平台证书微信平台是没有提供的,需要我们自个获取
需要准备的东西如下:
商户号、apiclient_key.pem(下载证书的时候有提供)、api秘钥
依赖
<!-- alipay-->
<dependency>
<groupId>com.alipay.sdk</groupId>
<artifactId>alipay-sdk-java</artifactId>
<!--<version>3.7.26.ALL</version>-->
</dependency>
下面开始上代码
/**
* 获取平台证书
*
* @return
*/
@Override
public Map<String, Object> getPlatformCertificate() {
// 获取平台证书列表
try {
IJPayHttpResponse response = WxPayApi.v3(
RequestMethod.GET,
WxDomain.CHINA.toString(),
WxApiType.GET_CERTIFICATES.toString(),
WxPayConfig.MCH_ID,
getSerialNumber(),
null,
WxPayConfig.keyPath,
""
);
//String timestamp = response.getHeader("Wechatpay-Timestamp");
//String nonceStr = response.getHeader("Wechatpay-Nonce");
String serialNumber = response.getHeader("Wechatpay-Serial");
//String signature = response.getHeader("Wechatpay-Signature");
String body = response.getBody();
int status = response.getStatus();
log.info("serialNumber: {}", serialNumber);
log.info("status: {}", status);
log.info("body: {}", body);
int isOk = 200;
if (status == isOk) {
cn.hutool.json.JSONObject jsonObject = JSONUtil.parseObj(body);
JSONArray dataArray = jsonObject.getJSONArray("data");
// 默认认为只有一个平台证书
cn.hutool.json.JSONObject encryptObject = dataArray.getJSONObject(0);
JSONObject encryptCertificate = encryptObject.getJSONObject("encrypt_certificate");
String associatedData = encryptCertificate.getStr("associated_data");
String cipherText = encryptCertificate.getStr("ciphertext");
String nonce = encryptCertificate.getStr("nonce");
String serialNo = encryptObject.getStr("serial_no");
//平台证书文件要存在,即使是空的
String platSerialNo = savePlatformCert(associatedData, nonce, cipherText, WxPayConfig.platformCertPath);
log.info("平台证书序列号: {} serialNo: {}", platSerialNo, serialNo);
}
// 根据证书序列号查询对应的证书来验证签名结果
boolean verifySignature = WxPayKit.verifySignature(response, WxPayConfig.platformCertPath);
System.out.println("verifySignature:" + verifySignature);
Map<String, Object> maps = (Map<String, Object>) JSON.parse(body);
return maps;
} catch (Exception e) {
e.printStackTrace();
throw new CustomException("系统繁忙,请稍后重试");
}
}
/**
* 保存平台证书
*
* @param associatedData 关联数据
* @param nonce 随机字符串
* @param cipherText 密文
* @param certPath 证书路径
* @return
*/
private String savePlatformCert(String associatedData, String nonce, String cipherText, String certPath) {
try {
AesUtil aesUtil = new AesUtil(WxPayConfig.API_SECRET.getBytes(StandardCharsets.UTF_8));
// 平台证书密文解密
// encrypt_certificate 中的 associated_data nonce ciphertext
String publicKey = aesUtil.decryptToString(associatedData.getBytes(StandardCharsets.UTF_8), nonce.getBytes(StandardCharsets.UTF_8), cipherText);
// 保存证书
FileWriter writer = new FileWriter(certPath);
writer.write(publicKey);
// 获取平台证书序列号
X509Certificate certificate = PayKit.getCertificate(new ByteArrayInputStream(publicKey.getBytes()));
return certificate.getSerialNumber().toString(16).toUpperCase();
} catch (Exception e) {
e.printStackTrace();
return e.getMessage();
}
}
/**
* 平台证书 格式.pem 这里需要用绝对路径
*/
public static final String platformCertPath = "classpath:cert/platformCert.pem";
执行后平台证书就下载到target目录下了
-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----
