'1'

zzjs-admin/src/main/java/com/miaxis/app/controller/film/NotifyController.java

@@ -17,6 +17,7 @@ import com.miaxis.film.domain.RefundRecord;
 import com.miaxis.film.dto.*;
 import com.miaxis.film.service.IFilmOrderService;
 import com.miaxis.film.service.IRefundRecordService;
+import com.wechat.pay.contrib.apache.httpclient.auth.AutoUpdateCertificatesVerifier;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import lombok.Data;
@@ -38,7 +39,9 @@ import javax.servlet.http.HttpServletRequest;
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.security.*;
+import java.security.cert.X509Certificate;
 import java.util.Base64;
 
 import static com.miaxis.common.utils.OrderCodeFactory.getOrderCode;
@@ -64,6 +67,9 @@ public class NotifyController {
     @Autowired
     private  IRefundRecordService  refundRecordService;
 
+    @Autowired
+    private AutoUpdateCertificatesVerifier verifier;
+
 
     @Value("${film.notifyUrl}")
     private  String notifyUrl ;
@@ -78,9 +84,9 @@ public class NotifyController {
         String bodyString = getBodyString(request);
         System.out.println(bodyString);
         Boolean pass =  validate(request,bodyString);
-//        if (!pass){
-//            throw new CustomException("签名失败");
-//        }
+        if (!pass){
+            throw new CustomException("签名失败");
+        }
         String resourceString = getSourString(filmWxpayDTO);
         log.info(resourceString);
         JSONObject jsonObject = JSONObject.parseObject(resourceString);
@@ -137,12 +143,13 @@ public class NotifyController {
         sb.append(timestamp + "\n");
         sb.append(nonce + "\n");
         sb.append(bodyString + "\n");
-        File file = new ClassPathResource("wechatpay/apiclient_key.pem").getFile();
-        String realPath =file.getAbsolutePath();
-        PrivateKey privateKey = CommonUtils.getPrivateKey(realPath);
+        X509Certificate validCertificate = verifier.getValidCertificate();
         // 进行签名服务
         Signature signature = Signature.getInstance("SHA256withRSA");
-        signature.initSign(privateKey);
+        // 用微信平台公钥对签名器进行初始化
+        signature.initVerify(validCertificate);
+        // 把我们构造的验签名串更新到签名器中
+        signature.update(sb.toString().getBytes(StandardCharsets.UTF_8));
         Boolean result = signature.verify(Base64Utils.decodeFromString(sign));
         log.info("微信支付回调验签:"+result.toString());
         return result;

zzjs-admin/src/test/java/com/miaxis/test/NormalTest.java

@@ -4,12 +4,16 @@ import com.miaxis.ZzjsApplication;
 import com.miaxis.film.domain.FilmOrder;
 import com.miaxis.film.service.IFilmOrderService;
 import com.miaxis.film.service.IRefundRecordService;
+import com.wechat.pay.contrib.apache.httpclient.auth.AutoUpdateCertificatesVerifier;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.test.context.junit4.SpringRunner;
 
+import java.math.BigInteger;
+import java.security.cert.X509Certificate;
+
 @SpringBootTest(classes = ZzjsApplication.class)
 @RunWith(SpringRunner.class)
 public class NormalTest {
@@ -18,6 +22,9 @@ public class NormalTest {
 
     @Autowired
     private IRefundRecordService refundRecordService;
+
+    @Autowired
+    private AutoUpdateCertificatesVerifier verifier;
     @Test
     public void test1() throws Exception {
         FilmOrder filmOrder = filmOrderService.getByOutTradeNo("12021052416003523348114349059153");
@@ -27,6 +34,16 @@ public class NormalTest {
     }
 
 
+    @Test
+    public void test2() throws Exception {
+        X509Certificate validCertificate = verifier.getValidCertificate();
+        BigInteger serialNumber = validCertificate.getSerialNumber();
+        System.out.println(serialNumber);
+
+
+    }
+
+
 
 
 

zzjs-common/src/main/java/com/miaxis/common/config/BeanConfig.java

@@ -9,8 +9,6 @@ import com.qcloud.cos.http.HttpProtocol;
 import com.qcloud.cos.region.Region;
 import com.wechat.pay.contrib.apache.httpclient.WechatPayHttpClientBuilder;
 import com.wechat.pay.contrib.apache.httpclient.auth.AutoUpdateCertificatesVerifier;
-import com.wechat.pay.contrib.apache.httpclient.auth.PrivateKeySigner;
-import com.wechat.pay.contrib.apache.httpclient.auth.WechatPay2Credentials;
 import com.wechat.pay.contrib.apache.httpclient.auth.WechatPay2Validator;
 import org.apache.http.client.HttpClient;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -20,15 +18,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.core.io.ClassPathResource;
 
 import java.io.File;
-import java.io.IOException;
-import java.nio.file.Files;
-import java.nio.file.Paths;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.util.Base64;
 
 
 @Configuration
@@ -49,7 +39,13 @@ public class BeanConfig {
 
     @Autowired
     private  WxpayConfig wxpayConfig;
+    @Autowired
+    private AutoUpdateCertificatesVerifier verifier;
 
+    /**
+     * 腾讯云 COS
+     * @return
+     */
 
     @Bean
     public COSClient  configBean() {
@@ -69,17 +65,16 @@ public class BeanConfig {
     }
 
 
+    /**
+     * 微信支付 httpclient 对象
+     * @return
+     * @throws Exception
+     */
     @Bean
     public HttpClient wxpayConfigBean() throws Exception{
         File file = new ClassPathResource("wechatpay/apiclient_key.pem").getFile();
         String realPath =file.getAbsolutePath();
         PrivateKey privateKey = CommonUtils.getPrivateKey(realPath);
-        // 加载平台证书（mchId：商户号,mchSerialNo：商户证书序列号,apiV3Key：V3密钥）
-        AutoUpdateCertificatesVerifier verifier = new AutoUpdateCertificatesVerifier(
-                new WechatPay2Credentials(wxpayConfig.getMerchantId(),
-                        new PrivateKeySigner(wxpayConfig.getSerialNumber(), privateKey)),
-                wxpayConfig.getV3key().getBytes("utf-8"));
-
         // 初始化httpClient
         HttpClient httpClient = WechatPayHttpClientBuilder.create()
                 .withMerchant(wxpayConfig.getMerchantId(), wxpayConfig.getSerialNumber(), privateKey)
@@ -88,4 +83,7 @@ public class BeanConfig {
 
     }
 
+
+
+
 }

zzjs-common/src/main/java/com/miaxis/common/config/WxVerifierConfig.java

@@ -0,0 +1,47 @@
+package com.miaxis.common.config;
+
+import com.miaxis.common.utils.uuid.CommonUtils;
+import com.qcloud.cos.COSClient;
+import com.qcloud.cos.ClientConfig;
+import com.qcloud.cos.auth.BasicCOSCredentials;
+import com.qcloud.cos.auth.COSCredentials;
+import com.qcloud.cos.http.HttpProtocol;
+import com.qcloud.cos.region.Region;
+import com.wechat.pay.contrib.apache.httpclient.WechatPayHttpClientBuilder;
+import com.wechat.pay.contrib.apache.httpclient.auth.AutoUpdateCertificatesVerifier;
+import com.wechat.pay.contrib.apache.httpclient.auth.PrivateKeySigner;
+import com.wechat.pay.contrib.apache.httpclient.auth.WechatPay2Credentials;
+import com.wechat.pay.contrib.apache.httpclient.auth.WechatPay2Validator;
+import org.apache.http.client.HttpClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.ClassPathResource;
+
+import java.io.File;
+import java.security.PrivateKey;
+
+
+@Configuration
+public class WxVerifierConfig {
+
+
+    @Autowired
+    private  WxpayConfig wxpayConfig;
+
+    @Bean
+    public AutoUpdateCertificatesVerifier getVerifier() throws Exception{
+        File file = new ClassPathResource("wechatpay/apiclient_key.pem").getFile();
+        String realPath =file.getAbsolutePath();
+        PrivateKey privateKey = CommonUtils.getPrivateKey(realPath);
+        // 加载平台证书（mchId：商户号,mchSerialNo：商户证书序列号,apiV3Key：V3密钥）
+        AutoUpdateCertificatesVerifier verifier = new AutoUpdateCertificatesVerifier(
+                new WechatPay2Credentials(wxpayConfig.getMerchantId(),
+                        new PrivateKeySigner(wxpayConfig.getSerialNumber(), privateKey)),
+                wxpayConfig.getV3key().getBytes("utf-8"));
+        return verifier;
+
+    }
+
+}