[QPay] 加强对请求应答内容签名的验证机制

src/Essensoft.AspNetCore.Payment.QPay/IQPayCertificateRequest.cs

@@ -17,5 +17,11 @@ namespace Essensoft.AspNetCore.Payment.QPay
         /// </summary>
         /// <returns>文本请求参数字典</returns>
         IDictionary<string, string> GetParameters();
+
+        /// <summary>
+        /// 是否验证应答内容签名
+        /// </summary>
+        /// <returns>是否验证</returns>
+        bool IsCheckResponseSign();
     }
 }

src/Essensoft.AspNetCore.Payment.QPay/IQPayRequest.cs

@@ -17,5 +17,11 @@ namespace Essensoft.AspNetCore.Payment.QPay
         /// </summary>
         /// <returns>文本请求参数字典</returns>
         IDictionary<string, string> GetParameters();
+
+        /// <summary>
+        /// 是否验证应答内容签名
+        /// </summary>
+        /// <returns>是否验证</returns>
+        bool IsCheckResponseSign();
     }
 }

src/Essensoft.AspNetCore.Payment.QPay/QPayClient.cs

@@ -67,7 +67,12 @@ namespace Essensoft.AspNetCore.Payment.QPay
 
                 var parser = new QPayXmlParser<T>();
                 var rsp = parser.Parse(body);
-                CheckResponseSign(rsp, options);
+
+                if (request.IsCheckResponseSign())
+                {
+                    CheckResponseSign(rsp, options);
+                }
+
                 return rsp;
             }
         }
@@ -106,7 +111,12 @@ namespace Essensoft.AspNetCore.Payment.QPay
 
                 var parser = new QPayXmlParser<T>();
                 var rsp = parser.Parse(body);
-                CheckResponseSign(rsp, options);
+
+                if (request.IsCheckResponseSign())
+                {
+                    CheckResponseSign(rsp, options);
+                }
+
                 return rsp;
             }
         }
@@ -122,15 +132,17 @@ namespace Essensoft.AspNetCore.Payment.QPay
                 throw new Exception("sign check fail: Body is Empty!");
             }
 
-            if (response.Parameters.TryGetValue("sign", out var sign))
+            if (!response.Parameters.TryGetValue("sign", out var sign))
+            {
+                throw new Exception("sign check fail: sign is Empty!");
+            }
+
+            if (response.Parameters["return_code"] == "SUCCESS" && !string.IsNullOrEmpty(sign))
             {
-                if (response.Parameters["return_code"] == "SUCCESS" && !string.IsNullOrEmpty(sign))
+                var cal_sign = QPaySignature.SignWithKey(response.Parameters, options.Key);
+                if (cal_sign != sign)
                 {
-                    var cal_sign = QPaySignature.SignWithKey(response.Parameters, options.Key);
-                    if (cal_sign != sign)
-                    {
-                        throw new Exception("sign check fail: check Sign and Data Fail!");
-                    }
+                    throw new Exception("sign check fail: check Sign and Data Fail!");
                 }
             }
         }

src/Essensoft.AspNetCore.Payment.QPay/Request/QPayCloseOrderRequest.cs

@@ -53,6 +53,11 @@ namespace Essensoft.AspNetCore.Payment.QPay.Request
             return parameters;
         }
 
+        public bool IsCheckResponseSign()
+        {
+            return true;
+        }
+
         #endregion
     }
 }

src/Essensoft.AspNetCore.Payment.QPay/Request/QPayMicroPayRequest.cs

@@ -113,6 +113,11 @@ namespace Essensoft.AspNetCore.Payment.QPay.Request
             return parameters;
         }
 
+        public bool IsCheckResponseSign()
+        {
+            return true;
+        }
+
         #endregion
     }
 }

src/Essensoft.AspNetCore.Payment.QPay/Request/QPayOrderQueryRequest.cs

@@ -53,6 +53,11 @@ namespace Essensoft.AspNetCore.Payment.QPay.Request
             return parameters;
         }
 
+        public bool IsCheckResponseSign()
+        {
+            return true;
+        }
+
         #endregion
     }
 }

src/Essensoft.AspNetCore.Payment.QPay/Request/QPayRefundQueryRequest.cs

@@ -65,6 +65,11 @@ namespace Essensoft.AspNetCore.Payment.QPay.Request
             return parameters;
         }
 
+        public bool IsCheckResponseSign()
+        {
+            return true;
+        }
+
         #endregion
     }
 }

src/Essensoft.AspNetCore.Payment.QPay/Request/QPayRefundRequest.cs

@@ -83,6 +83,11 @@ namespace Essensoft.AspNetCore.Payment.QPay.Request
             return parameters;
         }
 
+        public bool IsCheckResponseSign()
+        {
+            return true;
+        }
+
         #endregion
     }
 }

src/Essensoft.AspNetCore.Payment.QPay/Request/QPayReverseRequest.cs

@@ -59,6 +59,11 @@ namespace Essensoft.AspNetCore.Payment.QPay.Request
             return parameters;
         }
 
+        public bool IsCheckResponseSign()
+        {
+            return true;
+        }
+
         #endregion
     }
 }

src/Essensoft.AspNetCore.Payment.QPay/Request/QPayStatementDownRequest.cs

@@ -41,6 +41,11 @@ namespace Essensoft.AspNetCore.Payment.QPay.Request
             return parameters;
         }
 
+        public bool IsCheckResponseSign()
+        {
+            return false;
+        }
+
         #endregion
     }
 }

src/Essensoft.AspNetCore.Payment.QPay/Request/QPayUnifiedOrderRequest.cs

@@ -125,6 +125,11 @@ namespace Essensoft.AspNetCore.Payment.QPay.Request
             return parameters;
         }
 
+        public bool IsCheckResponseSign()
+        {
+            return true;
+        }
+
         #endregion
     }
 }