支付宝APP支付同步返回业务数据验签及处理采坑

1、支付宝同步返回的urlParamsMap参数时,必须配置参数limit控制模式应用的次数,因为sign字段大概率包含=号,可能导致以=号分割不能达到预期结果
2、验签串不以参数自然排序进行拼接,而是以支付宝参数默认排序,因此原串无需重新排序,只需剔除signsign_type字段即可
3、参数数据都是带双引号的,使用时注意处理掉双引号

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
public static void main(String[] args) {
//支付宝APP支付同步返回业务数据
String response = "_input_charset=\"UTF-8\"&appenv=\"system=android^version=1.0.0\"&body=\"alipay online payment body\"&currency=\"THB\"&forex_biz=\"FP\"&notify_url=\"http://www.yezhou.cc/notify/alipay_global_notify.php\"&out_trade_no=\"ali20200306094135648\"&partner=\"2088621924635293\"&payment_type=\"1\"&product_code=\"NEW_WAP_OVERSEAS_SELLER\"&seller_id=\"2088621924635293\"&service=\"mobile.securitypay.pay\"&subject=\"alipay online payment subject\"&total_fee=\"50.5\"&success=\"true\"&sign_type=\"RSA\"&sign=\"X2vX5TWU960D5UpZNzhpN4T9WSa5NBG10bL5zKxEJ+VJHxZh9m82eNJDu62BsEBmg2MhA0+C/VxAdwMxJCwSgsDnnzngi670nHoUXYMfhJdzcBr8JkbOliixRHtgiK9sSbkBU03TRx5EKSLi52OF29ZHV6NXSQQH21juGNCyxmM=\"";

Map<String, String> map = getUrlParams(response);
System.out.println(JSON.toJSONString(map));
//排除sign及sign_type参数
String src = response.replace(String.format("&sign=%s", map.get("sign")), "")
.replace(String.format("&sign_type=%s", map.get("sign_type")), "");
System.out.println(src);

String pubKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDS92pDVyWNT7dzG9zH0opH44z9FayCZTX5iqGUxUjPi667IkyaqrsmDPqKsJp47lJ29lzs+Qv8zjPPdmnxjFteMrfpc4ui24gL1iZnchwX87Ox/+Xrm8HFmKlhmUO9n/QgTT+Nz1RGMEN1+HijvsoAhS0TS8XjSfzRkrwvK2pJQIDAQAB";
String sign = "X2vX5TWU960D5UpZNzhpN4T9WSa5NBG10bL5zKxEJ+VJHxZh9m82eNJDu62BsEBmg2MhA0+C/VxAdwMxJCwSgsDnnzngi670nHoUXYMfhJdzcBr8JkbOliixRHtgiK9sSbkBU03TRx5EKSLi52OF29ZHV6NXSQQH21juGNCyxmM=";

//参数自然排序
//String src = "_input_charset=\"UTF-8\"&appenv=\"system=android^version=1.0.0\"&body=\"alipay online payment body\"&currency=\"THB\"&forex_biz=\"FP\"&notify_url=\"http://www.yezhou.cc/notify/alipay_global_notify.php\"&out_trade_no=\"ali20200306094135648\"&partner=\"2088621924635293\"&payment_type=\"1\"&product_code=\"NEW_WAP_OVERSEAS_SELLER\"&seller_id=\"2088621924635293\"&service=\"mobile.securitypay.pay\"&subject=\"alipay online payment subject\"&success=\"true\"&total_fee=\"50.5\"";
//支付宝参数默认排序
//String src = "_input_charset=\"UTF-8\"&appenv=\"system=android^version=1.0.0\"&body=\"alipay online payment body\"&currency=\"THB\"&forex_biz=\"FP\"&notify_url=\"http://www.yezhou.cc/notify/alipay_global_notify.php\"&out_trade_no=\"ali20200306094135648\"&partner=\"2088621924635293\"&payment_type=\"1\"&product_code=\"NEW_WAP_OVERSEAS_SELLER\"&seller_id=\"2088621924635293\"&service=\"mobile.securitypay.pay\"&subject=\"alipay online payment subject\"&total_fee=\"50.5\"&success=\"true\"";

boolean result = RSAUtil.checkSign(pubKey, src, sign);
System.out.println(result);
}

public static Map<String, String> getUrlParams(String param) {
Map<String, String> map = new HashMap<String, String>();
if (StringUtils.isBlank(param)) {
return map;
}
String[] params = param.split("&");
for (int i = 0; i < params.length; i++) {
if (StringUtils.isNotBlank(params[i])) {
String[] p = params[i].split("=", 2); //必须配置参数limit控制模式应用的次数,因为sign字段大概率包含=号
if (p.length == 2) {
map.put(p[0], p[1]);
}
}
}
return map;
}

Powered by AppBlog.CN     浙ICP备14037229号

Copyright © 2012 - 2021 APP开发技术博客 All Rights Reserved.

访客数 : | 访问量 :