本文介绍如何通过微信支付V3接口获取微信平台证书,并利用该证书进行敏感数据的加密处理。详细展示了从获取证书到使用证书进行加密的全过程。
敏感词加密
Map<String, Object> weChatPlatformCertificateMap = payScorePartnerService.getPartnerCertificate(你的商户id, "wechat_platform_certificate");
【
public Map<String, Object> getPartnerCertificate(String 你的商户id, String weChatPlatformCertificateKey) throws ServiceException {
//存缓存
Map<String, Object> certificate = wechatPayV3CertificateCache.getPartnerWeChatPlatformCertificate(weChatPlatformCertificateKey);
if (certificate.get("certificate") != null) {
return certificate;
}
// 当前没有证书,重新拉取拉取微信证书
String certNo = 你的证书编号;
String v3Key = 你的v3key;
你的商户id = properties.getPayscore().getPartnerMchId();
String uri = WeChatPayV3Constants.PARTNER_GET_PLATFORM_CERTIFICATES;
JSONObject result = weChatPayV3Template.doGet(uri, 你的商户id, 你的证件编号);
【
public JSONObject doGet(String uri, String 你的商户id, String 你的证件编号) throws ServiceException {
String url = String.format("%1$s%2$s", WeChatPayV3Constants.DOMAIN, uri);
// 添加请求头
MultiValueMap<String, String> headers = new LinkedMultiValueMap<>();
headers.add("Content-Type", "application/json");
headers.add("Accept", "application/json");
String certKeyPath = wechatProperties.getCertKeyPath(你的商户id);
// String certKeyPath = wechatProperties.getPayscore().getPartnerPrivateKeyUrl();
// 生成支付签名
String token = WeChatPayV3Util.getToken("GET", uri, 你的商户id, "", 你的证件编号, certKeyPath);
String authorization = WeChatPayV3Constants.WECHAT_SCHEMA + " " + token;
headers.add("Authorization", authorization);
log.info("#################### 微信支付v3开始请求 url:{} ####################", url);
HttpEntity httpEntity = new HttpEntity<>(headers);
ResponseEntity<String> responseEntity = null;
try {
responseEntity = reqRestTemplate.exchange(url, HttpMethod.GET, httpEntity, String.class);
} catch (HttpStatusCodeException e) {
log.error("########## 请求错误:code: {}, message: {} ##########", e.getStatusCode(), e.getResponseBodyAsString());
String body = e.getResponseBodyAsString();
if (StringUtils.isNotEmpty(body)) {
Map bodyMap = JsonUtils.toMap(body);
if (bodyMap != null && bodyMap.containsKey("message")) {
if ("ORDER_NOT_EXIST".equals(bodyMap.get("code").toString()) || "CONTRACT_NOT_EXIST".equals(bodyMap.get("code").toString())) {
throw new ServiceException(ErrorCode.ayment_wechat_v3_request_failed_order_not_exist, bodyMap.get("message").toString());
}
throw new ServiceException(ErrorCode.payment_wechat_v3_request_error, bodyMap.get("message").toString());
}
}
throw new ServiceException(ErrorCode.payment_wechat_v3_request_error, e.getResponseBodyAsString());
} catch (RestClientException e) {
log.error("请求接口失败", e);
throw new ServiceException(ErrorCode.payment_wechat_v3_request_error, e.getMessage());
}
if (!responseEntity.getStatusCode().is2xxSuccessful()) {
String result = responseEntity.getBody();
WeChatPayV3ResultEntity wxResultEntity = JSONObject.parseObject(result, WeChatPayV3ResultEntity.class);
log.error("#################### 微信支付请求失败 statusCode:{},code:{},msg:{}, detail:{} ####################",
responseEntity.getStatusCode(), wxResultEntity.getCode(), wxResultEntity.getMessage(), wxResultEntity.getDetail());
throw new ServiceException(ErrorCode.payment_wechat_v3_request_error, wxResultEntity.getMessage());
}
HttpHeaders responseHeaders = responseEntity.getHeaders();
// 微信支付唯一请求Id
List<String> uniqueReqId = responseHeaders.get("Request-ID");
log.debug("#################### 微信支付v3收到响应,responseCode:{}, uniqueReqId:{}, data:{} ####################",
responseEntity.getStatusCode(), uniqueReqId, responseEntity);
return JSONObject.parseObject(responseEntity.getBody());
}
】
List<WechatPayCertificatesVo> payCertificatesList = JSONArray.parseArray(result.getString("data"), WechatPayCertificatesVo.class);
// 拿到最新的微信平台证书
// 解密微信通知数据
payCertificatesList.stream().forEach(item -> {
WechatPayEncryptCertificateDataVo encryptCertificate = item.getEncryptCertificate();
String associatedData = encryptCertificate.getAssociatedData();
String nonce = encryptCertificate.getNonce();
String cipherText = encryptCertificate.getCipherText();
String certificateInfo = WeChatPayV3Util.decryptToString(associatedData, nonce, cipherText, v3Key);
// 将证书数据缓存到redis
String serialNo = item.getSerialNo();
Date effectiveTime = item.getEffectiveTime();
Date expireTime = item.getExpireTime();
wechatPayV3CertificateCache.cacheWeChatPlatformCertificate(weChatPlatformCertificateKey,serialNo, certificateInfo, expireTime, effectiveTime);
});
Map<String, Object> certificateMap = wechatPayV3CertificateCache.getPartnerWeChatPlatformCertificate(weChatPlatformCertificateKey);
if (Objects.isNull(certificate)) {
throw new ServiceException(ErrorCode.payment_pay_score_get_cert_error);
}
return certificateMap;
}
】
String certEntityString = String.valueOf(weChatPlatformCertificateMap.get("certificate"));
String serial = String.valueOf(weChatPlatformCertificateMap.get("serial_no"));
//将证书转化成x509格式
InputStream in = new ByteArrayInputStream(certEntityString.getBytes("utf-8"));
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
Certificate cert = certFactory.generateCertificate(in);
CertHttpUtil.rsaEncryptOAEP(要加密的值, (X509Certificate) cert);
【
public static String rsaEncryptOAEP(String message, X509Certificate certificate)
throws IllegalBlockSizeException, IOException {
try {
Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
cipher.init(Cipher.ENCRYPT_MODE, certificate.getPublicKey());
byte[] data = message.getBytes("utf-8");
byte[] cipherdata = cipher.doFinal(data);
return Base64.encodeBase64String(cipherdata);
} catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
throw new RuntimeException("当前Java环境不支持RSA v1.5/OAEP", e);
} catch (InvalidKeyException e) {
throw new IllegalArgumentException("无效的证书", e);
} catch (IllegalBlockSizeException | BadPaddingException e) {
throw new IllegalBlockSizeException("加密原串的长度不能超过214字节");
}
}
】
大佬勿喷,欢迎提意见建议评论!!!!
扫一扫
711
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
