diff --git a/app/main/api/etc/main.yaml b/app/main/api/etc/main.yaml index eff5a58..4a799bf 100644 --- a/app/main/api/etc/main.yaml +++ b/app/main/api/etc/main.yaml @@ -33,13 +33,13 @@ Alipay: ReturnURL: "https://www.zhenaicha.com/payment/result" Wxpay: AppID: "wx442ee1ac1ee75917" - MchID: "1682635136" - MchCertificateSerialNumber: "5369B8AEEBDCF7AF274510252E6A8C0659C30F61" - MchApiv3Key: "e3ea4cf0765f1e71b01bb387dfcdbc9f" - MchPrivateKeyPath: "etc/merchant/apiclient_key.pem" - MchPublicKeyID: "PUB_KEY_ID_0116826351362025060900382267001601" - MchPublicKeyPath: "etc/merchant/pub_key.pem" - MchPlatformRAS: "1FFEC3F62E31885FAB4C91ADCB8D7557E9488781" + MchID: "1738205312" + MchCertificateSerialNumber: "6BD3F3D86A470C1ED31476EC5EF68DC16E023F43" + MchApiv3Key: "ZtYxWvUsRqPoNmLkJiHgFeDcBap6gQ3K5" + MchPrivateKeyPath: "etc/merchant/wxpay/apiclient_key.pem" + MchPublicKeyID: "PUB_KEY_ID_0117382053122026011600191612000202" + MchPublicKeyPath: "etc/merchant/wxpay/pub_key.pem" + MchPlatformRAS: "" NotifyUrl: "https://www.zhenaicha.com/api/v1/pay/wechat/callback" RefundNotifyUrl: "https://www.zhenaicha.com/api/v1/pay/wechat/refund_callback" Applepay: diff --git a/app/main/api/etc/merchant/AuthKey_LAY65829DQ.p8 b/app/main/api/etc/merchant/AuthKey_LAY65829DQ.p8 deleted file mode 100644 index b448586..0000000 --- a/app/main/api/etc/merchant/AuthKey_LAY65829DQ.p8 +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgkidSHV1OeJN84sDD -xWLGIVjTyhn6sAQDyHfqKW6lxnGgCgYIKoZIzj0DAQehRANCAAQSAlAcuuuRNFqk -aMPVpXxsiR/pwhyM62tFhdFsbULq1C7MItQxKVMKCiwz3r5rZZy7HcbkqL47LPZ1 -q6V8Wyop ------END PRIVATE KEY----- \ No newline at end of file diff --git a/app/main/api/etc/merchant/apiclient_key.pem b/app/main/api/etc/merchant/apiclient_key.pem deleted file mode 100644 index 246c1df..0000000 --- a/app/main/api/etc/merchant/apiclient_key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDCP6fWm1vXXybH -m3Ne6PjacGrN2+iMrzWZlzdHCZ31udDPqSUYaZ+78b441KZK/CJFQWeSJ/1h//A+ -BGsQDKvE/fj2QzN1KkOuQ8WJXNGpixE5uu5bv/QTN/ukurGdA1aO2aFCANumlOmB -HkB/B2so57ii8iQQjwK2xM4r3oOU/IfcFGKL+9/QjLGFFp9PJXCDBCgrxxlZGaj1 -3wowlfVOzlaX94gemQsCYVkuAFIYMAnFHs9cKNZQIU80somW/yy2Gy38N6n7NnbD -nvFSaq4GoDROqRgKbRZ5e706d/p7A3aS/2oRqq1jomUIugK8g++LmoHFTgfhfQkI -v1aG/nPzAgMBAAECggEAD2RN31J2J42xm/V0YdviBCUOQXugZK1peN8jkSxw6Myt -gBbuCo4sCw9vvD8VYjGyYXx6QXmLuV03YyKkfSQT5EsflBvlEu6jaEaUe3rwXhfX -6JQoWPrP00oHVZk5g7CFBlK2VW2N+hgonIOSJr6mvhoGZlr7gphiZasYjx9Vm9N3 -Pbnfru5ttzplYNniwH3DF6ph8VmdbD1nnbWSKLXvHCsXQT2wBcnsIagIH3vyq6K1 -pc5abWsQJrixOPebpI8jD5w0HxHAqVLx58H/OC2zW/roAw1WS2AkueJ1j7dQ7Z0C -mc9Xexz5gcAP0nMAQv+LP7iYqsa/niFhfcTFWfdxkQKBgQD5JkKNmInU2/IVYCwO -c483MCSv1+MnbRXlb7vut8T0IupHTU6hCge6C3q3HsjbKSBn8bRChtPUzvw9JFxK -QWKiQqQDPLDJ08AIKhfQD2JiLtoikkZN0bF6OTL+Soney1yGx51mlfHM194+PcCJ -jF7iWdMVbcBwHbgydNxxIS5cKQKBgQDHlvQ4lw6gvLILpGK494/vNYSJP/Jmd66V -3oSGYi84YRKTSwH4NlbBVVieb3Dv+pPugbsXEuFHBif7WsivbYgNTE9++8Yvt0gh -duB1G4yh7m/ylQeSuipgQU9tozrU/15cWwmcCRV50wWXBGoVEM0kf7mzEKSxmjYk -Qzko/zxSuwKBgQCY6Bc+SViFz3qSDdTcBaXma+CIHsmlH7ipd9px1kzEvEzl95cD -FGHLl1H34qfIgUQHJvrHPXHyEBoT+CW/2MMM7DM2XV/ubctT92ln4pkxwqlTQExv -Y/s1FLesAtj8Z/hgK0/5bprYab9WmZV5lTGCXzhB1XqeFE9AgCHuODv4iQKBgQC8 -g2uwd5ytXQydymokYk9klJvWNrvw5GHV1BJAC0Smb6lnzZTSqCBRAxdsrb1yLK7E -u2vGY2K7/qiM1DZw23eBd+4t9gg+0VIjqXBfq+GsoNTDvtckUwnrWER5PY831ut9 -N89fvYS3SAUjmlvIAdKBAtKWusWTqiAxJ/05J7oGOQKBgB5PSr5i0LlupIbKui9t -XtXnRqGPxxrZZUpTkyrGOAnlCz/zq2QiwFpBWo/NMHOp0KmxzJpQ8yEY2LWlRZ61 -Oc9m0J/HtPw3Ohi1treBosEVG/0NOI9Tq1Obny23N51MVibdW6zEIyGUp/DbFS8h -5DljdOYX9IYIHHn3Ig4GeTGe ------END PRIVATE KEY----- diff --git a/app/main/api/etc/merchant/pub_key.pem b/app/main/api/etc/merchant/pub_key.pem deleted file mode 100644 index 9356d8d..0000000 --- a/app/main/api/etc/merchant/pub_key.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwSy7dS/ICZV38tI0HxM -SAIE7+Ug92qryuNlkNyaNDRjfsykHsrPCSsUUQEZblBNmZOLfLQxmAaWC+cQqWCv -zfy4rXGAHE1widWFkHGzQzaw6cB0VdDXatK9yAt1PgXdp5jzBRzOn9Z3u4t0s771 -2zjuxCnLxMq84DovNgh2y0LBiuorWbtuTFTd8SXUGk2Jyuojq/02U3KTuyh+7SmW -ffJXKrzhrKwSpGh59e/fFxqX2xGlVoJ1kdohMZPo/7k+e5jP7qjrf93l7JVeUKYa -V27hNVowJ4oho21WVCJ1AYo41IbPJWI+6WxlaVeoR4zKix0Mb2timaWayyLoN53y -aQIDAQAB ------END PUBLIC KEY----- diff --git a/app/main/api/etc/merchant/wxpay/apiclient_cert.p12 b/app/main/api/etc/merchant/wxpay/apiclient_cert.p12 new file mode 100644 index 0000000..353eaef Binary files /dev/null and b/app/main/api/etc/merchant/wxpay/apiclient_cert.p12 differ diff --git a/app/main/api/etc/merchant/wxpay/apiclient_cert.pem b/app/main/api/etc/merchant/wxpay/apiclient_cert.pem new file mode 100644 index 0000000..84855e9 --- /dev/null +++ b/app/main/api/etc/merchant/wxpay/apiclient_cert.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEOjCCAyKgAwIBAgIUa9Pz2GpHDB7TFHbsXvaNwW4CP0MwDQYJKoZIhvcNAQEL +BQAwXjELMAkGA1UEBhMCQ04xEzARBgNVBAoTClRlbnBheS5jb20xHTAbBgNVBAsT +FFRlbnBheS5jb20gQ0EgQ2VudGVyMRswGQYDVQQDExJUZW5wYXkuY29tIFJvb3Qg +Q0EwHhcNMjYwMTE2MDYzMjU2WhcNMzEwMTE1MDYzMjU2WjCBkzETMBEGA1UEAwwK +MTczODIwNTMxMjEbMBkGA1UECgwS5b6u5L+h5ZWG5oi357O757ufMT8wPQYDVQQL +DDbmtbflj6PpvpnljY7mtbflrofnvZHnu5zlt6XkvZzlrqTvvIjkuKrkvZPlt6Xl +lYbmiLfvvIkxCzAJBgNVBAYTAkNOMREwDwYDVQQHDAhTaGVuWmhlbjCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBANceMNVIEsOOHRuxB5DBNx7xPQamGP6c +4dhYcaFobFqMqkfmS5sW7Md9M/gI/u73Km+q+oAkFIKNKehnh+P2Z3xRob1icVSw +YScZDyonm9dj6XBbIXJIkbDTX1RRTOnyxOXhp5FFDt0qUqY/tRk2xRW/gCLTI/qf +l2VGInFhy160vYvTv32hdKDPkQEvxpaZ3L3BjWtT0gHLV7VZSex56+3ZaOQM34tD +TrJ/SIYB0MGrXM/1eAOrZ6NOUXqA5RuicYSYgzzReIgNw9yrh8qv++DCeockOF8n +ixa647lP6Abn0u81CoSv6dLxNKT31Rrog2JnjcqmiZROBDCDWxUoQgkCAwEAAaOB +uTCBtjAJBgNVHRMEAjAAMAsGA1UdDwQEAwID+DCBmwYDVR0fBIGTMIGQMIGNoIGK +oIGHhoGEaHR0cDovL2V2Y2EuaXRydXMuY29tLmNuL3B1YmxpYy9pdHJ1c2NybD9D +QT0xQkQ0MjIwRTUwREJDMDRCMDZBRDM5NzU0OTg0NkMwMUMzRThFQkQyJnNnPUhB +Q0M0NzFCNjU0MjJFMTJCMjdBOUQzM0E4N0FEMUNERjU5MjZFMTQwMzcxMA0GCSqG +SIb3DQEBCwUAA4IBAQAOPMt0W7remcedNuTJwPgTWM3Lt3rrWb2UuYYwIkSOz0/1 +eOjJJQDcllg2IrY0gWLDnuuYLjhX4v1tSNwXFJW0GyFr1uRe4cSevRuD+HWQ2mBv +qcPrjmPID9ZutQl6TClS39DP6dcBZQq8nMI8DEdsX3pa0v+4kDsVc+rn40K4lgrg +sD0+wvW/93pYcXfyEZWSNZ65ZcobR4etVGUbTprwxp1NwcvWwuB2p+5J7CC7O9e6 +l89XWm4Ald+URaSptxvyD83HNJmDw8VP9XY7xq2h5QzNwOB6jHLj7D9LhIRiY5lx +ixV9UdZt/1hVdwZjtsBlmpdHB6deja07hxfTZZiQ +-----END CERTIFICATE----- diff --git a/app/main/api/etc/merchant/wxpay/apiclient_key.pem b/app/main/api/etc/merchant/wxpay/apiclient_key.pem new file mode 100644 index 0000000..df0adb8 --- /dev/null +++ b/app/main/api/etc/merchant/wxpay/apiclient_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDXHjDVSBLDjh0b +sQeQwTce8T0Gphj+nOHYWHGhaGxajKpH5kubFuzHfTP4CP7u9ypvqvqAJBSCjSno +Z4fj9md8UaG9YnFUsGEnGQ8qJ5vXY+lwWyFySJGw019UUUzp8sTl4aeRRQ7dKlKm +P7UZNsUVv4Ai0yP6n5dlRiJxYctetL2L0799oXSgz5EBL8aWmdy9wY1rU9IBy1e1 +WUnseevt2WjkDN+LQ06yf0iGAdDBq1zP9XgDq2ejTlF6gOUbonGEmIM80XiIDcPc +q4fKr/vgwnqHJDhfJ4sWuuO5T+gG59LvNQqEr+nS8TSk99Ua6INiZ43KpomUTgQw +g1sVKEIJAgMBAAECggEASl9TvslWQ2nkwmgoF3HVnssEsEHIrm6K3oNldcpme7/a +N1V1mj8IyceNqhliGjg14bmZNahDtwcbEBCLONM94AtRAesBB6ibTispxQdAp+0R +DhlTrPFN/XZ2pO4ey1t1m4yypFTd2LUDMhsgf4EiDmzQ3jllXQbEDu16hvyqlSkB +QWtxVdP7ztvnaACxZ1Ex0OzIe8ZitWzAXEG/zFFENRiJovSFjsWdKVNyHrjgBqTz +o2AK71c0H7rnVLbDWzW9CuuipiM38Ujoc5aSQbPOjP1F7oNTqTXNzLjhlQTSg6fn +roHSRcjCjIlqGuhmkJ27FKbAn+XH7fTXDgGowSpVKQKBgQD4OzYY0hQSws1rTzEw +BB9/2F1merR2zxtv8MXY5Iu242xd6h0UnTfwe7ZAnfYtuGpwiF3VlJeHUEYCaPoM +ab5GCcaO8QFOO4qKvJWtvdnS8nfcfy4oE1RKb1y4cYbaZrPENdi9blwM+hSBk95T +MXitDbhcXy4GadQX9x+qTEtVZwKBgQDd2a46h5u8RI5nLp15N/5LENaW4OhoDslr +bbCRerXple4+WEEXKDfW5K8YjvUTpE1krA/HUaeqdyc7ZBJy/JWNbgXL33ZuoErN +PgPA38cVvLF9j9JtKczkNDqksc4qV00UafAqkEs6Fvs4eaCHngzjkXjJtySifPgA +e+gTuh4XDwKBgQCm235YntYZalKUoG3q3cqisDjQSwkFl9/Ulh8X1UDJFgRg+J7F +nYzdnPr8YnH5d64sqK2ShMh6j44PzqrOL0JUZ/vNV9lN0h4ldfCTEjvaXVwOnnrT +O3L8efD0lnNUWZba/GsNoqJDotKn61KVz3pTsRZNGTmh2/9SgK4LVi+JXwKBgD6P +cRtePGOF7aZZNd0GFjay4+CeQct+R/x8bStJMF1Tg2CfYJOYKs71pA7H2YKVdaGr +B7QMabyfZzfPS4iTg9TjLs1EEdC2cQGZuFM+h5SwplijIxLXk8jSlar13Q6BmeHk +0e4ezKfv7R4K5mL4BehykF5JwBH2LbVtO4+8j1mvAoGBAPE8dUl65+ky+2929P4O +JYxICvFOyD+00N3MkrGdMapn61GUWp3rXxdPKJkmgCPLU2JATapY4wRTL392ZD5g +wJS/DTFRwnS/KuqPPx2zsahZpzq+VyfFDhk71MfE9kPyZEHPttqddGSqlxUyeDcp +n10ngaerHDe8Xhw8Np9tj+yp +-----END PRIVATE KEY----- diff --git a/app/main/api/etc/merchant/wxpay/璇佷功浣跨敤璇存槑.txt b/app/main/api/etc/merchant/wxpay/璇佷功浣跨敤璇存槑.txt new file mode 100644 index 0000000..9a0aab1 --- /dev/null +++ b/app/main/api/etc/merchant/wxpay/璇佷功浣跨敤璇存槑.txt @@ -0,0 +1,18 @@ +欢迎使用微信支付! +附件中的三份文件(证书pkcs12格式、证书pem格式、证书密钥pem格式),为接口中强制要求时需携带的证书文件。 +证书属于敏感信息,请妥善保管不要泄露和被他人复制。 +不同开发语言下的证书格式不同,以下为说明指引: + 证书pkcs12格式(apiclient_cert.p12) + 包含了私钥信息的证书文件,为p12(pfx)格式,由微信支付签发给您用来标识和界定您的身份 + 部分安全性要求较高的API需要使用该证书来确认您的调用身份 + windows上可以直接双击导入系统,导入过程中会提示输入证书密码,证书密码默认为您的商户号(如:1900006031) + 证书pem格式(apiclient_cert.pem) + 从apiclient_cert.p12中导出证书部分的文件,为pem格式,请妥善保管不要泄漏和被他人复制 + 部分开发语言和环境,不能直接使用p12文件,而需要使用pem,所以为了方便您使用,已为您直接提供 + 您也可以使用openssl命令来自己导出:openssl pkcs12 -clcerts -nokeys -in apiclient_cert.p12 -out apiclient_cert.pem + 证书密钥pem格式(apiclient_key.pem) + 从apiclient_cert.p12中导出密钥部分的文件,为pem格式 + 部分开发语言和环境,不能直接使用p12文件,而需要使用pem,所以为了方便您使用,已为您直接提供 + 您也可以使用openssl命令来自己导出:openssl pkcs12 -nocerts -in apiclient_cert.p12 -out apiclient_key.pem +备注说明: + 由于绝大部分操作系统已内置了微信支付服务器证书的根CA证书, 2018年3月6日后, 不再提供CA证书文件(rootca.pem)下载 \ No newline at end of file diff --git a/app/main/api/internal/service/wechatpayService.go b/app/main/api/internal/service/wechatpayService.go index fbf7f3a..f9cf584 100644 --- a/app/main/api/internal/service/wechatpayService.go +++ b/app/main/api/internal/service/wechatpayService.go @@ -4,12 +4,12 @@ import ( "context" "fmt" "net/http" - "strconv" - "time" "qnc-server/app/main/api/internal/config" "qnc-server/app/main/model" "qnc-server/common/ctxdata" "qnc-server/pkg/lzkit/lzUtils" + "strconv" + "time" "github.com/wechatpay-apiv3/wechatpay-go/core" "github.com/wechatpay-apiv3/wechatpay-go/core/auth/verifiers" @@ -145,12 +145,9 @@ func newWechatPayServiceWithWxPayPubKey(c config.Config, userAuthModel model.Use } // 初始化 notify.Handler - // 使用 SHA256WithRSACombinedVerifier 同时支持平台证书和公钥验签 - // 原因:微信回调目前仍使用平台证书签名,需要兼容处理;同时支持未来切换到公钥签名 - certificateVisitor := downloader.MgrInstance().GetCertificateVisitor(mchID) notifyHandler := notify.NewNotifyHandler( mchAPIv3Key, - verifiers.NewSHA256WithRSACombinedVerifier(certificateVisitor, mchPublicKeyID, *mchPublicKey)) + verifiers.NewSHA256WithRSAPubkeyVerifier(mchPublicKeyID, *mchPublicKey)) logx.Infof("微信支付客户端初始化成功(微信支付公钥方式)") return &WechatPayService{ config: c,