1.支付宝支付回调返回的数据验证签名时失败
返回的数据:
gmt_create:2021-08-03 18:11:46
charset:utf-8
seller_email:111@qq.com
subject:次卡
sign:sign
buyer_id:20883027231111
invoice_amount:0.01
notify_id:2021080300221111
fund_bill_list:[{"amount":"0.01","fundChannel":"ALIPAYACCOUNT"}]
notify_type:trade_status_sync
trade_status:TRADE_SUCCESS
receipt_amount:0.01
app_id:201809111111
buyer_pay_amount:0.01
sign_type:RSA2
seller_id:208823166111
gmt_payment:2021-08-03 18:11:47
notify_time:2021-08-03 18:11:47
version:1.0
out_trade_no:18af91a5922148a7811e921111
total_amount:0.01
trade_no:2021080322001111
auth_app_id:2018091011111
buyer_logon_id:111****11
point_amount:0.00
直接拿这些字段去校验签名会失败
原因:要去除 sign_type 字段,sign字段支付的签名工具类已经帮我们去掉了
2.正确的demo
@RequestMapping(value = "ali/notify_url")
public synchronized void aliNotifyUrl(HttpServletRequest request, HttpServletResponse response) throws Exception {
Map<String, String> params = new HashMap<>();
Map<String, String[]> parameterMap = request.getParameterMap();
for (Map.Entry<String, String[]> entry : parameterMap.entrySet()) {
String[] values = entry.getValue();
String valueStr = "";
for (int i = 0; i < values.length; i++) {
valueStr = (i == values.length - 1) ? valueStr + values[i] : valueStr + values[i] + ",";
}
params.put(entry.getKey(), valueStr);
}
// 要删除该字段,不然校验签名会失败
params.remove("sign_type");
boolean rsa2 = AlipaySignature.verifyV2(params, CommonConstant.ALI_RSA2_PUBLIC, "utf-8", "RSA2");
System.out.println(rsa2);
System.out.println(rsa2);
}
3.测试结果
4.文章参考链接
a. https://www.cnblogs.com/suiyisuixing/p/7467059.html