/**
* Copyright 2019 the original author or authors.
* <p>
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* <p>
* http://www.apache.org/licenses/LICENSE-2.0
* <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.github.thierrysquirrel.alipay.factory;
import com.alipay.api.AlipayApiException;
import com.alipay.api.internal.util.AlipaySignature;
import com.github.thierrysquirrel.alipay.container.PayCheckFactoryContainer;
import com.github.thierrysquirrel.alipay.container.PayClientConstant;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
/**
* ClassName: PayCheckFactory
* Description:
* date: 2019/12/25 19:29
*
* @author ThierrySquirrel
* @since JDK 1.8
*/
public class PayCheckFactory {
private PayCheckFactory() {
}
/**
* Call This Method Before Using {@linkplain #check(Map, String)}
* Response Parameter Document Address https://docs.open.alipay.com/api_1/alipay.trade.page.pay/
* <p>
* 使用 {@linkplain #check(Map, String)} 之前,请先调用此方法
* 响应参数,文档地址 https://docs.open.alipay.com/api_1/alipay.trade.page.pay/
*
* @param parameterMap Feedback From AliPay: For Example HttpServletRequest request.getParameterMap()
* 支付宝的反馈信息:例如 HttpServletRequest request.getParameterMap()
* @return Map
*/
public static Map<String, String> reload(Map<String, String[]> parameterMap) {
Map<String, String> map = new ConcurrentHashMap<> (PayCheckFactoryContainer.MAP_DEFAULT_SIZE);
parameterMap.forEach ((name, values) -> map.put (name, String.join (PayCheckFactoryContainer.RELOAD_JOIN, values)));
return map;
}
/**
* The Signature Verification Is A One-Time Signature Verification.
* Please Conduct The Second Signature Verification In Combination With The Business
* 1. The Merchant Needs To Verify Whether The Out Trade No In The Notification Data Is The Order Number Created In The Merchant System,
* 2. Determine Whether The Total Amount Is The Actual Amount Of The Order (That Is, The Amount When The Merchant Order Is Created),
* 3. Verify That The seller_id (or seller_email)
* In The Notice Is The Corresponding Operator Of The out_trade_no Document
* (Sometimes, A Merchant May Have Multiple seller_id/seller_email),
* 4. Verify Whether The app_id Is The Merchant Itself.
* If Any Of The Above 1, 2, 3 And 4 Fails To Pass The Verification, It Indicates That This Notification Is An Exception Notification And Must Be Ignored.
* After The Above Verification Is Passed, Merchants Must Correctly Conduct Different Business Processes According To Different Types Of Business Notifications of AliPay,
* And Filter Repeated Notification Of The Result Data.
* In AliPay's Business Notification,
* AliPay Will Only Be Deemed Successful As A Buyer When The Transaction Notification State Is TRADE_SUCCESS Or TRADE_FINISHED.
* <p>
* 验签为一次验签,请结合业务二次验签
* 1、商户需要验证该通知数据中的out_trade_no是否为商户系统中创建的订单号,
* 2、判断total_amount是否确实为该订单的实际金额(即商户订单创建时的金额),
* 3、校验通知中的seller_id(或者seller_email) 是否为out_trade_no这笔单据的对应的操作方
* (有的时候,一个商户可能有多个seller_id/seller_email),
* 4、验证app_id是否为该商户本身.
* 上述1、2、3、4有任何一个验证不通过,则表明本次通知是异常通知,务必忽略.
* 在上述验证通过后商户必须根据支付宝不同类型的业务通知,
* 正确的进行不同的业务处理,并且过滤重复的通知结果数据.
* 在支付宝的业务通知中,
* 只有交易通知状态为TRADE_SUCCESS或TRADE_FINISHED时,支付宝才会认定为买家付款成功.
*
* @param reloadMap Come From {@linkplain #reload(Map)}
* 来自 {@linkplain #reload(Map)}
* @param publicKey publicKey
* 支付宝公钥
* @return boolean
* @throws AlipayApiException AlipayApiException
*/
public static boolean check(Map<String, String> reloadMap, String publicKey) throws AlipayApiException {
return AlipaySignature.rsaCheckV1 (reloadMap, publicKey,
PayClientConstant.PAY_CHARSET.getValue (),
PayClientConstant.PAY_SIGN_TYPE.getValue ());
}
}
