pipIrr-SV.git - Gitblit

			@@ -5,6 +5,7 @@
			import com.alibaba.fastjson2.JSONObject;
			import com.dy.common.webUtil.BaseResponse;
			import com.dy.common.webUtil.BaseResponseUtils;
			import com.dy.pipIrrGlobal.cert.WxCertUtil;
			import com.dy.pipIrrGlobal.pojoSe.SeVirtualCard;
			import com.dy.pipIrrGlobal.voSe.VoOrders;
			import com.dy.pipIrrSell.result.SellResultCode;
			@@ -15,14 +16,13 @@
			import com.dy.pipIrrSell.wechatpay.dto.RefundResponse;
			import com.dy.pipIrrSell.wechatpay.dto.ToRefund;
			import lombok.RequiredArgsConstructor;
			import org.springframework.core.io.ResourceLoader;
			import org.springframework.stereotype.Component;

			import javax.crypto.NoSuchPaddingException;
			import java.io.ByteArrayInputStream;
			import java.io.IOException;
			import java.nio.charset.StandardCharsets;
			import java.nio.file.Files;
			import java.nio.file.Paths;
			import java.security.*;
			import java.security.cert.Certificate;
			import java.security.cert.CertificateException;
			@@ -50,7 +50,6 @@
			private String resetUserSessionKeyUrl = PayInfo.resetUserSessionKeyUrl;
			private String notifyUrl = PayInfo.notifyUrl;
			private String schema = PayInfo.schema;
			private String privateCertFileName = PayInfo.privateCertFileName;
			private String refundUrl = PayInfo.refundUrl;

			// 平台证书公钥
			@@ -75,9 +74,31 @@
			* @param filename 私钥文件路径
			* @return 私钥对象
			* @throws IOException
			*/

			public PrivateKey getPrivateKey(String filename) throws IOException {
			String content = new String(Files.readAllBytes(Paths.get(filename)), "utf-8");
			try {
			String privateKey = content.replace("-----BEGIN PRIVATE KEY-----", "")
			.replace("-----END PRIVATE KEY-----", "")
			.replaceAll("\\s+", "");
			KeyFactory kf = KeyFactory.getInstance("RSA");
			return kf.generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKey)));
			} catch (NoSuchAlgorithmException e) {
			throw new RuntimeException("当前Java环境不支持RSA", e);
			} catch (InvalidKeySpecException e) {
			throw new RuntimeException("无效的密钥格式");
			}
			}
			*/

			/**
			* 获取商户证书私钥对象
			* @param bs 私钥文件内容
			* @return 私钥对象
			* @throws IOException
			*/
			public PrivateKey getPrivateKey(byte[] bs) throws IOException {
			String content = new String(bs, "utf-8");
			try {
			String privateKey = content.replace("-----BEGIN PRIVATE KEY-----", "")
			.replace("-----END PRIVATE KEY-----", "")
			@@ -213,10 +234,25 @@
			* @throws InvalidKeyException
			* @throws SignatureException
			* @throws IOException
			*/
			public String sign(byte[] message, String certFileName) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException {
			Signature sign = Signature.getInstance("SHA256withRSA");
			sign.initSign(getPrivateKey(certFileName));
			sign.update(message);
			return Base64.getEncoder().encodeToString(sign.sign());
			}*/
			/**
			* 签名
			* @param message 被签名信息
			* @param certFileBs 私钥证书文件内容
			* @return signature签名值，签名信息中的一项，参与生成签名信息
			* @throws NoSuchAlgorithmException
			* @throws InvalidKeyException
			* @throws SignatureException
			* @throws IOException
			*/
			public String sign(byte[] message, byte[] certFileBs) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException {
			Signature sign = Signature.getInstance("SHA256withRSA");
			sign.initSign(getPrivateKey(certFileBs));
			sign.update(message);
			return Base64.getEncoder().encodeToString(sign.sign());
			}
			@@ -229,10 +265,30 @@
			* @return 签名信息，HTTP头中的签名信息
			* HTTP头：Authorization: 认证类型签名信息
			* 认证类型，WECHATPAY2-SHA256-RSA2048
			*/
			public String getToken(String method, String url, String body, String nonceStr, Long timestamp, String certFileName) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException, SignatureException, InvalidKeyException, NoSuchPaddingException {
			String message = buildMessage_order(method, url, timestamp, nonceStr, body);
			String signature = sign(message.getBytes("utf-8"), certFileName);

			return "mchid=\"" + PayInfo.mchid + "\","
			+ "nonce_str=\"" + nonceStr + "\","
			+ "timestamp=\"" + timestamp + "\","
			+ "serial_no=\"" + PayInfo.serial_no + "\","
			+ "signature=\"" + signature + "\"";
			}
			*/

			/**
			* 获取签名信息
			* @param method
			* @param url
			* @param body
			* @return 签名信息，HTTP头中的签名信息
			* HTTP头：Authorization: 认证类型签名信息
			* 认证类型，WECHATPAY2-SHA256-RSA2048
			*/
			public String getToken(String method, String url, String body, String nonceStr, Long timestamp, byte[] certFileBs) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException, SignatureException, InvalidKeyException, NoSuchPaddingException {
			String message = buildMessage_order(method, url, timestamp, nonceStr, body);
			String signature = sign(message.getBytes("utf-8"), certFileBs);

			return "mchid=\"" + PayInfo.mchid + "\","
			+ "nonce_str=\"" + nonceStr + "\","
			@@ -258,13 +314,13 @@
			/**
			* 重新下载证书
			*/
			public void refreshCertificate() throws GeneralSecurityException, IOException {
			public void refreshCertificate(byte[] keyPemBs) throws GeneralSecurityException, IOException, Exception {
			String method = "GET";
			String httpUrl = "/v3/certificates";
			String nonceStr = generateRandomString();
			Long timestamp = System.currentTimeMillis() / 1000;

			String header = PayInfo.schema + " " + getToken(method, httpUrl, "", nonceStr, timestamp, PayInfo.privateCertFileName);
			String header = PayInfo.schema + " " + getToken(method, httpUrl, "", nonceStr, timestamp, keyPemBs);

			Map<String, String> headers = new HashMap<>();
			headers.put("Authorization", header);
			@@ -329,10 +385,10 @@
			* @throws InvalidKeyException
			* @throws SignatureException
			*/
			public Boolean responseSignVerify(String wechatpaySerial, String signatureStr, String wechatpaySignature) throws GeneralSecurityException, IOException {
			public Boolean responseSignVerify(String wechatpaySerial, String signatureStr, String wechatpaySignature, byte[] keyPemBs) throws GeneralSecurityException, IOException, Exception {
			if(CERTIFICATE_MAP.isEmpty() \|\| !CERTIFICATE_MAP.containsKey(wechatpaySerial)) {
			CERTIFICATE_MAP.clear();
			refreshCertificate();
			refreshCertificate(keyPemBs);
			}
			Certificate certificate = (Certificate)CERTIFICATE_MAP.get(wechatpaySerial);
			if(certificate == null) {
			@@ -456,13 +512,14 @@
			* @throws SignatureException
			* @throws InvalidKeyException
			*/
			public BaseResponse<Boolean> refunds(Refund po) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeySpecException, IOException, SignatureException, InvalidKeyException {
			public BaseResponse<Boolean> refunds(Refund po, ResourceLoader resourceLoader) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeySpecException, IOException, SignatureException, InvalidKeyException, Exception {
			String tradeNo = po.getTradeNo();
			String refundNo = po.getRefundNo();
			Integer refund = po.getRefund();

			// 生成body
			Integer total = virtualCardSv.getRechargeAmountByOrderNumber(tradeNo);
			// 生成body，金额单位由元改为分
			//Integer total = virtualCardSv.getRechargeAmountByOrderNumber(tradeNo);
			Integer total = (int)(virtualCardSv.getRechargeAmountByOrderNumber(tradeNo)*100);
			RefundRequest.Amount amount = new RefundRequest.Amount();
			amount.setRefund(refund);
			amount.setTotal(total);
			@@ -482,7 +539,7 @@
			String httpUrl = "/v3/refund/domestic/refunds";

			String body = JSONObject.toJSONString(refundRequest);
			String header = schema + " " + getToken(method, httpUrl, body, nonceStr, timestamp, privateCertFileName);
			String header = schema + " " + getToken(method, httpUrl, body, nonceStr, timestamp, WxCertUtil.getKey_pemBytes(resourceLoader));

			Map<String, String> headers = new HashMap<>();
			headers.put("Authorization", header);