故事起因 漏洞详情https://pay.weixin.qq.com/wiki/doc/api/micropay.php?chapter=23_5
- 导包,如果引入com.github.wxpay最高版本0.0.3
<dependency> <groupId>com.github.tedzhdz</groupId> <artifactId>wxpay-sdk</artifactId> <version>3.0.9</version> </dependency>
-
0.0.3版本WXPayConfig是个接口,引入上面的包是个抽象类,注意:子类跟抽象类必须同包名
package com.github.wxpay.sdk; import java.io.ByteArrayInputStream; import java.io.InputStream; /** * 该类必须与继承抽象类同包名 * @author jxh * */ public class MyPayConfig extends WXPayConfig{ private byte[] certData; //公众账号ID private String appID="wxXXXXXXXXXXXXXXX"; //商户号 private String mchID = "XXXXXXXX"; //密钥 private String key = "XXXXXXXXXXXXXXXXXXXXX"; public MyPayConfig() {} @Override String getAppID() { return appID; } @Override String getMchID() { return mchID; } @Override String getKey() { return key; } @Override InputStream getCertStream() { ByteArrayInputStream certBis = new ByteArrayInputStream(this.certData); return certBis; } @Override public int getHttpConnectTimeoutMs() { return 8000; } @Override public int getHttpReadTimeoutMs() { return 10000; } @Override IWXPayDomain getWXPayDomain() { //必须实例化,否则WxPay初始化失败 IWXPayDomain iwxPayDomain = new IWXPayDomain() { public void report(String domain, long elapsedTimeMillis, Exception ex) { } public DomainInfo getDomain(WXPayConfig config) { return new IWXPayDomain.DomainInfo(WXPayConstants.DOMAIN_API, true); } }; return iwxPayDomain; } }
3.签名错误
微信沙箱环境MD5,其他默认SignType.HMACSHA256,WXPay如果isPayResultNotifySignatureValid该方法签名失败,用isResponseSignatureValid搞定
public WXPay(final WXPayConfig config, final String notifyUrl, final boolean autoReport, final boolean useSandbox) throws Exception {
this.config = config;
this.notifyUrl = notifyUrl;
this.autoReport = autoReport;
this.useSandbox = useSandbox;
if (useSandbox) {
this.signType = SignType.MD5; // 沙箱环境
}
else {
this.signType = SignType.HMACSHA256;
}
this.wxPayRequest = new WXPayRequest(config);
}
引用:https://blog.csdn.net/fuck487/article/details/89403771(很好)
https://blog.csdn.net/weixin_42161659/article/details/89097665