wechatpay-apache-httpclient icon indicating copy to clipboard operation
wechatpay-apache-httpclient copied to clipboard
verified publisher icon wechatpay-apiv3

sdk0.2.16 NotificationParser解密时报错Empty key

Open alv002 opened this issue 11 months ago • 3 comments

报错信息 Caused by: java.lang.IllegalArgumentException: Empty key at javax.crypto.spec.SecretKeySpec. (SecretKeySpec.java:99) at com.wechat.pay.java.core.cipher.AbstractAeadCipher.decrypt (AbstractAeadCipher.java:71) at com.wechat.pay.java.core.notification.NotificationParser.decryptData (NotificationParser.java:154) at com.wechat.pay.java.core.notification.NotificationParser.getDecryptObject (NotificationParser.java:110) at com.wechat.pay.java.core.notification.NotificationParser.parse (NotificationParser.java:50) at com.fish.pay.common.wechat.WeChatPayment.paySuccessCheck (WeChatPayment.java:178) at com.fish.api.server.controller.api.ApiPayController.renotify (ApiPayController.java:130) at com.fish.api.server.controller.api.ApiPayController$$FastClassBySpringCGLIB$$e2e58982.invoke ()

alv002 avatar Feb 22 '25 12:02 alv002

获取body片段,使用的issue里另一位提供的,试过网上多种getbody的代码

private String getRequestBody(HttpServletRequest request) {
        BufferedReader br = null;
        try {
            StringBuilder result = new StringBuilder();
            br = request.getReader();
            for (String line; (line = br.readLine()) != null; ) {
                if (result.length() > 0) {
                    result.append("\n");
                }
                result.append(line);
            }
            return result.toString();
        } catch (IOException e) {
            throw new RuntimeException(e);
        } finally {
            if (br != null) {
                try {
                    br.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
        }

这是另一个

private String getRequestBody(HttpServletRequest request) {
        String body;
        try (ServletInputStream inputStream = request.getInputStream()
        ) {
            ByteArrayOutputStream result = new ByteArrayOutputStream();
            byte[] buffer = new byte[1024];
            for (int length; (length = inputStream.read(buffer)) != -1; ) {
                result.write(buffer, 0, length);
            }
            body = result.toString();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
        return body;
    }

两种都是一致的报错。

alv002 avatar Feb 22 '25 12:02 alv002

这是获取微信端回调的方式。

// 从请求头中获取信息
        String timestamp                        = request.getHeader("Wechatpay-Timestamp");
        String nonce                            = request.getHeader("Wechatpay-Nonce");
        String signature                        = request.getHeader("Wechatpay-Signature");
        String singType                         = request.getHeader("Wechatpay-Signature-Type");
        String wechatPayCertificateSerialNumber = request.getHeader("Wechatpay-Serial");

        String requestBody = getRequestBody(request);

        // 构造 RequestParam
        RequestParam requestParam = new RequestParam.Builder()
                .serialNumber(wechatPayCertificateSerialNumber)
                .nonce(nonce)
                .signature(signature)
                .signType(singType)
                .timestamp(timestamp)
                .body(requestBody)
                .build();

由于微信小程序时2025年之后开的,使用sdk为0.2.16,所以都是使用RSAPublicKey 获取的config

alv002 avatar Feb 22 '25 12:02 alv002

java版本1.8.400+,环境为花生壳内网穿透。 body内容 {"id":"a26a97b4-d3a9-53cb-8835-7c0508e14fd5","create_time":"2025-02-22T19:17:11+08:00","resource_type":"encrypt-resource","event_type":"TRANSACTION.SUCCESS","summary":"支付成功","resource":{"original_type":"transaction","algorithm":"AEAD_AES_256_GCM","ciphertext":"4u0KHxGb4sA1LnGOQxNIleXuGsL/bcuDWMONMox18M0tyol6oe5tXOJBYHqj7BU2H7YKzz7dhv87pcCeCPZi1wZ2VO83k93Va0vkVZRQ2nIEQshYBXnJ97cUJSqra0+UDSxoYIHn41Rqy8C+U3K9gVhAeSJlOkfXFRhj2SzPCJCcY6780VLuhVldCFjM/dPXqgfXp1YUWMw9dx/jw+mlbr4bPBWEdwBDjhjkkWdgYeh/okHDoX3J7GlOJfuYjSdvXrN/xskKtb/uVeDwY1tpTUGJr2WP+DWk3JlUtdHcyfJ8l+mizeeDnDzulDMY4LrjQqP5bQTkJ/BubLsQyUmTBEO/td61THSxu43ATD4zvSg2vWaq7hEM30MW9lCQCNvrV1VNvpM+hMjD3xAkntkByxqExgC7xLssRLLjnjXtOszmSw23jEwthiC36zSMdoxqW0F5by+LOWnfr8lTQx/XBdRPNxUqn0Db2dRwdBQqbmg9CcUDTUH7WB+RMw+tH3xljwRzap1cbq2BGP4y7L2n1QPDesrmRh5fsQMmR+xn58Yq618iKe1AThxxWuL4j8hX6fs=","associated_data":"transaction","nonce":"kk7cv1zVbia8"}}

alv002 avatar Feb 22 '25 12:02 alv002