mirror of
https://github.com/dromara/payment-spring-boot.git
synced 2026-03-13 21:33:41 +08:00
refactor: 证书增加租户指纹
This commit is contained in:
felord
@@ -88,7 +88,7 @@ public class SignatureProvider {
|
||||
/**
|
||||
* 微信平台证书容器 key = 序列号 value = 证书对象
|
||||
*/
|
||||
private static final Map<String, Certificate> CERTIFICATE_MAP = new ConcurrentHashMap<>();
|
||||
private static final Map<String, X509WechatCertificateInfo> CERTIFICATE_MAP = new ConcurrentHashMap<>();
|
||||
/**
|
||||
* 加密算法提供方 - BouncyCastle
|
||||
*/
|
||||
@@ -181,10 +181,10 @@ public class SignatureProvider {
|
||||
if (CERTIFICATE_MAP.isEmpty() || !CERTIFICATE_MAP.containsKey(wechatpaySerial)) {
|
||||
wechatMetaContainer.getTenantIds().forEach(this::refreshCertificate);
|
||||
}
|
||||
Certificate certificate = CERTIFICATE_MAP.get(wechatpaySerial);
|
||||
Certificate certificate = CERTIFICATE_MAP.get(wechatpaySerial).getX509Certificate();
|
||||
|
||||
final String signatureStr = createSign(true, params.getWechatpayTimestamp(), params.getWechatpayNonce(), params.getBody());
|
||||
Signature signer = Signature.getInstance("SHA256withRSA",BC_PROVIDER);
|
||||
Signature signer = Signature.getInstance("SHA256withRSA", BC_PROVIDER);
|
||||
signer.initVerify(certificate);
|
||||
signer.update(signatureStr.getBytes(StandardCharsets.UTF_8));
|
||||
|
||||
@@ -241,7 +241,9 @@ public class SignatureProvider {
|
||||
try {
|
||||
Certificate certificate = certificateFactory.generateCertificate(inputStream);
|
||||
String responseSerialNo = objectNode.get("serial_no").asText();
|
||||
CERTIFICATE_MAP.put(responseSerialNo, certificate);
|
||||
X509WechatCertificateInfo x509WechatCertificateInfo = new X509WechatCertificateInfo();
|
||||
x509WechatCertificateInfo.setX509Certificate((X509Certificate) certificate);
|
||||
CERTIFICATE_MAP.put(responseSerialNo, x509WechatCertificateInfo);
|
||||
} catch (CertificateException e) {
|
||||
throw new PayException("An error occurred while generating the wechat v3 certificate, reason : " + e.getMessage());
|
||||
}
|
||||
@@ -314,21 +316,23 @@ public class SignatureProvider {
|
||||
/**
|
||||
* Get certificate x 509 wechat certificate info.
|
||||
*
|
||||
* @param tenantId the tenant id
|
||||
* @return the x 509 wechat certificate info
|
||||
*/
|
||||
public X509WechatCertificateInfo getCertificate() {
|
||||
public X509WechatCertificateInfo getCertificate(String tenantId) {
|
||||
for (String serial : CERTIFICATE_MAP.keySet()) {
|
||||
X509Certificate x509Cert = (X509Certificate) CERTIFICATE_MAP.get(serial);
|
||||
try {
|
||||
x509Cert.checkValidity();
|
||||
X509WechatCertificateInfo x509WechatCertificateInfo = new X509WechatCertificateInfo();
|
||||
x509WechatCertificateInfo.setWechatPaySerial(serial);
|
||||
x509WechatCertificateInfo.setX509Certificate(x509Cert);
|
||||
return x509WechatCertificateInfo;
|
||||
} catch (Exception e) {
|
||||
log.warn("the wechat certificate is invalid , {}", e.getMessage());
|
||||
// Async?
|
||||
wechatMetaContainer.getTenantIds().forEach(this::refreshCertificate);
|
||||
X509WechatCertificateInfo wechatCertificateInfo = CERTIFICATE_MAP.get(serial);
|
||||
X509Certificate x509Cert = wechatCertificateInfo.getX509Certificate();
|
||||
if (wechatCertificateInfo.getTenantId().equals(tenantId)){
|
||||
try {
|
||||
x509Cert.checkValidity();
|
||||
|
||||
return wechatCertificateInfo;
|
||||
} catch (Exception e) {
|
||||
log.warn("the wechat certificate is invalid , {}", e.getMessage());
|
||||
// Async?
|
||||
wechatMetaContainer.getTenantIds().forEach(this::refreshCertificate);
|
||||
}
|
||||
}
|
||||
}
|
||||
throw new PayException("failed to obtain wechat pay x509Certificate ");
|
||||
|
||||
@@ -77,7 +77,7 @@ public class WechatBatchTransferApi extends AbstractApi {
|
||||
List<CreateBatchTransferParams.TransferDetailListItem> transferDetailList = createBatchTransferParams.getTransferDetailList();
|
||||
|
||||
SignatureProvider signatureProvider = this.client().signatureProvider();
|
||||
X509WechatCertificateInfo certificate = signatureProvider.getCertificate();
|
||||
X509WechatCertificateInfo certificate = signatureProvider.getCertificate(this.wechatMetaBean().getTenantId());
|
||||
final X509Certificate x509Certificate = certificate.getX509Certificate();
|
||||
List<CreateBatchTransferParams.TransferDetailListItem> encrypted = transferDetailList.stream()
|
||||
.peek(transferDetailListItem -> {
|
||||
|
||||
@@ -56,7 +56,7 @@ public class WechatPartnerProfitsharingApi extends AbstractApi {
|
||||
.function((wechatPayV3Type, params) -> {
|
||||
WechatPayProperties.V3 v3 = this.wechatMetaBean().getV3();
|
||||
SignatureProvider signatureProvider = this.client().signatureProvider();
|
||||
X509WechatCertificateInfo certificate = signatureProvider.getCertificate();
|
||||
X509WechatCertificateInfo certificate = signatureProvider.getCertificate(this.wechatMetaBean().getTenantId());
|
||||
final X509Certificate x509Certificate = certificate.getX509Certificate();
|
||||
params.setAppid(v3.getAppId());
|
||||
List<Receiver> receivers = params.getReceivers();
|
||||
@@ -272,7 +272,7 @@ public class WechatPartnerProfitsharingApi extends AbstractApi {
|
||||
.function((wechatPayV3Type, params) -> {
|
||||
WechatPayProperties.V3 v3 = this.wechatMetaBean().getV3();
|
||||
SignatureProvider signatureProvider = this.client().signatureProvider();
|
||||
X509WechatCertificateInfo certificate = signatureProvider.getCertificate();
|
||||
X509WechatCertificateInfo certificate = signatureProvider.getCertificate(this.wechatMetaBean().getTenantId());
|
||||
final X509Certificate x509Certificate = certificate.getX509Certificate();
|
||||
params.setAppid(v3.getAppId());
|
||||
String name = params.getName();
|
||||
|
||||
@@ -53,7 +53,7 @@ public class WechatProfitsharingApi extends AbstractApi {
|
||||
.function((wechatPayV3Type, params) -> {
|
||||
WechatPayProperties.V3 v3 = this.wechatMetaBean().getV3();
|
||||
SignatureProvider signatureProvider = this.client().signatureProvider();
|
||||
X509WechatCertificateInfo certificate = signatureProvider.getCertificate();
|
||||
X509WechatCertificateInfo certificate = signatureProvider.getCertificate(this.wechatMetaBean().getTenantId());
|
||||
final X509Certificate x509Certificate = certificate.getX509Certificate();
|
||||
params.setAppid(v3.getAppId());
|
||||
List<Receiver> receivers = params.getReceivers();
|
||||
@@ -239,7 +239,7 @@ public class WechatProfitsharingApi extends AbstractApi {
|
||||
.function((wechatPayV3Type, params) -> {
|
||||
WechatPayProperties.V3 v3 = this.wechatMetaBean().getV3();
|
||||
SignatureProvider signatureProvider = this.client().signatureProvider();
|
||||
X509WechatCertificateInfo certificate = signatureProvider.getCertificate();
|
||||
X509WechatCertificateInfo certificate = signatureProvider.getCertificate(this.wechatMetaBean().getTenantId());
|
||||
final X509Certificate x509Certificate = certificate.getX509Certificate();
|
||||
params.setAppid(v3.getAppId());
|
||||
String name = params.getName();
|
||||
|
||||
@@ -33,6 +33,10 @@ public class X509WechatCertificateInfo {
|
||||
* wechatPaySerial
|
||||
*/
|
||||
private String wechatPaySerial;
|
||||
/**
|
||||
* tenantId
|
||||
*/
|
||||
private String tenantId;
|
||||
/**
|
||||
* X509Certificate
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user