Java Code Examples for com.alipay.api.internal.util.AlipaySignature#rsaCheckV1()

The following examples show how to use com.alipay.api.internal.util.AlipaySignature#rsaCheckV1() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: AlipayUtils.java    From yshopmall with Apache License 2.0 6 votes vote down vote up
/**
 * 校验签名
 * @param request HttpServletRequest
 * @param alipay 阿里云配置
 * @return boolean
 */
public boolean rsaCheck(HttpServletRequest request, AlipayConfig alipay){

    // 获取支付宝POST过来反馈信息
    Map<String,String> params = new HashMap<>(1);
    Map requestParams = request.getParameterMap();
    for (Object o : requestParams.keySet()) {
        String name = (String) o;
        String[] values = (String[]) requestParams.get(name);
        String valueStr = "";
        for (int i = 0; i < values.length; i++) {
            valueStr = (i == values.length - 1) ? valueStr + values[i]
                    : valueStr + values[i] + ",";
        }
        params.put(name, valueStr);
    }

    try {
        return AlipaySignature.rsaCheckV1(params,
                alipay.getPublicKey(),
                alipay.getCharset(),
                alipay.getSignType());
    } catch (AlipayApiException e) {
        return false;
    }
}
 
Example 2
Source File: AliPayUtil.java    From wish-pay with Apache License 2.0 6 votes vote down vote up
/**
 * 返回验签结果
 *
 * @param params
 * @param aliPublicKey
 * @return
 */
public static boolean verifySignWithRSA(Map<String, String> params, String aliPublicKey) {
   /* String content = createStringUrl(params);
    String sign = params.get("sign");*/
    String sign_type = params.get("sign_type");
    try {
        return  AlipaySignature.rsaCheckV1(params, aliPublicKey, "UTF-8", sign_type);
        //return AlipaySignature.rsaCheckV2(params, aliPublicKey, UTF_8);
    } catch (AlipayApiException e) {
        e.printStackTrace();
        return false;
    }
    //String sign_type = params.get("sign_type");
   /* try {
        AlipaySignature.rsaSign(content,aliPublicKey,"UTF-8",sign_type);
    } catch (AlipayApiException e) {
        e.printStackTrace();
    }
    return verify(content, sign, aliPublicKey, "UTF-8");*/
}
 
Example 3
Source File: AlipayUtils.java    From eladmin with Apache License 2.0 6 votes vote down vote up
/**
 * 校验签名
 * @param request HttpServletRequest
 * @param alipay 阿里云配置
 * @return boolean
 */
public boolean rsaCheck(HttpServletRequest request, AlipayConfig alipay){

    // 获取支付宝POST过来反馈信息
    Map<String,String> params = new HashMap<>(1);
    Map<String, String[]> requestParams = request.getParameterMap();
    for (Object o : requestParams.keySet()) {
        String name = (String) o;
        String[] values = requestParams.get(name);
        String valueStr = "";
        for (int i = 0; i < values.length; i++) {
            valueStr = (i == values.length - 1) ? valueStr + values[i]
                    : valueStr + values[i] + ",";
        }
        params.put(name, valueStr);
    }

    try {
        return AlipaySignature.rsaCheckV1(params,
                alipay.getPublicKey(),
                alipay.getCharset(),
                alipay.getSignType());
    } catch (AlipayApiException e) {
        return false;
    }
}
 
Example 4
Source File: AliPayUtils.java    From albedo with GNU Lesser General Public License v3.0 6 votes vote down vote up
/**
 * 校验签名
 *
 * @param request HttpServletRequest
 * @param alipay  阿里云配置
 * @return boolean
 */
public boolean rsaCheck(HttpServletRequest request, AlipayConfig alipay) {

	// 获取支付宝POST过来反馈信息
	Map<String, String> params = new HashMap<>(1);
	Map requestParams = request.getParameterMap();
	for (Object o : requestParams.keySet()) {
		String name = (String) o;
		String[] values = (String[]) requestParams.get(name);
		String valueStr = "";
		for (int i = 0; i < values.length; i++) {
			valueStr = (i == values.length - 1) ? valueStr + values[i]
				: valueStr + values[i] + ",";
		}
		params.put(name, valueStr);
	}

	try {
		return AlipaySignature.rsaCheckV1(params,
			alipay.getPublicKey(),
			alipay.getCharset(),
			alipay.getSignType());
	} catch (AlipayApiException e) {
		return false;
	}
}
 
Example 5
Source File: AlipayController.java    From zheng with MIT License 5 votes vote down vote up
@RequestMapping("/notifyUrl")
@ResponseBody
public Object notifyUrl(HttpServletRequest request) throws Exception {
    Map<String, String> parameterMap = RequestUtil.getParameterMap(request);
    // 验签
    boolean signVerified = AlipaySignature.rsaCheckV1(
            parameterMap,
            PropertiesFileUtil.getInstance().get("alipay.alipay_public_key"),
            PropertiesFileUtil.getInstance().get("alipay.charset"),
            PropertiesFileUtil.getInstance().get("alipay.sign_type"));
    if (!signVerified) {
        return PayConstant.FAILED;
    }
    return PayConstant.SUCCESS;
}
 
Example 6
Source File: RpTradePaymentManagerServiceImpl.java    From roncoo-pay with Apache License 2.0 5 votes vote down vote up
/**
 * 支付成功后,又是会出现页面通知早与后台通知 现页面通知,暂时不做数据处理功能,只生成页面通知URL
 *
 * @param payWayCode
 * @param resultMap
 * @return
 */
@Override
public OrderPayResultVo completeScanPayByResult(String payWayCode, Map<String, String> resultMap) {

    OrderPayResultVo orderPayResultVo = new OrderPayResultVo();

    String bankOrderNo = resultMap.get("out_trade_no");
    // 根据银行订单号获取支付信息
    RpTradePaymentRecord rpTradePaymentRecord = rpTradePaymentRecordDao.getByBankOrderNo(bankOrderNo);
    if (rpTradePaymentRecord == null) {
        throw new TradeBizException(TradeBizException.TRADE_ORDER_ERROR, ",非法订单,订单不存在");
    }

    orderPayResultVo.setOrderPrice(rpTradePaymentRecord.getOrderAmount());// 订单金额
    orderPayResultVo.setProductName(rpTradePaymentRecord.getProductName());// 产品名称

    RpTradePaymentOrder rpTradePaymentOrder = rpTradePaymentOrderDao.selectByMerchantNoAndMerchantOrderNo(rpTradePaymentRecord.getMerchantNo(), rpTradePaymentRecord.getMerchantOrderNo());

    // 计算得出通知验证结果
    boolean verify_result = false;

    try {
        verify_result = AlipaySignature.rsaCheckV1(resultMap, AlipayConfigUtil.ali_public_key, "UTF-8", "RSA2");
    } catch (AlipayApiException e) {
        LOG.error("签名异常:" , e);
    }

    if (verify_result) {// 验证成功

        TradeStatusEnum tradeStatusEnum = TradeStatusEnum.getEnum(rpTradePaymentOrder.getStatus());

            String resultUrl = getMerchantNotifyUrl(rpTradePaymentRecord, rpTradePaymentOrder, rpTradePaymentRecord.getReturnUrl(), tradeStatusEnum);
            orderPayResultVo.setReturnUrl(resultUrl);
            orderPayResultVo.setStatus(tradeStatusEnum.name());

    } else {
        throw new TradeBizException(TradeBizException.TRADE_ALIPAY_ERROR, "支付宝签名异常");
    }
    return orderPayResultVo;
}
 
Example 7
Source File: PayAction.java    From AppServiceRestFul with GNU General Public License v3.0 5 votes vote down vote up
/**
 * 支付宝回调接口
 * @param request
 * @param resp
 * @return
 */
@ResponseBody
@RequestMapping(value="/verifyalipayresult.do", method=RequestMethod.POST)
public String verifyAliPayRight(HttpServletRequest request, HttpServletResponse resp)
{
    synchronized (alilock) {
        Map<String,String> params = new HashMap<String,String>();
        Map requestParams = request.getParameterMap();
        for (Iterator iter = requestParams.keySet().iterator(); iter.hasNext();) {
            String name = (String) iter.next();
            String[] values = (String[]) requestParams.get(name);
            String valueStr = "";
            for (int i = 0; i < values.length; i++) {
                valueStr = (i == values.length - 1) ? valueStr + values[i]
                        : valueStr + values[i] + ",";
            }
            params.put(name, valueStr);
        }
        try {
            boolean flag = AlipaySignature.rsaCheckV1(params, PayService.ALI_PUBLIC_KEY, "utf-8", "RSA2");
            if(flag)
            {
                if(params.get("trade_status").equals("TRADE_SUCCESS") && params.get("app_id").equals(PayService.ALI_APPID) && params.get("seller_id").equals("2088621136650617"))
                {
                    return payService.verifyAliPay(params);
                }
            }
        } catch (AlipayApiException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
            return "fail";
        }
    }
    return "fail";
}
 
Example 8
Source File: PayAction.java    From AppServiceRestFul with GNU General Public License v3.0 5 votes vote down vote up
/**
 * 支付宝回调接口
 * @param request
 * @param resp
 * @return
 */
@ResponseBody
@RequestMapping(value="/verifyalipayresult.do", method=RequestMethod.POST)
public String verifyAliPayRight(HttpServletRequest request, HttpServletResponse resp)
{
    synchronized (alilock) {
        Map<String,String> params = new HashMap<String,String>();
        Map requestParams = request.getParameterMap();
        for (Iterator iter = requestParams.keySet().iterator(); iter.hasNext();) {
            String name = (String) iter.next();
            String[] values = (String[]) requestParams.get(name);
            String valueStr = "";
            for (int i = 0; i < values.length; i++) {
                valueStr = (i == values.length - 1) ? valueStr + values[i]
                        : valueStr + values[i] + ",";
            }
            params.put(name, valueStr);
        }
        try {
            boolean flag = AlipaySignature.rsaCheckV1(params, PayService.ALI_PUBLIC_KEY, "utf-8", "RSA2");
            if(flag)
            {
                if(params.get("trade_status").equals("TRADE_SUCCESS") && params.get("app_id").equals(PayService.ALI_APPID) && params.get("seller_id").equals("****************"))
                {
                    return payService.verifyAliPay(params);
                }
            }
        } catch (AlipayApiException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
            return "fail";
        }
    }
    return "fail";
}
 
Example 9
Source File: PayAction.java    From AppServiceRestFul with GNU General Public License v3.0 5 votes vote down vote up
/**
 * 支付宝回调接口
 * @param request
 * @param resp
 * @return
 */
@ResponseBody
@RequestMapping(value="/verifyalipayresult.do", method=RequestMethod.POST)
public String verifyAliPayRight(HttpServletRequest request, HttpServletResponse resp)
{
    synchronized (alilock) {
        Map<String,String> params = new HashMap<String,String>();
        Map requestParams = request.getParameterMap();
        for (Iterator iter = requestParams.keySet().iterator(); iter.hasNext();) {
            String name = (String) iter.next();
            String[] values = (String[]) requestParams.get(name);
            String valueStr = "";
            for (int i = 0; i < values.length; i++) {
                valueStr = (i == values.length - 1) ? valueStr + values[i]
                        : valueStr + values[i] + ",";
            }
            params.put(name, valueStr);
        }
        try {
            boolean flag = AlipaySignature.rsaCheckV1(params, PayService.ALI_PUBLIC_KEY, "utf-8", "RSA2");
            if(flag)
            {
                if(params.get("trade_status").equals("TRADE_SUCCESS") && params.get("app_id").equals(PayService.ALI_APPID) && params.get("seller_id").equals("****************"))
                {
                    return payService.verifyAliPay(params);
                }
            }
        } catch (AlipayApiException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
            return "fail";
        }
    }
    return "fail";
}
 
Example 10
Source File: AlipayWAPPayController.java    From springboot-pay-example with Apache License 2.0 5 votes vote down vote up
/**
 * 支付宝页面跳转同步通知页面
 * @param request
 * @return
 * @throws UnsupportedEncodingException
 * @throws AlipayApiException
 */
@RequestMapping("/returnUrl")
public String returnUrl(HttpServletRequest request, HttpServletResponse response) throws UnsupportedEncodingException, AlipayApiException {
    response.setContentType("text/html;charset=" + alipayProperties.getCharset());

    //获取支付宝GET过来反馈信息
    Map<String,String> params = new HashMap<>();
    Map requestParams = request.getParameterMap();
    for (Iterator iter = requestParams.keySet().iterator(); iter.hasNext();) {
        String name = (String) iter.next();
        String[] values = (String[]) requestParams.get(name);
        String valueStr = "";
        for (int i = 0; i < values.length; i++) {
            valueStr = (i == values.length - 1) ? valueStr + values[i]
                    : valueStr + values[i] + ",";
        }
        //乱码解决,这段代码在出现乱码时使用。如果mysign和sign不相等也可以使用这段代码转化
        valueStr = new String(valueStr.getBytes("ISO-8859-1"), "utf-8");
        params.put(name, valueStr);
    }

    boolean verifyResult = AlipaySignature.rsaCheckV1(params, alipayProperties.getAlipayPublicKey(), alipayProperties.getCharset(), "RSA2");
    if(verifyResult){
        //验证成功
        //请在这里加上商户的业务逻辑程序代码,如保存支付宝交易号
        //商户订单号
        String out_trade_no = new String(request.getParameter("out_trade_no").getBytes("ISO-8859-1"),"UTF-8");
        //支付宝交易号
        String trade_no = new String(request.getParameter("trade_no").getBytes("ISO-8859-1"),"UTF-8");

        return "wapPaySuccess";

    }else{
        return "wapPayFail";

    }
}
 
Example 11
Source File: AlipayController.java    From springboot-pay-example with Apache License 2.0 5 votes vote down vote up
/**
 * 校验签名
 * @param request
 * @return
 */
public boolean rsaCheckV1(HttpServletRequest request){
    // https://docs.open.alipay.com/54/106370
    // 获取支付宝POST过来反馈信息
    Map<String,String> params = new HashMap<>();
    Map requestParams = request.getParameterMap();
    for (Iterator iter = requestParams.keySet().iterator(); iter.hasNext();) {
        String name = (String) iter.next();
        String[] values = (String[]) requestParams.get(name);
        String valueStr = "";
        for (int i = 0; i < values.length; i++) {
            valueStr = (i == values.length - 1) ? valueStr + values[i]
                    : valueStr + values[i] + ",";
        }
        params.put(name, valueStr);
    }

    try {
        boolean verifyResult = AlipaySignature.rsaCheckV1(params,
                aliPayProperties.getAlipayPublicKey(),
                aliPayProperties.getCharset(),
                aliPayProperties.getSignType());

        return verifyResult;
    } catch (AlipayApiException e) {
        log.debug("verify sigin error, exception is:{}", e);
        return false;
    }
}
 
Example 12
Source File: OrderInfoServiceImpl.java    From blog-sample with Apache License 2.0 4 votes vote down vote up
/**
 * 校验订单
 * 支付宝同步/异步回调时调用
 * @author jitwxs
 * @since 2018/6/4 16:40
 */
@Override
public boolean validOrder(Map<String,String> params) throws Exception {
    /* 实际验证过程建议商户务必添加以下校验:
    1、需要验证该通知数据中的out_trade_no是否为商户系统中创建的订单号,
    2、判断total_amount是否确实为该订单的实际金额(即商户订单创建时的金额),
    3、校验通知中的seller_id(或者seller_email) 是否为out_trade_no这笔单据的对应的操作方(有的时候,一个商户可能有多个seller_id/seller_email)
    4、验证app_id是否为该商户本身。
    */

    // 1、调用SDK验证签名
    boolean signVerified = AlipaySignature.rsaCheckV1(params, aliPayConfig.getAlipayPublicKey(), "utf-8", aliPayConfig.getSignType());
    if(!signVerified) {
        return false;
    }
    // 获取订单数据
    String orderId = params.get("out_trade_no");
    OrderInfo orderInfo = orderInfoMapper.selectById(orderId);
    if(orderInfo == null) {
        return false;
    }
    // 2、判断金额是否相等
    float money = Float.parseFloat(params.get("total_amount"));
    if(money != orderInfo.getMoney()) {
        return false;
    }

    // 3、判断商户ID是否相等
    String sellerId = params.get("seller_id");
    if(!sellerId.equals(orderInfo.getSellerId())) {
        return false;
    }

    // 4、判断APP_ID是否相等
    String appId = params.get("app_id");
    if(!appId.equals(aliPayConfig.getAppId())) {
        return false;
    }

    return true;
}
 
Example 13
Source File: NotifyPayServiceImpl.java    From xxpay-master with MIT License 4 votes vote down vote up
/**
 * 验证支付宝支付通知参数
 * @return
 */
public boolean verifyAliPayParams(Map<String, Object> payContext) {
    Map<String,String> params = (Map<String,String>)payContext.get("parameters");
    String out_trade_no = params.get("out_trade_no");		// 商户订单号
    String total_amount = params.get("total_amount"); 		// 支付金额
    if (StringUtils.isEmpty(out_trade_no)) {
        _log.error("AliPay Notify parameter out_trade_no is empty. out_trade_no={}", out_trade_no);
        payContext.put("retMsg", "out_trade_no is empty");
        return false;
    }
    if (StringUtils.isEmpty(total_amount)) {
        _log.error("AliPay Notify parameter total_amount is empty. total_fee={}", total_amount);
        payContext.put("retMsg", "total_amount is empty");
        return false;
    }
    String errorMessage;
    // 查询payOrder记录
    String payOrderId = out_trade_no;
    PayOrder payOrder = super.baseSelectPayOrder(payOrderId);
    if (payOrder == null) {
        _log.error("Can't found payOrder form db. payOrderId={}, ", payOrderId);
        payContext.put("retMsg", "Can't found payOrder");
        return false;
    }
    // 查询payChannel记录
    String mchId = payOrder.getMchId();
    String channelId = payOrder.getChannelId();
    PayChannel payChannel = super.baseSelectPayChannel(mchId, channelId);
    if(payChannel == null) {
        _log.error("Can't found payChannel form db. mchId={} channelId={}, ", payOrderId, mchId, channelId);
        payContext.put("retMsg", "Can't found payChannel");
        return false;
    }
    boolean verify_result = false;
    try {
        verify_result = AlipaySignature.rsaCheckV1(params, alipayConfig.init(payChannel.getParam()).getAlipay_public_key(), AlipayConfig.CHARSET, "RSA2");
    } catch (AlipayApiException e) {
        _log.error(e, "AlipaySignature.rsaCheckV1 error");
    }

    // 验证签名
    if (!verify_result) {
        errorMessage = "rsaCheckV1 failed.";
        _log.error("AliPay Notify parameter {}", errorMessage);
        payContext.put("retMsg", errorMessage);
        return false;
    }

    // 核对金额
    long aliPayAmt = new BigDecimal(total_amount).movePointRight(2).longValue();
    long dbPayAmt = payOrder.getAmount().longValue();
    if (dbPayAmt != aliPayAmt) {
        _log.error("db payOrder record payPrice not equals total_amount. total_amount={},payOrderId={}", total_amount, payOrderId);
        payContext.put("retMsg", "");
        return false;
    }
    payContext.put("payOrder", payOrder);
    return true;
}
 
Example 14
Source File: Notify4AliPayController.java    From xxpay-master with MIT License 4 votes vote down vote up
/**
 * 验证支付宝支付通知参数
 * @return
 */
public boolean verifyAliPayParams(Map<String, Object> payContext) {
	Map<String,String> params = (Map<String,String>)payContext.get("parameters");
	String out_trade_no = params.get("out_trade_no");		// 商户订单号
	String total_amount = params.get("total_amount"); 		// 支付金额
	if (StringUtils.isEmpty(out_trade_no)) {
		_log.error("AliPay Notify parameter out_trade_no is empty. out_trade_no={}", out_trade_no);
		payContext.put("retMsg", "out_trade_no is empty");
		return false;
	}
	if (StringUtils.isEmpty(total_amount)) {
		_log.error("AliPay Notify parameter total_amount is empty. total_fee={}", total_amount);
		payContext.put("retMsg", "total_amount is empty");
		return false;
	}
	String errorMessage;
	// 查询payOrder记录
	String payOrderId = out_trade_no;
	PayOrder payOrder = payOrderService.selectPayOrder(payOrderId);
	if (payOrder == null) {
		_log.error("Can't found payOrder form db. payOrderId={}, ", payOrderId);
		payContext.put("retMsg", "Can't found payOrder");
		return false;
	}
	// 查询payChannel记录
	String mchId = payOrder.getMchId();
	String channelId = payOrder.getChannelId();
	PayChannel payChannel = payChannelService.selectPayChannel(channelId, mchId);
	if(payChannel == null) {
		_log.error("Can't found payChannel form db. mchId={} channelId={}, ", payOrderId, mchId, channelId);
		payContext.put("retMsg", "Can't found payChannel");
		return false;
	}
	boolean verify_result = false;
	try {
		verify_result = AlipaySignature.rsaCheckV1(params, alipayConfig.init(payChannel.getParam()).getAlipay_public_key(), AlipayConfig.CHARSET, "RSA2");
	} catch (AlipayApiException e) {
		_log.error(e, "AlipaySignature.rsaCheckV1 error");
	}

	// 验证签名
	if (!verify_result) {
		errorMessage = "rsaCheckV1 failed.";
		_log.error("AliPay Notify parameter {}", errorMessage);
		payContext.put("retMsg", errorMessage);
		return false;
	}

	// 核对金额
	long aliPayAmt = new BigDecimal(total_amount).movePointRight(2).longValue();
	long dbPayAmt = payOrder.getAmount().longValue();
	if (dbPayAmt != aliPayAmt) {
		_log.error("db payOrder record payPrice not equals total_amount. total_amount={},payOrderId={}", total_amount, payOrderId);
		payContext.put("retMsg", "");
		return false;
	}
	payContext.put("payOrder", payOrder);
	return true;
}
 
Example 15
Source File: NotifyPayServiceImpl.java    From xxpay-master with MIT License 4 votes vote down vote up
/**
 * 验证支付宝支付通知参数
 * @return
 */
public boolean verifyAliPayParams(Map<String, Object> payContext) {
    Map<String,String> params = (Map<String,String>)payContext.get("parameters");
    String out_trade_no = params.get("out_trade_no");		// 商户订单号
    String total_amount = params.get("total_amount"); 		// 支付金额
    if (StringUtils.isEmpty(out_trade_no)) {
        _log.error("AliPay Notify parameter out_trade_no is empty. out_trade_no={}", out_trade_no);
        payContext.put("retMsg", "out_trade_no is empty");
        return false;
    }
    if (StringUtils.isEmpty(total_amount)) {
        _log.error("AliPay Notify parameter total_amount is empty. total_fee={}", total_amount);
        payContext.put("retMsg", "total_amount is empty");
        return false;
    }
    String errorMessage;
    // 查询payOrder记录
    String payOrderId = out_trade_no;
    PayOrder payOrder = super.baseSelectPayOrder(payOrderId);
    if (payOrder == null) {
        _log.error("Can't found payOrder form db. payOrderId={}, ", payOrderId);
        payContext.put("retMsg", "Can't found payOrder");
        return false;
    }
    // 查询payChannel记录
    String mchId = payOrder.getMchId();
    String channelId = payOrder.getChannelId();
    PayChannel payChannel = super.baseSelectPayChannel(mchId, channelId);
    if(payChannel == null) {
        _log.error("Can't found payChannel form db. mchId={} channelId={}, ", payOrderId, mchId, channelId);
        payContext.put("retMsg", "Can't found payChannel");
        return false;
    }
    boolean verify_result = false;
    try {
        verify_result = AlipaySignature.rsaCheckV1(params, alipayConfig.init(payChannel.getParam()).getAlipay_public_key(), AlipayConfig.CHARSET, "RSA2");
    } catch (AlipayApiException e) {
        _log.error(e, "AlipaySignature.rsaCheckV1 error");
    }

    // 验证签名
    if (!verify_result) {
        errorMessage = "rsaCheckV1 failed.";
        _log.error("AliPay Notify parameter {}", errorMessage);
        payContext.put("retMsg", errorMessage);
        return false;
    }

    // 核对金额
    long aliPayAmt = new BigDecimal(total_amount).movePointRight(2).longValue();
    long dbPayAmt = payOrder.getAmount().longValue();
    if (dbPayAmt != aliPayAmt) {
        _log.error("db payOrder record payPrice not equals total_amount. total_amount={},payOrderId={}", total_amount, payOrderId);
        payContext.put("retMsg", "");
        return false;
    }
    payContext.put("payOrder", payOrder);
    return true;
}
 
Example 16
Source File: ExpressPaymentServiceImpl.java    From express-ssm with Apache License 2.0 4 votes vote down vote up
/**
 * 校验订单
 * 支付宝同步/异步回调时调用
 * @author jitwxs
 * @since 2018/6/4 16:40
 */
@Override
public boolean validAlipay(Map<String,String> params) throws Exception {
    /* 实际验证过程建议商户务必添加以下校验:
    1、需要验证该通知数据中的out_trade_no是否为商户系统中创建的订单号,
    2、判断total_amount是否确实为该订单的实际金额(即商户订单创建时的金额),
    3、校验通知中的seller_id(或者seller_email) 是否为out_trade_no这笔单据的对应的操作方(有的时候,一个商户可能有多个seller_id/seller_email)
    4、验证app_id是否为该商户本身。
    */

    // 1、调用SDK验证签名
    boolean signVerified = AlipaySignature.rsaCheckV1(params, aliPaySetting.getAlipayPublicKey(), "utf-8", aliPaySetting.getSignType());
    if(!signVerified) {
        return false;
    }
    // 获取订单数据
    String orderId = params.get("out_trade_no");
    ExpressPayment payment = paymentMapper.selectById(orderId);
    if(payment == null) {
        return false;
    }
    // 2、判断金额是否相等
    double money = Double.parseDouble(params.get("total_amount"));
    if(money != payment.getOnlinePayment()) {
        return false;
    }

    // 3、判断商户ID是否相等
    String sellerId = params.get("seller_id");
    if(!sellerId.equals(payment.getOnlineSeller())) {
        return false;
    }

    // 4、判断APP_ID是否相等
    String appId = params.get("app_id");
    if(!appId.equals(aliPaySetting.getAppId())) {
        return false;
    }

    return true;
}
 
Example 17
Source File: AliPayApi.java    From AlipayWechatPlatform with GNU General Public License v3.0 3 votes vote down vote up
/**
 * 该方法对支付宝提供的验签方法进行了一层封装,验签失败时抛出异常,调用者需要在调用方法中捕获异常;
 *
 * @param params 支付宝回调通知中的请求参数
 * @param alipayPublicKey 支付宝公钥
 * Create by quandong
 */
public static void verifySign(Map<String, String> params, String alipayPublicKey) throws AlipayApiException {
    // 调用支付宝的验签方法,并判断验签是否成功
    if (!AlipaySignature.rsaCheckV1(params, alipayPublicKey, AlipayConstants.CHARSET_UTF8, AlipayConstants.SIGN_TYPE_RSA2)) { // 验签失败
        throw new AlipayApiException("verify sign fail."); // 抛出异常,调用者可以根据该异常判断验签是否成功
    }
}
 
Example 18
Source File: PayCheckFactory.java    From alipay with Apache License 2.0 2 votes vote down vote up
/**
 * The Signature Verification Is A One-Time Signature Verification.
 * Please Conduct The Second Signature Verification In Combination With The Business
 * 1. The Merchant Needs To Verify Whether The Out Trade No In The Notification Data Is The Order Number Created In The Merchant System,
 * 2. Determine Whether The Total Amount Is The Actual Amount Of The Order (That Is, The Amount When The Merchant Order Is Created),
 * 3. Verify That The seller_id (or seller_email)
 * In The Notice Is The Corresponding Operator Of The out_trade_no Document
 * (Sometimes, A Merchant May Have Multiple seller_id/seller_email),
 * 4. Verify Whether The app_id Is The Merchant Itself.
 * If Any Of The Above 1, 2, 3 And 4 Fails To Pass The Verification, It Indicates That This Notification Is An Exception Notification And Must Be Ignored.
 * After The Above Verification Is Passed, Merchants Must Correctly Conduct Different Business Processes According To Different Types Of Business Notifications of AliPay,
 * And Filter Repeated Notification Of The Result Data.
 * In AliPay's Business Notification,
 * AliPay Will Only Be Deemed Successful As A Buyer When The Transaction Notification State Is TRADE_SUCCESS Or TRADE_FINISHED.
 * <p>
 * 验签为一次验签,请结合业务二次验签
 * 1、商户需要验证该通知数据中的out_trade_no是否为商户系统中创建的订单号,
 * 2、判断total_amount是否确实为该订单的实际金额(即商户订单创建时的金额),
 * 3、校验通知中的seller_id(或者seller_email) 是否为out_trade_no这笔单据的对应的操作方
 * (有的时候,一个商户可能有多个seller_id/seller_email),
 * 4、验证app_id是否为该商户本身.
 * 上述1、2、3、4有任何一个验证不通过,则表明本次通知是异常通知,务必忽略.
 * 在上述验证通过后商户必须根据支付宝不同类型的业务通知,
 * 正确的进行不同的业务处理,并且过滤重复的通知结果数据.
 * 在支付宝的业务通知中,
 * 只有交易通知状态为TRADE_SUCCESS或TRADE_FINISHED时,支付宝才会认定为买家付款成功.
 *
 * @param reloadMap Come From {@linkplain #reload(Map)}
 *                  来自 {@linkplain #reload(Map)}
 * @param publicKey publicKey
 *                  支付宝公钥
 * @return boolean
 * @throws AlipayApiException AlipayApiException
 */
public static boolean check(Map<String, String> reloadMap, String publicKey) throws AlipayApiException {
    return AlipaySignature.rsaCheckV1 (reloadMap, publicKey,
            PayClientConstant.PAY_CHARSET.getValue (),
            PayClientConstant.PAY_SIGN_TYPE.getValue ());
}