2 Angajamente c2e6e29702 ... 84b87aee89

Autor SHA1 Permisiunea de a trimite mesaje. Dacă este dezactivată, utilizatorul nu va putea trimite nici un fel de mesaj Data
  alphaH 84b87aee89 fix: 通知验签的charset/signType从服务商DB取,不再用yml配置 11 ore în urmă
  alphaH 7c287a612e fix: 通知验签简化—DB有证书用rsaCertCheckV1,没有用rsaCheckV1 11 ore în urmă

+ 13 - 12
java/src/main/java/com/payment/platform/module/payment/notification/service/NotificationService.java

@@ -89,30 +89,31 @@ public class NotificationService {
         entry.setReceivedAt(OffsetDateTime.now());
         entry.setReceivedAt(OffsetDateTime.now());
 
 
         try {
         try {
-            // 按通知中的 app_id 查找对应服务商,优先用证书验签
+            // 按通知中的 app_id 查找对应服务商的配置进行验签
             String alipayPublicKey = alipayConfig.getAlipayPublicKey();
             String alipayPublicKey = alipayConfig.getAlipayPublicKey();
-            String alipayPublicCert = alipayConfig.getAlipayPublicKey(); // fallback
+            String alipayPublicCert = null;
+            String charset = alipayConfig.getCharset();
+            String signType = alipayConfig.getSignType();
             String appId = params.get("app_id");
             String appId = params.get("app_id");
             if (StrUtil.isNotBlank(appId)) {
             if (StrUtil.isNotBlank(appId)) {
                 ServiceProviderEntity sp = providerMapper.selectOne(
                 ServiceProviderEntity sp = providerMapper.selectOne(
                         new com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper<ServiceProviderEntity>()
                         new com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper<ServiceProviderEntity>()
                                 .eq(ServiceProviderEntity::getAppId, appId));
                                 .eq(ServiceProviderEntity::getAppId, appId));
                 if (sp != null) {
                 if (sp != null) {
-                    if (StrUtil.isNotBlank(sp.getAlipayPublicKey())) {
+                    if (StrUtil.isNotBlank(sp.getAlipayPublicKey()))
                         alipayPublicKey = sp.getAlipayPublicKey();
                         alipayPublicKey = sp.getAlipayPublicKey();
-                    }
-                    if (StrUtil.isNotBlank(sp.getAlipayPublicCertContent())) {
+                    if (StrUtil.isNotBlank(sp.getAlipayPublicCertContent()))
                         alipayPublicCert = sp.getAlipayPublicCertContent();
                         alipayPublicCert = sp.getAlipayPublicCertContent();
-                    }
+                    if (StrUtil.isNotBlank(sp.getCharset()))
+                        charset = sp.getCharset();
+                    if (StrUtil.isNotBlank(sp.getSignType()))
+                        signType = sp.getSignType();
                 }
                 }
             }
             }
-            // 证书模式优先,回退普通公钥
+            // 服务商配置了证书则用证书验签,否则回退普通公钥
             boolean verified = StrUtil.isNotBlank(alipayPublicCert)
             boolean verified = StrUtil.isNotBlank(alipayPublicCert)
-                    && !alipayPublicCert.equals(alipayConfig.getAlipayPublicKey())
-                    ? AlipaySignature.rsaCertCheckV1(params, alipayPublicCert,
-                            alipayConfig.getCharset(), alipayConfig.getSignType())
-                    : AlipaySignature.rsaCheckV1(params, alipayPublicKey,
-                            alipayConfig.getCharset(), alipayConfig.getSignType());
+                    ? AlipaySignature.rsaCertCheckV1(params, alipayPublicCert, charset, signType)
+                    : AlipaySignature.rsaCheckV1(params, alipayPublicKey, charset, signType);
             entry.setVerifyResult(verified);
             entry.setVerifyResult(verified);
             if (!verified) {
             if (!verified) {
                 log.warn("支付宝通知验签失败: notify_id={}", notifyId);
                 log.warn("支付宝通知验签失败: notify_id={}", notifyId);