🎨 #3498【微信支付】服务商模式-兼容公钥模式下请求头序列号以及灰度切换

2025-04-04 23:39:36 +08:00 · 2025-03-17 10:58:50 +08:00 · 2025-03-17 10:58:50 +08:00 · 5ac9922f8d
commit 5ac9922f8d
parent 03790d64bc
4 changed files with 30 additions and 14 deletions
--- a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/config/WxPayConfig.java
+++ b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/config/WxPayConfig.java
@ -320,16 +320,7 @@ public class WxPayConfig {
      //构造Http Proxy正向代理
      WxPayHttpProxy wxPayHttpProxy = getWxPayHttpProxy();

-      Verifier certificatesVerifier;
-      if (publicKey == null) {
-        certificatesVerifier =
-          new AutoUpdateCertificatesVerifier(
-            new WxPayCredentials(mchId, new PrivateKeySigner(certSerialNo, merchantPrivateKey)),
-            this.getApiV3Key().getBytes(StandardCharsets.UTF_8), this.getCertAutoUpdateTime(),
-            this.getPayBaseUrl(), wxPayHttpProxy);
-      } else {
-        certificatesVerifier = new PublicCertificateVerifier(publicKey, publicKeyId);
-      }
+      Verifier certificatesVerifier = getVerifier(merchantPrivateKey, wxPayHttpProxy, publicKey);

      WxPayV3HttpClientBuilder wxPayV3HttpClientBuilder = WxPayV3HttpClientBuilder.create()
        .withMerchant(mchId, certSerialNo, merchantPrivateKey)
@ -355,6 +346,19 @@ public class WxPayConfig {
    }
  }

+  private Verifier getVerifier(PrivateKey merchantPrivateKey, WxPayHttpProxy wxPayHttpProxy, PublicKey publicKey) {
+    Verifier certificatesVerifier = new AutoUpdateCertificatesVerifier(
+      new WxPayCredentials(mchId, new PrivateKeySigner(certSerialNo, merchantPrivateKey)),
+      this.getApiV3Key().getBytes(StandardCharsets.UTF_8), this.getCertAutoUpdateTime(),
+      this.getPayBaseUrl(), wxPayHttpProxy);
+    if (publicKey != null) {
+      Verifier publicCertificatesVerifier = new PublicCertificateVerifier(publicKey, publicKeyId);
+      publicCertificatesVerifier.setOtherVerifier(certificatesVerifier);
+      certificatesVerifier = publicCertificatesVerifier;
+    }
+    return certificatesVerifier;
+  }
+
  /**
   * 初始化一个WxPayHttpProxy对象
   *
@ -382,7 +386,7 @@ public class WxPayConfig {
    if (configContent != null) {
      return new ByteArrayInputStream(configContent);
    }
-    
+
    if (StringUtils.isNotEmpty(configString)) {
      configContent = Base64.getDecoder().decode(configString);
      return new ByteArrayInputStream(configContent);
--- a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/WxPayServiceApacheHttpImpl.java
+++ b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/WxPayServiceApacheHttpImpl.java
@ -100,6 +100,8 @@ public class WxPayServiceApacheHttpImpl extends BaseWxPayServiceImpl {
    HttpPost httpPost = this.createHttpPost(url, requestStr);
    httpPost.addHeader(ACCEPT, APPLICATION_JSON);
    httpPost.addHeader(CONTENT_TYPE, APPLICATION_JSON);
+    String serialNumber = getWechatpaySerial(getConfig());
+    httpPost.addHeader("Wechatpay-Serial", serialNumber);
    try (CloseableHttpResponse response = httpClient.execute(httpPost)) {
      //v3已经改为通过状态码判断200 204 成功
      int statusCode = response.getStatusLine().getStatusCode();
@ -387,10 +389,9 @@ public class WxPayServiceApacheHttpImpl extends BaseWxPayServiceImpl {
   * @return
   */
  private String getWechatpaySerial(WxPayConfig wxPayConfig) {
-    String serialNumber = wxPayConfig.getVerifier().getValidCertificate().getSerialNumber().toString(16).toUpperCase();
    if (StringUtils.isNotBlank(wxPayConfig.getPublicKeyId())) {
-      serialNumber = wxPayConfig.getPublicKeyId();
+      return wxPayConfig.getPublicKeyId();
    }
-    return serialNumber;
+    return wxPayConfig.getVerifier().getValidCertificate().getSerialNumber().toString(16).toUpperCase();
  }
 }
--- a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/PublicCertificateVerifier.java
+++ b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/PublicCertificateVerifier.java
@ -9,6 +9,8 @@ public class PublicCertificateVerifier implements Verifier{

    private final PublicKey publicKey;

+    private Verifier certificateVerifier;
+
    private final X509PublicCertificate publicCertificate;

    public PublicCertificateVerifier(PublicKey publicKey, String publicId) {
@ -16,8 +18,15 @@ public class PublicCertificateVerifier implements Verifier{
        this.publicCertificate = new X509PublicCertificate(publicKey, publicId);
    }

+   public void setOtherVerifier(Verifier verifier) {
+      this.certificateVerifier = verifier;
+   }
+
    @Override
    public boolean verify(String serialNumber, byte[] message, String signature) {
+        if (!serialNumber.contains("PUB_KEY_ID")) {
+            return this.certificateVerifier.verify(serialNumber, message, signature);
+        }
        try {
            Signature sign = Signature.getInstance("SHA256withRSA");
            sign.initVerify(publicKey);
--- a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/Verifier.java
+++ b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/Verifier.java
@ -7,4 +7,6 @@ public interface Verifier {


  X509Certificate getValidCertificate();
+
+  default void setOtherVerifier(Verifier verifier) {};
 }