diff --git a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/SignatureProvider.java b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/SignatureProvider.java index 37f526b..87b011c 100644 --- a/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/SignatureProvider.java +++ b/payment-spring-boot-autoconfigure/src/main/java/cn/felord/payment/wechat/v3/SignatureProvider.java @@ -30,9 +30,7 @@ import lombok.SneakyThrows; import lombok.extern.slf4j.Slf4j; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.springframework.http.*; -import org.springframework.util.AlternativeJdkIdGenerator; -import org.springframework.util.Base64Utils; -import org.springframework.util.IdGenerator; +import org.springframework.util.*; import org.springframework.web.client.RestOperations; import org.springframework.web.client.RestTemplate; import org.springframework.web.util.UriComponents; @@ -128,7 +126,7 @@ public class SignatureProvider { * @return the string */ @SneakyThrows - public String requestSign(boolean newLine,String tenantId, String method, String canonicalUrl, String body) { + public String requestSign(boolean newLine, String tenantId, String method, String canonicalUrl, String body) { long timestamp = LocalDateTime.now().toEpochSecond(ZoneOffset.of("+8")); String nonceStr = nonceStrGenerator.generateId() @@ -136,7 +134,7 @@ public class SignatureProvider { .replaceAll("-", ""); WechatMetaBean wechatMetaBean = wechatMetaContainer.getWechatMeta(tenantId); PrivateKey privateKey = wechatMetaBean.getKeyPair().getPrivate(); - String encode = this.doRequestSign(newLine,privateKey, method, canonicalUrl, String.valueOf(timestamp), nonceStr, body); + String encode = this.doRequestSign(newLine, privateKey, method, canonicalUrl, String.valueOf(timestamp), nonceStr, body); // 序列号 String serialNo = wechatMetaBean.getSerialNumber(); // 生成token @@ -157,10 +155,10 @@ public class SignatureProvider { * @since 1.0.4.RELEASE */ @SneakyThrows - public String doRequestSign(boolean newLine,PrivateKey privateKey, String... orderedComponents) { + public String doRequestSign(boolean newLine, PrivateKey privateKey, String... orderedComponents) { Signature signer = Signature.getInstance("SHA256withRSA", BC_PROVIDER); signer.initSign(privateKey); - final String signatureStr = createSign(newLine,orderedComponents); + final String signatureStr = createSign(newLine, orderedComponents); signer.update(signatureStr.getBytes(StandardCharsets.UTF_8)); return Base64Utils.encodeToString(signer.sign()); } @@ -180,7 +178,7 @@ public class SignatureProvider { } Certificate certificate = CERTIFICATE_MAP.get(wechatpaySerial); - final String signatureStr = createSign(true,params.getWechatpayTimestamp(), params.getWechatpayNonce(), params.getBody()); + final String signatureStr = createSign(true, params.getWechatpayTimestamp(), params.getWechatpayNonce(), params.getBody()); Signature signer = Signature.getInstance("SHA256withRSA"); signer.initVerify(certificate); signer.update(signatureStr.getBytes(StandardCharsets.UTF_8)); @@ -208,7 +206,7 @@ public class SignatureProvider { } // 签名 HttpMethod httpMethod = WechatPayV3Type.CERT.method(); - String authorization = requestSign(true,tenantId, httpMethod.name(), canonicalUrl, ""); + String authorization = requestSign(true, tenantId, httpMethod.name(), canonicalUrl, ""); HttpHeaders headers = new HttpHeaders(); headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON)); @@ -256,6 +254,15 @@ public class SignatureProvider { * @return the string */ public String decryptResponseBody(String tenantId, String associatedData, String nonce, String ciphertext) { + + try { + Assert.hasText(associatedData, "associatedData is invalid"); + Assert.hasText(nonce, "nonce is invalid"); + Assert.hasText(ciphertext, "ciphertext is invalid"); + } catch (Exception e) { + throw new PayException(e.getMessage()); + } + try { Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", BC_PROVIDER); String apiV3Key = wechatMetaContainer.getWechatMeta(tenantId).getV3().getAppV3Secret(); @@ -285,14 +292,14 @@ public class SignatureProvider { * @return encrypt message * @since 1.0.6.RELEASE */ - public String encryptRequestMessage(String message,Certificate certificate) { + public String encryptRequestMessage(String message, Certificate certificate) { try { Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", BC_PROVIDER); cipher.init(Cipher.ENCRYPT_MODE, certificate.getPublicKey()); byte[] data = message.getBytes(StandardCharsets.UTF_8); byte[] cipherData = cipher.doFinal(data); - return Base64Utils.encodeToString(cipherData); + return Base64Utils.encodeToString(cipherData); } catch (Exception e) { throw new PayException(e); @@ -304,14 +311,14 @@ public class SignatureProvider { * * @return the x 509 wechat certificate info */ - public X509WechatCertificateInfo getCertificate(){ + public X509WechatCertificateInfo getCertificate() { for (String serial : CERTIFICATE_MAP.keySet()) { X509Certificate x509Cert = (X509Certificate) CERTIFICATE_MAP.get(serial); try { x509Cert.checkValidity(); X509WechatCertificateInfo x509WechatCertificateInfo = new X509WechatCertificateInfo(); - x509WechatCertificateInfo.setWechatPaySerial(serial); - x509WechatCertificateInfo.setX509Certificate(x509Cert); + x509WechatCertificateInfo.setWechatPaySerial(serial); + x509WechatCertificateInfo.setX509Certificate(x509Cert); return x509WechatCertificateInfo; } catch (Exception e) { log.warn("the wechat certificate is invalid , {}", e.getMessage()); @@ -348,9 +355,9 @@ public class SignatureProvider { * @param components the components * @return string string */ - private static String createSign(boolean newLine,String... components) { + private static String createSign(boolean newLine, String... components) { - String suffix = newLine? "\n":""; + String suffix = newLine ? "\n" : ""; return Arrays.stream(components) .collect(Collectors.joining("\n", "", suffix)); }