From 388188b6947d84c5279f5ff0acfe15132f7cca66 Mon Sep 17 00:00:00 2001
From: Molzx <31435895+Molzx@users.noreply.github.com>
Date: Tue, 3 Jun 2025 11:53:45 +0800
Subject: [PATCH] =?UTF-8?q?:art:=20=E3=80=90=E5=BE=AE=E4=BF=A1=E6=94=AF?=
 =?UTF-8?q?=E4=BB=98=E3=80=91=E8=B0=83=E6=95=B4=E9=80=BB=E8=BE=91=EF=BC=9A?=
 =?UTF-8?q?=E5=BD=93=E5=AE=8C=E5=85=A8=E4=BD=BF=E7=94=A8=E5=85=AC=E9=92=A5?=
 =?UTF-8?q?=E6=A8=A1=E5=BC=8F=E6=97=B6=EF=BC=8C=E4=B9=9F=E5=8F=AF=E4=BB=8E?=
 =?UTF-8?q?p12=E8=AF=81=E4=B9=A6=E4=B8=AD=E8=AF=BB=E5=8F=96=E8=AF=81?=
 =?UTF-8?q?=E4=B9=A6=E7=A7=81=E9=92=A5=E7=AD=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../binarywang/wxpay/config/WxPayConfig.java  | 59 +++++++------------
 1 file changed, 21 insertions(+), 38 deletions(-)

diff --git a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/config/WxPayConfig.java b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/config/WxPayConfig.java
index 0a804f269..96b6f1dd8 100644
--- a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/config/WxPayConfig.java
+++ b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/config/WxPayConfig.java
@@ -298,50 +298,32 @@ public class WxPayConfig {
       PrivateKey merchantPrivateKey = null;
       PublicKey publicKey = null;
 
-      // 使用完全公钥模式时，只加载公钥相关配置，避免下载平台证书使灰度切换无法达到100%覆盖
-      if (this.fullPublicKeyModel) {
-        if (StringUtils.isBlank(this.getCertSerialNo())) {
-          throw new WxPayException("使用公钥模式时，请确保certSerialNo(apiV3证书序列号)值已设置");
-        }
-        if (StringUtils.isBlank(this.getPublicKeyId())) {
-          throw new WxPayException("使用公钥模式时，请确保publicKeyId值已设置");
-        }
-        if (StringUtils.isBlank(this.getPublicKeyString()) && StringUtils.isBlank(this.getPublicKeyPath()) && this.getPublicKeyContent() == null) {
-          throw new WxPayException("使用公钥模式时，请确保publicKeyString/publicKeyPath/publicKeyContent其中一项值已设置");
+      // 不使用完全公钥模式时，同时兼容平台证书和公钥
+      X509Certificate certificate = null;
+      // 尝试从p12证书中加载私钥和证书
+      Object[] objects = this.p12ToPem();
+      if (objects != null) {
+        merchantPrivateKey = (PrivateKey) objects[0];
+        certificate = (X509Certificate) objects[1];
+        this.certSerialNo = certificate.getSerialNumber().toString(16).toUpperCase();
+      }
+      if (certificate == null && StringUtils.isBlank(this.getCertSerialNo()) && StringUtils.isNotBlank(this.getPrivateCertPath())) {
+        try (InputStream certInputStream = this.loadConfigInputStream(this.getPrivateCertString(), this.getPrivateCertPath(),
+          this.privateCertContent, "privateCertPath")) {
+          certificate = PemUtils.loadCertificate(certInputStream);
         }
+        this.certSerialNo = certificate.getSerialNumber().toString(16).toUpperCase();
+      }
 
+      if (this.getPublicKeyString() != null || this.getPublicKeyPath() != null || this.publicKeyContent != null) {
+        if (StringUtils.isBlank(this.getPublicKeyId())) {
+          throw new WxPayException("请确保和publicKeyId配套使用");
+        }
         try (InputStream pubInputStream =
                this.loadConfigInputStream(this.getPublicKeyString(), this.getPublicKeyPath(),
-                 this.getPublicKeyContent(), "publicKeyPath")) {
+                 this.publicKeyContent, "publicKeyPath")) {
           publicKey = PemUtils.loadPublicKey(pubInputStream);
         }
-      } else {
-        // 不使用完全公钥模式时，同时兼容平台证书和公钥
-        X509Certificate certificate = null;
-        // 尝试从p12证书中加载私钥和证书
-        Object[] objects = this.p12ToPem();
-        if (objects != null) {
-          merchantPrivateKey = (PrivateKey) objects[0];
-          certificate = (X509Certificate) objects[1];
-          this.certSerialNo = certificate.getSerialNumber().toString(16).toUpperCase();
-        }
-        if (certificate == null && StringUtils.isBlank(this.getCertSerialNo()) && StringUtils.isNotBlank(this.getPrivateCertPath())) {
-          try (InputStream certInputStream = this.loadConfigInputStream(this.getPrivateCertString(), this.getPrivateCertPath(),
-            this.privateCertContent, "privateCertPath")) {
-            certificate = PemUtils.loadCertificate(certInputStream);
-          }
-          this.certSerialNo = certificate.getSerialNumber().toString(16).toUpperCase();
-        }
-        if (this.getPublicKeyString() != null || this.getPublicKeyPath() != null || this.publicKeyContent != null) {
-          if (StringUtils.isBlank(this.getPublicKeyId())) {
-            throw new WxPayException("请确保和publicKeyId配套使用");
-          }
-          try (InputStream pubInputStream =
-                 this.loadConfigInputStream(this.getPublicKeyString(), this.getPublicKeyPath(),
-                   this.publicKeyContent, "publicKeyPath")) {
-            publicKey = PemUtils.loadPublicKey(pubInputStream);
-          }
-        }
       }
 
       // 加载api私钥
@@ -358,6 +340,7 @@ public class WxPayConfig {
       // 构造证书验签器
       Verifier certificatesVerifier;
       if (this.fullPublicKeyModel) {
+        // 使用完全公钥模式时，只加载公钥相关配置，避免下载平台证书使灰度切换无法达到100%覆盖
         certificatesVerifier = VerifierBuilder.buildPublicCertVerifier(this.publicKeyId, publicKey);
       } else {
         certificatesVerifier = VerifierBuilder.build(