| package com.ruoyi.errand.utils.wx; | 
|   | 
|   | 
| import com.alibaba.fastjson2.JSON; | 
| import com.ruoyi.common.core.domain.R; | 
| import com.ruoyi.errand.utils.MD5AndKL; | 
| import org.bouncycastle.jce.provider.BouncyCastleProvider; | 
|   | 
| import org.dom4j.DocumentException; | 
| import org.springframework.beans.factory.annotation.Autowired; | 
| import org.springframework.stereotype.Service; | 
| import org.springframework.util.StringUtils; | 
| import sun.security.util.DerInputStream; | 
| import sun.security.util.DerValue; | 
|   | 
| import javax.crypto.BadPaddingException; | 
| import javax.crypto.Cipher; | 
| import javax.crypto.IllegalBlockSizeException; | 
| import javax.crypto.NoSuchPaddingException; | 
| import javax.crypto.spec.SecretKeySpec; | 
| import javax.net.ssl.HttpsURLConnection; | 
| import javax.net.ssl.KeyManagerFactory; | 
| import javax.net.ssl.SSLContext; | 
| import javax.servlet.http.HttpServletRequest; | 
| import java.io.*; | 
| import java.math.BigDecimal; | 
| import java.math.BigInteger; | 
| import java.net.InetAddress; | 
| import java.net.URL; | 
| import java.net.UnknownHostException; | 
| import java.nio.charset.StandardCharsets; | 
| import java.nio.file.Files; | 
| import java.nio.file.Path; | 
| import java.nio.file.Paths; | 
| import java.security.*; | 
| import java.security.spec.RSAPublicKeySpec; | 
| import java.util.*; | 
|   | 
| /** | 
|  * 微信支付服务类 | 
|  */ | 
| @Service | 
| public class WechatPayService { | 
|   | 
|     @Autowired | 
|     private WechatPayConfig wechatPayConfig; | 
|     private static final String RSA_PUBLIC_KEY_FILENAME = "wechat_rsa_public_key.pem"; | 
|     private static final String CERT_FOLDER = "cert/"; | 
|     /** | 
|      * 统一下单 | 
|      * @param orderNumber 订单号 | 
|      * @param totalFee 总金额(分) | 
|      * @param body 商品描述 | 
|      * @param openid 用户openid | 
|      * @return 预支付订单信息 | 
|      */ | 
|     public R unifiedOrder(String orderId,String orderNumber, String totalFee, String body, String openid, String callbackPath) throws Exception { | 
|         int i = new BigDecimal(totalFee).multiply(new BigDecimal("100")).intValue(); | 
|         String hostAddress = null; | 
|         try { | 
|             hostAddress = InetAddress.getLocalHost().getHostAddress(); | 
|         } catch (UnknownHostException e) { | 
|             e.printStackTrace(); | 
|         } | 
|         // 构建请求参数 | 
|         Map<String, String> params = new HashMap<>(); | 
|         params.put("appid", wechatPayConfig.getAppId()); | 
|         params.put("mch_id", wechatPayConfig.getMchId()); | 
|         params.put("nonce_str", generateNonceStr()); | 
|         params.put("body", body); | 
|         params.put("out_trade_no", orderNumber); | 
|         params.put("total_fee", String.valueOf(i) ); | 
|         params.put("spbill_create_ip", "221.182.45.100"); // 实际应用中应获取客户端IP | 
|         params.put("notify_url", wechatPayConfig.getCallbackPath()+callbackPath); | 
|         params.put("trade_type", "JSAPI"); | 
|         params.put("openid", openid); | 
|   | 
|         // 生成签名 | 
|         String sign = weixinSignature(params); | 
|         params.put("sign", sign); | 
|   | 
|         // 将参数转换为XML | 
|         String xmlParams = XMLUtil.mapToXml(params).replaceFirst("^<\\?xml.+?\\?>\\s*", ""); | 
|   | 
|         // 发送请求到微信支付统一下单接口 | 
|         String url = "https://api.mch.weixin.qq.com/pay/unifiedorder"; | 
|         String result = HttpUtil.post(url, xmlParams); | 
|   | 
|         // 解析返回结果 | 
|         Map<String, String> resultMap = XMLUtil.xmlToMap(result); | 
|   | 
|         // 验证签名 | 
|         if (!verifySign(resultMap, wechatPayConfig.getKey())) { | 
|             return R.fail("微信支付签名验证失败"); | 
| //            throw new Exception("微信支付签名验证失败"); | 
|         } | 
|         if (!resultMap.get("return_code").equals("SUCCESS")) { | 
|             return R.fail(resultMap.get("return_msg")); | 
|         } | 
|   | 
|         // 构建小程序支付所需参数 | 
|         Map<String, String> payParams = new HashMap<>(); | 
|         payParams.put("appId", wechatPayConfig.getAppId()); | 
|         payParams.put("timeStamp", String.valueOf(System.currentTimeMillis() / 1000)); | 
|         payParams.put("nonceStr", generateNonceStr()); | 
|         payParams.put("package", "prepay_id=" + resultMap.get("prepay_id")); | 
|         payParams.put("signType", "MD5"); | 
|   | 
|         // 生成支付签名 | 
|         String paySign = weixinSignature(payParams); | 
|         payParams.put("paySign", paySign); | 
|   | 
|         //给前端标识 | 
| //        payParams.put("payMethod","1"); | 
|         payParams.put("orderId", orderId); | 
|         return R.ok(JSON.toJSONString(payParams)); | 
|     } | 
|     /** | 
|      * 微信下单的签名算法 | 
|      * @param map | 
|      * @return | 
|      */ | 
|     private String weixinSignature(Map<String, String> map){ | 
|         try { | 
|             Set<Map.Entry<String, String>> entries = map.entrySet(); | 
|             List<Map.Entry<String, String>> infoIds = new ArrayList<Map.Entry<String, String>>(entries); | 
|             // 对所有传入参数按照字段名的 ASCII 码从小到大排序(字典序) | 
|             Collections.sort(infoIds, new Comparator<Map.Entry<String, String>>() { | 
|                 public int compare(Map.Entry<String, String> o1, Map.Entry<String, String> o2) { | 
|                     return (o1.getKey()).toString().compareTo(o2.getKey()); | 
|                 } | 
|             }); | 
|             // 构造签名键值对的格式 | 
|             StringBuilder sb = new StringBuilder(); | 
|             for (Map.Entry<String, String> item : infoIds) { | 
|                 if (item.getKey() != null || item.getKey() != "") { | 
|                     String key = item.getKey(); | 
|                     Object val = item.getValue(); | 
|                     if (!(val == "" || val == null)) { | 
|                         sb.append(key + "=" + val + "&"); | 
|                     } | 
|                 } | 
|             } | 
|             sb.append("key=" + wechatPayConfig.getKey()); | 
|             String sign = MD5AndKL.MD5Encode(sb.toString(), "UTF-8").toUpperCase(); //注:MD5签名方式 | 
|             return sign; | 
|         } catch (Exception e) { | 
|             e.printStackTrace(); | 
|         } | 
|         return null; | 
|     } | 
|   | 
|     /** | 
|      * 处理支付结果通知 | 
|      * @param request HTTP请求 | 
|      * @return 处理结果 | 
|      */ | 
|     public PayResult processNotify(HttpServletRequest request) throws Exception { | 
|         // 读取请求内容 | 
|         BufferedReader br = new BufferedReader(new InputStreamReader(request.getInputStream(), StandardCharsets.UTF_8)); | 
|         String line; | 
|         StringBuilder xml = new StringBuilder(); | 
|         while ((line = br.readLine()) != null) { | 
|             xml.append(line); | 
|         } | 
|         br.close(); | 
|   | 
|         // 解析XML | 
|         Map<String, String> resultMap = XMLUtil.xmlToMap(xml.toString()); | 
|   | 
|         // 验证签名 | 
|         if (!verifySign(resultMap, wechatPayConfig.getKey())) { | 
|             throw new Exception("微信支付签名验证失败"); | 
|         } | 
|   | 
|         // 验证支付结果 | 
|         if (!"SUCCESS".equals(resultMap.get("return_code")) || !"SUCCESS".equals(resultMap.get("result_code"))) { | 
|             throw new Exception("微信支付结果异常"); | 
|         } | 
|   | 
|         // 处理业务逻辑 | 
|         PayResult payResult = new PayResult(); | 
|         payResult.setOrderNumber(resultMap.get("out_trade_no")); | 
|         payResult.setTransactionId(resultMap.get("transaction_id")); | 
|         payResult.setTotalFee(resultMap.get("total_fee")); | 
|   | 
|         return payResult; | 
|     } | 
|   | 
|     /** | 
|      * 生成随机字符串 | 
|      */ | 
|     private String generateNonceStr() { | 
|         return UUID.randomUUID().toString().replaceAll("-", "").substring(0, 32); | 
|     } | 
|   | 
|     /** | 
|      * 微信支付API V2签名算法 | 
|      * @param params 请求参数 | 
|      * @param apiKey 商户API密钥 | 
|      * @return 签名结果 | 
|      */ | 
|     public static String generateSign(Map<String, String> params, String apiKey) throws Exception { | 
|         // 1. 过滤空值参数 | 
|         Map<String, String> filteredParams = new HashMap<>(); | 
|         for (Map.Entry<String, String> entry : params.entrySet()) { | 
|             String key = entry.getKey(); | 
|             String value = entry.getValue(); | 
|             // 排除sign字段和空值字段 | 
|             if (!"sign".equals(key) && value != null && !value.isEmpty()) { | 
|                 filteredParams.put(key, value); | 
|             } | 
|         } | 
|   | 
|         // 2. 按照ASCII码排序参数名 | 
|         List<String> keys = new ArrayList<>(filteredParams.keySet()); | 
|         Collections.sort(keys); | 
|   | 
|         // 3. 构建签名原始字符串 | 
|         StringBuilder sb = new StringBuilder(); | 
|         for (String key : keys) { | 
|             String value = filteredParams.get(key); | 
|             sb.append(key).append("=").append(value).append("&"); | 
|         } | 
|   | 
|         // 4. 添加API密钥 | 
|         sb.append("key=").append(apiKey); | 
|   | 
|         // 5. MD5加密并转为大写 | 
|         MessageDigest md = MessageDigest.getInstance("MD5"); | 
|         byte[] digest = md.digest(sb.toString().getBytes("UTF-8")); | 
|   | 
|         // 6. 转换为十六进制字符串 | 
|         StringBuilder sign = new StringBuilder(); | 
|         for (byte b : digest) { | 
|             sign.append(String.format("%02x", b & 0xff)); | 
|         } | 
|   | 
|         return sign.toString().toUpperCase(); | 
|     } | 
|     /** | 
|      * 验证签名 | 
|      */ | 
|     private boolean verifySign(Map<String, String> params, String key) throws Exception { | 
|         String sign = params.get("sign"); | 
|         if (StringUtils.isEmpty(sign)) { | 
|             return false; | 
|         } | 
|   | 
|         // 移除sign字段 | 
|         Map<String, String> newParams = new HashMap<>(params); | 
|         newParams.remove("sign"); | 
|   | 
|         // 生成新签名 | 
|         String newSign = generateSign(newParams, key); | 
|   | 
|         return sign.equals(newSign); | 
|     } | 
|   | 
|     /** | 
|      * 关闭订单 | 
|      */ | 
|     public Map<String, String> closeOrder(String orderId){ | 
|         // 构建请求参数 | 
|         Map<String, String> params = new HashMap<>(); | 
|         params.put("appid", wechatPayConfig.getAppId()); | 
|         params.put("mch_id", wechatPayConfig.getMchId()); | 
|         params.put("nonce_str", generateNonceStr()); | 
|         params.put("out_trade_no", orderId); | 
|   | 
|         // 生成签名 | 
|         String sign = weixinSignature(params); | 
|         params.put("sign", sign); | 
|   | 
|         // 将参数转换为XML | 
|         String xmlParams = XMLUtil.mapToXml(params); | 
|   | 
|         // 发送请求到微信支付关闭订单接口 | 
|         String url = "https://api.mch.weixin.qq.com/pay/closeorder"; | 
|         String result = null; | 
|         try { | 
|             result = HttpUtil.post(url, xmlParams); | 
|         } catch (Exception e) { | 
|             throw new RuntimeException(e); | 
|         } | 
|   | 
|         // 解析返回结果 | 
|         try { | 
|             return XMLUtil.xmlToMap(result); | 
|         } catch (DocumentException e) { | 
|             throw new RuntimeException(e); | 
|         } | 
|     } | 
|   | 
|     /** | 
|      * 查询订单 | 
|      */ | 
|     public Map<String, String> queryOrder(String orderId) throws Exception { | 
|         // 构建请求参数 | 
|         Map<String, String> params = new HashMap<>(); | 
|         params.put("appid", wechatPayConfig.getAppId()); | 
|         params.put("mch_id", wechatPayConfig.getMchId()); | 
|         params.put("nonce_str", generateNonceStr()); | 
|         params.put("out_trade_no", orderId); | 
|   | 
|         // 生成签名 | 
|         String sign = generateSign(params, wechatPayConfig.getKey()); | 
|         params.put("sign", sign); | 
|   | 
|         // 将参数转换为XML | 
|         String xmlParams = XMLUtil.mapToXml(params); | 
|   | 
|         // 发送请求到微信支付查询订单接口 | 
|         String url = "https://api.mch.weixin.qq.com/pay/orderquery"; | 
|         String result = HttpUtil.post(url, xmlParams); | 
|   | 
|         // 解析返回结果 | 
|         return XMLUtil.xmlToMap(result); | 
|     } | 
|   | 
|   | 
|     /** | 
|      * 申请退款 - 使用证书 | 
|      */ | 
|     public Map<String, String>  refund(String orderNo, String refundNo, String totalFee, String refundFee, String refundDesc,String callbackPath) { | 
|         int i = new BigDecimal(totalFee).multiply(new BigDecimal("100")).intValue(); | 
|         int j = new BigDecimal(refundFee).multiply(new BigDecimal("100")).intValue(); | 
|         try { | 
|             // 构建请求参数 | 
|             Map<String, String> params = new HashMap<>(); | 
|             params.put("appid", wechatPayConfig.getAppId()); | 
|             params.put("mch_id", wechatPayConfig.getMchId()); | 
|             params.put("nonce_str", UUID.randomUUID().toString().replaceAll("-", "")); | 
|             params.put("out_trade_no", orderNo); | 
|             params.put("out_refund_no", refundNo); | 
|             params.put("total_fee", String.valueOf(i)); | 
|             params.put("refund_fee", String.valueOf(j)); | 
|             params.put("refund_desc", refundDesc); | 
|             params.put("notify_url", wechatPayConfig.getCallbackPath() + callbackPath); // 退款结果 | 
|   | 
|             // 生成签名 | 
|             String sign = weixinSignature(params); | 
|             params.put("sign", sign); | 
|   | 
|             // 转换为XML | 
|             String xmlParams = XMLUtil.mapToXml(params); | 
|   | 
|             // 使用证书发送请求 | 
|             String result = postWithCert("https://api.mch.weixin.qq.com/secapi/pay/refund", xmlParams); | 
|   | 
|             // 解析结果 | 
|             Map<String, String> resultMap = XMLUtil.xmlToMap(result); | 
|             System.out.println("申请退款结果"+resultMap); | 
|   | 
|             // 验证签名 | 
|             if (!verifySign(resultMap, wechatPayConfig.getKey())) { | 
|                 resultMap.put("return_code","FAILED"); | 
|                 resultMap.put("return_msg","申请退款结果签名验证失败"); | 
|                 return resultMap; | 
|             } | 
|   | 
|             return resultMap; | 
|         } catch (Exception e) { | 
|             Map<String, String> resultMap=new HashMap<>(); | 
|             resultMap.put("return_code","FAILED"); | 
|             resultMap.put("return_msg","申请退款失败"); | 
|             return resultMap; | 
|         } | 
|     } | 
|   | 
|     /** | 
|      * 使用证书发送请求 | 
|      */ | 
|     private String postWithCert(String url, String xmlData) throws Exception { | 
|         // 证书类型为PKCS12 | 
|         KeyStore keyStore = KeyStore.getInstance("PKCS12"); | 
|         // 获取证书路径 | 
|         String certPath = wechatPayConfig.getCertPath(); | 
|   | 
|         // 如果是classpath路径,使用ClassLoader加载 | 
|         if (certPath.startsWith("classpath:")) { | 
|             String path = certPath.substring("classpath:".length()); | 
|             try (InputStream inputStream = getClass().getClassLoader().getResourceAsStream(path)) { | 
|                 if (inputStream == null) { | 
|                     throw new FileNotFoundException("证书文件不存在: " + path); | 
|                 } | 
|                 keyStore.load(inputStream, wechatPayConfig.getMchId().toCharArray()); | 
|             } | 
|         } else { | 
|             // 传统文件路径 | 
|             try (FileInputStream inputStream = new FileInputStream(new File(certPath))) { | 
|                 keyStore.load(inputStream, wechatPayConfig.getMchId().toCharArray()); | 
|             } | 
|         } | 
|   | 
|         // 实例化密钥库 & 初始化密钥工厂 | 
|         SSLContext sslContext = SSLContext.getInstance("TLS"); | 
|         KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); | 
|         kmf.init(keyStore, wechatPayConfig.getMchId().toCharArray()); | 
|         sslContext.init(kmf.getKeyManagers(), null, new SecureRandom()); | 
|   | 
|         // 创建HttpsURLConnection对象 | 
|         URL httpsUrl = new URL(url); | 
|         HttpsURLConnection conn = (HttpsURLConnection) httpsUrl.openConnection(); | 
|         conn.setSSLSocketFactory(sslContext.getSocketFactory()); | 
|         conn.setDoOutput(true); | 
|         conn.setDoInput(true); | 
|         conn.setUseCaches(false); | 
|         conn.setRequestMethod("POST"); | 
|         conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); | 
|   | 
|         // 发送请求 | 
|         OutputStream outputStream = conn.getOutputStream(); | 
|         outputStream.write(xmlData.getBytes("UTF-8")); | 
|         outputStream.flush(); | 
|         outputStream.close(); | 
|   | 
|         // 获取响应 | 
|         InputStream inputStream = conn.getInputStream(); | 
|         BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream, "UTF-8")); | 
|         StringBuilder result = new StringBuilder(); | 
|         String line; | 
|         while ((line = bufferedReader.readLine()) != null) { | 
|             result.append(line); | 
|         } | 
|         bufferedReader.close(); | 
|         inputStream.close(); | 
|         conn.disconnect(); | 
|   | 
|         return result.toString(); | 
|     } | 
|   | 
|     /** | 
|      * 处理退款回调 | 
|      */ | 
|     public RefundCallbackResult processRefundCallback(String xmlData) { | 
|         try { | 
|             // 1. 解析回调XML数据 | 
|             if (StringUtils.isEmpty(xmlData)) { | 
|                 return RefundCallbackResult.fail("回调数据为空"); | 
|             } | 
|   | 
|             //2.解析参数 | 
|             System.out.println(xmlData); | 
|             System.out.println("----------------------------------------"); | 
|             Map<String, String> resultMap = XMLUtil.xmlToMap(xmlData); | 
|             System.out.println(resultMap.get("req_info")); | 
|             // 3. 检查返回状态 | 
|             String returnCode = resultMap.get("return_code"); | 
|   | 
|             if (!"SUCCESS".equals(returnCode)) { | 
|                 String errMsg = resultMap.get("return_msg"); | 
|                 return RefundCallbackResult.fail("通信失败:" + errMsg); | 
|             } | 
|   | 
|             //4 使用商户API密钥解密req_info(AES-256-CBC算法) | 
|             String decryptData = decrypt(resultMap.get("req_info"), wechatPayConfig.getKey()); | 
|             Map<String, String> refundDetail = XMLUtil.xmlToMap(decryptData); | 
|   | 
|   | 
|             // 4. 提取退款信息 | 
|             String orderNo = refundDetail.get("out_trade_no");        // 原订单号 | 
|             String refundNo = refundDetail.get("out_refund_no");      // 退款订单号 | 
|             String refundId = refundDetail.get("refund_id");          // 微信退款ID | 
|             System.err.println("退款回调成功,订单号:"+orderNo+",退款号:"+refundNo+",状态:{}"+refundId); | 
|             RefundCallbackResult refundCallbackResult = RefundCallbackResult.success(); | 
|             refundCallbackResult.setOrderNo(orderNo); | 
|             refundCallbackResult.setRefundNo(refundId); | 
|   | 
|             return refundCallbackResult; | 
|   | 
|         } catch (Exception e) { | 
|             return RefundCallbackResult.fail("系统异常:" + e.getMessage()); | 
|         } | 
|     } | 
|   | 
|     private static String wxDecrypt(String req_info, String key)  throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException, | 
|             InvalidKeyException, BadPaddingException, IllegalBlockSizeException{ | 
|         byte[] decode = Base64.getDecoder().decode(req_info); | 
|         System.out.println(Arrays.toString(decode)); | 
|         String sign = MD5AndKL.MD5Encode(key, "UTF-8").toLowerCase(); | 
|         System.out.println(sign); | 
|         if (Security.getProvider("BC") == null){ | 
|             Security.addProvider(new BouncyCastleProvider()); | 
|         } | 
|         Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC"); | 
|         SecretKeySpec secretKeySpec = new SecretKeySpec(sign.getBytes(), "AES"); | 
|         cipher.init(Cipher.DECRYPT_MODE, secretKeySpec); | 
|         return new String(cipher.doFinal(decode)); | 
|     } | 
|   | 
|     /** | 
|      * 获取RSA加密公钥 | 
|      */ | 
|     public String getRsaPublicKey() { | 
|         int maxRetries = 3; | 
|         for (int retryCount = 0; retryCount < maxRetries; retryCount++) { | 
|             try { | 
|                 System.out.println("尝试获取RSA公钥,第" + (retryCount + 1) + "次"); | 
|   | 
|                 // 构建请求参数 | 
|                 Map<String, String> params = new HashMap<>(); | 
|                 params.put("mch_id", wechatPayConfig.getMchId()); | 
|                 params.put("sign_type", "MD5"); | 
|                 params.put("nonce_str", generateNonceStr()); | 
|   | 
|                 // 生成签名 | 
|                 String sign = weixinSignature(params); | 
|                 params.put("sign", sign); | 
|   | 
|                 // 转换为XML | 
|                 String xmlParams = XMLUtil.mapToXml(params); | 
|   | 
|                 // 打印请求参数 | 
|                 System.out.println("请求参数: " + xmlParams); | 
|   | 
|                 // 使用证书发送请求(关键修改:使用postWithCert而非普通HTTP请求) | 
|                 String result = postWithCert("https://fraud.mch.weixin.qq.com/risk/getpublickey", xmlParams); | 
|   | 
|                 // 打印响应结果 | 
|                 System.out.println("响应结果: " + result); | 
|   | 
|                 // 解析结果 | 
|                 Map<String, String> resultMap = XMLUtil.xmlToMap(result); | 
|                 System.out.println("获取RSA公钥结果: " + resultMap); | 
|   | 
|                 // 检查返回状态 | 
|                 if (!"SUCCESS".equals(resultMap.get("return_code"))) { | 
|                     throw new Exception("RSA公钥获取失败: " + resultMap.get("return_msg")); | 
|                 } | 
|   | 
|                 // 保存公钥到本地文件 | 
|                 savePublicKeyToClasspath(resultMap.get("pub_key")); | 
|   | 
|                 return resultMap.get("pub_key"); | 
|             } catch (Exception e) { | 
|                 System.err.println("获取RSA公钥异常: " + e.getMessage() + ", 重试次数: " + (retryCount + 1)); | 
|                 e.printStackTrace(); | 
|   | 
|                 // 如果是最后一次重试,抛出异常 | 
|                 if (retryCount == maxRetries - 1) { | 
|                     return null; | 
|                 } | 
|   | 
|                 // 重试前等待一段时间 | 
|                 try { | 
|                     Thread.sleep(1000 * (retryCount + 1)); // 指数退避 | 
|                 } catch (InterruptedException ie) { | 
|                     Thread.currentThread().interrupt(); | 
|                     return null; | 
|                 } | 
|             } | 
|         } | 
|   | 
|         return null; | 
|     } | 
|   | 
|     /** | 
|      * 保存RSA公钥到文件夹 | 
|      * @param publicKey RSA公钥内容 | 
|      */ | 
|     private static void savePublicKeyToClasspath(String publicKey) throws IOException { | 
|         // 创建 cert 目录(如果不存在) | 
|         Path certDir = Paths.get(CERT_FOLDER); | 
|         if (!Files.exists(certDir)) { | 
|             Files.createDirectories(certDir); // 自动创建目录 | 
|         } | 
|   | 
|         // 写入公钥文件(UTF-8 编码) | 
|         Path keyFile = certDir.resolve(RSA_PUBLIC_KEY_FILENAME); | 
|         Files.write(keyFile, publicKey.getBytes(StandardCharsets.UTF_8)); | 
|     } | 
|     /** | 
|      * 从文件夹加载RSA公钥 | 
|      * @return RSA公钥内容 | 
|      */ | 
|     private static String loadPublicKeyFromClasspath() throws IOException { | 
|         Path keyFile = Paths.get(CERT_FOLDER + RSA_PUBLIC_KEY_FILENAME); | 
|         byte[] bytes = Files.readAllBytes(keyFile); // 读取所有字节 | 
|         return new String(bytes, StandardCharsets.UTF_8); // 转为UTF-8字符串 | 
|     } | 
|   | 
|     /** | 
|      * 加载公钥 返回PublicKey对象 | 
|      */ | 
|     public static PublicKey loadPublicKey(String pemContent) throws Exception { | 
|         // 读取PEM文件内容 | 
| //        String pemContent = new String(Files.readAllBytes(Paths.get(CERT_FOLDER + RSA_PUBLIC_KEY_FILENAME)), StandardCharsets.UTF_8); | 
|   | 
|         // 移除PEM头尾标记 | 
|         String publicKeyPEM = pemContent | 
|                 .replace("-----BEGIN RSA PUBLIC KEY-----", "") | 
|                 .replace("-----END RSA PUBLIC KEY-----", "") | 
|                 .replaceAll("\\s", ""); // 去除换行/空格 | 
|   | 
|         // 解码Base64 | 
|         byte[] encoded = Base64.getDecoder().decode(publicKeyPEM); | 
|   | 
|         // 手动解析PKCS#1格式 | 
|         DerInputStream derReader = new DerInputStream(encoded); | 
|         DerValue[] seq = derReader.getSequence(0); | 
|         BigInteger modulus = seq[0].getBigInteger(); | 
|         BigInteger exponent = seq[1].getBigInteger(); | 
|   | 
|         RSAPublicKeySpec keySpec = new RSAPublicKeySpec(modulus, exponent); | 
|         return KeyFactory.getInstance("RSA").generatePublic(keySpec); | 
|     } | 
|   | 
|     /** | 
|      * 使用RSA-OAEP加密数据 | 
|      * @param plaintext 待加密的明文 | 
|      * @return Base64编码的密文 | 
|      */ | 
|     public static String encrypt(String plaintext, PublicKey publicKey) throws Exception { | 
|         Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWITHSHA-1ANDMGF1PADDING"); | 
|         cipher.init(Cipher.ENCRYPT_MODE, publicKey); | 
|   | 
|         byte[] encryptedBytes = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8)); | 
|         return Base64.getEncoder().encodeToString(encryptedBytes); | 
|     } | 
|   | 
|   | 
|   | 
|     /** | 
|      * 商户付款到银行卡(优先使用本地保存的公钥) | 
|      * @param partnerTradeNo 商户订单号 | 
|      * @param bankNo 银行卡号 | 
|      * @param trueName 银行卡真实姓名 | 
|      * @param bankCode 银行编码 | 
|      * @param amount 金额(分) | 
|      * @param desc 付款说明 | 
|      * @return 付款结果 | 
|      */ | 
|     public Map<String, String> payToBankCard(String partnerTradeNo, String bankNo, String trueName, | 
|                                              String bankCode, BigDecimal amount, String desc) throws Exception { | 
|         int i = amount.multiply(new BigDecimal("100")).intValue(); | 
|         // 1. 尝试从本地加载RSA公钥 | 
|         String pubKey = loadPublicKeyFromClasspath(); | 
|   | 
|         // 2. 如果本地没有公钥或公钥无效,则从微信获取新公钥 | 
|         if (pubKey == null || pubKey.isEmpty()) { | 
|             pubKey = getRsaPublicKey(); | 
|   | 
|         } | 
|         //公钥对象 | 
|         PublicKey publicKey = loadPublicKey(pubKey); | 
|   | 
|         // 3. 使用RSA公钥加密银行卡号和真实姓名 | 
|         String encryptedBankNo = encrypt(bankNo, publicKey); | 
|         String encryptedTrueName = encrypt(trueName, publicKey); | 
|   | 
|         // 4. 构建请求参数 | 
|         Map<String, String> params = new HashMap<>(); | 
|         params.put("mch_id", wechatPayConfig.getMchId()); | 
|         params.put("partner_trade_no", partnerTradeNo); | 
|         params.put("enc_bank_no", encryptedBankNo); | 
|         params.put("enc_true_name", encryptedTrueName); | 
|         params.put("bank_code", bankCode); | 
|         params.put("amount", String.valueOf(i)); | 
|         params.put("desc", desc); | 
|         params.put("nonce_str", generateNonceStr()); | 
|   | 
|         // 生成签名 | 
|         String sign = weixinSignature(params); | 
|         params.put("sign", sign); | 
|   | 
|         // 将参数转换为XML | 
|         String xmlParams = XMLUtil.mapToXml(params); | 
|   | 
|         // 5. 发送请求到微信支付付款到银行卡接口 | 
|         String url = "https://api.mch.weixin.qq.com/mmpaysptrans/pay_bank"; | 
|         String result = postWithCert(url, xmlParams); | 
|   | 
|         // 解析返回结果 | 
|         Map<String, String> resultMap = XMLUtil.xmlToMap(result); | 
|   | 
|         // 验证签名 | 
|         if (!verifySign(resultMap, wechatPayConfig.getKey())) { | 
|             throw new Exception("付款到银行卡签名验证失败"); | 
|         } | 
|   | 
|         return resultMap; | 
|     } | 
|   | 
|     public static void main(String[] args) throws IOException { | 
|   | 
|         String info="CjlaS7RVnPn7zzP5ByZDxUN7OrXGp1/DEdO0qahpIqDH/gTNHb/U7VmrVV0S4lXrIa0N8FEREC3CdIeT4XB5P4D0E8TSURu6J/cD01hFu28f0JDRfeips3vSpTgznRGyCfnUBDPYwyrVeP29Wac7WAb3CCcJf7OZWaweOUkaKjaBRa1GzMZcguSZnQJz0cD5Jb4HbTMvM0VAebfCY9aXdfFBIbm+cPYESo3awqwkNTQeT4V+FViw8f8sjkH0TScMgWBiSKmQC837BLD27yIGklqlYkDP2IMeiNw+b12qCAGszfp2vYd3X+HpViXkQQet3PJWYlAm55R+IgvschP7Ub65XzLINfQrJKrQUXiKKO2LwoSRSwZvfDkR8G8E8X59CnU2XvWKeos5Y0q8ckbJb97yI+09nNgMjYyJoVCVjTFgFMDEQ4+e3CpYRhD6V/3RBp+TvBwszldbRav2XEuCXL2kCJyJEAqLPMNyfYBSNF8z1btjyz0+y/xQQcySKlQInZ710FxSE7KwRSBQ92j9nDdlR7UxCrPVCkEd+GrVNSqqnyjNh1J/rPJPHvvGwkPPq72TKiw6ZgaIgIDhy0/lWHTclo4sjYAWuUVfg3CJ8dqkuQwVZ7i0+NiahIl78RtcUph8NR48yUgBkN7WhCcu5wLbg2tu8Qe0SIwHF+RW1x9Yc8akEkNbMd4xzs8lY5MYEU9V16U8RyWJuwPDph3RnmV8HQ+2hfzmjCvPkBwtfR8P5VdK86OIsHfnfQxAcPM2a86tOBBzFXPrLHgd2CRcDKH+MXTw7RSH/bk1PiMUAWF8TQsNDzgUlznJnkjiQxoym/4ZUf4C6072KKQHbp6bgBYkBhJLT2lmjVMNSX5b1SXM9eTQixRfq6MKGw3P8XJnKdofktVv+KtSzWQlW0C8p504NWACiExupF5EII7FG+xCWt7urWUbc4NRI36UFrKToQCLVv6UBCXt/t9iWlvs6SfuZhpCexeMmZWeiIldzRu87U9rXR46Hu7DAL8dZ+0ItsIZYThSIABzZgaLKggXlkjyAcbcPYKO7egrCmDtFhzHuh4uA3VeBylL3/ZLZ4FUedn/8L4e2iAu22Qj46ORlu17W5R8Ez9kubydeAgC9PkWnjptaubPxE0bjPN69tec"; | 
|   | 
|         String key="fD0JzscfMf295SYtRK3MnPRjSCA4Gahr"; | 
|         try { | 
|             String decrypted = decrypt(info, key); | 
|             System.out.println("解密结果: " + decrypted); | 
|         } catch (Exception e) { | 
|             throw new RuntimeException(e); | 
|         } | 
|     } | 
|   | 
|   | 
|     public static String decrypt(String encryptedStringA, String merchantKey) throws Exception { | 
|         // 1. 对加密串A做base64解码,得到加密串B | 
|         byte[] decode = Base64.getDecoder().decode(encryptedStringA); | 
|   | 
|         // 2. 对商户key做md5,得到32位小写key* | 
|         String sign = MD5AndKL.MD5Encode(merchantKey, "UTF-8").toLowerCase(); | 
|   | 
|         // 3. 确保BouncyCastle提供者已添加 | 
|         if (Security.getProvider("BC") == null) { | 
|             Security.addProvider(new BouncyCastleProvider()); | 
|         } | 
|   | 
|         // 4. 使用AES-256-ECB解密(PKCS7Padding) | 
|         Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC"); | 
|   | 
|         // 注意:微信要求使用AES-256,所以密钥应为32字节(256位) | 
|         // 如果MD5结果是32字节(256位),直接使用 | 
|         byte[] aesKey = sign.getBytes(StandardCharsets.UTF_8); | 
|   | 
|         SecretKeySpec secretKeySpec = new SecretKeySpec(aesKey, "AES"); | 
|         cipher.init(Cipher.DECRYPT_MODE, secretKeySpec); | 
|   | 
|         // 执行解密并指定UTF-8编码 | 
|         byte[] decryptedBytes = cipher.doFinal(decode); | 
|         return new String(decryptedBytes, StandardCharsets.UTF_8); | 
|     } | 
|   | 
|   | 
| } |