利用证书自签名发送
public class WxConfiguration implements ResourceLoaderAware
@Setter
private ResourceLoader resourceLoader;
-------------------
@Bean
WxPayApi wxPayApi(WxPayConfig config, WxPayCodec wxPayCodec) throws Exception {
OkHttpClient.Builder clientBuilder = new OkHttpClient.Builder();
// 微信支付需要支持自签名证书
if (StringUtils.isNotBlank(config.getCertificatePath())) {
Resource certificate = resourceLoader.getResource(config.getCertificatePath());
X509KeyManager keyManager = buildX509KeyManagerFromPKCS12(certificate.getInputStream(), config.getMchId());
SSLContext sslContext = SSLContext.getInstance("TLSv1");
sslContext.init(new KeyManager[]{keyManager}, null, null);
// 利用证书创建http客户端
clientBuilder.sslSocketFactory(sslContext.getSocketFactory());
}
Retrofit retrofit = new Retrofit.Builder()
.baseUrl(config.getBaseUrl())
.client(clientBuilder.build())
.addConverterFactory(new WxPayApiConverterFactory(config, wxPayCodec))
.build();
return retrofit.create(WxPayApi.class);
}
证书的读取
public static X509KeyManager buildX509KeyManagerFromPKCS12(InputStream keyStream, String password) throws Exception {
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(keyStream, password.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, password.toCharArray());
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
if (keyManagers.length != 1 || !(keyManagers[0] instanceof X509KeyManager)) {
throw new IllegalStateException("Unexpected trust managers: " + Arrays.toString(keyManagers));
}
return (X509KeyManager) keyManagers[0];
}