前言:
上一篇文章中(【在线支付】在线支付流程分析)说道,为了保证数据安全,网站把源数据和hmac码发送到第三方,那么,在代码中是如何实现的呢?接收到付款成功的消息,又是如何响应的呢?以向易宝支付为例
1、向易宝发送支付请求
导入算法工具类PaymentUtil
import cn.itcast.utils.PaymentUtil;
public class PayServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//获取的支付信息:ID,交易金额,订单号
String orderid = request.getParameter("orderid");
String money = request.getParameter("money");
String pd_Id = request.getParameter("pd_FrpId");
//源数据的规范,顺序不能变(参见“易宝支付产品通用接口帮助文档”支付请求参数说明)
String p0_Cmd = "Buy"; //业务类型
String p1_MerId = "10001126856";// 商户编号(银行卡号),向此卡号支付
String p2_Order = orderid; //商户订单号
String p3_Amt = money; // 付款金额
String p4_Cur = "CNY"; // 交易币种
String p5_Pid = ""; // 商品名称
String p6_Pcat = ""; // 商品种类
String p7_Pdesc = ""; // 商品描述
String p8_Url = "http://localhost/day20pay/callback"; // 商户接收支付成功数据的地址
String p9_SAF = ""; // 送货地址
String pa_MP = ""; // 商户扩展信息
String pd_FrpId = this.pd_FrpId;// 支付通道编码
String pr_NeedResponse = "1"; // 应答机制
//秘钥(在算法工具类PaymentUtil中,需用到秘钥)
String keyValue = "69cl522AV6q613Ii4W6u8K6XuW8vM1N6bFgyv769220IuYe9u37N4y7rI4Pl";
//根据源数据生成hmac码
String hmac = PaymentUtil.buildHmac(p0_Cmd, p1_MerId, p2_Order, p3_Amt, p4_Cur,
p5_Pid, p6_Pcat, p7_Pdesc, p8_Url, p9_SAF, pa_MP, pd_FrpId,
pr_NeedResponse, keyValue);
// 将所有参数 发送给 易宝指定URL
request.setAttribute("pd_FrpId", pd_FrpId);
request.setAttribute("p0_Cmd", p0_Cmd);
request.setAttribute("p1_MerId", p1_MerId);
request.setAttribute("p2_Order", p2_Order);
request.setAttribute("p3_Amt", p3_Amt);
request.setAttribute("p4_Cur", p4_Cur);
request.setAttribute("p5_Pid", p5_Pid);
request.setAttribute("p6_Pcat", p6_Pcat);
request.setAttribute("p7_Pdesc", p7_Pdesc);
request.setAttribute("p8_Url", p8_Url);
request.setAttribute("p9_SAF", p9_SAF);
request.setAttribute("pa_MP", pa_MP);
request.setAttribute("pr_NeedResponse", pr_NeedResponse);
request.setAttribute("hmac", hmac);
request.getRequestDispatcher("/confirm.jsp").forward(request, response);
}
2、付款成功后,回调程序
public class CallbackServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 验证请求来源和数据有效性
// 阅读支付结果参数说明
// System.out.println("==============================================");
String p1_MerId = request.getParameter("p1_MerId");
String r0_Cmd = request.getParameter("r0_Cmd");
String r1_Code = request.getParameter("r1_Code");
String r2_TrxId = request.getParameter("r2_TrxId");
String r3_Amt = request.getParameter("r3_Amt");
String r4_Cur = request.getParameter("r4_Cur");
String r5_Pid = request.getParameter("r5_Pid");
String r6_Order = request.getParameter("r6_Order");
String r7_Uid = request.getParameter("r7_Uid");
String r8_MP = request.getParameter("r8_MP");
String r9_BType = request.getParameter("r9_BType");
String rb_BankId = request.getParameter("rb_BankId");
String ro_BankOrderId = request.getParameter("ro_BankOrderId");
String rp_PayDate = request.getParameter("rp_PayDate");
String rq_CardNo = request.getParameter("rq_CardNo");
String ru_Trxtime = request.getParameter("ru_Trxtime");
// hmac
String hmac = request.getParameter("hmac");
// 利用本地密钥和加密算法 加密数据
String keyValue = "69cl522AV6q613Ii4W6u8K6XuW8vM1N6bFgyv769220IuYe9u37N4y7rI4Pl";
boolean isValid = PaymentUtil.verifyCallback(hmac, p1_MerId, r0_Cmd,
r1_Code, r2_TrxId, r3_Amt, r4_Cur, r5_Pid, r6_Order, r7_Uid,
r8_MP, r9_BType, keyValue);
if (isValid) {
// 有效
if (r9_BType.equals("1")) {
// 浏览器重定向
response.setContentType("text/html;charset=utf-8");
response.getWriter().println(
"支付成功!订单号:" + r6_Order + "金额:" + r3_Amt);
} else if (r9_BType.equals("2")) {
// 服务器点对点,来自于易宝的通知
System.out.println("收到易宝通知,修改订单状态!");//
// 回复给易宝success,如果不回复,易宝会一直通知
response.getWriter().print("success");
}
} else {
throw new RuntimeException("数据被篡改!");
}
}
}
整个支付的思路很简单,发送请求和支付后相应,具体的解释,还是要看代码注释,顺着代码走一遍,就可以理清了。
参考:《网上商城SSH》,在线支付demo