SpringBoot整合微信小程序支付V3(支付退款)
一、微信支付-准备工作
微信支付开发前,需要先获取商家信息,包括商户号、AppId、证书和密钥。
获取商户号
微信商户平台 申请成为商户 => 提交资料 => 签署协议 => 获取商户号获取AppID
微信公众平台 注册服务号 => 服务号认证 => 获取APPID => 绑定商户号申请商户证书
登录商户平台 => 选择 账户中心 => 安全中心 => API安全 => 申请API证书 包括商户证书和商户私钥获取微信的证书
获取APIv3秘钥(在微信支付回调通知和商户获取平台证书使用APIv3密钥)
登录商户平台 => 选择 账户中心 => 安全中心 => API安全 => 设置APIv3密钥
二、微信支付-基本配置
1.引入pom.xml
<!-- 微信支付 --> <dependency> <groupId>com.github.wechatpay-apiv3</groupId> <artifactId>wechatpay-apache-httpclient</artifactId> <version>0.4.2</version> </dependency>
2.配置商户信息、证书、密钥等。将客户端对象构建到Bean中,方便后续使用。
可以采用两种方式
①.配置application.yml
weixin: appid: wx*************acx # appid mch-serial-no: 3FB18E2*******0127B3*****0053E2 # 证书序列号 private-key-path: D:\wx\pem\apiclient_key.pem # 证书路径 mch-id: 16*****801 # 商户号 key: F8CDeHBc***********2t5nvVeh1 # api秘钥 domain: https://api.mch.weixin.qq.com # 微信服务器地址 notify-domain: https://xw666.mynatapp.cc # 回调,自己的回调地址
然后创建对应的实体
@Configuration @PropertySource("classpath:application.yml") //读取配置文件 @ConfigurationProperties(prefix = "weixin") //读取wxpay节点 @Data //使用set方法将wxpay节点中的值填充到当前类的属性中 @ApiModel("微信支付静态常量类") public class WxPayConfig { @ApiModelProperty("商户号") private String mchId; @ApiModelProperty("商户API证书序列号") private String mchSerialNo; @ApiModelProperty("商户私钥文件") private String privateKeyPath; @ApiModelProperty("APIv3密钥") private String key; @ApiModelProperty("APPID") private String appid; @ApiModelProperty("微信服务器地址") private String domain; @ApiModelProperty("接收结果通知地址") private String notifyDomain; }
②使用数据库存储,在项目启动时加载到redis中,然后从redis中获取
@Configuration @Data @ApiModel("微信支付静态常量类") public class WxPayConstants { @Resource private RedisCache redisCache; @ApiModelProperty("APPID") public String appid; @ApiModelProperty("商户API证书序列号") public String mchSerialNo; @ApiModelProperty("商户私钥文件") public String privateKeyPath; @ApiModelProperty("商户号") public String mchId; @ApiModelProperty("APIv3密钥") public String key; @ApiModelProperty("微信服务器地址") public String domain; @ApiModelProperty("接收结果通知地址") public String notifyDomain; @Resource public void getParam(RedisCache redisCache){ appid = redisCache.getCacheObject("WX_PAY_SAVE_WX_APPID"); mchSerialNo = redisCache.getCacheObject("WX_PAY_SAVE_MCH_SERIAL_NO"); privateKeyPath = redisCache.getCacheObject("WX_PAY_SAVE_PRIVATE_KEY_PATH"); mchId = redisCache.getCacheObject("WX_PAY_SAVE_MCH_ID"); key = redisCache.getCacheObject("WX_PAY_SAVE_KEY"); domain = redisCache.getCacheObject("WX_PAY_SAVE_DOMAIN"); notifyDomain = redisCache.getCacheObject("WX_PAY_SAVE_NOTIFY_DOMAIN"); } }
这两个实体有几个共同的方法,无论使用哪一个,放到下面即可
/** * 获取商户的私钥文件 * * @param filename 证书地址 * @return 私钥文件 */ public PrivateKey getPrivateKey(String filename) { try { return PemUtil.loadPrivateKey(new FileInputStream(filename)); } catch (FileNotFoundException e) { throw new ServiceException("私钥文件不存在"); } } /** * 获取签名验证器 */ @Bean public Verifier getVerifier() { // 获取商户私钥 final PrivateKey privateKey = getPrivateKey(privateKeyPath); // 私钥签名对象 PrivateKeySigner privateKeySigner = new PrivateKeySigner(mchSerialNo, privateKey); // 身份认证对象 WechatPay2Credentials wechatPay2Credentials = new WechatPay2Credentials(mchId, privateKeySigner); // 获取证书管理器实例 CertificatesManager certificatesManager = CertificatesManager.getInstance(); try { // 向证书管理器增加需要自动更新平台证书的商户信息 certificatesManager.putMerchant(mchId, wechatPay2Credentials, key.getBytes(StandardCharsets.UTF_8)); } catch (IOException | GeneralSecurityException | HttpCodeException e) { e.printStackTrace(); } try { return certificatesManager.getVerifier(mchId); } catch (NotFoundException e) { e.printStackTrace(); throw new ServiceException("获取签名验证器失败"); } } /** * 获取微信支付的远程请求对象 * @return Http请求对象 */ @Bean public CloseableHttpClient getWxPayClient() { // 获取签名验证器 Verifier verifier = getVerifier(); // 获取商户私钥 final PrivateKey privateKey = getPrivateKey(privateKeyPath); WechatPayHttpClientBuilder builder = WechatPayHttpClientBuilder.create().withMerchant(mchId, mchSerialNo, privateKey) .withValidator(new WechatPay2Validator(verifier)); return builder.build(); }
3.请求地址枚举类(WxApiConstants)
为了防止微信支付的请求地址前缀发生变化,因此请求前缀存储在application.yml中,请求时进行拼接即可。
import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModelProperty; import lombok.AllArgsConstructor; import lombok.Getter; //为了防止微信支付的请求地址前缀发生变化,因此请求前缀存储在mysql,redis中,请求时进行拼接即可。 @AllArgsConstructor @Getter @ApiModel("请求地址") public enum WxApiConstants { @ApiModelProperty("Native下单") NATIVE_PAY("/v3/pay/transactions/native"), @ApiModelProperty("jsapi下单") JSAPI_PAY("/v3/pay/transactions/jsapi"), @ApiModelProperty("jsapi下单") H5_PAY("/v3/pay/transactions/h5"), @ApiModelProperty("APP下单") APP_PAY("/v3/pay/transactions/app"), @ApiModelProperty("查询订单") ORDER_QUERY_BY_NO("/v3/pay/transactions/out-trade-no/%s"), @ApiModelProperty("关闭订单") CLOSE_ORDER_BY_NO("/v3/pay/transactions/out-trade-no/%s/close"), @ApiModelProperty("申请退款") DOMESTIC_REFUNDS("/v3/refund/domestic/refunds"), @ApiModelProperty("查询单笔退款") DOMESTIC_REFUNDS_QUERY("/v3/refund/domestic/refunds/%s"), @ApiModelProperty("申请交易账单") TRADE_BILLS("/v3/bill/tradebill"), @ApiModelProperty("申请资金账单") FUND_FLOW_BILLS("/v3/bill/fundflowbill"); @ApiModelProperty("类型") private final String type; }
4.回调地址枚举类(WxChatBasePayDto)
发生请求后微信官方会回调我们传递的地址,这里通过枚举统一管理我们的回调地址,回调地址由application.yml中的
weixin.notify-domain拼接组成。
import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModelProperty; import lombok.AllArgsConstructor; import lombok.Getter; @Getter @AllArgsConstructor @ApiModel("微信回调地址,根据自己的项目来,不要直接照搬") public enum WxNotifyConstants { @ApiModelProperty("订单支付通知") RUN_ERRANDS_NOTIFY("/wx/order/wxOrderCallBack"), @ApiModelProperty("卡支付成功通知") CAMPUS_CARD_NOTIFY("/wx/campusCardOrder/wxCampusCardOrderCallBack"), @ApiModelProperty("卡退款成功通知") CAMPUS_CARD_REFUND_NOTIFY("/wx/campusCardOrder/refundWechatCallback"); @ApiModelProperty("类型") private final String type; }
5.微信支付基础请求数据对象(WxChatBasePayDto)
import com.xxx.project.wx.constants.WxNotifyConstants; import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModelProperty; import lombok.Data; import java.math.BigDecimal; @Data @ApiModel("微信支付基础请求数据对象") public class WxChatBasePayDto { @ApiModelProperty("商品描述") private String title; @ApiModelProperty("商家订单号,对应 out_trade_no") private String orderId; @ApiModelProperty("订单金额") private BigDecimal price; @ApiModelProperty("回调地址") private WxNotifyConstants notify; @ApiModelProperty("支付用户的openid") private String openId; }
6.将请求参数封装成Map集合(WxPayCommon)
封装完枚举类后,首先就是请求参数的封装,支付类请求参数都非常相近,我们将都需要的参数提取出来以map的方式进行返回。这里的参数,指每个支付类请求都用到的参数,个别支付需要额外添加数据
import com.google.gson.Gson; import com.xxx.common.exception.ServiceException; import com.xxx.project.wx.constants.WxPayConstants; import com.xxx.project.wx.constants.WxApiConstants; import com.xxx.project.wx.dto.WxChatBasePayDto; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpPost; import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.util.EntityUtils; import java.io.IOException; import java.math.BigDecimal; import java.util.HashMap; import java.util.Map; @Slf4j public class WxPayCommon { /** * 封装基础通用请求数据 * @param wxPayConfig 微信的配置文件 * @param basePayData 微信支付基础请求数据 * @return 封装后的map对象 */ public static Map<String, Object> getBasePayParams(WxPayConstants wxPayConfig, WxChatBasePayDto basePayData) { Map<String, Object> paramsMap = new HashMap<>(); paramsMap.put("appid", wxPayConfig.getAppid()); paramsMap.put("mchid", wxPayConfig.getMchId()); // 如果商品名称过长则截取 String title = basePayData.getTitle().length() > 62 ? basePayData.getTitle().substring(0, 62) : basePayData.getTitle(); paramsMap.put("description",title); paramsMap.put("out_trade_no", basePayData.getOrderId()); paramsMap.put("notify_url", wxPayConfig.getNotifyDomain().concat(basePayData.getNotify().getType())); Map<String, Integer> amountMap = new HashMap<>(); amountMap.put("total", basePayData.getPrice().multiply(new BigDecimal("100")).intValue()); paramsMap.put("amount", amountMap); return paramsMap; } /** * 获取请求对象(Post请求) * @param wxPayConfig 微信配置类 * @param apiType 接口请求地址 * @param paramsMap 请求参数 * @return Post请求对象 */ public static HttpPost getHttpPost(WxPayConstants wxPayConfig, WxApiConstants apiType, Map<String, Object> paramsMap) { // 1.设置请求地址 HttpPost httpPost = new HttpPost(wxPayConfig.getDomain().concat(apiType.getType())); // 2.设置请求数据 Gson gson = new Gson(); String jsonParams = gson.toJson(paramsMap); // 3.设置请求信息 StringEntity entity = new StringEntity(jsonParams, "utf-8"); entity.setContentType("application/json"); httpPost.setEntity(entity); httpPost.setHeader("Accept", "application/json"); return httpPost; } /** * 解析响应数据 * @param response 发送请求成功后,返回的数据 * @return 微信返回的参数 */ public static HashMap<String, String> resolverResponse(CloseableHttpResponse response) { try { // 1.获取请求码 int statusCode = response.getStatusLine().getStatusCode(); // 2.获取返回值 String 格式 final String bodyAsString = EntityUtils.toString(response.getEntity()); Gson gson = new Gson(); if (statusCode == 200) { // 3.如果请求成功则解析成Map对象返回 HashMap<String, String> resultMap = gson.fromJson(bodyAsString, HashMap.class); return resultMap; } else { if (StringUtils.isNoneBlank(bodyAsString)) { log.error("微信支付请求失败,提示信息:{}", bodyAsString); // 4.请求码显示失败,则尝试获取提示信息 HashMap<String, String> resultMap = gson.fromJson(bodyAsString, HashMap.class); throw new ServiceException(resultMap.get("message")); } log.error("微信支付请求失败,未查询到原因,提示信息:{}", response); // 其他异常,微信也没有返回数据,这就需要具体排查了 throw new IOException("request failed"); } } catch (Exception e) { e.printStackTrace(); throw new ServiceException(e.getMessage()); } finally { try { response.close(); } catch (IOException e) { e.printStackTrace(); } } } }
7.创建微信支付订单的三种方式(Native,Jsapi,App)
商户Native支付下单接口,微信后台系统返回链接参数code_url,商户后台系统将code_url值生成二维码图片,用户使用微信客户端扫码后发起支付,也就是说后端只需要返回code_url即可。
官方JSAPI支付开发指引继续在上方WxPayCommon中加入
/** * 创建微信支付订单-Native方式 * * @param wxPayConfig 微信配置信息 * @param basePayData 基础请求信息,商品标题、商家订单id、订单价格 * @param wxPayClient 微信请求客户端() * @return 微信支付二维码地址 */ public static String wxNativePay(WxPayConstants wxPayConfig, WxChatBasePayDto basePayData, CloseableHttpClient wxPayClient) { // 1.获取请求参数的Map格式 Map<String, Object> paramsMap = getBasePayParams(wxPayConfig, basePayData); // 2.获取请求对象 HttpPost httpPost = getHttpPost(wxPayConfig, WxApiConstants.NATIVE_PAY, paramsMap); // 3.完成签名并执行请求 CloseableHttpResponse response = null; try { response = wxPayClient.execute(httpPost); } catch (IOException e) { e.printStackTrace(); throw new ServiceException("微信支付请求失败"); } // 4.解析response对象 HashMap<String, String> resultMap = resolverResponse(response); if (resultMap != null) { // native请求返回的是二维码链接,前端将链接转换成二维码即可 return resultMap.get("code_url"); } return null; } /** * 创建微信支付订单-jsapi方式 * @param wxPayConfig 微信配置信息 * @param basePayData 基础请求信息,商品标题、商家订单id、订单价格 * @param openId 通过微信小程序或者公众号获取到用户的openId * @param wxPayClient 微信请求客户端() * @return 微信支付二维码地址 */ public static String wxJsApiPay(WxPayConstants wxPayConfig, WxChatBasePayDto basePayData, String openId, CloseableHttpClient wxPayClient) { // 1.获取请求参数的Map格式 Map<String, Object> paramsMap = getBasePayParams(wxPayConfig, basePayData); // 1.1 添加支付者信息 Map<String,String> payerMap = new HashMap(); payerMap.put("openid",openId); paramsMap.put("payer",payerMap); // 2.获取请求对象 HttpPost httpPost = getHttpPost(wxPayConfig, WxApiConstants.JSAPI_PAY, paramsMap); // 3.完成签名并执行请求 CloseableHttpResponse response = null; try { response = wxPayClient.execute(httpPost); } catch (IOException e) { e.printStackTrace(); throw new ServiceException("微信支付请求失败"); } // 4.解析response对象 HashMap<String, String> resultMap = resolverResponse(response); if (resultMap != null) { // native请求返回的是二维码链接,前端将链接转换成二维码即可 return resultMap.get("prepay_id"); } return null; } /** * 创建微信支付订单-APP方式 * * @param wxPayConfig 微信配置信息 * @param basePayData 基础请求信息,商品标题、商家订单id、订单价格 * @param wxPayClient 微信请求客户端() * @return 微信支付二维码地址 */ public static String wxAppPay(WxPayConstants wxPayConfig, WxChatBasePayDto basePayData, CloseableHttpClient wxPayClient) { // 1.获取请求参数的Map格式 Map<String, Object> paramsMap = getBasePayParams(wxPayConfig, basePayData); // 2.获取请求对象 HttpPost httpPost = getHttpPost(wxPayConfig, WxApiConstants.APP_PAY, paramsMap); // 3.完成签名并执行请求 CloseableHttpResponse response = null; try { response = wxPayClient.execute(httpPost); } catch (IOException e) { e.printStackTrace(); throw new ServiceException("微信支付请求失败"); } // 4.解析response对象 HashMap<String, String> resultMap = resolverResponse(response); if (resultMap != null) { // native请求返回的是二维码链接,前端将链接转换成二维码即可 return resultMap.get("prepay_id"); } return null; }
8.创建实体存储前端微信支付所需参数(WxChatPayDto)
因为前端拉起微信支付需要多个参数,直接用一个实体返回更便捷
@Data @ApiModel("前端微信支付所需参数") public class WxChatPayDto { @ApiModelProperty("需要支付的小程序id") private String appid; @ApiModelProperty("时间戳(当前的时间)") private String timeStamp; @ApiModelProperty("随机字符串,不长于32位。") private String nonceStr; @ApiModelProperty("小程序下单接口返回的prepay_id参数值,提交格式如:prepay_id=***") private String prepayId; @ApiModelProperty("签名类型,默认为RSA,仅支持RSA。") private String signType; @ApiModelProperty("签名,使用字段appId、timeStamp、nonceStr、package计算得出的签名值") private String paySign;
三、微信支付-调起微信支付
设置一个公共方法pay,每次支付可以直接调用
@Resource private WxPayConstants wxPayConfig; @Resource private CloseableHttpClient wxPayClient; /** * 微信用户调用微信支付 */ @Override public WxChatPayDto pay(WxChatBasePayDto payData) { String prepayId = WxPayCommon.wxJsApiPay(wxPayConfig, payData, payData.getOpenId(), wxPayClient); WxChatPayDto wxChatPayDto = new WxChatPayDto(); wxChatPayDto.setAppid(redisCache.getCacheObject("WX_PAY_SAVE_WX_APPID")); wxChatPayDto.setTimeStamp(String.valueOf(System.currentTimeMillis() / 1000)); wxChatPayDto.setNonceStr(UUID.randomUUID().toString().replaceAll("-", "")); wxChatPayDto.setPrepayId("prepay_id=" + prepayId); wxChatPayDto.setSignType("RSA"); wxChatPayDto.setPaySign(getSign(wxChatPayDto.getNonceStr(),wxChatPayDto.getAppid(),wxChatPayDto.getPrepayId(),Long.parseLong(wxChatPayDto.getTimeStamp()))); return wxChatPayDto; } /** * 获取签名 * @param nonceStr 随机数 * @param appId 微信公众号或者小程序等的appid * @param prepay_id 预支付交易会话ID * @param timestamp 时间戳 10位 * @return String 新签名 */ String getSign(String nonceStr, String appId, String prepay_id, long timestamp) { //从下往上依次生成 String message = buildMessage(appId, timestamp, nonceStr, prepay_id); //签名 try { return sign(message.getBytes("utf-8")); } catch (IOException e) { throw new RuntimeException("签名异常,请检查参数或商户私钥"); } } String sign(byte[] message) { try { //签名方式 Signature sign = Signature.getInstance("SHA256withRSA"); //私钥,通过MyPrivateKey来获取,这是个静态类可以接调用方法 ,需要的是_key.pem文件的绝对路径配上文件名 sign.initSign(PemUtil.loadPrivateKey(new FileInputStream(redisCache.getCacheObject("WX_PAY_SAVE_PRIVATE_KEY_PATH").toString()))); sign.update(message); return Base64.getEncoder().encodeToString(sign.sign()); } catch (Exception e) { throw new RuntimeException("签名异常,请检查参数或商户私钥"); } } /** * 按照前端签名文档规范进行排序,\n是换行 * * @param nonceStr 随机数 * @param appId 微信公众号或者小程序等的appid * @param prepay_id 预支付交易会话ID * @param timestamp 时间戳 10位 * @return String 新签名 */ String buildMessage(String appId, long timestamp, String nonceStr, String prepay_id) { return appId + "\n" + timestamp + "\n" + nonceStr + "\n" + prepay_id + "\n"; }
调用pay,获取前端拉起支付所需要的参数
//支付 WxChatBasePayDto payData = new WxChatBasePayDto(); payData.setTitle("订单支付"); payData.setOrderId(runOrder.getOrderNumber()); payData.setPrice(new BigDecimal(0.01)); payData.setNotify(WxNotifyConstants.RUN_ERRANDS_NOTIFY); payData.setOpenId(runOrder.getOpenId()); WxChatPayDto pay = pay(payData);
给前端直接返回pay这个参数,前端通过里面的参数拉起支付
四、微信支付-成功回调
同样的通知可能会多次发送给商户系统。商户系统必须能够正确处理重复的通知。 推荐的做法是,当商户系统收到通知进行处理时,先检查对应业务数据的状态,并判断该通知是否已经处理。如果未处理,则再进行处理;如果已处理,则直接返回结果成功。在对业务数据进行状态检查和处理之前,要采用数据锁进行并发控制,以避免函数重入造成的数据混乱。
如果在所有通知频率后没有收到微信侧回调,商户应调用查询订单接口确认订单状态。
特别提醒:商户系统对于开启结果通知的内容一定要做签名验证,并校验通知的信息是否与商户侧的信息一致,防止数据泄露导致出现“假通知”,造成资金损失。
该链接是通过基础下单接口中的请求参数“notify_url”来设置的,要求必须为https地址。请确保回调URL是外部可正常访问的,且不能携带后缀参数,否则可能导致商户无法接收到微信的回调通知信息。
import com.alibaba.fastjson.JSONObject; import com.xxx.framework.redis.RedisCache; import com.wechat.pay.contrib.apache.httpclient.auth.Verifier; import com.wechat.pay.contrib.apache.httpclient.util.AesUtil; import org.springframework.stereotype.Component; import javax.annotation.Resource; import javax.servlet.ServletInputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.BufferedReader; import java.io.IOException; import java.io.InputStreamReader; import java.io.UnsupportedEncodingException; import java.security.GeneralSecurityException; import java.util.HashMap; import java.util.Map; import java.util.stream.Collectors; import java.util.stream.Stream; /** * 微信支付回调工具类 */ @Component public class WxPayCallbackUtil { @Resource private RedisCache redisCache; @Resource private Verifier verifier; /** * 获取回调数据 * @param request * @param response * @return */ public Map<String, String> wxChatPayCallback(HttpServletRequest request, HttpServletResponse response) { //获取报文 String body = getRequestBody(request); //随机串 String nonceStr = request.getHeader("Wechatpay-Nonce"); //微信传递过来的签名 String signature = request.getHeader("Wechatpay-Signature"); //证书序列号(微信平台) String serialNo = request.getHeader("Wechatpay-Serial"); //时间戳 String timestamp = request.getHeader("Wechatpay-Timestamp"); //构造签名串 应答时间戳\n,应答随机串\n,应答报文主体\n String signStr = Stream.of(timestamp, nonceStr, body).collect(Collectors.joining("\n", "", "\n")); Map<String, String> map = new HashMap<>(2); try { //验证签名是否通过 boolean result = verifiedSign(serialNo, signStr, signature); if(result){ //解密数据 String plainBody = decryptBody(body); return convertWechatPayMsgToMap(plainBody); } } catch (Exception e) { e.printStackTrace(); } return map; } /** * 转换body为map * @param plainBody * @return */ public Map<String,String> convertWechatPayMsgToMap(String plainBody){ Map<String,String> paramsMap = new HashMap<>(2); JSONObject jsonObject = JSONObject.parseObject(plainBody); //商户订单号 paramsMap.put("out_trade_no",jsonObject.getString("out_trade_no")); //交易状态 paramsMap.put("trade_state",jsonObject.getString("trade_state")); //附加数据 paramsMap.put("attach",jsonObject.getString("attach")); if (jsonObject.getJSONObject("attach") != null && !jsonObject.getJSONObject("attach").equals("")){ paramsMap.put("account_no",jsonObject.getJSONObject("attach").getString("accountNo")); } return paramsMap; } /** * 解密body的密文 * * "resource": { * "original_type": "transaction", * "algorithm": "AEAD_AES_256_GCM", * "ciphertext": "", * "associated_data": "", * "nonce": "" * } * * @param body * @return */ public String decryptBody(String body) throws UnsupportedEncodingException, GeneralSecurityException { AesUtil aesUtil = new AesUtil(redisCache.getCacheObject("WX_PAY_SAVE_KEY").toString().getBytes("utf-8")); JSONObject object = JSONObject.parseObject(body); JSONObject resource = object.getJSONObject("resource"); String ciphertext = resource.getString("ciphertext"); String associatedData = resource.getString("associated_data"); String nonce = resource.getString("nonce"); return aesUtil.decryptToString(associatedData.getBytes("utf-8"),nonce.getBytes("utf-8"),ciphertext); } /** * 验证签名 * * @param serialNo 微信平台-证书序列号 * @param signStr 自己组装的签名串 * @param signature 微信返回的签名 * @return * @throws UnsupportedEncodingException */ public boolean verifiedSign(String serialNo, String signStr, String signature) throws UnsupportedEncodingException { return verifier.verify(serialNo, signStr.getBytes("utf-8"), signature); } /** * 读取请求数据流 * * @param request * @return */ public String getRequestBody(HttpServletRequest request) { StringBuffer sb = new StringBuffer(); try (ServletInputStream inputStream = request.getInputStream(); BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream)); ) { String line; while ((line = reader.readLine()) != null) { sb.append(line); } } catch (IOException e) { e.printStackTrace(); } return sb.toString(); } }
支付成功后的回调方法
/** * 订单支付后回调 */ @Override public Map<String, String> wxOrderCallBack(HttpServletRequest request, HttpServletResponse response) { Map<String, String> map = new HashMap<>(2); try { Map<String, String> stringMap = wxPayCallbackUtil.wxChatPayCallback(request, response); //支付成功 if (stringMap.get("trade_state").equals("SUCCESS")){ //编写支付成功后逻辑 } //响应微信 map.put("code", "SUCCESS"); map.put("message", "成功"); } catch (Exception e) { e.printStackTrace(); } return map; }
五、微信支付-申请退款
- 申请退款请求对象
微信支付订单号,微信支付订单号和商家订单号二选一,这个是必不可少的,原订单金额也是必填的,微信会做二次验证。
@Data @ApiModel("微信退款对象") public class WxChatRefundDto { @ApiModelProperty("微信支付订单号,微信支付订单号和商家订单号二选一") private String transactionId; @ApiModelProperty("商家订单号,对应 out_trade_no") private String orderId; @ApiModelProperty("商户退款单号,对应out_refund_no") private String refundOrderId; @ApiModelProperty("退款原因,选填") private String reason; @ApiModelProperty("回调地址") private WxNotifyConstants notify; @ApiModelProperty("退款金额") private BigDecimal refundMoney; @ApiModelProperty("原订单金额,必填") private BigDecimal totalMoney;
- 将请求参数封装成Map集合
import com.xxx.common.exception.ServiceException; import com.xxx.project.wx.constants.WxApiConstants; import com.xxx.project.wx.constants.WxPayConstants; import com.xxx.project.wx.dto.WxChatRefundDto; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpPost; import org.apache.http.impl.client.CloseableHttpClient; import java.io.IOException; import java.util.HashMap; import java.util.Map; @Slf4j public class WxPayRefundUtil { /** * 封装微信支付申请退款请求参数 * @param dto 微信支付申请退款请求参数 * @return 封装后的map微信支付申请退款请求参数对象 */ private static Map<String, Object> getRefundParams(WxPayConstants wxPayConstants, WxChatRefundDto dto) { Map<String, Object> paramsMap = new HashMap<>(); if (StringUtils.isNoneBlank(dto.getTransactionId())) { paramsMap.put("transaction_id", dto.getTransactionId()); } else if (StringUtils.isNoneBlank(dto.getOrderId())) { paramsMap.put("out_trade_no", dto.getOrderId()); } else { throw new ServiceException("微信支付订单号和商户订单号必须填写一个"); } paramsMap.put("out_refund_no", dto.getRefundOrderId()); if (StringUtils.isNoneBlank(dto.getReason())) { paramsMap.put("reason", dto.getReason()); } paramsMap.put("notify_url", wxPayConstants.getNotifyDomain().concat(dto.getNotify().getType())); Map<String, Object> amountMap = new HashMap<>(); amountMap.put("refund", dto.getRefundMoney()); amountMap.put("total", dto.getTotalMoney()); amountMap.put("currency", "CNY"); paramsMap.put("amount", amountMap); return paramsMap; } /** * 发起微信退款申请 * * @param wxPayConfig 微信配置信息 * @param param 微信支付申请退款请求参数 * @param wxPayClient 微信请求客户端() * @return 微信支付二维码地址 */ public static String refundPay(WxPayConstants wxPayConfig, WxChatRefundDto param, CloseableHttpClient wxPayClient) { // 1.获取请求参数的Map格式 Map<String, Object> paramsMap = getRefundParams(wxPayConfig, param); // 2.获取请求对象 HttpPost httpPost = WxPayCommon.getHttpPost(wxPayConfig, WxApiConstants.DOMESTIC_REFUNDS, paramsMap); // 3.完成签名并执行请求 CloseableHttpResponse response = null; try { response = wxPayClient.execute(httpPost); } catch (IOException e) { e.printStackTrace(); throw new ServiceException("微信支付请求失败"); } // 4.解析response对象 HashMap<String, String> resultMap = WxPayCommon.resolverResponse(response); log.info("发起退款参数:{}",resultMap); if (resultMap != null) { // 返回微信支付退款单号 return resultMap.get("refund_id"); } return null; } }
- 申请退款使用
@Resource private WxPayConstants wxPayConstants; @Resource private CloseableHttpClient closeableHttpClient; WxChatRefundDto dto = new WxChatRefundDto(); dto.setOrderId(); //订单号 String refundOrderId = IdWorker.getIdStr(); dto.setRefundOrderId(refundOrderId); dto.setNotify(WxNotifyConstants.CAMPUS_CARD_REFUND_NOTIFY); //回调地址 dto.setRefundMoney(new BigDecimal(1));//单位为分 dto.setTotalMoney(new BigDecimal(1));//单位为分 String s = WxPayRefundUtil.refundPay(wxPayConstants, dto, closeableHttpClient);
注意:
1、交易时间超过一年的订单无法提交退款
2、微信支付退款支持单笔交易分多次退款(不超50次),多次退款需要提交原支付订单的商户订单号和设置不同的退款单号。申请退款总>金额不能超过订单金额。一笔退款失败后重新提交,请不要更换退款单号,请使用原商户退款单号
3、错误或无效请求频率限制:6qps,即每秒钟异常或错误的退款申请请求不超过6次
4、每个支付订单的部分退款次数不能超过50次
5、如果同一个用户有多笔退款,建议分不同批次进行退款,避免并发退款导致退款失败
6、申请退款接口的返回仅代表业务的受理情况,具体退款是否成功,需要通过退款查询接口获取结果
7、一个月之前的订单申请退款频率限制为:5000/min
8、同一笔订单多次退款的请求需相隔1分钟
六、微信支付-退款成功回调
- 退款返回数据对象
import cn.hutool.core.date.DateUtil; import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModelProperty; import lombok.Data; import java.math.BigDecimal; import java.util.Date; @Data @ApiModel("微信退款回调参数") public class WxChatCallbackRefundDto { @ApiModelProperty("商户订单号") private String orderId; @ApiModelProperty("商户退款单号,out_refund_no") private String refundId; @ApiModelProperty("微信支付系统生成的订单号") private String transactionId; @ApiModelProperty("微信支付系统生成的退款订单号") private String transactionRefundId; @ApiModelProperty("退款渠道 1.ORIGINAL:原路退款 2.BALANCE:退回到余额 " + "3.OTHER_BALANCE:原账户异常退到其他余额账户 4.OTHER_BANKCARD:原银行卡异常退到其他银行卡") private String channel; @ApiModelProperty("退款成功时间 当前退款成功时才有此返回值") private Date successTime; @ApiModelProperty("退款状态 退款到银行发现用户的卡作废或者冻结了,导致原路退款银行卡失败,可前往商户平台-交易中心,手动处理此笔退款。" + "1.SUCCESS:退款成功 2.CLOSED:退款关闭 3.PROCESSING:退款处理中 4.ABNORMAL:退款异常") private String status; @ApiModelProperty("退款金额") private BigDecimal refundMoney; public Date getSuccessTime() { return successTime; } public void setSuccessTime(String successTime) { // Hutool工具包的方法,自动识别一些常用格式的日期字符串 this.successTime = DateUtil.parse(successTime); } }
- 退款业务处理接口
import com.xxx.project.wx.dto.WxChatCallbackRefundDto; /** * 退款处理接口,为了防止项目开发人员,不手动判断退款失败的情况 * 退款失败:退款到银行发现用户的卡作废或者冻结了,导致原路退款银行卡失败,可前往商户平台-交易中心,手动处理此笔退款 */ public interface WechatRefundCallback { /** * 退款成功处理情况 */ void success(WxChatCallbackRefundDto refundData); /** * 退款失败处理情况 */ void fail(WxChatCallbackRefundDto refundData); }
- 微信退款回调方法
public class HttpUtils{ /** * 将通知参数转化为字符串 * @param request * @return */ public static String readData(HttpServletRequest request) { BufferedReader br = null; try { StringBuilder result = new StringBuilder(); br = request.getReader(); for (String line; (line = br.readLine()) != null; ) { if (result.length() > 0) { result.append("\n"); } result.append(line); } return result.toString(); } catch (IOException e) { throw new RuntimeException(e); } finally { if (br != null) { try { br.close(); } catch (IOException e) { e.printStackTrace(); } } } } }
package com.runerrands.project.wx.util; import com.wechat.pay.contrib.apache.httpclient.auth.Verifier; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import javax.servlet.http.HttpServletRequest; import java.io.IOException; import java.nio.charset.StandardCharsets; import java.time.DateTimeException; import java.time.Duration; import java.time.Instant; import static com.wechat.pay.contrib.apache.httpclient.constant.WechatPayHttpHeaders.*; public class WechatPayValidatorForRequest { protected static final Logger log = LoggerFactory.getLogger(WechatPayValidatorForRequest.class); /** * 应答超时时间,单位为分钟 */ protected static final long RESPONSE_EXPIRED_MINUTES = 5; protected final Verifier verifier; protected final String body; protected final String requestId; public WechatPayValidatorForRequest(Verifier verifier, String body, String requestId) { this.verifier = verifier; this.body = body; this.requestId = requestId; } protected static IllegalArgumentException parameterError(String message, Object... args) { message = String.format(message, args); return new IllegalArgumentException("parameter error: " + message); } protected static IllegalArgumentException verifyFail(String message, Object... args) { message = String.format(message, args); return new IllegalArgumentException("signature verify fail: " + message); } public final boolean validate(HttpServletRequest request) throws IOException { try { validateParameters(request); String message = buildMessage(request); String serial = request.getHeader(WECHAT_PAY_SERIAL); String signature = request.getHeader(WECHAT_PAY_SIGNATURE); if (!verifier.verify(serial, message.getBytes(StandardCharsets.UTF_8), signature)) { throw verifyFail("serial=[%s] message=[%s] sign=[%s], request-id=[%s]", serial, message, signature, request.getHeader(REQUEST_ID)); } } catch (IllegalArgumentException e) { log.warn(e.getMessage()); return false; } return true; } protected final void validateParameters(HttpServletRequest request) { // NOTE: ensure HEADER_WECHAT_PAY_TIMESTAMP at last String[] headers = {WECHAT_PAY_SERIAL, WECHAT_PAY_SIGNATURE, WECHAT_PAY_NONCE, WECHAT_PAY_TIMESTAMP}; String header = null; for (String headerName : headers) { header = request.getHeader(headerName); if (header == null) { throw parameterError("empty [%s], request-id=[%s]", headerName, requestId); } } String timestampStr = header; try { Instant responseTime = Instant.ofEpochSecond(Long.parseLong(timestampStr)); // 拒绝过期应答 if (Duration.between(responseTime, Instant.now()).abs().toMinutes() >= RESPONSE_EXPIRED_MINUTES) { throw parameterError("timestamp=[%s] expires, request-id=[%s]", timestampStr, requestId); } } catch (DateTimeException | NumberFormatException e) { throw parameterError("invalid timestamp=[%s], request-id=[%s]", timestampStr, requestId); } } protected final String buildMessage(HttpServletRequest request) throws IOException { String timestamp = request.getHeader(WECHAT_PAY_TIMESTAMP); String nonce = request.getHeader(WECHAT_PAY_NONCE); return timestamp + "\n" + nonce + "\n" + body + "\n"; } }
import com.google.gson.Gson; import com.xxx.common.exception.ServiceException; import com.xxx.common.utils.http.HttpUtils; import com.xxx.project.wx.constants.WxPayConstants; import com.xxx.project.wx.dto.WxChatCallbackRefundDto; import com.xxx.project.wx.service.WechatRefundCallback; import com.wechat.pay.contrib.apache.httpclient.auth.Verifier; import com.wechat.pay.contrib.apache.httpclient.util.AesUtil; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.math.BigDecimal; import java.nio.charset.StandardCharsets; import java.security.GeneralSecurityException; import java.util.HashMap; import java.util.Map; @Slf4j public class WxPayRefundCallbackUtil { /** * 微信支付申请退款回调方法 * * @param verifier 证书 * @param wxPayConfig 微信配置 * @param refundCallback 回调方法,用于处理业务逻辑,包含退款成功处理于退款失败处理 * @return json格式的string数据,直接返回给微信 */ public static String wxPayRefundCallback(HttpServletRequest request, HttpServletResponse response, Verifier verifier, WxPayConstants wxPayConfig, WechatRefundCallback refundCallback) { Gson gson = new Gson(); // 1.处理通知参数 final String body = HttpUtils.readData(request); HashMap<String, Object> bodyMap = gson.fromJson(body, HashMap.class); // 2.签名验证 WechatPayValidatorForRequest wechatForRequest = new WechatPayValidatorForRequest(verifier, body, (String) bodyMap.get("id")); try { if (!wechatForRequest.validate(request)) { // 通知验签失败 response.setStatus(500); final HashMap<String, Object> map = new HashMap<>(); map.put("code", "ERROR"); map.put("message", "通知验签失败"); return gson.toJson(map); } } catch (Exception e) { e.printStackTrace(); } // 3.获取明文数据 String plainText = decryptFromResource(bodyMap, wxPayConfig); HashMap<String, Object> plainTextMap = gson.fromJson(plainText, HashMap.class); // log.info("退款plainTextMap:{}", plainTextMap); // 4.封装微信返回的数据 WxChatCallbackRefundDto refundData = getRefundCallbackData(plainTextMap); if ("SUCCESS".equals(refundData.getStatus())) { // 执行业务逻辑 refundCallback.success(refundData); } else { // 特殊情况退款失败业务处理,退款到银行发现用户的卡作废或者冻结了,导致原路退款银行卡失败,可前往商户平台-交易中心,手动处理此笔退款 refundCallback.fail(refundData); } // 5.成功应答 response.setStatus(200); final HashMap<String, Object> resultMap = new HashMap<>(); resultMap.put("code", "SUCCESS"); resultMap.put("message", "成功"); return gson.toJson(resultMap); } private static WxChatCallbackRefundDto getRefundCallbackData(HashMap<String, Object> plainTextMap) { Gson gson = new Gson(); WxChatCallbackRefundDto refundData = new WxChatCallbackRefundDto(); String successTime = String.valueOf(plainTextMap.get("success_time")); if (StringUtils.isNoneBlank(successTime)) { refundData.setSuccessTime(successTime); } refundData.setOrderId(String.valueOf(plainTextMap.get("out_trade_no"))); refundData.setRefundId(String.valueOf(plainTextMap.get("out_refund_no"))); refundData.setTransactionId(String.valueOf(plainTextMap.get("transaction_id"))); refundData.setTransactionRefundId(String.valueOf(plainTextMap.get("refund_id"))); refundData.setChannel(String.valueOf(plainTextMap.get("channel"))); final String status = String.valueOf(plainTextMap.get("refund_status")); refundData.setStatus(status); String amount = String.valueOf(plainTextMap.get("amount")); HashMap<String, Object> amountMap = gson.fromJson(amount, HashMap.class); String refundMoney = String.valueOf(amountMap.get("refund")); refundData.setRefundMoney(new BigDecimal(refundMoney).movePointLeft(2)); // log.info("refundData:{}", refundData); return refundData; } /** * 对称解密 */ private static String decryptFromResource(HashMap<String, Object> bodyMap, WxPayConstants wxPayConfig) { // 通知数据 Map<String, String> resourceMap = (Map) bodyMap.get("resource"); // 数据密文 String ciphertext = resourceMap.get("ciphertext"); // 随机串 String nonce = resourceMap.get("nonce"); // 附加数据 String associateData = resourceMap.get("associated_data"); AesUtil aesUtil = new AesUtil(wxPayConfig.getKey().getBytes(StandardCharsets.UTF_8)); try { return aesUtil.decryptToString(associateData.getBytes(StandardCharsets.UTF_8), nonce.getBytes(StandardCharsets.UTF_8), ciphertext); } catch (GeneralSecurityException e) { e.printStackTrace(); throw new ServiceException("解密失败"); } } }
- 回调方法
@Resource private WxPayConstants wxPayConfig; @Resource private Verifier verifier; @ApiOperation("微信退款回调接口") @PostMapping("/refundWechatCallback") public String refundWechatCallback(HttpServletRequest request, HttpServletResponse response) { return WxPayRefundCallbackUtil.wxPayRefundCallback(request, response, verifier, wxPayConfig, new WechatRefundCallback() { @Override public void success(WxChatCallbackRefundDto refundData) { // TODO 退款成功的业务逻辑,例如更改订单状态为退款成功等 System.out.println("退款成功"); } @Override public void fail(WxChatCallbackRefundDto refundData) { // TODO 特殊情况下退款失败业务处理,例如银行卡冻结需要人工退款,此时可以邮件或短信提醒管理员,并携带退款单号等关键信息 System.out.println("退款失败"); } }); }
到此这篇关于SpringBoot整合微信小程序支付V3(支付退款)的文章就介绍到这了,更多相关SpringBoot整合小程序支付V3内容请搜索脚本之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持脚本之家!
相关文章
由ArrayList来深入理解Java中的fail-fast机制
fail-fast俗称快速失败,是在多线程进行迭代操作时产生冲突的一种异常抛出机制,下面我们就由ArrayList来深入理解Java中的fail-fast机制.2016-05-05
最新评论