diff --git a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/config/WxPayConfig.java b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/config/WxPayConfig.java index 35558d563..dedbc6413 100644 --- a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/config/WxPayConfig.java +++ b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/config/WxPayConfig.java @@ -320,16 +320,7 @@ public class WxPayConfig { //构造Http Proxy正向代理 WxPayHttpProxy wxPayHttpProxy = getWxPayHttpProxy(); - Verifier certificatesVerifier; - if (publicKey == null) { - certificatesVerifier = - new AutoUpdateCertificatesVerifier( - new WxPayCredentials(mchId, new PrivateKeySigner(certSerialNo, merchantPrivateKey)), - this.getApiV3Key().getBytes(StandardCharsets.UTF_8), this.getCertAutoUpdateTime(), - this.getPayBaseUrl(), wxPayHttpProxy); - } else { - certificatesVerifier = new PublicCertificateVerifier(publicKey, publicKeyId); - } + Verifier certificatesVerifier = getVerifier(merchantPrivateKey, wxPayHttpProxy, publicKey); WxPayV3HttpClientBuilder wxPayV3HttpClientBuilder = WxPayV3HttpClientBuilder.create() .withMerchant(mchId, certSerialNo, merchantPrivateKey) @@ -355,6 +346,19 @@ public class WxPayConfig { } } + private Verifier getVerifier(PrivateKey merchantPrivateKey, WxPayHttpProxy wxPayHttpProxy, PublicKey publicKey) { + Verifier certificatesVerifier = new AutoUpdateCertificatesVerifier( + new WxPayCredentials(mchId, new PrivateKeySigner(certSerialNo, merchantPrivateKey)), + this.getApiV3Key().getBytes(StandardCharsets.UTF_8), this.getCertAutoUpdateTime(), + this.getPayBaseUrl(), wxPayHttpProxy); + if (publicKey != null) { + Verifier publicCertificatesVerifier = new PublicCertificateVerifier(publicKey, publicKeyId); + publicCertificatesVerifier.setOtherVerifier(certificatesVerifier); + certificatesVerifier = publicCertificatesVerifier; + } + return certificatesVerifier; + } + /** * 初始化一个WxPayHttpProxy对象 * @@ -382,7 +386,7 @@ public class WxPayConfig { if (configContent != null) { return new ByteArrayInputStream(configContent); } - + if (StringUtils.isNotEmpty(configString)) { configContent = Base64.getDecoder().decode(configString); return new ByteArrayInputStream(configContent); diff --git a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/WxPayServiceApacheHttpImpl.java b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/WxPayServiceApacheHttpImpl.java index 7fd793979..d8ba95971 100644 --- a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/WxPayServiceApacheHttpImpl.java +++ b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/WxPayServiceApacheHttpImpl.java @@ -100,6 +100,8 @@ public class WxPayServiceApacheHttpImpl extends BaseWxPayServiceImpl { HttpPost httpPost = this.createHttpPost(url, requestStr); httpPost.addHeader(ACCEPT, APPLICATION_JSON); httpPost.addHeader(CONTENT_TYPE, APPLICATION_JSON); + String serialNumber = getWechatpaySerial(getConfig()); + httpPost.addHeader("Wechatpay-Serial", serialNumber); try (CloseableHttpResponse response = httpClient.execute(httpPost)) { //v3已经改为通过状态码判断200 204 成功 int statusCode = response.getStatusLine().getStatusCode(); @@ -387,10 +389,9 @@ public class WxPayServiceApacheHttpImpl extends BaseWxPayServiceImpl { * @return */ private String getWechatpaySerial(WxPayConfig wxPayConfig) { - String serialNumber = wxPayConfig.getVerifier().getValidCertificate().getSerialNumber().toString(16).toUpperCase(); if (StringUtils.isNotBlank(wxPayConfig.getPublicKeyId())) { - serialNumber = wxPayConfig.getPublicKeyId(); + return wxPayConfig.getPublicKeyId(); } - return serialNumber; + return wxPayConfig.getVerifier().getValidCertificate().getSerialNumber().toString(16).toUpperCase(); } } diff --git a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/PublicCertificateVerifier.java b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/PublicCertificateVerifier.java index 9344fc6f8..45f76818c 100644 --- a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/PublicCertificateVerifier.java +++ b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/PublicCertificateVerifier.java @@ -9,6 +9,8 @@ public class PublicCertificateVerifier implements Verifier{ private final PublicKey publicKey; + private Verifier certificateVerifier; + private final X509PublicCertificate publicCertificate; public PublicCertificateVerifier(PublicKey publicKey, String publicId) { @@ -16,8 +18,15 @@ public class PublicCertificateVerifier implements Verifier{ this.publicCertificate = new X509PublicCertificate(publicKey, publicId); } + public void setOtherVerifier(Verifier verifier) { + this.certificateVerifier = verifier; + } + @Override public boolean verify(String serialNumber, byte[] message, String signature) { + if (!serialNumber.contains("PUB_KEY_ID")) { + return this.certificateVerifier.verify(serialNumber, message, signature); + } try { Signature sign = Signature.getInstance("SHA256withRSA"); sign.initVerify(publicKey); diff --git a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/Verifier.java b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/Verifier.java index 49f92e2f5..22676601c 100644 --- a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/Verifier.java +++ b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/Verifier.java @@ -7,4 +7,6 @@ public interface Verifier { X509Certificate getValidCertificate(); + + default void setOtherVerifier(Verifier verifier) {}; }