1.申请公众号和商户号
申请这两个基本的账号均可在官网申请完成
2.配置商户API_V3_key和商户证书
链接: 配置微信apiv3key
注:apiv3key为商户开发人员自定义,证书配置方法也在上方链接里
3.导入依赖
链接: wechatpay-apache-httpclient
<dependency>
<groupId>com.github.wechatpay-apiv3</groupId>
<artifactId>wechatpay-apache-httpclient</artifactId>
<version>0.4.8</version>
</dependency>
4.构建调用接口httpclient
//获取微信平台证书(自动验签、更新证书)
public class Cretifi {
public static CloseableHttpClient getCer() throws Exception {
//加载私钥
PrivateKey merchantPrivateKey = PemUtil.loadPrivateKey(
new ByteArrayInputStream(WechatConstants.PRIVATE_KEY.getBytes("utf-8")));
// 获取证书管理器实例
CertificatesManager certificatesManager = CertificatesManager.getInstance();
// 向证书管理器增加需要自动更新平台证书的商户信息
certificatesManager.putMerchant(WechatConstants.MERCHANT_ID, new WechatPay2Credentials(WechatConstants.MERCHANT_ID,
new PrivateKeySigner(WechatConstants.MERCHANT_SERIAL_NUMBER, merchantPrivateKey)), WechatConstants.API_V3_KEY.getBytes(StandardCharsets.UTF_8));
// ... 若有多个商户号,可继续调用putMerchant添加商户信息
// 从证书管理器中获取verifier
Verifier verifier = certificatesManager.getVerifier(WechatConstants.MERCHANT_ID);
WechatPayHttpClientBuilder builder = WechatPayHttpClientBuilder.create()
.withMerchant(WechatConstants.MERCHANT_ID, WechatConstants.MERCHANT_SERIAL_NUMBER, merchantPrivateKey)
.withValidator(new WechatPay2Validator(verifier));
// 通过WechatPayHttpClientBuilder构造的HttpClient,会自动的处理签名和验签,并进行证书自动更新
//开发注:无须关注微信平台证书
CloseableHttpClient httpClient = builder.build();
return httpClient;
}
}
此代码为自动更新证书,请求接口不需要再构建签名等一系列繁杂的操作,调用接口时直接用返回的CloseableHttpClient 类型的client调用即可
其中的一些常量:
WechatConstants.PRIVATE_KEY:商户自己的证书(私钥),
WechatConstants.MERCHANT_ID:商户id,
WechatConstants.MERCHANT_SERIAL_NUMBER:商户证书序列号,
WechatConstants.API_V3_KEY:自定义api_v3_key
注
:私钥可以用引入证书路径方法构造出来PrivateKey类型;
5.调用jsapi下单示例
CloseableHttpClient httpClient = Cretifi.getCer();
HttpPost httpPost = new HttpPost(WechatUrl.jsapi);
httpPost.addHeader("Accept", "application/json");
httpPost.addHeader("Content-type","application/json; charset=utf-8");
ByteArrayOutputStream bos = new ByteArrayOutputStream();
ObjectMapper objectMapper = new ObjectMapper();
ObjectNode rootNode = objectMapper.createObjectNode();
rootNode.put("mchid",WechatConstants.MERCHANT_ID)
.put("appid", WechatConstants.APP_ID)
.put("description", description)
.put("notify_url", WechatUrl.callBackJsApi)
.put("out_trade_no", out_trade_no);
rootNode.putObject("amount")
.put("total", amount);
rootNode.putObject("payer")
.put("openid", openId);
objectMapper.writeValue(bos, rootNode);
httpPost.setEntity(new StringEntity(bos.toString("UTF-8"), "UTF-8"));
CloseableHttpResponse response = httpClient.execute(httpPost);
try {
int statusCode = response.getStatusLine().getStatusCode();
if (statusCode == 200) {
System.out.println("success,return body = " + EntityUtils.toString(response.getEntity()));
String s = EntityUtils.toString(response.getEntity());
Map map = JSONObject.parseObject(s, Map.class);
Object prepay_id = map.get("prepay_id");
//随机字符串
String nonceStr = RandomUtil.randomString(32);
//时间戳
String time = System.currentTimeMillis() / 1000 + "";
GenerateSign generateSign = new GenerateSign();
String sign = generateSign.qianduanSign(WechatConstants.APP_ID, time, nonceStr, prepay_id.toString());
CreateOrderDTO createOrderDTO = new CreateOrderDTO();
createOrderDTO.setAppId(WechatConstants.APP_ID);
createOrderDTO.setNonceStr(nonceStr);
createOrderDTO.setSign(sign);
createOrderDTO.setPayperId(prepay_id.toString());
createOrderDTO.setTimeStamp(time);
logger.info("参数为:时间戳:{}随机字符串:{}prepay_id:{}签名:{}",time,nonceStr,prepay_id.toString(),sign);
return CommonResult.success(createOrderDTO);
} else if (statusCode == 204) {
System.out.println("success");
} else {
System.out.println("failed,resp code = " + statusCode+ ",return body = " + EntityUtils.toString(response.getEntity()));
throw new IOException("request failed");
}
} finally {
response.close();
httpClient.close();
}
return CommonResult.failed();
最后前端需要唤起微信支付组件,我们后端需要返回加密之后的签名和其他信息CreateOrderDTO
6.签名解释
如果想要知道请求微信后端的签名构造方法,可以访问: 微信支付后端签名生成规则,也可以使用下面的示例
import cn.hutool.core.util.RandomUtil;
import com.macro.mall.portal.constants.wechat.WechatConstants;
import okhttp3.HttpUrl;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.*;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
public class GenerateSign {
// Authorization: <schema> <token>
// GET - getToken("GET", httpurl, "")
// POST - getToken("POST", httpurl, json)
String getToken(String method, HttpUrl url, String body) throws Exception {
//随机字符串
String nonceStr = RandomUtil.randomString(32);
long timestamp = System.currentTimeMillis() / 1000;
String message = buildMessage(method, url, timestamp, nonceStr, body);
String signature = sign(message.getBytes("utf-8"));
return "mchid=\"" + WechatConstants.MERCHANT_ID + "\","
+ "nonce_str=\"" + nonceStr + "\","
+ "timestamp=\"" + timestamp + "\","
+ "serial_no=\"" + WechatConstants.MERCHANT_SERIAL_NUMBER + "\","
+ "signature=\"" + signature + "\"";
}
public String getTokenRequireNonceStr(String method, HttpUrl url, String body,String nonceStr) throws Exception {
long timestamp = System.currentTimeMillis() / 1000;
String message = buildMessage(method, url, timestamp, nonceStr, body);
String signature = sign(message.getBytes("utf-8"));
return "mchid=\"" + WechatConstants.MERCHANT_ID + "\","
+ "nonce_str=\"" + nonceStr + "\","
+ "timestamp=\"" + timestamp + "\","
+ "serial_no=\"" + WechatConstants.MERCHANT_SERIAL_NUMBER + "\","
+ "signature=\"" + signature + "\"";
}
String sign(byte[] message) throws Exception{
Signature sign = Signature.getInstance("SHA256withRSA");
PrivateKey privateKey = getPrivateKey(WechatConstants.PRIVATE_KEY_PATH);
sign.initSign(privateKey);
sign.update(message);
return Base64.getEncoder().encodeToString(sign.sign());
}
String buildMessage(String method, HttpUrl url, long timestamp, String nonceStr, String body) {
String canonicalUrl = url.encodedPath();
if (url.encodedQuery() != null) {
canonicalUrl += "?" + url.encodedQuery();
}
return method + "\n"
+ canonicalUrl + "\n"
+ timestamp + "\n"
+ nonceStr + "\n"
+ body + "\n";
}
public static PrivateKey getPrivateKey(String filename) throws IOException {
String content = new String(Files.readAllBytes(Paths.get(filename)), "utf-8");
try {
String privateKey = content.replace("-----BEGIN PRIVATE KEY-----", "")
.replace("-----END PRIVATE KEY-----", "")
.replaceAll("\\s+", "");
KeyFactory kf = KeyFactory.getInstance("RSA");
return kf.generatePrivate(
new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKey)));
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("当前Java环境不支持RSA", e);
} catch (InvalidKeySpecException e) {
throw new RuntimeException("无效的密钥格式");
}
}
public String qianduanSign(String appId,String timeStamp,String nonceStr,String paypreId) throws Exception {
String si = appId + "\n"
+ timeStamp + "\n"
+ nonceStr + "\n"
+ "prepay_id="+paypreId + "\n";
String signature = sign(si.getBytes("utf-8"));
return signature;
}
}
之后,前端唤起也需要一个签名和其他信息,问题来了,为什么前端不自己生成一个签名来唤起微信组件,是因为前端需要的签名也需要用商户证书来构造,如果在客户端保存商户证书是非常不安全的,所以需要由服务端生成签名来返回给前端,前端生成签名的方法见
java代码可以用如下的代码来加密:
public String qianduanSign(String appId,String timeStamp,String nonceStr,String paypreId) throws Exception {
String si = appId + "\n"
+ timeStamp + "\n"
+ nonceStr + "\n"
+ "prepay_id="+paypreId + "\n";
String signature = sign(si.getBytes("utf-8"));
return signature;
}
String sign(byte[] message) throws Exception{
Signature sign = Signature.getInstance("SHA256withRSA");
PrivateKey privateKey = getPrivateKey(WechatConstants.PRIVATE_KEY_PATH);
sign.initSign(privateKey);
sign.update(message);
return Base64.getEncoder().encodeToString(sign.sign());
}
7.回调示例
处理回调也非常简单,可以参见开发文档中链接: 回调详情
特别注意:商户系统对于开启结果通知的内容一定要做签名验证,并校验通知的信息是否与商户侧的信息一致,防止数据泄露导致出现“假通知”,造成资金损失。 也就是说我们必须对回调进行验签,需要采用的方式也是文档中有提到的,另外请求内容是放在请求头中的,获取请求内容也在这里获取,可以参考下面的示例:
/**
* 验签并获取请求体
*/
public static CommonResult checkSign(HttpServletRequest request, HttpServletResponse response) throws Exception{
String characterEncoding = request.getCharacterEncoding();
System.out.println("characterEncoding=" + characterEncoding);
//从请求头获取验签字段
String Timestamp = request.getHeader("Wechatpay-Timestamp");
String Nonce = request.getHeader("Wechatpay-Nonce");
String Signature = request.getHeader("Wechatpay-Signature");
String Serial = request.getHeader("Wechatpay-Serial");
System.out.println("开始读取请求头的信息");
//请求头
System.out.println("Wechatpay-Timestamp=" + Timestamp);
System.out.println("Wechatpay-Nonce=" + Nonce);
System.out.println("Wechatpay-Signature=" + Signature);
System.out.println("Wechatpay-Serial=" + Serial);
System.out.println("=================");
//加载平台证书,官方的sdk,s为商户api证书私钥
PrivateKey merchantPrivateKey = PemUtil
.loadPrivateKey(new ByteArrayInputStream(WechatConstants.PRIVATE_KEY.getBytes("utf-8")));
//加载官方自动更新证书
AutoUpdateCertificatesVerifier verifier = new AutoUpdateCertificatesVerifier(
//商户平台查看 //不是API密钥
new WechatPay2Credentials(WechatConstants.MERCHANT_ID,
new PrivateKeySigner(WechatConstants.MERCHANT_SERIAL_NUMBER, merchantPrivateKey)),
WechatConstants.API_V3_KEY.getBytes("utf-8"));
//读取请求体的信息
System.out.println("开始读取请求体的信息");
ServletInputStream inputStream = request.getInputStream();
StringBuffer stringBuffer = new StringBuffer();
BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
String s;
//读取回调请求体
while ((s = bufferedReader.readLine()) != null) {
stringBuffer.append(s);
}
String s1 = stringBuffer.toString();
System.out.println("请求体" + s1);
Map requestMap = (Map) JSON.parse(s1);
//开始按照验签进行拼接
String id = requestMap.get("id").toString();
System.out.println("id=" + id);
String resource = String.valueOf(requestMap.get("resource"));
System.out.println("resource=" + resource);
Map requestMap2 = (Map) JSON.parse(resource);
String associated_data = requestMap2.get("associated_data").toString();
String nonce = requestMap2.get("nonce").toString();
String ciphertext = requestMap2.get("ciphertext").toString();
//按照文档要求拼接验签串
String VerifySignature = Timestamp + "\n" + Nonce + "\n" + s1 + "\n";
System.out.println("拼接后的验签串=" + VerifySignature);
//使用官方验签工具进行验签
boolean verify = verifier.verify(Serial, VerifySignature.getBytes(), Signature);
System.out.println("官方工具验签=" + verify);
//判断验签的结果
System.out.println("=======判断验签结果=======");
if (verify == false) {
System.out.println("验签失败,应答接口");
CommonResult.failed();
}
//验签成功
System.out.println("验签成功后,开始进行解密");
//解密,如果这里报错,就一定是APIv3密钥错误
com.wechat.pay.contrib.apache.httpclient.util.AesUtil aesUtil = new com.wechat.pay.contrib.apache.httpclient.util.AesUtil(WechatConstants.API_V3_KEY.getBytes());
String aes = aesUtil.decryptToString(associated_data.getBytes(), nonce.getBytes(), ciphertext);
System.out.println("解密后=" + aes);
return CommonResult.success(aes);
}
以上就是对接的部分解释,欢迎指正。