先定义一个配置类:
/** * 微信支付配置 * @author USER * */ public class WxPayConfig { // 小程序appid public static final String appid = ""; // 微信支付的商户id public static final String mch_id = ""; // 微信支付的商户密钥 public static final String key = ""; // 支付成功后的服务器回调url public static final String notify_url = ""; // 签名方式,固定值 public static final String SIGNTYPE = "MD5"; // 交易类型,小程序支付的固定值为JSAPI public static final String TRADETYPE = "JSAPI"; // 微信统一下单接口地址 public static final String pay_url = ""; }
Controller层,因为博主懒,所以没有拆分Service层
@RestController public class WxPayController { @Autowired private PayInfoService payInfoService; @RequestMapping(value = "/wxPay", method = RequestMethod.POST) public Map<String, Object> wxPay(String openid, String ownOrderNo, HttpServletRequest request) { PayInfo payinfo = payInfoService.findByOwnOrderNo(ownOrderNo); if (payinfo == null) { return null; } payinfo.setOpenid(openid); payInfoService.save(payinfo); String pay = Integer.toString(payinfo.getPayable()); try { // 生成的随机字符串 String nonce_str = StringUtils.getRandomStringByLength(32); // 商品名称 String body = "测试停车费用"; // 获取客户端的ip地址 String spbill_create_ip = IpUtils.getIpAddr(request); // 组装参数,用户生成统一下单接口的签名 Map<String, String> packageParams = new HashMap<String, String>(); packageParams.put("appid", WxPayConfig.appid);// 停车场appid packageParams.put("mch_id", WxPayConfig.mch_id);// 商户id packageParams.put("nonce_str", nonce_str);// 32位随机字符串 packageParams.put("body", body);// 商品名称 packageParams.put("out_trade_no", ownOrderNo);// 商户订单号 packageParams.put("total_fee", pay);// 支付金额,这边需要转成字符串类型,否则后面的签名会失败 packageParams.put("spbill_create_ip", spbill_create_ip);// 客户端的ip地址 packageParams.put("notify_url", WxPayConfig.notify_url);// 支付成功后的回调地址 packageParams.put("trade_type", WxPayConfig.TRADETYPE);// 支付方式 packageParams.put("openid", openid);// 微信openid String prestr = PayUtils.createLinkString(packageParams); // 把数组所有元素,按照“参数=参数值”的模式用“&”字符拼接成字符串 // MD5运算生成签名,这里是第一次签名,用于调用统一下单接口 String mysign = PayUtils.sign(prestr, WxPayConfig.key, "utf-8").toUpperCase(); // 拼接统一下单接口使用的xml数据,要将上一步生成的签名一起拼接进去 String xml = "<xml>" + "<appid>" + WxPayConfig.appid + "</appid>" + "<body><![CDATA[" + body + "]]></body>" + "<mch_id>" + WxPayConfig.mch_id + "</mch_id>" + "<nonce_str>" + nonce_str + "</nonce_str>" + "<notify_url>" + WxPayConfig.notify_url + "</notify_url>" + "<openid>" + openid + "</openid>" + "<out_trade_no>" + ownOrderNo + "</out_trade_no>" + "<spbill_create_ip>" + spbill_create_ip + "</spbill_create_ip>" + "<total_fee>" + pay + "</total_fee>" + "<trade_type>" + WxPayConfig.TRADETYPE + "</trade_type>" + "<sign>" + mysign + "</sign>" + "</xml>"; System.out.println("调试模式_统一下单接口 请求XML数据:" + xml); // 调用统一下单接口,并接受返回的结果 String result = PayUtils.httpRequest(WxPayConfig.pay_url, "POST", xml); System.out.println("调试模式_统一下单接口 返回XML数据:" + result); // 将解析结果存储在HashMap中 @SuppressWarnings("rawtypes") Map map = PayUtils.doXMLParse(result); String return_code = (String) map.get("return_code");// 返回状态码 Map<String, Object> response = new HashMap<String, Object>();// 返回给小程序端需要的参数 if (return_code.equals("SUCCESS")) { String prepay_id = (String) map.get("prepay_id");// 返回的预付单信息 response.put("nonceStr", nonce_str); response.put("package", "prepay_id=" + prepay_id); Long timeStamp = System.currentTimeMillis() / 1000; response.put("timeStamp", timeStamp + "");// 这边要将返回的时间戳转化成字符串,不然小程序端调用wx.requestPayment方法会报签名错误 // 拼接签名需要的参数 String stringSignTemp = "appId=" + WxPayConfig.appid + "&nonceStr=" + nonce_str + "&package=prepay_id=" + prepay_id + "&signType=MD5&timeStamp=" + timeStamp; // 再次签名,这个签名用于小程序端调用wx.requesetPayment方法 String paySign = PayUtils.sign(stringSignTemp, WxPayConfig.key, "utf-8").toUpperCase(); response.put("paySign", paySign); } response.put("appid", WxPayConfig.appid); return response; } catch (Exception e) { e.printStackTrace(); } return null; } /** * 微信服务器通知java后端 * * @param request * @param response * @throws Exception */ @RequestMapping(value = "/wxNotify") @ResponseBody public void wxNotify(HttpServletRequest request, HttpServletResponse response) throws Exception { BufferedReader br = new BufferedReader(new InputStreamReader((ServletInputStream) request.getInputStream())); String line = null; StringBuilder sb = new StringBuilder(); while ((line = br.readLine()) != null) { sb.append(line); } br.close(); // sb为微信返回的xml String notityXml = sb.toString(); String resXml = ""; System.out.println("接收到的报文:" + notityXml); @SuppressWarnings("rawtypes") Map map = PayUtils.doXMLParse(notityXml); String returnCode = (String) map.get("return_code"); if ("SUCCESS".equals(returnCode)) { // 验证签名是否正确 @SuppressWarnings("unchecked") Map<String, String> validParams = PayUtils.paraFilter(map); // 回调验签时需要去除sign和空值参数 String validStr = PayUtils.createLinkString(validParams);// 把数组所有元素,按照“参数=参数值”的模式用“&”字符拼接成字符串 String sign = PayUtils.sign(validStr, WxPayConfig.key, "utf-8").toUpperCase();// 拼装生成服务器端验证的签名 String ownOrderNo = request.getParameter("ownOrderNo");//获取订单号 PayInfo payinfo = payInfoService.findByOwnOrderNo(ownOrderNo); Integer payable = payinfo.getPayable(); // 根据微信官网的介绍,此处不仅对回调的参数进行验签,还需要对返回的金额与系统订单的金额进行比对等 if (sign.equals(map.get("sign"))) { //返回的金额与系统订单的金额进行比对 if (payable.toString()==request.getParameter("payable")) { return; } // 通知微信服务器已经支付成功 resXml = "<xml>" + "<return_code><![CDATA[SUCCESS]]></return_code>" + "<return_msg><![CDATA[OK]]></return_msg>" + "</xml> "; } } else { resXml = "<xml>" + "<return_code><![CDATA[FAIL]]></return_code>" + "<return_msg><![CDATA[报文为空]]></return_msg>" + "</xml> "; } System.out.println(resXml); System.out.println("微信支付回调数据结束"); BufferedOutputStream out = new BufferedOutputStream(response.getOutputStream()); out.write(resXml.getBytes()); out.flush(); out.close(); } }
下面是涉及到的Util包:
public class PayUtils { /** * 签名字符串 * * @param text需要签名的字符串 * @param key 密钥 * @param input_charset编码格式 * @return 签名结果 */ public static String sign(String text, String key, String input_charset) { text = text + "&key=" + key; return DigestUtils.md5Hex(getContentBytes(text, input_charset)); } /** * 签名字符串 * * @param text需要签名的字符串 * @param sign 签名结果 * @param key密钥 * @param input_charset 编码格式 * @return 签名结果 */ public static boolean verify(String text, String sign, String key, String input_charset) { text = text + key; String mysign = DigestUtils.md5Hex(getContentBytes(text, input_charset)); if (mysign.equals(sign)) { return true; } else { return false; } } /** * @param content * @param charset * @return * @throws SignatureException * @throws UnsupportedEncodingException */ public static byte[] getContentBytes(String content, String charset) { if (charset == null || "".equals(charset)) { return content.getBytes(); } try { return content.getBytes(charset); } catch (UnsupportedEncodingException e) { throw new RuntimeException("MD5签名过程中出现错误,指定的编码集不对,您目前指定的编码集是:" + charset); } } @SuppressWarnings("unused") private static boolean isValidChar(char ch) { if ((ch >= '0' && ch <= '9') || (ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <= 'z')) return true; if ((ch >= 0x4e00 && ch <= 0x7fff) || (ch >= 0x8000 && ch <= 0x952f)) return true;// 简体中文汉字编码 return false; } /** * 除去数组中的空值和签名参数 * * @param sArray 签名参数组 * @return 去掉空值与签名参数后的新签名参数组 */ public static Map<String, String> paraFilter(Map<String, String> sArray) { Map<String, String> result = new HashMap<String, String>(); if (sArray == null || sArray.size() <= 0) { return result; } for (String key : sArray.keySet()) { String value = sArray.get(key); if (value == null || value.equals("") || key.equalsIgnoreCase("sign") || key.equalsIgnoreCase("sign_type")) { continue; } result.put(key, value); } return result; } /** * 把数组所有元素排序,并按照“参数=参数值”的模式用“&”字符拼接成字符串 * * @param params 需要排序并参与字符拼接的参数组 * @return 拼接后字符串 */ public static String createLinkString(Map<String, String> params) { List<String> keys = new ArrayList<String>(params.keySet()); Collections.sort(keys); String prestr = ""; for (int i = 0; i < keys.size(); i++) { String key = keys.get(i); String value = params.get(key); if (i == keys.size() - 1) {// 拼接时,不包括最后一个&字符 prestr = prestr + key + "=" + value; } else { prestr = prestr + key + "=" + value + "&"; } } return prestr; } /** * * @param requestUrl请求地址 * @param requestMethod请求方法 * @param outputStr参数 */ public static String httpRequest(String requestUrl, String requestMethod, String outputStr) { // 创建SSLContext StringBuffer buffer = null; try { URL url = new URL(requestUrl); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod(requestMethod); conn.setDoOutput(true); conn.setDoInput(true); conn.connect(); // 往服务器端写内容 if (null != outputStr) { OutputStream os = conn.getOutputStream(); os.write(outputStr.getBytes("utf-8")); os.close(); } // 读取服务器端返回的内容 InputStream is = conn.getInputStream(); InputStreamReader isr = new InputStreamReader(is, "utf-8"); BufferedReader br = new BufferedReader(isr); buffer = new StringBuffer(); String line = null; while ((line = br.readLine()) != null) { buffer.append(line); } br.close(); } catch (Exception e) { e.printStackTrace(); } return buffer.toString(); } public static String urlEncodeUTF8(String source) { String result = source; try { result = java.net.URLEncoder.encode(source, "UTF-8"); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } return result; } /** * 解析xml,返回第一级元素键值对。如果第一级元素有子节点,则此节点的值是子节点的xml数据。 * * @param strxml * @return * @throws JDOMException * @throws IOException */ @SuppressWarnings("rawtypes") public static Map doXMLParse(String strxml) throws Exception { if (null == strxml || "".equals(strxml)) { return null; } try { Map<String, String> data = new HashMap<String, String>(); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); documentBuilderFactory.setFeature("http://xml.org/sax/features/external-general-entities", false); documentBuilderFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); documentBuilderFactory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); documentBuilderFactory.setXIncludeAware(false); documentBuilderFactory.setExpandEntityReferences(false); InputStream stream = new ByteArrayInputStream(strxml.getBytes("UTF-8")); org.w3c.dom.Document doc = documentBuilderFactory.newDocumentBuilder().parse(stream); doc.getDocumentElement().normalize(); NodeList nodeList = doc.getDocumentElement().getChildNodes(); for (int idx = 0; idx < nodeList.getLength(); ++idx) { Node node = nodeList.item(idx); if (node.getNodeType() == Node.ELEMENT_NODE) { org.w3c.dom.Element element = (org.w3c.dom.Element) node; data.put(element.getNodeName(), element.getTextContent()); } } try { stream.close(); } catch (Exception ex) { // do nothing } return data; } catch (Exception ex) { throw ex; } } /** * 获取子结点的xml * * @param children * @return String */ public static String getChildrenText(@SuppressWarnings("rawtypes") List children) { StringBuffer sb = new StringBuffer(); if (!children.isEmpty()) { @SuppressWarnings("rawtypes") Iterator it = children.iterator(); while (it.hasNext()) { Element e = (Element) it.next(); String name = e.getName(); String value = e.getTextNormalize(); @SuppressWarnings("rawtypes") List list = e.getChildren(); sb.append("<" + name + ">"); if (!list.isEmpty()) { sb.append(getChildrenText(list)); } sb.append(value); sb.append("</" + name + ">"); } } return sb.toString(); } public static InputStream String2Inputstream(String str) { return new ByteArrayInputStream(str.getBytes()); } }
至此,整个支付流程都已实现。