获取并解析平台证书以及平台证书验签以及微信支付插入信息添加用户id

2024-12-27 15:48:18 +08:00
parent 641d59467c
commit 3197e29b87
7 changed files with 224 additions and 18 deletions
--- a/fastbee-common/src/main/java/com/fastbee/common/utils/pay/RSAUtil.java
+++ b/fastbee-common/src/main/java/com/fastbee/common/utils/pay/RSAUtil.java
@ -1,16 +1,19 @@
 package com.fastbee.common.utils.pay;

+import java.io.ByteArrayInputStream;
 import java.nio.charset.StandardCharsets;
 import java.security.KeyFactory;
 import java.security.PublicKey;
 import java.security.Signature;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 import java.security.spec.X509EncodedKeySpec;
 import java.util.Base64;

 public class RSAUtil {

    /**
-     * 验签方法
+     * 验签方法---微信公钥
     * @param wechatpaySignature Wechatpay-Signature 响应头中的签名
     * @param wechatpayTimestamp Wechatpay-Timestamp 响应头中的时间戳
     * @param wechatpayNonce Wechatpay-Nonce 响应头中的随机串
@ -48,4 +51,43 @@ public class RSAUtil {
    }


+
+    /**
+     * 验签方法---平台证书
+     * @param wechatpaySignature Wechatpay-Signature 响应头中的签名
+     * @param wechatpayTimestamp Wechatpay-Timestamp 响应头中的时间戳
+     * @param wechatpayNonce Wechatpay-Nonce 响应头中的随机串
+     * @param responseBody 应答报文主体
+     * @param publicKey 微信支付公钥（PEM 格式，去掉头尾并解码为二进制）
+     * @return 是否验签成功
+     * @throws Exception
+     */
+    public static boolean verifySignatureByCertificate(String wechatpaySignature,
+                                          String wechatpayTimestamp,
+                                          String wechatpayNonce,
+                                          String responseBody,
+                                          String publicKey) throws Exception {
+        // 构造验签名串：应答时间戳\n应答随机串\n应答报文主体\n
+        String message = wechatpayTimestamp + "\n" +
+                wechatpayNonce + "\n" +
+                responseBody + "\n";
+
+        // 解码微信支付公钥（Base64 格式）
+        byte[] certBytes = Base64.getDecoder().decode(publicKey);
+        CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+        X509Certificate certificate = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(certBytes));
+        PublicKey rsaPublicKey = certificate.getPublicKey();
+
+        // 初始化 Signature 对象，指定算法为 SHA256withRSA
+        Signature signature = Signature.getInstance("SHA256withRSA");
+        signature.initVerify(rsaPublicKey);
+
+        // 更新验签名串
+        signature.update(message.getBytes(StandardCharsets.UTF_8));
+
+        // 验证签名
+        byte[] signatureBytes = Base64.getDecoder().decode(wechatpaySignature);
+        return signature.verify(signatureBytes);
+    }
+
 }
--- a/fastbee-common/src/main/java/com/fastbee/common/utils/pay/damogang_platformCertificate.pem
+++ b/fastbee-common/src/main/java/com/fastbee/common/utils/pay/damogang_platformCertificate.pem
@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3DCCAsSgAwIBAgIUWlvfWWX+OjBk6Z+u8PgNGNCJyHIwDQYJKoZIhvcNAQEL
+BQAwXjELMAkGA1UEBhMCQ04xEzARBgNVBAoTClRlbnBheS5jb20xHTAbBgNVBAsT
+FFRlbnBheS5jb20gQ0EgQ2VudGVyMRswGQYDVQQDExJUZW5wYXkuY29tIFJvb3Qg
+Q0EwHhcNMjIxMTI1MDcxNzQ5WhcNMjcxMTI0MDcxNzQ5WjBuMRgwFgYDVQQDDA9U
+ZW5wYXkuY29tIHNpZ24xEzARBgNVBAoMClRlbnBheS5jb20xHTAbBgNVBAsMFFRl
+bnBheS5jb20gQ0EgQ2VudGVyMQswCQYDVQQGDAJDTjERMA8GA1UEBwwIU2hlblpo
+ZW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4JVj9olHA76puWcKC
+BLkkFKN4+NxexbtD/vw3A/1Lwh5uEGkekmIUgcJd6/gC7Bb4Ixx5wjJS3+gpjNjL
+bET9KVgCR2KwPmpDIcnHh6ruJ7SeUMseizEVx3DLuQJDJJAojbgQUdddFzP48O1q
+8Hd4qG45axB5dw9UUHJzM4kqqLTuqMs5eeKzGUMCCq8i5vpAg52IicTCG4AJXoIg
+WK65c5d3QM/tZPgUHrj2sscZS09dP5oPeQKRZ4tWvOkHuh0+WMLdz6PEuZDBBgKz
+vDk8a+JwsKh7O2TKDXgQTIswTM0coi3/gr82AxNjsKzou5GDAcFaGaAouq1BwkRj
+ct/VAgMBAAGjgYEwfzAJBgNVHRMEAjAAMAsGA1UdDwQEAwID+DBlBgNVHR8EXjBc
+MFqgWKBWhlRodHRwOi8vZXZjYS5pdHJ1cy5jb20uY24vcHVibGljL2l0cnVzY3Js
+P0NBPTFCRDQyMjBFNTBEQkMwNEIwNkFEMzk3NTQ5ODQ2QzAxQzNFOEVCRDIwDQYJ
+KoZIhvcNAQELBQADggEBAHnekspTjNB66Vu7sL6nk9bPIYHIiQeCGz7BQbc1Gbfu
+VrawOgubR1ahRJ06fVcsifdhbHvc0+TLmbQXvld1+SgAblsf/jmwqePVkQgHbaYO
+MEP0jAQIJAcKnv9jpIW3zuaQzvkCf4OR6T27EUZNojUis+sDn+/AY96cmAXJppYF
+02e0kQPewXQZdL+fPjTHZyB2i0Z9V24csQKmbb8KCslGsd/L3mh2BGx05K4Bt05A
+3UXxW+QuhmDTzBMZkNNQIaPrKigTFX13KH4sbnK9LLkE/pTIO96twp23KG0otUPR
+0nfdJpGhyyUO88JotIAWjTRShUtnIssfcUpjuF5BjMw=
+-----END CERTIFICATE-----
--- a/fastbee-common/src/main/java/com/fastbee/common/utils/pay/wxPayConfig.java
+++ b/fastbee-common/src/main/java/com/fastbee/common/utils/pay/wxPayConfig.java
@ -4,11 +4,37 @@ import java.io.*;
 import java.security.KeyFactory;
 import java.security.PrivateKey;
 import java.security.PublicKey;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.Base64;

 public class wxPayConfig {

+    /**
+     * 获取平台证书公钥
+     * @param platformCertificatePath
+     * @return
+     */
+    public static String getPublicKeyByCertificat(String platformCertificatePath)
+    {
+        try {
+            // 读取私钥文件内容
+            String platformCertificateContent = readFile(platformCertificatePath);
+            // 去除私钥文件中的头尾信息
+            platformCertificateContent = platformCertificateContent.replace("-----BEGIN CERTIFICATE-----", "")
+                    .replace("-----END CERTIFICATE-----", "")
+                    .replaceAll("\\s+", "");
+            /*byte[] certBytes = Base64.getDecoder().decode(platformCertificateContent);
+            CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+            X509Certificate certificate = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(certBytes));
+            String publicKey = certificate.getPublicKey().toString();*/
+            return platformCertificateContent;
+        } catch (Exception e) {
+            e.printStackTrace();
+            return null;
+        }
+    }

    // 获取微信支付公钥
    public static String getPublicKey(String publicKeyPath) {