package cc.mrbird.febs.pay.service.impl; import cc.mrbird.febs.common.properties.XcxProperties; import cc.mrbird.febs.common.utils.AppContants; import cc.mrbird.febs.common.utils.SpringContextHolder; import cc.mrbird.febs.mall.entity.MallOrderInfo; import cc.mrbird.febs.mall.mapper.MallOrderInfoMapper; import cc.mrbird.febs.pay.model.FPCertificateVo; import cc.mrbird.febs.pay.model.FPCertificates; import cc.mrbird.febs.pay.model.FPEncryptCertificate; import cc.mrbird.febs.pay.model.HeaderDto; import cc.mrbird.febs.pay.service.WxFaPiaoService; import cc.mrbird.febs.pay.util.RandomStringGenerator; import cn.hutool.core.util.ObjectUtil; import cn.hutool.json.JSONObject; import cn.hutool.json.JSONUtil; import com.aliyun.oss.internal.SignUtils; import com.wechat.pay.contrib.apache.httpclient.auth.AutoUpdateCertificatesVerifier; import com.wechat.pay.contrib.apache.httpclient.auth.PrivateKeySigner; import com.wechat.pay.contrib.apache.httpclient.auth.WechatPay2Credentials; import com.wechat.pay.contrib.apache.httpclient.auth.WechatPay2Validator; import com.wechat.pay.contrib.apache.httpclient.notification.Notification; import com.wechat.pay.contrib.apache.httpclient.notification.NotificationHandler; import com.wechat.pay.contrib.apache.httpclient.notification.NotificationRequest; import com.wechat.pay.contrib.apache.httpclient.util.AesUtil; import com.wechat.pay.java.core.notification.Resource; import io.undertow.util.Certificates; import lombok.RequiredArgsConstructor; import lombok.SneakyThrows; import lombok.extern.slf4j.Slf4j; import okhttp3.HttpUrl; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpPatch; import org.apache.http.client.methods.HttpPost; import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.util.EntityUtils; import org.springframework.core.io.ClassPathResource; import org.springframework.stereotype.Service; import org.springframework.util.Base64Utils; import org.springframework.web.bind.annotation.RequestBody; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.*; import java.nio.charset.StandardCharsets; import java.security.*; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Base64; import java.util.Date; import java.util.HashMap; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; import java.util.stream.Collectors; import java.util.stream.Stream; @Slf4j @Service @RequiredArgsConstructor public class WxFaPiaoServiceImpl implements WxFaPiaoService { private final MallOrderInfoMapper mallOrderInfoMapper; private final XcxProperties xcxProperties = SpringContextHolder.getBean(XcxProperties.class); @Override public String createAuthorization(String method, String canonicalUrl, String body, PrivateKey keyPair) throws UnsupportedEncodingException, NoSuchAlgorithmException { String nonceStr = RandomStringGenerator.getRandomStringByLength(32);//随机字符串 long timestamp = System.currentTimeMillis() / 1000;//时间戳 HttpUrl httpurl = HttpUrl.parse(canonicalUrl); String message = buildMessage(method, httpurl, timestamp, nonceStr, body); log.info("签名串:\n"+message); log.info("签名串长度:\n"+getWordCount(message)); String signature = sign2(message.getBytes("utf-8"), keyPair); log.info("签名串sign:\n"+signature); log.info("签名串长度sign:\n"+getWordCount(signature)); // String yourCertificateSerialNo = "221D49AEC4EA538A63941D1936709C8559EB05C5"; return "mchid=\"" + xcxProperties.getWecharpayMchid() + "\"," + "nonce_str=\"" + nonceStr + "\"," + "timestamp=\"" + timestamp + "\"," + "serial_no=\"" + AppContants.WX_CARD_NUM + "\"," + "signature=\"" + signature + "\""; } public int getWordCount(String s) { int length = 0 ; for ( int i = 0 ; i < s.length(); i ++ ) { int ascii = Character.codePointAt(s, i); if (ascii >= 0 && ascii <= 255 ) length ++ ; else length += 2 ; } return length; } public String sign2(byte[] message,PrivateKey keyPair) throws NoSuchAlgorithmException { Signature sign = Signature.getInstance("SHA256withRSA"); String s = null; try { sign.initSign(keyPair); sign.update(message); s = Base64.getEncoder().encodeToString(sign.sign()); } catch (InvalidKeyException e) { e.printStackTrace(); } catch (SignatureException e) { e.printStackTrace(); } return s; } public String buildMessage(String method, HttpUrl url, long timestamp, String nonceStr, String body) { String canonicalUrl = url.encodedPath(); if (url.encodedQuery() != null) { canonicalUrl += "?" + url.encodedQuery(); } return method + "\n" + canonicalUrl + "\n" + timestamp + "\n" + nonceStr + "\n" + body + "\n"; } @Override public PrivateKey getPrivateKeyV3() throws IOException { InputStream inputStream = new ClassPathResource("wxP12/apiclient_key.pem") .getInputStream(); String content = new BufferedReader(new InputStreamReader(inputStream)) .lines().collect(Collectors.joining(System.lineSeparator())); try { String privateKey = content.replace("-----BEGIN PRIVATE KEY-----", "") .replace("-----END PRIVATE KEY-----", "") .replaceAll("\\s+", ""); KeyFactory kf = KeyFactory.getInstance("RSA"); return kf.generatePrivate( new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKey))); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("当前Java环境不支持RSA", e); } catch (InvalidKeySpecException e) { throw new RuntimeException("无效的密钥格式"); } } @Override public String sendPatch(String url, String params, String token) { String result = ""; CloseableHttpClient httpClient = HttpClients.createDefault(); HttpPatch httpPatch = new HttpPatch(url); CloseableHttpResponse response = null; httpPatch.setHeader("Content-type", "application/json"); httpPatch.setHeader("Charset", "utf-8"); httpPatch.setHeader("Accept", "application/json"); httpPatch.setHeader("Accept-Charset", "utf-8"); httpPatch.setHeader("Authorization", token); try { StringEntity data = new StringEntity(params, "utf-8"); httpPatch.setEntity(data); response = httpClient.execute(httpPatch); HttpEntity entity = response.getEntity(); result = EntityUtils.toString(entity); } catch (Exception e) { result = "{\"status\":\"1\",\"error\":\"" + e.getMessage() + "\"}"; }finally { try { httpClient.close(); if (response != null) { response.close(); } } catch (IOException var22) { var22.printStackTrace(); } } return result; } @Override public String sendPost(String url, String params, String token) { String result = ""; int err = 0; while (true) { CloseableHttpClient client = HttpClients.createDefault(); HttpPost httpPost = new HttpPost(url); CloseableHttpResponse response = null; try { httpPost.addHeader("Content-type", "application/json"); httpPost.addHeader("Charset", "utf-8"); httpPost.addHeader("Accept", "application/json"); httpPost.addHeader("Accept-Charset", "utf-8"); httpPost.addHeader("Authorization", token); StringEntity data = new StringEntity(params, "utf-8"); httpPost.setEntity(data); response = client.execute(httpPost); HttpEntity resEntity = response.getEntity(); result = EntityUtils.toString(resEntity); return result; } catch (IOException e) { result = "{\"status\":\"1\",\"errors\":\"" + e.getMessage() + "\"}"; if (err++ > 2) { break; } try { Thread.sleep((err + 2) * 1000); } catch (InterruptedException e1) { result = "{\"status\":\"1\",\"errors\":\"" + e1.getMessage() + "\"}"; } }finally { try { client.close(); if (response != null) { response.close(); } } catch (IOException var22) { var22.printStackTrace(); } } } return result; } @Override public Map fapiaoCallBack(HttpServletRequest request, @RequestBody Map requestBody) throws IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, ParseException { Map map = new HashMap<>(); String signature = request.getHeader("Wechatpay-Signature"); String timestamp = request.getHeader("Wechatpay-Timestamp"); String nonce = request.getHeader("Wechatpay-Nonce"); //平台证书序列号不是API证书序列号 String serial = request.getHeader("Wechatpay-Serial"); String body = com.alibaba.fastjson.JSONObject.toJSONString(requestBody); log.info("头信息---签名:" + signature); log.info("头信息---时间戳:" + timestamp); log.info("头信息---随机字符:" + nonce); log.info("头信息---平台证书序列号:" + serial); log.info("获取到的body信息:" + body); //验签 boolean signCheck = signCheck(timestamp, nonce, requestBody, signature); log.info("验签结果:" + signCheck); if (signCheck) { try { //解析请求体 // Resource resource = com.alibaba.fastjson.JSONObject.parseObject(com.alibaba.fastjson.JSONObject.toJSONString(requestBody.get("resource")), Resource.class); Notification notification = com.alibaba.fastjson.JSONObject.parseObject(String.valueOf(body),Notification.class); log.info("微信电子发票回调接口....解析请求体:"+notification.toString()); String decryptData = notification.getDecryptData();//可能是支付业务的回调数据 log.info("微信电子发票回调接口....decryptData:"+notification.toString()); Notification.Resource resource = notification.getResource();//电子发票的回调加密数据 log.info("微信电子发票回调接口....resource:"+notification.toString()); if ("FAPIAO.USER_APPLIED".equals(notification.getEventType())//用户发票抬头填写完成类型:FAPIAO.USER_APPLIED && !"encryptresource".equals(notification.getResourceType())) {//通知的资源数据类型,确认成功通知为encryptresource。 //解密 AesUtil aesUtil = new AesUtil(xcxProperties.getWecharpaySecretV3().getBytes("utf-8")); String decryptToString = aesUtil.decryptToString( resource.getAssociatedData().getBytes("utf-8"), resource.getNonce().getBytes("utf-8"), resource.getCiphertext()); log.info("微信电子发票回调接口....resource解密:"+decryptToString); JSONObject parseObj = JSONUtil.parseObj(decryptToString); log.info("微信电子发票回调接口....resource解密-JSONObject:"+parseObj); String mchid = String.valueOf(parseObj.get("mchid")); String fapiao_apply_id = String.valueOf(parseObj.get("fapiao_apply_id")); String apply_time = String.valueOf(parseObj.get("apply_time")); MallOrderInfo mallOrderInfo = mallOrderInfoMapper.selectByOrderNo(fapiao_apply_id); if(ObjectUtil.isNotEmpty(mallOrderInfo)){ //省略查询订单 //此处处理业务 map.put("code","SUCCESS"); map.put("message","成功"); //消息推送成功 return map; } } map.put("code","RESOURCE_NOT_EXISTS"); map.put("message", "订单不存在"); return map; }catch (Exception e) { e.printStackTrace(); } } map.put("code","FAIL"); map.put("message", "失败"); return map; } /** * 验证签名 * * @param timestamp 微信平台传入的时间戳 * @param nonce 微信平台传入的随机字符串 * @param requestBody 微信平台传入的消息体 * @param signature 微信平台传入的签名 * @return * @throws NoSuchAlgorithmException * @throws SignatureException * @throws IOException * @throws InvalidKeyException */ public boolean signCheck(String timestamp, String nonce, Map requestBody, String signature) throws NoSuchAlgorithmException, SignatureException, IOException, InvalidKeyException, ParseException { //构造验签名串 String signatureStr = timestamp + "\n" + nonce + "\n" + com.alibaba.fastjson.JSONObject.toJSONString(requestBody) + "\n"; // 加载SHA256withRSA签名器 Signature signer = Signature.getInstance("SHA256withRSA"); // 用微信平台公钥对签名器进行初始化(调上一节中的获取平台证书方法) signer.initVerify(getCertificates()); // 把我们构造的验签名串更新到签名器中 signer.update(signatureStr.getBytes(StandardCharsets.UTF_8)); // 把请求头中微信服务器返回的签名用Base64解码 并使用签名器进行验证 boolean result = signer.verify(Base64Utils.decodeFromString(signature)); return result; } /** * 获取平台证书 */ public X509Certificate getCertificates() throws IOException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, ParseException { SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss"); CloseableHttpClient httpClient = HttpClients.createDefault(); PrivateKey privateKey = this.getPrivateKeyV3(); String baseUrl = "https://api.mch.weixin.qq.com"; String canonicalUrl = "/v3/certificates"; String postStr = null; try { postStr = this.createAuthorization( "GET", baseUrl+canonicalUrl, "", privateKey ); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } //请求URL HttpGet httpGet = new HttpGet(baseUrl+canonicalUrl); httpGet.setHeader("Accept", "application/json"); //生成签名 httpGet.setHeader("Authorization ", "WECHATPAY2-SHA256-RSA2048"+postStr); httpGet.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"); //完成签名并执行请求 CloseableHttpResponse response = httpClient.execute(httpGet); X509Certificate x509Certificate = null; try { int statusCode = response.getStatusLine().getStatusCode(); if (statusCode == 200) { //处理成功 // System.out.println("success,return body = " + EntityUtils.toString(response.getEntity())); FPCertificateVo certificateVo = com.alibaba.fastjson.JSONObject.parseObject(EntityUtils.toString(response.getEntity()), FPCertificateVo.class); for (FPCertificates certificates : certificateVo.getData()) { if (format.parse(certificates.getEffective_time()).before(new Date()) && format.parse(certificates.getExpire_time()).after(new Date())) { FPEncryptCertificate encrypt_certificate = certificates.getEncrypt_certificate(); //解密 AesUtil aesUtil = new AesUtil(xcxProperties.getWecharpaySecretV3().getBytes("utf-8")); String pulicKey = aesUtil.decryptToString( encrypt_certificate.getAssociated_data().getBytes("utf-8"), encrypt_certificate.getNonce().getBytes("utf-8"), encrypt_certificate.getCiphertext()); //获取平台证书 final CertificateFactory cf = CertificateFactory.getInstance("X509"); ByteArrayInputStream inputStream = new ByteArrayInputStream(pulicKey.getBytes(StandardCharsets.UTF_8)); x509Certificate = (X509Certificate) cf.generateCertificate(inputStream); } } return x509Certificate; } else if (statusCode == 204) { //处理成功,无返回Body System.out.println("success"); return x509Certificate; } else { System.out.println("failed,resp code = " + statusCode + ",return body = " + EntityUtils.toString(response.getEntity())); return x509Certificate; } } catch (GeneralSecurityException | ParseException e) { e.printStackTrace(); return null; } finally { response.close(); httpClient.close(); } } public static void main(String[] args) { byte[] bytes = new byte[0]; try { bytes = "DVREEVEREBERykpbgqcfsdsfggsdg".getBytes("utf-8"); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } System.out.println(bytes.length); } }