#1060 修复微信卡券签名问题

2025-05-05 05:07:46 +08:00 · 2019-06-02 12:43:02 +08:00 · 2019-06-02 12:43:02 +08:00 · f71fed4c6a
commit f71fed4c6a
parent f67333a06a
4 changed files with 51 additions and 142 deletions
--- a/weixin-java-common/src/main/java/me/chanjar/weixin/common/util/crypto/SHA1.java
+++ b/weixin-java-common/src/main/java/me/chanjar/weixin/common/util/crypto/SHA1.java
@ -6,12 +6,14 @@ import org.apache.commons.lang3.StringUtils;
 import java.util.Arrays;

 /**
- * Created by Daniel Qian on 14/10/19.
+ *
+ * @author Daniel Qian
+ * @date 14/10/19
 */
 public class SHA1 {

  /**
-   * 串接arr参数，生成sha1 digest
+   * 串接arr参数，生成sha1 digest.
   */
  public static String gen(String... arr) {
    if (StringUtils.isAnyEmpty(arr)) {
@ -27,7 +29,7 @@ public class SHA1 {
  }

  /**
-   * 用&串接arr参数，生成sha1 digest
+   * 用&串接arr参数，生成sha1 digest.
   */
  public static String genWithAmple(String... arr) {
    if (StringUtils.isAnyEmpty(arr)) {
--- a/weixin-java-mp/src/main/java/me/chanjar/weixin/mp/api/WxMpCardService.java
+++ b/weixin-java-mp/src/main/java/me/chanjar/weixin/mp/api/WxMpCardService.java
@ -3,10 +3,9 @@ package me.chanjar.weixin.mp.api;
 import me.chanjar.weixin.common.bean.WxCardApiSignature;
 import me.chanjar.weixin.common.error.WxErrorException;
 import me.chanjar.weixin.mp.bean.card.*;
-import me.chanjar.weixin.mp.bean.card.WxMpCardResult;

 /**
- * 卡券相关接口
+ * 卡券相关接口.
 *
 * @author YuJian(mgcnrx11 @ hotmail.com) on 01/11/2016
 * @author yuanqixun 2018-08-29
@ -22,23 +21,24 @@ public interface WxMpCardService {
  String CARD_TEST_WHITELIST = "https://api.weixin.qq.com/card/testwhitelist/set";
  String CARD_QRCODE_CREATE = "https://api.weixin.qq.com/card/qrcode/create";
  String CARD_LANDING_PAGE_CREATE = "https://api.weixin.qq.com/card/landingpage/create";
+
  /**
-   * 将用户的卡券设置为失效状态
+   * 将用户的卡券设置为失效状态.
   */
  String CARD_CODE_UNAVAILABLE = "https://api.weixin.qq.com/card/code/unavailable";

  /**
-   * 卡券删除
+   * 卡券删除.
   */
  String CARD_DELETE = "https://api.weixin.qq.com/card/delete";

  /**
-   * 得到WxMpService
+   * 得到WxMpService.
   */
  WxMpService getWxMpService();

  /**
-   * 获得卡券api_ticket，不强制刷新卡券api_ticket
+   * 获得卡券api_ticket，不强制刷新卡券api_ticket.
   *
   * @return 卡券api_ticket
   * @see #getCardApiTicket(boolean)
@ -47,7 +47,7 @@ public interface WxMpCardService {

  /**
   * <pre>
-   * 获得卡券api_ticket
+   * 获得卡券api_ticket.
   * 获得时会检查卡券apiToken是否过期，如果过期了，那么就刷新一下，否则就什么都不干
   *
   * 详情请见：http://mp.weixin.qq.com/wiki/7/aaa137b55fb2e0456bf8dd9148dd613f.html#.E9.99.84.E5.BD.954-.E5.8D.A1.E5.88.B8.E6.89.A9.E5.B1.95.E5.AD.97.E6.AE.B5.E5.8F.8A.E7.AD.BE.E5.90.8D.E7.94.9F.E6.88.90.E7.AE.97.E6.B3.95
@ -61,7 +61,7 @@ public interface WxMpCardService {

  /**
   * <pre>
-   * 创建调用卡券api时所需要的签名
+   * 创建调用卡券api时所需要的签名.
   *
   * 详情请见：http://mp.weixin.qq.com/wiki/7/aaa137b55fb2e0456bf8dd9148dd613f.html#.E9.99.84.E5.BD
   * .954-.E5.8D.A1.E5.88.B8.E6.89.A9.E5.B1.95.E5.AD.97.E6.AE.B5.E5.8F.8A.E7.AD.BE.E5.90.8D.E7.94
@ -73,11 +73,10 @@ public interface WxMpCardService {
   *                          </br>注意：当做wx.chooseCard调用时，必须传入app_id参与签名，否则会造成签名失败导致拉取卡券列表为空
   * @return 卡券Api签名对象
   */
-  WxCardApiSignature createCardApiSignature(String... optionalSignParam) throws
-    WxErrorException;
+  WxCardApiSignature createCardApiSignature(String... optionalSignParam) throws    WxErrorException;

  /**
-   * 卡券Code解码
+   * 卡券Code解码.
   *
   * @param encryptCode 加密Code，通过JSSDK的chooseCard接口获得
   * @return 解密后的Code
@ -87,6 +86,7 @@ public interface WxMpCardService {
  /**
   * 卡券Code查询.
   * 文档地址： https://mp.weixin.qq.com/wiki?t=resource/res_main&id=mp1451025272&anchor=1
+   *
   * @param cardId       卡券ID代表一类卡券
   * @param code         单张卡券的唯一标准
   * @param checkConsume 是否校验code核销状态，填入true和false时的code异常状态返回数据不同
@ -105,7 +105,7 @@ public interface WxMpCardService {
  String consumeCardCode(String code) throws WxErrorException;

  /**
-   * 卡券Code核销。核销失败会抛出异常
+   * 卡券Code核销。核销失败会抛出异常.
   *
   * @param code   单张卡券的唯一标准
   * @param cardId 当自定义Code卡券时需要传入card_id
@ -124,11 +124,10 @@ public interface WxMpCardService {
   * @param openId 用券用户的openid
   * @param isMark 是否要mark（占用）这个code，填写true或者false，表示占用或解除占用
   */
-  void markCardCode(String code, String cardId, String openId, boolean isMark) throws
-    WxErrorException;
+  void markCardCode(String code, String cardId, String openId, boolean isMark) throws WxErrorException;

  /**
-   * 查看卡券详情接口
+   * 查看卡券详情接口.
   * 详见 https://mp.weixin.qq.com/wiki/14/8dd77aeaee85f922db5f8aa6386d385e.html#.E6.9F.A5.E7.9C.8B.E5.8D.A1.E5.88.B8.E8.AF.A6.E6.83.85
   *
   * @param cardId 卡券的ID
@ -139,7 +138,7 @@ public interface WxMpCardService {
  String getCardDetail(String cardId) throws WxErrorException;

  /**
-   * 添加测试白名单
+   * 添加测试白名单.
   *
   * @param openid 用户的openid
   * @return
@ -147,7 +146,6 @@ public interface WxMpCardService {
  String addTestWhiteList(String openid) throws WxErrorException;

  /**
-   *
   * @param cardCreateMessage
   * @return
   * @throws WxErrorException
@ -155,7 +153,7 @@ public interface WxMpCardService {
  WxMpCardCreateResult createCard(WxMpCardCreateMessage cardCreateMessage) throws WxErrorException;

  /**
-   * 创建卡券二维码
+   * 创建卡券二维码.
   *
   * @param cardId   卡券编号
   * @param outerStr 二维码标识
@ -164,7 +162,7 @@ public interface WxMpCardService {
  WxMpCardQrcodeCreateResult createQrcodeCard(String cardId, String outerStr) throws WxErrorException;

  /**
-   * 创建卡券二维码
+   * 创建卡券二维码.
   *
   * @param cardId    卡券编号
   * @param outerStr  二维码标识
@ -174,7 +172,7 @@ public interface WxMpCardService {
  WxMpCardQrcodeCreateResult createQrcodeCard(String cardId, String outerStr, int expiresIn) throws WxErrorException;

  /**
-   * 创建卡券货架
+   * 创建卡券货架.
   *
   * @param createRequest 货架创建参数
   * @return
@ -183,7 +181,7 @@ public interface WxMpCardService {
  WxMpCardLandingPageCreateResult createLandingPage(WxMpCardLandingPageCreateRequest createRequest) throws WxErrorException;

  /**
-   * 将用户的卡券设置为失效状态
+   * 将用户的卡券设置为失效状态.
   * 详见:https://mp.weixin.qq.com/wiki?t=resource/res_main&id=mp1451025272&anchor=9
   *
   * @param cardId 卡券编号
@ -195,7 +193,8 @@ public interface WxMpCardService {
  String unavailableCardCode(String cardId, String code, String reason) throws WxErrorException;

  /**
-   * 删除卡券接口
+   * 删除卡券接口.
+   *
   * @param cardId
   * @return
   * @throws WxErrorException
--- a/weixin-java-mp/src/main/java/me/chanjar/weixin/mp/api/impl/WxMpCardServiceImpl.java
+++ b/weixin-java-mp/src/main/java/me/chanjar/weixin/mp/api/impl/WxMpCardServiceImpl.java
@ -2,20 +2,20 @@ package me.chanjar.weixin.mp.api.impl;

 import com.google.gson.*;
 import com.google.gson.reflect.TypeToken;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import me.chanjar.weixin.common.bean.WxCardApiSignature;
 import me.chanjar.weixin.common.error.WxError;
 import me.chanjar.weixin.common.error.WxErrorException;
 import me.chanjar.weixin.common.util.RandomUtils;
-import me.chanjar.weixin.common.util.crypto.SHA1;
 import me.chanjar.weixin.common.util.http.SimpleGetRequestExecutor;
 import me.chanjar.weixin.mp.api.WxMpCardService;
 import me.chanjar.weixin.mp.api.WxMpService;
 import me.chanjar.weixin.mp.bean.card.*;
 import me.chanjar.weixin.mp.enums.TicketType;
 import me.chanjar.weixin.mp.util.json.WxMpGsonBuilder;
+import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;

 import java.util.Arrays;
 import java.util.concurrent.locks.Lock;
@ -25,46 +25,22 @@ import java.util.concurrent.locks.Lock;
 *
 * @author BinaryWang
 */
+@Slf4j
+@RequiredArgsConstructor
 public class WxMpCardServiceImpl implements WxMpCardService {
-  private final Logger log = LoggerFactory.getLogger(WxMpCardServiceImpl.class);
-
-  private WxMpService wxMpService;
-
  private static final Gson GSON = WxMpGsonBuilder.create();
-
-  public WxMpCardServiceImpl(WxMpService wxMpService) {
-    this.wxMpService = wxMpService;
-  }
+  private final WxMpService wxMpService;

  @Override
  public WxMpService getWxMpService() {
    return this.wxMpService;
  }

-  /**
-   * 获得卡券api_ticket，不强制刷新卡券api_ticket.
-   *
-   * @return 卡券api_ticket
-   * @see #getCardApiTicket(boolean)
-   */
  @Override
  public String getCardApiTicket() throws WxErrorException {
    return getCardApiTicket(false);
  }

-  /**
-   * <pre>
-   * 获得卡券api_ticket.
-   * 获得时会检查卡券apiToken是否过期，如果过期了，那么就刷新一下，否则就什么都不干
-   *
-   * 详情请见：http://mp.weixin.qq.com/wiki/7/aaa137b55fb2e0456bf8dd9148dd613f.html#.E9.99.84.E5.BD
-   * .954-.E5.8D.A1.E5.88.B8.E6.89.A9.E5.B1.95.E5.AD.97.E6.AE.B5.E5.8F.8A.E7.AD.BE.E5.90.8D.E7.94
-   * .9F.E6.88.90.E7.AE.97.E6.B3.95
-   * </pre>
-   *
-   * @param forceRefresh 强制刷新
-   * @return 卡券api_ticket
-   */
  @Override
  public String getCardApiTicket(boolean forceRefresh) throws WxErrorException {
    final TicketType type = TicketType.WX_CARD;
@ -91,32 +67,22 @@ public class WxMpCardServiceImpl implements WxMpCardService {
    return this.getWxMpService().getWxMpConfigStorage().getTicket(type);
  }

-  /**
-   * <pre>
-   * 创建调用卡券api时所需要的签名
-   *
-   * 详情请见：http://mp.weixin.qq.com/wiki/7/aaa137b55fb2e0456bf8dd9148dd613f.html#.E9.99.84.E5.BD
-   * .954-.E5.8D.A1.E5.88.B8.E6.89.A9.E5.B1.95.E5.AD.97.E6.AE.B5.E5.8F.8A.E7.AD.BE.E5.90.8D.E7.94
-   * .9F.E6.88.90.E7.AE.97.E6.B3.95
-   * </pre>
-   *
-   * @param optionalSignParam 参与签名的参数数组。
-   *                          可以为下列字段：app_id, card_id, card_type, code, openid, location_id
-   *                          </br>注意：当做wx.chooseCard调用时，必须传入app_id参与签名，否则会造成签名失败导致拉取卡券列表为空
-   * @return 卡券Api签名对象
-   */
  @Override
-  public WxCardApiSignature createCardApiSignature(String... optionalSignParam) throws
-    WxErrorException {
+  public WxCardApiSignature createCardApiSignature(String... optionalSignParam) throws WxErrorException {
    long timestamp = System.currentTimeMillis() / 1000;
    String nonceStr = RandomUtils.getRandomStr();
    String cardApiTicket = getCardApiTicket(false);

-    String[] signParam = Arrays.copyOf(optionalSignParam, optionalSignParam.length + 3);
-    signParam[optionalSignParam.length] = String.valueOf(timestamp);
-    signParam[optionalSignParam.length + 1] = nonceStr;
-    signParam[optionalSignParam.length + 2] = cardApiTicket;
-    String signature = SHA1.gen(signParam);
+    String[] signParams = Arrays.copyOf(optionalSignParam, optionalSignParam.length + 3);
+    signParams[optionalSignParam.length] = String.valueOf(timestamp);
+    signParams[optionalSignParam.length + 1] = nonceStr;
+    signParams[optionalSignParam.length + 2] = cardApiTicket;
+    StringBuilder sb = new StringBuilder();
+    for (String a : signParams) {
+      sb.append(a);
+    }
+    String signature = DigestUtils.sha1Hex(sb.toString());
+
    WxCardApiSignature cardApiSignature = new WxCardApiSignature();
    cardApiSignature.setTimestamp(timestamp);
    cardApiSignature.setNonceStr(nonceStr);
@ -124,12 +90,6 @@ public class WxMpCardServiceImpl implements WxMpCardService {
    return cardApiSignature;
  }

-  /**
-   * 卡券Code解码
-   *
-   * @param encryptCode 加密Code，通过JSSDK的chooseCard接口获得
-   * @return 解密后的Code
-   */
  @Override
  public String decryptCardCode(String encryptCode) throws WxErrorException {
    JsonObject param = new JsonObject();
@ -154,26 +114,11 @@ public class WxMpCardServiceImpl implements WxMpCardService {
      }.getType());
  }

-  /**
-   * 卡券Code核销。核销失败会抛出异常
-   *
-   * @param code 单张卡券的唯一标准
-   * @return 调用返回的JSON字符串。
-   * <br>可用 com.google.gson.JsonParser#parse 等方法直接取JSON串中的errcode等信息。
-   */
  @Override
  public String consumeCardCode(String code) throws WxErrorException {
    return consumeCardCode(code, null);
  }

-  /**
-   * 卡券Code核销。核销失败会抛出异常
-   *
-   * @param code   单张卡券的唯一标准
-   * @param cardId 当自定义Code卡券时需要传入card_id
-   * @return 调用返回的JSON字符串。
-   * <br>可用 com.google.gson.JsonParser#parse 等方法直接取JSON串中的errcode等信息。
-   */
  @Override
  public String consumeCardCode(String code, String cardId) throws WxErrorException {
    JsonObject param = new JsonObject();
@ -186,19 +131,8 @@ public class WxMpCardServiceImpl implements WxMpCardService {
    return this.wxMpService.post(CARD_CODE_CONSUME, param.toString());
  }

-  /**
-   * 卡券Mark接口。
-   * 开发者在帮助消费者核销卡券之前，必须帮助先将此code（卡券串码）与一个openid绑定（即mark住），
-   * 才能进一步调用核销接口，否则报错。
-   *
-   * @param code   卡券的code码
-   * @param cardId 卡券的ID
-   * @param openId 用券用户的openid
-   * @param isMark 是否要mark（占用）这个code，填写true或者false，表示占用或解除占用
-   */
  @Override
-  public void markCardCode(String code, String cardId, String openId, boolean isMark) throws
-    WxErrorException {
+  public void markCardCode(String code, String cardId, String openId, boolean isMark) throws WxErrorException {
    JsonObject param = new JsonObject();
    param.addProperty("code", code);
    param.addProperty("card_id", cardId);
@ -210,7 +144,7 @@ public class WxMpCardServiceImpl implements WxMpCardService {
      new TypeToken<WxMpCardResult>() {
      }.getType());
    if (!"0".equals(cardResult.getErrorCode())) {
-      this.log.warn("朋友的券mark失败：{}", cardResult.getErrorMsg());
+      log.warn("朋友的券mark失败：{}", cardResult.getErrorMsg());
    }
  }

@ -233,43 +167,26 @@ public class WxMpCardServiceImpl implements WxMpCardService {
    return responseContent;
  }

-  /**
-   * 添加测试白名单.
-   *
-   * @param openid 用户的openid
-   */
  @Override
  public String addTestWhiteList(String openid) throws WxErrorException {
    JsonArray array = new JsonArray();
    array.add(openid);
    JsonObject jsonObject = new JsonObject();
    jsonObject.add("openid", array);
-    String respone = this.wxMpService.post(CARD_TEST_WHITELIST, GSON.toJson(jsonObject));
-    return respone;
+    return this.wxMpService.post(CARD_TEST_WHITELIST, GSON.toJson(jsonObject));
  }

  @Override
  public WxMpCardCreateResult createCard(WxMpCardCreateMessage cardCreateMessage) throws WxErrorException {
-
    String response = this.wxMpService.post(CARD_CREATE, GSON.toJson(cardCreateMessage));
    return WxMpCardCreateResult.fromJson(response);
  }

-  /**
-   * 创建卡券二维码.
-   */
  @Override
  public WxMpCardQrcodeCreateResult createQrcodeCard(String cardId, String outerStr) throws WxErrorException {
    return createQrcodeCard(cardId, outerStr, 0);
  }

-  /**
-   * 创建卡券二维码.
-   *
-   * @param cardId    卡券编号
-   * @param outerStr  二维码标识
-   * @param expiresIn 失效时间，单位秒，不填默认365天
-   */
  @Override
  public WxMpCardQrcodeCreateResult createQrcodeCard(String cardId, String outerStr, int expiresIn) throws WxErrorException {
    JsonObject jsonObject = new JsonObject();
@ -286,23 +203,12 @@ public class WxMpCardServiceImpl implements WxMpCardService {
    return WxMpCardQrcodeCreateResult.fromJson(this.wxMpService.post(CARD_QRCODE_CREATE, GSON.toJson(jsonObject)));
  }

-  /**
-   * 创建卡券货架接口.
-   */
  @Override
  public WxMpCardLandingPageCreateResult createLandingPage(WxMpCardLandingPageCreateRequest request) throws WxErrorException {
    String response = this.wxMpService.post(CARD_LANDING_PAGE_CREATE, GSON.toJson(request));
    return WxMpCardLandingPageCreateResult.fromJson(response);
  }

-  /**
-   * 将用户的卡券设置为失效状态.
-   * 详见:https://mp.weixin.qq.com/wiki?t=resource/res_main&id=mp1451025272&anchor=9
-   *
-   * @param cardId 卡券编号
-   * @param code   用户会员卡号
-   * @param reason 设置为失效的原因
-   */
  @Override
  public String unavailableCardCode(String cardId, String code, String reason) throws WxErrorException {
    if (StringUtils.isAnyBlank(cardId, code, reason)) {
--- a/weixin-java-mp/src/main/java/me/chanjar/weixin/mp/bean/card/WxMpCardDeleteResult.java
+++ b/weixin-java-mp/src/main/java/me/chanjar/weixin/mp/bean/card/WxMpCardDeleteResult.java
@ -3,11 +3,13 @@ package me.chanjar.weixin.mp.bean.card;
 import me.chanjar.weixin.mp.util.json.WxMpGsonBuilder;

 /**
- * @description 删除卡券结果
- * @author: fanxl
- * @date: 2019/1/22 0022 10:24
+ * 删除卡券结果.
+ *
+ * @author fanxl
+ * @date 2019/1/22 0022 10:24
 */
 public class WxMpCardDeleteResult extends BaseWxMpCardResult {
+  private static final long serialVersionUID = -4367717540650523290L;

  public static WxMpCardDeleteResult fromJson(String json) {
    return WxMpGsonBuilder.create().fromJson(json, WxMpCardDeleteResult.class);