吐槽下:
经常有人问我,你不是在某软件公司么?我听说大公司都是JAVA,对吗?
我只想回答,那是网上流传的骗人的传说,据我所知公司开发组大部分都是C#,少部分用JAVA。
这不,官方提供那个Demo就是个例证,JAVA版本完全是V1版本,难以使用,反而C#是V3版本,拿来就用。
最近几天我们公司需要做类似的开发,我作为先锋,率先解决Java集成支付宝支付和微信支付接口工作。
我们的工作环境:目前工作的支付宝接口为20160912,微信为V3版本,如遇到版本升级,请联系相关机构的客户服务人员升级。
本文介绍JAVA+微信V3,刚刚已经说过,官方提供那个Demo完全是V1版本,下面是本人原创JAVA V3版本SDK,
本文的WxPayApi接口完全兼容官方提供C# SDK DEMO WxPayApi类,可以把C# 代码拿来转转就能用。
新手注意:
1、配置有个证书路径,是新版httpclient 连接HTTPS需要目标网站证书,不清楚的话,自己看注释做证书或者度娘一下。
2、用到的Jar:
commons-logging-1.2.jar
fastjson-1.2.7.jar
FastWeixin.jar
httpclient-4.5.2.jar
httpcore-4.4.4.jar
httpmime-4.5.2.jar
xstream-1.4.9.jar
3、使用到UtilDate类,请参考上一篇文章,或者支付宝支付Demo。
4、示例函数:WXPay.weixin_pay(),新手要注意,每种支付所用到参数不尽相同,多看看文档确定使用到哪几个参数,不要想当然。
5、部分通用函数,使用了FastWeixin里面Util 自己根据需要选择替换。
package com.luozhuang;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import java.util.Map;
import java.util.SortedMap;
import java.util.TreeMap;
import javax.servlet.http.HttpServletRequest;
import com.luozhuang.util.Configure;
import com.luozhuang.util.HttpsRequest;
import com.luozhuang.util.PayCommonUtil;
import com.luozhuang.util.XMLParser;
/**
* SDK总入口
*/
public class WXPay {
public String getRemortIP(HttpServletRequest request) {
if (request.getHeader("x-forwarded-for") == null) {
return request.getRemoteAddr();
}
return request.getHeader("x-forwarded-for");
}
/**
* 初始化SDK依赖的几个关键配置
*
* @param key
* 签名算法需要用到的秘钥
* @param appID
* 公众账号ID
* @param mchID
* 商户ID
* @param sdbMchID
* 子商户ID,受理模式必填
* @param certLocalPath
* HTTP证书在服务器中的路径,用来加载证书用
* @param certPassword
* HTTP证书的密码,默认等于MCHID
*/
public static void initSDKConfiguration(String key, String appID, String mchID, String sdbMchID,
String certLocalPath, String certPassword) {
Configure.setKey(key);
Configure.setAppID(appID);
Configure.setMchID(mchID);
Configure.setSubMchID(sdbMchID);
Configure.setCertLocalPath(certLocalPath);
Configure.setCertPassword(certPassword);
}
/**
*
*
* @param out_trade_no
* @return
* @throws Exception
*/
public static String weixin_pay(String out_trade_no) throws Exception {
HttpsRequest httpRequest = new HttpsRequest();
// 账号信息
String appid = Configure.getAppid(); // appid
// String appsecret = PayConfigUtil.APP_SECRET; // appsecret
// 商业号
String mch_id = Configure.getMchid();
// key
String key = Configure.getKey();
String currTime = PayCommonUtil.getCurrTime();
String strTime = currTime.substring(8, currTime.length());
String strRandom = PayCommonUtil.buildRandom(4) + "";
// 随机字符串
String nonce_str = strTime + strRandom;
// 价格 注意:价格的单位是分
String order_price = "1";
// 商品名称
// String body = "luozhuang";
// 获取发起电脑 ip
String spbill_create_ip = Configure.getIP();
// 回调接口
String notify_url = Configure.NOTIFY_URL;
String product_id="luozhuang";
String trade_type = "NATIVE";//JSAPI--公众号支付、NATIVE--原生扫码支付、APP--app支付
String time_start = new SimpleDateFormat("yyyyMMddHHmmss").format(new Date());
Calendar ca = Calendar.getInstance();
ca.setTime(new Date());
ca.add(Calendar.DATE, 1);
String time_expire = new SimpleDateFormat("yyyyMMddHHmmss").format(ca.getTime());
WxPayData packageParams = new WxPayData();
packageParams.put("appid", appid);
packageParams.put("mch_id", mch_id);
packageParams.put("nonce_str", nonce_str);
packageParams.put("body", "luozhuang-服务费");
packageParams.put("out_trade_no", out_trade_no);
packageParams.put("product_id",product_id);
packageParams.put("total_fee", order_price);
packageParams.put("spbill_create_ip", spbill_create_ip);
packageParams.put("notify_url", notify_url);
packageParams.put("trade_type", trade_type);
packageParams.put("time_start", time_start);
packageParams.put("time_expire", time_expire);
String sign = packageParams.MakeSign();
packageParams.put("sign", sign);
WxPayData resXml=WxPayApi.UnifiedOrder(packageParams, 20);
String requestXML = packageParams.ToXml();
System.out.println("请求xml::::" + requestXML);
System.out.println("得到xml::::" + resXml.toString());
// String return_code = (String) map.get("return_code");
// String prepay_id = (String) map.get("prepay_id");
String urlCode = (String) resXml.GetValue("code_url");
System.out.println("打印调用统一下单接口生成二维码url:::::" + urlCode);
return urlCode;
}
}
package com.luozhuang;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.util.Calendar;
import java.util.Date;
import java.util.Random;
import javax.xml.parsers.ParserConfigurationException;
import org.xml.sax.SAXException;
import com.fastwixinextend.CommonClass;
import com.luozhuang.util.Configure;
import com.luozhuang.util.HttpsRequest;
public class WxPayApi
{
private static final int REPORT_LEVENL = 0;
/**
* 提交被扫支付API
* 收银员使用扫码设备读取微信用户刷卡授权码以后,二维码或条码信息传送至商户收银台,
* 由商户收银台或者商户后台调用该接口发起支付。
* @param WxPayData inputObj 提交给被扫支付API的参数
* @param int timeOut 超时时间
* @throws WxPayException
* @return 成功时返回调用结果,其他抛异常
* @throws IOException
* @throws KeyStoreException
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
* @throws UnrecoverableKeyException
* @throws SAXException
* @throws ParserConfigurationException
*/
public static WxPayData Micropay(WxPayData inputObj, int timeOut) throws UnrecoverableKeyException, KeyManagementException, NoSuchAlgorithmException, KeyStoreException, IOException, WxPayException, ParserConfigurationException, SAXException
{
String url =Configure.PAY_API;
//检测必填参数
if (!inputObj.IsSet("body"))
{
throw new WxPayException("提交被扫支付API接口中,缺少必填参数body!");
}
else if (!inputObj.IsSet("out_trade_no"))
{
throw new WxPayException("提交被扫支付API接口中,缺少必填参数out_trade_no!");
}
else if (!inputObj.IsSet("total_fee"))
{
throw new WxPayException("提交被扫支付API接口中,缺少必填参数total_fee!");
}
else if (!inputObj.IsSet("auth_code"))
{
throw new WxPayException("提交被扫支付API接口中,缺少必填参数auth_code!");
}
inputObj.SetValue("spbill_create_ip", Configure.getIP());//终端ip
inputObj.SetValue("appid", Configure.getAppid());//公众账号ID
inputObj.SetValue("mch_id", Configure.getMchid());//商户号
inputObj.SetValue("nonce_str", UUIDGenerator.getUUID().toString().replace("-", ""));//随机字符串
inputObj.SetValue("sign", inputObj.MakeSign());//签名
String xml = inputObj.ToXml();
HttpsRequest https=new HttpsRequest();
https.setSocketTimeout(timeOut);
String response = https.sendPost(url, xml);//调用HTTP通信接口以提交数据到API
WxPayData result = new WxPayData();
result.FromXml(response);
return result;
}
/**
*
* 查询订单
* @param WxPayData inputObj 提交给查询订单API的参数
* @param int timeOut 超时时间
* @throws WxPayException
* @return 成功时返回订单查询结果,其他抛异常
* @throws IOException
* @throws KeyStoreException
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
* @throws UnrecoverableKeyException
* @throws SAXException
* @throws ParserConfigurationException
*/
public static WxPayData OrderQuery(WxPayData inputObj, int timeOut) throws UnrecoverableKeyException, KeyManagementException, NoSuchAlgorithmException, KeyStoreException, IOException, WxPayException, ParserConfigurationException, SAXException
{
String url = Configure.PAY_QUERY_API;
//检测必填参数
if (!inputObj.IsSet("out_trade_no") && !inputObj.IsSet("transaction_id"))
{
throw new WxPayException("订单查询接口中,out_trade_no、transaction_id至少填一个!");
}
inputObj.SetValue("appid", Configure.getAppid());//公众账号ID
inputObj.SetValue("mch_id", Configure.getMchid());//商户号
inputObj.SetValue("nonce_str", WxPayApi.GenerateNonceStr());//随机字符串
inputObj.SetValue("sign", inputObj.MakeSign());//签名
String xml = inputObj.ToXml();
HttpsRequest https=new HttpsRequest();
https.setSocketTimeout(timeOut);
String response = https.sendPost(url, xml);//调用HTTP通信接口以提交数据到API
WxPayData result = new WxPayData();
result.FromXml(response);
return result;
}
/**
*
* 撤销订单API接口
* @param WxPayData inputObj 提交给撤销订单API接口的参数,out_trade_no和transaction_id必填一个
* @param int timeOut 接口超时时间
* @throws WxPayException
* @return 成功时返回API调用结果,其他抛异常
* @throws IOException
* @throws KeyStoreException
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
* @throws UnrecoverableKeyException
* @throws SAXException
* @throws ParserConfigurationException
*/
public static WxPayData Reverse(WxPayData inputObj, int timeOut) throws WxPayException, UnrecoverableKeyException, KeyManagementException, NoSuchAlgorithmException, KeyStoreException, IOException, ParserConfigurationException, SAXException
{
String url =Configure.REVERSE_API;
//检测必填参数
if (!inputObj.IsSet("out_trade_no") && !inputObj.IsSet("transaction_id"))
{
throw new WxPayException("撤销订单API接口中,参数out_trade_no和transaction_id必须填写一个!");
}
inputObj.SetValue("appid", Configure.getAppid());//公众账号ID
inputObj.SetValue("mch_id", Configure.getMchid());//商户号
inputObj.SetValue("nonce_str", GenerateNonceStr());//随机字符串
inputObj.SetValue("sign", inputObj.MakeSign());//签名
String xml = inputObj.ToXml();
HttpsRequest https=new HttpsRequest();
https.setSocketTimeout(timeOut);
String response = https.sendPost(url, xml);//调用HTTP通信接口以提交数据到API
WxPayData result = new WxPayData();
result.FromXml(response);
return result;
}
/**
*
* 申请退款
* @param WxPayData inputObj 提交给申请退款API的参数
* @param int timeOut 超时时间
* @throws WxPayException
* @return 成功时返回接口调用结果,其他抛异常
* @throws IOException
* @throws KeyStoreException
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
* @throws UnrecoverableKeyException
* @throws SAXException
* @throws ParserConfigurationException
*/
public static WxPayData Refund(WxPayData inputObj, int timeOut) throws WxPayException, UnrecoverableKeyException, KeyManagementException, NoSuchAlgorithmException, KeyStoreException, IOException, ParserConfigurationException, SAXException
{
String url = Configure.REFUND_API;
//检测必填参数
if (!inputObj.IsSet("out_trade_no") && !inputObj.IsSet("transaction_id"))
{
throw new WxPayException("退款申请接口中,out_trade_no、transaction_id至少填一个!");
}
else if (!inputObj.IsSet("out_refund_no"))
{
throw new WxPayException("退款申请接口中,缺少必填参数out_refund_no!");
}
else if (!inputObj.IsSet("total_fee"))
{
throw new WxPayException("退款申请接口中,缺少必填参数total_fee!");
}
else if (!inputObj.IsSet("refund_fee"))
{
throw new WxPayException("退款申请接口中,缺少必填参数refund_fee!");
}
else if (!inputObj.IsSet("op_user_id"))
{
throw new WxPayException("退款申请接口中,缺少必填参数op_user_id!");
}
inputObj.SetValue("appid", Configure.getAppid());//公众账号ID
inputObj.SetValue("mch_id", Configure.getMchid());//商户号
inputObj.SetValue("nonce_str", UUIDGenerator.getUUID().toString().replace("-", ""));//随机字符串
inputObj.SetValue("sign", inputObj.MakeSign());//签名
String xml = inputObj.ToXml();
HttpsRequest https=new HttpsRequest();
https.setSocketTimeout(timeOut);
String response = https.sendPost(url, xml);//调用HTTP通信接口以提交数据到API
WxPayData result = new WxPayData();
result.FromXml(response);
return result;
}
/**
*
* 查询退款
* 提交退款申请后,通过该接口查询退款状态。退款有一定延时,
* 用零钱支付的退款20分钟内到账,银行卡支付的退款3个工作日后重新查询退款状态。
* out_refund_no、out_trade_no、transaction_id、refund_id四个参数必填一个
* @param WxPayData inputObj 提交给查询退款API的参数
* @param int timeOut 接口超时时间
* @throws WxPayException
* @return 成功时返回,其他抛异常
* @throws IOException
* @throws KeyStoreException
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
* @throws UnrecoverableKeyException
* @throws SAXException
* @throws ParserConfigurationException
*/
public static WxPayData RefundQuery(WxPayData inputObj, int timeOut) throws UnrecoverableKeyException, KeyManagementException, NoSuchAlgorithmException, KeyStoreException, IOException, WxPayException, ParserConfigurationException, SAXException
{
String url = Configure.REFUND_QUERY_API;
//检测必填参数
if(!inputObj.IsSet("out_refund_no") && !inputObj.IsSet("out_trade_no") &&
!inputObj.IsSet("transaction_id") && !inputObj.IsSet("refund_id"))
{
throw new WxPayException("退款查询接口中,out_refund_no、out_trade_no、transaction_id、refund_id四个参数必填一个!");
}
inputObj.SetValue("appid",Configure.getAppid());//公众账号ID
inputObj.SetValue("mch_id",Configure.getMchid());//商户号
inputObj.SetValue("nonce_str",GenerateNonceStr());//随机字符串
inputObj.SetValue("sign",inputObj.MakeSign());//签名
String xml = inputObj.ToXml();
HttpsRequest https=new HttpsRequest();
https.setSocketTimeout(timeOut);
String response = https.sendPost(url, xml);//调用HTTP通信接口以提交数据到API
WxPayData result = new WxPayData();
result.FromXml(response);
return result;
}
/**
* 下载对账单
* @param WxPayData inputObj 提交给下载对账单API的参数
* @param int timeOut 接口超时时间
* @throws WxPayException
* @return 成功时返回,其他抛异常
* @throws IOException
* @throws NoSuchAlgorithmException
* @throws KeyStoreException
* @throws KeyManagementException
* @throws UnrecoverableKeyException
* @throws SAXException
* @throws ParserConfigurationException
*/
public static WxPayData DownloadBill(WxPayData inputObj, int timeOut) throws UnrecoverableKeyException, KeyManagementException, KeyStoreException, NoSuchAlgorithmException, IOException, WxPayException, ParserConfigurationException, SAXException
{
String url = Configure.DOWNLOAD_BILL_API;
//检测必填参数
if (!inputObj.IsSet("bill_date"))
{
throw new WxPayException("对账单接口中,缺少必填参数bill_date!");
}
inputObj.SetValue("appid", Configure.getAppid());//公众账号ID
inputObj.SetValue("mch_id", Configure.getMchid());//商户号
inputObj.SetValue("nonce_str", GenerateNonceStr());//随机字符串
inputObj.SetValue("sign", inputObj.MakeSign());//签名
String xml = inputObj.ToXml();
HttpsRequest https=new HttpsRequest();
https.setSocketTimeout(timeOut);
String response = https.sendPost(url, xml);//调用HTTP通信接口以提交数据到API
WxPayData result = new WxPayData();
//若接口调用失败会返回xml格式的结果
if (response.startsWith("<xml>"))
{
result.FromXml(response);
}
//接口调用成功则返回非xml格式的数据
else
result.SetValue("result", response);
return result;
}
/**
*
* 转换短链接
* 该接口主要用于扫码原生支付模式一中的二维码链接转成短链接(weixin://wxpay/s/XXXXXX),
* 减小二维码数据量,提升扫描速度和精确度。
* @param WxPayData inputObj 提交给转换短连接API的参数
* @param int timeOut 接口超时时间
* @throws WxPayException
* @return 成功时返回,其他抛异常
* @throws IOException
* @throws KeyStoreException
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
* @throws UnrecoverableKeyException
* @throws SAXException
* @throws ParserConfigurationException
*/
public static WxPayData ShortUrl(WxPayData inputObj, int timeOut) throws WxPayException, UnrecoverableKeyException, KeyManagementException, NoSuchAlgorithmException, KeyStoreException, IOException, ParserConfigurationException, SAXException
{
String url = Configure.Shorturl_API;
//检测必填参数
if(!inputObj.IsSet("long_url"))
{
throw new WxPayException("需要转换的URL,签名用原串,传输需URL encode!");
}
inputObj.SetValue("appid",Configure.getAppid());//公众账号ID
inputObj.SetValue("mch_id",Configure.getMchid());//商户号
inputObj.SetValue("nonce_str",GenerateNonceStr());//随机字符串
inputObj.SetValue("sign",inputObj.MakeSign());//签名
String xml = inputObj.ToXml();
HttpsRequest https=new HttpsRequest();
https.setSocketTimeout(timeOut);
String response = https.sendPost(url, xml);//调用HTTP通信接口以提交数据到API
WxPayData result = new WxPayData();
result.FromXml(response);
return result;
}
/**
*
* 统一下单
* @param WxPaydata inputObj 提交给统一下单API的参数
* @param int timeOut 超时时间
* @throws WxPayException
* @return 成功时返回,其他抛异常
* @throws IOException
* @throws KeyStoreException
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
* @throws UnrecoverableKeyException
* @throws SAXException
* @throws ParserConfigurationException
*/
public static WxPayData UnifiedOrder(WxPayData inputObj, int timeOut) throws WxPayException, UnrecoverableKeyException, KeyManagementException, NoSuchAlgorithmException, KeyStoreException, IOException, ParserConfigurationException, SAXException
{
String url =Configure.UnifiedOrder_API;
//检测必填参数
if (!inputObj.IsSet("out_trade_no"))
{
throw new WxPayException("缺少统一支付接口必填参数out_trade_no!");
}
else if (!inputObj.IsSet("body"))
{
throw new WxPayException("缺少统一支付接口必填参数body!");
}
else if (!inputObj.IsSet("total_fee"))
{
throw new WxPayException("缺少统一支付接口必填参数total_fee!");
}
else if (!inputObj.IsSet("trade_type"))
{
throw new WxPayException("缺少统一支付接口必填参数trade_type!");
}
//关联参数
if (inputObj.GetValue("trade_type").toString() == "JSAPI" && !inputObj.IsSet("openid"))
{
throw new WxPayException("统一支付接口中,缺少必填参数openid!trade_type为JSAPI时,openid为必填参数!");
}
if (inputObj.GetValue("trade_type").toString() == "NATIVE" && !inputObj.IsSet("product_id"))
{
throw new WxPayException("统一支付接口中,缺少必填参数product_id!trade_type为JSAPI时,product_id为必填参数!");
}
//异步通知url未设置,则使用配置文件中的url
if (!inputObj.IsSet("notify_url"))
{
inputObj.SetValue("notify_url", Configure.NOTIFY_URL);//异步通知url
}
inputObj.SetValue("appid", Configure.getAppid());//公众账号ID
inputObj.SetValue("mch_id", Configure.getMchid());//商户号
inputObj.SetValue("spbill_create_ip", Configure.getIP());//终端ip
inputObj.SetValue("nonce_str", GenerateNonceStr());//随机字符串
//签名
inputObj.SetValue("sign", inputObj.MakeSign());
String xml = inputObj.ToXml();
HttpsRequest https=new HttpsRequest();
https.setSocketTimeout(timeOut);
String response = https.sendPost(url, xml);//调用HTTP通信接口以提交数据到API
WxPayData result = new WxPayData();
result.FromXml(response);
return result;
}
/**
*
* 关闭订单
* @param WxPayData inputObj 提交给关闭订单API的参数
* @param int timeOut 接口超时时间
* @throws WxPayException
* @return 成功时返回,其他抛异常
* @throws IOException
* @throws KeyStoreException
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
* @throws UnrecoverableKeyException
* @throws SAXException
* @throws ParserConfigurationException
*/
public static WxPayData CloseOrder(WxPayData inputObj, int timeOut) throws WxPayException, UnrecoverableKeyException, KeyManagementException, NoSuchAlgorithmException, KeyStoreException, IOException, ParserConfigurationException, SAXException
{
String url =Configure.CloseOrder_API;
//检测必填参数
if(!inputObj.IsSet("out_trade_no"))
{
throw new WxPayException("关闭订单接口中,out_trade_no必填!");
}
inputObj.SetValue("appid",Configure.getAppid());//公众账号ID
inputObj.SetValue("mch_id",Configure.getMchid());//商户号
inputObj.SetValue("nonce_str",GenerateNonceStr());//随机字符串
inputObj.SetValue("sign",inputObj.MakeSign());//签名
String xml = inputObj.ToXml();
HttpsRequest https=new HttpsRequest();
https.setSocketTimeout(timeOut);
String response = https.sendPost(url, xml);//调用HTTP通信接口以提交数据到API
WxPayData result = new WxPayData();
result.FromXml(response);
return result;
}
/**
*
* 测速上报
* @param String interface_url 接口URL
* @param int timeCost 接口耗时
* @param WxPayData inputObj参数数组
*/
private static void ReportCostTime(String interface_url, int timeCost, WxPayData inputObj)
{
//如果不需要进行上报
if(REPORT_LEVENL == 0)
{
return;
}
//如果仅失败上报
if(REPORT_LEVENL == 1 && inputObj.IsSet("return_code") && inputObj.GetValue("return_code").toString() == "SUCCESS" &&
inputObj.IsSet("result_code") && inputObj.GetValue("result_code").toString() == "SUCCESS")
{
return;
}
//上报逻辑
WxPayData data = new WxPayData();
data.SetValue("interface_url",interface_url);
data.SetValue("execute_time_",timeCost);
//返回状态码
if(inputObj.IsSet("return_code"))
{
data.SetValue("return_code",inputObj.GetValue("return_code"));
}
//返回信息
if(inputObj.IsSet("return_msg"))
{
data.SetValue("return_msg",inputObj.GetValue("return_msg"));
}
//业务结果
if(inputObj.IsSet("result_code"))
{
data.SetValue("result_code",inputObj.GetValue("result_code"));
}
//错误代码
if(inputObj.IsSet("err_code"))
{
data.SetValue("err_code",inputObj.GetValue("err_code"));
}
//错误代码描述
if(inputObj.IsSet("err_code_des"))
{
data.SetValue("err_code_des",inputObj.GetValue("err_code_des"));
}
//商户订单号
if(inputObj.IsSet("out_trade_no"))
{
data.SetValue("out_trade_no",inputObj.GetValue("out_trade_no"));
}
//设备号
if(inputObj.IsSet("device_info"))
{
data.SetValue("device_info",inputObj.GetValue("device_info"));
}
}
/**
*
* 测速上报接口实现
* @param WxPayData inputObj 提交给测速上报接口的参数
* @param int timeOut 测速上报接口超时时间
* @throws WxPayException
* @return 成功时返回测速上报接口返回的结果,其他抛异常
* @throws IOException
* @throws KeyStoreException
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
* @throws UnrecoverableKeyException
* @throws SAXException
* @throws ParserConfigurationException
*/
public static WxPayData Report(WxPayData inputObj, int timeOut) throws WxPayException, UnrecoverableKeyException, KeyManagementException, NoSuchAlgorithmException, KeyStoreException, IOException, ParserConfigurationException, SAXException
{
String url = Configure.REPORT_API;
//检测必填参数
if(!inputObj.IsSet("interface_url"))
{
throw new WxPayException("接口URL,缺少必填参数interface_url!");
}
if(!inputObj.IsSet("return_code"))
{
throw new WxPayException("返回状态码,缺少必填参数return_code!");
}
if(!inputObj.IsSet("result_code"))
{
throw new WxPayException("业务结果,缺少必填参数result_code!");
}
if(!inputObj.IsSet("user_ip"))
{
throw new WxPayException("访问接口IP,缺少必填参数user_ip!");
}
if(!inputObj.IsSet("execute_time_"))
{
throw new WxPayException("接口耗时,缺少必填参数execute_time_!");
}
inputObj.SetValue("appid",Configure.getAppid());//公众账号ID
inputObj.SetValue("mch_id",Configure.getMchid());//商户号
inputObj.SetValue("user_ip",Configure.getIP());//终端ip
inputObj.SetValue("time",CommonClass.GetCurrentDateTimeTextNosplit());//商户上报时间
inputObj.SetValue("nonce_str",GenerateNonceStr());//随机字符串
inputObj.SetValue("sign",inputObj.MakeSign());//签名
String xml = inputObj.ToXml();
HttpsRequest https=new HttpsRequest();
https.setSocketTimeout(timeOut);
String response = https.sendPost(url, xml);//调用HTTP通信接口以提交数据到API
WxPayData result = new WxPayData();
result.FromXml(response);
return result;
}
/**
* 根据当前系统时间加随机序列来生成订单号
* @return 订单号
*/
public static String GenerateOutTradeNo()
{
Random ran = new Random();
return String.format("{0}{1}{2}", Configure.getMchid(),CommonClass.GetCurrentDateTimeTextNosplit(), ran.nextInt(999));
}
/**
* 生成时间戳,标准北京时间,时区为东八区,自1970年1月1日 0点0分0秒以来的秒数
* @return 时间戳
*/
public static String GenerateTimeStamp()
{
//Java中的getTime方法默认的是从1970 1 1 算起所以可以直接调用
//date.getTime获得的是毫秒数,不是秒,所以最后的结果day应当再除以1000才对。
return String.valueOf(Calendar.getInstance().getTimeInMillis()/1000);
}
/**
* 生成随机串,随机串包含字母或数字
* @return 随机串
*/
public static String GenerateNonceStr()
{
return UUIDGenerator.getUUID().toString().replace("-", "");
}
}
package com.luozhuang;
import java.io.IOException;
import java.util.Map;
import java.util.SortedMap;
import java.util.TreeMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.xml.parsers.ParserConfigurationException;
import org.slf4j.Logger;
import org.xml.sax.SAXException;
import com.alibaba.fastjson.JSON;
import com.luozhuang.util.Configure;
import com.luozhuang.util.MD5;
import com.luozhuang.util.PayCommonUtil;
import com.luozhuang.util.XMLParser;
/// <summary>
/// 微信支付协议接口数据类,所有的API接口通信都依赖这个数据结构,
/// 在调用接口之前先填充各个字段的值,然后进行接口通信,
/// 这样设计的好处是可扩展性强,用户可随意对协议进行更改而不用重新设计数据结构,
/// 还可以随意组合出不同的协议数据包,不用为每个协议设计一个数据包结构
/// </summary>
public class WxPayData {
private static Logger Log = new Logger();
public WxPayData() {
}
// 采用排序的Dictionary的好处是方便对数据包进行签名,不用再签名之前再做一次排序
private SortedMap<String, Object> m_values = new TreeMap<String, Object>();
public void put(String key, String value) {
SetValue(key, value);
}
/**
* 设置某个字段的值
*
* @param key
* 字段名
* @param value
* 字段值
*/
public void SetValue(String key, Object value) {
m_values.put(key, value);
}
/**
* 根据字段名获取某个字段的值
*
* @param key
* 字段名
* @return key对应的字段值
*/
public Object GetValue(String key) {
Object o = m_values.get(key);
return o;
}
/**
* 判断某个字段是否已设置
*
* @param key
* 字段名
* @return 若字段key已被设置,则返回true,否则返回false
*/
public boolean IsSet(String key) {
Object o = m_values.get(key);
if (null != o)
return true;
else
return false;
}
/**
* @将Dictionary转成xml
* @return 经转换得到的xml串
* @throws WxPayException
**/
public String ToXml() throws WxPayException {
// 数据为空时不能转化为xml格式
if (0 == m_values.size()) {
throw new WxPayException("WxPayData数据为空!");
}
/*
* String xml = "<xml>"; for (Map.Entry<String, Object> pair :
* m_values.entrySet())
*
* { // 字段值不能为null,会影响后续流程 if (pair.getValue() == null) {
*
* throw new WxPayException("WxPayData内部含有值为null的字段!"); }
*
* if (pair.getValue() instanceof Integer) { xml += "<" + pair.getKey()
* + ">" + pair.getValue() + "</" + pair.getKey() + ">"; } else if
* (pair.getValue() instanceof String) { xml += "<" + pair.getKey() +
* ">" + "<![CDATA[" + pair.getValue() + "]]></" + pair.getKey() + ">";
* } else// 除了String和int类型不能含有其他数据类型 {
*
* throw new WxPayException("WxPayData字段数据类型错误!"); } } xml += "</xml>";
*/
return PayCommonUtil.getRequestXml(m_values);
}
/**
* @将xml转为WxPayData对象并返回对象内部的数据
* @param String
* 待转换的xml串
* @return 经转换得到的Dictionary
* @throws WxPayException
* @throws SAXException
* @throws IOException
* @throws ParserConfigurationException
*/
public SortedMap<String, Object> FromXml(String xml)
throws WxPayException, ParserConfigurationException, IOException, SAXException {
if (xml == null) {
throw new WxPayException("将空的xml串转换为WxPayData不合法!");
}
m_values = XMLParser.getMapFromXML(xml);
// 2015-06-29 错误是没有签名
if (m_values.get("return_code") != "SUCCESS") {
return m_values;
}
CheckSign();// 验证签名,不通过会抛异常
return m_values;
}
/**
* @throws WxPayException
* @Dictionary格式转化成url参数格式 @ return url格式串, 该串不包含sign字段值
*/
public String ToUrl() throws WxPayException {
String buff = "";
for (Map.Entry<String, Object> pair : m_values.entrySet()) {
if (pair.getValue() == null) {
throw new WxPayException("WxPayData内部含有值为null的字段!");
}
if (pair.getKey() != "sign" && pair.getValue().toString() != "") {
buff += pair.getKey() + "=" + pair.getValue() + "&";
}
}
buff = sideTrim(buff, "&");
return buff;
}
/**
*
*
* 去掉指定字符串的开头和结尾的指定字符
*
*
*
* @param stream
* 要处理的字符串
* @param trimstr
* 要去掉的字符串
* @return 处理后的字符串
*/
public static String sideTrim(String stream, String trimstr) {
// null或者空字符串的时候不处理
if (stream == null || stream.length() == 0 || trimstr == null || trimstr.length() == 0) {
return stream;
}
// 结束位置
int epos = 0;
// 正规表达式
String regpattern = "[" + trimstr + "]*+";
Pattern pattern = Pattern.compile(regpattern, Pattern.CASE_INSENSITIVE);
// 去掉结尾的指定字符
StringBuffer buffer = new StringBuffer(stream).reverse();
Matcher matcher = pattern.matcher(buffer);
if (matcher.lookingAt()) {
epos = matcher.end();
stream = new StringBuffer(buffer.substring(epos)).reverse().toString();
}
// 去掉开头的指定字符
matcher = pattern.matcher(stream);
if (matcher.lookingAt()) {
epos = matcher.end();
stream = stream.substring(epos);
}
// 返回处理后的字符串
return stream;
}
/**
* @Dictionary格式化成Json
* @return json串数据
*/
public String ToJson() {
String jsonStr = JSON.toJSONString(m_values);
return jsonStr;
}
/**
* @throws WxPayException
* @values格式化成能在Web页面上显示的结果(因为web页面上不能直接输出xml格式的字符串)
*/
public String ToPrintStr() throws WxPayException {
String str = "";
for (Map.Entry<String, Object> pair : m_values.entrySet()) {
if (pair.getValue() == null) {
throw new WxPayException("WxPayData内部含有值为null的字段!");
}
str += String.format("{0}={1}<br>", pair.getKey(), pair.getValue().toString());
}
return str;
}
/**
* @生成签名,详见签名生成算法
* @return 签名, sign字段不参加签名
* @throws WxPayException
*/
public String MakeSign() throws WxPayException {
// 转url格式
String str = ToUrl();
// 在String后加入API KEY
str += "&key=" + Configure.getKey();
// MD5加密
//PayCommonUtil.createSign("UTF-8", packageParams,key)
// 所有字符转为大写
return MD5.MD5Encode(str, "UTF-8").toUpperCase();
}
/**
*
* 检测签名是否正确 正确返回true,错误抛异常
*
* @throws WxPayException
*/
public boolean CheckSign() throws WxPayException {
// 如果没有设置签名,则跳过检测
if (!IsSet("sign")) {
throw new WxPayException("WxPayData签名存在但不合法!");
}
// 如果设置了签名但是签名为空,则抛异常
else if (GetValue("sign") == null || GetValue("sign").toString() == "") {
throw new WxPayException("WxPayData签名存在但不合法!");
}
// 获取接收到的签名
String return_sign = GetValue("sign").toString();
// 在本地计算新的签名
String cal_sign = MakeSign();
if (cal_sign == return_sign) {
return true;
}
throw new WxPayException("WxPayData签名验证错误!");
}
/**
* @获取Dictionary
*/
public SortedMap<String, Object> GetValues() {
return m_values;
}
}package com.luozhuang;
public class WxPayException extends Exception {
public WxPayException(String string) {
super(string);
}
}
package com.luozhuang.util;
/**
* luozhuang 这里放置各种配置数据
*/
public class Configure {
// 回调地址
public static final String NOTIFY_URL = "http://www.weixin.qq.com/wxpay/pay.php";
/**
* 这个就是自己要保管好的私有Key了(切记只能放在自己的后台代码里,不能放在任何可能被看到源代码的客户端程序中)
*
* 每次自己Post数据给API的时候都要用这个key来对所有字段进行签名,生成的签名会放在Sign这个字段,API收到Post数据的时候也会用同样的签名算法对Post过来的数据进行签名和验证
* 收到API的返回的时候也要用这个key来对返回的数据算下签名,跟API的Sign数据进行比较,如果值不一致,有可能数据被第三方给篡改
*/
private static String key = "luozhuang";
/**
* 微信分配的公众号ID(开通公众号之后可以获取到)
*
*/
private static String appID = "luozhuang";
/**
* 微信支付分配的商户号ID(开通公众号的微信支付功能之后可以获取到)
*
*/
private static String mchID = "luozhuang";
/**
* 受理模式下给子商户分配的子商户号
*
*/
private static String subMchID = "luozhuang";
/**
* HTTPS证书的本地路径
*
*/
private static String certLocalPath = "C:\\Users\\luozhuang\\my.store";
/**
* HTTPS证书密码,默认密码等于商户号MCHID
*
*/
private static String certPassword = "luozhuang";
/**
* 是否使用异步线程的方式来上报API测速,默认为异步模式
*
*/
private static boolean useThreadToDoReport = true;
/**
* 机器IP
*
*/
private static String ip = "luozhuang";
// 以下是几个API的路径:
/**
* 1)被扫支付API
*
*/
public static String PAY_API = "https://api.mch.weixin.qq.com/pay/micropay";
/**
* 2)被扫支付查询API
*
*/
public static String PAY_QUERY_API = "https://api.mch.weixin.qq.com/pay/orderquery";
/**
* 3)退款API
*
*/
public static String REFUND_API = "https://api.mch.weixin.qq.com/secapi/pay/refund";
/**
* 4)退款查询API
*
*/
public static String REFUND_QUERY_API = "https://api.mch.weixin.qq.com/pay/refundquery";
/**
* 5)撤销API
*
*/
public static String REVERSE_API = "https://api.mch.weixin.qq.com/secapi/pay/reverse";
/**
* 6)下载对账单API
*
*/
public static String DOWNLOAD_BILL_API = "https://api.mch.weixin.qq.com/pay/downloadbill";
/**
* 7) 统计上报API
*
*/
public static String REPORT_API = "https://api.mch.weixin.qq.com/payitil/report";
/**
* 转换短链接
*/
public static String Shorturl_API = "https://api.mch.weixin.qq.com/tools/shorturl";
/**
* 统一下单
*/
public static String UnifiedOrder_API = "https://api.mch.weixin.qq.com/pay/unifiedorder";
/**
* 关闭订单
*/
public static String CloseOrder_API = "https://api.mch.weixin.qq.com/pay/closeorder";
public static boolean isUseThreadToDoReport() {
return useThreadToDoReport;
}
public static void setUseThreadToDoReport(boolean useThreadToDoReport) {
Configure.useThreadToDoReport = useThreadToDoReport;
}
public static String HttpsRequestClassName = "com.tencent.common.HttpsRequest";
public static void setKey(String key) {
Configure.key = key;
}
public static void setAppID(String appID) {
Configure.appID = appID;
}
public static void setMchID(String mchID) {
Configure.mchID = mchID;
}
public static void setSubMchID(String subMchID) {
Configure.subMchID = subMchID;
}
public static void setCertLocalPath(String certLocalPath) {
Configure.certLocalPath = certLocalPath;
}
public static void setCertPassword(String certPassword) {
Configure.certPassword = certPassword;
}
public static void setIp(String ip) {
Configure.ip = ip;
}
public static String getKey() {
return key;
}
public static String getAppid() {
return appID;
}
public static String getMchid() {
return mchID;
}
public static String getSubMchid() {
return subMchID;
}
public static String getCertLocalPath() {
return certLocalPath;
}
public static String getCertPassword() {
return certPassword;
}
public static String getIP() {
return ip;
}
public static void setHttpsRequestClassName(String name) {
HttpsRequestClassName = name;
}
}
package com.luozhuang.util;
import com.thoughtworks.xstream.XStream;
import com.thoughtworks.xstream.io.xml.DomDriver;
import com.thoughtworks.xstream.io.xml.XmlFriendlyNameCoder;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.ConnectTimeoutException;
import org.apache.http.conn.ConnectionPoolTimeoutException;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.net.ssl.SSLContext;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.SocketTimeoutException;
import java.security.*;
import java.security.cert.CertificateException;
/**
* luozhuang
*/
public class HttpsRequest {
public interface ResultListener {
public void onConnectionPoolTimeoutError();
}
private static Logger log = new Logger();
// 表示请求器是否已经做了初始化工作
private boolean hasInit = false;
// 连接超时时间,默认10秒
private int socketTimeout = 10000;
// 传输超时时间,默认30秒
private int connectTimeout = 30000;
// 请求器的配置
private RequestConfig requestConfig;
// HTTP请求器
private CloseableHttpClient httpClient;
public HttpsRequest() throws UnrecoverableKeyException, KeyManagementException, NoSuchAlgorithmException,
KeyStoreException, IOException {
init();
}
/**
* 对安全性有要求的网站一般使用https来加密传输的请求和响应。https离不开证书,关于证书不在多说。Apache的HttpClient支持https,
* 面是官方的样例程序,程序中使用了my.store这个文件,
* 这个文件不是网站的证书,而是一份包含自己密码的自己的证书库。这个文件是需要自己生成的,使用jdk中的keytool命令可以很方便的生成my.store文件。步骤如下(以支付宝为例):
* 浏览器(以chrome为例)访问https://www.alipay.com/,点击域名左侧的小锁,可以查看支付宝的证书信息
*
*
* 将支付包的证书信息导出,证书格式有很多中,der、cer等。随便选择即可。 命令行或者shell执行 keytool -import -alias
* "my alipay cert" -file www.alipay.com.cert -keystore my.store,
* 如果keytool命令不识别,去检查一下jdk的环境变量是否设置正确。”my alipay
* cert”是个别名,随便取。“www.alipay.com.cert”这个文件就是从浏览器中导出的支付宝的证书。
*
* @throws IOException
* @throws KeyStoreException
* @throws UnrecoverableKeyException
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
*/
private void init() throws IOException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException,
KeyManagementException {
if (Configure.getCertLocalPath() == null || Configure.getCertLocalPath().length() < 1) {
}
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream instream = new FileInputStream(new File(Configure.getCertLocalPath()));// 加载本地的证书进行https加密传输
try {
keyStore.load(instream, Configure.getCertPassword().toCharArray());// 设置证书密码
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} finally {
instream.close();
}
// Trust own CA and all self-signed certs
SSLContext sslcontext = SSLContexts.custom()
.loadKeyMaterial(keyStore, Configure.getCertPassword().toCharArray()).build();
// Allow TLSv1 protocol only
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext, new String[] { "TLSv1" }, null,
SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
// 根据默认超时限制初始化requestConfig
requestConfig = RequestConfig.custom().setSocketTimeout(socketTimeout).setConnectTimeout(connectTimeout)
.build();
hasInit = true;
}
/**
* 通过Https往API post xml数据
*
* @param url
* API地址
* @param xmlObj
* 要提交的XML数据对象
* @return API回包的实际数据
* @throws IOException
* @throws KeyStoreException
* @throws UnrecoverableKeyException
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
*/
public String sendPost(String url, String postDataXML) throws IOException, KeyStoreException,
UnrecoverableKeyException, NoSuchAlgorithmException, KeyManagementException {
if (!hasInit) {
init();
}
String result = null;
HttpPost httpPost = new HttpPost(url);
Util.log("API,POST过去的数据是:");
Util.log(postDataXML);
// 得指明使用UTF-8编码,否则到API服务器XML的中文不能被成功识别
StringEntity postEntity = new StringEntity(postDataXML, "UTF-8");
httpPost.addHeader("Content-Type", "text/xml");
httpPost.setEntity(postEntity);
// 设置请求器的配置
httpPost.setConfig(requestConfig);
Util.log("executing request" + httpPost.getRequestLine());
try {
HttpResponse response = httpClient.execute(httpPost);
HttpEntity entity = response.getEntity();
result = EntityUtils.toString(entity, "UTF-8");
} catch (ConnectionPoolTimeoutException e) {
log.error("http get throw ConnectionPoolTimeoutException(wait time out)", e);
} catch (ConnectTimeoutException e) {
log.error("http get throw ConnectTimeoutException", e);
} catch (SocketTimeoutException e) {
log.error("http get throw SocketTimeoutException", e);
} catch (Exception e) {
log.error("http get throw Exception", e);
} finally {
httpPost.abort();
}
return result;
}
/**
* 设置连接超时时间
*
* @param socketTimeout
* 连接时长,默认10秒
*/
public void setSocketTimeout(int socketTimeout) {
socketTimeout = socketTimeout;
resetRequestConfig();
}
/**
* 设置传输超时时间
*
* @param connectTimeout
* 传输时长,默认30秒
*/
public void setConnectTimeout(int connectTimeout) {
connectTimeout = connectTimeout;
resetRequestConfig();
}
private void resetRequestConfig() {
requestConfig = RequestConfig.custom().setSocketTimeout(socketTimeout).setConnectTimeout(connectTimeout)
.build();
}
/**
* 允许商户自己做更高级更复杂的请求器配置
*
* @param requestConfig
* 设置HttpsRequest的请求器配置
*/
public void setRequestConfig(RequestConfig requestConfig) {
requestConfig = requestConfig;
}
}
package com.luozhuang.util;
import java.security.MessageDigest;
/**
* luozhuang
*/
public class MD5 {
private final static String[] hexDigits = {"0", "1", "2", "3", "4", "5", "6", "7",
"8", "9", "a", "b", "c", "d", "e", "f"};
/**
* 转换字节数组为16进制字串
* @param b 字节数组
* @return 16进制字串
*/
public static String byteArrayToHexString(byte[] b) {
StringBuilder resultSb = new StringBuilder();
for (byte aB : b) {
resultSb.append(byteToHexString(aB));
}
return resultSb.toString();
}
/**
* 转换byte到16进制
* @param b 要转换的byte
* @return 16进制格式
*/
private static String byteToHexString(byte b) {
int n = b;
if (n < 0) {
n = 256 + n;
}
int d1 = n / 16;
int d2 = n % 16;
return hexDigits[d1] + hexDigits[d2];
}
/**
* MD5编码
* @param origin 原始字符串
* @param characterEncoding
* @return 经过MD5加密之后的结果
*/
public static String MD5Encode(String origin, String charsetname) {
String resultString = null;
try {
resultString = origin;
MessageDigest md = MessageDigest.getInstance("MD5");
if (charsetname == null || "".equals(charsetname))
resultString = byteArrayToHexString(md.digest(resultString
.getBytes()));
else
resultString = byteArrayToHexString(md.digest(resultString
.getBytes(charsetname)));
} catch (Exception e) {
e.printStackTrace();
}
return resultString;
}
}
package com.luozhuang.util;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.SortedMap;
import com.luozhuang.WxPayException;
public class PayCommonUtil {
/**
* 是否签名正确,规则是:按参数名称a-z排序,遇到空值的参数不参加签名。
*
* @return boolean
*/
public static boolean isTenpaySign(String characterEncoding, SortedMap<Object, Object> packageParams,
String API_KEY) {
StringBuffer sb = new StringBuffer();
Set es = packageParams.entrySet();
Iterator it = es.iterator();
while (it.hasNext()) {
Map.Entry entry = (Map.Entry) it.next();
String k = (String) entry.getKey();
String v = (String) entry.getValue();
if (!"sign".equals(k) && null != v && !"".equals(v)) {
sb.append(k + "=" + v + "&");
}
}
sb.append("key=" + API_KEY);
// 算出摘要
String mysign = MD5.MD5Encode(sb.toString(), characterEncoding).toLowerCase();
String tenpaySign = ((String) packageParams.get("sign")).toLowerCase();
return tenpaySign.equals(mysign);
}
/**
* @author
* @date 2016-4-22
* @Description:sign签名
* @param characterEncoding
* 编码格式
* @param parameters
* 请求参数
* @return
*/
public static String createSign(String characterEncoding, SortedMap<Object, Object> packageParams, String API_KEY) {
StringBuffer sb = new StringBuffer();
Set es = packageParams.entrySet();
Iterator it = es.iterator();
while (it.hasNext()) {
Map.Entry entry = (Map.Entry) it.next();
String k = (String) entry.getKey();
String v = (String) entry.getValue();
if (null != v && !"".equals(v) && !"sign".equals(k) && !"key".equals(k)) {
sb.append(k + "=" + v + "&");
}
}
sb.append("key=" + API_KEY);
String sign = MD5.MD5Encode(sb.toString(), characterEncoding).toUpperCase();
return sign;
}
/**
* @author
* @date 2016-4-22
* @Description:将请求参数转换为xml格式的string
* @param parameters
* 请求参数
* @return
* @throws WxPayException
*/
public static String getRequestXml(SortedMap<String, Object> parameters) throws WxPayException {
StringBuffer sb = new StringBuffer();
sb.append("<xml>");
Set<Map.Entry<String, Object>> es = parameters.entrySet();
Iterator<Map.Entry<String, Object>> it = es.iterator();
while (it.hasNext()) {
Map.Entry<String, Object> entry = (Map.Entry<String, Object>) it.next();
String k = entry.getKey();
String v = (String) entry.getValue();
// 字段值不能为null,会影响后续流程
if (v == null) {
throw new WxPayException("WxPayData内部含有值为null的字段!");
}
if ("attach".equalsIgnoreCase(k) || "body".equalsIgnoreCase(k) || "sign".equalsIgnoreCase(k)) {
sb.append("<" + k + ">" + "<![CDATA[" + v + "]]></" + k + ">");
} else {
sb.append("<" + k + ">" + v + "</" + k + ">");
}
}
sb.append("</xml>");
return sb.toString();
}
/**
* 取出一个指定长度大小的随机正整数.
*
* @param length
* int 设定所取出随机数的长度。length小于11
* @return int 返回生成的随机数。
*/
public static int buildRandom(int length) {
int num = 1;
double random = Math.random();
if (random < 0.1) {
random = random + 0.1;
}
for (int i = 0; i < length; i++) {
num = num * 10;
}
return (int) ((random * num));
}
/**
* 获取当前时间 yyyyMMddHHmmss
*
* @return String
*/
public static String getCurrTime() {
Date now = new Date();
SimpleDateFormat outFormat = new SimpleDateFormat("yyyyMMddHHmmss");
String s = outFormat.format(now);
return s;
}
}
package com.luozhuang.util;
import java.util.Random;
/**
* luozhuang
*/
public class RandomStringGenerator {
/**
* 获取一定长度的随机字符串
* @param length 指定字符串长度
* @return 一定长度的字符串
*/
public static String getRandomStringByLength(int length) {
String base = "abcdefghijklmnopqrstuvwxyz0123456789";
Random random = new Random();
StringBuffer sb = new StringBuffer();
for (int i = 0; i < length; i++) {
int number = random.nextInt(base.length());
sb.append(base.charAt(number));
}
return sb.toString();
}
}
package com.luozhuang.util;
import org.xml.sax.SAXException;
import javax.xml.parsers.ParserConfigurationException;
import java.io.IOException;
import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
/**
* luozhuang
*/
public class Signature {
/**
* 签名算法
* @param o 要参与签名的数据对象
* @return 签名
* @throws IllegalAccessException
*/
public static String getSign(Object o) throws IllegalAccessException {
ArrayList<String> list = new ArrayList<String>();
Class cls = o.getClass();
Field[] fields = cls.getDeclaredFields();
for (Field f : fields) {
f.setAccessible(true);
if (f.get(o) != null && f.get(o) != "") {
list.add(f.getName() + "=" + f.get(o) + "&");
}
}
int size = list.size();
String [] arrayToSort = list.toArray(new String[size]);
Arrays.sort(arrayToSort, String.CASE_INSENSITIVE_ORDER);
StringBuilder sb = new StringBuilder();
for(int i = 0; i < size; i ++) {
sb.append(arrayToSort[i]);
}
String result = sb.toString();
result += "key=" + Configure.getKey();
Util.log("Sign Before MD5:" + result);
result = MD5.MD5Encode(result,null).toUpperCase();
Util.log("Sign Result:" + result);
return result;
}
public static String getSign(Map<String,Object> map){
ArrayList<String> list = new ArrayList<String>();
for(Map.Entry<String,Object> entry:map.entrySet()){
if(entry.getValue()!=""){
list.add(entry.getKey() + "=" + entry.getValue() + "&");
}
}
int size = list.size();
String [] arrayToSort = list.toArray(new String[size]);
Arrays.sort(arrayToSort, String.CASE_INSENSITIVE_ORDER);
StringBuilder sb = new StringBuilder();
for(int i = 0; i < size; i ++) {
sb.append(arrayToSort[i]);
}
String result = sb.toString();
result += "key=" + Configure.getKey();
//Util.log("Sign Before MD5:" + result);
result = MD5.MD5Encode(result,null).toUpperCase();
//Util.log("Sign Result:" + result);
return result;
}
/**
* 从API返回的XML数据里面重新计算一次签名
* @param responseString API返回的XML数据
* @return 新鲜出炉的签名
* @throws ParserConfigurationException
* @throws IOException
* @throws SAXException
*/
public static String getSignFromResponseString(String responseString) throws IOException, SAXException, ParserConfigurationException {
Map<String,Object> map = XMLParser.getMapFromXML(responseString);
//清掉返回数据对象里面的Sign数据(不能把这个数据也加进去进行签名),然后用签名算法进行签名
map.put("sign","");
//将API返回的数据根据用签名算法进行计算新的签名,用来跟API返回的签名进行比较
return Signature.getSign(map);
}
/**
* 检验API返回的数据里面的签名是否合法,避免数据在传输的过程中被第三方篡改
* @param responseString API返回的XML数据字符串
* @return API签名是否合法
* @throws ParserConfigurationException
* @throws IOException
* @throws SAXException
*/
public static boolean checkIsSignValidFromResponseString(String responseString) throws ParserConfigurationException, IOException, SAXException {
Map<String,Object> map = XMLParser.getMapFromXML(responseString);
Util.log(map.toString());
String signFromAPIResponse = map.get("sign").toString();
if(signFromAPIResponse=="" || signFromAPIResponse == null){
Util.log("API返回的数据签名数据不存在,有可能被第三方篡改!!!");
return false;
}
Util.log("服务器回包里面的签名是:" + signFromAPIResponse);
//清掉返回数据对象里面的Sign数据(不能把这个数据也加进去进行签名),然后用签名算法进行签名
map.put("sign","");
//将API返回的数据根据用签名算法进行计算新的签名,用来跟API返回的签名进行比较
String signForAPIResponse = Signature.getSign(map);
if(!signForAPIResponse.equals(signFromAPIResponse)){
//签名验不过,表示这个API返回的数据有可能已经被篡改了
Util.log("API返回的数据签名验证不通过,有可能被第三方篡改!!!");
return false;
}
Util.log("恭喜,API返回的数据签名验证通过!!!");
return true;
}
}
package com.luozhuang.util;
import com.thoughtworks.xstream.XStream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.*;
import java.lang.reflect.Field;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Map;
/**
* luozhuang
*/
public class Util {
//打log用
private static Logger logger = new Logger();
/**
* 通过反射的方式遍历对象的属性和属性值,方便调试
*
* @param o 要遍历的对象
* @throws Exception
*/
public static void reflect(Object o) throws Exception {
Class cls = o.getClass();
Field[] fields = cls.getDeclaredFields();
for (int i = 0; i < fields.length; i++) {
Field f = fields[i];
f.setAccessible(true);
Util.log(f.getName() + " -> " + f.get(o));
}
}
public static byte[] readInput(InputStream in) throws IOException {
ByteArrayOutputStream out = new ByteArrayOutputStream();
int len = 0;
byte[] buffer = new byte[1024];
while ((len = in.read(buffer)) > 0) {
out.write(buffer, 0, len);
}
out.close();
in.close();
return out.toByteArray();
}
public static String inputStreamToString(InputStream is) throws IOException {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
int i;
while ((i = is.read()) != -1) {
baos.write(i);
}
return baos.toString();
}
public static InputStream getStringStream(String sInputString) throws UnsupportedEncodingException {
ByteArrayInputStream tInputStringStream = null;
if (sInputString != null && !sInputString.trim().equals("")) {
tInputStringStream = new ByteArrayInputStream(sInputString.getBytes("UTF-8"));
}
return tInputStringStream;
}
public static Object getObjectFromXML(String xml, Class tClass) {
//将从API返回的XML数据映射到Java对象
XStream xStreamForResponseData = new XStream();
xStreamForResponseData.alias("xml", tClass);
xStreamForResponseData.ignoreUnknownElements();//暂时忽略掉一些新增的字段
return xStreamForResponseData.fromXML(xml);
}
public static String getStringFromMap(Map<String, Object> map, String key, String defaultValue) {
if (key == "" || key == null) {
return defaultValue;
}
String result = (String) map.get(key);
if (result == null) {
return defaultValue;
} else {
return result;
}
}
public static int getIntFromMap(Map<String, Object> map, String key) {
if (key == "" || key == null) {
return 0;
}
if (map.get(key) == null) {
return 0;
}
return Integer.parseInt((String) map.get(key));
}
/**
* 打log接口
* @param log 要打印的log字符串
* @return 返回log
*/
public static String log(Object log){
logger.info(log.toString());
//System.out.println(log);
return log.toString();
}
/**
* 读取本地的xml数据,一般用来自测用
* @param localPath 本地xml文件路径
* @return 读到的xml字符串
*/
public static String getLocalXMLString(String localPath) throws IOException {
return Util.inputStreamToString(Util.class.getResourceAsStream(localPath));
}
}
package com.luozhuang.util;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.SortedMap;
import java.util.TreeMap;
/**
* luozhuang
*/
public class XMLParser {
public static SortedMap<String,Object> getMapFromXML(String xmlString) throws ParserConfigurationException, IOException, SAXException {
//这里用Dom的方式解析回包的最主要目的是防止API新增回包字段
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder = factory.newDocumentBuilder();
InputStream is = Util.getStringStream(xmlString);
Document document = builder.parse(is);
//获取到document里面的全部结点
NodeList allNodes = document.getFirstChild().getChildNodes();
Node node;
SortedMap<String, Object> map = new TreeMap<String, Object>();
int i=0;
while (i < allNodes.getLength()) {
node = allNodes.item(i);
if(node instanceof Element){
map.put(node.getNodeName(),node.getTextContent());
}
i++;
}
return map;
}
}