# -*- coding: UTF-8 -*-
import hmac
from _sha256 import sha256
import esigntool
from esigntool import esign_run_print_outer

# 回调通知验证签名方法：通过对返回参数计算签名，并和回调中的签名对比，如一致则验证成功

config = esigntool.config()  # 初始化配置类


@esign_run_print_outer
def signatureCheck():
    # notifyUrl = "http://saledemo.tsign.cn:9090/asyn/notify?belong=tianyin"   例：异步通知请求地址
    scert = config.scert  # 项目密钥
    signture = "0e437d238*********8b3d72d6a7393af9f7e947"  # 异步通知获取到的签名值
    time_stamp = "1661****383"  # 回调header的X-Tsign-Open-TIMESTAMP
    query_param = ""  # 客户设置的回调地址可能包含query数据，例如callback?accountId=aaa&orderNo=001。（e签宝平台不会追加任何参数）
    receive_body = "{\"action\":\"SIGN_MISSON_COMPLETE\",\"timestamp\":1661941631789," \
                   "\"signFlowId\":\"227b71ae3*********e612a12a1\",\"customBizNum\":\"202200001111\"," \
                   "\"signOrder\":1,\"operateTime\":166*****31000,\"signResult\":2,\"resultDescription\":\"签署完成\"," \
                   "\"organization\":{\"orgId\":\"f0fee875*****00885a66d83\",\"orgName\":\"**测试企业\"}}"
    # 即通知实际内容，按照整体的字节流来处理
    sign_body = time_stamp + query_param + receive_body  # 最终参与验签的请求参数
    print(sign_body)
    req_signature = doSignature(sign_body, config.scert)
    print(req_signature)
    if req_signature == signture:
        return print("验签成功")
    else:
        return print("验签失败")


def doSignature(message, secret):
    """
    根据待签字符串计算签名值
    :param message: 待签名字符串
    :param secret:密钥
    :return:
    """
    key = secret.encode('utf-8')  # sha256加密的key
    message = message.encode('utf-8')  # 待sha256加密的内容
    sign = hmac.new(key, message, digestmod=sha256).hexdigest()
    return sign


if __name__ == '__main__':
    signatureCheck()  # 执行验签