messages/.
不确定代码片段出了什么问题,结果总是错误的。
Calling 通知/验证 webhook 签名 https://developer.paypal.com/docs/api/webhooks/v1/#verify-webhook-signature_post端点也导致错误。
/// <summary>Verify PayPal Webhook Signature</summary>
/// <param name="webhookId">0YF54686R9851380C</param>
/// <param name="transmissionId">785bc690-901d-11ea-8fc5-17f05150a6df</param>
/// <param name="transmissionTime">2020-05-07T04:44:33Z</param>
/// <param name="certUrl">https://api.sandbox.paypal.com/v1/notifications/certs/CERT-.....</param>
/// <param name="transmissionSignature"></param>
/// <param name="webHookEvent">"{\"id\":\"WH-5P8216093E7920426-60J97470GW748563B\",\"create_time\":\"2020-05-07T11:43:48.000Z\",....</param>
private static void VerifyWebhookSignature(string webhookId, string transmissionId, string transmissionTime,
string certUrl, string transmissionSignature, string webHookEvent)
{
Crc32 crc32 = new Crc32();
String hash = string.Empty;
var arrayOfBytes = Encoding.UTF8.GetBytes(webHookEvent);
foreach (byte b in crc32.ComputeHash(arrayOfBytes)) hash += b.ToString("x2").ToLower();
string expectedSignature = String.Format("{0}|{1}|{2}|{3}", transmissionId,
transmissionTime, webhookId, hash);
string certData = new System.Net.WebClient().DownloadString(certUrl);
X509Certificate2 cert = new X509Certificate2(Encoding.UTF8.GetBytes(certData));
try
{
byte[] signature = Convert.FromBase64String(transmissionSignature);
byte[] expectedBytes = Encoding.UTF8.GetBytes(expectedSignature);
using (RSA rsa = cert.GetRSAPublicKey())
{
var verified = rsa.VerifyData(
expectedBytes,
signature,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1);
Console.WriteLine($"Verified: {verified}");
}
}
catch (Exception ex)
{
throw;
}
}
