parent: 5cac1da6 | patch | commit | ignore whitespace
KKSU
2024-01-18 eb70365bed10ef4032147193f8e4caf10830fad0 
fapiao
4 files modified
140 ■■■■■ changed files
src/main/java/cc/mrbird/febs/pay/controller/XcxPayController.java 2 ●●● patch | view | raw | blame | history
src/main/java/cc/mrbird/febs/pay/service/WxFaPiaoService.java 2 ●●● patch | view | raw | blame | history
src/main/java/cc/mrbird/febs/pay/service/impl/WxFaPiaoServiceImpl.java 111 ●●●●● patch | view | raw | blame | history
src/test/java/cc/mrbird/febs/ProfitTest.java 25 ●●●●● patch | view | raw | blame | history 
 src/main/java/cc/mrbird/febs/pay/controller/XcxPayController.java


@@ -254,7 +254,7 @@


     */


    @Transactional(rollbackFor = Exception.class)


    @RequestMapping(value = "/fapiaoCallBack")


    public Map<String, Object> fapiaoCallBack(HttpServletRequest request, @RequestBody Map<String, Object> requestBody) throws IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, ParseException {


    public Map<String, Object> fapiaoCallBack(HttpServletRequest request, @RequestBody Map<String, Object> requestBody) {


        return wxFaPiaoService.fapiaoCallBack(request,requestBody);




    }




 src/main/java/cc/mrbird/febs/pay/service/WxFaPiaoService.java


@@ -25,5 +25,5 @@




    String sendGet(String url, Map<String, Object> params, String token);




    Map<String, Object> fapiaoCallBack(HttpServletRequest request, @RequestBody Map<String, Object> requestBody) throws IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, ParseException;


    Map<String, Object> fapiaoCallBack(HttpServletRequest request, @RequestBody Map<String, Object> requestBody);


}




 src/main/java/cc/mrbird/febs/pay/service/impl/WxFaPiaoServiceImpl.java


@@ -276,7 +276,7 @@


    }




    @Override


    public Map<String, Object> fapiaoCallBack(HttpServletRequest request, @RequestBody Map<String, Object> requestBody) throws IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, ParseException {


    public Map<String, Object> fapiaoCallBack(HttpServletRequest request, @RequestBody Map<String, Object> requestBody){


        Map<String,Object> map = new HashMap<>();


        String signature = request.getHeader("Wechatpay-Signature");


        String timestamp = request.getHeader("Wechatpay-Timestamp");


@@ -289,8 +289,27 @@


        log.info("头信息---随机字符:" + nonce);


        log.info("头信息---平台证书序列号:" + serial);


        log.info("获取到的body信息:" + body);


        //应对签名探测流量


        if(signature.contains("WECHATPAY/SIGNTEST")){


            map.put("code","500");


            map.put("message", "失败");


            return map;


        }


        //验签


        boolean signCheck = signCheck(timestamp, nonce, requestBody, signature);


        boolean signCheck = false;


        try {


            signCheck = signCheck(timestamp, nonce, requestBody, signature);


        } catch (NoSuchAlgorithmException e) {


            e.printStackTrace();


        } catch (SignatureException e) {


            e.printStackTrace();


        } catch (IOException e) {


            e.printStackTrace();


        } catch (InvalidKeyException e) {


            e.printStackTrace();


        } catch (ParseException e) {


            e.printStackTrace();


        }


        log.info("验签结果:" + signCheck);


        if (signCheck) {


            try {


@@ -346,7 +365,7 @@


                e.printStackTrace();


            }


        }


        map.put("code","FAIL");


        map.put("code","500");


        map.put("message", "失败");


        return map;


    }


@@ -364,7 +383,12 @@


     * @throws IOException


     * @throws InvalidKeyException


     */


    public boolean signCheck(String timestamp, String nonce, Map<String, Object> requestBody, String signature) throws NoSuchAlgorithmException, SignatureException, IOException, InvalidKeyException, ParseException {


    public boolean signCheck(String timestamp, String nonce, Map<String, Object> requestBody, String signature) throws


            NoSuchAlgorithmException,


            SignatureException,


            IOException,


            InvalidKeyException,


            ParseException {


        //构造验签名串


        String signatureStr = timestamp + "\n" + nonce + "\n" + com.alibaba.fastjson.JSONObject.toJSONString(requestBody) + "\n";


        // 加载SHA256withRSA签名器


@@ -432,44 +456,49 @@


    }




    public static void main(String[] args) throws UnsupportedEncodingException, GeneralSecurityException {


        JCEUtil.removeCryptographyRestrictions();


        String body = "{\"id\":\"5fb7f522-466f-5c99-a325-0eb4001f1ec3\",\"create_time\":\"2024-01-17T15:38:33+08:00\",\"resource_type\":\"encrypt-resource\",\"event_type\":\"FAPIAO.USER_APPLIED\",\"summary\":\"用户已申请开票\",\"resource\":{\"original_type\":\"fapiao\",\"algorithm\":\"AEAD_AES_256_GCM\",\"ciphertext\":\"bBOs5WTUV1AhwiYSIUugaw9z4EHXxC28ZVsGHOppCNP4qpxYgnR+W+l983UyETmD/Wgu8ukJhe/xYkSsF947pgDP1ElTXC8MJA3lCc8NlsXQ1csPfWTS6A0XrxBoNMgwGEsYFo/7tPW/zDrEpzRZL/GgEwEtK6X1Y4Ci9IofzeI=\",\"associated_data\":\"fapiao\",\"nonce\":\"7a5dzuYqStef\"}}";


        JSONObject jsonObject = JSONUtil.parseObj(body);


        log.info("微信电子发票回调接口....解析请求体:"+jsonObject);




        String id = jsonObject.getStr("id");//可能是支付业务的回调数据


        String create_time = jsonObject.getStr("create_time");//可能是支付业务的回调数据


        String resource_type = jsonObject.getStr("resource_type");//可能是支付业务的回调数据


        String event_type = jsonObject.getStr("event_type");//可能是支付业务的回调数据


        String resource = jsonObject.getStr("resource");//可能是支付业务的回调数据


        log.info("微信电子发票回调接口....id:"+ id);


        log.info("微信电子发票回调接口....create_time:"+ create_time);


        log.info("微信电子发票回调接口....resource_type:"+ resource_type);


        log.info("微信电子发票回调接口....event_type:"+ event_type);


        log.info("微信电子发票回调接口....resource:"+ resource);




        if ("FAPIAO.USER_APPLIED".equals(event_type)//用户发票抬头填写完成类型:FAPIAO.USER_APPLIED


                && !"encryptresource".equals(resource_type)) {//通知的资源数据类型,确认成功通知为encryptresource。


            //解密


            AesUtil aesUtil = new AesUtil("daL341aN5orDt13puXadsAf2rpuX12v3".getBytes("utf-8"));


            JSONObject jsonObjectResource = JSONUtil.parseObj(resource);


//            String original_type = jsonObjectResource.getStr("original_type");//可能是支付业务的回调数据


//            String algorithm = jsonObjectResource.getStr("algorithm");//可能是支付业务的回调数据


            String ciphertext = jsonObjectResource.getStr("ciphertext");//可能是支付业务的回调数据


            String associated_data = jsonObjectResource.getStr("associated_data");//可能是支付业务的回调数据


            String nonce = jsonObjectResource.getStr("nonce");//可能是支付业务的回调数据


            String decryptToString = aesUtil.decryptToString(


                    associated_data.getBytes("utf-8"),


                    nonce.getBytes("utf-8"),


                    ciphertext);


            log.info("微信电子发票回调接口....resource解密:"+decryptToString);




            JSONObject parseObj = JSONUtil.parseObj(decryptToString);


            log.info("微信电子发票回调接口....resource解密-JSONObject:"+parseObj);


            String fapiao_apply_id = parseObj.getStr("fapiao_apply_id");


            log.info("微信电子发票回调接口....resource解密-fapiao_apply_id:"+fapiao_apply_id);




        String signature = "WECHATPAY/SIGNTEST/9WwfXW/noMdzDPcOrFD51Bf5YIThXLTtLCl5hoGlSfIBdY2UpE+5eHLs0XyF7y2cQc4OlzTzDDxSMTp/p/8ZenE2hMBaQjxVrdbTtrOLA1h13/WjCNaTr1URTqQ5+IF5bLCxAW8BmZ0jEqpmI/HYR3wdK8/7W91c1zfKODYgkvJzxFzd8OWi2GtELE5tLamkOLyb0GEcsGww2DUOypO5HjNyITgsy9R00w3OH92UInCD8Z6c5BAsQNySqFK8N52y38AlIWTtKROHmJtu+kHbt+nMOU0kbB5bZcPAptsnVYpp9KMmjMrmyjiKtHZb2TGIWiN/L+bgceyN3g==";


        if(signature.contains("WECHATPAY/SIGNTEST")){


            System.out.println(1);


        }




//        JCEUtil.removeCryptographyRestrictions();


//        String body = "{\"id\":\"5fb7f522-466f-5c99-a325-0eb4001f1ec3\",\"create_time\":\"2024-01-17T15:38:33+08:00\",\"resource_type\":\"encrypt-resource\",\"event_type\":\"FAPIAO.USER_APPLIED\",\"summary\":\"用户已申请开票\",\"resource\":{\"original_type\":\"fapiao\",\"algorithm\":\"AEAD_AES_256_GCM\",\"ciphertext\":\"bBOs5WTUV1AhwiYSIUugaw9z4EHXxC28ZVsGHOppCNP4qpxYgnR+W+l983UyETmD/Wgu8ukJhe/xYkSsF947pgDP1ElTXC8MJA3lCc8NlsXQ1csPfWTS6A0XrxBoNMgwGEsYFo/7tPW/zDrEpzRZL/GgEwEtK6X1Y4Ci9IofzeI=\",\"associated_data\":\"fapiao\",\"nonce\":\"7a5dzuYqStef\"}}";


//        JSONObject jsonObject = JSONUtil.parseObj(body);


//        log.info("微信电子发票回调接口....解析请求体:"+jsonObject);


//


//        String id = jsonObject.getStr("id");//可能是支付业务的回调数据


//        String create_time = jsonObject.getStr("create_time");//可能是支付业务的回调数据


//        String resource_type = jsonObject.getStr("resource_type");//可能是支付业务的回调数据


//        String event_type = jsonObject.getStr("event_type");//可能是支付业务的回调数据


//        String resource = jsonObject.getStr("resource");//可能是支付业务的回调数据


//        log.info("微信电子发票回调接口....id:"+ id);


//        log.info("微信电子发票回调接口....create_time:"+ create_time);


//        log.info("微信电子发票回调接口....resource_type:"+ resource_type);


//        log.info("微信电子发票回调接口....event_type:"+ event_type);


//        log.info("微信电子发票回调接口....resource:"+ resource);


//


//        if ("FAPIAO.USER_APPLIED".equals(event_type)//用户发票抬头填写完成类型:FAPIAO.USER_APPLIED


//                && !"encryptresource".equals(resource_type)) {//通知的资源数据类型,确认成功通知为encryptresource。


//            //解密


//            AesUtil aesUtil = new AesUtil("daL341aN5orDt13puXadsAf2rpuX12v3".getBytes("utf-8"));


//            JSONObject jsonObjectResource = JSONUtil.parseObj(resource);


////            String original_type = jsonObjectResource.getStr("original_type");//可能是支付业务的回调数据


////            String algorithm = jsonObjectResource.getStr("algorithm");//可能是支付业务的回调数据


//            String ciphertext = jsonObjectResource.getStr("ciphertext");//可能是支付业务的回调数据


//            String associated_data = jsonObjectResource.getStr("associated_data");//可能是支付业务的回调数据


//            String nonce = jsonObjectResource.getStr("nonce");//可能是支付业务的回调数据


//            String decryptToString = aesUtil.decryptToString(


//                    associated_data.getBytes("utf-8"),


//                    nonce.getBytes("utf-8"),


//                    ciphertext);


//            log.info("微信电子发票回调接口....resource解密:"+decryptToString);


//


//            JSONObject parseObj = JSONUtil.parseObj(decryptToString);


//            log.info("微信电子发票回调接口....resource解密-JSONObject:"+parseObj);


//            String fapiao_apply_id = parseObj.getStr("fapiao_apply_id");


//            log.info("微信电子发票回调接口....resource解密-fapiao_apply_id:"+fapiao_apply_id);


//


//        }


    }




}




 src/test/java/cc/mrbird/febs/ProfitTest.java


@@ -53,6 +53,7 @@


import org.springframework.boot.test.context.SpringBootTest;


import org.springframework.core.io.ClassPathResource;


import org.springframework.core.io.ResourceLoader;


import org.springframework.util.Base64Utils;


import org.springframework.web.client.RestTemplate;




import javax.annotation.Resource;


@@ -296,6 +297,8 @@


            e.printStackTrace();


        }


        String responseBodyAsString = wxFaPiaoService.sendGet(baseUrl + canonicalUrl, new HashMap<>(), "WECHATPAY2-SHA256-RSA2048 "+postStr);


        //完成签名并执行请求


        X509Certificate x509Certificate = null;


        try {


            cn.hutool.json.JSONObject maps = JSONUtil.parseObj(responseBodyAsString);


            System.out.println(maps);


@@ -316,13 +319,33 @@




                    ByteArrayInputStream inputStream = new ByteArrayInputStream(pulicKey.getBytes(StandardCharsets.UTF_8));




                    X509Certificate x509Certificate = (X509Certificate) cf.generateCertificate(inputStream);


                    x509Certificate = (X509Certificate) cf.generateCertificate(inputStream);


                    System.out.println(x509Certificate);


                }


            }


        } catch (IOException e) {


            e.printStackTrace();


        }


        String timestamp = "1705548628";


        String nonce = "sJBCGwYIM8WFJCpTE3gDGifC6VOyrPFY";


        String body = "{\"id\":\"f23942b4-b128-56ef-9172-2da8204b5159\",\"create_time\":\"2024-01-18T11:30:28+08:00\",\"resource_type\":\"encrypt-resource\",\"event_type\":\"FAPIAO.USER_APPLIED\",\"summary\":\"用户已申请开票\",\"resource\":{\"original_type\":\"fapiao\",\"algorithm\":\"AEAD_AES_256_GCM\",\"ciphertext\":\"X7XjgHrepsnVpFqNgjl9EfRbJIdMUf15izFrtnvEf7So3SWlg6CFNofcQAJE+iL1XfkFk7DNNW0rILNbY1cGWGlAlKbbPhv5SFEakZVe9GZsSTd4EC5zTk9D6g+FTS6EQNxCkj4ut2WyYaSSqJjHgYaqdKzLNPSTGRVQnynafFE=\",\"associated_data\":\"fapiao\",\"nonce\":\"X7daAHdejNsm\"}}";


        Map<String, Object> requestBody = JSONUtil.parseObj(body);


        String signature = "WECHATPAY/SIGNTEST/9WwfXW/noMdzDPcOrFD51Bf5YIThXLTtLCl5hoGlSfIBdY2UpE+5eHLs0XyF7y2cQc4OlzTzDDxSMTp/p/8ZenE2hMBaQjxVrdbTtrOLA1h13/WjCNaTr1URTqQ5+IF5bLCxAW8BmZ0jEqpmI/HYR3wdK8/7W91c1zfKODYgkvJzxFzd8OWi2GtELE5tLamkOLyb0GEcsGww2DUOypO5HjNyITgsy9R00w3OH92UInCD8Z6c5BAsQNySqFK8N52y38AlIWTtKROHmJtu+kHbt+nMOU0kbB5bZcPAptsnVYpp9KMmjMrmyjiKtHZb2TGIWiN/L+bgceyN3g==";


        //构造验签名串


        String signatureStr = timestamp + "\n" + nonce + "\n" + com.alibaba.fastjson.JSONObject.toJSONString(requestBody) + "\n";


        System.out.println(signature.length());


        System.out.println(signature);


        System.out.println(signatureStr.length());


        System.out.println(signatureStr);


        // 加载SHA256withRSA签名器


        Signature signer = Signature.getInstance("SHA256withRSA");


        // 用微信平台公钥对签名器进行初始化(调上一节中的获取平台证书方法)


        signer.initVerify(x509Certificate);


        // 把我们构造的验签名串更新到签名器中


        signer.update(signatureStr.getBytes(StandardCharsets.UTF_8));


        // 把请求头中微信服务器返回的签名用Base64解码 并使用签名器进行验证


        boolean result = signer.verify(Base64Utils.decodeFromString(signature));


        System.out.println(result);


    }