lsm/weixin-java-tools
1
0
Fork 0
mirror of https://gitee.com/binary/weixin-java-tools.git synced 2025-06-28 13:16:19 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

🎨 #3498【微信支付】服务商模式-兼容公钥模式下请求头序列号以及灰度切换

Browse Source
This commit is contained in:
SynchPj 2025-03-17 10:58:50 +08:00 committed by GitHub
parent 03790d64bc
commit 5ac9922f8d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 30 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
weixin-java-pay/src/main/java/com/github/binarywang/wxpay/config/WxPayConfig.java
View File

@ -320,16 +320,7 @@ public class WxPayConfig {
//构造Http Proxy正向代理 //构造Http Proxy正向代理
WxPayHttpProxy wxPayHttpProxy = getWxPayHttpProxy(); WxPayHttpProxy wxPayHttpProxy = getWxPayHttpProxy();
Verifier certificatesVerifier; Verifier certificatesVerifier = getVerifier(merchantPrivateKey, wxPayHttpProxy, publicKey);
if (publicKey == null) {
certificatesVerifier =
new AutoUpdateCertificatesVerifier(
new WxPayCredentials(mchId, new PrivateKeySigner(certSerialNo, merchantPrivateKey)),
this.getApiV3Key().getBytes(StandardCharsets.UTF_8), this.getCertAutoUpdateTime(),
this.getPayBaseUrl(), wxPayHttpProxy);
} else {
certificatesVerifier = new PublicCertificateVerifier(publicKey, publicKeyId);
}
WxPayV3HttpClientBuilder wxPayV3HttpClientBuilder = WxPayV3HttpClientBuilder.create() WxPayV3HttpClientBuilder wxPayV3HttpClientBuilder = WxPayV3HttpClientBuilder.create()
.withMerchant(mchId, certSerialNo, merchantPrivateKey) .withMerchant(mchId, certSerialNo, merchantPrivateKey)
@ -355,6 +346,19 @@ public class WxPayConfig {
} }
} }
private Verifier getVerifier(PrivateKey merchantPrivateKey, WxPayHttpProxy wxPayHttpProxy, PublicKey publicKey) {
Verifier certificatesVerifier = new AutoUpdateCertificatesVerifier(
new WxPayCredentials(mchId, new PrivateKeySigner(certSerialNo, merchantPrivateKey)),
this.getApiV3Key().getBytes(StandardCharsets.UTF_8), this.getCertAutoUpdateTime(),
this.getPayBaseUrl(), wxPayHttpProxy);
if (publicKey != null) {
Verifier publicCertificatesVerifier = new PublicCertificateVerifier(publicKey, publicKeyId);
publicCertificatesVerifier.setOtherVerifier(certificatesVerifier);
certificatesVerifier = publicCertificatesVerifier;
}
return certificatesVerifier;
}
/** /**
* 初始化一个WxPayHttpProxy对象 * 初始化一个WxPayHttpProxy对象
* *

7
weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/WxPayServiceApacheHttpImpl.java
View File

@ -100,6 +100,8 @@ public class WxPayServiceApacheHttpImpl extends BaseWxPayServiceImpl {
HttpPost httpPost = this.createHttpPost(url, requestStr); HttpPost httpPost = this.createHttpPost(url, requestStr);
httpPost.addHeader(ACCEPT, APPLICATION_JSON); httpPost.addHeader(ACCEPT, APPLICATION_JSON);
httpPost.addHeader(CONTENT_TYPE, APPLICATION_JSON); httpPost.addHeader(CONTENT_TYPE, APPLICATION_JSON);
String serialNumber = getWechatpaySerial(getConfig());
httpPost.addHeader("Wechatpay-Serial", serialNumber);
try (CloseableHttpResponse response = httpClient.execute(httpPost)) { try (CloseableHttpResponse response = httpClient.execute(httpPost)) {
//v3已经改为通过状态码判断200 204 成功 //v3已经改为通过状态码判断200 204 成功
int statusCode = response.getStatusLine().getStatusCode(); int statusCode = response.getStatusLine().getStatusCode();
@ -387,10 +389,9 @@ public class WxPayServiceApacheHttpImpl extends BaseWxPayServiceImpl {
* @return * @return
*/ */
private String getWechatpaySerial(WxPayConfig wxPayConfig) { private String getWechatpaySerial(WxPayConfig wxPayConfig) {
String serialNumber = wxPayConfig.getVerifier().getValidCertificate().getSerialNumber().toString(16).toUpperCase();
if (StringUtils.isNotBlank(wxPayConfig.getPublicKeyId())) { if (StringUtils.isNotBlank(wxPayConfig.getPublicKeyId())) {
serialNumber = wxPayConfig.getPublicKeyId(); return wxPayConfig.getPublicKeyId();
} }
return serialNumber; return wxPayConfig.getVerifier().getValidCertificate().getSerialNumber().toString(16).toUpperCase();
} }
} }

9
weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/PublicCertificateVerifier.java
View File

@ -9,6 +9,8 @@ public class PublicCertificateVerifier implements Verifier{
private final PublicKey publicKey; private final PublicKey publicKey;
private Verifier certificateVerifier;
private final X509PublicCertificate publicCertificate; private final X509PublicCertificate publicCertificate;
public PublicCertificateVerifier(PublicKey publicKey, String publicId) { public PublicCertificateVerifier(PublicKey publicKey, String publicId) {
@ -16,8 +18,15 @@ public class PublicCertificateVerifier implements Verifier{
this.publicCertificate = new X509PublicCertificate(publicKey, publicId); this.publicCertificate = new X509PublicCertificate(publicKey, publicId);
} }
public void setOtherVerifier(Verifier verifier) {
this.certificateVerifier = verifier;
}
@Override @Override
public boolean verify(String serialNumber, byte[] message, String signature) { public boolean verify(String serialNumber, byte[] message, String signature) {
if (!serialNumber.contains("PUB_KEY_ID")) {
return this.certificateVerifier.verify(serialNumber, message, signature);
}
try { try {
Signature sign = Signature.getInstance("SHA256withRSA"); Signature sign = Signature.getInstance("SHA256withRSA");
sign.initVerify(publicKey); sign.initVerify(publicKey);

2
weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/Verifier.java
View File

@ -7,4 +7,6 @@ public interface Verifier {
X509Certificate getValidCertificate(); X509Certificate getValidCertificate();
default void setOtherVerifier(Verifier verifier) {};
} }