pipIrr-SV.git - Gitblit

			@@ -1,10 +1,12 @@
			package com.dy.pipIrrSell.wechatpay;

			import com.alibaba.fastjson2.JSON;
			import com.alibaba.fastjson2.JSONObject;
			import com.dy.common.aop.SsoAop;
			import com.dy.common.webUtil.BaseResponse;
			import com.dy.common.webUtil.BaseResponseUtils;
			import com.dy.common.webUtil.ResultCodeMsg;
			import com.dy.pipIrrGlobal.cert.WxCertUtil;
			import com.dy.pipIrrGlobal.pojoSe.*;
			import com.dy.pipIrrGlobal.voSe.VoClient;
			import com.dy.pipIrrSell.client.ClientSv;
			@@ -17,19 +19,19 @@
			import com.dy.pipIrrSell.virtualCard.enums.LastOperateENUM;
			import com.dy.pipIrrSell.virtualCard.enums.RefundItemStateENUM;
			import com.dy.pipIrrSell.wallet.enums.RefundStatusENUM;
			import com.dy.pipIrrSell.wechatpay.dto.Code2Session;
			import com.dy.pipIrrSell.wechatpay.dto.DtoOrder;
			import com.dy.pipIrrSell.wechatpay.dto.OrderNotify;
			import com.dy.pipIrrSell.wechatpay.dto.*;
			import io.swagger.v3.oas.annotations.Operation;
			import io.swagger.v3.oas.annotations.media.Content;
			import io.swagger.v3.oas.annotations.media.Schema;
			import io.swagger.v3.oas.annotations.responses.ApiResponse;
			import io.swagger.v3.oas.annotations.responses.ApiResponses;
			import io.swagger.v3.oas.annotations.tags.Tag;
			import jakarta.servlet.http.HttpServletRequest;
			import jakarta.servlet.http.HttpServletResponse;
			import jakarta.validation.Valid;
			import lombok.RequiredArgsConstructor;
			import lombok.extern.slf4j.Slf4j;
			import org.springframework.core.io.ResourceLoader;
			import org.springframework.http.HttpHeaders;
			import org.springframework.http.MediaType;
			import org.springframework.transaction.annotation.Transactional;
			@@ -37,6 +39,7 @@
			import org.springframework.web.bind.annotation.*;

			import javax.crypto.NoSuchPaddingException;
			import java.io.BufferedReader;
			import java.io.IOException;
			import java.security.GeneralSecurityException;
			import java.security.InvalidKeyException;
			@@ -44,10 +47,7 @@
			import java.security.SignatureException;
			import java.security.spec.InvalidKeySpecException;
			import java.text.SimpleDateFormat;
			import java.util.Date;
			import java.util.HashMap;
			import java.util.Map;
			import java.util.Objects;
			import java.util.*;

			/**
			* @author ZhuBaoMin
			@@ -62,14 +62,17 @@
			@RequestMapping(path="payment")
			@RequiredArgsConstructor
			public class PaymentCtrl {
			private final ResourceLoader resourceLoader;

			private final PaymentSv paymentSv;
			private final RestTemplateUtil restTemplateUtil;
			private final PayHelper payHelper;
			private final VirtualCardSv virtualCardSv;
			private final ClientSv clientSv;

			private final String privateCertFileName = PayInfo.privateCertFileName;
			//private final String privateCertFileName = PayInfo.privateCertFileName;
			private final String appid = PayInfo.appid;
			private final String secret = PayInfo.secret;
			private final String mchid = PayInfo.mchid;
			private final String schema = PayInfo.schema;
			private final String signType = PayInfo.signType;
			@@ -82,7 +85,7 @@
			private final Map CERTIFICATE_MAP = new HashMap();

			/**
			* 登录凭证校验
			* 登录凭证校验，农户绑定账号逻辑包含登录凭证校验，此接口作废
			* @param code2Session 登录凭证校验传入对象
			* @param bindingResult
			* @return
			@@ -105,10 +108,13 @@
			return BaseResponseUtils.buildFail(Objects.requireNonNull(bindingResult.getFieldError()).getDefaultMessage());
			}

			String phoneNumber = code2Session.getPhoneNumber();
			String jsCode = code2Session.getJs_code();

			Map<String, Object> queryParams = new HashMap<>();
			queryParams.put("appid", appid);
			queryParams.put("secret", code2Session.getSecret());
			queryParams.put("js_code", code2Session.getJs_code());
			queryParams.put("secret", secret);
			queryParams.put("js_code", jsCode);
			queryParams.put("grant_type", grantType);
			Map<String, String> headerParams = new HashMap<>();
			JSONObject job = restTemplateUtil.get(loginUrl, queryParams, headerParams);
			@@ -120,19 +126,24 @@
			String openid = job.getString("openid");
			String sessionKey = job.getString("session_key");

			// 添加登录态记录
			SeWebchatLogonState po = new SeWebchatLogonState();
			po.setOpenId(openid);
			po.setSessionKey(sessionKey);
			Date createTime = new Date();
			po.setCreateTime(createTime);
			Long id = paymentSv.insert(po);
			if(id == null \|\| id <= 0) {
			return BaseResponseUtils.buildFail("登录态记录添加失败");
			}
			String SessionId = String.valueOf(id);
			Long clientId = clientSv.getClientIdByPhone(phoneNumber);
			String SessionId = "";
			if(clientId != null) {
			// 添加微信用户账户记录
			SeOpenId seOpenId = new SeOpenId();
			seOpenId.setClientId(clientId);
			seOpenId.setOpenId(openid);
			seOpenId.setSessionKey(sessionKey);
			seOpenId.setCreateTime(new Date());
			Long rec = clientSv.addOpenId(seOpenId);
			if(rec != null) {
			SessionId = String.valueOf(rec);
			}
			return BaseResponseUtils.buildSuccess(SessionId);

			return BaseResponseUtils.buildSuccess(SessionId) ;
			} else {
			return BaseResponseUtils.buildError(SellResultCode.PHONE_NUMBER_IS_ERROR.getMessage());
			}
			}

			/**
			@@ -158,7 +169,8 @@
			String nonceStr = payHelper.generateRandomString();
			Long timestamp = System.currentTimeMillis() / 1000;

			String header = schema + " " + payHelper.getToken(method, httpUrl, "", nonceStr, timestamp, privateCertFileName);
			byte[] keyPemBs = WxCertUtil.getKey_pemBytes(resourceLoader) ;
			String header = schema + " " + payHelper.getToken(method, httpUrl, "", nonceStr, timestamp, keyPemBs);

			Map<String, String> headers = new HashMap<>();
			headers.put("Authorization", header);
			@@ -176,7 +188,7 @@
			// 构造验签名串
			String signatureStr = payHelper.responseSign(wechatpayTimestamp, wechatpayNonce, job_body.toJSONString());
			// 验证签名
			Boolean valid = payHelper.responseSignVerify(wechatpaySerial, signatureStr, wechatpaySignature);
			Boolean valid = payHelper.responseSignVerify(wechatpaySerial, signatureStr, wechatpaySignature, keyPemBs);

			return BaseResponseUtils.buildSuccess();
			}
			@@ -199,18 +211,16 @@
			@PostMapping(path = "placeOrder")
			@Transactional(rollbackFor = Exception.class)
			@SsoAop()
			public BaseResponse<Boolean> placeOrder(@RequestBody @Valid DtoOrder order, BindingResult bindingResult) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeySpecException, IOException, SignatureException, InvalidKeyException {
			public BaseResponse<Boolean> placeOrder(@RequestBody @Valid DtoOrder order, BindingResult bindingResult) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeySpecException, IOException, SignatureException, InvalidKeyException, Exception {
			if(bindingResult != null && bindingResult.hasErrors()){
			return BaseResponseUtils.buildFail(Objects.requireNonNull(bindingResult.getFieldError()).getDefaultMessage());
			}
			// 接收参数：登录态ID、农户ID、虚拟卡ID、充值金额
			// 接收参数：登录态ID、虚拟卡ID、充值金额（分）
			Long sessionId = order.getSessionId();
			Long virtualId = order.getVirtualId();
			Integer rechargeAmount = order.getRechargeAmount();
			Long virtualId = order.getVcId();
			//Integer rechargeAmount = order.getRechargeAmount();

			String prepayId = "";
			//SeWebchatLogonState po = paymentSv.selectOne(Long.parseLong(sessionId));
			//String openid = po.getOpenId();

			SeOpenId po = paymentSv.selectOne(sessionId);
			String openid = po.getOpenId();
			@@ -230,7 +240,7 @@
			virtualCard.setOrderNumber(orderNumber);
			virtualCard.setClientId(clientId);
			virtualCard.setVirtualId(virtualId);
			virtualCard.setRechargeAmount(rechargeAmount);
			virtualCard.setRechargeAmount(order.getRechargeAmount());
			BaseResponse result = virtualCardSv.insertVCRecharge(virtualCard);
			if(!result.getCode().equals("0001")) {
			return BaseResponseUtils.buildFail(SellResultCode.RECHARGE_ADD_FAIL.getMessage());
			@@ -245,7 +255,7 @@

			//订单金额
			JSONObject job_amount = new JSONObject();
			job_amount.put("total", 1);
			job_amount.put("total", (int)(order.getRechargeAmount()*100));
			job_amount.put("currency", "CNY");
			job_body.put("amount", job_amount);

			@@ -262,7 +272,7 @@
			String httpUrl = "/v3/pay/transactions/jsapi";

			String body = job_body.toJSONString();
			String header = schema + " " + payHelper.getToken(method, httpUrl, body, nonceStr, timestamp, privateCertFileName);
			String header = schema + " " + payHelper.getToken(method, httpUrl, body, nonceStr, timestamp, WxCertUtil.getKey_pemBytes(resourceLoader));

			Map<String, String> headers = new HashMap<>();
			headers.put("Authorization", header);
			@@ -274,13 +284,52 @@
			if(job_result == null) {
			return BaseResponseUtils.buildFail(SellResultCode.RECHARGE_ADD_FAIL.getMessage());
			}

			return BaseResponseUtils.buildSuccess(job_result) ;
			}

			/**
			* 再次签名
			* @param prepayId 预支付交易会话标识
			* @return 小程序调起支付参数
			* @throws Exception
			*/
			@Operation(summary = "再次签名", description = "再次签名")
			@ApiResponses(value = {
			@ApiResponse(
			responseCode = ResultCodeMsg.RsCode.SUCCESS_CODE,
			description = "操作结果：true：成功，false：失败（BaseResponse.content）",
			content = {@Content(mediaType = MediaType.APPLICATION_JSON_VALUE,
			schema = @Schema(implementation = Boolean.class))}
			)
			})
			@GetMapping(path = "/signAgain")
			@Transactional(rollbackFor = Exception.class)
			@SsoAop()
			public BaseResponse<JSONObject> signAgain(@RequestParam("prepayId") String prepayId) throws Exception {

			// 获取随机串和时间戳，放在此处以保证
			String appid = PayInfo.appid;
			String timeStamp = String.valueOf(System.currentTimeMillis() / 1000);
			String nonceStr = payHelper.generateRandomString();
			String pkg = "prepay_id=" + prepayId;
			String message = payHelper.buildMessage_signAgain(appid, timeStamp, nonceStr, pkg);
			String paySign = payHelper.sign(message.getBytes("utf-8"), WxCertUtil.getKey_pemBytes(resourceLoader));

			JSONObject job_result = new JSONObject();
			job_result.put("timeStamp", timeStamp);
			job_result.put("nonceStr", nonceStr);
			job_result.put("package", pkg);
			job_result.put("signType", signType);
			job_result.put("paySign", paySign);

			return BaseResponseUtils.buildSuccess(job_result) ;
			}

			/**
			* 支付通知/退款结果通知
			* @param headers
			* @param orderNotify
			* @param request
			* @param response
			* @return
			* @throws IOException
			@@ -298,12 +347,12 @@
			@PostMapping(path = "orderNotify", consumes = MediaType.APPLICATION_JSON_VALUE)
			@Transactional(rollbackFor = Exception.class)
			@SsoAop()
			public JSONObject orderNotify(@RequestHeader HttpHeaders headers, @RequestBody OrderNotify orderNotify, HttpServletResponse response) throws IOException, GeneralSecurityException {
			public JSONObject orderNotify(@RequestHeader HttpHeaders headers, HttpServletRequest request, HttpServletResponse response) throws IOException, GeneralSecurityException, Exception {
			JSONObject result = new JSONObject();

			/**
			* 1.验签处理
			* 从header中取出4个子参数，同时取出body
			* 从header中取出4个子参数
			* 验时间差，超过5分钟的不处理
			* 验证签名
			* 验证书序列号，必须与某一个证书的序列号一致
			@@ -312,7 +361,18 @@
			String wechatpaySerial = String.valueOf(headers.get("Wechatpay-Serial").get(0));
			String wechatpaySignature = String.valueOf(headers.get("Wechatpay-Signature").get(0));
			String wechatpayTimestamp = String.valueOf(headers.get("Wechatpay-Timestamp").get(0));
			String bodyStr = JSONObject.toJSONString(orderNotify);

			// 获取body内容
			BufferedReader reader = request.getReader();
			StringBuilder stringBuilder = new StringBuilder();
			String line;
			while ((line = reader.readLine()) != null) {
			stringBuilder.append(line);
			}
			String bodyStr = stringBuilder.toString();

			// body转对象
			OrderNotify orderNotify = JSON.parseObject(bodyStr, OrderNotify.class);

			// 验时间戳，时间差大于5分钟的拒绝
			Long timeDiff = (System.currentTimeMillis() / 1000 - Long.parseLong(wechatpayTimestamp))/60;
			@@ -325,8 +385,9 @@

			// 构造验签名串
			String signatureStr = payHelper.responseSign(wechatpayTimestamp, wechatpayNonce, bodyStr);
			byte[] keyPemBs = WxCertUtil.getKey_pemBytes(resourceLoader) ;
			// 验证签名
			Boolean valid = payHelper.responseSignVerify(wechatpaySerial, signatureStr, wechatpaySignature);
			Boolean valid = payHelper.responseSignVerify(wechatpaySerial, signatureStr, wechatpaySignature, keyPemBs);
			if(!valid) {
			response.setStatus(500);
			result.put("code", "FAIL");
			@@ -348,10 +409,7 @@
			return result;
			}

			/**
			* 解密处理
			* 1
			*/
			// 解密处理
			String eventType = orderNotify.getEvent_type();

			if(eventType != null && eventType.equals("TRANSACTION.SUCCESS")) {
			@@ -361,7 +419,7 @@
			* 取出通知数据对象，继而取出解密所需的associatedData和nonce，以及密文ciphertext
			* 解密ciphertext得到
			*/
			OrderNotify.NotifyResource notifyResource = orderNotify.getResource();
			NotifyResource notifyResource = orderNotify.getResource();
			String associatedData = notifyResource.getAssociated_data();
			String nonce = notifyResource.getNonce();
			String ciphertext = notifyResource.getCiphertext();
			@@ -369,19 +427,22 @@
			String resource = AesUtil.decryptToString(PayInfo.key.getBytes("utf-8"), associatedData.getBytes("utf-8"), nonce.getBytes("utf-8"), ciphertext);
			JSONObject job_resource = JSONObject.parseObject(resource);

			// 解密后取出：商户订单员、微信支付订单号、交易状态、支付完成时间
			// 解密后取出：商户订单号、微信支付订单号、交易状态、支付完成时间
			String out_trade_no = job_resource.getString("out_trade_no");
			String transaction_id = job_resource.getString("transaction_id");
			String trade_state = job_resource.getString("trade_state");
			Date success_time = job_resource.getDate("success_time");

			// 更新虚拟卡表及充值表响应字段
			BaseResponse result_ = virtualCardSv.updateVCRecharge(out_trade_no, success_time);
			if(!result_.getCode().equals("0001")) {
			response.setStatus(500);
			result.put("code", "FAIL");
			result.put("message", "失败");
			return result;
			// 如果当前订单状态为未支付状态，则更新虚拟卡表及充值表响应字段
			SeVcRecharge seVcRecharge = virtualCardSv.getVCRechargeByorderNumber(out_trade_no);
			if(seVcRecharge != null && seVcRecharge.getOrderState() == 1) {
			BaseResponse result_ = virtualCardSv.updateVCRecharge(out_trade_no, success_time);
			if(!result_.getCode().equals("0001")) {
			response.setStatus(500);
			result.put("code", "FAIL");
			result.put("message", "失败");
			return result;
			}
			}
			} else if(eventType != null && eventType.equals("REFUND.SUCCESS")) {
			// 退款成功后回调
			@@ -390,7 +451,7 @@
			* 取出通知数据对象，继而取出解密所需的associatedData和nonce，以及密文ciphertext
			* 解密ciphertext得到
			*/
			OrderNotify.NotifyResource notifyResource = orderNotify.getResource();
			NotifyResource notifyResource = orderNotify.getResource();
			String associatedData = notifyResource.getAssociated_data();
			String nonce = notifyResource.getNonce();
			String ciphertext = notifyResource.getCiphertext();
			@@ -456,41 +517,4 @@
			return result;
			}

			/**
			* 再次签名
			* @param prepayId 预支付交易会话标识
			* @return 小程序调起支付参数
			* @throws Exception
			*/
			@Operation(summary = "再次签名", description = "再次签名")
			@ApiResponses(value = {
			@ApiResponse(
			responseCode = ResultCodeMsg.RsCode.SUCCESS_CODE,
			description = "操作结果：true：成功，false：失败（BaseResponse.content）",
			content = {@Content(mediaType = MediaType.APPLICATION_JSON_VALUE,
			schema = @Schema(implementation = Boolean.class))}
			)
			})
			@GetMapping(path = "/signAgain")
			@Transactional(rollbackFor = Exception.class)
			@SsoAop()
			public BaseResponse<JSONObject> signAgain(@RequestParam("prepayId") String prepayId) throws Exception {

			// 获取随机串和时间戳，放在此处以保证
			String appid = PayInfo.appid;
			String timestamp = String.valueOf(System.currentTimeMillis() / 1000);
			String nonceStr = payHelper.generateRandomString();
			String pkg = "prepay_id=" + prepayId;
			String message = payHelper.buildMessage_signAgain(appid, timestamp, nonceStr, pkg);
			String paySign = payHelper.sign(message.getBytes("utf-8"), privateCertFileName);

			JSONObject job_result = new JSONObject();
			job_result.put("timestamp", timestamp);
			job_result.put("nonceStr", nonceStr);
			job_result.put("package", pkg);
			job_result.put("signType", signType);
			job_result.put("paySign", paySign);

			return BaseResponseUtils.buildSuccess(job_result) ;
			}
			}