lsm/weixin-java-tools
1
0
Fork 0
mirror of https://gitee.com/binary/weixin-java-tools.git synced 2025-08-20 00:44:25 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

🎨 【微信支付】调整逻辑:当完全使用公钥模式时,也可从p12证书中读取证书私钥等

Browse Source
This commit is contained in:
Molzx 2025-06-03 11:53:45 +08:00 committed by GitHub
parent ecce9292b2
commit 388188b694
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 21 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
weixin-java-pay/src/main/java/com/github/binarywang/wxpay/config/WxPayConfig.java
View File

@ -298,50 +298,32 @@ public class WxPayConfig {
PrivateKey merchantPrivateKey = null;
PublicKey publicKey = null;
// 使用完全公钥模式时只加载公钥相关配置避免下载平台证书使灰度切换无法达到100%覆盖
if (this.fullPublicKeyModel) {
if (StringUtils.isBlank(this.getCertSerialNo())) {
throw new WxPayException("使用公钥模式时请确保certSerialNo(apiV3证书序列号)值已设置");
}
if (StringUtils.isBlank(this.getPublicKeyId())) {
throw new WxPayException("使用公钥模式时请确保publicKeyId值已设置");
}
if (StringUtils.isBlank(this.getPublicKeyString()) && StringUtils.isBlank(this.getPublicKeyPath()) && this.getPublicKeyContent() == null) {
throw new WxPayException("使用公钥模式时请确保publicKeyString/publicKeyPath/publicKeyContent其中一项值已设置");
// 不使用完全公钥模式时同时兼容平台证书和公钥
X509Certificate certificate = null;
// 尝试从p12证书中加载私钥和证书
Object[] objects = this.p12ToPem();
if (objects != null) {
merchantPrivateKey = (PrivateKey) objects[0];
certificate = (X509Certificate) objects[1];
this.certSerialNo = certificate.getSerialNumber().toString(16).toUpperCase();
}
if (certificate == null && StringUtils.isBlank(this.getCertSerialNo()) && StringUtils.isNotBlank(this.getPrivateCertPath())) {
try (InputStream certInputStream = this.loadConfigInputStream(this.getPrivateCertString(), this.getPrivateCertPath(),
this.privateCertContent, "privateCertPath")) {
certificate = PemUtils.loadCertificate(certInputStream);
}
this.certSerialNo = certificate.getSerialNumber().toString(16).toUpperCase();
}
if (this.getPublicKeyString() != null || this.getPublicKeyPath() != null || this.publicKeyContent != null) {
if (StringUtils.isBlank(this.getPublicKeyId())) {
throw new WxPayException("请确保和publicKeyId配套使用");
}
try (InputStream pubInputStream =
this.loadConfigInputStream(this.getPublicKeyString(), this.getPublicKeyPath(),
this.getPublicKeyContent(), "publicKeyPath")) {
this.publicKeyContent, "publicKeyPath")) {
publicKey = PemUtils.loadPublicKey(pubInputStream);
}
} else {
// 不使用完全公钥模式时同时兼容平台证书和公钥
X509Certificate certificate = null;
// 尝试从p12证书中加载私钥和证书
Object[] objects = this.p12ToPem();
if (objects != null) {
merchantPrivateKey = (PrivateKey) objects[0];
certificate = (X509Certificate) objects[1];
this.certSerialNo = certificate.getSerialNumber().toString(16).toUpperCase();
}
if (certificate == null && StringUtils.isBlank(this.getCertSerialNo()) && StringUtils.isNotBlank(this.getPrivateCertPath())) {
try (InputStream certInputStream = this.loadConfigInputStream(this.getPrivateCertString(), this.getPrivateCertPath(),
this.privateCertContent, "privateCertPath")) {
certificate = PemUtils.loadCertificate(certInputStream);
}
this.certSerialNo = certificate.getSerialNumber().toString(16).toUpperCase();
}
if (this.getPublicKeyString() != null || this.getPublicKeyPath() != null || this.publicKeyContent != null) {
if (StringUtils.isBlank(this.getPublicKeyId())) {
throw new WxPayException("请确保和publicKeyId配套使用");
}
try (InputStream pubInputStream =
this.loadConfigInputStream(this.getPublicKeyString(), this.getPublicKeyPath(),
this.publicKeyContent, "publicKeyPath")) {
publicKey = PemUtils.loadPublicKey(pubInputStream);
}
}
}
// 加载api私钥
@ -358,6 +340,7 @@ public class WxPayConfig {
// 构造证书验签器
Verifier certificatesVerifier;
if (this.fullPublicKeyModel) {
// 使用完全公钥模式时只加载公钥相关配置避免下载平台证书使灰度切换无法达到100%覆盖
certificatesVerifier = VerifierBuilder.buildPublicCertVerifier(this.publicKeyId, publicKey);
} else {
certificatesVerifier = VerifierBuilder.build(