支付宝主动查询订单签名验证失败的问题

本文探讨了支付宝订单查询时签名验证失败的问题,涉及编码转换和JSON字段顺序对签名计算的影响,提供了修复方法和示例代码,适用于开发者进行支付宝交易查询的签名验证。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

1.支付宝发起订单查询后,返回的数据验证签名时失败
返回数据:
在这里插入图片描述

{
	"alipay_trade_query_response": {
		"code": "10000",
		"msg": "Success",
		"buyer_logon_id": "111******65",
		"buyer_pay_amount": "0.00",
		"buyer_user_id": "208111123751547",
		"invoice_amount": "0.00",
		"out_trade_no": "6792a3616f111117c870578aee1c99",
		"point_amount": "0.00",
		"receipt_amount": "0.00",
		"send_pay_date": "2021-07-30 09:41:09",
		"total_amount": "0.01",
		"trade_no": "2021073022011141453364350",
		"trade_status": "TRADE_SUCCESS"
	},
	"sign": "sign11F1111112vaeUn5/6nsVYOEA="
}

直接使用JSON工具类解析后,去验证签名会出现错误.
原因:

a.编码可能会有问题
b.要严格按照返回的JSON字符串的顺序去做签名

2.正确的demo

    public static void searchOrderAli(String appid, String aliRsa2Private, String aliRsa2Public, String orderNo) throws Exception {
        AlipayClient alipayClient = new DefaultAlipayClient("https://openapi.alipay.com/gateway.do", appid, aliRsa2Private, "json", "utf-8", aliRsa2Public, "RSA2");
        AlipayTradeQueryRequest request = new AlipayTradeQueryRequest();
        request.setBizContent("{" +
                "\"out_trade_no\":\"" + orderNo + "\"" +
                "}");
        AlipayTradeQueryResponse response = alipayClient.execute(request);
        if (response.isSuccess()) {
            if ("TRADE_SUCCESS".equals(response.getTradeStatus())) {
                String body = new String(response.getBody().getBytes("ISO-8859-1"), "utf-8");
                Map map = JSON.parseObject(body, Map.class);
                String sign = MapUtils.getString(map, "sign", "");
                int begin = body.indexOf("\"alipay_trade_query_response\":{");
                int end = body.indexOf("},\"sign\"");
                String context = body.substring(begin + 30, end + 1);
                boolean rsa = AlipaySignature.verify(context, sign, aliRsa2Public, "utf-8", "RSA2");
                System.out.println(rsa);
                System.out.println(rsa);

            }
        } else {
            //  String body = response.getBody();
            System.out.println("调用失败");
        }
    }

    public static void main(String[] args) throws Exception {
        searchOrderAli(CommonConstant.ALI_APPID, CommonConstant.ALI_RSA2_PRIVATE, CommonConstant.ALI_RSA2_PUBLIC, "6792a3616f144851a7c870578aee1c99");
    }

解决方案:
a.解决编码问题:

 String body = new String(response.getBody().getBytes("ISO-8859-1"), "utf-8");

b.解决顺序问题,用截取字符串的方法即可

int begin = body.indexOf("\"alipay_trade_query_response\":{");
int end = body.indexOf("},\"sign\"");
String context = body.substring(begin + 30, end + 1);

3.效果
在这里插入图片描述

4.文章参考链接
a. https://blog.csdn.net/zlxzlf88/article/details/53218036

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值