Skip to content

【微信支付】修复公钥模式下V3接口未设置Wechatpay-Serial请求头导致的验签失败 #3548

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 15, 2025
Merged

【微信支付】修复公钥模式下V3接口未设置Wechatpay-Serial请求头导致的验签失败 #3548

merged 3 commits into from
Apr 15, 2025

Conversation

HerveyHall
Copy link
Contributor

实际使用过程中发现公钥模式下调用微信支付V3接口时,未设置Wechatpay-Serial请求头会返回错误信息“应答的微信支付签名验证失败”,但如果兼容两种模式并设置正确的Wechatpay-Serial请求头就可以解决该问题

@HerveyHall
Copy link
Contributor Author

目前查看源码发现postV3方法中请求接口时已经添加Wechatpay-Serial请求头,所以对于get请求也可以暂时在获取WxPayService实例时通过重写getV3方法来解决,代码如下:

    private static com.github.binarywang.wxpay.service.WxPayService getWxPayService(WxPayConfig payConfig) {
        com.github.binarywang.wxpay.service.WxPayService wxPayService = new com.github.binarywang.wxpay.service.impl.WxPayServiceImpl() {
            @Override
            public String getV3(String url) throws WxPayException {
                HttpGet httpGet = new HttpGet(url);
                httpGet.addHeader("Accept", "application/json");
                httpGet.addHeader("Content-Type", "application/json");
                httpGet.addHeader("Wechatpay-Serial", getWechatpaySerial(this.getConfig()));
                return this.requestV3(url, httpGet);
            }

            private String getWechatpaySerial(WxPayConfig wxPayConfig) {
                if (StringUtils.isNotBlank(wxPayConfig.getPublicKeyId())) {
                    return wxPayConfig.getPublicKeyId();
                }
                return wxPayConfig.getVerifier().getValidCertificate().getSerialNumber().toString(16).toUpperCase();
            }
        };
        wxPayService.setConfig(payConfig);
        return wxPayService;
    }

@binarywang
Copy link
Owner

那现在getV3存在的意义是什么?

@HerveyHall
Copy link
Contributor Author

那现在getV3存在的意义是什么?

很遗憾,我的项目里WxJava只用于支付场景,而getV3方法在很多其他场景下也会有调用,我无法确定是否都存在同样问题,因此还需要更多的验证

@binarywang
Copy link
Owner

是不是可以在配置里加一个参数,根据它来决定调用哪个get方法?

@binarywang binarywang added this to the 4.7.5 milestone Apr 14, 2025
@binarywang binarywang merged commit e16e0e9 into binarywang:develop Apr 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@binarywang binarywang binarywang left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
4.7.5
Development

Successfully merging this pull request may close these issues.
2 participants
@HerveyHall @binarywang