From ecb82d98e523ffa025286ffa617096dfe18c0398 Mon Sep 17 00:00:00 2001
From: liurunyu <lry9898@163.com>
Date: 星期一, 19 八月 2024 21:00:51 +0800
Subject: [PATCH] 把微信证书文件放入resources/wxCert文件夹中，读取证书文件类是pipIrrGlobal模块的WxCertUtil类。

---
 pipIrr-platform/pipIrr-web/pipIrr-web-wechat/src/main/java/com/dy/pipIrrWechat/util/PayHelper.java |   50 ++++++++++++++++++++++++++++++++++++++------------
 1 files changed, 38 insertions(+), 12 deletions(-)

diff --git a/pipIrr-platform/pipIrr-web/pipIrr-web-wechat/src/main/java/com/dy/pipIrrWechat/util/PayHelper.java b/pipIrr-platform/pipIrr-web/pipIrr-web-wechat/src/main/java/com/dy/pipIrrWechat/util/PayHelper.java
index 3aa2522..ea8ed6a 100644
--- a/pipIrr-platform/pipIrr-web/pipIrr-web-wechat/src/main/java/com/dy/pipIrrWechat/util/PayHelper.java
+++ b/pipIrr-platform/pipIrr-web/pipIrr-web-wechat/src/main/java/com/dy/pipIrrWechat/util/PayHelper.java
@@ -51,7 +51,6 @@
     private String resetUserSessionKeyUrl = PayInfo.resetUserSessionKeyUrl;
     private String notifyUrl = PayInfo.notifyUrl;
     private String schema = PayInfo.schema;
-    private String privateCertFileName = PayInfo.privateCertFileName;
     private String refundUrl = PayInfo.refundUrl;
 
     // 骞冲彴璇佷功鍏挜
@@ -73,12 +72,25 @@
 
     /**
      * 鑾峰彇鍟嗘埛璇佷功绉侀挜瀵硅薄
-     * @param filename 绉侀挜鏂囦欢璺緞
+     * @param certFileBs 绉侀挜鏂囦欢鍐呭
      * @return 绉侀挜瀵硅薄
      * @throws IOException
-     */
     public PrivateKey getPrivateKey(String filename) throws IOException {
         String content = new String(Files.readAllBytes(Paths.get(filename)), "utf-8");
+        try {
+            String privateKey = content.replace("-----BEGIN PRIVATE KEY-----", "")
+                    .replace("-----END PRIVATE KEY-----", "")
+                    .replaceAll("\\s+", "");
+            KeyFactory kf = KeyFactory.getInstance("RSA");
+            return kf.generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKey)));
+        } catch (NoSuchAlgorithmException e) {
+            throw new RuntimeException("褰撳墠Java鐜涓嶆敮鎸丷SA", e);
+        } catch (InvalidKeySpecException e) {
+            throw new RuntimeException("鏃犳晥鐨勫瘑閽ユ牸寮�");
+        }
+    }*/
+    public PrivateKey getPrivateKey(byte[] certFileBs) throws IOException {
+        String content = new String(certFileBs, "utf-8");
         try {
             String privateKey = content.replace("-----BEGIN PRIVATE KEY-----", "")
                     .replace("-----END PRIVATE KEY-----", "")
@@ -208,16 +220,21 @@
     /**
      * 绛惧悕
      * @param message 琚鍚嶄俊鎭�
-     * @param certFileName 绉侀挜璇佷功鏂囦欢璺緞
+     * @param certBs 绉侀挜璇佷功鏂囦欢鍐呭
      * @return signature绛惧悕鍊硷紝绛惧悕淇℃伅涓殑涓�椤癸紝鍙備笌鐢熸垚绛惧悕淇℃伅
      * @throws NoSuchAlgorithmException
      * @throws InvalidKeyException
      * @throws SignatureException
      * @throws IOException
-     */
     public String sign(byte[] message, String certFileName) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException {
         Signature sign = Signature.getInstance("SHA256withRSA");
         sign.initSign(getPrivateKey(certFileName));
+        sign.update(message);
+        return Base64.getEncoder().encodeToString(sign.sign());
+    }*/
+    public String sign(byte[] message, byte[] certBs) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException, Exception {
+        Signature sign = Signature.getInstance("SHA256withRSA");
+        sign.initSign(getPrivateKey(certBs));
         sign.update(message);
         return Base64.getEncoder().encodeToString(sign.sign());
     }
@@ -230,10 +247,19 @@
      * @return 绛惧悕淇℃伅锛孒TTP澶翠腑鐨勭鍚嶄俊鎭�
      * HTTP澶达細Authorization: 璁よ瘉绫诲瀷 绛惧悕淇℃伅
      * 璁よ瘉绫诲瀷锛學ECHATPAY2-SHA256-RSA2048
-     */
     public String getToken(String method, String url, String body, String nonceStr, Long timestamp, String certFileName) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException, SignatureException, InvalidKeyException, NoSuchPaddingException {
         String message = buildMessage_order(method, url, timestamp, nonceStr, body);
         String signature = sign(message.getBytes("utf-8"), certFileName);
+
+        return "mchid=\"" + PayInfo.mchid + "\","
+                + "nonce_str=\"" + nonceStr + "\","
+                + "timestamp=\"" + timestamp + "\","
+                + "serial_no=\"" + PayInfo.serial_no + "\","
+                + "signature=\"" + signature + "\"";
+    }*/
+    public String getToken(String method, String url, String body, String nonceStr, Long timestamp, byte[] certFileBs) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException, SignatureException, InvalidKeyException, Exception {
+        String message = buildMessage_order(method, url, timestamp, nonceStr, body);
+        String signature = sign(message.getBytes("utf-8"), certFileBs);
 
         return "mchid=\"" + PayInfo.mchid + "\","
                 + "nonce_str=\"" + nonceStr + "\","
@@ -259,13 +285,13 @@
     /**
      * 閲嶆柊涓嬭浇璇佷功
      */
-    public void refreshCertificate() throws GeneralSecurityException, IOException {
+    public void refreshCertificate(byte[] certFileBs) throws GeneralSecurityException, IOException , Exception {
         String method = "GET";
         String httpUrl = "/v3/certificates";
         String nonceStr = generateRandomString();
         Long timestamp = System.currentTimeMillis() / 1000;
 
-        String header = PayInfo.schema + " " + getToken(method, httpUrl, "", nonceStr, timestamp, PayInfo.privateCertFileName);
+        String header = PayInfo.schema + " " + getToken(method, httpUrl, "", nonceStr, timestamp, certFileBs);
 
         Map<String, String> headers = new HashMap<>();
         headers.put("Authorization", header);
@@ -330,10 +356,10 @@
      * @throws InvalidKeyException
      * @throws SignatureException
      */
-    public Boolean responseSignVerify(String wechatpaySerial, String signatureStr, String wechatpaySignature) throws GeneralSecurityException, IOException {
+    public Boolean responseSignVerify(String wechatpaySerial, String signatureStr, String wechatpaySignature, byte[] certFileBs) throws Exception {
         if(CERTIFICATE_MAP.isEmpty() || !CERTIFICATE_MAP.containsKey(wechatpaySerial)) {
             CERTIFICATE_MAP.clear();
-            refreshCertificate();
+            refreshCertificate(certFileBs);
         }
         Certificate certificate = (Certificate)CERTIFICATE_MAP.get(wechatpaySerial);
         if(certificate == null) {
@@ -457,7 +483,7 @@
      * @throws SignatureException
      * @throws InvalidKeyException
      */
-    public BaseResponse<Boolean> refunds(Refund po) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeySpecException, IOException, SignatureException, InvalidKeyException {
+    public BaseResponse<Boolean> refunds(Refund po, byte[] certFileBs) throws SignatureException, InvalidKeyException, Exception{
         String tradeNo = po.getTradeNo();
         String refundNo = po.getRefundNo();
         Integer refund = po.getRefund();
@@ -483,7 +509,7 @@
         String httpUrl = "/v3/refund/domestic/refunds";
 
         String body = JSONObject.toJSONString(refundRequest);
-        String header = schema + " " + getToken(method, httpUrl, body, nonceStr, timestamp, privateCertFileName);
+        String header = schema + " " + getToken(method, httpUrl, body, nonceStr, timestamp, certFileBs);
 
         Map<String, String> headers = new HashMap<>();
         headers.put("Authorization", header);

--
Gitblit v1.8.0