| | |
|---|
| | | import cn.hutool.core.date.DateUtil; |
|---|
| | | import io.swagger.annotations.Api; |
|---|
| | | import lombok.extern.slf4j.Slf4j; |
|---|
| | | import org.apache.commons.codec.digest.DigestUtils; |
|---|
| | | import org.springframework.stereotype.Controller; |
|---|
| | | import org.springframework.ui.Model; |
|---|
| | | import org.springframework.web.bind.annotation.PostMapping; |
|---|
| | |
|---|
| | | import org.springframework.web.bind.annotation.RequestParam; |
|---|
| | | |
|---|
| | | import javax.annotation.Resource; |
|---|
| | | import java.security.MessageDigest; |
|---|
| | | import java.security.NoSuchAlgorithmException; |
|---|
| | | |
|---|
| | | @Slf4j |
|---|
| | | @Controller |
|---|
| | |
|---|
| | | @RequestParam("domain") String domain, |
|---|
| | | @RequestParam("currency") String currency, |
|---|
| | | @RequestParam("paydate") String payDate, |
|---|
| | | @RequestParam("appcode") String appCode, |
|---|
| | | @RequestParam("skey") String receivedSkey, |
|---|
| | | Model model) { |
|---|
| | | |
|---|
| | | // 验证skey以确保数据完整性 |
|---|
| | | String calculatedSkey = calculateSkey(tranId, orderId, status, domain, amount, currency, payDate, appCode); |
|---|
| | | String preSkey = DigestUtils.md5Hex(tranId + orderId + status + domain + amount + currency); |
|---|
| | | String calculatedSkey = DigestUtils.md5Hex(payDate + domain + preSkey + SECRET_KEY); |
|---|
| | | |
|---|
| | | log.info("callback status: {}", status); |
|---|
| | | log.info("callback skey: {}", receivedSkey); |
|---|
| | | log.info("callback calculatedSkey: {}", calculatedSkey); |
|---|
| | | if (!calculatedSkey.equalsIgnoreCase(receivedSkey)) { |
|---|
| | | // 记录安全警告日志 |
|---|
| | | throw new FebsException("订单回调失败,---"+orderId); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // 将支付结果信息传递给支付成功页面 |
|---|
| | | model.addAttribute("amount", amount); |
|---|
| | |
|---|
| | | model.addAttribute("status", status); |
|---|
| | | model.addAttribute("currency", currency); |
|---|
| | | model.addAttribute("payDate", payDate); |
|---|
| | | |
|---|
| | | if (!calculatedSkey.equalsIgnoreCase(receivedSkey)) { |
|---|
| | | // 记录安全警告日志 |
|---|
| | | throw new FebsException("订单回调失败,---"+orderId); |
|---|
| | | } |
|---|
| | | updateOrderStatus(orderId, status, amount, payDate, tranId); |
|---|
| | | |
|---|
| | | // 跳转到支付成功页面 |
|---|
| | | return "payment-success"; |
|---|
| | | } |
|---|
| | | |
|---|
| | | private String calculateSkey(String tranId, String orderId, String status, |
|---|
| | | String domain, String amount, String currency, |
|---|
| | | String payDate, String appCode) { |
|---|
| | | try { |
|---|
| | | // 第一步哈希计算 |
|---|
| | | String preSkey = tranId + orderId + status + domain + amount + currency; |
|---|
| | | String preSkeyHash = md5(preSkey); |
|---|
| | | |
|---|
| | | // 第二步哈希计算 |
|---|
| | | String finalInput = payDate + domain + preSkeyHash + appCode + SECRET_KEY; |
|---|
| | | return md5(finalInput); |
|---|
| | | } catch (NoSuchAlgorithmException e) { |
|---|
| | | throw new RuntimeException("MD5算法不可用", e); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | private String md5(String input) throws NoSuchAlgorithmException { |
|---|
| | | MessageDigest md = MessageDigest.getInstance("MD5"); |
|---|
| | | byte[] hashBytes = md.digest(input.getBytes()); |
|---|
| | | |
|---|
| | | StringBuilder hexString = new StringBuilder(); |
|---|
| | | for (byte b : hashBytes) { |
|---|
| | | String hex = Integer.toHexString(0xff & b); |
|---|
| | | if (hex.length() == 1) hexString.append('0'); |
|---|
| | | hexString.append(hex); |
|---|
| | | } |
|---|
| | | return hexString.toString(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | private void updateOrderStatus(String orderId, String status, String amount, String paydate, String tranID) { |
|---|
