Explorar o código

fix: 通知验签的charset/signType从服务商DB取,不再用yml配置

alphaH hai 2 días
pai
achega
84b87aee89

+ 12 - 10
java/src/main/java/com/payment/platform/module/payment/notification/service/NotificationService.java

@@ -89,29 +89,31 @@ public class NotificationService {
         entry.setReceivedAt(OffsetDateTime.now());
 
         try {
-            // 按通知中的 app_id 查找对应服务商,优先用证书验签
+            // 按通知中的 app_id 查找对应服务商的配置进行验签
             String alipayPublicKey = alipayConfig.getAlipayPublicKey();
-            String alipayPublicCert = alipayConfig.getAlipayPublicKey(); // fallback
+            String alipayPublicCert = null;
+            String charset = alipayConfig.getCharset();
+            String signType = alipayConfig.getSignType();
             String appId = params.get("app_id");
             if (StrUtil.isNotBlank(appId)) {
                 ServiceProviderEntity sp = providerMapper.selectOne(
                         new com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper<ServiceProviderEntity>()
                                 .eq(ServiceProviderEntity::getAppId, appId));
                 if (sp != null) {
-                    if (StrUtil.isNotBlank(sp.getAlipayPublicKey())) {
+                    if (StrUtil.isNotBlank(sp.getAlipayPublicKey()))
                         alipayPublicKey = sp.getAlipayPublicKey();
-                    }
-                    if (StrUtil.isNotBlank(sp.getAlipayPublicCertContent())) {
+                    if (StrUtil.isNotBlank(sp.getAlipayPublicCertContent()))
                         alipayPublicCert = sp.getAlipayPublicCertContent();
-                    }
+                    if (StrUtil.isNotBlank(sp.getCharset()))
+                        charset = sp.getCharset();
+                    if (StrUtil.isNotBlank(sp.getSignType()))
+                        signType = sp.getSignType();
                 }
             }
             // 服务商配置了证书则用证书验签,否则回退普通公钥
             boolean verified = StrUtil.isNotBlank(alipayPublicCert)
-                    ? AlipaySignature.rsaCertCheckV1(params, alipayPublicCert,
-                            alipayConfig.getCharset(), alipayConfig.getSignType())
-                    : AlipaySignature.rsaCheckV1(params, alipayPublicKey,
-                            alipayConfig.getCharset(), alipayConfig.getSignType());
+                    ? AlipaySignature.rsaCertCheckV1(params, alipayPublicCert, charset, signType)
+                    : AlipaySignature.rsaCheckV1(params, alipayPublicKey, charset, signType);
             entry.setVerifyResult(verified);
             if (!verified) {
                 log.warn("支付宝通知验签失败: notify_id={}", notifyId);