踩坑1:微信退款涉及到證書問題
將證書文件放到resource文件夾下,
採用spring中的讀取配置文件的方式讀取證書文件,在本地電腦單元測試中完全沒問題,後面發現是通過jenkins打包到測試服務上面由於maven插件的原因串改了證書文件,導致出現的報錯解決方案
在pom文件中加入插件
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<configuration><encoding>UTF-8</encoding>
<!-- 過濾後綴爲pem、pfx,pkcs12,jks的證書文件 -->
<nonFilteredFileExtensions>
<nonFilteredFileExtension>pkcs12</nonFilteredFileExtension>
<nonFilteredFileExtension>jks</nonFilteredFileExtension>
<nonFilteredFileExtension>cer</nonFilteredFileExtension>
<nonFilteredFileExtension>pem</nonFilteredFileExtension>
<nonFilteredFileExtension>pfx</nonFilteredFileExtension>
</nonFilteredFileExtensions>
</configuration>
</plugin>
這樣 問題一解決。
踩坑2 : 退款成功微信回調通過AES解密req_info信息問題
以下是微信文檔中的介紹
微信退款成功後,爲了網絡的安全起見,微信方會在返回字段信息中通過加密 到req_info這個字段返回給我們,我們拿到數據後必須通過對其進行解密才能拿到對應的退款單號進而對我們自己業務的內部處理
微信官方給瞭解密文檔介紹但是並沒有對應的demo ,之後踩坑就開始了,以下是我的踩坑記錄
private final static String[] hexDigits = {"0", "1", "2", "3", "4", "5", "6", "7",
"8", "9", "a", "b", "c", "d", "e", "f"};
//密鑰算法
private static final String ALGORITHM = "AES";
//加解密算法/工作模式/填充方式
private static final String ALGORITHM_MODE_PADDING = "AES/ECB/PKCS7Padding";
/**
* API密鑰
*/
private static final String SERVICE_KEY = Configuration.readConfigString("service.key", "config");
/**
* 生成key 微信key
*/
private static SecretKeySpec key = new SecretKeySpec(MD5Encode(SERVICE_KEY).toLowerCase().getBytes(), ALGORITHM);
如果只是執行上述代碼的話,代碼會拋出一個異常
這時我們需要在代碼上面添加這句代碼 這樣子代碼就完美執行了,但是這樣的寫法有個不好的地方,由於每次解密都會new 一個
BouncyCastleProvider,這個對象如果創建的多的話會導致虛虛擬機的內存溢出,這時我們做一個改進,將上述代碼放到靜態代碼塊裏去
這樣子寫
以下是解密過程的完整代碼
private static final Logger log = Logger.getLogger(RefundNotifyDecryptionUtil.class);
private final static String[] hexDigits = {"0", "1", "2", "3", "4", "5", "6", "7",
"8", "9", "a", "b", "c", "d", "e", "f"};
//密鑰算法
private static final String ALGORITHM = "AES";
//加解密算法/工作模式/填充方式
private static final String ALGORITHM_MODE_PADDING = "AES/ECB/PKCS7Padding";
/**
* API密鑰
*/
private static final String SERVICE_KEY = Configuration.readConfigString("service.key", "config");
/**
* 生成key
*/
private static SecretKeySpec key = new SecretKeySpec(MD5Encode(SERVICE_KEY).toLowerCase().getBytes(), ALGORITHM);
static{
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null){
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
}
}
/**
* AES解密
*
* @param base64Data
* @return
* @throws Exception
*/
public static String decryptData(String base64Data) throws Exception {
String result = "";
try {
Cipher cipher = Cipher.getInstance(ALGORITHM_MODE_PADDING);
cipher.init(Cipher.DECRYPT_MODE, key);
result = new String(cipher.doFinal(Base64.getDecoder().decode(base64Data)));
}catch (Exception e){
log.info(e.getMessage());
}
return result;
}
public static void main(String[] args) throws Exception {
//解密
String req_info="FKV8RBK9Ws3gmFQvOBKQclyUgIkvCh7+qge1BbQ/xLTPFkIfUKbzq6XvUPLSSCvsLRVUlO/wkK7Y4RqUK0ve44tpLebYhYhqQXAGUdXrOaPiv5Ttv6codaL+6qCPIY4Vu8M2wcpXSLakofe7LvD/Hvg6Mo9Z05+MXzUX8/LwMQ0hen8ZioNrQjzGuDv9p8pT+e3oCT+PXHyshREMGSm5vm0zr9qFndWsqFwivZ23aEQQzb7CpjvzRpXLEsaySragqNfyJlP5VnaFeIonTWU9jSlruCRHytqfct6iuUj3tUoyLDRXFQPIfZM7ZuP32nan77KNIdsf0HOFcGVeUq/jHdJ4XsIPYV/+8MYOBvaRRp90kVYHFws1DNQGkfwxcqJtsM+vx35hjlQBZjWOKMu2aNqKzhiIU0Tj9duuX5XXgzx1syzlc664woFlf42hngNr5e9kruhp85L6K94H/cuYVYaYZbQj3PCHga9ebGjXEnHw0LgXwqUgC3dfOZ+uPBixYUO2zQS1UPYr3b1aUIDnK5sJzO6BcOtcCAp2tehJtIBKsj5ooLmvRP1zoXqiKdtyiGCN2vHRYpyLzbGiALAnKQMTdOcJhAMSELIVAxNkeUGPcKTbQVS71QIYxwWUNqB2n1uZg6VbM2MKUhj50iYIMstatjsC6YfR161Dsl53A9H4UHMwWAb1zptHtoyvRhXKeCF9vEzBfQ5QEY+1LX8wxektxFgMepbzlF9HtBx6/Ulzyx4WepUA2uV5RvsUrYkjXdZM2AGtrvSJer6Uu9uZl5rUdGbcL0uEIAApbMRFzpJ1OhWcRP/yQWWEO4O0c9kVgSKTcnqkmZMi8aDn6xE0E44880lg0t0ZQn0dYeFP8oxH6TWW7+mjuUpvRkqw/N0UaGcH/NiTozyp8Z0ZKSm/46ykeR0khZQl3H7RZIBRqpJfq1B04vQcN9ygtfY3sxV1mQGfOJ72wHRyTpdbNSqczZl2ANwjqanUCD4V4+tMrYaUUkc+JyW8/vKyyLP6GwMqdbD5re5hn9U6GV/mB1c0ZpruiN90ilNX1ZU4X1o+ZSY907bAqCueaqxvsfadiaRY";
//String req_info = "m4NnwrtY0jhpDgNp65H1V/0OWMtSoTYhhY89MHbflhmnaHq9ZKjx9ABq6Jpg4SccA876HVy7J9P85NpdvCMNGInZ4fANDRE+YfZe4HeF+bbFj6JETcEFPpE9YW+bTbC0D+gl/otScJfvB2QUK7+EeBGPHN1EWX9zbr2Gw6AUaORdFk3mGxV5dtjuwWQrv5juzkXDs33Z2dUMslO+i3j0cTDHqwS4hptx2j6h2HvzgzltFbjo7nysU+4rArqJvrGW/9r18e1St9XgG21NALqixfaSmqetOR4zLVL4/+z3CEz8cg5r+/4GUOTf3XFmLCZ/wEkRQhKRNVibG0NFfiG3KnqArMJ/dheQHCd7qL+XX/ZV6tj8RLMgL7R6hOiR03Ljyikdxq9M3K9CTYgf03pHJd3geXX1LgXrLxc1flL6NW+zD3ZayGYpr1WpLsSMG7z8W5j1pme6cRj3n2+CwSFnOnOkxaFuLKoJAJIqM3gbC0eN++vY73RKphlI4zZqg6o5s3MXI6ju1yoi/ZQ+XbTg2JttsdbU0aySernKwkt0rYMf0j/Mcvo2axgHbI3w/iTm141WxHUjkQ+ga2X1pOWdGifGhSmMP8oGaA/WD5MAsK1qXX0eFvUWS/PTauCSTWq5Cmr8loA/KL3jgvB0nyR4mfccB+tPy4Ny7kzOlr/VNeb0ULf96R0AWFWCtdt8AmujAP0DYiM5FSmYLI0XRhpSDjnEbBM8+isNE1GlAVR3NzzemwQORihScovpAktbRSN/d3N+NgTjSoVDiJvCOxCs3thX9qt9iwYbA+/X/gv8lza2FZyIzwkQxGRcYl8JWKpXzNW8EWUNVnSLdHvQttDeV3CvgP/x579RGd6whyFYS6AaI0qw7oTjCFh2EHS/VzGvFuv166ZlVIJ4MNvg79O9h63ZOSE1LzVqEsVh8fDCfM2GgJ9aUdl95Djgunit4yIZOdoigR3f/BEHKrYCEham11rYohaAXs4XAXWihsV3WD5j4G/P+txvjAwujvf4HDwzHgFsmSml013U2mUiy+v4zw==";
String B = decryptData(req_info);
System.out.println(B);
// Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
//
// //加密
// String str = "<root>"+
// "<out_refund_no><![CDATA[2531340110812300]]></out_refund_no>"+
// "<out_trade_no><![CDATA[2531340110812100]]></out_trade_no>"+
// "<refund_account><![CDATA[REFUND_SOURCE_RECHARGE_FUNDS]]></refund_account>"+
// "<refund_fee><![CDATA[1]]></refund_fee>"+
// "<refund_id><![CDATA[50000505542018011003064518841]]></refund_id>"+
// "<refund_recv_accout><![CDATA[支付用戶零錢]]></refund_recv_accout>"+
// "<refund_request_source><![CDATA[API]]></refund_request_source>"+
// "<refund_status><![CDATA[SUCCESS]]></refund_status>"+
// "<settlement_refund_fee><![CDATA[1]]></settlement_refund_fee>"+
// "<settlement_total_fee><![CDATA[1]]></settlement_total_fee>"+
// "<success_time><![CDATA[2018-01-10 10:31:24]]></success_time>"+
// "<total_fee><![CDATA[1]]></total_fee>"+
// "<transaction_id><![CDATA[4200000052201801101409025381]]></transaction_id>"+
// "</root>";
// System.out.println(encryptData(str));
// Map<String, String> result_map = XmlUtils.XmlToMap1("<root><out_refund_no><![CDATA[2531340110812300]]></out_refund_no><out_trade_no><![CDATA[2531340110812100]]></out_trade_no><refund_account><![CDATA[REFUND_SOURCE_RECHARGE_FUNDS]]></refund_account><refund_fee><![CDATA[1]]></refund_fee><refund_id><![CDATA[50000505542018011003064518841]]></refund_id><refund_recv_accout><![CDATA[支付用戶零錢]]></refund_recv_accout><refund_request_source><![CDATA[API]]></refund_request_source><refund_status><![CDATA[SUCCESS]]></refund_status><settlement_refund_fee><![CDATA[1]]></settlement_refund_fee><settlement_total_fee><![CDATA[1]]></settlement_total_fee><success_time><![CDATA[2018-01-10 10:31:24]]></success_time><total_fee><![CDATA[1]]></total_fee><transaction_id><![CDATA[4200000052201801101409025381]]></transaction_id></root>");
// System.out.println(result_map);
}
/**
* AES加密
*
* @param data
* @return
* @throws Exception
*/
public static String encryptData(String data) throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
// 創建密碼器
Cipher cipher = Cipher.getInstance(ALGORITHM_MODE_PADDING);
// 初始化
cipher.init(Cipher.ENCRYPT_MODE, key);
return Base64Util.encode(cipher.doFinal(data.getBytes()));
}
/**
* MD5編碼
* @param origin 原始字符串
* @return 經過MD5加密之後的結果
*/
public static String MD5Encode(String origin) {
String resultString = null;
try {
resultString = origin;
MessageDigest md = MessageDigest.getInstance("MD5");
resultString = byteArrayToHexString(md.digest(resultString.getBytes()));
} catch (Exception e) {
e.printStackTrace();
}
return resultString;
}
private static String byteToHexString(byte b) {
int n = b;
if (n < 0) {
n = 256 + n;
}
int d1 = n / 16;
int d2 = n % 16;
return hexDigits[d1] + hexDigits[d2];
}
/**
* 轉換字節數組爲16進制字串
* @param b 字節數組
* @return 16進制字串
*/
public static String byteArrayToHexString(byte[] b) {
StringBuilder resultSb = new StringBuilder();
for (byte aB : b) {
resultSb.append(byteToHexString(aB));
}
return resultSb.toString();
}
POM文件中要加這個依賴
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-ext-jdk16</artifactId>
<version>1.46</version>
</dependency>
通過以上方法你會發現本地代碼能夠正常解密成功了。但是後面坑又繼續來了,把代碼發佈到測試服務器後法先解密並不成功 他在執行解密代碼的時候會拋出異常異常信息爲
Illegal key size or default parameters
接下來我們解決測試服務器的這個問題,這個問題的原因是 可能服務器的上面的jdk版本過低導致不支持key爲256的解密方式 然後我們就需要修改替換jre內部的兩個jar包文件
\jre\lib\security下的兩個文件
將這兩個文件替換掉,當然替換之前把原先兩個備份一下 以防其他問題發生
注意要下載自己服務器對應版本的jar包 下面是下載地址
加解密的異常處理辦法
Alibaba edited this page on 24 Dec 2019 · 5 revisions
如果在加解密的過程中出現java.security.InvalidKeyException: Illegal key size,則需要下載一個東西:
JRE/JDK 6:http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
JRE/JDK 7:http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
JRE/JDK 8u151 之前版本:http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
如果安裝了JRE,將兩個jar文件放到$JAVA_HOME/lib/security目錄下覆蓋原來的文件
如果安裝了JDK,將兩個jar文件放到$JAVA_HOME/jre/lib/security目錄下覆蓋原來文件
如果是使用了工具可能內置了JRE,需要在工具引用的目錄下面將兩個jar文件放到/jre/lib/security目錄下覆蓋原來的文件
JRE/JDK 8u151 之後版本已經內置無限制權限策略文件,只需將$JAVA_HOME/jre/lib/security/java.security文件中的#crypto.policy=unlimited解除註釋即可
替換完兩個jar文件後注意需要刷新下環境變量
source /etc/profile
以上操作完成後 服務器重啓繼續一筆退款吧 發現解密代碼正常了,正確解析了微信返回的加密信息了 真開心
分享完畢,如有不足還望各位大佬多多指點