话不多说,先上代码!
<?php
namespace app\admin\controller;
use think\Db;
use WeChatPay\Crypto\Rsa;
use WeChatPay\Builder;
use WeChatPay\Util\PemUtil;
class Withdraw{
private $wechatpaySerialNumber; // 微信平台证书号
private $mchId = '16********'; //商户号
private $apiclientCertPath = __DIR__.'/../../../public/cert/apiclient_cert.pem'; // 商家证书
private $apiclientKeyPath = __DIR__.'/../../../public/cert/apiclient_key.pem'; // 商家私钥
private $wechatpaySerial = __DIR__.'/../../../public/cert/wechatpay_180C1851467539054B23C6A05EBD2A46A95F0A1C.pem'; // 微信平台证书,需要下载
private $APIv3 = "GWD0mE*************"; // 32位,下载证书需要使用
public function withDraw(){
$tradeNo = ""; // 系统订单号
$withDrawAmount = '2'; // 转账金额,单位元
$userOpenid = 'or8GV5bfhUnlO8wtsEPzHkj37mNc'; // 微信用户的openid
$userRealName = '周三'; // 真实姓名用于微信支付验证
$url = 'https://api.mch.weixin.qq.com/v3/transfer/batches';
$pars = [
'appid' => 'wxf45667a****f****',//直连商户的appid
'out_batch_no' => 'kc' . date('Ymd') . mt_rand(1000, 9999), //商户系统内部的商家批次单号,要求此参数只能由数字、大小写字母组成,在商户系统内部唯一
'batch_name' => '用户提现',//该笔批量转账的名称
'batch_remark' => '用户提现', //转账说明,UTF8编码,最多允许32个字符
'total_amount' => intval(strval($withDrawAmount * 100)), //转账总金额 单位为“分”
'total_num' => 1,
'transfer_detail_list' => []
];
$pars['transfer_detail_list'][0] = [
'out_detail_no' => $tradeNo,
'transfer_amount' => intval(strval($withDrawAmount * 100)),
'transfer_remark' => '用户提现',
'openid' => $userOpenid
];//转账明细列表
//0.3元以下不支持实名校验
if ($withDrawAmount>0.3) $pars['transfer_detail_list'][0]['user_name'] = $this->getEncrypt($çuserRealName);
$token = $this->getToken($pars); //获取token
$this->getPlatformCertificateSerial();//获取微信支付平台证书序列号
$res = $this->https_request($url, $token, json_encode($pars)); //发送请求
$resArr = json_decode($res, true);
logs('微信体现结果',true,$res);
return $resArr;
}
public function getToken($pars) {
$url = 'https://api.mch.weixin.qq.com/v3/transfer/batches';
$http_method = 'POST'; //请求方法(GET,POST,PUT)
$timestamp = time(); //请求时间戳
$url_parts = parse_url($url); //获取请求的绝对URL
$nonce = $timestamp . rand('10000', '99999'); //请求随机串
$body = json_encode((object) $pars); //请求报文主体
$stream_opts = [
"ssl" => [
"verify_peer" => false,
"verify_peer_name" => false,
]
];
$apiclient_cert_arr = openssl_x509_parse(file_get_contents($this->apiclientCertPath, false, stream_context_create($stream_opts)));
$serial_no = $apiclient_cert_arr['serialNumberHex']; //证书序列号
$mch_private_key = file_get_contents($this->apiclientKeyPath, false, stream_context_create($stream_opts)); //密钥
$merchant_id = $this->mchId; //商户id
$canonical_url = ($url_parts['path'] . (!empty($url_parts['query']) ? "?${url_parts['query']}" : ""));
$message = $http_method . "\n" .
$canonical_url . "\n" .
$timestamp . "\n" .
$nonce . "\n" .
$body . "\n";
openssl_sign($message, $raw_sign, $mch_private_key, 'sha256WithRSAEncryption');
$sign = base64_encode($raw_sign); //签名
$token = sprintf('mchid="%s",nonce_str="%s",timestamp="%d",serial_no="%s",signature="%s"',
$merchant_id, $nonce, $timestamp, $serial_no, $sign); //微信返回token
return $token;
}
//获取微信支付平台证书序列号
private function getPlatformCertificateSerial()
{
// 从本地文件中加载「商户API私钥」,「商户API私钥」会用来生成请求的签名
$merchantPrivateKeyInstance = Rsa::from(file_get_contents($this->apiclientKeyPath), Rsa::KEY_TYPE_PRIVATE);
// 「商户API证书」的「证书序列号」
$apiclient_cert_arr = openssl_x509_parse(file_get_contents($this->apiclientCertPath, false, stream_context_create([])));
$merchantCertificateSerial = $apiclient_cert_arr['serialNumberHex'];
// 从本地文件中加载「微信支付平台证书」,用来验证微信支付应答的签名
$platformCertificateFilePath = file_get_contents($this->wechatpaySerial);
$platformPublicKeyInstance = Rsa::from($platformCertificateFilePath, Rsa::KEY_TYPE_PUBLIC);
// 从「微信支付平台证书」中获取「证书序列号」
$platformCertificateSerial = PemUtil::parseCertificateSerialNo($platformCertificateFilePath);
// 构造一个 APIv3 客户端实例
$instance = Builder::factory([
'mchid' => $this->mchId,
'serial' => $merchantCertificateSerial,
'privateKey' => $merchantPrivateKeyInstance,
'certs' => [
$platformCertificateSerial => $platformPublicKeyInstance,
],
]);
// 发送请求
$resp = $instance->chain('v3/certificates')->get(
['debug' => false] // 调试模式,https://docs.guzzlephp.org/en/stable/request-options.html#debug
);
$result = json_decode(($resp->getBody()), true);
$this->wechatpaySerialNumber = $result['data'][0]['serial_no'];
}
function https_request($url, $token, $data = null) {
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, (string) $url);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE);
if (!empty($data)) {
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
}
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
//添加请求头
$headers = [
'Authorization:WECHATPAY2-SHA256-RSA2048 ' . $token,
'Accept: application/json',
'Content-Type: application/json; charset=utf-8',
'User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',
'Wechatpay-Serial:'.$this->wechatpaySerialNumber,
];
if (!empty($headers)) {
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
}
$output = curl_exec($curl);
curl_close($curl);
return $output;
}
//加密敏感字符,如真实姓名
private function getEncrypt($str) {
//$str是待加密字符串
$public_key = file_get_contents($this->wechatpaySerial);
$encrypted = '';
if (openssl_public_encrypt($str, $encrypted, $public_key, OPENSSL_PKCS1_OAEP_PADDING)) {
//base64编码
$sign = base64_encode($encrypted);
} else {
throw new Exception('encrypt failed');
}
return $sign;
}
}
这是结果:
{"batch_id":"13100050807920150294292202309089211*******","batch_status":"ACCEPTED","create_time":"2023-09-08T13:47:17+08:00","out_batch_no":"kc20230908****"}
接入这个api,最坑人的是获取微信平台序列号,也就是getPlatformCertificateSerial()方法,特别容易误解为使用商户的证书去请求,实则不是,需要手动去下载微信平台的证书,那么改怎么去下载呢?
前人已经给我们铺好路啦,这里通过使用composer及wechatpay-php来下载微信支付平台证书。
先安装好这个包:
composer require wechatpay/wechatpay
安装好以后,执行下面命令:
~/Sites/XHS/manhuapw.com/public/cert/ [main] composer exec CertificateDownloader.php
No composer.json in current directory, do you want to use the one at /Users/xiaoge/Sites/XHS/manhuapw.com? [Y,n]?
Always want to use the parent dir? Use "composer config --global use-parent-dir true" to change the default.
Usage: 微信支付平台证书下载工具 [-hV]
-f=<privateKeyFilePath> -k=<apiv3Key> -m=<merchantId>
-s=<serialNo> -o=[outputFilePath] -u=[baseUri]
Options:
-m, --mchid=<merchantId> 商户号
-s, --serialno=<serialNo> 商户证书的序列号
-f, --privatekey=<privateKeyFilePath>
商户的私钥文件
-k, --key=<apiv3Key> APIv3密钥
-o, --output=[outputFilePath]
下载成功后保存证书的路径,可选,默认为临时文件目录夹
-u, --baseuri=[baseUri] 接入点,可选,默认为 https://api.mch.weixin.qq.com/
-V, --version Print version information and exit.
-h, --help Show this help message and exit.
可以看到执行这个命令所需要的参数和参数说明,然后根据自己商户号的信息阻止命令
./CertificateDownloader.php -k GWD0mEOcVtVg1m8URF*********** -m 162******* -f /Users/xiaoge/Sites/XHS/*****/public/cert/apiclient_key.pem -s 35C9FF05D3312ECA2E1D250*********** -o /Users/xiaoge/Sites/XHS/*****/public/cert
他可以有多种方式去执行,详细参考:mirrors / wechatpay-apiv3 / wechatpay-php · GitCode
然后可以看到在output路径会生成一个新的文件,这个就是微信平台的证书。
到这里我们已经下载好微信平台证书了,可以通过这个证书去获取我们需要的加密信息所要使用的 序列号了,也就是wechatpaySerialNumber。
给大家看看证书的样子
为什么需要使用微信平台的序列号呢?按照微信文档的说法就是请求参数中有 user_name这种敏感信息的话,就需要再请求header中添加 ‘Wechatpay-Serial:’.$this->wechatpaySerialNumber,所以我们需要获取他。
通过函数getPlatformCertificateSerial可以得到serial_no,这个就是微信平台序列号,这个值会变,但是有不是经常变,所以我每次都请求微信接口去获取。
这是他的样子
然后继续去请求微信的支付api就可以得到成功的结果啦!难点只有:获取微信平台证书,其他的都很简单,按着文档来就行啦
要是哪里没有说对的话欢迎在评论区指正!