From 9aa2781e6825dd5b6a6f6f36e67f77ad4985acc4 Mon Sep 17 00:00:00 2001
From: Copilot <198982749+Copilot@users.noreply.github.com>
Date: Sat, 27 Sep 2025 17:11:32 +0800
Subject: [PATCH] =?UTF-8?q?:art:=20#3634=20=E3=80=90=E5=BE=AE=E4=BF=A1?=
 =?UTF-8?q?=E6=94=AF=E4=BB=98=E3=80=91=E5=B0=9D=E8=AF=95=E4=BF=AE=E5=A4=8D?=
 =?UTF-8?q?=E6=9C=8D=E5=8A=A1=E5=95=86=E6=A8=A1=E5=BC=8F=E5=88=86=E8=B4=A6?=
 =?UTF-8?q?=E5=8A=A8=E8=B4=A6=E9=80=9A=E7=9F=A5=E9=9D=9E=E6=B3=95=E8=AF=B7?=
 =?UTF-8?q?=E6=B1=82=E3=80=81=E5=A4=B4=E9=83=A8=E4=BF=A1=E6=81=AF=E9=AA=8C?=
 =?UTF-8?q?=E8=AF=81=E5=A4=B1=E8=B4=A5=E7=9A=84=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../wxpay/service/impl/ProfitSharingServiceImpl.java       | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/ProfitSharingServiceImpl.java b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/ProfitSharingServiceImpl.java
index 6be5ffc8c..afaa45440 100644
--- a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/ProfitSharingServiceImpl.java
+++ b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/ProfitSharingServiceImpl.java
@@ -7,6 +7,7 @@ import com.github.binarywang.wxpay.bean.profitsharing.request.*;
 import com.github.binarywang.wxpay.bean.profitsharing.result.*;
 import com.github.binarywang.wxpay.bean.result.BaseWxPayResult;
 import com.github.binarywang.wxpay.exception.WxPayException;
+import com.github.binarywang.wxpay.exception.WxSignTestException;
 import com.github.binarywang.wxpay.service.ProfitSharingService;
 import com.github.binarywang.wxpay.service.WxPayService;
 import com.github.binarywang.wxpay.v3.auth.Verifier;
@@ -293,7 +294,11 @@ public class ProfitSharingServiceImpl implements ProfitSharingService {
    * @return true:校验通过 false:校验不通过
    */
   private boolean verifyNotifySign(SignatureHeader header, String data) throws WxPayException {
-    String beforeSign = String.format("%s%n%s%n%s%n", header.getTimeStamp(), header.getNonce(), data);
+    String wxPaySign = header.getSignature();
+    if (wxPaySign.startsWith("WECHATPAY/SIGNTEST/")) {
+      throw new WxSignTestException("微信支付签名探测流量");
+    }
+    String beforeSign = String.format("%s\n%s\n%s\n", header.getTimeStamp(), header.getNonce(), data);
     Verifier verifier = this.payService.getConfig().getVerifier();
     if (verifier == null) {
       throw new WxPayException("证书检验对象为空");