Forráskód Böngészése

fix: rsaCertCheckV1传文件路径而非证书内容—先写临时文件

alphaH 15 órája
szülő
commit
f1c9ae7557

+ 14 - 3
java/src/main/java/com/payment/platform/module/payment/notification/service/NotificationService.java

@@ -111,9 +111,20 @@ public class NotificationService {
                 }
             }
             // 服务商配置了证书则用证书验签,否则回退普通公钥
-            boolean verified = StrUtil.isNotBlank(alipayPublicCert)
-                    ? AlipaySignature.rsaCertCheckV1(params, alipayPublicCert, charset, signType)
-                    : AlipaySignature.rsaCheckV1(params, alipayPublicKey, charset, signType);
+            boolean verified;
+            if (StrUtil.isNotBlank(alipayPublicCert)) {
+                // rsaCertCheckV1 第二个参数是文件路径,证书内容需先写临时文件
+                java.nio.file.Path certPath = java.nio.file.Files.createTempFile("alipay_cert_", ".crt");
+                java.nio.file.Files.writeString(certPath, alipayPublicCert);
+                try {
+                    verified = AlipaySignature.rsaCertCheckV1(params,
+                            certPath.toAbsolutePath().toString(), charset, signType);
+                } finally {
+                    java.nio.file.Files.deleteIfExists(certPath);
+                }
+            } else {
+                verified = AlipaySignature.rsaCheckV1(params, alipayPublicKey, charset, signType);
+            }
             entry.setVerifyResult(verified);
             if (!verified) {
                 log.warn("支付宝通知验签失败: notify_id={}", notifyId);