From e20e19e66af77af000d224798abb8422049cffd6 Mon Sep 17 00:00:00 2001 From: xucun Date: Wed, 11 Jun 2025 21:06:44 +0800 Subject: [PATCH 1/3] =?UTF-8?q?:sparkles:=20=E5=BE=AE=E4=BF=A1=E5=85=AC?= =?UTF-8?q?=E9=92=A5=E9=AA=8C=E7=AD=BE=E8=A6=86=E7=9B=96=E5=85=A8=E5=9C=BA?= =?UTF-8?q?=E6=99=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/changelog.md | 5 +- docs/quick_start.md | 4 +- .../payment/wechat/WechatPayProperties.java | 3 + .../payment/wechat/v3/SignatureProvider.java | 55 +++++++++++++++++-- .../wechat/v3/WechatBatchTransferApi.java | 8 +-- .../payment/wechat/v3/WechatCapitalApi.java | 5 +- .../payment/wechat/v3/WechatMetaBean.java | 4 +- .../v3/WechatPartnerProfitsharingApi.java | 12 ++-- .../wechat/v3/WechatPartnerSpecialMchApi.java | 46 +++++++--------- .../wechat/v3/WechatProfitsharingApi.java | 12 ++-- .../wechat/v3/WechatSmartGuideApi.java | 22 +++----- .../wechat/v3/ecommerce/ApplymentApi.java | 40 +++++++------- .../wechat/v3/ecommerce/ProfitsharingApi.java | 13 ++--- 13 files changed, 126 insertions(+), 103 deletions(-) diff --git a/docs/changelog.md b/docs/changelog.md index 0f1ec2c..f0d9ce7 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -2,8 +2,9 @@ ### 微信支付 - enhance: 增加了通过微信公钥对微信支付相关接口的响应内容或微信回调通知的参数进行验签的支持。 - - 微信配置项增加了:``` wechat-pay-public-key-id: 微信支付公钥的ID、 wechat-pay-public-key-path:微信支付公钥的路径、wechat-pay-public-key-absolute-path: 微信支付公钥的绝对路径、 switch-verify-sign-method: 是否启用从平台证书切换到微信支公钥``` - - `wechat-pay-public-key-id ` 与`wechat-pay-public-key-path或wechat-pay-public-key-absolute-path`同时正确配置,才会启用微信支付公钥验签,否则默认使用平台证书进行验签。 + - 微信配置项增加了:```enable-wechat-pay-public: 是否启用微信支付公钥验签、 wechat-pay-public-key-id: 微信支付公钥的ID、 wechat-pay-public-key-path:微信支付公钥的路径、wechat-pay-public-key-absolute-path: 微信支付公钥的绝对路径、 switch-verify-sign-method: 是否启用从平台证书切换到微信支公钥``` + - `enable-wechat-pay-public` 与 `wechat-pay-public-key-id ` 、`wechat-pay-public-key-path或wechat-pay-public-key-absolute-path`同时正确配置,才会启用微信支付公钥验签,否则默认使用平台证书进行验签。 + - - 如果需要[从平台证书切换成微信支付公钥](https://pay.weixin.qq.com/doc/v3/merchant/4012154180#5.-%E6%B2%A1%E6%9C%89%E4%BD%BF%E7%94%A8%E5%BE%AE%E4%BF%A1%E6%94%AF%E4%BB%98SDK%E7%9A%84%E5%95%86%E6%88%B7%E5%A6%82%E4%BD%95%E5%B0%86%E5%B9%B3%E5%8F%B0%E8%AF%81%E4%B9%A6%E5%88%87%E6%8D%A2%E6%88%90%E5%BE%AE%E4%BF%A1%E6%94%AF%E4%BB%98%E5%85%AC%E9%92%A5),请启用`switch-verify-sign-method`参数 - enhance: 增加了微信支付V3版本的付款码支付``codePay``与撤销API``reverse``(仅支持普通商户模式,服务商模式暂不支持) - factor: 升级了spring-boot-parent版本从 2.7.7 到2.7.18 diff --git a/docs/quick_start.md b/docs/quick_start.md index 926bd09..c082f48 100644 --- a/docs/quick_start.md +++ b/docs/quick_start.md @@ -86,12 +86,14 @@ wechat: mch-id: 1603337223 domain: https://felord.cn/miniapp cert-path: miniapp/apiclient_cert.p12 + # 是否启用微信支付公钥 + enable-wechat-pay-public: true #微信公钥ID wechat-pay-public-key-id: PUB_KEY_ID_0116278111111115222222501 #微信公钥 wechat-pay-public-key-path: pub_key.pem wechat-pay-public-key-absolute-path: D:\\felord\\wechat\\cert\\pub_key.pem - #是否启用从平台证书切换成微信支付公钥 不填默认为false + #是否启用从平台证书切换成微信支付公钥 不填默认为false, switch-verify-sign-method: true ``` diff --git a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/WechatPayProperties.java b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/WechatPayProperties.java index 18b353f..1816827 100644 --- a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/WechatPayProperties.java +++ b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/WechatPayProperties.java @@ -77,6 +77,9 @@ public class WechatPayProperties { */ private String domain; + + private Boolean enableWechatPayPublic=false; + /** * wechat pay public key id */ diff --git a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/SignatureProvider.java b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/SignatureProvider.java index 3b8a2c5..aa6cca8 100644 --- a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/SignatureProvider.java +++ b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/SignatureProvider.java @@ -254,8 +254,12 @@ public class SignatureProvider { */ @SneakyThrows private synchronized void refreshCertificate(String tenantId) { - String url = WechatPayV3Type.CERT.uri(WeChatServer.CHINA); + WechatMetaBean wechatMetaBean = wechatMetaContainer.getWechatMeta(tenantId); + if (wechatMetaBean.getV3().getEnableWechatPayPublic() && wechatMetaBean.getV3().getSwitchVerifySignMethod()){ + return; + } + String url = WechatPayV3Type.CERT.uri(WeChatServer.CHINA); UriComponents uri = UriComponentsBuilder.fromHttpUrl(url).build(); String canonicalUrl = uri.getPath(); @@ -350,18 +354,42 @@ public class SignatureProvider { } } + + public String encryptRequestMessage(String message, WechatMetaBean wechatMetaBean) { + PublicKey publicKey; + if (wechatMetaBean.getEnableWechatPayPublicEncrypt()){ + WeChatPublicKeyInfo info=this.getWechatPublicKeyInfo(wechatMetaBean.getTenantId()); + publicKey=info.getPublicKey(); + }else { + X509WechatCertificateInfo certificate = getCertificate(wechatMetaBean.getTenantId()); + final X509Certificate x509Certificate = certificate.getX509Certificate(); + publicKey=x509Certificate.getPublicKey(); + } + try { + Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", BC_PROVIDER); + cipher.init(Cipher.ENCRYPT_MODE, publicKey); + byte[] data = message.getBytes(StandardCharsets.UTF_8); + byte[] cipherData = cipher.doFinal(data); + return Base64Utils.encodeToString(cipherData); + + } catch (Exception e) { + throw new PayException(e); + } + } + /** * 对请求敏感字段进行加密 * * @param message the message - * @param certificate the certificate + * @param publicKey the wechatPubicKey certificate * @return encrypt message * @since 1.0.6.RELEASE */ - public String encryptRequestMessage(String message, Certificate certificate) { + @Deprecated + public String encryptRequestMessage(String message, RSAPublicKey publicKey) { try { Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", BC_PROVIDER); - cipher.init(Cipher.ENCRYPT_MODE, certificate.getPublicKey()); + cipher.init(Cipher.ENCRYPT_MODE, publicKey); byte[] data = message.getBytes(StandardCharsets.UTF_8); byte[] cipherData = cipher.doFinal(data); @@ -401,7 +429,7 @@ public class SignatureProvider { * @param tenantId the tenant id * @return the x 509 wechat certificate info */ - public X509WechatCertificateInfo getCertificate(String tenantId) { + private X509WechatCertificateInfo getCertificate(String tenantId) { return CERTIFICATE_SET.stream() .filter(cert -> Objects.equals(tenantId, cert.getTenantId())) @@ -415,6 +443,15 @@ public class SignatureProvider { }); } + private WeChatPublicKeyInfo getWechatPublicKeyInfo(String tenantId) { + return PUBLIC_KEY_SET.stream() + .filter(publicKeyInfo -> Objects.equals(tenantId, publicKeyInfo.getTenantId())) + .findAny() + .orElseThrow( + () -> new PayException("cannot obtain the public key") + ); + } + /** * Wechat meta container. @@ -458,4 +495,12 @@ public class SignatureProvider { public String getWechatPublicKeyId(String tenantId) { return wechatMetaContainer.getWechatMeta(tenantId).getV3().getWechatPayPublicKeyId(); } + + public String getWechatPaySerial(WechatMetaBean wechatMetaBean) { + if (wechatMetaBean.getEnableWechatPayPublicEncrypt()){ + return this.getWechatPublicKeyInfo(wechatMetaBean.getTenantId()).getPublicKeyId(); + }else { + return this.getCertificate(wechatMetaBean.getTenantId()).getWechatPaySerial(); + } + } } diff --git a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatBatchTransferApi.java b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatBatchTransferApi.java index 51d3a93..f22b479 100644 --- a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatBatchTransferApi.java +++ b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatBatchTransferApi.java @@ -77,18 +77,16 @@ public class WechatBatchTransferApi extends AbstractApi { List transferDetailList = createBatchTransferParams.getTransferDetailList(); SignatureProvider signatureProvider = this.client().signatureProvider(); - X509WechatCertificateInfo certificate = signatureProvider.getCertificate(this.wechatMetaBean().getTenantId()); - final X509Certificate x509Certificate = certificate.getX509Certificate(); List encrypted = transferDetailList.stream() .peek(transferDetailListItem -> { String userName = transferDetailListItem.getUserName(); if (StringUtils.hasText(userName)) { - String encryptedUserName = signatureProvider.encryptRequestMessage(userName, x509Certificate); + String encryptedUserName = signatureProvider.encryptRequestMessage(userName, this.wechatMetaBean()); transferDetailListItem.setUserName(encryptedUserName); } String userIdCard = transferDetailListItem.getUserIdCard(); if (StringUtils.hasText(userIdCard)) { - String encryptedUserIdCard = signatureProvider.encryptRequestMessage(userIdCard, x509Certificate); + String encryptedUserIdCard = signatureProvider.encryptRequestMessage(userIdCard, this.wechatMetaBean()); transferDetailListItem.setUserIdCard(encryptedUserIdCard); } }).collect(Collectors.toList()); @@ -98,7 +96,7 @@ public class WechatBatchTransferApi extends AbstractApi { .build() .toUri(); HttpHeaders httpHeaders = new HttpHeaders(); - httpHeaders.add("Wechatpay-Serial", certificate.getWechatPaySerial()); + httpHeaders.add("Wechatpay-Serial", signatureProvider.getWechatPaySerial(this.wechatMetaBean())); return Post(uri, createBatchTransferParams, httpHeaders); } diff --git a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatCapitalApi.java b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatCapitalApi.java index b09b0de..8d0d33d 100644 --- a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatCapitalApi.java +++ b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatCapitalApi.java @@ -56,11 +56,8 @@ public class WechatCapitalApi extends AbstractApi{ this.client().withType(WechatPayV3Type.CAPITAL_SEARCH, accountNumber) .function((type, param) -> { SignatureProvider signatureProvider = this.client().signatureProvider(); - X509WechatCertificateInfo certificate = signatureProvider.getCertificate(this.wechatMetaBean().getTenantId()); - final X509Certificate x509Certificate = certificate.getX509Certificate(); - URI uri = UriComponentsBuilder.fromHttpUrl(type.uri(WeChatServer.CHINA)) - .queryParam("account_number", signatureProvider.encryptRequestMessage(param,x509Certificate)) + .queryParam("account_number", signatureProvider.encryptRequestMessage(param,this.wechatMetaBean())) .build() .toUri(); return Get(uri); diff --git a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatMetaBean.java b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatMetaBean.java index 4ed15e5..4ba209c 100644 --- a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatMetaBean.java +++ b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatMetaBean.java @@ -47,6 +47,8 @@ public class WechatMetaBean { */ private WechatPayProperties.V3 v3; - private WeChatPublicKeyInfo publicKeyInfo; + public Boolean getEnableWechatPayPublicEncrypt() { + return v3.getEnableWechatPayPublic(); + } } diff --git a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatPartnerProfitsharingApi.java b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatPartnerProfitsharingApi.java index 9b5c7d4..b838242 100644 --- a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatPartnerProfitsharingApi.java +++ b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatPartnerProfitsharingApi.java @@ -79,8 +79,6 @@ public class WechatPartnerProfitsharingApi extends AbstractApi { .function((wechatPayV3Type, params) -> { WechatPayProperties.V3 v3 = this.wechatMetaBean().getV3(); SignatureProvider signatureProvider = this.client().signatureProvider(); - X509WechatCertificateInfo certificate = signatureProvider.getCertificate(this.wechatMetaBean().getTenantId()); - final X509Certificate x509Certificate = certificate.getX509Certificate(); params.setAppid(v3.getAppId()); List receivers = params.getReceivers(); if (!CollectionUtils.isEmpty(receivers)) { @@ -88,7 +86,7 @@ public class WechatPartnerProfitsharingApi extends AbstractApi { .peek(receiversItem -> { String name = receiversItem.getName(); if (StringUtils.hasText(name)) { - String encryptedName = signatureProvider.encryptRequestMessage(name, x509Certificate); + String encryptedName = signatureProvider.encryptRequestMessage(name,this.wechatMetaBean()); receiversItem.setName(encryptedName); } }).collect(Collectors.toList()); @@ -98,7 +96,7 @@ public class WechatPartnerProfitsharingApi extends AbstractApi { .build() .toUri(); HttpHeaders httpHeaders = new HttpHeaders(); - httpHeaders.add("Wechatpay-Serial", certificate.getWechatPaySerial()); + httpHeaders.add("Wechatpay-Serial", signatureProvider.getWechatPaySerial(this.wechatMetaBean())); return Post(uri, params, httpHeaders); }) .consumer(wechatResponseEntity::convert) @@ -294,19 +292,17 @@ public class WechatPartnerProfitsharingApi extends AbstractApi { .function((wechatPayV3Type, params) -> { WechatPayProperties.V3 v3 = this.wechatMetaBean().getV3(); SignatureProvider signatureProvider = this.client().signatureProvider(); - X509WechatCertificateInfo certificate = signatureProvider.getCertificate(this.wechatMetaBean().getTenantId()); - final X509Certificate x509Certificate = certificate.getX509Certificate(); params.setAppid(v3.getAppId()); if (ReceiverType.MERCHANT_ID.equals(params.getType())) { - String encryptedName = signatureProvider.encryptRequestMessage(params.getName(), x509Certificate); + String encryptedName = signatureProvider.encryptRequestMessage(params.getName(), this.wechatMetaBean()); params.setName(encryptedName); } URI uri = UriComponentsBuilder.fromHttpUrl(wechatPayV3Type.uri(WeChatServer.CHINA)) .build() .toUri(); HttpHeaders httpHeaders = new HttpHeaders(); - httpHeaders.add("Wechatpay-Serial", certificate.getWechatPaySerial()); + httpHeaders.add("Wechatpay-Serial", signatureProvider.getWechatPaySerial(this.wechatMetaBean())); return Post(uri, params, httpHeaders); }) .consumer(wechatResponseEntity::convert) diff --git a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatPartnerSpecialMchApi.java b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatPartnerSpecialMchApi.java index 9f25bcb..90d3ca9 100644 --- a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatPartnerSpecialMchApi.java +++ b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatPartnerSpecialMchApi.java @@ -63,14 +63,12 @@ public class WechatPartnerSpecialMchApi extends AbstractApi { this.client().withType(WechatPayV3Type.SPEC_MCH_APPLY_PARTNER, params) .function((wechatPayV3Type, applymentParams) -> { SignatureProvider signatureProvider = this.client().signatureProvider(); - X509WechatCertificateInfo certificate = signatureProvider.getCertificate(this.wechatMetaBean().getTenantId()); - final X509Certificate x509Certificate = certificate.getX509Certificate(); - ApplymentParams applyRequestParams = this.convert(applymentParams, signatureProvider, x509Certificate); + ApplymentParams applyRequestParams = this.convert(applymentParams, signatureProvider); URI uri = UriComponentsBuilder.fromHttpUrl(wechatPayV3Type.uri(WeChatServer.CHINA)) .build() .toUri(); HttpHeaders httpHeaders = new HttpHeaders(); - httpHeaders.add("Wechatpay-Serial", certificate.getWechatPaySerial()); + httpHeaders.add("Wechatpay-Serial", signatureProvider.getWechatPaySerial(this.wechatMetaBean())); return Post(uri, applyRequestParams, httpHeaders); }) .consumer(wechatResponseEntity::convert) @@ -133,17 +131,15 @@ public class WechatPartnerSpecialMchApi extends AbstractApi { this.client().withType(WechatPayV3Type.SPEC_MCH_SUB_MODIFY, params) .function((type, subMchModifyParams) -> { SignatureProvider signatureProvider = this.client().signatureProvider(); - X509WechatCertificateInfo certificate = signatureProvider.getCertificate(this.wechatMetaBean().getTenantId()); - final X509Certificate x509Certificate = certificate.getX509Certificate(); URI uri = UriComponentsBuilder.fromHttpUrl(type.uri(WeChatServer.CHINA)) .build() .expand(subMchModifyParams.getSubMchid()) .toUri(); subMchModifyParams.setSubMchid(null); - subMchModifyParams.setAccountNumber(signatureProvider.encryptRequestMessage(subMchModifyParams.getAccountNumber(), x509Certificate)); + subMchModifyParams.setAccountNumber(signatureProvider.encryptRequestMessage(subMchModifyParams.getAccountNumber(), this.wechatMetaBean())); HttpHeaders httpHeaders = new HttpHeaders(); - httpHeaders.add("Wechatpay-Serial", certificate.getWechatPaySerial()); + httpHeaders.add("Wechatpay-Serial", signatureProvider.getWechatPaySerial(this.wechatMetaBean())); return Post(uri, subMchModifyParams, httpHeaders); }) .consumer(wechatResponseEntity::convert) @@ -175,55 +171,55 @@ public class WechatPartnerSpecialMchApi extends AbstractApi { return wechatResponseEntity; } - private ApplymentParams convert(ApplymentParams applymentParams, SignatureProvider signatureProvider, final X509Certificate x509Certificate) { + private ApplymentParams convert(ApplymentParams applymentParams, SignatureProvider signatureProvider) { ContactInfo contactInfo = applymentParams.getContactInfo(); - contactInfo.setContactName(signatureProvider.encryptRequestMessage(contactInfo.getContactName(), x509Certificate)); + contactInfo.setContactName(signatureProvider.encryptRequestMessage(contactInfo.getContactName(), this.wechatMetaBean())); String contactIdNumber = contactInfo.getContactIdNumber(); if (contactIdNumber != null) { - contactInfo.setContactIdNumber(signatureProvider.encryptRequestMessage(contactIdNumber, x509Certificate)); + contactInfo.setContactIdNumber(signatureProvider.encryptRequestMessage(contactIdNumber,this.wechatMetaBean())); } String openid = contactInfo.getOpenid(); if (openid != null) { - contactInfo.setOpenid(signatureProvider.encryptRequestMessage(openid, x509Certificate)); + contactInfo.setOpenid(signatureProvider.encryptRequestMessage(openid,this.wechatMetaBean())); } - contactInfo.setMobilePhone(signatureProvider.encryptRequestMessage(contactInfo.getMobilePhone(), x509Certificate)); - contactInfo.setContactEmail(signatureProvider.encryptRequestMessage(contactInfo.getContactEmail(), x509Certificate)); + contactInfo.setMobilePhone(signatureProvider.encryptRequestMessage(contactInfo.getMobilePhone(), this.wechatMetaBean())); + contactInfo.setContactEmail(signatureProvider.encryptRequestMessage(contactInfo.getContactEmail(), this.wechatMetaBean())); SubjectInfo subjectInfo = applymentParams.getSubjectInfo(); IdentityInfo identityInfo = subjectInfo.getIdentityInfo(); IdCardInfo idCardInfo = identityInfo.getIdCardInfo(); if (idCardInfo != null) { - idCardInfo.setIdCardName(signatureProvider.encryptRequestMessage(idCardInfo.getIdCardName(), x509Certificate)); - idCardInfo.setIdCardNumber(signatureProvider.encryptRequestMessage(idCardInfo.getIdCardNumber(), x509Certificate)); + idCardInfo.setIdCardName(signatureProvider.encryptRequestMessage(idCardInfo.getIdCardName(), this.wechatMetaBean())); + idCardInfo.setIdCardNumber(signatureProvider.encryptRequestMessage(idCardInfo.getIdCardNumber(), this.wechatMetaBean())); String idCardAddress = idCardInfo.getIdCardAddress(); if (StringUtils.hasText(idCardAddress)){ - idCardInfo.setIdCardAddress(signatureProvider.encryptRequestMessage(idCardAddress, x509Certificate)); + idCardInfo.setIdCardAddress(signatureProvider.encryptRequestMessage(idCardAddress,this.wechatMetaBean())); } } IdDocInfo idDocInfo = identityInfo.getIdDocInfo(); if (idDocInfo != null) { - idDocInfo.setIdDocName(signatureProvider.encryptRequestMessage(idDocInfo.getIdDocName(), x509Certificate)); - idDocInfo.setIdDocNumber(signatureProvider.encryptRequestMessage(idDocInfo.getIdDocNumber(), x509Certificate)); + idDocInfo.setIdDocName(signatureProvider.encryptRequestMessage(idDocInfo.getIdDocName(), this.wechatMetaBean())); + idDocInfo.setIdDocNumber(signatureProvider.encryptRequestMessage(idDocInfo.getIdDocNumber(), this.wechatMetaBean())); String idDocAddress = idDocInfo.getIdDocAddress(); if (StringUtils.hasText(idDocAddress)){ - idDocInfo.setIdDocAddress(signatureProvider.encryptRequestMessage(idDocAddress, x509Certificate)); + idDocInfo.setIdDocAddress(signatureProvider.encryptRequestMessage(idDocAddress,this.wechatMetaBean())); } } List uboInfoList = subjectInfo.getUboInfoList(); if (!CollectionUtils.isEmpty(uboInfoList)) { uboInfoList.forEach(uboInfoListItem -> { - uboInfoListItem.setUboIdDocName(signatureProvider.encryptRequestMessage(uboInfoListItem.getUboIdDocName(), x509Certificate)); - uboInfoListItem.setUboIdDocNumber(signatureProvider.encryptRequestMessage(uboInfoListItem.getUboIdDocNumber(), x509Certificate)); - uboInfoListItem.setUboIdDocAddress(signatureProvider.encryptRequestMessage(uboInfoListItem.getUboIdDocAddress(), x509Certificate)); + uboInfoListItem.setUboIdDocName(signatureProvider.encryptRequestMessage(uboInfoListItem.getUboIdDocName(), this.wechatMetaBean())); + uboInfoListItem.setUboIdDocNumber(signatureProvider.encryptRequestMessage(uboInfoListItem.getUboIdDocNumber(), this.wechatMetaBean())); + uboInfoListItem.setUboIdDocAddress(signatureProvider.encryptRequestMessage(uboInfoListItem.getUboIdDocAddress(), this.wechatMetaBean())); }); } BankAccountInfo bankAccountInfo = applymentParams.getBankAccountInfo(); - bankAccountInfo.setAccountName(signatureProvider.encryptRequestMessage(bankAccountInfo.getAccountName(), x509Certificate)); - bankAccountInfo.setAccountNumber(signatureProvider.encryptRequestMessage(bankAccountInfo.getAccountNumber(), x509Certificate)); + bankAccountInfo.setAccountName(signatureProvider.encryptRequestMessage(bankAccountInfo.getAccountName(), this.wechatMetaBean())); + bankAccountInfo.setAccountNumber(signatureProvider.encryptRequestMessage(bankAccountInfo.getAccountNumber(), this.wechatMetaBean())); return applymentParams; } diff --git a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatProfitsharingApi.java b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatProfitsharingApi.java index d7c0208..7c1c782 100644 --- a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatProfitsharingApi.java +++ b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatProfitsharingApi.java @@ -77,8 +77,6 @@ public class WechatProfitsharingApi extends AbstractApi { .function((wechatPayV3Type, params) -> { WechatPayProperties.V3 v3 = this.wechatMetaBean().getV3(); SignatureProvider signatureProvider = this.client().signatureProvider(); - X509WechatCertificateInfo certificate = signatureProvider.getCertificate(this.wechatMetaBean().getTenantId()); - final X509Certificate x509Certificate = certificate.getX509Certificate(); params.setAppid(v3.getAppId()); List receivers = params.getReceivers(); if (!CollectionUtils.isEmpty(receivers)) { @@ -86,7 +84,7 @@ public class WechatProfitsharingApi extends AbstractApi { .peek(receiversItem -> { String name = receiversItem.getName(); if (StringUtils.hasText(name)) { - String encryptedName = signatureProvider.encryptRequestMessage(name, x509Certificate); + String encryptedName = signatureProvider.encryptRequestMessage(name,this.wechatMetaBean()); receiversItem.setName(encryptedName); } }).collect(Collectors.toList()); @@ -96,7 +94,7 @@ public class WechatProfitsharingApi extends AbstractApi { .build() .toUri(); HttpHeaders httpHeaders = new HttpHeaders(); - httpHeaders.add("Wechatpay-Serial", certificate.getWechatPaySerial()); + httpHeaders.add("Wechatpay-Serial", signatureProvider.getWechatPaySerial(this.wechatMetaBean())); return Post(uri, params, httpHeaders); }) .consumer(wechatResponseEntity::convert) @@ -263,19 +261,17 @@ public class WechatProfitsharingApi extends AbstractApi { .function((wechatPayV3Type, params) -> { WechatPayProperties.V3 v3 = this.wechatMetaBean().getV3(); SignatureProvider signatureProvider = this.client().signatureProvider(); - X509WechatCertificateInfo certificate = signatureProvider.getCertificate(this.wechatMetaBean().getTenantId()); - final X509Certificate x509Certificate = certificate.getX509Certificate(); params.setAppid(v3.getAppId()); String name = params.getName(); if (StringUtils.hasText(name)) { - String encryptedName = signatureProvider.encryptRequestMessage(name, x509Certificate); + String encryptedName = signatureProvider.encryptRequestMessage(name,this.wechatMetaBean()); params.setName(encryptedName); } URI uri = UriComponentsBuilder.fromHttpUrl(wechatPayV3Type.uri(WeChatServer.CHINA)) .build() .toUri(); HttpHeaders httpHeaders = new HttpHeaders(); - httpHeaders.add("Wechatpay-Serial", certificate.getWechatPaySerial()); + httpHeaders.add("Wechatpay-Serial", signatureProvider.getWechatPaySerial(this.wechatMetaBean())); return Post(uri, params, httpHeaders); }) .consumer(wechatResponseEntity::convert) diff --git a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatSmartGuideApi.java b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatSmartGuideApi.java index a2a6407..26b4352 100644 --- a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatSmartGuideApi.java +++ b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/WechatSmartGuideApi.java @@ -65,15 +65,13 @@ public class WechatSmartGuideApi extends AbstractApi { this.client().withType(WechatPayV3Type.SMART_GUIDES, params) .function((wechatPayV3Type, smartGuidesParams) -> { SignatureProvider signatureProvider = this.client().signatureProvider(); - X509WechatCertificateInfo certificate = signatureProvider.getCertificate(this.wechatMetaBean().getTenantId()); - final X509Certificate x509Certificate = certificate.getX509Certificate(); - smartGuidesParams.setName(signatureProvider.encryptRequestMessage(smartGuidesParams.getName(), x509Certificate)); - smartGuidesParams.setMobile(signatureProvider.encryptRequestMessage(smartGuidesParams.getMobile(), x509Certificate)); + smartGuidesParams.setName(signatureProvider.encryptRequestMessage(smartGuidesParams.getName(), this.wechatMetaBean())); + smartGuidesParams.setMobile(signatureProvider.encryptRequestMessage(smartGuidesParams.getMobile(), this.wechatMetaBean())); URI uri = UriComponentsBuilder.fromHttpUrl(wechatPayV3Type.uri(WeChatServer.CHINA)) .build() .toUri(); HttpHeaders httpHeaders = new HttpHeaders(); - httpHeaders.add("Wechatpay-Serial", certificate.getWechatPaySerial()); + httpHeaders.add("Wechatpay-Serial", signatureProvider.getWechatPaySerial(this.wechatMetaBean())); return Post(uri, smartGuidesParams, httpHeaders); }) .consumer(wechatResponseEntity::convert) @@ -137,10 +135,8 @@ public class WechatSmartGuideApi extends AbstractApi { String mobile = smartGuidesQueryParams.getMobile(); if (mobile != null) { SignatureProvider signatureProvider = this.client().signatureProvider(); - X509WechatCertificateInfo certificate = signatureProvider.getCertificate(this.wechatMetaBean().getTenantId()); - final X509Certificate x509Certificate = certificate.getX509Certificate(); - queryParams.add("mobile", signatureProvider.encryptRequestMessage(mobile, x509Certificate)); - httpHeaders.add("Wechatpay-Serial", certificate.getWechatPaySerial()); + queryParams.add("mobile", signatureProvider.encryptRequestMessage(mobile,this.wechatMetaBean())); + httpHeaders.add("Wechatpay-Serial", signatureProvider.getWechatPaySerial(this.wechatMetaBean())); } String workId = smartGuidesQueryParams.getWorkId(); if (workId != null) { @@ -177,15 +173,13 @@ public class WechatSmartGuideApi extends AbstractApi { this.client().withType(WechatPayV3Type.SMART_GUIDES_MODIFY, params) .function((wechatPayV3Type, smartGuidesParams) -> { SignatureProvider signatureProvider = this.client().signatureProvider(); - X509WechatCertificateInfo certificate = signatureProvider.getCertificate(this.wechatMetaBean().getTenantId()); - final X509Certificate x509Certificate = certificate.getX509Certificate(); - smartGuidesParams.setName(signatureProvider.encryptRequestMessage(smartGuidesParams.getName(), x509Certificate)); - smartGuidesParams.setMobile(signatureProvider.encryptRequestMessage(smartGuidesParams.getMobile(), x509Certificate)); + smartGuidesParams.setName(signatureProvider.encryptRequestMessage(smartGuidesParams.getName(), this.wechatMetaBean())); + smartGuidesParams.setMobile(signatureProvider.encryptRequestMessage(smartGuidesParams.getMobile(), this.wechatMetaBean())); URI uri = UriComponentsBuilder.fromHttpUrl(wechatPayV3Type.uri(WeChatServer.CHINA)) .build() .toUri(); HttpHeaders httpHeaders = new HttpHeaders(); - httpHeaders.add("Wechatpay-Serial", certificate.getWechatPaySerial()); + httpHeaders.add("Wechatpay-Serial", signatureProvider.getWechatPaySerial(this.wechatMetaBean())); return Patch(uri, smartGuidesParams, httpHeaders); }) .consumer(wechatResponseEntity::convert) diff --git a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/ecommerce/ApplymentApi.java b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/ecommerce/ApplymentApi.java index 5c03e0f..cb1741b 100644 --- a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/ecommerce/ApplymentApi.java +++ b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/ecommerce/ApplymentApi.java @@ -71,12 +71,10 @@ public class ApplymentApi extends AbstractApi { WechatResponseEntity wechatResponseEntity = new WechatResponseEntity<>(); this.client().withType(WechatPayV3Type.ECOMMERCE_APPLYMENT, params).function((wechatPayV3Type, applymentParams) -> { SignatureProvider signatureProvider = this.client().signatureProvider(); - X509WechatCertificateInfo certificate = signatureProvider.getCertificate(this.wechatMetaBean().getTenantId()); - final X509Certificate x509Certificate = certificate.getX509Certificate(); - EcommerceApplymentParams applyRequestParams = this.convert(applymentParams, signatureProvider, x509Certificate); + EcommerceApplymentParams applyRequestParams = this.convert(applymentParams, signatureProvider); URI uri = UriComponentsBuilder.fromHttpUrl(wechatPayV3Type.uri(WeChatServer.CHINA)).build().toUri(); HttpHeaders httpHeaders = new HttpHeaders(); - httpHeaders.add("Wechatpay-Serial", certificate.getWechatPaySerial()); + httpHeaders.add("Wechatpay-Serial", signatureProvider.getWechatPaySerial(this.wechatMetaBean())); return Post(uri, applyRequestParams, httpHeaders); }).consumer(wechatResponseEntity::convert).request(); return wechatResponseEntity; @@ -138,50 +136,50 @@ public class ApplymentApi extends AbstractApi { return this.wechatPartnerSpecialMchApi.querySettlement(subMchid); } - private EcommerceApplymentParams convert(EcommerceApplymentParams applymentParams, SignatureProvider signatureProvider, X509Certificate x509Certificate) { + private EcommerceApplymentParams convert(EcommerceApplymentParams applymentParams, SignatureProvider signatureProvider) { EcommerceIdCardInfo idCardInfo = applymentParams.getIdCardInfo(); if (idCardInfo != null) { - idCardInfo.setIdCardName(signatureProvider.encryptRequestMessage(idCardInfo.getIdCardName(), x509Certificate)); - idCardInfo.setIdCardNumber(signatureProvider.encryptRequestMessage(idCardInfo.getIdCardNumber(), x509Certificate)); + idCardInfo.setIdCardName(signatureProvider.encryptRequestMessage(idCardInfo.getIdCardName(), this.wechatMetaBean())); + idCardInfo.setIdCardNumber(signatureProvider.encryptRequestMessage(idCardInfo.getIdCardNumber(), this.wechatMetaBean())); String idCardAddress = idCardInfo.getIdCardAddress(); if (StringUtils.hasText(idCardAddress)) { - idCardInfo.setIdCardAddress(signatureProvider.encryptRequestMessage(idCardAddress, x509Certificate)); + idCardInfo.setIdCardAddress(signatureProvider.encryptRequestMessage(idCardAddress,this.wechatMetaBean())); } } EcommerceIdDocInfo idDocInfo = applymentParams.getIdDocInfo(); if (idDocInfo != null) { - idDocInfo.setIdDocName(signatureProvider.encryptRequestMessage(idDocInfo.getIdDocName(), x509Certificate)); - idDocInfo.setIdDocNumber(signatureProvider.encryptRequestMessage(idDocInfo.getIdDocNumber(), x509Certificate)); + idDocInfo.setIdDocName(signatureProvider.encryptRequestMessage(idDocInfo.getIdDocName(), this.wechatMetaBean())); + idDocInfo.setIdDocNumber(signatureProvider.encryptRequestMessage(idDocInfo.getIdDocNumber(), this.wechatMetaBean())); String idDocAddress = idDocInfo.getIdDocAddress(); if (StringUtils.hasText(idDocAddress)) { - idDocInfo.setIdDocAddress(signatureProvider.encryptRequestMessage(idDocAddress, x509Certificate)); + idDocInfo.setIdDocAddress(signatureProvider.encryptRequestMessage(idDocAddress,this.wechatMetaBean())); } } UboInfo uboInfo = applymentParams.getUboInfo(); if (uboInfo != null) { UboInfo.IdCardInfo cardInfo = uboInfo.getIdCardInfo(); if (cardInfo != null) { - cardInfo.setIdCardName(signatureProvider.encryptRequestMessage(cardInfo.getIdCardName(), x509Certificate)); - cardInfo.setIdCardNumber(signatureProvider.encryptRequestMessage(cardInfo.getIdCardNumber(), x509Certificate)); + cardInfo.setIdCardName(signatureProvider.encryptRequestMessage(cardInfo.getIdCardName(), this.wechatMetaBean())); + cardInfo.setIdCardNumber(signatureProvider.encryptRequestMessage(cardInfo.getIdCardNumber(), this.wechatMetaBean())); } UboInfo.IdDocInfo docInfo = uboInfo.getIdDocInfo(); if (docInfo != null) { - docInfo.setIdDocName(signatureProvider.encryptRequestMessage(docInfo.getIdDocName(), x509Certificate)); - docInfo.setIdDocNumber(signatureProvider.encryptRequestMessage(docInfo.getIdDocNumber(), x509Certificate)); + docInfo.setIdDocName(signatureProvider.encryptRequestMessage(docInfo.getIdDocName(), this.wechatMetaBean())); + docInfo.setIdDocNumber(signatureProvider.encryptRequestMessage(docInfo.getIdDocNumber(), this.wechatMetaBean())); } } EcommerceAccountInfo accountInfo = applymentParams.getAccountInfo(); if (accountInfo != null) { - accountInfo.setAccountName(signatureProvider.encryptRequestMessage(accountInfo.getAccountName(), x509Certificate)); - accountInfo.setAccountNumber(signatureProvider.encryptRequestMessage(accountInfo.getAccountNumber(), x509Certificate)); + accountInfo.setAccountName(signatureProvider.encryptRequestMessage(accountInfo.getAccountName(), this.wechatMetaBean())); + accountInfo.setAccountNumber(signatureProvider.encryptRequestMessage(accountInfo.getAccountNumber(), this.wechatMetaBean())); } EcommerceContactInfo contactInfo = applymentParams.getContactInfo(); - contactInfo.setContactName(signatureProvider.encryptRequestMessage(contactInfo.getContactName(), x509Certificate)); - contactInfo.setContactIdCardNumber(signatureProvider.encryptRequestMessage(contactInfo.getContactIdCardNumber(), x509Certificate)); - contactInfo.setMobilePhone(signatureProvider.encryptRequestMessage(contactInfo.getMobilePhone(), x509Certificate)); + contactInfo.setContactName(signatureProvider.encryptRequestMessage(contactInfo.getContactName(), this.wechatMetaBean())); + contactInfo.setContactIdCardNumber(signatureProvider.encryptRequestMessage(contactInfo.getContactIdCardNumber(), this.wechatMetaBean())); + contactInfo.setMobilePhone(signatureProvider.encryptRequestMessage(contactInfo.getMobilePhone(), this.wechatMetaBean())); String contactEmail = contactInfo.getContactEmail(); if (contactEmail != null) { - contactInfo.setContactEmail(signatureProvider.encryptRequestMessage(contactEmail, x509Certificate)); + contactInfo.setContactEmail(signatureProvider.encryptRequestMessage(contactEmail,this.wechatMetaBean())); } return applymentParams; } diff --git a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/ecommerce/ProfitsharingApi.java b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/ecommerce/ProfitsharingApi.java index 32b68b4..bb1155a 100644 --- a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/ecommerce/ProfitsharingApi.java +++ b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/ecommerce/ProfitsharingApi.java @@ -77,15 +77,13 @@ public class ProfitsharingApi extends AbstractApi { .function((wechatPayV3Type, params) -> { WechatPayProperties.V3 v3 = this.wechatMetaBean().getV3(); SignatureProvider signatureProvider = this.client().signatureProvider(); - X509WechatCertificateInfo certificate = signatureProvider.getCertificate(this.wechatMetaBean().getTenantId()); - final X509Certificate x509Certificate = certificate.getX509Certificate(); params.setAppid(v3.getAppId()); List receivers = params.getReceivers(); if (!CollectionUtils.isEmpty(receivers)) { receivers.forEach(receiversItem -> { String name = receiversItem.getReceiverName(); if (StringUtils.hasText(name)) { - String encryptedName = signatureProvider.encryptRequestMessage(name, x509Certificate); + String encryptedName = signatureProvider.encryptRequestMessage(name,this.wechatMetaBean()); receiversItem.setReceiverName(encryptedName); } }); @@ -94,7 +92,7 @@ public class ProfitsharingApi extends AbstractApi { .build() .toUri(); HttpHeaders httpHeaders = new HttpHeaders(); - httpHeaders.add("Wechatpay-Serial", certificate.getWechatPaySerial()); + httpHeaders.add("Wechatpay-Serial", signatureProvider.getWechatPaySerial(this.wechatMetaBean())); return Post(uri, params, httpHeaders); }) .consumer(wechatResponseEntity::convert) @@ -256,20 +254,17 @@ public class ProfitsharingApi extends AbstractApi { WechatPayProperties.V3 v3 = this.wechatMetaBean().getV3(); params.setAppid(v3.getAppId()); SignatureProvider signatureProvider = this.client().signatureProvider(); - X509WechatCertificateInfo certificate = signatureProvider.getCertificate(this.wechatMetaBean().getTenantId()); - final X509Certificate x509Certificate = certificate.getX509Certificate(); - String name = params.getName(); if (ReceiverType.PERSONAL_OPENID.equals(params.getType()) && StringUtils.hasText(name)) { // 个人应该必传 - String encryptedName = signatureProvider.encryptRequestMessage(name, x509Certificate); + String encryptedName = signatureProvider.encryptRequestMessage(name,this.wechatMetaBean()); params.setEncryptedName(encryptedName); } URI uri = UriComponentsBuilder.fromHttpUrl(wechatPayV3Type.uri(WeChatServer.CHINA)) .build() .toUri(); HttpHeaders httpHeaders = new HttpHeaders(); - httpHeaders.add("Wechatpay-Serial", certificate.getWechatPaySerial()); + httpHeaders.add("Wechatpay-Serial", signatureProvider.getWechatPaySerial(this.wechatMetaBean())); return Post(uri, params, httpHeaders); }) .consumer(wechatResponseEntity::convert) From 8470286af6163687140649cc81bad93e1259f1d8 Mon Sep 17 00:00:00 2001 From: xucun Date: Thu, 12 Jun 2025 09:05:00 +0800 Subject: [PATCH 2/3] =?UTF-8?q?:sparkles:=20=E5=BE=AE=E4=BF=A1=E5=85=AC?= =?UTF-8?q?=E9=92=A5=E9=AA=8C=E7=AD=BE=E8=A6=86=E7=9B=96=E5=85=A8=E5=9C=BA?= =?UTF-8?q?=E6=99=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/cn/felord/payment/wechat/v3/SignatureProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/SignatureProvider.java b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/SignatureProvider.java index aa6cca8..e0a79d9 100644 --- a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/SignatureProvider.java +++ b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/SignatureProvider.java @@ -379,7 +379,7 @@ public class SignatureProvider { /** * 对请求敏感字段进行加密 - * + * 只有使用平台证书进行验签与签名的商户使用该方法 * @param message the message * @param publicKey the wechatPubicKey certificate * @return encrypt message From 095a1e4a4a9695828b7e0d947fe5abae15e84815 Mon Sep 17 00:00:00 2001 From: xucun Date: Thu, 12 Jun 2025 09:43:21 +0800 Subject: [PATCH 3/3] =?UTF-8?q?:pencil:=20=20=E4=BF=AE=E6=94=B9=E6=96=87?= =?UTF-8?q?=E6=A1=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 25 ++++++++++++++++++- docs/README.md | 2 +- docs/quick_start.md | 2 +- .../payment/wechat/v3/SignatureProvider.java | 9 +++---- 4 files changed, 29 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 389688c..ee89f61 100644 --- a/README.md +++ b/README.md @@ -45,7 +45,7 @@ Starter,支持微信优惠券,代金券、商家券、智慧商圈、商家 cn.felord payment-spring-boot-starter - 1.0.20.RELEASE + 1.0.21.RELEASE ``` @@ -73,6 +73,29 @@ Starter,支持微信优惠券,代金券、商家券、智慧商圈、商家 ~~关于集成配置请详细阅读[payment-spring-boot GitHub文档](https://dromara.github.io/payment-spring-boot) 中[快速接入](https://dromara.github.io/payment-spring-boot/#/quick_start)章节 (暂时不可用)~~ +[关于微信支付公钥](https://pay.weixin.qq.com/doc/v3/merchant/4012153196) +微信官方推出了微信支付公钥产品以替代原来的微信平台证书,我们对此进行了适配 +相关配置如下 +```yaml +wechat: + pay: + v3: + # 租户id + : + # 是否使用微信支付公钥验签 默认false + enable-wechat-pay-public: true + # 微信支付公钥id + wechat-pay-public-key-id: PUB_KEY_ID_1111213 + # 微信支付公钥路径 + wechat-pay-public-key-path: 'pub_key.pem' + + wechat-pay-public-key-absolute-path: '' + # 是否启用签名验签方法切换 默认false + switch-verify-sign-method: true +``` +- 对于旧版本商户,若不使用微信支付公钥,则不需要配置上述对应参数,则默认使用微信平台证书验签。 +- 对于新进件的商户,微信官方默认启用支付公钥,需要配置上述参数。其中 `switch-verify-sign-method` 参数不需要配置 +- 若旧版版商户使用微信支付公钥,则需要配置上述参数,并启用 `switch-verify-sign-method : true` [原理参考](https://pay.weixin.qq.com/doc/v3/merchant/4012154180)。当完成从平台证书切换到微信支付公钥后,请务必将`switch-verify-sign-method`参数设置为false 或删除该字段 ### 调用示例 #### 开启支付 diff --git a/docs/README.md b/docs/README.md index df92a5c..3257853 100644 --- a/docs/README.md +++ b/docs/README.md @@ -35,7 +35,7 @@ cn.felord payment-spring-boot-starter - 1.0.20.RELEASE + 1.0.21.RELEASE ``` ## 采用技术 diff --git a/docs/quick_start.md b/docs/quick_start.md index c082f48..04fdbcc 100644 --- a/docs/quick_start.md +++ b/docs/quick_start.md @@ -15,7 +15,7 @@ ```xml - 2.4.0 + 2.7.18 ``` 然后安装使用 diff --git a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/SignatureProvider.java b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/SignatureProvider.java index e0a79d9..05c8367 100644 --- a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/SignatureProvider.java +++ b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/SignatureProvider.java @@ -256,7 +256,7 @@ public class SignatureProvider { private synchronized void refreshCertificate(String tenantId) { WechatMetaBean wechatMetaBean = wechatMetaContainer.getWechatMeta(tenantId); - if (wechatMetaBean.getV3().getEnableWechatPayPublic() && wechatMetaBean.getV3().getSwitchVerifySignMethod()){ + if (wechatMetaBean.getV3().getEnableWechatPayPublic() && !wechatMetaBean.getV3().getSwitchVerifySignMethod()){ return; } String url = WechatPayV3Type.CERT.uri(WeChatServer.CHINA); @@ -485,11 +485,8 @@ public class SignatureProvider { public boolean isSwitchVerifySignMethod(String tenantId) { - String publicKeyId=wechatMetaContainer.getWechatMeta(tenantId).getV3().getWechatPayPublicKeyId(); - - Boolean switchVerifySignMethod = wechatMetaContainer.getWechatMeta(tenantId).getV3().getSwitchVerifySignMethod(); - - return switchVerifySignMethod && StringUtils.hasLength(publicKeyId); + return wechatMetaContainer.getWechatMeta(tenantId).getV3().getSwitchVerifySignMethod() + && wechatMetaContainer.getWechatMeta(tenantId).getV3().getEnableWechatPayPublic(); } public String getWechatPublicKeyId(String tenantId) {