From 5ac9922f8d56e345ecc4ded6b095a8a14957a1d5 Mon Sep 17 00:00:00 2001
From: SynchPj <46849861+SynchPj@users.noreply.github.com>
Date: Mon, 17 Mar 2025 10:58:50 +0800
Subject: [PATCH] =?UTF-8?q?:art:=20#3498=E3=80=90=E5=BE=AE=E4=BF=A1?=
 =?UTF-8?q?=E6=94=AF=E4=BB=98=E3=80=91=E6=9C=8D=E5=8A=A1=E5=95=86=E6=A8=A1?=
 =?UTF-8?q?=E5=BC=8F-=E5=85=BC=E5=AE=B9=E5=85=AC=E9=92=A5=E6=A8=A1?=
 =?UTF-8?q?=E5=BC=8F=E4=B8=8B=E8=AF=B7=E6=B1=82=E5=A4=B4=E5=BA=8F=E5=88=97?=
 =?UTF-8?q?=E5=8F=B7=E4=BB=A5=E5=8F=8A=E7=81=B0=E5=BA=A6=E5=88=87=E6=8D=A2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../binarywang/wxpay/config/WxPayConfig.java  | 26 +++++++++++--------
 .../impl/WxPayServiceApacheHttpImpl.java      |  7 ++---
 .../v3/auth/PublicCertificateVerifier.java    |  9 +++++++
 .../binarywang/wxpay/v3/auth/Verifier.java    |  2 ++
 4 files changed, 30 insertions(+), 14 deletions(-)

diff --git a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/config/WxPayConfig.java b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/config/WxPayConfig.java
index 35558d563..dedbc6413 100644
--- a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/config/WxPayConfig.java
+++ b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/config/WxPayConfig.java
@@ -320,16 +320,7 @@ public class WxPayConfig {
       //构造Http Proxy正向代理
       WxPayHttpProxy wxPayHttpProxy = getWxPayHttpProxy();
 
-      Verifier certificatesVerifier;
-      if (publicKey == null) {
-        certificatesVerifier =
-          new AutoUpdateCertificatesVerifier(
-            new WxPayCredentials(mchId, new PrivateKeySigner(certSerialNo, merchantPrivateKey)),
-            this.getApiV3Key().getBytes(StandardCharsets.UTF_8), this.getCertAutoUpdateTime(),
-            this.getPayBaseUrl(), wxPayHttpProxy);
-      } else {
-        certificatesVerifier = new PublicCertificateVerifier(publicKey, publicKeyId);
-      }
+      Verifier certificatesVerifier = getVerifier(merchantPrivateKey, wxPayHttpProxy, publicKey);
 
       WxPayV3HttpClientBuilder wxPayV3HttpClientBuilder = WxPayV3HttpClientBuilder.create()
         .withMerchant(mchId, certSerialNo, merchantPrivateKey)
@@ -355,6 +346,19 @@ public class WxPayConfig {
     }
   }
 
+  private Verifier getVerifier(PrivateKey merchantPrivateKey, WxPayHttpProxy wxPayHttpProxy, PublicKey publicKey) {
+    Verifier certificatesVerifier = new AutoUpdateCertificatesVerifier(
+      new WxPayCredentials(mchId, new PrivateKeySigner(certSerialNo, merchantPrivateKey)),
+      this.getApiV3Key().getBytes(StandardCharsets.UTF_8), this.getCertAutoUpdateTime(),
+      this.getPayBaseUrl(), wxPayHttpProxy);
+    if (publicKey != null) {
+      Verifier publicCertificatesVerifier = new PublicCertificateVerifier(publicKey, publicKeyId);
+      publicCertificatesVerifier.setOtherVerifier(certificatesVerifier);
+      certificatesVerifier = publicCertificatesVerifier;
+    }
+    return certificatesVerifier;
+  }
+
   /**
    * 初始化一个WxPayHttpProxy对象
    *
@@ -382,7 +386,7 @@ public class WxPayConfig {
     if (configContent != null) {
       return new ByteArrayInputStream(configContent);
     }
-    
+
     if (StringUtils.isNotEmpty(configString)) {
       configContent = Base64.getDecoder().decode(configString);
       return new ByteArrayInputStream(configContent);
diff --git a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/WxPayServiceApacheHttpImpl.java b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/WxPayServiceApacheHttpImpl.java
index 7fd793979..d8ba95971 100644
--- a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/WxPayServiceApacheHttpImpl.java
+++ b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/WxPayServiceApacheHttpImpl.java
@@ -100,6 +100,8 @@ public class WxPayServiceApacheHttpImpl extends BaseWxPayServiceImpl {
     HttpPost httpPost = this.createHttpPost(url, requestStr);
     httpPost.addHeader(ACCEPT, APPLICATION_JSON);
     httpPost.addHeader(CONTENT_TYPE, APPLICATION_JSON);
+    String serialNumber = getWechatpaySerial(getConfig());
+    httpPost.addHeader("Wechatpay-Serial", serialNumber);
     try (CloseableHttpResponse response = httpClient.execute(httpPost)) {
       //v3已经改为通过状态码判断200 204 成功
       int statusCode = response.getStatusLine().getStatusCode();
@@ -387,10 +389,9 @@ public class WxPayServiceApacheHttpImpl extends BaseWxPayServiceImpl {
    * @return
    */
   private String getWechatpaySerial(WxPayConfig wxPayConfig) {
-    String serialNumber = wxPayConfig.getVerifier().getValidCertificate().getSerialNumber().toString(16).toUpperCase();
     if (StringUtils.isNotBlank(wxPayConfig.getPublicKeyId())) {
-      serialNumber = wxPayConfig.getPublicKeyId();
+      return wxPayConfig.getPublicKeyId();
     }
-    return serialNumber;
+    return wxPayConfig.getVerifier().getValidCertificate().getSerialNumber().toString(16).toUpperCase();
   }
 }
diff --git a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/PublicCertificateVerifier.java b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/PublicCertificateVerifier.java
index 9344fc6f8..45f76818c 100644
--- a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/PublicCertificateVerifier.java
+++ b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/PublicCertificateVerifier.java
@@ -9,6 +9,8 @@ public class PublicCertificateVerifier implements Verifier{
 
     private final PublicKey publicKey;
 
+    private Verifier certificateVerifier;
+
     private final X509PublicCertificate publicCertificate;
 
     public PublicCertificateVerifier(PublicKey publicKey, String publicId) {
@@ -16,8 +18,15 @@ public class PublicCertificateVerifier implements Verifier{
         this.publicCertificate = new X509PublicCertificate(publicKey, publicId);
     }
 
+   public void setOtherVerifier(Verifier verifier) {
+      this.certificateVerifier = verifier;
+   }
+
     @Override
     public boolean verify(String serialNumber, byte[] message, String signature) {
+        if (!serialNumber.contains("PUB_KEY_ID")) {
+            return this.certificateVerifier.verify(serialNumber, message, signature);
+        }
         try {
             Signature sign = Signature.getInstance("SHA256withRSA");
             sign.initVerify(publicKey);
diff --git a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/Verifier.java b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/Verifier.java
index 49f92e2f5..22676601c 100644
--- a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/Verifier.java
+++ b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/Verifier.java
@@ -7,4 +7,6 @@ public interface Verifier {
 
 
   X509Certificate getValidCertificate();
+
+  default void setOtherVerifier(Verifier verifier) {};
 }