🎨 #3288【微信支付】修复由于微信签名探测导致的验签错误的问题

2025-04-05 08:37:32 +08:00 · 2024-11-29 16:29:37 +08:00 · 2024-11-29 16:29:37 +08:00 · c6a38ae7dd
commit c6a38ae7dd
parent 577f2e6a0b
3 changed files with 43 additions and 2 deletions
--- a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/exception/WxSignTestException.java
+++ b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/exception/WxSignTestException.java
@ -0,0 +1,31 @@
+package com.github.binarywang.wxpay.exception;
+
+/**
+ * <pre>
+ *   微信支付签名探测异常类
+ * </pre>
+ * @author je45
+ * @date 2024/11/27 9:35
+ */
+public class WxSignTestException extends WxPayException {
+  private static final long serialVersionUID = -303371909244098058L;
+
+  /**
+   * Instantiates a new Wx pay exception.
+   *
+   * @param customErrorMsg the custom error msg
+   */
+  public WxSignTestException(String customErrorMsg) {
+    super(customErrorMsg);
+  }
+
+  /**
+   * Instantiates a new Wx pay exception.
+   *
+   * @param customErrorMsg the custom error msg
+   * @param tr             the tr
+   */
+  public WxSignTestException(String customErrorMsg, Throwable tr) {
+    super(customErrorMsg, tr);
+  }
+}
--- a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/BaseWxPayServiceImpl.java
+++ b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/BaseWxPayServiceImpl.java
@ -17,6 +17,7 @@ import com.github.binarywang.wxpay.constant.WxPayConstants;
 import com.github.binarywang.wxpay.constant.WxPayConstants.SignType;
 import com.github.binarywang.wxpay.constant.WxPayConstants.TradeType;
 import com.github.binarywang.wxpay.exception.WxPayException;
+import com.github.binarywang.wxpay.exception.WxSignTestException;
 import com.github.binarywang.wxpay.service.*;
 import com.github.binarywang.wxpay.util.SignUtils;
 import com.github.binarywang.wxpay.util.XmlConfig;
@ -343,7 +344,11 @@ public abstract class BaseWxPayServiceImpl implements WxPayService {
   * @param data   通知数据
   * @return true:校验通过 false:校验不通过
   */
-  private boolean verifyNotifySign(SignatureHeader header, String data) {
+  private boolean verifyNotifySign(SignatureHeader header, String data) throws WxSignTestException {
+    String wxPaySign = header.getSignature();
+    if(wxPaySign.startsWith("WECHATPAY/SIGNTEST/")){
+      throw new WxSignTestException("微信支付签名探测流量");
+    }
    String beforeSign = String.format("%s\n%s\n%s\n",
      header.getTimeStamp(),
      header.getNonce(),
--- a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/PayScoreServiceImpl.java
+++ b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/PayScoreServiceImpl.java
@ -7,6 +7,7 @@ import com.github.binarywang.wxpay.bean.payscore.WxPayScoreRequest;
 import com.github.binarywang.wxpay.bean.payscore.WxPayScoreResult;
 import com.github.binarywang.wxpay.config.WxPayConfig;
 import com.github.binarywang.wxpay.exception.WxPayException;
+import com.github.binarywang.wxpay.exception.WxSignTestException;
 import com.github.binarywang.wxpay.service.PayScoreService;
 import com.github.binarywang.wxpay.service.WxPayService;
 import com.github.binarywang.wxpay.v3.util.AesUtils;
@ -327,7 +328,11 @@ public class PayScoreServiceImpl implements PayScoreService {
   * @param data   通知数据
   * @return true:校验通过 false:校验不通过
   */
-  private boolean verifyNotifySign(SignatureHeader header, String data) {
+  private boolean verifyNotifySign(SignatureHeader header, String data) throws WxSignTestException {
+    String wxPaySign = header.getSigned();
+    if(wxPaySign.startsWith("WECHATPAY/SIGNTEST/")){
+      throw new WxSignTestException("微信支付签名探测流量");
+    }
    String beforeSign = String.format("%s\n%s\n%s\n", header.getTimeStamp(), header.getNonce(), data);
    return payService.getConfig().getVerifier().verify(header.getSerialNo(),
      beforeSign.getBytes(StandardCharsets.UTF_8), header.getSigned());