java微信公众号JSAPI支付以及所遇到的坑
上周做了个支付宝微信扫码支付,今天总结一下。微信相比支付宝要麻烦许多
由于涉及到代理商,没办法,让我写个详细的申请流程,懵逼啊。
笔记地址 http://note.youdao.com/noteshare?id=269ddffb1f95e69eafb281d054f9ff25&sub=82AACBC2E6814133938D407BD3FF4737
先梳理下流程,对应的文档
微信统一下单 H5页面调起微信支付 官方javademo
要实现微信支付需要四个参数(需要企业认证,就不说了)
商户平台 商户号ID,也就是商户号。 KEY,也就是API秘钥。 公众平台 AppID AppSecret
梳理完之后,开始操作吧
第一步:参数准备和环境配置
上面的四大参数只有商户key相对比较麻烦
商户平台
公众平台
四大参数准备齐以及环境配置好开始第二步了。
第二步:开发流程
参考开发流程
必须的参数有
appid APPID (已有) mch_id 商户ID (已有) nonce_str 随机字符串 sign 签名 body 所支付的名称 out_trade_no 咱们自己所提供的订单号,需要唯一 total_fee 支付金额spbill_create_ip IP地址 notify_url 回调地址 trade_type 支付类型 openid 支付人的微信公众号对应的唯一标识
官方就是官方,看着就是费劲,大白话听着多爽
陈海洋:
需要codeid,文档地址 https://qydev.weixin.qq.com/wiki/index.php?title=OAuth%E9%AA%8C%E8%AF%81%E6%8E%A5%E5%8F%A3 。 根据codeid来获取openid 根据openid来获取prepare_id 进行下单操作。js调起微信支付
操作1,用户授权获取code
https://open.weixin.qq.com/connect/oauth2/authorize?appid=APPID&redirect_uri=REDIRECT_URI&response_type=code&scope=SCOPE&state=STATE#wechat_redirect
注意点 redirect_url需要经过encodeURI编码。
可以使用 js内置的函数encodeURIComponent('http://www.baidu.com')来进行编码操作
我第一反应在想,为什么需要进行url编码,因为这个redirect_uri是作为参数来传递的。
之后就会重定向到你设置的url上面,并且携带code参数,我的后台是这么接收的
ok,code获取完毕
操作2,get请求接口对返回的string进行json解析获取到openid
操作3,post请求发送xml数据返回xml数据,通过官方下载的工具类实现xml转map获取预支付id
操作4,封装jsapi需要的
在微信浏览器里面打开H5网页中执行JS调起支付。接口输入输出数据格式为JSON。
ok,到此结束,微信支付成功调起。
需要注意的地方。
微信回调到时候会携带xml数据,这个时候并不能用参数接收,而应该是使用流来接收。
贴出完整代码,记录下
后台java代码
/** * */ package com.wxpay.config; import java.io.IOException; import java.io.InputStream; import java.math.BigDecimal; import java.net.URI; import java.nio.charset.Charset; import java.util.Date; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.time.DateFormatUtils; import org.junit.Test; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.converter.StringHttpMessageConverter; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.ui.ModelMap; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.client.RestTemplate; import com.alibaba.fastjson.JSONObject; import com.alipay.api.AlipayApiException; import com.alipay.api.AlipayClient; import com.alipay.api.DefaultAlipayClient; import com.alipay.api.internal.util.AlipaySignature; import com.alipay.api.request.AlipayTradeWapPayRequest; import com.alipay.api.response.AlipayTradeWapPayResponse; import com.alipay.config.AlipayConfig; import com.jeecms.cms.entity.main.CmsSite; import com.jeecms.cms.ext.aworder.entiry.CmsAWOrder; import com.jeecms.cms.ext.aworder.service.CmsAWOrderService; import com.jeecms.cms.ext.crm.entity.CmsCrm; import com.jeecms.cms.ext.crm.service.CmsCrmMng; import com.jeecms.cms.web.CmsUtils; import com.jeecms.cms.web.FrontUtils; import com.wxpay.util.WXPayUtil; /** * @author chy * * 2019年1月15日-下午7:35:06 */ @Controller @RequestMapping("wxpay") public class WxPayController {// 公众号id final static String APPID = "***ed9716263ff78b6"; // 公众号秘钥 final static String SECRET = "***2226ea83d7ef6eb799bd8b631ace0"; // 商户号 final static String MATCH_ID = "***0674102"; //商户号(财务) // 商户key final static String PATERNER_KEY = "***W3E4R5T6Y7U8I9O0P1Q2W3E4R5T6Y";//商户key(财务) // 微信通知的URL final static String W_NOTIFY_URL = "www.xinghengedu.com/notifyUrl.htm"; // 支付宝return的URL final static String A_RETURN_URL = "www.xinghengedu.com/res/success.html"; // 支付宝通知的URL final static String A_NOTIFY_URL = "www.xinghengedu.com/anotifyUrl.htm"; // 获取openID的URL(微信) final static String GETOPENID_URL = "https://api.weixin.qq.com/sns/oauth2/access_token"; // 获取预付款ID的URL(微信) final static String UNIFIEDORDER_URL = "https://api.mch.weixin.qq.com/pay/unifiedorder"; final static String DESC = "星恒订单描述"; final static String ZFB = "支付宝"; final static String WX = "微信"; @Autowired private CmsAWOrderService orderService; @Autowired private CmsCrmMng cmsCrmService; /** * 微信 * @author chy * 2019年1月17日-下午2:14:31 * @param code 微信必须的code码,需要用code码换取openid,之后需要openid来换取prepay_id。 * @param totalFee 商品价格 * @param username 代理商用户名 * @return * @throws Exception */ @RequestMapping("order.htm") public String order(HttpServletRequest request,String code,String totalFee,String cmsId ,ModelMap retMap) throws Exception{ System.out.println("***WxPayController.order()"); //先校验金额,由于是double类型,校验相对复杂,涉及到小数点。 String[] split = StringUtils.split(cmsId,","); Double verify = 0d; for (String string : split) { CmsCrm crm = cmsCrmService.findById(Integer.parseInt(string)); verify += crm.getYifu(); } // 判断需要都转化为分来进行判断 if((int)(verify*100) != (int)(Double.parseDouble(totalFee)*100)){ retMap.addAttribute("chymsg", "金额错误"); return "/res/wxpay/codeDemo.html"; } String orderNo = getOrderNo("W");// 生成订单id String getOpenIdparam= "appid="+APPID+"&secret="+SECRET+"&code="+code+"&grant_type=authorization_code"; String getOpenIdUrl = GETOPENID_URL+"?"+getOpenIdparam; System.out.println("***getOpenId:"+getOpenIdUrl); RestTemplate rest = new RestTemplate(); rest.getMessageConverters().add(0, new StringHttpMessageConverter(Charset.forName("UTF-8"))); try { String resString = rest.getForObject(new URI(getOpenIdUrl), String.class); JSONObject opidJsonObject = JSONObject.parseObject(resString); System.out.println("***opidJsonObject:"+opidJsonObject); String openid = opidJsonObject.get("openid").toString();//获取到了openid Map<String, String> paramMap = new HashMap<String, String>(); paramMap.put("appid", APPID); //公众账号ID paramMap.put("mch_id", MATCH_ID); //商户号 paramMap.put("nonce_str", WXPayUtil.generateNonceStr()); //随机字符串 paramMap.put("body", DESC); //商品描述 paramMap.put("out_trade_no", orderNo); //商户订单号 paramMap.put("total_fee", (int)(Double.parseDouble(totalFee)*100) +""); //标价金额 paramMap.put("spbill_create_ip", getIpAddress(request));//终端IP paramMap.put("notify_url", W_NOTIFY_URL); //通知地址 paramMap.put("trade_type", "JSAPI"); //交易类型 paramMap.put("openid", openid); String sign = WXPayUtil.generateSignature(paramMap, PATERNER_KEY); paramMap.put("sign", sign); String mapToXml = WXPayUtil.mapToXml(paramMap); String postForObject = rest.postForObject(new URI(UNIFIEDORDER_URL), mapToXml, String.class); System.out.println("***postForObject:"+postForObject); String prepayId = "";//预支付id if (postForObject.indexOf("SUCCESS") != -1) { Map<String, String> map = WXPayUtil.xmlToMap(postForObject); prepayId = (String) map.get("prepay_id"); } Map<String, String> payMap = new HashMap<String, String>(); payMap.put("appId", APPID); payMap.put("timeStamp", WXPayUtil.getCurrentTimestamp()+""); payMap.put("nonceStr", WXPayUtil.generateNonceStr()); payMap.put("signType", "MD5"); payMap.put("package", "prepay_id=" + prepayId); String paySign = WXPayUtil.generateSignature(payMap, PATERNER_KEY); payMap.put("paySign", paySign); payMap.put("pack", "prepay_id=" + prepayId); retMap.addAttribute("data", payMap); //进行微信生成订单操作 // 对中间表插入数据,如果传入多个crmid,那就是多对一。否则就是一对一,多对多目前没有这种情况。 for (String string : split) { CmsCrm crm = cmsCrmService.findById(Integer.parseInt(string)); orderService.insertCmsIdAndOrderId(crm.getId(),orderNo); System.out.println("中间表数据插入完毕。"); } // 对订单表插入数据 CmsAWOrder order = new CmsAWOrder(); order.setOrderNo(orderNo); order.setRelateId(cmsId); order.setPrice(Double.parseDouble(totalFee)); order.setTotal(Double.parseDouble(totalFee)); // 由于传过来的是分,需要转化为元 order.setStatus(1); order.setProduct(DESC); order.setCreateTime(new Date()); order.setSource(WX); orderService.save(order); System.out.println("***微信创建订单成功"); } catch (Exception e) { retMap.put("code", "500"); retMap.put("msg", e.getStackTrace()); e.printStackTrace(); } return "/res/wxpay/codeDemo.html"; } /** * 支付宝,测试可以使用支付宝做测试,毕竟比较简单。 * @author chy * 2019年1月17日-下午2:14:15 * @param totalFee 商品价格 * @param username 代理商用户名 * @return * @throws AlipayApiException */ @RequestMapping("aorder.htm") public String order(HttpServletRequest request,HttpServletResponse httpResponse,Model model,String totalFee,String cmsId) throws AlipayApiException{ CmsSite site = CmsUtils.getSite(request); System.out.println("---WxPayController.order()"); String[] split = StringUtils.split(cmsId,","); Double verify = 0d; for (String string : split) { CmsCrm crm = cmsCrmService.findById(Integer.parseInt(string)); verify += crm.getYifu(); } // 判断需要都转化为分来进行判断 if((int)(verify*100) != (int)(Double.parseDouble(totalFee)*100)){ model.addAttribute("chymsg", "金额错误"); return FrontUtils.getTplPath(request, site.getSolutionPath(), "common", "tpl.alipayapi"); } System.out.println("***zfbtotalFee:"+totalFee); AlipayClient alipayClient = new DefaultAlipayClient(AlipayConfig.gatewayUrl, AlipayConfig.app_id,AlipayConfig.merchant_private_key, "json", "UTF-8", AlipayConfig.alipay_public_key,AlipayConfig.sign_type); AlipayTradeWapPayRequest alipayRequest = new AlipayTradeWapPayRequest();//创建API对应的request alipayRequest.setReturnUrl(A_RETURN_URL); alipayRequest.setNotifyUrl(A_NOTIFY_URL); String out_trade_no = getOrderNo("A"); alipayRequest.setBizContent("{" + "\"out_trade_no\":\""+out_trade_no+"\"," + "\"total_amount\":"+totalFee+"," + "\"product_code\":\"QUICK_WAP_WAY\","+ "\"hb_fq_num\":\"3\","+ "\"hb_fq_seller_percent\":\"0\","+ "\"subject\":\""+DESC+"\"" + "}"); AlipayTradeWapPayResponse response = alipayClient.pageExecute(alipayRequest); model.addAttribute("results", response.getBody()); System.out.println("results"+response.getBody()); //进行支付宝生成订单操作 // 对中间表插入数据,如果传入多个crmid,那就是多对一。否则就是一对一,多对多目前没有这种情况。 for (String string : split) { CmsCrm crm = cmsCrmService.findById(Integer.parseInt(string)); orderService.insertCmsIdAndOrderId(crm.getId(),out_trade_no); System.out.println("中间表数据插入完毕。"); } // 对订单表插入数据 CmsAWOrder order = new CmsAWOrder(); order.setOrderNo(out_trade_no); order.setRelateId(cmsId); order.setPrice(Double.parseDouble(totalFee)); order.setTotal(Double.parseDouble(totalFee)); // 由于传过来的是分,需要转化为元 order.setStatus(1); order.setProduct(DESC); order.setCreateTime(new Date()); order.setSource(ZFB); orderService.save(order); System.out.println("***支付宝创建订单成功"); return FrontUtils.getTplPath(request, site.getSolutionPath(), "common", "tpl.alipayapi"); } // 业务操作 public void operation(String oderNo,String zfType){ CmsAWOrder order = orderService.findByProperty("orderNo", oderNo); // 由于会重复通知(自己没有处理好),所以直接判断订单状态如果修改的话不进行操作。 if(!new Integer(2).equals(order.getStatus())){ order.setStatus(2);//设置为支付成功 order.setPayTime(new Date()); List<Integer> cmsId = orderService.findMiddleByOrderId(oderNo); System.out.println(cmsId); for (Integer string : cmsId) { CmsCrm cmsCrm = cmsCrmService.findById(string); System.out.println("ali_cmsId:"+string); System.out.println("cmsCrm:"+cmsCrm); if("尾款".equals(cmsCrm.getPayMessage()) || cmsCrm.getYingfu().equals(cmsCrm.getYifu())){ cmsCrm.setPaystatus("全部到帐"); if(isNumber(cmsCrm.getAddress())){ CmsCrm cmsCrm2 = cmsCrmService.findById(Integer.parseInt(cmsCrm.getAddress())); cmsCrm2.setPaystatus("全部到帐"); cmsCrm2.setCwjingbanren("自动对账_"+zfType); cmsCrm2.setDuizhangtime(new Date()); cmsCrmService.save(cmsCrm2); } // }else if(cmsCrm.getYingfu().equals(cmsCrm.getYifu())){ // cmsCrm.setPaystatus("全部到帐"); }else{ cmsCrm.setPaystatus("预付款已到帐"); } cmsCrm.setCwjingbanren("自动对账_"+zfType); cmsCrm.setDuizhangtime(new Date()); cmsCrmService.save(cmsCrm);//开课 cmsCrmService.kaike(cmsCrm);//保存 } orderService.update(order); System.out.println(zfType+"支付通知结束"); } } /** * 微信异步回调通知 * @param request * @param response * @return */ @ResponseBody @RequestMapping("notifyUrl.htm") public Map<String, Object> notifyUrl(HttpServletRequest request,HttpServletResponse response){ System.out.println("**WxPayController.notifyUrl()"); Map<String, Object> retMap = new HashMap<String, Object>(); retMap.put("code", 200); InputStream is = null; try { is = request.getInputStream();//获取请求的流信息(这里是微信发的xml格式所有只能使用流来读) String xml = WXPayUtil.inputStream2String(is, "UTF-8"); System.out.println("***xml:"+xml); Map<String, String> notifyMap = WXPayUtil.xmlToMap(xml);//将微信发的xml转map System.out.println("***notifyMap:"+notifyMap); if(notifyMap.get("return_code").equals("SUCCESS")){ if(notifyMap.get("result_code").equals("SUCCESS")){ String ordersSn = notifyMap.get("out_trade_no");//商户订单号 String amountpaid = notifyMap.get("total_fee");//实际支付的订单金额:单位 分 BigDecimal amountPay = (new BigDecimal(amountpaid).divide(new BigDecimal("100"))).setScale(2);//将分转换成元-实际支付金额:元 System.out.println("***notifyUrl.htm data:"+ordersSn+"---"+amountPay); // 进行业务逻辑操作 operation(ordersSn, WX); } } //告诉微信服务器收到信息了,不要在调用回调action了========这里很重要回复微信服务器信息用流发送一个xml即可 response.getWriter().write("<xml><return_code><![CDATA[SUCCESS]]></return_code></xml>"); is.close(); } catch (Exception e) { e.printStackTrace(); } return retMap; } @ResponseBody @RequestMapping("anotifyUrl.htm") public Map<String, Object> anotifyUrl(HttpServletRequest request){ System.out.println("***WxPayController.anotifyUrl()"); Map<String, Object> retMap = new HashMap<String, Object>(); retMap.put("code", 200); //进行验证操作 Map<String, String> params = new HashMap<String, String>(); Map requestParams = request.getParameterMap(); System.out.println("***requestParams:"+requestParams); for (Iterator iter = requestParams.keySet().iterator(); iter.hasNext();) { String name = (String) iter.next(); System.out.println("___________name:"+name); String[] values = (String[]) requestParams.get(name); String valueStr = ""; for (int i = 0; i < values.length; i++) valueStr = (i == values.length - 1) ? valueStr + values[i] : valueStr + values[i] + ","; params.put(name, valueStr); } String trade_status = request.getParameter("trade_status"); boolean signVerified; try { signVerified = AlipaySignature.rsaCheckV1(params, AlipayConfig.alipay_public_key, AlipayConfig.charset, AlipayConfig.sign_type); if(signVerified){//验证成功 System.out.println("***支付宝验证成功"); if (trade_status.equals("TRADE_FINISHED") || trade_status.equals("TRADE_SUCCESS")) { System.out.println("***判断成功"); // 进行业务逻辑操作 String out_trade_no = request.getParameter("out_trade_no"); operation(out_trade_no, ZFB); } } else { System.out.println("***验证错误"); } } catch (AlipayApiException e) { e.printStackTrace(); } return retMap; } // 获取订单id 规则:当前日期_uuid(17位,总共32位) 支付宝64位。 public static String getOrderNo(String type){ return DateFormatUtils.format(new Date(), "yyyyMMddHHmmss")+"_"+type+"_"+WXPayUtil.generateNonceStr().substring(0, 15); } // 获取请求主机IP地址,如果通过代理进来,则透过防火墙获取真实IP地址 public final static String getIpAddress(HttpServletRequest request) throws IOException { String ip = request.getHeader("X-Forwarded-For"); if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("WL-Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("HTTP_CLIENT_IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("HTTP_X_FORWARDED_FOR"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getRemoteAddr(); } } else if (ip.length() > 15) { String[] ips = ip.split(","); for (int index = 0; index < ips.length; index++) { String strIp = (String) ips[index]; if (!("unknown".equalsIgnoreCase(strIp))) { ip = strIp; break; } } } return ip; } public boolean isNumber(String string){ String str = String.valueOf(string); String regex = "^[1-9]\\d*$"; return str.matches(regex); } }
前端html代码(两个页面,集成了支付宝支付,微信怕因为code失效问题,解决方式重新添加了一个html)
cmsDemo.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"> <title>支付</title> <link rel="stylesheet" href="https://cdn.bootcss.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous"> <style> body{background-color:#efeff4;} .main{padding:15px;height:100vh;} .mobile-box{padding:30px;background-color:#fff;} .mobile-top h2{font-size:18px;color:#000;} .mobile-content h3 img{margin-right:5px;} .mobile-content h3{font-size:14px;color:#b******2;} .input-num{border-bottom: 1px solid #dcdcdc;margin-bottom: 5vh;padding-top: 5vh;} .input-num .tit{font-size:16px;color:#999;} .input-num .pay{position:relative;line-height: 50px;margin:10px 0;} .input-num .pay input{padding-left: 30px;line-height: 50px;border:none;outline:none;} .input-num .pay span.jinbi{font-weight:bold;color:#000;font-size:24px;position: absolute;left: 0;top: 0;} .pay-click a.nopay{cursor: pointer;background-color: #a3dea3;color: #fff;width: 100%;display: block;border-radius: 5px;line-height: 50px;font-size: 20px;} .pay-click a.pay{background-color:#1aac19;} input[type=number] {-moz-appearance:textfield;} input[type=number]::-webkit-inner-spin-button, input[type=number]::-webkit-outer-spin-button {-webkit-appearance: none; margin: 0;} @media(min-width:720px){ .mobile-box{width:720px;margin:0 auto;} } </style> </head> <body> <div class="main"> <div class="mobile-box"> <div class="mobile-top "> <div class="back"> <i class="fa fa-angle-left fa-2x"></i> </div> <h2 class="top-center color21">北京星恒教育科技有限公司</h2> <div class="back"></div> </div> <div class="mobile-content"> <h3 class="color21 font"> <img src="http://img1.52mamahome.com/hotel/homes.png" class="mr10" alt="">北京星恒教育科技有限公司</h3> <div class="input-num"> <div class="tit">金额</div> <div class="pay"> <span class="jinbi">¥</span> <input type="number" class="w-100" id="totalFee" readonly="readonly"> </div> </div> <p class="text-center pay pay-click" id="goPay" onclick="pay()