微信回调解密

2025-10-29 17:59:24 +08:00 · 2025-10-29 17:59:24 +08:00 · fc3b817824
parent dd64b83c37
commit fc3b817824
1 changed files with 45 additions and 3 deletions
--- a/cash-service/market-service/src/main/java/com/czg/service/market/service/impl/BaseWx.java
+++ b/cash-service/market-service/src/main/java/com/czg/service/market/service/impl/BaseWx.java
@ -167,14 +167,56 @@ public abstract class BaseWx {
            String signature = request.getHeader("Wechatpay-Signature");
            String result = request.getReader().lines().reduce((a, b) -> a + b).orElse("");
            log.info("参数信息: timestamp: {}, nonce: {}, serialNo: {}, signature: {}, result: {}",  timestamp, nonce, serialNo, signature, result);
-            String resp = WxPayKit.verifyNotify(serialNo, result, signature, nonce, timestamp, config.getApiV3Key(), new ByteArrayInputStream(config.pubKey.getBytes(StandardCharsets.UTF_8)));
-            log.info("解密明文{}", resp);
-            return JSONObject.parseObject(resp);
+            boolean b = WxPayKit.verifySignature(signature, result, nonce, timestamp, config.pubKey);
+            if (!b) {
+                throw new CzgException("验签失败");
+            }
+            JSONObject jsonObject = JSONObject.parseObject(result);
+            JSONObject resource = jsonObject.getJSONObject("resource");
+            String associatedData = resource.getString("associated_data");
+            String ciphertext = resource.getString("ciphertext");
+            String nonceStr = resource.getString("nonce");
+
+            String plainText = decryptToString(associatedData, nonceStr, ciphertext);
+            log.info("充值支付通知明文 {}", plainText);
+            return JSONObject.parseObject(plainText);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

+    public static void main(String[] args) throws Exception {
+         String key = "-----BEGIN PUBLIC KEY-----\n" +
+                 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7sdF3xWrWPCYRjwulCpY\n" +
+                 "KeER1+deVRLWqsMxibarVXt9+hJpMwZtqyEW5/KQrK8CIpefEVuiZuHM5SXZsL7X\n" +
+                 "xWi24WY3wMqxnnrbcVmw4IA4OhVekajXnU4EBMqHzRXTwQpkv0qLfp7J5wEify7u\n" +
+                 "y02j0t38k57IToCEwOY5cP/1vt/bZPJOpeefldaOnmIncF6xklywdGztncSMIzli\n" +
+                 "rs1+Jnbrjx9DnhWmBJSa6yWL7sZjBa8YvZBvQBBHC1b82LFawjwKHKDBZlT+kFnp\n" +
+                 "aboDHKhR4+DbXREkwlU4In70tcMUbitkKt6T2qpErskeKy2uF4iUDQxo3NGMC4AX\n" +
+                 "vQIDAQAB\n" +
+                 "-----END PUBLIC KEY-----";
+        String timestamp = "1761731254";
+        String nonce = "z0PqTTIyTE6vLkZWzX3RmBlS5yodUY5J";
+        String serialNo = "PUB_KEY_ID_0117300912032025102500112177000200";
+        String signature = "yMBK0e54XUS9lzmgeuWzg0Xw4UIQg3/f2o3BreByipvnaJcb2eiSU/gdL8MnJWXgXYaVE/c5NgXAsagbGQhgKS6RQ37ZlUhWTun+jFGfFi5V2Djd01JaSMHHzGHWXApIV8DJnJlr2uCeJtX3U0SNXovWxlkeId8SPFPQRK4DNIjiDJsmzlB33VZ+ma8QtGsUg5E+dP9wz42xfUbGpnMjjKuyK7sUeSrgRaSqQ6fb1sUNGy1yaCs/ZS/KpMJL3d3eZbB9cRIP7eanlHx11Xi8tboLPmyVSTm01LHYdCBAAQzK3QlbtCMaK0dzpFepEABpVt42ajH0GfVPsyvep7k5/A==";
+        String result = "{\"id\":\"3946093d-5053-5d9d-9821-3b52acccac06\",\"create_time\":\"2025-10-29T17:47:29+08:00\",\"resource_type\":\"encrypt-resource\",\"event_type\":\"MCHTRANSFER.BILL.FINISHED\",\"summary\":\"商家转账单据终态通知\",\"resource\":{\"original_type\":\"mch_payment\",\"algorithm\":\"AEAD_AES_256_GCM\",\"ciphertext\":\"mWr+e0tYehbdV7nIMXeFTe/moALfDh+ky48XWBd0Oc0mb99JhTnHgbfIfRijNdTPKm1NMAO0/l4oJ78rCiLnanW2u2Dx7Rme9JjJ41PqXaQKuQeNSaEez2yK1uwagpu1bWL5fStNXFHDpgzzd+2fFPCv+9pTWD6BhbPq5L2WKjOpFNe4wsl4cozUS2hzyU63nv+QbIlEOyQgXu/cXc0fU4AKUO1mApnBILIA9pHNJaDZiktfyYKHz01u39iVnVJSWDKllWKIEeEhlzKrQvP1vdArj/ifvaymlwYRyFmRz2TNkYxw4LLEWj772wFEibRZTp0mbW/78gDP/yxOreIgdI75VrxJx46JYfT9lWHD7BTDH/c97CnWQlRq2EH4E14Es4bQYqnuWJIrrB6XZ1duOvVS86hP2dq2nMFKYN6niRKeTfCJ3yRU0A==\",\"associated_data\":\"mch_payment\",\"nonce\":\"PwmzF2cR2MRD\"}}";
+        boolean b = WxPayKit.verifySignature(signature, result, nonce, timestamp, "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7sdF3xWrWPCYRjwulCpY\n" +
+                "KeER1+deVRLWqsMxibarVXt9+hJpMwZtqyEW5/KQrK8CIpefEVuiZuHM5SXZsL7X\n" +
+                "xWi24WY3wMqxnnrbcVmw4IA4OhVekajXnU4EBMqHzRXTwQpkv0qLfp7J5wEify7u\n" +
+                "y02j0t38k57IToCEwOY5cP/1vt/bZPJOpeefldaOnmIncF6xklywdGztncSMIzli\n" +
+                "rs1+Jnbrjx9DnhWmBJSa6yWL7sZjBa8YvZBvQBBHC1b82LFawjwKHKDBZlT+kFnp\n" +
+                "aboDHKhR4+DbXREkwlU4In70tcMUbitkKt6T2qpErskeKy2uF4iUDQxo3NGMC4AX\n" +
+                "vQIDAQAB");
+
+        JSONObject jsonObject = JSONObject.parseObject(result);
+        JSONObject resource = jsonObject.getJSONObject("resource");
+        String associatedData = resource.getString("associated_data");
+        String ciphertext = resource.getString("ciphertext");
+        String nonceStr = resource.getString("nonce");
+
+
+    }
+
    public String decryptToString(String associatedData, String nonceStr, String ciphertext) {
        AesUtil aesUtil = new AesUtil(config.getApiV3Key().getBytes(StandardCharsets.UTF_8));
        try {