微信小程序支付

基础信息

appId
appSecret
mchID
key

notifyUrl
certPath = classpath:cert/apiclient_cert.p12

 

证书说明

欢迎使用微信支付!
附件中的三份文件(证书pkcs12格式、证书pem格式、证书密钥pem格式),为接口中强制要求时需携带的证书文件。
证书属于敏感信息,请妥善保管不要泄露和被他人复制。
不同开发语言下的证书格式不同,以下为说明指引:
证书pkcs12格式(apiclient_cert.p12)
包含了私钥信息的证书文件,为p12(pfx)格式,由微信支付签发给您用来标识和界定您的身份
部分安全性要求较高的API需要使用该证书来确认您的调用身份
windows上可以直接双击导入系统,导入过程中会提示输入证书密码,证书密码默认为您的商户号(如:1900006031)
证书pem格式(apiclient_cert.pem)
从apiclient_cert.p12中导出证书部分的文件,为pem格式,请妥善保管不要泄漏和被他人复制
部分开发语言和环境,不能直接使用p12文件,而需要使用pem,所以为了方便您使用,已为您直接提供
您也可以使用openssl命令来自己导出:openssl pkcs12 -clcerts -nokeys -in apiclient_cert.p12 -out apiclient_cert.pem
证书密钥pem格式(apiclient_key.pem)
从apiclient_cert.p12中导出密钥部分的文件,为pem格式
部分开发语言和环境,不能直接使用p12文件,而需要使用pem,所以为了方便您使用,已为您直接提供
您也可以使用openssl命令来自己导出:openssl pkcs12 -nocerts -in apiclient_cert.p12 -out apiclient_key.pem
备注说明:
由于绝大部分操作系统已内置了微信支付服务器证书的根CA证书, 2018年3月6日后, 不再提供CA证书文件(rootca.pem)下载

统一下单

    @Override
    public Map<String, String> payHandle(
            HttpServletRequest request,
            HttpServletResponse response,
            OrderSale orderSale,
            String paymentDescription,
            String openid
    ) {
        Map<String, String> paramMap = new TreeMap<>();
        paramMap.put("appid", appId);
        paramMap.put("mch_id", mchID);
        //paramMap.put("device_info",);
        paramMap.put("nonce_str", DigestUtils.md5Hex(UUID.randomUUID() + RandomStringUtils.randomAlphabetic(30)));
        //paramMap.put("sign_type",);
        paramMap.put("body", StringUtils.abbreviate(paymentDescription.replaceAll("[^0-9a-zA-Z\\u4e00-\\u9fa5 ]", ""), 600));
        //paramMap.put("detail", );
        //paramMap.put("attach", );
        paramMap.put("out_trade_no", orderSale.getSn());
        //paramMap.put("fee_type", );
        paramMap.put("total_fee", String.valueOf(orderSale.getAmount().multiply(new BigDecimal(100)).setScale(0, RoundingMode.DOWN)));

//        paramMap.put("spbill_create_ip", request.getHeader("X-Real-IP"));
        paramMap.put("spbill_create_ip", HttpUtils.getIp());

        //paramMap.put("time_start", );
        //paramMap.put("time_expire", );
        //paramMap.put("goods_tag", );
        paramMap.put("notify_url", notifyUrl);
        paramMap.put("trade_type", "JSAPI");
        //paramMap.put("product_id", );
        //paramMap.put("limit_pay", );
        paramMap.put("openid", openid);
        //paramMap.put("receipt", );
        //paramMap.put("scene_info", );

        paramMap.put("sign", HttpUtils.generateSign(paramMap, key));

        logger.info("payHandle request:" + paramMap.toString());
        String result = null;
        try {
            result = HttpUtils.doPost(UNIFIED_ORDER, HttpUtils.mapToXml(paramMap));
        } catch (Exception e) {
            e.printStackTrace();
        }
        logger.info("payHandle response:" + result);

        Map<String, String> resultMap = new HashMap<>();
        try {
            resultMap = HttpUtils.xmlToMap(result);
        } catch (Exception e) {
            e.printStackTrace();
            logger.error(e.getMessage(), e);
        }

        Map<String, String> resMap = new HashMap<>();
        if (StringUtils.equals(resultMap.get("return_code"), "SUCCESS")) {
            resMap.put("appId", resultMap.get("appid"));
            resMap.put("timeStamp", String.valueOf(System.currentTimeMillis() / 1000));
            resMap.put("nonceStr", DigestUtils.md5Hex(UUID.randomUUID() + RandomStringUtils.randomAlphabetic(30)));
            resMap.put("signType", "MD5");
            resMap.put("package", "prepay_id=" + resultMap.get("prepay_id"));

            //二次签名
            resMap.put("paySign", HttpUtils.generateSign(resMap, key));

            resMap.put("return_code", resultMap.get("return_code"));
            resMap.put("url", notifyUrl);
            resMap.put("orderNumber", orderSale.getSn());
            resMap.put("orderId", orderSale.getId().toString());

        } else {
            resMap.put("status", "failure");
            resMap.put("message", resultMap.get("return_msg"));
        }

        logger.info("二次签名:" + resMap.toString());
        return resMap;
    }

 

支付回调

    /**
     * 支付回调接口,微信支付成功后会自动调用
     *
     * @param request
     * @param response
     * @throws Exception
     */
    @RequestMapping(value = "/pay/notify", method = RequestMethod.POST)
    public void notify(HttpServletRequest request, HttpServletResponse response) throws Exception {
        logger.info("=====>支付回调接口 /store/notify start ...");
        BufferedReader br = new BufferedReader(new InputStreamReader(request.getInputStream()));
        String line;
        StringBuilder sb = new StringBuilder();
        while ((line = br.readLine()) != null) {
            sb.append(line);
        }
        br.close();

        Map<String, String> map = HttpUtils.xmlToMap(sb.toString());
        logger.info("/store/notify:" + map.toString());

        String resXml = "";
        if ("SUCCESS".equals(map.get("return_code"))) {
            //根据微信官网的介绍,此处不仅对回调的参数进行验签,还需要对返回的金额与系统订单的金额进行比对等
            if (HttpUtils.validateSign(map, payService.getKey())) {
                orderSaleService.afterPayment(map.get("out_trade_no"));
                //通知微信服务器已经支付成功
                resXml = "<xml><return_code><![CDATA[SUCCESS]]></return_code><return_msg><![CDATA[OK]]></return_msg></xml>";
            }
        } else {
            resXml = "<xml><return_code><![CDATA[FAIL]]></return_code><return_msg><![CDATA[报文为空]]></return_msg></xml> ";
        }

        BufferedOutputStream out = new BufferedOutputStream(response.getOutputStream());
        out.write(resXml.getBytes());
        out.flush();
        out.close();
        logger.info(resXml);
        logger.info("=====>支付回调接口 /store/notify end ...");
    }

HttpUtils
import org.apache.commons.beanutils.ConvertUtils;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.Consts;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

import javax.servlet.http.HttpServletRequest;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.util.*;

public class HttpUtils {

    private static final Logger logger = LoggerFactory.getLogger(HttpUtils.class);

    private static String[] IEBrowserSignals = {"MSIE", "Trident", "Edge"};

    public static boolean isMSBrowser(HttpServletRequest request) {
        String userAgent = request.getHeader("User-Agent");
        for (String signal : IEBrowserSignals) {
            if (userAgent.contains(signal))
                return true;
        }
        return false;
    }

    public static String doPost(String url, Map<String, String> mapParams) {
        try (CloseableHttpClient httpclient = HttpClients.createDefault()) {
            HttpPost httpPost = new HttpPost(url);

            //封装请求参数
            if (mapParams != null) {
                List<BasicNameValuePair> list = new ArrayList<>();
                for (Map.Entry<String, String> entry : mapParams.entrySet()) {
                    list.add(new BasicNameValuePair(entry.getKey(), entry.getValue()));
                }
                UrlEncodedFormEntity formEntity = new UrlEncodedFormEntity(list, "utf-8");
                formEntity.setContentType("Content-Type:application/json");
                httpPost.setEntity(formEntity);
            }

            try (CloseableHttpResponse response = httpclient.execute(httpPost)) {
                return EntityUtils.toString(response.getEntity());
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
        return null;
    }

    public static String doPost(String url, String xml) {
        try (CloseableHttpClient httpclient = HttpClients.createDefault()) {
            HttpPost httpPost = new HttpPost(url);
            httpPost.setEntity(new StringEntity(xml, "UTF-8"));
            try (CloseableHttpResponse response = httpclient.execute(httpPost)) {
                return EntityUtils.toString(response.getEntity(), "UTF-8");
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
        return null;
    }

    public static String doPost(String url, String jsonParam, String token) {
        try (CloseableHttpClient httpclient = HttpClients.createDefault()) {
            HttpPost httpPost = new HttpPost(url);
            httpPost.setHeader("Content-Type", "application/json;charset=utf8");
            if (StringUtils.isNotBlank(token))
                httpPost.setHeader("Authorization", token);

            StringEntity stringEntity = new StringEntity(jsonParam);
            stringEntity.setContentEncoding("UTF-8");
            stringEntity.setContentType("application/json");

            httpPost.setEntity(stringEntity);

            try (CloseableHttpResponse response = httpclient.execute(httpPost)) {
                return EntityUtils.toString(response.getEntity());
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
        return null;
    }

    public static String doGet(String url, Map<String, String> mapParams) {
        try (CloseableHttpClient httpclient = HttpClients.createDefault()) {

            //封装请求参数
            if (mapParams != null) {
                List<BasicNameValuePair> list = new ArrayList<>();
                for (Map.Entry<String, String> entry : mapParams.entrySet()) {
                    list.add(new BasicNameValuePair(entry.getKey(), entry.getValue()));
                }
                url = url + "?" + EntityUtils.toString(new UrlEncodedFormEntity(list, Consts.UTF_8));
            }

            HttpGet httpget = new HttpGet(url);
            try (CloseableHttpResponse response = httpclient.execute(httpget)) {
                return EntityUtils.toString(response.getEntity());
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
        return null;
    }

    /**
     * XML格式字符串转换为Map
     *
     * @param strXML
     * @return
     * @throws Exception
     */
    public static Map<String, String> xmlToMap(String strXML) throws Exception {
        try {
            Map<String, String> data = new HashMap<>();
            DocumentBuilder documentBuilder = WXPayXmlUtil.newDocumentBuilder();
            InputStream stream = new ByteArrayInputStream(strXML.getBytes(StandardCharsets.UTF_8));
            org.w3c.dom.Document doc = documentBuilder.parse(stream);
            doc.getDocumentElement().normalize();
            NodeList nodeList = doc.getDocumentElement().getChildNodes();
            for (int idx = 0; idx < nodeList.getLength(); ++idx) {
                Node node = nodeList.item(idx);
                if (node.getNodeType() == Node.ELEMENT_NODE) {
                    org.w3c.dom.Element element = (org.w3c.dom.Element) node;
                    data.put(element.getNodeName(), element.getTextContent());
                }
            }
            stream.close();
            return data;
        } catch (Exception ex) {
            WXPayUtil.getLogger().warn("Invalid XML, can not convert to map. Error message: {}. XML content: {}", ex.getMessage(), strXML);
            throw ex;
        }

    }

    /**
     * 将Map转换为XML格式的字符串
     *
     * @param data Map类型数据
     * @return XML格式的字符串
     * @throws Exception
     */
    public static String mapToXml(Map<String, String> data) throws Exception {
        org.w3c.dom.Document document = WXPayXmlUtil.newDocument();
        org.w3c.dom.Element root = document.createElement("xml");
        document.appendChild(root);
        for (String key : data.keySet()) {
            String value = data.get(key);
            if (value == null) {
                value = "";
            }
            value = value.trim();
            org.w3c.dom.Element filed = document.createElement(key);
            filed.appendChild(document.createTextNode(value));
            root.appendChild(filed);
        }
        TransformerFactory tf = TransformerFactory.newInstance();
        Transformer transformer = tf.newTransformer();
        DOMSource source = new DOMSource(document);
        transformer.setOutputProperty(OutputKeys.ENCODING, "UTF-8");
        transformer.setOutputProperty(OutputKeys.INDENT, "yes");
        StringWriter writer = new StringWriter();
        StreamResult result = new StreamResult(writer);
        transformer.transform(source, result);
        String output = writer.getBuffer().toString(); //.replaceAll("\n|\r", "");
        writer.close();
        return output;
    }

    /**
     * 生成签名
     *
     * @param parameterMap
     * @param key
     * @return
     */
    public static String generateSign(Map<String, ?> parameterMap, String key) {
        return StringUtils.upperCase(DigestUtils.md5Hex(joinKeyValue(new TreeMap<>(parameterMap), null, "&key=" + key, "&", true)));
    }

    /**
     * 连接Map键值对
     *
     * @param map
     * @param prefix
     * @param suffix
     * @param separator
     * @param ignoreEmptyValue
     * @param ignoreKeys
     * @return
     */
    public static String joinKeyValue(
            Map<Object, Object> map,
            String prefix,
            String suffix,
            String separator,
            boolean ignoreEmptyValue,
            String... ignoreKeys
    ) {
        List<String> list = new ArrayList<>();
        if (map != null) {
            for (Map.Entry<Object, Object> entry : map.entrySet()) {
                String key = entry.getKey().toString();
                String value = ConvertUtils.convert(entry.getValue());
                if (StringUtils.isNotEmpty(key) && !ArrayUtils.contains(ignoreKeys, key)
                        && (!ignoreEmptyValue || StringUtils.isNotEmpty(value))) {
                    list.add(key + "=" + (value != null ? value : ""));
                }
            }
        }
        return (prefix != null ? prefix : "") + StringUtils.join(list, separator) + (suffix != null ? suffix : "");
    }

    /**
     * 获取ip
     *
     * @return
     */
    public static String getIp() {
        try {
            return InetAddress.getLocalHost().getHostAddress();
        } catch (UnknownHostException e) {
            e.printStackTrace();
        }
        return null;
    }

    /**
     * 通知接口验签
     *
     * @param parameterMap
     * @param key
     * @return
     */
    public static boolean validateSign(Map<String, String> parameterMap, String key) {
        String sign = parameterMap.get("sign");
        logger.info("微信支付,传入的sign进行校验" + sign);
        if (StringUtils.isEmpty(sign)) {
            logger.info("微信支付,sign参数为空!");
            return false;
        }
        String md5Hex = getSign(parameterMap, key);
        if (!md5Hex.equals(sign.toUpperCase())) {
            logger.info("微信支付,签名错误");
            return false;
        }
        return true;
    }

    public static String getSign(Map<String, String> parameterMap, String key) {
        // 将Map转换为TreeMap
        Set<Map.Entry<String, String>> parameterMapSet = parameterMap.entrySet();
        Iterator<Map.Entry<String, String>> hashMapIterator = parameterMapSet.iterator();

        Map<String, String> treeMap = new TreeMap<String, String>();
        while (hashMapIterator.hasNext()) {
            Map.Entry<String, String> param = hashMapIterator.next();
            if (!"sign".equals(param.getKey())) {
                treeMap.put(param.getKey(), param.getValue());
            }
        }
        // 拼接字符串
        StringBuilder sb = new StringBuilder();
        Set<Map.Entry<String, String>> treeMapSet = treeMap.entrySet();
        Iterator<Map.Entry<String, String>> treeMapIterator = treeMapSet.iterator();
        while (treeMapIterator.hasNext()) {
            Map.Entry<String, String> param = treeMapIterator.next();
            // 校验空值
            if (StringUtils.isEmpty(param.getValue())) {
                if (treeMapIterator.hasNext()) {
                } else {
                    sb.replace(sb.toString().length() - 1, sb.toString().length(), "");
                }
                continue;
            }
            sb.append(param.getKey());
            sb.append("=");
            sb.append(param.getValue());
            if (treeMapIterator.hasNext()) {
                sb.append("&");
            }
        }
        if (StringUtils.isEmpty(sb.toString())) {
            throw new RuntimeException("传入的参数为空");
        }
        // 拼接key
        sb.append("&key=").append(key);
        return DigestUtils.md5Hex(sb.toString()).toUpperCase();
    }

    public static void main(String[] args) {
    }
}

 

 

posted on 2020-04-20 13:52  1zfang1  阅读(330)  评论(0编辑  收藏  举报

导航