From cfd935231bbfcc171e9250ff8cb67008f49b929a Mon Sep 17 00:00:00 2001
From: KKSU <15274802129@163.com>
Date: Wed, 17 Jan 2024 14:00:52 +0800
Subject: [PATCH] fapiao
---
src/main/java/cc/mrbird/febs/pay/service/impl/WxFaPiaoServiceImpl.java | 435 +++++++++++++++++++++++++++++++++++++++++++++++++++---
1 files changed, 411 insertions(+), 24 deletions(-)
diff --git a/src/main/java/cc/mrbird/febs/pay/service/impl/WxFaPiaoServiceImpl.java b/src/main/java/cc/mrbird/febs/pay/service/impl/WxFaPiaoServiceImpl.java
index a35aa8d..f35b58f 100644
--- a/src/main/java/cc/mrbird/febs/pay/service/impl/WxFaPiaoServiceImpl.java
+++ b/src/main/java/cc/mrbird/febs/pay/service/impl/WxFaPiaoServiceImpl.java
@@ -1,22 +1,60 @@
package cc.mrbird.febs.pay.service.impl;
import cc.mrbird.febs.common.properties.XcxProperties;
+import cc.mrbird.febs.common.utils.AppContants;
import cc.mrbird.febs.common.utils.SpringContextHolder;
+import cc.mrbird.febs.mall.entity.MallOrderInfo;
+import cc.mrbird.febs.mall.mapper.MallOrderInfoMapper;
+import cc.mrbird.febs.pay.model.HeaderDto;
import cc.mrbird.febs.pay.service.WxFaPiaoService;
import cc.mrbird.febs.pay.util.RandomStringGenerator;
+import cn.hutool.core.util.ObjectUtil;
+import cn.hutool.json.JSONObject;
+import cn.hutool.json.JSONUtil;
+import com.aliyun.oss.internal.SignUtils;
+import com.wechat.pay.contrib.apache.httpclient.auth.AutoUpdateCertificatesVerifier;
+import com.wechat.pay.contrib.apache.httpclient.auth.PrivateKeySigner;
+import com.wechat.pay.contrib.apache.httpclient.auth.WechatPay2Credentials;
+import com.wechat.pay.contrib.apache.httpclient.auth.WechatPay2Validator;
+import com.wechat.pay.contrib.apache.httpclient.notification.Notification;
+import com.wechat.pay.contrib.apache.httpclient.notification.NotificationHandler;
+import com.wechat.pay.contrib.apache.httpclient.notification.NotificationRequest;
+import com.wechat.pay.contrib.apache.httpclient.util.AesUtil;
+import com.wechat.pay.java.core.notification.Resource;
+import io.undertow.util.Certificates;
import lombok.RequiredArgsConstructor;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import okhttp3.HttpUrl;
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpPatch;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.entity.StringEntity;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.util.EntityUtils;
import org.springframework.core.io.ClassPathResource;
import org.springframework.stereotype.Service;
import org.springframework.util.Base64Utils;
+import org.springframework.web.bind.annotation.RequestBody;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import java.io.*;
import java.nio.charset.StandardCharsets;
import java.security.*;
+import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.text.SimpleDateFormat;
+import java.util.Base64;
+import java.util.HashMap;
import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
import java.util.stream.Stream;
@@ -25,44 +63,390 @@
@RequiredArgsConstructor
public class WxFaPiaoServiceImpl implements WxFaPiaoService {
+ private final MallOrderInfoMapper mallOrderInfoMapper;
+
private final XcxProperties xcxProperties = SpringContextHolder.getBean(XcxProperties.class);
@Override
- public String createAuthorization(String method, String canonicalUrl, String body, KeyPair keyPair) {
+ public String createAuthorization(String method, String canonicalUrl, String body, PrivateKey keyPair) throws UnsupportedEncodingException, NoSuchAlgorithmException {
String nonceStr = RandomStringGenerator.getRandomStringByLength(32);//随机字符串
long timestamp = System.currentTimeMillis() / 1000;//时间戳
- String signature = sign(method, canonicalUrl, timestamp, nonceStr, body, keyPair);//签名加密
+ HttpUrl httpurl = HttpUrl.parse(canonicalUrl);
+ String message = buildMessage(method, httpurl, timestamp, nonceStr, body);
+ log.info("签名串:\n"+message);
+ log.info("签名串长度:\n"+getWordCount(message));
+ String signature = sign2(message.getBytes("utf-8"), keyPair);
+
+ log.info("签名串sign:\n"+signature);
+ log.info("签名串长度sign:\n"+getWordCount(signature));
+// String yourCertificateSerialNo = "221D49AEC4EA538A63941D1936709C8559EB05C5";
return "mchid=\"" + xcxProperties.getWecharpayMchid() + "\","
+ "nonce_str=\"" + nonceStr + "\","
+ "timestamp=\"" + timestamp + "\","
- + "serial_no=\"" + "50F37206347BCC9E6AC9860DAACE52AC035F7C24" + "\","//证书序列号
+ + "serial_no=\"" + AppContants.WX_CARD_NUM + "\","
+ "signature=\"" + signature + "\"";
}
- @Override
- public KeyPair getPrivateKey() {
- return createPKCS12("Tenpay Certificate", "1658958205");
+ public int getWordCount(String s)
+ {
+ int length = 0 ;
+ for ( int i = 0 ; i < s.length(); i ++ )
+ {
+ int ascii = Character.codePointAt(s, i);
+ if (ascii >= 0 && ascii <= 255 )
+ length ++ ;
+ else
+ length += 2 ;
+
+ }
+ return length;
+
}
+
+ public String sign2(byte[] message,PrivateKey keyPair) throws NoSuchAlgorithmException {
+ Signature sign = Signature.getInstance("SHA256withRSA");
+ String s = null;
+ try {
+ sign.initSign(keyPair);
+ sign.update(message);
+ s = Base64.getEncoder().encodeToString(sign.sign());
+ } catch (InvalidKeyException e) {
+ e.printStackTrace();
+ } catch (SignatureException e) {
+ e.printStackTrace();
+ }
+ return s;
+ }
+
+ public String buildMessage(String method, HttpUrl url, long timestamp, String nonceStr, String body) {
+ String canonicalUrl = url.encodedPath();
+ if (url.encodedQuery() != null) {
+ canonicalUrl += "?" + url.encodedQuery();
+ }
+ return method + "\n"
+ + canonicalUrl + "\n"
+ + timestamp + "\n"
+ + nonceStr + "\n"
+ + body + "\n";
+ }
+
+ @Override
+ public PrivateKey getPrivateKeyV3() throws IOException {
+ InputStream inputStream = new ClassPathResource("wxP12/apiclient_key.pem")
+ .getInputStream();
+
+ String content = new BufferedReader(new InputStreamReader(inputStream))
+ .lines().collect(Collectors.joining(System.lineSeparator()));
+ try {
+ String privateKey = content.replace("-----BEGIN PRIVATE KEY-----", "")
+ .replace("-----END PRIVATE KEY-----", "")
+ .replaceAll("\\s+", "");
+
+ KeyFactory kf = KeyFactory.getInstance("RSA");
+ return kf.generatePrivate(
+ new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKey)));
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException("当前Java环境不支持RSA", e);
+ } catch (InvalidKeySpecException e) {
+ throw new RuntimeException("无效的密钥格式");
+ }
+ }
+
+ @Override
+ public String sendPatch(String url, String params, String token) {
+ String result = "";
+ CloseableHttpClient httpClient = HttpClients.createDefault();
+ HttpPatch httpPatch = new HttpPatch(url);
+ httpPatch.setHeader("Content-type", "application/json");
+ httpPatch.setHeader("Charset", "utf-8");
+ httpPatch.setHeader("Accept", "application/json");
+ httpPatch.setHeader("Accept-Charset", "utf-8");
+ httpPatch.setHeader("Authorization", token);
+ try {
+ StringEntity data = new StringEntity(params, "utf-8");
+ httpPatch.setEntity(data);
+ HttpResponse response = httpClient.execute(httpPatch);
+ HttpEntity entity = response.getEntity();
+ result = EntityUtils.toString(entity);
+ } catch (Exception e) {
+ result = "{\"status\":\"1\",\"error\":\"" + e.getMessage() + "\"}";
+ }
+ return result;
+ }
+
+ @Override
+ public String sendPost(String url, String params, String token) {
+ String result = "";
+ int err = 0;
+ while (true) {
+ CloseableHttpClient client = HttpClients.createDefault();
+ HttpPost httpPost = new HttpPost(url);
+ try {
+ httpPost.addHeader("Content-type", "application/json");
+ httpPost.addHeader("Charset", "utf-8");
+ httpPost.addHeader("Accept", "application/json");
+ httpPost.addHeader("Accept-Charset", "utf-8");
+ httpPost.addHeader("Authorization", token);
+
+ StringEntity data = new StringEntity(params, "utf-8");
+ httpPost.setEntity(data);
+ HttpResponse response = client.execute(httpPost);
+ HttpEntity resEntity = response.getEntity();
+ result = EntityUtils.toString(resEntity);
+ return result;
+ } catch (IOException e) {
+ result = "{\"status\":\"1\",\"errors\":\"" + e.getMessage() + "\"}";
+ if (err++ > 2) {
+ break;
+ }
+ try {
+ Thread.sleep((err + 2) * 1000);
+ } catch (InterruptedException e1) {
+ result = "{\"status\":\"1\",\"errors\":\"" + e1.getMessage() + "\"}";
+ }
+ }
+ }
+ return result;
+ }
+
+ @Override
+ public Map<String, Object> fapiaoCallBack(HttpServletRequest request, @RequestBody Map<String, Object> requestBody) throws IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
+ Map<String,Object> map = new HashMap<>();
+ String signature = request.getHeader("Wechatpay-Signature");
+ String timestamp = request.getHeader("Wechatpay-Timestamp");
+ String nonce = request.getHeader("Wechatpay-Nonce");
+ //平台证书序列号不是API证书序列号
+ String serial = request.getHeader("Wechatpay-Serial");
+ String body = com.alibaba.fastjson.JSONObject.toJSONString(requestBody);
+ log.info("头信息---签名:" + signature);
+ log.info("头信息---时间戳:" + timestamp);
+ log.info("头信息---随机字符:" + nonce);
+ log.info("头信息---平台证书序列号:" + serial);
+ log.info("获取到的body信息:" + body);
+ //验签
+ boolean signCheck = verifySign(request, body);
+// boolean signCheck = signCheck(timestamp, nonce, requestBody, signature);
+ log.info("验签结果:" + signCheck);
+ if (signCheck) {
+// //解密参数
+// Resource resource = com.alibaba.fastjson.JSONObject.parseObject(com.alibaba.fastjson.JSONObject.toJSONString(requestBody.get("resource")), Resource.class);
+// AesUtil aesUtil = new AesUtil(CommonParameters.apiV3Key.getBytes("utf-8"));
+// String string = aesUtil.decryptToString(resource.getAssociated_data().getBytes("utf-8"), resource.getNonce().getBytes("utf-8"), resource.getCiphertext());
+// ComplaintInfo complaintInfo = JSONObject.parseObject(string, ComplaintInfo.class);
+// //获取投诉详情
+// ComplaintDetail complaintDetail = CommonUtils.GetComplaintsInfo(complaintInfo.getComplaint_id());
+// data.put("code", "SUCCESS");
+// data.put("message", "成功");
+// return data;
+ try {
+ //解析请求体
+// Resource resource = com.alibaba.fastjson.JSONObject.parseObject(com.alibaba.fastjson.JSONObject.toJSONString(requestBody.get("resource")), Resource.class);
+ Notification notification = com.alibaba.fastjson.JSONObject.parseObject(String.valueOf(body),Notification.class);
+ log.info("微信电子发票回调接口....解析请求体:"+notification.toString());
+ String decryptData = notification.getDecryptData();//可能是支付业务的回调数据
+ log.info("微信电子发票回调接口....decryptData:"+notification.toString());
+ Notification.Resource resource = notification.getResource();//电子发票的回调加密数据
+ log.info("微信电子发票回调接口....resource:"+notification.toString());
+
+ if ("FAPIAO.USER_APPLIED".equals(notification.getEventType())//用户发票抬头填写完成类型:FAPIAO.USER_APPLIED
+ && !"encryptresource".equals(notification.getResourceType())) {//通知的资源数据类型,确认成功通知为encryptresource。
+ //解密
+ AesUtil aesUtil = new AesUtil(xcxProperties.getWecharpaySecretV3().getBytes("utf-8"));
+ String decryptToString = aesUtil.decryptToString(
+ resource.getAssociatedData().getBytes("utf-8"),
+ resource.getNonce().getBytes("utf-8"),
+ resource.getCiphertext());
+ log.info("微信电子发票回调接口....resource解密:"+decryptToString);
+
+ JSONObject parseObj = JSONUtil.parseObj(decryptToString);
+
+ log.info("微信电子发票回调接口....resource解密-JSONObject:"+parseObj);
+
+ String mchid = String.valueOf(parseObj.get("mchid"));
+ String fapiao_apply_id = String.valueOf(parseObj.get("fapiao_apply_id"));
+ String apply_time = String.valueOf(parseObj.get("apply_time"));
+ MallOrderInfo mallOrderInfo = mallOrderInfoMapper.selectByOrderNo(fapiao_apply_id);
+ if(ObjectUtil.isNotEmpty(mallOrderInfo)){
+ //省略查询订单
+ //此处处理业务
+ map.put("code","SUCCESS");
+ map.put("message","成功");
+ //消息推送成功
+ return map;
+ }
+ }
+ map.put("code","RESOURCE_NOT_EXISTS");
+ map.put("message", "订单不存在");
+ return map;
+ }catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+ map.put("code","FAIL");
+ map.put("message", "失败");
+ return map;
+ }
+
+// /**
+// * 验证签名
+// *
+// * @param timestamp 微信平台传入的时间戳
+// * @param nonce 微信平台传入的随机字符串
+// * @param requestBody 微信平台传入的消息体
+// * @param signature 微信平台传入的签名
+// * @return
+// * @throws NoSuchAlgorithmException
+// * @throws SignatureException
+// * @throws IOException
+// * @throws InvalidKeyException
+// */
+// public static boolean signCheck(String timestamp, String nonce, Map<String, Object> requestBody, String signature) throws NoSuchAlgorithmException, SignatureException, IOException, InvalidKeyException {
+// //构造验签名串
+// String signatureStr = timestamp + "\n" + nonce + "\n" + com.alibaba.fastjson.JSONObject.toJSONString(requestBody) + "\n";
+// // 加载SHA256withRSA签名器
+// Signature signer = Signature.getInstance("SHA256withRSA");
+// // 用微信平台公钥对签名器进行初始化(调上一节中的获取平台证书方法)
+// signer.initVerify(getCertificates());
+// // 把我们构造的验签名串更新到签名器中
+// signer.update(signatureStr.getBytes(StandardCharsets.UTF_8));
+// // 把请求头中微信服务器返回的签名用Base64解码 并使用签名器进行验证
+// boolean result = signer.verify(Base64Utils.decodeFromString(signature));
+// return result;
+// }
+
+
/**
- * V3 SHA256withRSA 签名.
+ * 获取平台证书
+ */
+// public static X509Certificate getCertificates() throws IOException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
+// SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
+// CloseableHttpClient httpClient = CommonUtils.httpClient();
+// //请求URL
+// HttpGet httpGet = new HttpGet("https://api.mch.weixin.qq.com/v3/certificates");
+// httpGet.setHeader("Accept", "application/json");
+// //生成签名
+// httpGet.setHeader("Authorization ", SignUtils.getSign("GET", HttpUrl.parse("https://api.mch.weixin.qq.com/v3/certificates"), ""));
+// httpGet.setHeader("User-Agent", "https://zh.wikipedia.org/wiki/User_agent");
+// //完成签名并执行请求
+// CloseableHttpResponse response = httpClient.execute(httpGet);
+// X509Certificate x509Certificate = null;
+// try {
+// int statusCode = response.getStatusLine().getStatusCode();
+// if (statusCode == 200) { //处理成功
+//// System.out.println("success,return body = " + EntityUtils.toString(response.getEntity()));
+// CertificateVo certificateVo = JSONObject.parseObject(EntityUtils.toString(response.getEntity()), CertificateVo.class);
+// for (Certificates certificates : certificateVo.getData()) {
+// if (format.parse(certificates.getEffective_time()).before(new Date()) && format.parse(certificates.getExpire_time()).after(new Date())) {
+// EncryptCertificate encrypt_certificate = certificates.getEncrypt_certificate();
+// //解密
+// AesUtil aesUtil = new AesUtil(CommonParameters.apiV3Key.getBytes("utf-8"));
+// String pulicKey = aesUtil.decryptToString(encrypt_certificate.getAssociated_data().getBytes("utf-8"), encrypt_certificate.getNonce().getBytes("utf-8"), encrypt_certificate.getCiphertext());
+//
+// //获取平台证书
+// final CertificateFactory cf = CertificateFactory.getInstance("X509");
+//
+// ByteArrayInputStream inputStream = new ByteArrayInputStream(pulicKey.getBytes(StandardCharsets.UTF_8));
+//
+// x509Certificate = (X509Certificate) cf.generateCertificate(inputStream);
+// }
+// }
+// return x509Certificate;
+// } else if (statusCode == 204) { //处理成功,无返回Body
+// System.out.println("success");
+// return x509Certificate;
+// } else {
+// System.out.println("failed,resp code = " + statusCode + ",return body = " + EntityUtils.toString(response.getEntity()));
+// return x509Certificate;
+// }
+// } catch (GeneralSecurityException | ParseException e) {
+// e.printStackTrace();
+// return null;
+// } finally {
+// response.close();
+// CommonUtils.after(httpClient);
+// }
+// }
+
+ /**
+ * 功能描述: 验证签名
+ * 注意:使用微信支付平台公钥验签
+ * Wechatpay-Signature 微信返签名
+ * Wechatpay-Serial 微信平台证书序列号
*
- * @param method 请求方法 GET POST PUT DELETE 等
- * @param canonicalUrl 例如 https://api.mch.weixin.qq.com/v3/pay/transactions/app?version=1 ——> /v3/pay/transactions/app?version=1
- * @param timestamp 当前时间戳 因为要配置到TOKEN 中所以 签名中的要跟TOKEN 保持一致
- * @param nonceStr 随机字符串 要和TOKEN中的保持一致
- * @param body 请求体 GET 为 "" POST 为JSON
- * @param keyPair 商户API 证书解析的密钥对 实际使用的是其中的私钥
- * @return the string
+ * @return java.lang.String
+ * @author 影子
*/
@SneakyThrows
- public String sign(String method, String canonicalUrl, long timestamp, String nonceStr, String body, KeyPair keyPair) {
- String signatureStr = Stream.of(method, canonicalUrl, String.valueOf(timestamp), nonceStr, body)
- .collect(Collectors.joining("\n", "", "\n"));
- Signature sign = Signature.getInstance("SHA256withRSA");
- sign.initSign(keyPair.getPrivate());
- sign.update(signatureStr.getBytes(StandardCharsets.UTF_8));
- return Base64Utils.encodeToString(sign.sign());
+ public boolean verifySign(HttpServletRequest request,String body) {
+ boolean verify = false;
+ try {
+ String wechatPaySignature = request.getHeader("Wechatpay-Signature");
+ String wechatPayTimestamp = request.getHeader("Wechatpay-Timestamp");
+ String wechatPayNonce = request.getHeader("Wechatpay-Nonce");
+ String wechatPaySerial = request.getHeader("Wechatpay-Serial");
+ //组装签名串
+ String signStr = Stream.of(wechatPayTimestamp, wechatPayNonce, body)
+ .collect(Collectors.joining("\n", "", "\n"));
+ //获取平台证书
+ AutoUpdateCertificatesVerifier verifier = getVerifier(wechatPaySerial);
+ //获取失败 验证失败
+ if (verifier != null) {
+ Signature signature = Signature.getInstance("SHA256withRSA");
+ signature.initVerify(verifier.getValidCertificate());
+ //放入签名串
+ signature.update(signStr.getBytes(StandardCharsets.UTF_8));
+ verify = signature.verify(Base64.getDecoder().decode(wechatPaySignature.getBytes()));
+ }
+ } catch (InvalidKeyException e) {
+ e.printStackTrace();
+ } catch (NoSuchAlgorithmException e) {
+ e.printStackTrace();
+ }
+ return verify;
}
+
+ /**
+ * 保存微信平台证书
+ */
+ private static final ConcurrentHashMap<String, AutoUpdateCertificatesVerifier> verifierMap = new ConcurrentHashMap<>();
+
+ /**
+ * 功能描述:获取平台证书,自动更新
+ * 注意:这个方法内置了平台证书的获取和返回值解密
+ */
+ public AutoUpdateCertificatesVerifier getVerifier(String mchSerialNo) {
+ AutoUpdateCertificatesVerifier verifier = null;
+ if (verifierMap.isEmpty() || !verifierMap.containsKey(mchSerialNo)) {
+ verifierMap.clear();
+ try {
+ //传入证书
+ PrivateKey privateKey = getPrivateKeyV3();
+ //刷新
+ PrivateKeySigner signer = new PrivateKeySigner(mchSerialNo, privateKey);
+ WechatPay2Credentials credentials = new WechatPay2Credentials(xcxProperties.getWecharpayMchid(), signer);
+ verifier = new AutoUpdateCertificatesVerifier(credentials
+ , xcxProperties.getWecharpaySecretV3().getBytes("utf-8"));
+ verifierMap.put(verifier.getValidCertificate().getSerialNumber()+"", verifier);
+
+// AutoUpdateCertificatesVerifier verifierNew = new AutoUpdateCertificatesVerifier(
+// new WechatPay2Credentials(
+// xcxProperties.getWecharpayMchid(),
+// new PrivateKeySigner(
+// mchSerialNo,
+// privateKey)),
+// xcxProperties.getWecharpaySecretV3().getBytes("utf-8"));
+// new WechatPay2Validator(verifierNew).;
+ } catch (UnsupportedEncodingException e) {
+ e.printStackTrace();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ } else {
+ verifier = verifierMap.get(mchSerialNo);
+ }
+ return verifier;
+ }
+
/**
* 获取公私钥.通过证书
@@ -70,7 +454,8 @@
private KeyStore store;
private final Object lock = new Object();
public KeyPair createPKCS12(String keyAlias, String keyPass) {
- ClassPathResource resource = new ClassPathResource(xcxProperties.getCertLocalPath());
+// ClassPathResource resource = new ClassPathResource(xcxProperties.getCertLocalPath());
+ ClassPathResource resource = new ClassPathResource("wxP12/apiclient_cert.p12");
// File file = new File("src/main/resources/wxP12/apiclient_cert.p12");
char[] pem = keyPass.toCharArray();
try {
@@ -98,11 +483,13 @@
}
public static void main(String[] args) {
+ byte[] bytes = new byte[0];
try {
- System.out.println(new ClassPathResource("wxP12/apiclient_cert.p12").getFile().exists());
- } catch (IOException e) {
+ bytes = "DVREEVEREBERykpbgqcfsdsfggsdg".getBytes("utf-8");
+ } catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
+ System.out.println(bytes.length);
}
}
--
Gitblit v1.9.1