踩坑1:微信退款涉及到證書問題
將證書檔案放到resource檔案夾下,
采用spring中的讀取組態檔的方式讀取證書檔案,在本地電腦單元測驗中完全沒問題,后面發現是通過jenkins打包到測驗服務上面由于maven插件的原因串改了證書檔案,導致出現的報錯解決方案
在pom檔案中加入插件
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<configuration><encoding>UTF-8</encoding>
<!-- 過濾后綴為pem、pfx,pkcs12,jks的證書檔案 -->
<nonFilteredFileExtensions>
<nonFilteredFileExtension>pkcs12</nonFilteredFileExtension>
<nonFilteredFileExtension>jks</nonFilteredFileExtension>
<nonFilteredFileExtension>cer</nonFilteredFileExtension>
<nonFilteredFileExtension>pem</nonFilteredFileExtension>
<nonFilteredFileExtension>pfx</nonFilteredFileExtension>
</nonFilteredFileExtensions>
</configuration>
</plugin>
這樣 問題一解決,
踩坑2 : 退款成功微信回呼通過AES解密req_info資訊問題
以下是微信檔案中的介紹
微信退款成功后,為了網路的安全起見,微信方會在回傳欄位資訊中通過加密 到req_info這個欄位回傳給我們,我們拿到資料后必須通過對其進行解密才能拿到對應的退款單號進而對我們自己業務的內部處理
微信官方給了解密檔案介紹但是并沒有對應的demo ,之后踩坑就開始了,以下是我的踩坑記錄
private final static String[] hexDigits = {"0", "1", "2", "3", "4", "5", "6", "7",
"8", "9", "a", "b", "c", "d", "e", "f"};
//密鑰演算法
private static final String ALGORITHM = "AES";
//加解密演算法/作業模式/填充方式
private static final String ALGORITHM_MODE_PADDING = "AES/ECB/PKCS7Padding";
/**
* API密鑰
*/
private static final String SERVICE_KEY = Configuration.readConfigString("service.key", "config");
/**
* 生成key 微信key
*/
private static SecretKeySpec key = new SecretKeySpec(MD5Encode(SERVICE_KEY).toLowerCase().getBytes(), ALGORITHM);
如果只是執行上述代碼的話,代碼會拋出一個例外
這時我們需要在代碼上面添加這句代碼 這樣子代碼就完美執行了,但是這樣的寫法有個不好的地方,由于每次解密都會new 一個
BouncyCastleProvider,這個物件如果創建的多的話會導致虛虛擬機的記憶體溢位,這時我們做一個改進,將上述代碼放到靜態代碼塊里去
這樣子寫
以下是解密程序的完整代碼
private static final Logger log = Logger.getLogger(RefundNotifyDecryptionUtil.class);
private final static String[] hexDigits = {"0", "1", "2", "3", "4", "5", "6", "7",
"8", "9", "a", "b", "c", "d", "e", "f"};
//密鑰演算法
private static final String ALGORITHM = "AES";
//加解密演算法/作業模式/填充方式
private static final String ALGORITHM_MODE_PADDING = "AES/ECB/PKCS7Padding";
/**
* API密鑰
*/
private static final String SERVICE_KEY = Configuration.readConfigString("service.key", "config");
/**
* 生成key
*/
private static SecretKeySpec key = new SecretKeySpec(MD5Encode(SERVICE_KEY).toLowerCase().getBytes(), ALGORITHM);
static{
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null){
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
}
}
/**
* AES解密
*
* @param base64Data
* @return
* @throws Exception
*/
public static String decryptData(String base64Data) throws Exception {
String result = "";
try {
Cipher cipher = Cipher.getInstance(ALGORITHM_MODE_PADDING);
cipher.init(Cipher.DECRYPT_MODE, key);
result = new String(cipher.doFinal(Base64.getDecoder().decode(base64Data)));
}catch (Exception e){
log.info(e.getMessage());
}
return result;
}
public static void main(String[] args) throws Exception {
//解密
String req_info="FKV8RBK9Ws3gmFQvOBKQclyUgIkvCh7+qge1BbQ/xLTPFkIfUKbzq6XvUPLSSCvsLRVUlO/wkK7Y4RqUK0ve44tpLebYhYhqQXAGUdXrOaPiv5Ttv6codaL+6qCPIY4Vu8M2wcpXSLakofe7LvD/Hvg6Mo9Z05+MXzUX8/LwMQ0hen8ZioNrQjzGuDv9p8pT+e3oCT+PXHyshREMGSm5vm0zr9qFndWsqFwivZ23aEQQzb7CpjvzRpXLEsaySragqNfyJlP5VnaFeIonTWU9jSlruCRHytqfct6iuUj3tUoyLDRXFQPIfZM7ZuP32nan77KNIdsf0HOFcGVeUq/jHdJ4XsIPYV/+8MYOBvaRRp90kVYHFws1DNQGkfwxcqJtsM+vx35hjlQBZjWOKMu2aNqKzhiIU0Tj9duuX5XXgzx1syzlc664woFlf42hngNr5e9kruhp85L6K94H/cuYVYaYZbQj3PCHga9ebGjXEnHw0LgXwqUgC3dfOZ+uPBixYUO2zQS1UPYr3b1aUIDnK5sJzO6BcOtcCAp2tehJtIBKsj5ooLmvRP1zoXqiKdtyiGCN2vHRYpyLzbGiALAnKQMTdOcJhAMSELIVAxNkeUGPcKTbQVS71QIYxwWUNqB2n1uZg6VbM2MKUhj50iYIMstatjsC6YfR161Dsl53A9H4UHMwWAb1zptHtoyvRhXKeCF9vEzBfQ5QEY+1LX8wxektxFgMepbzlF9HtBx6/Ulzyx4WepUA2uV5RvsUrYkjXdZM2AGtrvSJer6Uu9uZl5rUdGbcL0uEIAApbMRFzpJ1OhWcRP/yQWWEO4O0c9kVgSKTcnqkmZMi8aDn6xE0E44880lg0t0ZQn0dYeFP8oxH6TWW7+mjuUpvRkqw/N0UaGcH/NiTozyp8Z0ZKSm/46ykeR0khZQl3H7RZIBRqpJfq1B04vQcN9ygtfY3sxV1mQGfOJ72wHRyTpdbNSqczZl2ANwjqanUCD4V4+tMrYaUUkc+JyW8/vKyyLP6GwMqdbD5re5hn9U6GV/mB1c0ZpruiN90ilNX1ZU4X1o+ZSY907bAqCueaqxvsfadiaRY";
//String req_info = "m4NnwrtY0jhpDgNp65H1V/0OWMtSoTYhhY89MHbflhmnaHq9ZKjx9ABq6Jpg4SccA876HVy7J9P85NpdvCMNGInZ4fANDRE+YfZe4HeF+bbFj6JETcEFPpE9YW+bTbC0D+gl/otScJfvB2QUK7+EeBGPHN1EWX9zbr2Gw6AUaORdFk3mGxV5dtjuwWQrv5juzkXDs33Z2dUMslO+i3j0cTDHqwS4hptx2j6h2HvzgzltFbjo7nysU+4rArqJvrGW/9r18e1St9XgG21NALqixfaSmqetOR4zLVL4/+z3CEz8cg5r+/4GUOTf3XFmLCZ/wEkRQhKRNVibG0NFfiG3KnqArMJ/dheQHCd7qL+XX/ZV6tj8RLMgL7R6hOiR03Ljyikdxq9M3K9CTYgf03pHJd3geXX1LgXrLxc1flL6NW+zD3ZayGYpr1WpLsSMG7z8W5j1pme6cRj3n2+CwSFnOnOkxaFuLKoJAJIqM3gbC0eN++vY73RKphlI4zZqg6o5s3MXI6ju1yoi/ZQ+XbTg2JttsdbU0aySernKwkt0rYMf0j/Mcvo2axgHbI3w/iTm141WxHUjkQ+ga2X1pOWdGifGhSmMP8oGaA/WD5MAsK1qXX0eFvUWS/PTauCSTWq5Cmr8loA/KL3jgvB0nyR4mfccB+tPy4Ny7kzOlr/VNeb0ULf96R0AWFWCtdt8AmujAP0DYiM5FSmYLI0XRhpSDjnEbBM8+isNE1GlAVR3NzzemwQORihScovpAktbRSN/d3N+NgTjSoVDiJvCOxCs3thX9qt9iwYbA+/X/gv8lza2FZyIzwkQxGRcYl8JWKpXzNW8EWUNVnSLdHvQttDeV3CvgP/x579RGd6whyFYS6AaI0qw7oTjCFh2EHS/VzGvFuv166ZlVIJ4MNvg79O9h63ZOSE1LzVqEsVh8fDCfM2GgJ9aUdl95Djgunit4yIZOdoigR3f/BEHKrYCEham11rYohaAXs4XAXWihsV3WD5j4G/P+txvjAwujvf4HDwzHgFsmSml013U2mUiy+v4zw==";
String B = decryptData(req_info);
System.out.println(B);
// Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
//
// //加密
// String str = "<root>"+
// "<out_refund_no><![CDATA[2531340110812300]]></out_refund_no>"+
// "<out_trade_no><![CDATA[2531340110812100]]></out_trade_no>"+
// "<refund_account><![CDATA[REFUND_SOURCE_RECHARGE_FUNDS]]></refund_account>"+
// "<refund_fee><![CDATA[1]]></refund_fee>"+
// "<refund_id><![CDATA[50000505542018011003064518841]]></refund_id>"+
// "<refund_recv_accout><![CDATA[支付用戶零錢]]></refund_recv_accout>"+
// "<refund_request_source><![CDATA[API]]></refund_request_source>"+
// "<refund_status><![CDATA[SUCCESS]]></refund_status>"+
// "<settlement_refund_fee><![CDATA[1]]></settlement_refund_fee>"+
// "<settlement_total_fee><![CDATA[1]]></settlement_total_fee>"+
// "<success_time><![CDATA[2018-01-10 10:31:24]]></success_time>"+
// "<total_fee><![CDATA[1]]></total_fee>"+
// "<transaction_id><![CDATA[4200000052201801101409025381]]></transaction_id>"+
// "</root>";
// System.out.println(encryptData(str));
// Map<String, String> result_map = XmlUtils.XmlToMap1("<root><out_refund_no><![CDATA[2531340110812300]]></out_refund_no><out_trade_no><![CDATA[2531340110812100]]></out_trade_no><refund_account><![CDATA[REFUND_SOURCE_RECHARGE_FUNDS]]></refund_account><refund_fee><![CDATA[1]]></refund_fee><refund_id><![CDATA[50000505542018011003064518841]]></refund_id><refund_recv_accout><![CDATA[支付用戶零錢]]></refund_recv_accout><refund_request_source><![CDATA[API]]></refund_request_source><refund_status><![CDATA[SUCCESS]]></refund_status><settlement_refund_fee><![CDATA[1]]></settlement_refund_fee><settlement_total_fee><![CDATA[1]]></settlement_total_fee><success_time><![CDATA[2018-01-10 10:31:24]]></success_time><total_fee><![CDATA[1]]></total_fee><transaction_id><![CDATA[4200000052201801101409025381]]></transaction_id></root>");
// System.out.println(result_map);
}
/**
* AES加密
*
* @param data
* @return
* @throws Exception
*/
public static String encryptData(String data) throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
// 創建密碼器
Cipher cipher = Cipher.getInstance(ALGORITHM_MODE_PADDING);
// 初始化
cipher.init(Cipher.ENCRYPT_MODE, key);
return Base64Util.encode(cipher.doFinal(data.getBytes()));
}
/**
* MD5編碼
* @param origin 原始字串
* @return 經過MD5加密之后的結果
*/
public static String MD5Encode(String origin) {
String resultString = null;
try {
resultString = origin;
MessageDigest md = MessageDigest.getInstance("MD5");
resultString = byteArrayToHexString(md.digest(resultString.getBytes()));
} catch (Exception e) {
e.printStackTrace();
}
return resultString;
}
private static String byteToHexString(byte b) {
int n = b;
if (n < 0) {
n = 256 + n;
}
int d1 = n / 16;
int d2 = n % 16;
return hexDigits[d1] + hexDigits[d2];
}
/**
* 轉換位元組陣列為16進制字串
* @param b 位元組陣列
* @return 16進制字串
*/
public static String byteArrayToHexString(byte[] b) {
StringBuilder resultSb = new StringBuilder();
for (byte aB : b) {
resultSb.append(byteToHexString(aB));
}
return resultSb.toString();
}
POM檔案中要加這個依賴
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-ext-jdk16</artifactId>
<version>1.46</version>
</dependency>通過以上方法你會發現本地代碼能夠正常解密成功了,但是后面坑又繼續來了,把代碼發布到測驗服務器后法先解密并不成功 他在執行解密代碼的時候會拋出例外例外資訊為
Illegal key size or default parameters
接下來我們解決測驗服務器的這個問題,這個問題的原因是 可能服務器的上面的jdk版本過低導致不支持key為256的解密方式 然后我們就需要修改替換jre內部的兩個jar包檔案
\jre\lib\security下的兩個檔案
將這兩個檔案替換掉,當然替換之前把原先兩個備份一下 以防其他問題發生
注意要下載自己服務器對應版本的jar包 下面是下載地址
加解密的例外處理辦法
Alibaba edited this page on 24 Dec 2019 · 5 revisions
如果在加解密的程序中出現java.security.InvalidKeyException: Illegal key size,則需要下載一個東西:
JRE/JDK 6:http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
JRE/JDK 7:http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
JRE/JDK 8u151 之前版本:http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
如果安裝了JRE,將兩個jar檔案放到$JAVA_HOME/lib/security目錄下覆寫原來的檔案
如果安裝了JDK,將兩個jar檔案放到$JAVA_HOME/jre/lib/security目錄下覆寫原來檔案
如果是使用了工具可能內置了JRE,需要在工具參考的目錄下面將兩個jar檔案放到/jre/lib/security目錄下覆寫原來的檔案
JRE/JDK 8u151 之后版本已經內置無限制權限策略檔案,只需將$JAVA_HOME/jre/lib/security/java.security檔案中的#crypto.policy=unlimited解除注釋即可
替換完兩個jar檔案后注意需要重繪下環境變數
source /etc/profile
以上操作完成后 服務器重啟繼續一筆退款吧 發現解密代碼正常了,正確決議了微信回傳的加密資訊了 真開心
分享完畢,如有不足還望各位大佬多多指點
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/230395.html
標籤:其他
上一篇:防止云服務器被爆破的一些措施
下一篇:脫敏功能分享