rswxpay 0.1.0

WeChat Pay V3 API SDK for Rust — pure Rust crypto, no OpenSSL
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161

use base64::{Engine, engine::general_purpose::STANDARD as BASE64};
use rsa::{pkcs1v15::VerifyingKey, sha2::Sha256, signature::Verifier};

use crate::error::WxPayError;

/// Build the verification message for WeChat Pay responses/notifications.
///
/// Format: `"{timestamp}\n{nonce}\n{body}\n"`
pub fn build_verify_message(timestamp: &str, nonce: &str, body: &str) -> String {
    format!("{timestamp}\n{nonce}\n{body}\n")
}

/// Verify a WeChat Pay response/notification signature.
///
/// - `verifying_key`: cached RSA verifying key from the platform certificate
/// - `timestamp`: from `Wechatpay-Timestamp` header (or notification header)
/// - `nonce`: from `Wechatpay-Nonce` header
/// - `body`: response/notification body
/// - `signature_base64`: from `Wechatpay-Signature` header (base64-encoded)
pub fn verify_signature(
    verifying_key: &VerifyingKey<Sha256>,
    timestamp: &str,
    nonce: &str,
    body: &str,
    signature_base64: &str,
) -> Result<bool, WxPayError> {
    let message = build_verify_message(timestamp, nonce, body);

    let sig_bytes = BASE64
        .decode(signature_base64)
        .map_err(|e| WxPayError::VerifyError(format!("base64 decode: {e}")))?;

    let signature = rsa::pkcs1v15::Signature::try_from(sig_bytes.as_slice())
        .map_err(|e| WxPayError::VerifyError(format!("invalid signature: {e}")))?;

    match verifying_key.verify(message.as_bytes(), &signature) {
        Ok(()) => Ok(true),
        Err(_) => Ok(false),
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::crypto::sign::sign_sha256_rsa;
    use rsa::RsaPrivateKey;
    use rsa::RsaPublicKey;
    use rsa::pkcs1v15::SigningKey;

    #[test]
    fn test_verify_roundtrip() {
        let mut rng = rand::thread_rng();
        let private_key = RsaPrivateKey::new(&mut rng, 2048).unwrap();
        let public_key = RsaPublicKey::from(&private_key);

        let signing_key = SigningKey::<Sha256>::new(private_key);
        let verifying_key = VerifyingKey::<Sha256>::new(public_key);

        let timestamp = "1554208460";
        let nonce = "test_nonce_str";
        let body = r#"{"code":"SUCCESS"}"#;

        let message = build_verify_message(timestamp, nonce, body);
        let sig = sign_sha256_rsa(&signing_key, &message).unwrap();

        let valid = verify_signature(&verifying_key, timestamp, nonce, body, &sig).unwrap();
        assert!(valid);
    }

    #[test]
    fn test_verify_tampered_body() {
        let mut rng = rand::thread_rng();
        let private_key = RsaPrivateKey::new(&mut rng, 2048).unwrap();
        let public_key = RsaPublicKey::from(&private_key);

        let signing_key = SigningKey::<Sha256>::new(private_key);
        let verifying_key = VerifyingKey::<Sha256>::new(public_key);

        let timestamp = "1554208460";
        let nonce = "test_nonce_str";
        let body = r#"{"code":"SUCCESS"}"#;

        let message = build_verify_message(timestamp, nonce, body);
        let sig = sign_sha256_rsa(&signing_key, &message).unwrap();

        let tampered_body = r#"{"code":"FAIL"}"#;
        let valid =
            verify_signature(&verifying_key, timestamp, nonce, tampered_body, &sig).unwrap();
        assert!(!valid);
    }

    #[test]
    fn test_build_verify_message_format() {
        let msg = build_verify_message("1554208460", "nonce123", r#"{"code":"OK"}"#);
        assert_eq!(msg, "1554208460\nnonce123\n{\"code\":\"OK\"}\n");
    }

    #[test]
    fn test_build_verify_message_empty_body() {
        let msg = build_verify_message("123", "nonce", "");
        assert_eq!(msg, "123\nnonce\n\n");
    }

    #[test]
    fn test_verify_invalid_base64() {
        let mut rng = rand::thread_rng();
        let private_key = RsaPrivateKey::new(&mut rng, 2048).unwrap();
        let public_key = RsaPublicKey::from(&private_key);
        let verifying_key = VerifyingKey::<Sha256>::new(public_key);

        let result = verify_signature(&verifying_key, "123", "nonce", "body", "not-valid!!!");
        assert!(result.is_err());
        assert!(result.unwrap_err().to_string().contains("base64"));
    }

    #[test]
    fn test_verify_wrong_key() {
        let mut rng = rand::thread_rng();

        // Sign with key A
        let private_a = RsaPrivateKey::new(&mut rng, 2048).unwrap();
        let signing_key_a = SigningKey::<Sha256>::new(private_a);

        // Verify with key B
        let private_b = RsaPrivateKey::new(&mut rng, 2048).unwrap();
        let public_b = RsaPublicKey::from(&private_b);
        let verifying_key_b = VerifyingKey::<Sha256>::new(public_b);

        let timestamp = "1554208460";
        let nonce = "nonce";
        let body = "body";

        let message = build_verify_message(timestamp, nonce, body);
        let sig = sign_sha256_rsa(&signing_key_a, &message).unwrap();

        // Signature from key A should not verify with key B
        let valid = verify_signature(&verifying_key_b, timestamp, nonce, body, &sig).unwrap();
        assert!(!valid);
    }

    #[test]
    fn test_verify_tampered_timestamp() {
        let mut rng = rand::thread_rng();
        let private_key = RsaPrivateKey::new(&mut rng, 2048).unwrap();
        let public_key = RsaPublicKey::from(&private_key);

        let signing_key = SigningKey::<Sha256>::new(private_key);
        let verifying_key = VerifyingKey::<Sha256>::new(public_key);

        let timestamp = "1554208460";
        let nonce = "nonce";
        let body = r#"{"code":"SUCCESS"}"#;

        let message = build_verify_message(timestamp, nonce, body);
        let sig = sign_sha256_rsa(&signing_key, &message).unwrap();

        // Tamper with timestamp
        let valid = verify_signature(&verifying_key, "9999999999", nonce, body, &sig).unwrap();
        assert!(!valid);
    }
}