1.前期准备工作
- 微信商户证书
- 设置apiv3 key
- 本文案例是小程序支付,其他支付基本流程一致,注意个别参数差异
- sdk版本
<dependency> <groupId>com.github.wechatpay-apiv3</groupId> <artifactId>wechatpay-apache-httpclient</artifactId> <version>0.4.6</version> </dependency>
2.jsapi下单
-
ObjectNode rootNode = objectMapper.createObjectNode(); //mchid商户号 rootNode.put("mchid", WxPayConstans.MCH_ID) //微信小程序appid .put("appid", WxPayConstans.APP_ID) //描述 .put("description", orderBaseEntity.getOrderNo()) //支付回调地址 .put("notify_url", WxPayConstans.NOTIFY_URL) //系统生成的订单号 .put("out_trade_no", orderBaseEntity.getOrderNo()); //金额信息 rootNode.putObject("amount") //支付金额 .put("total", new Integer(orderBaseEntity.getPayerTotal().multiply(new BigDecimal(100)).setScale(0).toString())); //支付者信息 rootNode.putObject("payer") //支付人的openid .put("openid", user.getOpenid()); HttpPost httpPost = new HttpPost("https://api.mch.weixin.qq.com/v3/pay/transactions/jsapi"); httpPost.addHeader("Accept", "application/json"); httpPost.addHeader("Content-type", "application/json; charset=utf-8"); ByteArrayOutputStream bos = new ByteArrayOutputStream(); objectMapper.writeValue(bos, rootNode); httpPost.setEntity(new StringEntity(bos.toString("UTF-8"), "UTF-8")); CloseableHttpClient httpClient = HttpUtil.getClient(); CloseableHttpResponse response = httpClient.execute(httpPost); //微信返回的预支付单信息 String bodyAsString = EntityUtils.toString(response.getEntity());
2.生成小程序端拉起支付所需要的参数
String nonceStr = UUID.randomUUID().toString().replace("-", ""); Map<String, Object> repMap = new HashMap<>(5); repMap.put("nonceStr", nonceStr); //上步代码获取的bodyAsString里的prepay_id repMap.put("package", "prepay_id=" + objectMapper.readTree(bodyAsString).get("prepay_id").asText()); repMap.put("signType", "RSA"); String timeStamp = String.valueOf(System.currentTimeMillis() / 1000); repMap.put("timeStamp", timeStamp); // paySign String dataStr = WxPayConstans.APP_ID + "\n" + timeStamp + "\n" + nonceStr + "\n" + "prepay_id=" + objectMapper.readTree(bodyAsString).get("prepay_id").asText() + "\n"; //生成签名 String sign = sign(dataStr.getBytes(StandardCharsets.UTF_8)); repMap.put("paySign", sign); return repMap;
-
小程序端根据我们返回的参数拉起支付
-
支付成功回调处理
-
@PostMapping("/notifyUrl") public JSONObject notifyUrl(HttpServletRequest request) { String body = PayUtil.readData(request); //回调通知的验签与解密 String wechatPaySerial = request.getHeader("Wechatpay-Serial"); String nonce = request.getHeader("Wechatpay-Nonce"); String timestamp = request.getHeader("Wechatpay-Timestamp"); String signature = request.getHeader("Wechatpay-Signature"); JSONObject jsonObject = new JSONObject(); //解密报文 try { String decryptOrder = PayUtil.signVerificationAndDecryption(wechatPaySerial, nonce, timestamp, signature, body); //根据解密后得到的信息处理自己的逻辑... } catch (RuntimeException | JsonProcessingException e) { e.printStackTrace(); jsonObject.put("code","ERROR"); jsonObject.put("message","失败"); return jsonObject; } jsonObject.put("code","SUCCESS"); jsonObject.put("message","成功"); return jsonObject; }
-
4.所用到的工具类/方法
- HttpUtil
/** * @ClassName HttpUtil * @Description TODO * @Author skx * @Date 2021/9/13 */ @Component public class HttpUtil { private static CloseableHttpClient httpClient = null; private static CertificatesManager certificatesManager = null; private static Verifier verifier = null; //商户证书私钥 private static final PrivateKey merchantPrivateKey = PemUtil.loadPrivateKey(WxPayConstans.PRIATE_KEY); /** * 微信通讯client * @return CloseableHttpClient */ public static CloseableHttpClient getClient() { // 获取证书管理器实例 certificatesManager = CertificatesManager.getInstance(); httpClient = WechatPayHttpClientBuilder.create() .withMerchant(WxPayConstans.MCH_ID, WxPayConstans.MCH_SERIAL_NO, merchantPrivateKey) .withValidator(new WechatPay2Validator(getVerifier())) .build(); return httpClient; } /** * 验证器 * @return verifier */ public static Verifier getVerifier() { // 获取证书管理器实例 certificatesManager = CertificatesManager.getInstance(); // 向证书管理器增加需要自动更新平台证书的商户信息 try { certificatesManager.putMerchant(WxPayConstans.MCH_ID, new WechatPay2Credentials(WxPayConstans.MCH_ID, new PrivateKeySigner(WxPayConstans.MCH_SERIAL_NO, merchantPrivateKey)), WxPayConstans.API_V3KEY.getBytes(StandardCharsets.UTF_8)); // 从证书管理器中获取verifier verifier = certificatesManager.getVerifier(WxPayConstans.MCH_ID); } catch (GeneralSecurityException | NotFoundException | IOException | HttpCodeException e) { e.printStackTrace(); } return verifier; } }
- 签名方法
/** * 签名 * @param message * @return * @throws Exception */ String sign(byte[] message) { try { Signature sign = Signature.getInstance("SHA256withRSA"); //商户私钥 PrivateKey merchantPrivateKey = PemUtil.loadPrivateKey(WxPayConstans.PRIATE_KEY); sign.initSign(merchantPrivateKey); sign.update(message); return java.util.Base64.getEncoder().encodeToString(sign.sign()); } catch (SignatureException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (InvalidKeyException e) { e.printStackTrace(); } return null; }
-
PayUtil
/** * PayUtil * @author shenkaixin */ @Slf4j @Component public class PayUtil { /** * 将通知参数转化为字符串 * @param request * @return */ public static String readData(HttpServletRequest request) { BufferedReader br = null; try { StringBuilder result = new StringBuilder(); br = request.getReader(); for (String line; (line = br.readLine()) != null; ) { if (result.length() > 0) { result.append("\n"); } result.append(line); } return result.toString(); } catch (IOException e) { throw new RuntimeException(e); } finally { if (br != null) { try { br.close(); } catch (IOException e) { e.printStackTrace(); } } } } /** * 验签解密报文 */ public static String signVerificationAndDecryption(String serialNumber, String nonce, String timestamp, String signature, String body) { Verifier verifier = HttpUtil.getVerifier(); // 构建request,传入必要参数 NotificationRequest request = new NotificationRequest.Builder().withSerialNumber(serialNumber) .withNonce(nonce) .withTimestamp(timestamp) .withSignature(signature) .withBody(body) .build(); NotificationHandler handler = new NotificationHandler(verifier, WxPayConstans.API_V3KEY.getBytes(StandardCharsets.UTF_8)); // 验签和解析请求体 Notification notification = null; try { notification = handler.parse(request); } catch (ValidationException | ParseException e) { e.printStackTrace(); } // 从notification中获取解密报文 assert notification != null; log.info("解密报文:"+notification.getDecryptData()); return notification.getDecryptData(); } }