支付-统一处理回调验签

Author: buaazyl

weixin-java-pay/src/main/java/com/github/binarywang/wxpay/bean/ecommerce/SignatureHeader.java

@@ -3,6 +3,7 @@
 import com.github.binarywang.wxpay.bean.ecommerce.*;
 import com.github.binarywang.wxpay.bean.ecommerce.enums.FundBillTypeEnum;
 import com.github.binarywang.wxpay.bean.ecommerce.enums.SpAccountTypeEnum;
+import com.github.binarywang.wxpay.bean.notify.SignatureHeader;
 import com.github.binarywang.wxpay.bean.result.enums.TradeTypeEnum;
 import com.github.binarywang.wxpay.exception.WxPayException;
 

weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/EcommerceService.java

@@ -1,6 +1,6 @@
 package com.github.binarywang.wxpay.service;
 
-import com.github.binarywang.wxpay.bean.ecommerce.SignatureHeader;
+import com.github.binarywang.wxpay.bean.notify.SignatureHeader;
 import com.github.binarywang.wxpay.bean.marketing.*;
 import com.github.binarywang.wxpay.exception.WxPayException;
 

weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/MarketingFavorService.java

@@ -1,6 +1,6 @@
 package com.github.binarywang.wxpay.service;
 
-import com.github.binarywang.wxpay.bean.ecommerce.SignatureHeader;
+import com.github.binarywang.wxpay.bean.notify.SignatureHeader;
 import com.github.binarywang.wxpay.bean.payscore.PayScoreNotifyData;
 import com.github.binarywang.wxpay.bean.payscore.WxPartnerPayScoreRequest;
 import com.github.binarywang.wxpay.bean.payscore.WxPartnerPayScoreResult;

weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/PartnerPayScoreService.java

@@ -1,6 +1,6 @@
 package com.github.binarywang.wxpay.service;
 
-import com.github.binarywang.wxpay.bean.ecommerce.SignatureHeader;
+import com.github.binarywang.wxpay.bean.notify.SignatureHeader;
 import com.github.binarywang.wxpay.bean.payscore.PartnerUserSignPlanEntity;
 import com.github.binarywang.wxpay.bean.payscore.WxPartnerPayScoreSignPlanRequest;
 import com.github.binarywang.wxpay.bean.payscore.WxPartnerPayScoreSignPlanResult;

weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/PartnerPayScoreSignPlanService.java

@@ -1,6 +1,6 @@
 package com.github.binarywang.wxpay.service;
 
-import com.github.binarywang.wxpay.bean.ecommerce.SignatureHeader;
+import com.github.binarywang.wxpay.bean.notify.SignatureHeader;
 import com.github.binarywang.wxpay.bean.payscore.PayScoreNotifyData;
 import com.github.binarywang.wxpay.bean.payscore.UserAuthorizationStatusNotifyResult;
 import com.github.binarywang.wxpay.bean.payscore.WxPayScoreRequest;

weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/PayScoreService.java

@@ -11,6 +11,7 @@
 import com.github.binarywang.wxpay.config.WxPayConfig;
 import com.github.binarywang.wxpay.constant.WxPayConstants;
 import com.github.binarywang.wxpay.exception.WxPayException;
+import com.github.binarywang.wxpay.exception.WxSignTestException;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.client.methods.HttpRequestBase;
 
@@ -1069,6 +1070,16 @@ WxPayRefundQueryResult refundQuery(String transactionId, String outTradeNo, Stri
    */
   WxPayOrderNotifyResult parseOrderNotifyResult(String xmlData, String signType) throws WxPayException;
 
+  /**
+   * 校验通知签名
+   *
+   * @param header 通知头信息
+   * @param data   通知数据
+   * @return true:校验通过 false:校验不通过
+   * @throws WxSignTestException 微信支付签名探测流量异常
+   */
+  boolean verifyNotifySign(SignatureHeader header, String data) throws WxSignTestException;
+
   /**
    * 解析支付结果v3通知. 直连商户模式
    * 详见https://pay.weixin.qq.com/wiki/doc/apiv3/apis/chapter3_1_5.shtml

weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/WxPayService.java

@@ -1,28 +1,25 @@
 package com.github.binarywang.wxpay.service.impl;
 
-import static com.github.binarywang.wxpay.constant.WxPayConstants.QUERY_COMMENT_DATE_FORMAT;
-import static com.github.binarywang.wxpay.constant.WxPayConstants.TarType;
-import com.github.binarywang.wxpay.bean.coupon.*;
-import com.github.binarywang.wxpay.bean.notify.*;
-import com.github.binarywang.wxpay.bean.request.*;
-import com.github.binarywang.wxpay.bean.result.*;
-import com.github.binarywang.wxpay.service.*;
-import java.util.*;
-import com.github.binarywang.wxpay.bean.result.enums.GlobalTradeTypeEnum;
-import com.github.binarywang.wxpay.bean.result.enums.TradeTypeEnum;
 import com.github.binarywang.utils.qrcode.QrcodeUtils;
 import com.github.binarywang.wxpay.bean.WxPayApiData;
+import com.github.binarywang.wxpay.bean.coupon.*;
+import com.github.binarywang.wxpay.bean.notify.*;
 import com.github.binarywang.wxpay.bean.order.WxPayAppOrderResult;
 import com.github.binarywang.wxpay.bean.order.WxPayMpOrderResult;
 import com.github.binarywang.wxpay.bean.order.WxPayMwebOrderResult;
 import com.github.binarywang.wxpay.bean.order.WxPayNativeOrderResult;
+import com.github.binarywang.wxpay.bean.request.*;
+import com.github.binarywang.wxpay.bean.result.*;
+import com.github.binarywang.wxpay.bean.result.enums.GlobalTradeTypeEnum;
+import com.github.binarywang.wxpay.bean.result.enums.TradeTypeEnum;
 import com.github.binarywang.wxpay.bean.transfer.TransferBillsNotifyResult;
 import com.github.binarywang.wxpay.config.WxPayConfig;
 import com.github.binarywang.wxpay.config.WxPayConfigHolder;
 import com.github.binarywang.wxpay.constant.WxPayConstants.SignType;
 import com.github.binarywang.wxpay.constant.WxPayConstants.TradeType;
 import com.github.binarywang.wxpay.exception.WxPayException;
 import com.github.binarywang.wxpay.exception.WxSignTestException;
+import com.github.binarywang.wxpay.service.*;
 import com.github.binarywang.wxpay.util.SignUtils;
 import com.github.binarywang.wxpay.util.XmlConfig;
 import com.github.binarywang.wxpay.util.ZipUtils;
@@ -32,6 +29,14 @@
 import com.google.common.collect.Maps;
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
+import me.chanjar.weixin.common.error.WxRuntimeException;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.reflect.ConstructorUtils;
+import org.apache.http.entity.ContentType;
+
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
@@ -40,15 +45,12 @@
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.security.GeneralSecurityException;
+import java.util.*;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.zip.ZipException;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.extern.slf4j.Slf4j;
-import me.chanjar.weixin.common.error.WxRuntimeException;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.commons.lang3.reflect.ConstructorUtils;
-import org.apache.http.entity.ContentType;
+
+import static com.github.binarywang.wxpay.constant.WxPayConstants.QUERY_COMMENT_DATE_FORMAT;
+import static com.github.binarywang.wxpay.constant.WxPayConstants.TarType;
 
 /**
  * <pre>
@@ -526,7 +528,8 @@ public WxPayOrderNotifyResult parseOrderNotifyResult(String xmlData, String sign
    * @param data   通知数据
    * @return true:校验通过 false:校验不通过
    */
-  private boolean verifyNotifySign(SignatureHeader header, String data) throws WxSignTestException {
+  @Override
+  public boolean verifyNotifySign(SignatureHeader header, String data) throws WxSignTestException {
     String wxPaySign = header.getSignature();
     if (wxPaySign.startsWith("WECHATPAY/SIGNTEST/")) {
       throw new WxSignTestException("微信支付签名探测流量");
@@ -1360,8 +1363,8 @@ public WxPayMicropayResult micropay(WxPayMicropayRequest request) throws WxPayEx
   @Override
   public WxPayCodepayResult codepay(WxPayCodepayRequest request) throws WxPayException {
     // 判断是否为服务商模式：如果设置了sp_appid或sp_mchid或sub_mchid中的任何一个，则认为是服务商模式
-    boolean isPartnerMode = StringUtils.isNotBlank(request.getSpAppid()) 
-        || StringUtils.isNotBlank(request.getSpMchid()) 
+    boolean isPartnerMode = StringUtils.isNotBlank(request.getSpAppid())
+        || StringUtils.isNotBlank(request.getSpMchid())
         || StringUtils.isNotBlank(request.getSubMchid());
 
     if (isPartnerMode) {

weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/BaseWxPayServiceImpl.java

@@ -4,7 +4,7 @@
 import com.github.binarywang.wxpay.bean.businesscircle.PaidResult;
 import com.github.binarywang.wxpay.bean.businesscircle.PointsNotifyRequest;
 import com.github.binarywang.wxpay.bean.businesscircle.RefundResult;
-import com.github.binarywang.wxpay.bean.ecommerce.SignatureHeader;
+import com.github.binarywang.wxpay.bean.notify.SignatureHeader;
 import com.github.binarywang.wxpay.exception.WxPayException;
 import com.github.binarywang.wxpay.service.BusinessCircleService;
 import com.github.binarywang.wxpay.service.WxPayService;
@@ -38,22 +38,9 @@ public void notifyPoints(PointsNotifyRequest request) throws WxPayException {
     this.payService.postV3WithWechatpaySerial(url, GSON.toJson(request));
   }
 
-  /**
-   * 校验通知签名
-   *
-   * @param header 通知头信息
-   * @param data   通知数据
-   * @return true:校验通过 false:校验不通过
-   */
-  private boolean verifyNotifySign(SignatureHeader header, String data) {
-    String beforeSign = String.format("%s\n%s\n%s\n", header.getTimeStamp(), header.getNonce(), data);
-    return payService.getConfig().getVerifier().verify(header.getSerialNo(),
-      beforeSign.getBytes(StandardCharsets.UTF_8), header.getSigned());
-  }
-
-  @Override
+@Override
   public BusinessCircleNotifyData parseNotifyData(String data, SignatureHeader header) throws WxPayException {
-    if (Objects.nonNull(header) && !this.verifyNotifySign(header, data)) {
+    if (Objects.nonNull(header) && !this.payService.verifyNotifySign(header, data)) {
       throw new WxPayException("非法请求，头部信息验证失败");
     }
     return GSON.fromJson(data, BusinessCircleNotifyData.class);

weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/BusinessCircleServiceImpl.java

@@ -3,6 +3,7 @@
 import com.github.binarywang.wxpay.bean.ecommerce.*;
 import com.github.binarywang.wxpay.bean.ecommerce.enums.FundBillTypeEnum;
 import com.github.binarywang.wxpay.bean.ecommerce.enums.SpAccountTypeEnum;
+import com.github.binarywang.wxpay.bean.notify.SignatureHeader;
 import com.github.binarywang.wxpay.bean.result.enums.TradeTypeEnum;
 import com.github.binarywang.wxpay.exception.WxPayException;
 import com.github.binarywang.wxpay.service.EcommerceService;
@@ -28,7 +29,6 @@
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.net.URI;
-import java.nio.charset.StandardCharsets;
 import java.security.GeneralSecurityException;
 import java.text.DateFormat;
 import java.util.*;
@@ -83,7 +83,7 @@ public <T> T combineTransactions(TradeTypeEnum tradeType, CombineTransactionsReq
 
   @Override
   public CombineTransactionsNotifyResult parseCombineNotifyResult(String notifyData, SignatureHeader header) throws WxPayException {
-    if (Objects.nonNull(header) && !this.verifyNotifySign(header, notifyData)) {
+    if (Objects.nonNull(header) && !payService.verifyNotifySign(header, notifyData)) {
       throw new WxPayException("非法请求，头部信息验证失败");
     }
     NotifyResponse response = GSON.fromJson(notifyData, NotifyResponse.class);
@@ -129,7 +129,7 @@ public <T> T partnerTransactions(TradeTypeEnum tradeType, PartnerTransactionsReq
 
   @Override
   public PartnerTransactionsNotifyResult parsePartnerNotifyResult(String notifyData, SignatureHeader header) throws WxPayException {
-    if (Objects.nonNull(header) && !this.verifyNotifySign(header, notifyData)) {
+    if (Objects.nonNull(header) && !payService.verifyNotifySign(header, notifyData)) {
       throw new WxPayException("非法请求，头部信息验证失败");
     }
     NotifyResponse response = GSON.fromJson(notifyData, NotifyResponse.class);
@@ -318,7 +318,7 @@ public RefundQueryResult queryRefundByOutRefundNo(String subMchid, String outRef
 
   @Override
   public RefundNotifyResult parseRefundNotifyResult(String notifyData, SignatureHeader header) throws WxPayException {
-    if (Objects.nonNull(header) && !this.verifyNotifySign(header, notifyData)) {
+    if (Objects.nonNull(header) && !payService.verifyNotifySign(header, notifyData)) {
       throw new WxPayException("非法请求，头部信息验证失败");
     }
     NotifyResponse response = GSON.fromJson(notifyData, NotifyResponse.class);
@@ -339,7 +339,7 @@ public RefundNotifyResult parseRefundNotifyResult(String notifyData, SignatureHe
 
   @Override
   public WithdrawNotifyResult parseWithdrawNotifyResult(String notifyData, SignatureHeader header) throws WxPayException {
-    if (Objects.nonNull(header) && !this.verifyNotifySign(header, notifyData)) {
+    if (Objects.nonNull(header) && !payService.verifyNotifySign(header, notifyData)) {
       throw new WxPayException("非法请求，头部信息验证失败");
     }
     NotifyResponse response = GSON.fromJson(notifyData, NotifyResponse.class);
@@ -491,22 +491,6 @@ public AccountCancelApplicationsMediaResult uploadMediaAccountCancelApplication(
     }
   }
 
-  /**
-   * 校验通知签名
-   *
-   * @param header 通知头信息
-   * @param data   通知数据
-   * @return true:校验通过 false:校验不通过
-   */
-  private boolean verifyNotifySign(SignatureHeader header, String data) {
-    String beforeSign = String.format("%s\n%s\n%s\n",
-      header.getTimeStamp(),
-      header.getNonce(),
-      data);
-    return payService.getConfig().getVerifier().verify(header.getSerialNo(),
-      beforeSign.getBytes(StandardCharsets.UTF_8), header.getSigned());
-  }
-
   /**
    * 对象拼接到url
    *