以前公司項目開發中支付是用阿里的支付作的,那叫一個簡單,隨意;悲催的是,如今公司開發了微信公衆號,因此我步入了全是坑的微信支付開發中。。。php
-----------------------------------------------------------------------------------------------------------java
業務流程:node
這個微信官網說的很詳細的(傳送門:https://pay.weixin.qq.com/wiki/doc/api/jsapi.php?chapter=7_4)。算法
大概的流程就是:用戶點擊一個支付按鈕-->後臺處理(其實就是封裝支付必要的數據以及獲取prepay_id,而後將它和一些必須參數封裝傳給前臺)-->前臺接收數據而且調用微信的js處理數據並調用支付-->用戶看到了一個輸入密碼的界面,包含金額等一些信息-->用戶輸入密碼後出來一個支付成功的頁面,同時微信會回調咱們的接口通知咱們支付結果(這部分流程都是微信本身完成的,咱們不用管)-->返回系統本身的頁面。api
開發步驟:安全
1、設置支付目錄微信
這個官方文檔寫的很噁心,看的我一頭霧水,真心有點暈。雖然看不懂,可是以爲很厲害的樣子!傳送門:https://pay.weixin.qq.com/wiki/doc/api/jsapi.php?chapter=7_3app
2、設置受權域名dom
這2步完成以後,你能夠休息一下了,由於巨坑要來了。。。異步
3、商戶server調用統一下單接口請求訂單
這是幹啥的?剛開始作的時候一頭霧水,可是誰叫人家微信支付團隊nb啊,不整點你不理解的東西,怎能體現出他們的高大上。。。不理解,不要緊照着文檔作唄
傳送門:,https://pay.weixin.qq.com/wiki/doc/api/jsapi.php?chapter=9_1 微信官方給了個參數的詳細說明。看了半天,總結了一下,就是封裝一些必要參數而後去訪問https://api.mch.weixin.qq.com/pay/unifiedorder這個接口獲取數據。下面是幾個經常使用的參數,直接copy別人的介紹很是詳細:
這部分總結就是,先將數據封裝成map而後經過工具轉化成xml(工具上面提到了,本身回去看),而後經過post請求請求【微信統一下單接口】,若是sign沒有問題就會返回一個xml,裏面不少數據,其中咱們要的是prepay_id,就是這個參數,而後生成簽名返回到前臺,ok這步也完成了。
問題總結(我在這過程當中遇到的問題):1(重要)appid與openid必須是匹配的,換句話說就是用戶的openid必須是在當前的公衆號下用戶(咱們好幾個公衆號,可能大家不會遇到這個問題,可是這很重要,說以第一個說)2
第二步,生成簽名並返回到前臺這個過程當中必定要注意參數必定要寫對了,大小寫,是否有空格,我在這上面掉了一個大坑,界面調用支付時一直閃退,注意.
4、H5調起微信支付的內置JS
nonceStr ==反正我用的跟剛纔簽名是同一個隨機字符串。理論上不用應該也沒有關係的,勤快的小夥伴能夠試試
該部分有如下3小步驟
1)解析傳過來的流信息,經過從新簽名的方式驗證流中包含的信息的正確性。就是判斷這個信息究竟是不是微信發的
2)return_code和result_code都是SUCCESS的話,處理商戶本身的業務邏輯。就是訂單的支付狀態啊等一些信息。
3)告訴微信,我收到你的返回值了。不用在發了。
話很少說,直接貼代碼!
public String return_data(HttpServletRequest request, HttpServletResponse response) throws Exception { logger.info("微信支付請求回調了"); String resXml = ""; Map<String, String> backxml = new HashMap<String, String>(); InputStream inStream; try { inStream = request.getInputStream(); ByteArrayOutputStream outSteam = new ByteArrayOutputStream(); byte[] buffer = new byte[1024]; int len = 0; while ((len = inStream.read(buffer)) != -1) { outSteam.write(buffer, 0, len); } outSteam.close(); inStream.close(); String result = new String(outSteam.toByteArray(), "utf-8");// 獲取微信調用咱們notify_url的返回信息 Map<String, String> map = WXPayUtil.xmlToMap(result); if (map.get("result_code").toString().equalsIgnoreCase("SUCCESS")) { if (WXPayUtil.isSignatureValid(map, PayConfigUtil.API_KEY)) { logger.info("微信支付-簽名驗證成功"); // backxml.put("return_code", "SUCCESS"); // backxml.put("return_msg", "OK"); // String toXml = WXPayUtil.mapToXml(backxml); // response.getWriter().write(toXml); resXml = "<xml>" + "<return_code><![CDATA[SUCCESS]]></return_code>" + "<return_msg><![CDATA[OK]]></return_msg>" + "</xml> "; //業務處理開始 //業務處理結束 } BufferedOutputStream out = new BufferedOutputStream(response.getOutputStream()); out.write(resXml.getBytes()); out.flush(); out.close(); } } catch (IOException e) { e.printStackTrace(); } return resXml; }
還記得,3、商戶server調用統一下單接口請求訂單 中attach參數麼,這裏用來帶業務數據很方便
補充工具類代碼
package com.qicheshetuan.backend.util.wxPay; import com.qicheshetuan.backend.util.wxPay.WXPayConstants.SignType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.w3c.dom.Node; import org.w3c.dom.NodeList; import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.transform.OutputKeys; import javax.xml.transform.Transformer; import javax.xml.transform.TransformerFactory; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; import java.io.ByteArrayInputStream; import java.io.InputStream; import java.io.StringWriter; import java.security.MessageDigest; import java.util.*; public class WXPayUtil { /** * @Author SongZS * @Date 2017/6/30 14:57 * * XML格式字符串轉換爲Map * * @param strXML XML字符串 * @return XML數據轉換後的Map * @throws Exception */ public static Map<String, String> xmlToMap(String strXML) throws Exception { try { Map<String, String> data = new HashMap<String, String>(); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); InputStream stream = new ByteArrayInputStream(strXML.getBytes("UTF-8")); org.w3c.dom.Document doc = documentBuilder.parse(stream); doc.getDocumentElement().normalize(); NodeList nodeList = doc.getDocumentElement().getChildNodes(); for (int idx = 0; idx < nodeList.getLength(); ++idx) { Node node = nodeList.item(idx); if (node.getNodeType() == Node.ELEMENT_NODE) { org.w3c.dom.Element element = (org.w3c.dom.Element) node; data.put(element.getNodeName(), element.getTextContent()); } } try { stream.close(); } catch (Exception ex) { // do nothing } return data; } catch (Exception ex) { WXPayUtil.getLogger().warn("Invalid XML, can not convert to map. Error message: {}. XML content: {}", ex.getMessage(), strXML); throw ex; } } /** * @Author SongZS * @Date 2017/6/30 14:57 * * 將Map轉換爲XML格式的字符串 * * @param data Map類型數據 * @return XML格式的字符串 * @throws Exception */ public static String mapToXml(Map<String, String> data) throws Exception { DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); DocumentBuilder documentBuilder= documentBuilderFactory.newDocumentBuilder(); org.w3c.dom.Document document = documentBuilder.newDocument(); org.w3c.dom.Element root = document.createElement("xml"); document.appendChild(root); for (String key: data.keySet()) { String value = data.get(key); if (value == null) { value = ""; } value = value.trim(); org.w3c.dom.Element filed = document.createElement(key); filed.appendChild(document.createTextNode(value)); root.appendChild(filed); } TransformerFactory tf = TransformerFactory.newInstance(); Transformer transformer = tf.newTransformer(); DOMSource source = new DOMSource(document); transformer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); transformer.setOutputProperty(OutputKeys.INDENT, "yes"); StringWriter writer = new StringWriter(); StreamResult result = new StreamResult(writer); transformer.transform(source, result); String output = writer.getBuffer().toString(); //.replaceAll("\n|\r", ""); try { writer.close(); } catch (Exception ex) { } return output; } /** * @Author SongZS * @Date 2017/6/30 14:57 * * 生成帶有 sign 的 XML 格式字符串 * * @param data Map類型數據 * @param key API密鑰 * @return 含有sign字段的XML */ public static String generateSignedXml(final Map<String, String> data, String key) throws Exception { return generateSignedXml(data, key, SignType.MD5); } /** * @Author SongZS * @Date 2017/6/30 14:57 * * 生成帶有 sign 的 XML 格式字符串 * * @param data Map類型數據 * @param key API密鑰 * @param signType 簽名類型 * @return 含有sign字段的XML */ public static String generateSignedXml(final Map<String, String> data, String key, SignType signType) throws Exception { String sign = generateSignature(data, key, signType); data.put(WXPayConstants.FIELD_SIGN, sign); return mapToXml(data); } /** * @Author SongZS * @Date 2017/6/30 14:57 * * 判斷簽名是否正確 * * @param xmlStr XML格式數據 * @param key API密鑰 * @return 簽名是否正確 * @throws Exception */ public static boolean isSignatureValid(String xmlStr, String key) throws Exception { Map<String, String> data = xmlToMap(xmlStr); if (!data.containsKey(WXPayConstants.FIELD_SIGN) ) { return false; } String sign = data.get(WXPayConstants.FIELD_SIGN); return generateSignature(data, key).equals(sign); } /** * @Author SongZS * @Date 2017/6/30 14:57 * * 判斷簽名是否正確,必須包含sign字段,不然返回false。使用MD5簽名。 * * @param data Map類型數據 * @param key API密鑰 * @return 簽名是否正確 * @throws Exception */ public static boolean isSignatureValid(Map<String, String> data, String key) throws Exception { return isSignatureValid(data, key, SignType.MD5); } /** * @Author SongZS * @Date 2017/6/30 14:57 * * 判斷簽名是否正確,必須包含sign字段,不然返回false。 * * @param data Map類型數據 * @param key API密鑰 * @param signType 簽名方式 * @return 簽名是否正確 * @throws Exception */ public static boolean isSignatureValid(Map<String, String> data, String key, SignType signType) throws Exception { if (!data.containsKey(WXPayConstants.FIELD_SIGN) ) { return false; } String sign = data.get(WXPayConstants.FIELD_SIGN); return generateSignature(data, key, signType).equals(sign); } /** * @Author SongZS * @Date 2017/6/30 14:57 * * 生成簽名 * * @param data 待簽名數據 * @param key API密鑰 * @return 簽名 */ public static String generateSignature(final Map<String, String> data, String key) throws Exception { return generateSignature(data, key, SignType.MD5); } /** * @Author SongZS * @Date 2017/6/30 14:57 * * 生成簽名. 注意,若含有sign_type字段,必須和signType參數保持一致。 * * @param data 待簽名數據 * @param key API密鑰 * @param signType 簽名方式 * @return 簽名 */ public static String generateSignature(final Map<String, String> data, String key, SignType signType) throws Exception { Set<String> keySet = data.keySet(); String[] keyArray = keySet.toArray(new String[keySet.size()]); Arrays.sort(keyArray); StringBuilder sb = new StringBuilder(); for (String k : keyArray) { if (k.equals(WXPayConstants.FIELD_SIGN)) { continue; } if (data.get(k).trim().length() > 0) // 參數值爲空,則不參與簽名 sb.append(k).append("=").append(data.get(k).trim()).append("&"); } sb.append("key=").append(key); if (SignType.MD5.equals(signType)) { return MD5(sb.toString()).toUpperCase(); } else if (SignType.HMACSHA256.equals(signType)) { return HMACSHA256(sb.toString(), key); } else { throw new Exception(String.format("Invalid sign_type: %s", signType)); } } /** * @Author SongZS * @Date 2017/6/30 14:57 * * 獲取隨機字符串 Nonce Str * * @return String 隨機字符串 */ public static String generateNonceStr() { return UUID.randomUUID().toString().replaceAll("-", "").substring(0, 32); } /** * @Author SongZS * @Date 2017/6/30 14:57 * * 生成 MD5 * * @param data 待處理數據 * @return MD5結果 */ public static String MD5(String data) throws Exception { MessageDigest md = MessageDigest.getInstance("MD5"); byte[] array = md.digest(data.getBytes("UTF-8")); StringBuilder sb = new StringBuilder(); for (byte item : array) { sb.append(Integer.toHexString((item & 0xFF) | 0x100).substring(1, 3)); } return sb.toString().toUpperCase(); } /** * @Author SongZS * @Date 2017/6/30 14:57 * * 生成 HMACSHA256 * @param data 待處理數據 * @param key 密鑰 * @return 加密結果 * @throws Exception */ public static String HMACSHA256(String data, String key) throws Exception { Mac sha256_HMAC = Mac.getInstance("HmacSHA256"); SecretKeySpec secret_key = new SecretKeySpec(key.getBytes("UTF-8"), "HmacSHA256"); sha256_HMAC.init(secret_key); byte[] array = sha256_HMAC.doFinal(data.getBytes("UTF-8")); StringBuilder sb = new StringBuilder(); for (byte item : array) { sb.append(Integer.toHexString((item & 0xFF) | 0x100).substring(1, 3)); } return sb.toString().toUpperCase(); } /** * @Author SongZS * @Date 2017/6/30 14:57 * * 日誌 * @return */ public static Logger getLogger() { Logger logger = LoggerFactory.getLogger("wxpay java sdk"); return logger; } /** * @Author SongZS * @Date 2017/6/30 14:57 * * 獲取當前時間戳,單位秒 * @return */ public static long getCurrentTimestamp() { return System.currentTimeMillis()/1000; } /** * @Author SongZS * @Date 2017/6/30 14:57 * * 獲取當前時間戳,單位毫秒 * @return */ public static long getCurrentTimestampMs() { return System.currentTimeMillis(); } /** * @Author SongZS * @Date 2017/6/30 14:57 * * 生成 uuid, 即用來標識一筆單,也用作 nonce_str * @return */ public static String generateUUID() { return UUID.randomUUID().toString().replaceAll("-", "").substring(0, 32); } }
------------------------------------------------------------------------------
package com.qicheshetuan.backend.util.wxPay;
/**
* 常量
*/
public class WXPayConstants {
public enum SignType {
MD5, HMACSHA256
}
public static final String DOMAIN_API = "api.mch.weixin.qq.com";
public static final String DOMAIN_API2 = "api2.mch.weixin.qq.com";
public static final String DOMAIN_APIHK = "apihk.mch.weixin.qq.com";
public static final String DOMAIN_APIUS = "apius.mch.weixin.qq.com";
public static final String FAIL = "FAIL";
public static final String SUCCESS = "SUCCESS";
public static final String HMACSHA256 = "HMAC-SHA256";
public static final String MD5 = "MD5";
public static final String FIELD_SIGN = "sign";
public static final String FIELD_SIGN_TYPE = "sign_type";
public static final String MICROPAY_URL_SUFFIX = "/pay/micropay";
public static final String UNIFIEDORDER_URL_SUFFIX = "/pay/unifiedorder";
public static final String ORDERQUERY_URL_SUFFIX = "/pay/orderquery";
public static final String REVERSE_URL_SUFFIX = "/secapi/pay/reverse";
public static final String CLOSEORDER_URL_SUFFIX = "/pay/closeorder";
public static final String REFUND_URL_SUFFIX = "/secapi/pay/refund";
public static final String REFUNDQUERY_URL_SUFFIX = "/pay/refundquery";
public static final String DOWNLOADBILL_URL_SUFFIX = "/pay/downloadbill";
public static final String REPORT_URL_SUFFIX = "/payitil/report";
public static final String SHORTURL_URL_SUFFIX = "/tools/shorturl";
public static final String AUTHCODETOOPENID_URL_SUFFIX = "/tools/authcodetoopenid";
// sandbox
public static final String SANDBOX_MICROPAY_URL_SUFFIX = "/sandboxnew/pay/micropay";
public static final String SANDBOX_UNIFIEDORDER_URL_SUFFIX = "/sandboxnew/pay/unifiedorder";
public static final String SANDBOX_ORDERQUERY_URL_SUFFIX = "/sandboxnew/pay/orderquery";
public static final String SANDBOX_REVERSE_URL_SUFFIX = "/sandboxnew/secapi/pay/reverse";
public static final String SANDBOX_CLOSEORDER_URL_SUFFIX = "/sandboxnew/pay/closeorder";
public static final String SANDBOX_REFUND_URL_SUFFIX = "/sandboxnew/secapi/pay/refund";
public static final String SANDBOX_REFUNDQUERY_URL_SUFFIX = "/sandboxnew/pay/refundquery";
public static final String SANDBOX_DOWNLOADBILL_URL_SUFFIX = "/sandboxnew/pay/downloadbill";
public static final String SANDBOX_REPORT_URL_SUFFIX = "/sandboxnew/payitil/report";
public static final String SANDBOX_SHORTURL_URL_SUFFIX = "/sandboxnew/tools/shorturl";
public static final String SANDBOX_AUTHCODETOOPENID_URL_SUFFIX = "/sandboxnew/tools/authcodetoopenid";
}
----------------------------------------------就這些了,至於退款,查詢訂單什麼的,之後用到了在繼續吧,若是我有什麼不對的地方,歡迎各位留言指點