mirror of
https://gitee.com/binary/weixin-java-tools.git
synced 2025-10-31 10:38:42 +08:00
🎨 #3498【微信支付】服务商模式-兼容公钥模式下请求头序列号以及灰度切换
This commit is contained in:
SynchPj
@ -320,16 +320,7 @@ public class WxPayConfig {
|
|||||||
//构造Http Proxy正向代理
|
//构造Http Proxy正向代理
|
||||||
WxPayHttpProxy wxPayHttpProxy = getWxPayHttpProxy();
|
WxPayHttpProxy wxPayHttpProxy = getWxPayHttpProxy();
|
||||||
|
|
||||||
Verifier certificatesVerifier;
|
Verifier certificatesVerifier = getVerifier(merchantPrivateKey, wxPayHttpProxy, publicKey);
|
||||||
if (publicKey == null) {
|
|
||||||
certificatesVerifier =
|
|
||||||
new AutoUpdateCertificatesVerifier(
|
|
||||||
new WxPayCredentials(mchId, new PrivateKeySigner(certSerialNo, merchantPrivateKey)),
|
|
||||||
this.getApiV3Key().getBytes(StandardCharsets.UTF_8), this.getCertAutoUpdateTime(),
|
|
||||||
this.getPayBaseUrl(), wxPayHttpProxy);
|
|
||||||
} else {
|
|
||||||
certificatesVerifier = new PublicCertificateVerifier(publicKey, publicKeyId);
|
|
||||||
}
|
|
||||||
|
|
||||||
WxPayV3HttpClientBuilder wxPayV3HttpClientBuilder = WxPayV3HttpClientBuilder.create()
|
WxPayV3HttpClientBuilder wxPayV3HttpClientBuilder = WxPayV3HttpClientBuilder.create()
|
||||||
.withMerchant(mchId, certSerialNo, merchantPrivateKey)
|
.withMerchant(mchId, certSerialNo, merchantPrivateKey)
|
||||||
@ -355,6 +346,19 @@ public class WxPayConfig {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private Verifier getVerifier(PrivateKey merchantPrivateKey, WxPayHttpProxy wxPayHttpProxy, PublicKey publicKey) {
|
||||||
|
Verifier certificatesVerifier = new AutoUpdateCertificatesVerifier(
|
||||||
|
new WxPayCredentials(mchId, new PrivateKeySigner(certSerialNo, merchantPrivateKey)),
|
||||||
|
this.getApiV3Key().getBytes(StandardCharsets.UTF_8), this.getCertAutoUpdateTime(),
|
||||||
|
this.getPayBaseUrl(), wxPayHttpProxy);
|
||||||
|
if (publicKey != null) {
|
||||||
|
Verifier publicCertificatesVerifier = new PublicCertificateVerifier(publicKey, publicKeyId);
|
||||||
|
publicCertificatesVerifier.setOtherVerifier(certificatesVerifier);
|
||||||
|
certificatesVerifier = publicCertificatesVerifier;
|
||||||
|
}
|
||||||
|
return certificatesVerifier;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 初始化一个WxPayHttpProxy对象
|
* 初始化一个WxPayHttpProxy对象
|
||||||
*
|
*
|
||||||
|
|||||||
@ -100,6 +100,8 @@ public class WxPayServiceApacheHttpImpl extends BaseWxPayServiceImpl {
|
|||||||
HttpPost httpPost = this.createHttpPost(url, requestStr);
|
HttpPost httpPost = this.createHttpPost(url, requestStr);
|
||||||
httpPost.addHeader(ACCEPT, APPLICATION_JSON);
|
httpPost.addHeader(ACCEPT, APPLICATION_JSON);
|
||||||
httpPost.addHeader(CONTENT_TYPE, APPLICATION_JSON);
|
httpPost.addHeader(CONTENT_TYPE, APPLICATION_JSON);
|
||||||
|
String serialNumber = getWechatpaySerial(getConfig());
|
||||||
|
httpPost.addHeader("Wechatpay-Serial", serialNumber);
|
||||||
try (CloseableHttpResponse response = httpClient.execute(httpPost)) {
|
try (CloseableHttpResponse response = httpClient.execute(httpPost)) {
|
||||||
//v3已经改为通过状态码判断200 204 成功
|
//v3已经改为通过状态码判断200 204 成功
|
||||||
int statusCode = response.getStatusLine().getStatusCode();
|
int statusCode = response.getStatusLine().getStatusCode();
|
||||||
@ -387,10 +389,9 @@ public class WxPayServiceApacheHttpImpl extends BaseWxPayServiceImpl {
|
|||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
private String getWechatpaySerial(WxPayConfig wxPayConfig) {
|
private String getWechatpaySerial(WxPayConfig wxPayConfig) {
|
||||||
String serialNumber = wxPayConfig.getVerifier().getValidCertificate().getSerialNumber().toString(16).toUpperCase();
|
|
||||||
if (StringUtils.isNotBlank(wxPayConfig.getPublicKeyId())) {
|
if (StringUtils.isNotBlank(wxPayConfig.getPublicKeyId())) {
|
||||||
serialNumber = wxPayConfig.getPublicKeyId();
|
return wxPayConfig.getPublicKeyId();
|
||||||
}
|
}
|
||||||
return serialNumber;
|
return wxPayConfig.getVerifier().getValidCertificate().getSerialNumber().toString(16).toUpperCase();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -9,6 +9,8 @@ public class PublicCertificateVerifier implements Verifier{
|
|||||||
|
|
||||||
private final PublicKey publicKey;
|
private final PublicKey publicKey;
|
||||||
|
|
||||||
|
private Verifier certificateVerifier;
|
||||||
|
|
||||||
private final X509PublicCertificate publicCertificate;
|
private final X509PublicCertificate publicCertificate;
|
||||||
|
|
||||||
public PublicCertificateVerifier(PublicKey publicKey, String publicId) {
|
public PublicCertificateVerifier(PublicKey publicKey, String publicId) {
|
||||||
@ -16,8 +18,15 @@ public class PublicCertificateVerifier implements Verifier{
|
|||||||
this.publicCertificate = new X509PublicCertificate(publicKey, publicId);
|
this.publicCertificate = new X509PublicCertificate(publicKey, publicId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void setOtherVerifier(Verifier verifier) {
|
||||||
|
this.certificateVerifier = verifier;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean verify(String serialNumber, byte[] message, String signature) {
|
public boolean verify(String serialNumber, byte[] message, String signature) {
|
||||||
|
if (!serialNumber.contains("PUB_KEY_ID")) {
|
||||||
|
return this.certificateVerifier.verify(serialNumber, message, signature);
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
Signature sign = Signature.getInstance("SHA256withRSA");
|
Signature sign = Signature.getInstance("SHA256withRSA");
|
||||||
sign.initVerify(publicKey);
|
sign.initVerify(publicKey);
|
||||||
|
|||||||
@ -7,4 +7,6 @@ public interface Verifier {
|
|||||||
|
|
||||||
|
|
||||||
X509Certificate getValidCertificate();
|
X509Certificate getValidCertificate();
|
||||||
|
|
||||||
|
default void setOtherVerifier(Verifier verifier) {};
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user