SpringBoot整合微信小程序支付V3(支付、退款)

一、微信支付-准备工作

微信支付开发前,需要先获取商家信息,包括商户号、AppId、证书和密钥。

  1. 获取商户号
    微信商户平台 申请成为商户 => 提交资料 => 签署协议 => 获取商户号
  2. 获取AppID
    微信公众平台 注册服务号 => 服务号认证 => 获取APPID => 绑定商户号
  3. 申请商户证书
    登录商户平台 => 选择 账户中心 => 安全中心 => API安全 => 申请API证书 包括商户证书和商户私钥
  4. 获取微信的证书
  5. 获取APIv3秘钥(在微信支付回调通知和商户获取平台证书使用APIv3密钥)
    登录商户平台 => 选择 账户中心 => 安全中心 => API安全 => 设置APIv3密钥

二、微信支付-基本配置

1.引入pom.xml

<!--  微信支付 -->
<dependency>
    <groupId>***.github.wechatpay-apiv3</groupId>
    <artifactId>wechatpay-apache-httpclient</artifactId>
    <version>0.4.2</version>
</dependency>

2.配置商户信息、证书、密钥等。将客户端对象构建到Bean中,方便后续使用。
可以采用两种方式
①.配置application.yml

weixin:
  appid: wx*************acx # appid
  mch-serial-no: 3FB18E2*******0127B3*****0053E2 # 证书序列号
  private-key-path: D:\wx\pem\apiclient_key.pem # 证书路径
  mch-id: 16*****801 # 商户号
  key: F8CDeHBc***********2t5nvVeh1 # api秘钥
  domain: https://api.mch.weixin.qq.*** # 微信服务器地址
  notify-domain: https://xw666.mynatapp.*** # 回调,自己的回调地址

然后创建对应的实体

@Configuration
@PropertySource("classpath:application.yml") //读取配置文件
@ConfigurationProperties(prefix = "weixin") //读取wxpay节点
@Data //使用set方法将wxpay节点中的值填充到当前类的属性中
@ApiModel("微信支付静态常量类")
public class WxPayConfig {

    @ApiModelProperty("商户号")
    private String mchId;

    @ApiModelProperty("商户API证书序列号")
    private String mchSerialNo;

    @ApiModelProperty("商户私钥文件")
    private String privateKeyPath;

    @ApiModelProperty("APIv3密钥")
    private String key;

    @ApiModelProperty("APPID")
    private String appid;

    @ApiModelProperty("微信服务器地址")
    private String domain;

    @ApiModelProperty("接收结果通知地址")
    private String notifyDomain;
}

②使用数据库存储,在项目启动时加载到redis中,然后从redis中获取

@Configuration
@Data
@ApiModel("微信支付静态常量类")
public class WxPayConstants {

    @Resource
    private RedisCache redisCache;

    @ApiModelProperty("APPID")
    public String appid;

    @ApiModelProperty("商户API证书序列号")
    public String mchSerialNo;

    @ApiModelProperty("商户私钥文件")
    public String privateKeyPath;

    @ApiModelProperty("商户号")
    public String mchId;

    @ApiModelProperty("APIv3密钥")
    public String key;

    @ApiModelProperty("微信服务器地址")
    public String domain;

    @ApiModelProperty("接收结果通知地址")
    public String notifyDomain;

    @Resource
    public void getParam(RedisCache redisCache){
        appid = redisCache.getCacheObject("WX_PAY_SAVE_WX_APPID");
        mchSerialNo = redisCache.getCacheObject("WX_PAY_SAVE_MCH_SERIAL_NO");
        privateKeyPath = redisCache.getCacheObject("WX_PAY_SAVE_PRIVATE_KEY_PATH");
        mchId = redisCache.getCacheObject("WX_PAY_SAVE_MCH_ID");
        key = redisCache.getCacheObject("WX_PAY_SAVE_KEY");
        domain = redisCache.getCacheObject("WX_PAY_SAVE_DOMAIN");
        notifyDomain = redisCache.getCacheObject("WX_PAY_SAVE_NOTIFY_DOMAIN");
    }
}

这两个实体有几个共同的方法,无论使用哪一个,放到下面即可

    /**
     * 获取商户的私钥文件
     *
     * @param filename 证书地址
     * @return 私钥文件
     */
    public PrivateKey getPrivateKey(String filename) {
        try {
            return PemUtil.loadPrivateKey(new FileInputStream(filename));
        } catch (FileNotFoundException e) {
            throw new ServiceException("私钥文件不存在");
        }
    }


    /**
     * 获取签名验证器
     */
    @Bean
    public Verifier getVerifier() {
        // 获取商户私钥
        final PrivateKey privateKey = getPrivateKey(privateKeyPath);

        // 私钥签名对象
        PrivateKeySigner privateKeySigner = new PrivateKeySigner(mchSerialNo, privateKey);

        // 身份认证对象
        WechatPay2Credentials wechatPay2Credentials = new WechatPay2Credentials(mchId, privateKeySigner);

        // 获取证书管理器实例
        CertificatesManager certificatesManager = CertificatesManager.getInstance();

        try {
            // 向证书管理器增加需要自动更新平台证书的商户信息
            certificatesManager.putMerchant(mchId, wechatPay2Credentials, key.getBytes(StandardCharsets.UTF_8));
        } catch (IOException | GeneralSecurityException | HttpCodeException e) {
            e.printStackTrace();
        }

        try {
            return certificatesManager.getVerifier(mchId);
        } catch (NotFoundException e) {
            e.printStackTrace();
            throw new ServiceException("获取签名验证器失败");
        }
    }

    /**
     * 获取微信支付的远程请求对象
     * @return Http请求对象
     */
    @Bean
    public CloseableHttpClient getWxPayClient() {

        // 获取签名验证器
        Verifier verifier = getVerifier();

        // 获取商户私钥
        final PrivateKey privateKey = getPrivateKey(privateKeyPath);

        WechatPayHttpClientBuilder builder = WechatPayHttpClientBuilder.create().withMerchant(mchId, mchSerialNo, privateKey)
                .withValidator(new WechatPay2Validator(verifier));

        return builder.build();
    }

3.请求地址枚举类(WxApiConstants)

为了防止微信支付的请求地址前缀发生变化,因此请求前缀存储在application.yml中,请求时进行拼接即可。

import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.AllArgsConstructor;
import lombok.Getter;

//为了防止微信支付的请求地址前缀发生变化,因此请求前缀存储在mysql,redis中,请求时进行拼接即可。
@AllArgsConstructor
@Getter
@ApiModel("请求地址")
public enum WxApiConstants {
    
    @ApiModelProperty("Native下单")
    NATIVE_PAY("/v3/pay/transactions/native"),

    @ApiModelProperty("jsapi下单")
    JSAPI_PAY("/v3/pay/transactions/jsapi"),

    @ApiModelProperty("jsapi下单")
    H5_PAY("/v3/pay/transactions/h5"),

    @ApiModelProperty("APP下单")
    APP_PAY("/v3/pay/transactions/app"),

    @ApiModelProperty("查询订单")
    ORDER_QUERY_BY_NO("/v3/pay/transactions/out-trade-no/%s"),

    @ApiModelProperty("关闭订单")
    CLOSE_ORDER_BY_NO("/v3/pay/transactions/out-trade-no/%s/close"),

    @ApiModelProperty("申请退款")
    DOMESTIC_REFUNDS("/v3/refund/domestic/refunds"),

    @ApiModelProperty("查询单笔退款")
    DOMESTIC_REFUNDS_QUERY("/v3/refund/domestic/refunds/%s"),

    @ApiModelProperty("申请交易账单")
    TRADE_BILLS("/v3/bill/tradebill"),

    @ApiModelProperty("申请资金账单")
    FUND_FLOW_BILLS("/v3/bill/fundflowbill");

    @ApiModelProperty("类型")
    private final String type;
}

4.回调地址枚举类(WxChatBasePayDto)

发生请求后微信官方会回调我们传递的地址,这里通过枚举统一管理我们的回调地址,回调地址由application.yml中的
weixin.notify-domain拼接组成。

import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.AllArgsConstructor;
import lombok.Getter;

@Getter
@AllArgsConstructor
@ApiModel("微信回调地址,根据自己的项目来,不要直接照搬")
public enum WxNotifyConstants {
    
    @ApiModelProperty("订单支付通知")
    RUN_ERRANDS_NOTIFY("/wx/order/wxOrderCallBack"),

    @ApiModelProperty("卡支付成功通知")
    CAMPUS_CARD_NOTIFY("/wx/campusCardOrder/wxCampusCardOrderCallBack"),

    @ApiModelProperty("卡退款成功通知")
    CAMPUS_CARD_REFUND_NOTIFY("/wx/campusCardOrder/refundWechatCallback");

    @ApiModelProperty("类型")
    private final String type;
}

5.微信支付基础请求数据对象(WxChatBasePayDto)

import ***.xxx.project.wx.constants.WxNotifyConstants;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;

import java.math.BigDecimal;

@Data
@ApiModel("微信支付基础请求数据对象")
public class WxChatBasePayDto {

    @ApiModelProperty("商品描述")
    private String title;

    @ApiModelProperty("商家订单号,对应 out_trade_no")
    private String orderId;

    @ApiModelProperty("订单金额")
    private BigDecimal price;

    @ApiModelProperty("回调地址")
    private WxNotifyConstants notify;

    @ApiModelProperty("支付用户的openid")
    private String openId;
}

6.将请求参数封装成Map集合(WxPay***mon)

封装完枚举类后,首先就是请求参数的封装,支付类请求参数都非常相近,我们将都需要的参数提取出来以map的方式进行返回。这里的参数,指每个支付类请求都用到的参数,个别支付需要额外添加数据

import ***.google.gson.Gson;
import ***.xxx.***mon.exception.ServiceException;
import ***.xxx.project.wx.constants.WxPayConstants;
import ***.xxx.project.wx.constants.WxApiConstants;
import ***.xxx.project.wx.dto.WxChatBasePayDto;
import lombok.extern.slf4j.Slf4j;
import org.apache.***mons.lang3.StringUtils;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.util.EntityUtils;

import java.io.IOException;
import java.math.BigDecimal;
import java.util.HashMap;
import java.util.Map;
@Slf4j
public class WxPay***mon {

    /**
     * 封装基础通用请求数据
     * @param wxPayConfig 微信的配置文件
     * @param basePayData 微信支付基础请求数据
     * @return 封装后的map对象
     */
    public static Map<String, Object> getBasePayParams(WxPayConstants wxPayConfig, WxChatBasePayDto basePayData) {
        Map<String, Object> paramsMap = new HashMap<>();
        paramsMap.put("appid", wxPayConfig.getAppid());
        paramsMap.put("mchid", wxPayConfig.getMchId());
        // 如果商品名称过长则截取
        String title = basePayData.getTitle().length() > 62 ? basePayData.getTitle().substring(0, 62) : basePayData.getTitle();
        paramsMap.put("description",title);
        paramsMap.put("out_trade_no", basePayData.getOrderId());
        paramsMap.put("notify_url", wxPayConfig.getNotifyDomain().concat(basePayData.getNotify().getType()));
        Map<String, Integer> amountMap = new HashMap<>();
        amountMap.put("total", basePayData.getPrice().multiply(new BigDecimal("100")).intValue());
        paramsMap.put("amount", amountMap);
        return paramsMap;
    }

	/**
     * 获取请求对象(Post请求)
     * @param wxPayConfig 微信配置类
     * @param apiType 接口请求地址
     * @param paramsMap 请求参数
     * @return Post请求对象
     */
    public static HttpPost getHttpPost(WxPayConstants wxPayConfig, WxApiConstants apiType, Map<String, Object> paramsMap) {
        // 1.设置请求地址
        HttpPost httpPost = new HttpPost(wxPayConfig.getDomain().concat(apiType.getType()));

        // 2.设置请求数据
        Gson gson = new Gson();
        String jsonParams = gson.toJson(paramsMap);

        // 3.设置请求信息
        StringEntity entity = new StringEntity(jsonParams, "utf-8");
        entity.setContentType("application/json");
        httpPost.setEntity(entity);
        httpPost.setHeader("A***ept", "application/json");
        return httpPost;
    }

 	/**
     * 解析响应数据
     * @param response 发送请求成功后,返回的数据
     * @return 微信返回的参数
     */
    public static HashMap<String, String> resolverResponse(CloseableHttpResponse response) {
        try {
            // 1.获取请求码
            int statusCode = response.getStatusLine().getStatusCode();
            // 2.获取返回值 String 格式
            final String bodyAsString = EntityUtils.toString(response.getEntity());

            Gson gson = new Gson();
            if (statusCode == 200) {
                // 3.如果请求成功则解析成Map对象返回
                HashMap<String, String> resultMap = gson.fromJson(bodyAsString, HashMap.class);
                return resultMap;
            } else {
                if (StringUtils.isNoneBlank(bodyAsString)) {
                    log.error("微信支付请求失败,提示信息:{}", bodyAsString);
                    // 4.请求码显示失败,则尝试获取提示信息
                    HashMap<String, String> resultMap = gson.fromJson(bodyAsString, HashMap.class);
                    throw new ServiceException(resultMap.get("message"));
                }
                log.error("微信支付请求失败,未查询到原因,提示信息:{}", response);
                // 其他异常,微信也没有返回数据,这就需要具体排查了
                throw new IOException("request failed");
            }
        } catch (Exception e) {
            e.printStackTrace();
            throw new ServiceException(e.getMessage());
        } finally {
            try {
                response.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }
}

7.创建微信支付订单的三种方式(Native,Jsapi,App)

商户Native支付下单接口,微信后台系统返回链接参数code_url,商户后台系统将code_url值生成二维码图片,用户使用微信客户端扫码后发起支付,也就是说后端只需要返回code_url即可。

官方JSAPI支付开发指引
继续在上方WxPay***mon中加入

 /**
 * 创建微信支付订单-Native方式
 *
 * @param wxPayConfig 微信配置信息
 * @param basePayData 基础请求信息,商品标题、商家订单id、订单价格
 * @param wxPayClient 微信请求客户端()
 * @return 微信支付二维码地址
 */
public static String wxNativePay(WxPayConstants wxPayConfig, WxChatBasePayDto basePayData, CloseableHttpClient wxPayClient) {
    // 1.获取请求参数的Map格式
    Map<String, Object> paramsMap = getBasePayParams(wxPayConfig, basePayData);

    // 2.获取请求对象
    HttpPost httpPost = getHttpPost(wxPayConfig, WxApiConstants.NATIVE_PAY, paramsMap);

    // 3.完成签名并执行请求
    CloseableHttpResponse response = null;
    try {
        response = wxPayClient.execute(httpPost);
    } catch (IOException e) {
        e.printStackTrace();
        throw new ServiceException("微信支付请求失败");
    }

    // 4.解析response对象
    HashMap<String, String> resultMap = resolverResponse(response);
    if (resultMap != null) {
        // native请求返回的是二维码链接,前端将链接转换成二维码即可
        return resultMap.get("code_url");
    }
    return null;
}

/**
 * 创建微信支付订单-jsapi方式
 * @param wxPayConfig 微信配置信息
 * @param basePayData 基础请求信息,商品标题、商家订单id、订单价格
 * @param openId 通过微信小程序或者公众号获取到用户的openId
 * @param wxPayClient 微信请求客户端()
 * @return 微信支付二维码地址
 */
public static String wxJsApiPay(WxPayConstants wxPayConfig, WxChatBasePayDto basePayData, String openId, CloseableHttpClient wxPayClient) {
    // 1.获取请求参数的Map格式
    Map<String, Object> paramsMap = getBasePayParams(wxPayConfig, basePayData);
    // 1.1 添加支付者信息
    Map<String,String> payerMap = new HashMap();
    payerMap.put("openid",openId);
    paramsMap.put("payer",payerMap);

    // 2.获取请求对象
    HttpPost httpPost = getHttpPost(wxPayConfig, WxApiConstants.JSAPI_PAY, paramsMap);

    // 3.完成签名并执行请求
    CloseableHttpResponse response = null;
    try {
        response = wxPayClient.execute(httpPost);
    } catch (IOException e) {
        e.printStackTrace();
        throw new ServiceException("微信支付请求失败");
    }

    // 4.解析response对象
    HashMap<String, String> resultMap = resolverResponse(response);
    if (resultMap != null) {
        // native请求返回的是二维码链接,前端将链接转换成二维码即可
        return resultMap.get("prepay_id");
    }
    return null;
}

/**
 * 创建微信支付订单-APP方式
 *
 * @param wxPayConfig 微信配置信息
 * @param basePayData 基础请求信息,商品标题、商家订单id、订单价格
 * @param wxPayClient 微信请求客户端()
 * @return 微信支付二维码地址
 */
public static String wxAppPay(WxPayConstants wxPayConfig, WxChatBasePayDto basePayData, CloseableHttpClient wxPayClient) {
    // 1.获取请求参数的Map格式
    Map<String, Object> paramsMap = getBasePayParams(wxPayConfig, basePayData);

    // 2.获取请求对象
    HttpPost httpPost = getHttpPost(wxPayConfig, WxApiConstants.APP_PAY, paramsMap);

    // 3.完成签名并执行请求
    CloseableHttpResponse response = null;
    try {
        response = wxPayClient.execute(httpPost);
    } catch (IOException e) {
        e.printStackTrace();
        throw new ServiceException("微信支付请求失败");
    }

    // 4.解析response对象
    HashMap<String, String> resultMap = resolverResponse(response);
    if (resultMap != null) {
        // native请求返回的是二维码链接,前端将链接转换成二维码即可
        return resultMap.get("prepay_id");
    }
    return null;
}

8.创建实体存储前端微信支付所需参数(WxChatPayDto)

因为前端拉起微信支付需要多个参数,直接用一个实体返回更便捷

@Data
@ApiModel("前端微信支付所需参数")
public class WxChatPayDto {

    @ApiModelProperty("需要支付的小程序id")
    private String appid;

    @ApiModelProperty("时间戳(当前的时间)")
    private String timeStamp;

    @ApiModelProperty("随机字符串,不长于32位。")
    private String nonceStr;

    @ApiModelProperty("小程序下单接口返回的prepay_id参数值,提交格式如:prepay_id=***")
    private String prepayId;

    @ApiModelProperty("签名类型,默认为RSA,仅支持RSA。")
    private String signType;

    @ApiModelProperty("签名,使用字段appId、timeStamp、nonceStr、package计算得出的签名值")
    private String paySign;

三、微信支付-调起微信支付

设置一个公共方法pay,每次支付可以直接调用

	@Resource
    private WxPayConstants wxPayConfig;
    @Resource
    private CloseableHttpClient wxPayClient;
    
	/**
     * 微信用户调用微信支付
     */
    @Override
    public WxChatPayDto pay(WxChatBasePayDto payData) {

        String prepayId = WxPay***mon.wxJsApiPay(wxPayConfig, payData, payData.getOpenId(), wxPayClient);

        WxChatPayDto wxChatPayDto = new WxChatPayDto();
        wxChatPayDto.setAppid(redisCache.getCacheObject("WX_PAY_SAVE_WX_APPID"));
        wxChatPayDto.setTimeStamp(String.valueOf(System.currentTimeMillis() / 1000));
        wxChatPayDto.setNonceStr(UUID.randomUUID().toString().replaceAll("-", ""));
        wxChatPayDto.setPrepayId("prepay_id=" + prepayId);
        wxChatPayDto.setSignType("RSA");
        wxChatPayDto.setPaySign(getSign(wxChatPayDto.getNonceStr(),wxChatPayDto.getAppid(),wxChatPayDto.getPrepayId(),Long.parseLong(wxChatPayDto.getTimeStamp())));

        return wxChatPayDto;
    }
    /**
     * 获取签名
     * @param nonceStr  随机数
     * @param appId     微信公众号或者小程序等的appid
     * @param prepay_id 预支付交易会话ID
     * @param timestamp 时间戳 10位
     * @return String 新签名
     */
    String getSign(String nonceStr, String appId, String prepay_id, long timestamp) {

        //从下往上依次生成
        String message = buildMessage(appId, timestamp, nonceStr, prepay_id);
        //签名
        try {
            return sign(message.getBytes("utf-8"));
        } catch (IOException e) {
            throw new RuntimeException("签名异常,请检查参数或商户私钥");
        }
    }

    String sign(byte[] message) {
        try {
            //签名方式
            Signature sign = Signature.getInstance("SHA256withRSA");
            //私钥,通过MyPrivateKey来获取,这是个静态类可以接调用方法 ,需要的是_key.pem文件的绝对路径配上文件名
            sign.initSign(PemUtil.loadPrivateKey(new FileInputStream(redisCache.getCacheObject("WX_PAY_SAVE_PRIVATE_KEY_PATH").toString())));
            sign.update(message);
            return Base64.getEncoder().encodeToString(sign.sign());
        } catch (Exception e) {
            throw new RuntimeException("签名异常,请检查参数或商户私钥");
        }
    }

    /**
     * 按照前端签名文档规范进行排序,\n是换行
     *
     * @param nonceStr  随机数
     * @param appId     微信公众号或者小程序等的appid
     * @param prepay_id 预支付交易会话ID
     * @param timestamp 时间戳 10位
     * @return String 新签名
     */
    String buildMessage(String appId, long timestamp, String nonceStr, String prepay_id) {
        return appId + "\n"
                + timestamp + "\n"
                + nonceStr + "\n"
                + prepay_id + "\n";
    }

调用pay,获取前端拉起支付所需要的参数

//支付
WxChatBasePayDto payData = new WxChatBasePayDto();
payData.setTitle("订单支付");
payData.setOrderId(runOrder.getOrderNumber());
payData.setPrice(new BigDecimal(0.01));
payData.setNotify(WxNotifyConstants.RUN_ERRANDS_NOTIFY);
payData.setOpenId(runOrder.getOpenId());
WxChatPayDto pay = pay(payData);

给前端直接返回pay这个参数,前端通过里面的参数拉起支付

JSAPI调起支付API

四、微信支付-成功回调

同样的通知可能会多次发送给商户系统。商户系统必须能够正确处理重复的通知。 推荐的做法是,当商户系统收到通知进行处理时,先检查对应业务数据的状态,并判断该通知是否已经处理。如果未处理,则再进行处理;如果已处理,则直接返回结果成功。在对业务数据进行状态检查和处理之前,要采用数据锁进行并发控制,以避免函数重入造成的数据混乱。
如果在所有通知频率后没有收到微信侧回调,商户应调用查询订单接口确认订单状态。

特别提醒:商户系统对于开启结果通知的内容一定要做签名验证,并校验通知的信息是否与商户侧的信息一致,防止数据泄露导致出现“假通知”,造成资金损失。

该链接是通过基础下单接口中的请求参数“notify_url”来设置的,要求必须为https地址。请确保回调URL是外部可正常访问的,且不能携带后缀参数,否则可能导致商户无法接收到微信的回调通知信息。

import ***.alibaba.fastjson.JSONObject;
import ***.xxx.framework.redis.RedisCache;
import ***.wechat.pay.contrib.apache.httpclient.auth.Verifier;
import ***.wechat.pay.contrib.apache.httpclient.util.AesUtil;
import org.springframework.stereotype.***ponent;

import javax.annotation.Resource;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.util.HashMap;
import java.util.Map;
import java.util.stream.Collectors;
import java.util.stream.Stream;

/**
 * 微信支付回调工具类
 */
@***ponent
public class WxPayCallbackUtil {

    @Resource
    private RedisCache redisCache;
    @Resource
    private Verifier verifier;

    /**
     * 获取回调数据
     * @param request
     * @param response
     * @return
     */
    public Map<String, String> wxChatPayCallback(HttpServletRequest request, HttpServletResponse response) {

        //获取报文
        String body = getRequestBody(request);

        //随机串
        String nonceStr = request.getHeader("Wechatpay-Nonce");

        //微信传递过来的签名
        String signature = request.getHeader("Wechatpay-Signature");

        //证书序列号(微信平台)
        String serialNo = request.getHeader("Wechatpay-Serial");

        //时间戳
        String timestamp = request.getHeader("Wechatpay-Timestamp");

        //构造签名串  应答时间戳\n,应答随机串\n,应答报文主体\n
        String signStr = Stream.of(timestamp, nonceStr, body).collect(Collectors.joining("\n", "", "\n"));

        Map<String, String> map = new HashMap<>(2);
        try {
            //验证签名是否通过
            boolean result = verifiedSign(serialNo, signStr, signature);
            if(result){
                //解密数据
                String plainBody = decryptBody(body);
                return convertWechatPayMsgToMap(plainBody);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return map;
    }

    /**
     * 转换body为map
     * @param plainBody
     * @return
     */
    public Map<String,String> convertWechatPayMsgToMap(String plainBody){

        Map<String,String> paramsMap = new HashMap<>(2);

        JSONObject jsonObject = JSONObject.parseObject(plainBody);

        //商户订单号
        paramsMap.put("out_trade_no",jsonObject.getString("out_trade_no"));

        //交易状态
        paramsMap.put("trade_state",jsonObject.getString("trade_state"));

        //附加数据
        paramsMap.put("attach",jsonObject.getString("attach"));
        if (jsonObject.getJSONObject("attach") != null && !jsonObject.getJSONObject("attach").equals("")){
            paramsMap.put("a***ount_no",jsonObject.getJSONObject("attach").getString("a***ountNo"));
        }
        return paramsMap;

    }

    /**
     * 解密body的密文
     *
     * "resource": {
     *         "original_type": "transaction",
     *         "algorithm": "AEAD_AES_256_GCM",
     *         "ciphertext": "",
     *         "associated_data": "",
     *         "nonce": ""
     *     }
     *
     * @param body
     * @return
     */
    public String decryptBody(String body) throws UnsupportedEncodingException, GeneralSecurityException {
        AesUtil aesUtil = new AesUtil(redisCache.getCacheObject("WX_PAY_SAVE_KEY").toString().getBytes("utf-8"));
        JSONObject object = JSONObject.parseObject(body);
        JSONObject resource = object.getJSONObject("resource");
        String ciphertext = resource.getString("ciphertext");
        String associatedData = resource.getString("associated_data");
        String nonce = resource.getString("nonce");
        return aesUtil.decryptToString(associatedData.getBytes("utf-8"),nonce.getBytes("utf-8"),ciphertext);
    }

    /**
     * 验证签名
     *
     * @param serialNo  微信平台-证书序列号
     * @param signStr   自己组装的签名串
     * @param signature 微信返回的签名
     * @return
     * @throws UnsupportedEncodingException
     */
    public boolean verifiedSign(String serialNo, String signStr, String signature) throws UnsupportedEncodingException {
        return verifier.verify(serialNo, signStr.getBytes("utf-8"), signature);
    }

    /**
     * 读取请求数据流
     *
     * @param request
     * @return
     */
    public String getRequestBody(HttpServletRequest request) {
        StringBuffer sb = new StringBuffer();
        try (ServletInputStream inputStream = request.getInputStream();
             BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream));
        ) {
            String line;
            while ((line = reader.readLine()) != null) {
                sb.append(line);
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
        return sb.toString();

    }
}

支付成功后的回调方法

	 /**
     * 订单支付后回调
     */
    @Override
    public Map<String, String> wxOrderCallBack(HttpServletRequest request, HttpServletResponse response) {
        Map<String, String> map = new HashMap<>(2);
        try {
            Map<String, String> stringMap = wxPayCallbackUtil.wxChatPayCallback(request, response);
            //支付成功
            if (stringMap.get("trade_state").equals("SU***ESS")){
                //编写支付成功后逻辑
            }
            //响应微信
            map.put("code", "SU***ESS");
            map.put("message", "成功");
        } catch (Exception e) {
            e.printStackTrace();
        }
        return map;
    }

五、微信支付-申请退款

  1. 申请退款请求对象

微信支付订单号,微信支付订单号和商家订单号二选一,这个是必不可少的,原订单金额也是必填的,微信会做二次验证。

@Data
@ApiModel("微信退款对象")
public class WxChatRefundDto {

    @ApiModelProperty("微信支付订单号,微信支付订单号和商家订单号二选一")
    private String transactionId;

    @ApiModelProperty("商家订单号,对应 out_trade_no")
    private String orderId;

    @ApiModelProperty("商户退款单号,对应out_refund_no")
    private String refundOrderId;

    @ApiModelProperty("退款原因,选填")
    private String reason;

    @ApiModelProperty("回调地址")
    private WxNotifyConstants notify;

    @ApiModelProperty("退款金额")
    private BigDecimal refundMoney;

    @ApiModelProperty("原订单金额,必填")
    private BigDecimal totalMoney;
  1. 将请求参数封装成Map集合
import ***.xxx.***mon.exception.ServiceException;
import ***.xxx.project.wx.constants.WxApiConstants;
import ***.xxx.project.wx.constants.WxPayConstants;
import ***.xxx.project.wx.dto.WxChatRefundDto;
import lombok.extern.slf4j.Slf4j;
import org.apache.***mons.lang3.StringUtils;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

@Slf4j
public class WxPayRefundUtil {

    /**
     * 封装微信支付申请退款请求参数
     * @param dto 微信支付申请退款请求参数
     * @return 封装后的map微信支付申请退款请求参数对象
     */
    private static Map<String, Object> getRefundParams(WxPayConstants wxPayConstants, WxChatRefundDto dto) {
        Map<String, Object> paramsMap = new HashMap<>();
        if (StringUtils.isNoneBlank(dto.getTransactionId())) {
            paramsMap.put("transaction_id", dto.getTransactionId());
        } else if (StringUtils.isNoneBlank(dto.getOrderId())) {
            paramsMap.put("out_trade_no", dto.getOrderId());
        } else {
            throw new ServiceException("微信支付订单号和商户订单号必须填写一个");
        }
        paramsMap.put("out_refund_no", dto.getRefundOrderId());
        if (StringUtils.isNoneBlank(dto.getReason())) {
            paramsMap.put("reason", dto.getReason());
        }
        paramsMap.put("notify_url", wxPayConstants.getNotifyDomain().concat(dto.getNotify().getType()));
        Map<String, Object> amountMap = new HashMap<>();
        amountMap.put("refund", dto.getRefundMoney());
        amountMap.put("total", dto.getTotalMoney());
        amountMap.put("currency", "***Y");
        paramsMap.put("amount", amountMap);

        return paramsMap;
    }

    /**
     * 发起微信退款申请
     *
     * @param wxPayConfig 微信配置信息
     * @param param       微信支付申请退款请求参数
     * @param wxPayClient 微信请求客户端()
     * @return 微信支付二维码地址
     */
    public static String refundPay(WxPayConstants wxPayConfig, WxChatRefundDto param, CloseableHttpClient wxPayClient) {
        // 1.获取请求参数的Map格式
        Map<String, Object> paramsMap = getRefundParams(wxPayConfig, param);

        // 2.获取请求对象
        HttpPost httpPost = WxPay***mon.getHttpPost(wxPayConfig, WxApiConstants.DOMESTIC_REFUNDS, paramsMap);

        // 3.完成签名并执行请求
        CloseableHttpResponse response = null;
        try {
            response = wxPayClient.execute(httpPost);
        } catch (IOException e) {
            e.printStackTrace();
            throw new ServiceException("微信支付请求失败");
        }

        // 4.解析response对象
        HashMap<String, String> resultMap = WxPay***mon.resolverResponse(response);
        log.info("发起退款参数:{}",resultMap);
        if (resultMap != null) {
            // 返回微信支付退款单号
            return resultMap.get("refund_id");
        }
        return null;
    }
}
  1. 申请退款使用
@Resource
private WxPayConstants wxPayConstants;
@Resource
private CloseableHttpClient closeableHttpClient;


WxChatRefundDto dto = new WxChatRefundDto();
dto.setOrderId(); //订单号
String refundOrderId = IdWorker.getIdStr();
dto.setRefundOrderId(refundOrderId);
dto.setNotify(WxNotifyConstants.CAMPUS_CARD_REFUND_NOTIFY); //回调地址
dto.setRefundMoney(new BigDecimal(1));//单位为分
dto.setTotalMoney(new BigDecimal(1));//单位为分
String s = WxPayRefundUtil.refundPay(wxPayConstants, dto, closeableHttpClient);

注意:

1、交易时间超过一年的订单无法提交退款
2、微信支付退款支持单笔交易分多次退款(不超50次),多次退款需要提交原支付订单的商户订单号和设置不同的退款单号。申请退款总>金额不能超过订单金额。一笔退款失败后重新提交,请不要更换退款单号,请使用原商户退款单号
3、错误或无效请求频率限制:6qps,即每秒钟异常或错误的退款申请请求不超过6次
4、每个支付订单的部分退款次数不能超过50次
5、如果同一个用户有多笔退款,建议分不同批次进行退款,避免并发退款导致退款失败
6、申请退款接口的返回仅代表业务的受理情况,具体退款是否成功,需要通过退款查询接口获取结果
7、一个月之前的订单申请退款频率限制为:5000/min
8、同一笔订单多次退款的请求需相隔1分钟

六、微信支付-退款成功回调

  1. 退款返回数据对象
import ***.hutool.core.date.DateUtil;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;

import java.math.BigDecimal;
import java.util.Date;

@Data
@ApiModel("微信退款回调参数")
public class WxChatCallbackRefundDto {

    @ApiModelProperty("商户订单号")
    private String orderId;

    @ApiModelProperty("商户退款单号,out_refund_no")
    private String refundId;

    @ApiModelProperty("微信支付系统生成的订单号")
    private String transactionId;

    @ApiModelProperty("微信支付系统生成的退款订单号")
    private String transactionRefundId;

    @ApiModelProperty("退款渠道 1.ORIGINAL:原路退款 2.BALANCE:退回到余额 " +
            "3.OTHER_BALANCE:原账户异常退到其他余额账户 4.OTHER_BANKCARD:原银行卡异常退到其他银行卡")
    private String 	channel;

    @ApiModelProperty("退款成功时间 当前退款成功时才有此返回值")
    private Date su***essTime;

    @ApiModelProperty("退款状态  退款到银行发现用户的卡作废或者冻结了,导致原路退款银行卡失败,可前往商户平台-交易中心,手动处理此笔退款。" +
            "1.SU***ESS:退款成功 2.CLOSED:退款关闭 3.PROCESSING:退款处理中 4.ABNORMAL:退款异常")
    private String 	status;

    @ApiModelProperty("退款金额")
    private BigDecimal refundMoney;

    public Date getSu***essTime() {
        return su***essTime;
    }

    public void setSu***essTime(String su***essTime) {
        // Hutool工具包的方法,自动识别一些常用格式的日期字符串
        this.su***essTime = DateUtil.parse(su***essTime);
    }

}
  1. 退款业务处理接口
import ***.xxx.project.wx.dto.WxChatCallbackRefundDto;

/**
 * 退款处理接口,为了防止项目开发人员,不手动判断退款失败的情况
 * 退款失败:退款到银行发现用户的卡作废或者冻结了,导致原路退款银行卡失败,可前往商户平台-交易中心,手动处理此笔退款
 */
public interface WechatRefundCallback {

    /**
     * 退款成功处理情况
     */
    void su***ess(WxChatCallbackRefundDto refundData);

    /**
     * 退款失败处理情况
     */
    void fail(WxChatCallbackRefundDto refundData);
}
  1. 微信退款回调方法
public class HttpUtils{
	/**
     * 将通知参数转化为字符串
     * @param request
     * @return
     */
    public static String readData(HttpServletRequest request) {
        BufferedReader br = null;
        try {
            StringBuilder result = new StringBuilder();
            br = request.getReader();
            for (String line; (line = br.readLine()) != null; ) {
                if (result.length() > 0) {
                    result.append("\n");
                }
                result.append(line);
            }
            return result.toString();
        } catch (IOException e) {
            throw new RuntimeException(e);
        } finally {
            if (br != null) {
                try {
                    br.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
        }
    }
}
package ***.runerrands.project.wx.util;

import ***.wechat.pay.contrib.apache.httpclient.auth.Verifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.time.DateTimeException;
import java.time.Duration;
import java.time.Instant;

import static ***.wechat.pay.contrib.apache.httpclient.constant.WechatPayHttpHeaders.*;

public class WechatPayValidatorForRequest {

    protected static final Logger log = LoggerFactory.getLogger(WechatPayValidatorForRequest.class);
    /**
     * 应答超时时间,单位为分钟
     */
    protected static final long RESPONSE_EXPIRED_MINUTES = 5;
    protected final Verifier verifier;
    protected final String body;
    protected final String requestId;

    public WechatPayValidatorForRequest(Verifier verifier, String body, String requestId) {
        this.verifier = verifier;
        this.body = body;
        this.requestId = requestId;
    }

    protected static IllegalArgumentException parameterError(String message, Object... args) {
        message = String.format(message, args);
        return new IllegalArgumentException("parameter error: " + message);
    }

    protected static IllegalArgumentException verifyFail(String message, Object... args) {
        message = String.format(message, args);
        return new IllegalArgumentException("signature verify fail: " + message);
    }

    public final boolean validate(HttpServletRequest request) throws IOException {
        try {
            validateParameters(request);

            String message = buildMessage(request);
            String serial = request.getHeader(WECHAT_PAY_SERIAL);
            String signature = request.getHeader(WECHAT_PAY_SIGNATURE);

            if (!verifier.verify(serial, message.getBytes(StandardCharsets.UTF_8), signature)) {
                throw verifyFail("serial=[%s] message=[%s] sign=[%s], request-id=[%s]",
                        serial, message, signature, request.getHeader(REQUEST_ID));
            }
        } catch (IllegalArgumentException e) {
            log.warn(e.getMessage());
            return false;
        }

        return true;
    }

    protected final void validateParameters(HttpServletRequest request) {

        // NOTE: ensure HEADER_WECHAT_PAY_TIMESTAMP at last
        String[] headers = {WECHAT_PAY_SERIAL, WECHAT_PAY_SIGNATURE, WECHAT_PAY_NONCE, WECHAT_PAY_TIMESTAMP};

        String header = null;
        for (String headerName : headers) {
            header = request.getHeader(headerName);
            if (header == null) {
                throw parameterError("empty [%s], request-id=[%s]", headerName, requestId);
            }
        }

        String timestampStr = header;
        try {
            Instant responseTime = Instant.ofEpochSecond(Long.parseLong(timestampStr));
            // 拒绝过期应答
            if (Duration.between(responseTime, Instant.now()).abs().toMinutes() >= RESPONSE_EXPIRED_MINUTES) {
                throw parameterError("timestamp=[%s] expires, request-id=[%s]", timestampStr, requestId);
            }
        } catch (DateTimeException | NumberFormatException e) {
            throw parameterError("invalid timestamp=[%s], request-id=[%s]", timestampStr, requestId);
        }
    }

    protected final String buildMessage(HttpServletRequest request) throws IOException {
        String timestamp = request.getHeader(WECHAT_PAY_TIMESTAMP);
        String nonce = request.getHeader(WECHAT_PAY_NONCE);
        return timestamp + "\n"
                + nonce + "\n"
                + body + "\n";
    }
}


import ***.google.gson.Gson;
import ***.xxx.***mon.exception.ServiceException;
import ***.xxx.***mon.utils.http.HttpUtils;
import ***.xxx.project.wx.constants.WxPayConstants;
import ***.xxx.project.wx.dto.WxChatCallbackRefundDto;
import ***.xxx.project.wx.service.WechatRefundCallback;
import ***.wechat.pay.contrib.apache.httpclient.auth.Verifier;
import ***.wechat.pay.contrib.apache.httpclient.util.AesUtil;
import lombok.extern.slf4j.Slf4j;
import org.apache.***mons.lang3.StringUtils;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.math.BigDecimal;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.HashMap;
import java.util.Map;

@Slf4j
public class WxPayRefundCallbackUtil {

    /**
     * 微信支付申请退款回调方法
     *
     * @param verifier       证书
     * @param wxPayConfig    微信配置
     * @param refundCallback 回调方法,用于处理业务逻辑,包含退款成功处理于退款失败处理
     * @return json格式的string数据,直接返回给微信
     */
    public static String wxPayRefundCallback(HttpServletRequest request, HttpServletResponse response, Verifier verifier, WxPayConstants wxPayConfig, WechatRefundCallback refundCallback) {
        Gson gson = new Gson();

        // 1.处理通知参数
        final String body = HttpUtils.readData(request);
        HashMap<String, Object> bodyMap = gson.fromJson(body, HashMap.class);

        // 2.签名验证
        WechatPayValidatorForRequest wechatForRequest = new WechatPayValidatorForRequest(verifier, body, (String) bodyMap.get("id"));
        try {

            if (!wechatForRequest.validate(request)) {
                // 通知验签失败
                response.setStatus(500);
                final HashMap<String, Object> map = new HashMap<>();
                map.put("code", "ERROR");
                map.put("message", "通知验签失败");
                return gson.toJson(map);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }

        // 3.获取明文数据
        String plainText = decryptFromResource(bodyMap, wxPayConfig);
        HashMap<String, Object> plainTextMap = gson.fromJson(plainText, HashMap.class);
//        log.info("退款plainTextMap:{}", plainTextMap);
        // 4.封装微信返回的数据
        WxChatCallbackRefundDto refundData = getRefundCallbackData(plainTextMap);

        if ("SU***ESS".equals(refundData.getStatus())) {
            // 执行业务逻辑
            refundCallback.su***ess(refundData);
        } else {
            // 特殊情况退款失败业务处理,退款到银行发现用户的卡作废或者冻结了,导致原路退款银行卡失败,可前往商户平台-交易中心,手动处理此笔退款
            refundCallback.fail(refundData);
        }

        // 5.成功应答
        response.setStatus(200);
        final HashMap<String, Object> resultMap = new HashMap<>();
        resultMap.put("code", "SU***ESS");
        resultMap.put("message", "成功");
        return gson.toJson(resultMap);
    }

    private static WxChatCallbackRefundDto getRefundCallbackData(HashMap<String, Object> plainTextMap) {
        Gson gson = new Gson();
        WxChatCallbackRefundDto refundData = new WxChatCallbackRefundDto();
        String su***essTime = String.valueOf(plainTextMap.get("su***ess_time"));
        if (StringUtils.isNoneBlank(su***essTime)) {
            refundData.setSu***essTime(su***essTime);
        }
        refundData.setOrderId(String.valueOf(plainTextMap.get("out_trade_no")));
        refundData.setRefundId(String.valueOf(plainTextMap.get("out_refund_no")));
        refundData.setTransactionId(String.valueOf(plainTextMap.get("transaction_id")));
        refundData.setTransactionRefundId(String.valueOf(plainTextMap.get("refund_id")));
        refundData.setChannel(String.valueOf(plainTextMap.get("channel")));
        final String status = String.valueOf(plainTextMap.get("refund_status"));
        refundData.setStatus(status);
        String amount = String.valueOf(plainTextMap.get("amount"));
        HashMap<String, Object> amountMap = gson.fromJson(amount, HashMap.class);
        String refundMoney = String.valueOf(amountMap.get("refund"));
        refundData.setRefundMoney(new BigDecimal(refundMoney).movePointLeft(2));
//        log.info("refundData:{}", refundData);
        return refundData;
    }

    /**
     * 对称解密
     */
    private static String decryptFromResource(HashMap<String, Object> bodyMap, WxPayConstants wxPayConfig) {
        // 通知数据
        Map<String, String> resourceMap = (Map) bodyMap.get("resource");
        // 数据密文
        String ciphertext = resourceMap.get("ciphertext");
        // 随机串
        String nonce = resourceMap.get("nonce");
        // 附加数据
        String associateData = resourceMap.get("associated_data");
        AesUtil aesUtil = new AesUtil(wxPayConfig.getKey().getBytes(StandardCharsets.UTF_8));
        try {
            return aesUtil.decryptToString(associateData.getBytes(StandardCharsets.UTF_8), nonce.getBytes(StandardCharsets.UTF_8), ciphertext);
        } catch (GeneralSecurityException e) {
            e.printStackTrace();
            throw new ServiceException("解密失败");
        }
    }

}

  1. 回调方法
@Resource
private WxPayConstants wxPayConfig;
@Resource
private Verifier verifier;
@ApiOperation("微信退款回调接口")
    @PostMapping("/refundWechatCallback")
    public String refundWechatCallback(HttpServletRequest request, HttpServletResponse response) {
        return WxPayRefundCallbackUtil.wxPayRefundCallback(request, response, verifier, wxPayConfig, new WechatRefundCallback() {
            @Override
            public void su***ess(WxChatCallbackRefundDto refundData) {
                // TODO 退款成功的业务逻辑,例如更改订单状态为退款成功等
               System.out.println("退款成功");
            }

            @Override
            public void fail(WxChatCallbackRefundDto refundData) {
                // TODO 特殊情况下退款失败业务处理,例如银行卡冻结需要人工退款,此时可以邮件或短信提醒管理员,并携带退款单号等关键信息
                System.out.println("退款失败");
            }
        });
    }

七、demo

wx_pay_demo

转载请说明出处内容投诉
CSS教程_站长资源网 » SpringBoot整合微信小程序支付V3(支付、退款)

发表评论

欢迎 访客 发表评论

一个令你着迷的主题!

查看演示 官网购买