Map params = Maps.newHashMap();
Map requestMap = request.getParameterMap();
for (Iterator iterator = requestMap.keySet().iterator();iterator.hasNext();) {
String name = (String)iterator.next();
String[] values = (String[]) requestMap.get(name);
String valueStr = "";
for (int i = 0; i< values.length; i++) {
valueStr = (1 == values.length - 1)?valueStr + values[i]:valueStr + values[i] + ",";
}
params.put(name, valueStr);
}
log.info("支付宝回调, sign: {}, trade_status: {}, 参数: {}",
params.get("sign"), params.get("trade_status"), params.toString());
params.remove("sign_type");
log.info("Configs.getAlipayPublicKey()" + Configs.getAlipayPublicKey());
log.info("Configs.getSignType()" + Configs.getSignType());
try {
boolean alipayRSACheckedV2 = AlipaySignature.rsaCheckV2(params, Configs.getAlipayPublicKey(), "utf-8",
Configs.getSignType());
if (!alipayRSACheckedV2)
return ServerResponse.ERROR("恶意请求, 我要报警");
} catch (AlipayApiException e) {
log.error("支付宝验证sign异常");
}
alipay的公钥能从 Configs.getAlipayPublicKey() 获取到, 也是和支付宝里面设置的支付宝公钥一样,就是在 boolean alipayRSACheckedV2 = AlipaySignature.rsaCheckV2
这个 alipayRSACheckedV2 判断是false