聚合支付
第二章 微信扫码
文章目录
前言
微信支付具有方便快捷的特点,而且对于商户来说微信扫码支付已几乎成为消费者的首选消费方式。所以很有必要了解微信支付的逻辑以及实现方式,为之后的工作开发提供基础,具体参考文档:https://pay.weixin.qq.com/wiki/doc/api/native.php?chapter=6_5&index=3。
一、开发前准备
由于微信支付没有沙箱环境,必须在网上经过申请成为“微信支付商户”才能得到微信支付的一些必备参数,如开发者id、开发者秘钥、商户号、API秘钥等。
二、java实现
1.pom中引入相关jar包
代码如下(示例):
<dependency>
<groupId>com.google.zxing</groupId>
<artifactId>javase</artifactId>
<version>3.3.3</version>
</dependency>
<dependency>
<groupId>com.google.zxing</groupId>
<artifactId>core</artifactId>
<version>3.3.3</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.41</version>
</dependency>
2.支付相关工具类
微信扫码支付数据是以XML格式进行传输的,需要一些工具类将XML变成我们常用的Map或者实体类格式,可参考微信官方提供的SDK与demo,https://pay.weixin.qq.com/wiki/doc/api/native.php?chapter=11_1。下载java版本,里面的WXPayUtil.java工具类,可以根据自己需要将这个类进行修改或扩充。
代码如下(示例):
/**
* 输入流转化为字符串
*/
public static String getStreamString(InputStream inputStream) throws Exception {
StringBuffer buffer = new StringBuffer();
InputStreamReader inputStreamReader = null;
BufferedReader bufferedReader = null;
try {
inputStreamReader = new InputStreamReader(inputStream, WxConstants.DEFAULT_CHARSET);
bufferedReader = new BufferedReader(inputStreamReader);
String line;
while ((line = bufferedReader.readLine()) != null) {
buffer.append(line);
}
} catch (Exception e) {
throw new Exception();
} finally {
if (bufferedReader != null) {
bufferedReader.close();
}
if (inputStreamReader != null) {
inputStreamReader.close();
}
if (inputStream != null) {
inputStream.close();
}
}
return buffer.toString();
}
/**
* 获取随机字符串 Nonce Str
*/
public static String getNonceStr() {
return UUID.randomUUID().toString().replaceAll("-", "").substring(0, 32);
}
/**
* 生成签名. 注意,若含有sign_type字段,必须和signType参数保持一致。
*/
public static String getSignature(final Map<String, String> data, String key, String signType) throws Exception {
Set<String> keySet = data.keySet();
String[] keyArray = keySet.toArray(new String[keySet.size()]);
Arrays.sort(keyArray);
StringBuilder sb = new StringBuilder();
for (String k : keyArray) {
if (k.equals("sign")) {
continue;
}
//参数值为空,则不参与签名
if (data.get(k).trim().length() > 0) {
sb.append(k).append("=").append(data.get(k).trim()).append("&");
}
}
sb.append("key=").append(key);//加上key 再生成签名
if (signType.equals(WxConstants.SING_MD5)) {
return MD5(sb.toString()).toUpperCase();
} else if (signType.equals(WxConstants.SING_HMACSHA256)) {
return HMACSHA256(sb.toString(), key);
} else {
throw new Exception(String.format("Invalid sign_type: %s", signType));
}
}
/**
* 生成 MD5
*
* @param data 待处理数据
* @return MD5结果
*/
public static String MD5(String data) throws Exception {
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] array = md.digest(data.getBytes("UTF-8"));
StringBuilder sb = new StringBuilder();
for (byte item : array) {
sb.append(Integer.toHexString((item & 0xFF) | 0x100).substring(1, 3));
}
return sb.toString().toUpperCase();
}
/**
* 生成 HMACSHA256
*/
public static String HMACSHA256(String data, String key) throws Exception {
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(key.getBytes("UTF-8"), "HmacSHA256");
sha256_HMAC.init(secret_key);
byte[] array = sha256_HMAC.doFinal(data.getBytes("UTF-8"));
StringBuilder sb = new StringBuilder();
for (byte item : array) {
sb.append(Integer.toHexString((item & 0xFF) | 0x100).substring(1, 3));
}
return sb.toString().toUpperCase();
}
/**
* 将Map转换为XML格式的字符串
*/
public static String mapToXml(Map<String, String> data) throws Exception {
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
org.w3c.dom.Document document = documentBuilder.newDocument();
org.w3c.dom.Element root = document.createElement("xml");
document.appendChild(root);
for (String key : data.keySet()) {
String value = data.get(key);
if (value == null) {
value = "";
}
value = value.trim();
org.w3c.dom.Element filed = document.createElement(key);
filed.appendChild(document.createTextNode(value));
root.appendChild(filed);
}
TransformerFactory tf = TransformerFactory.newInstance();
Transformer transformer = tf.newTransformer();
DOMSource source = new DOMSource(document);
transformer.setOutputProperty(OutputKeys.ENCODING, "UTF-8");
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
StringWriter writer = new StringWriter();
StreamResult result = new StreamResult(writer);
transformer.transform(source, result);
String output = writer.getBuffer().toString(); //.replaceAll("\n|\r", "");
try {
writer.close();
} catch (Exception ex) {
}
return output;
}
/**
* 处理 HTTPS API返回数据,转换成Map对象。return_code为SUCCESS时,验证签名。
*/
public static Map<String, String> processResponseXml(String xmlStr, String signType) throws Exception {
String RETURN_CODE = "return_code";
String return_code;
Map<String, String> respData = xmlToMap(xmlStr);
if (respData.containsKey(RETURN_CODE)) {
return_code = respData.get(RETURN_CODE);
} else {
throw new Exception(String.format("No `return_code` in XML: %s", xmlStr));
}
if (return_code.equals("FAIL")) {
return respData;
} else if (return_code.equals("SUCCESS")) {
//如果通信正常 验证签名
if (isResponseSignatureValid(respData, signType)) {
return respData;
} else {
throw new Exception(String.format("Invalid sign value in XML: %s", xmlStr));
}
} else {
throw new Exception(String.format("return_code value %s is invalid in XML: %s", return_code, xmlStr));
}
}
/**
* XML格式字符串转换为Map
* @param strXML XML字符串
* @return XML数据转换后的Map
* @throws Exception
*/
public static Map<String, String> xmlToMap(String strXML) throws Exception {
try {
Map<String, String> data = new HashMap<String, String>();
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
String FEATURE = "http://apache.org/xml/features/disallow-doctype-decl";
documentBuilderFactory.setFeature(FEATURE, true);
FEATURE = "http://xml.org/sax/features/external-general-entities";
documentBuilderFactory.setFeature(FEATURE, false);
FEATURE = "http://xml.org/sax/features/external-parameter-entities";
documentBuilderFactory.setFeature(FEATURE, false);
FEATURE = "http://apache.org/xml/features/nonvalidating/load-external-dtd";
documentBuilderFactory.setFeature(FEATURE, false);
documentBuilderFactory.setXIncludeAware(false);
documentBuilderFactory.setExpandEntityReferences(false);
DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
InputStream stream = new ByteArrayInputStream(strXML.getBytes("UTF-8"));
org.w3c.dom.Document doc = documentBuilder.parse(stream);
doc.getDocumentElement().normalize();
NodeList nodeList = doc.getDocumentElement().getChildNodes();
for (int idx = 0; idx < nodeList.getLength(); ++idx) {
Node node = nodeList.item(idx);
if (node.getNodeType() == Node.ELEMENT_NODE) {
org.w3c.dom.Element element = (org.w3c.dom.Element) node;
data.put(element.getNodeName(), element.getTextContent());
}
}
try {
stream.close();
} catch (Exception ex) {
// do nothing
}
return data;
} catch (Exception ex) {
throw ex;
}
}
/**
* 判断xml数据的sign是否有效,必须包含sign字段,否则返回false。
*/
private static boolean isResponseSignatureValid(final Map<String, String> reqData, String signType) throws Exception {
// 返回数据的签名方式和请求中给定的签名方式是一致的 由于签名的时候加上了key 所以验证的时候也需要
return isSignatureValid(reqData, WxConfig.key, signType);
}
/**
* 判断签名是否正确,必须包含sign字段,否则返回false。
*/
public static boolean isSignatureValid(Map<String, String> data, String key, String signType) throws Exception {
if (!data.containsKey("sign")) {
return false;
}
String sign = data.get("sign");
return getSignature(data, key, signType).equals(sign);
}
/**
* 生成支付二维码
* @param response 响应
* @param contents url链接
* @throws Exception
*/
public static void writerPayImage(HttpServletResponse response, String contents) throws Exception {
ServletOutputStream out = response.getOutputStream();
try {
Map<EncodeHintType, Object> hints = new HashMap<EncodeHintType, Object>();
hints.put(EncodeHintType.CHARACTER_SET, "UTF-8");
hints.put(EncodeHintType.ERROR_CORRECTION, ErrorCorrectionLevel.L);
hints.put(EncodeHintType.MARGIN, 0);
BitMatrix bitMatrix = new MultiFormatWriter().encode(contents, BarcodeFormat.QR_CODE, 300, 300, hints);
MatrixToImageWriter.writeToStream(bitMatrix, "jpg", out);
} catch (Exception e) {
throw new Exception("生成二维码失败!");
} finally {
if (out != null) {
out.flush();
out.close();
}
}
}
/**
* 返回信息给微信 商户已经接收到回调
*
* @param response
* @param content 内容
* @throws Exception
*/
public static void responsePrint(HttpServletResponse response, String content) throws Exception {
response.setCharacterEncoding("UTF-8");
response.setContentType("text/xml");
response.getWriter().print(content);
response.getWriter().flush();
response.getWriter().close();
}
3.支付相关商户参数
代码如下(示例):
public class WxConfig {
//这里用natapp内外网穿透,主要用于支付回调(用外网服务器更好)
public static final String natUrl = "http://xiaotiancai.natapp1.cc";
// 开发者ID
public static appID="wxab.......";
// 开发者秘钥
public static appSecret="86ae4a..........";
// 商户号
public static String mchID="114....." ;
//商户秘钥
public static String key="2ab9071..........";
// 页面跳转同步通知页面路径 需http://格式的完整路径,不能加?id=123这类自定义参数,必须外网可以正常访问
public static String notifyUrl = natUrl + "/wxPay/unifiedorderNotify";
// 签名方式
public static String signType = "MD5";
// 字符编码格式
public static String charset = "UTF-8";
//支付请求地址
public static String payUrl = "https://api.mch.weixin.qq.com/pay/unifiedorder";
//查询地址
public static String queryUrl = "https://api.mch.weixin.qq.com/pay/orderquery";
}
4.微信支付统一下单-生成二维码
代码如下(示例):
public void payUrl(HttpServletRequest request, HttpServletResponse response) throws Exception {
//模拟测试订单信息
SimpleDateFormat sdf = new SimpleDateFormat("yyMMddHHmmssSSS");
//商户订单号,商户网站订单系统中唯一订单号,必填(可以用一些重要的数加上时间戳组装,回调时可通过订单号截取使用)
String orderNo = sdf.format(new Date());
//获取二维码链接
HashMap<String, String> data = new HashMap<String, String>();
//公众账号ID
data.put("appid", WxConfig.appID);
//商户号
data.put("mch_id", WxConfig.mchID);
//随机字符串
data.put("nonce_str", WxUtil.getNonceStr());
//商品描述
data.put("body", "商品描述");
//商户订单号
data.put("out_trade_no", orderNo);
//标价币种
data.put("fee_type", "CNY");
//标价金额单位分
data.put("total_fee", "1024");
//用户的IP
data.put("spbill_create_ip", "127.0.0.1");
//通知地址
data.put("notify_url", WxConfig.unifiedorderNotifyUrl);
//交易类型
data.put("trade_type", "NATIVE");
//签名类型
data.put("sign_type", WxConfig.signType);
//签名 签名中加入key
data.put("sign", WxUtil.getSignature(data, WxConfig.key, WxConfig.signType));
String requestXML = WxUtil.mapToXml(data);
String responseString = HttpsClient.httpsRequestReturnString(WxConfig.payUrl, HttpsClient.METHOD_POST, requestXML);
//解析返回的xml
Map<String, String> resultMap = WxUtil.processResponseXml(responseString, WxConfig.signType);
if (resultMap.get("return_code").equals("SUCCESS")) {
String codeUrl = resultMap.get("code_url");
WxUtil.writerPayImage(response, codeUrl);
}else{
System.out.println("----生成二维码失败----");
}
}
返回XML示例:
5.微信支付订单查询
代码如下(示例):
public String wxOrderQuery(String orderNo) throws Exception {
HashMap<String, String> data = new HashMap<String, String>();
//公众账号ID
data.put("appid", WxConfig.appID);
//商户号
data.put("mch_id", WxConfig.mchID);
//随机字符串
data.put("nonce_str", WxUtil.getNonceStr());
//商户订单号
data.put("out_trade_no", orderNo);
//签名类型
data.put("sign_type", WxConfig.signType);
//签名 签名中加入key
data.put("sign", WxUtil.getSignature(data, WxConfig.key, WxConfig.signType));
String requestXML = WxUtil.mapToXml(data);
String responseString = HttpsClient.httpsRequestReturnString(WxConfig.payUrl, HttpsClient.METHOD_POST, requestXML);
//解析返回的xml
Map<String, String> resultMap = WxUtil.processResponseXml(responseString, WxConfig.signType);
if (resultMap.get(WxConstants.RETURN_CODE).equals("SUCCESS")) {
/**
* 订单支付状态
* SUCCESS—支付成功
* REFUND—转入退款
* NOTPAY—未支付
* CLOSED—已关闭
* REVOKED—已撤销(刷卡支付)
* USERPAYING--用户支付中
* PAYERROR--支付失败(其他原因,如银行返回失败)
*/
return resultMap.get("trade_state");
}
return null;
}
返回XML示例:
6.微信支付统一下单-通知链接
代码如下(示例):
@RequestMapping(value = {"/wxPay/unifiedorderNotify"})
public void unifiedorderNotify(HttpServletRequest request, HttpServletResponse response) throws Exception {
//商户订单号
String outTradeNo = null;
String xmlContent = "<xml>" +
"<return_code><![CDATA[FAIL]]></return_code>" +
"<return_msg><![CDATA[签名失败]]></return_msg>" +
"</xml>";
try {
String requestXml = WxUtil.getStreamString(request.getInputStream());
System.out.println("requestXml : " + requestXml);
Map<String, String> map = WxUtil.xmlToMap(requestXml);
String returnCode = map.get("return_code");
//校验一下 ,判断是否已经支付成功
if (StringUtils.isNotBlank(returnCode) && StringUtils.equals(returnCode, "SUCCESS") && WxUtil.isSignatureValid(map, WxConfig.key, WxConfig.signType)) {
//商户订单号
outTradeNo = map.get("out_trade_no");
System.out.println("outTradeNo : " + outTradeNo);
//微信支付订单号
String transactionId = map.get("transaction_id");
System.out.println("transactionId : " + transactionId);
//支付完成时间
SimpleDateFormat payFormat = new SimpleDateFormat("yyyyMMddHHmmss");
Date payDate = payFormat.parse(map.get("time_end"));
SimpleDateFormat systemFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
System.out.println("支付时间:" + systemFormat.format(payDate));
//其他操作
//......
//给微信的应答 xml, 通过 response 回写
xmlContent = "<xml>" +
"<return_code><![CDATA[SUCCESS]]></return_code>" +
"<return_msg><![CDATA[OK]]></return_msg>" +
"</xml>";
}
} catch (Exception e) {
e.printStackTrace();
}
response.setCharacterEncoding("UTF-8");
response.setContentType("text/xml");
response.getWriter().print(xmlContent);
response.getWriter().flush();
response.getWriter().close();
}
总结
目前只实现了微信扫码支付、查询、回单这三个接口,这三个接口就基本满足生产需要。如果还有其他需求,可继续对接关闭订单、退款、对账等接口。