App支付宝支付服务器端验签随笔

【App支付宝支付服务器端验签】支付可以通过支付宝验签或者自己的后台验签
App前端

2.0 订单串本地签名逻辑
注意：本 Demo 仅作为展示用途，实际项目中不能将 RSA_PRIVATE 和签名逻辑放在客户端进行！
*/

{

/** * 构造授权参数列表 * * @param pid * @param app_id * @param target_id * @return */ public static Map buildAuthInfoMap(String pid, String app_id, String target_id, boolean rsa2) { Map keyValues = new HashMap(); // 商户签约拿到的app_id，如：2013081700024223 keyValues.put("app_id", app_id); // 商户签约拿到的pid，如：2088102123816631 keyValues.put("pid", pid); // 服务接口名称，固定值 keyValues.put("apiname", "com.alipay.account.auth"); // 商户类型标识，固定值 keyValues.put("app_name", "mc"); // 业务类型，固定值 keyValues.put("biz_type", "openservice"); // 产品码，固定值 keyValues.put("product_id", "APP_FAST_LOGIN"); // 授权范围，固定值 keyValues.put("scope", "kuaijie"); // 商户唯一标识，如：kkkkk091125 keyValues.put("target_id", target_id); // 授权类型，固定值 keyValues.put("auth_type", "AUTHACCOUNT"); // 签名类型 keyValues.put("sign_type", rsa2 ? "RSA2" : "RSA"); return keyValues; }/** * 构造支付订单参数列表 * @param pid * @param app_id * @param target_id * @return */ public static Map buildOrderParamMap(String app_id, boolean rsa2) { Map keyValues = new HashMap(); keyValues.put("app_id", app_id); keyValues.put("biz_content", "{\"timeout_express\":\"30m\",\"product" + "_code\":\"QUICK_MSECURITY_PAY\",\"total_amount\":\"0.01\",\"sub" + "ject\":\"1\",\"body\":\"我是测试数据61616\",\"out_trade" + "_no\":\"" +getOutTradeNo() +"\"}"); keyValues.put("charset", "utf-8"); keyValues.put("method", "alipay.trade.app.pay"); keyValues.put("sign_type", rsa2 ? "RSA2" : "RSA2"); keyValues.put("timestamp", "2016-07-29 16:55:53"); keyValues.put("version", "1.0"); keyValues.put("notify_url", "http://uq74dv.natappfree.cc/tctr/getAlipayP"); //内网穿透地址 return keyValues; }/** * 构造支付订单参数信息 * * @param map * 支付订单参数 * @return */ public static String buildOrderParam(Map map) { List keys = new ArrayList(map.keySet()); StringBuilder sb = new StringBuilder(); for (int i = 0; i < keys.size() - 1; i++) { String key = keys.get(i); String value = https://www.it610.com/article/map.get(key); sb.append(buildKeyValue(key, value, true)); sb.append("&"); } String tailKey = keys.get(keys.size() - 1); String tailValue = https://www.it610.com/article/map.get(tailKey); sb.append(buildKeyValue(tailKey, tailValue, true)); return sb.toString(); }/** * 拼接键值对 * * @param key * @param value * @param isEncode * @return */ private static String buildKeyValue(String key, String value, boolean isEncode) { StringBuilder sb = new StringBuilder(); sb.append(key); sb.append("="); if (isEncode) { try { sb.append(URLEncoder.encode(value, "UTF-8")); } catch (UnsupportedEncodingException e) { sb.append(value); } } else { sb.append(value); } return sb.toString(); }/** * 对支付参数信息进行签名 * * @param map *待签名授权信息 * * @return */ public static String getSign(Map map, String rsaKey, boolean rsa2) { List keys = new ArrayList(map.keySet()); // key排序 Collections.sort(keys); StringBuilder authInfo = new StringBuilder(); for (int i = 0; i < keys.size() - 1; i++) { String key = keys.get(i); String value = https://www.it610.com/article/map.get(key); authInfo.append(buildKeyValue(key, value, false)); authInfo.append("&"); } String tailKey = keys.get(keys.size() - 1); String tailValue = https://www.it610.com/article/map.get(tailKey); authInfo.append(buildKeyValue(tailKey, tailValue, false)); String oriSign = SignUtils.sign(authInfo.toString(), rsaKey, rsa2); String encodedSign =""; try { encodedSign = URLEncoder.encode(oriSign, "UTF-8"); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } return "sign=" + encodedSign; }/** * 要求外部订单号必须唯一。 * @return */ private static String getOutTradeNo() { SimpleDateFormat format = new SimpleDateFormat("MMddHHmmss", Locale.getDefault()); Date date = new Date(); String key = format.format(date); Random r = new Random(); key = key + r.nextInt(); key = key.substring(0, 15); return key; }

}
后台验签：

@Data @Component @Controller @RequestMapping("/tctr") public class tctr {@Value("${alipay.publicKey}") private String publicKey; @Value("${alipay.charset}") private String charset; @RequestMapping("/getAlipayP") @ResponseBody public String getAlipayP(HttpServletRequest request,HttpServletResponse response){ //获取支付宝POST过来反馈信息 Map params = new HashMap(); Map requestParams = request.getParameterMap(); for (Iterator iter = requestParams.keySet().iterator(); iter.hasNext(); ) { String name = (String) iter.next(); String[] values = (String[]) requestParams.get(name); String valueStr = ""; for (int i = 0; i < values.length; i++) { valueStr = (i == values.length - 1) ? valueStr + values[i] : valueStr + values[i] + ","; } //乱码解决，这段代码在出现乱码时使用。 //valueStr = new String(valueStr.getBytes("ISO-8859-1"), "utf-8"); params.put(name, valueStr); } boolean flag = false; try {//传递id 传递金额 out_trade_no订单金额实收金额 System.out.println(params.get("out_trade_no")); System.out.println(params.get("trade_status")); System.out.println(params.get("total_amount")); System.out.println(params.get("receipt_amount")); System.out.println(params.get("body")); System.out.println(params.get("gmt_create")); System.out.println(params.get("gmt_payment")); /*try { response.getWriter().write("success"); } catch (IOException e) { e.printStackTrace(); }*/flag = AlipaySignature.rsaCheckV1(params, publicKey, charset,"RSA2"); //验签方法//out.println("success"); //if(flag == true){ //try { ////response.getWriter().println("success"); //response.getWriter().write("success"); //} catch (IOException e) { //// TODO Auto-generated catch block //e.printStackTrace(); //} //}System.out.println(flag); System.out.println("结束"); } catch (AlipayApiException e) { // TODO Auto-generated catch block e.printStackTrace(); }/*try { response.getWriter().write("success"); } catch (IOException e) { e.printStackTrace(); }*///response.getWriter().write("success"); //return flag; //try { //response.getWriter().write("success"); //} catch (IOException e) { //e.printStackTrace(); //}if(flag){ return "success"; }else{ return "fail"; } } }