支付宝主动查询订单签名验证失败的问题

1.支付宝发起订单查询后,返回的数据验证签名时失败
返回数据:

{"alipay_trade_query_response": {"code": "10000","msg": "Success","buyer_logon_id": "111******65","buyer_pay_amount": "0.00","buyer_user_id": "208111123751547","invoice_amount": "0.00","out_trade_no": "6792a3616f111117c870578aee1c99","point_amount": "0.00","receipt_amount": "0.00","send_pay_date": "2021-07-30 09:41:09","total_amount": "0.01","trade_no": "2021073022011141453364350","trade_status": "TRADE_SUCCESS"},"sign": "sign11F1111112vaeUn5/6nsVYOEA="
}

直接使用JSON工具类解析后,去验证签名会出现错误.
原因:
a.编码可能会有问题
b.要严格按照返回的JSON字符串的顺序去做签名

2.正确的demo

    public static void searchOrderAli(String appid, String aliRsa2Private, String aliRsa2Public, String orderNo) throws Exception {AlipayClient alipayClient = new DefaultAlipayClient("https://openapi.alipay.com/gateway.do", appid, aliRsa2Private, "json", "utf-8", aliRsa2Public, "RSA2");AlipayTradeQueryRequest request = new AlipayTradeQueryRequest();request.setBizContent("{" +"\"out_trade_no\":\"" + orderNo + "\"" +"}");AlipayTradeQueryResponse response = alipayClient.execute(request);if (response.isSuccess()) {if ("TRADE_SUCCESS".equals(response.getTradeStatus())) {String body = new String(response.getBody().getBytes("ISO-8859-1"), "utf-8");Map map = JSON.parseObject(body, Map.class);String sign = MapUtils.getString(map, "sign", "");int begin = body.indexOf("\"alipay_trade_query_response\":{");int end = body.indexOf("},\"sign\"");String context = body.substring(begin + 30, end + 1);boolean rsa = AlipaySignature.verify(context, sign, aliRsa2Public, "utf-8", "RSA2");System.out.println(rsa);System.out.println(rsa);}} else {//  String body = response.getBody();System.out.println("调用失败");}}public static void main(String[] args) throws Exception {searchOrderAli(CommonConstant.ALI_APPID, CommonConstant.ALI_RSA2_PRIVATE, CommonConstant.ALI_RSA2_PUBLIC, "6792a3616f144851a7c870578aee1c99");}

解决方案:
a.解决编码问题:

 String body = new String(response.getBody().getBytes("ISO-8859-1"), "utf-8");

b.解决顺序问题,用截取字符串的方法即可

int begin = body.indexOf("\"alipay_trade_query_response\":{");
int end = body.indexOf("},\"sign\"");
String context = body.substring(begin + 30, end + 1);

3.效果

4.文章参考链接
a. https://blog.csdn.net/zlxzlf88/article/details/53218036

本文来自互联网用户投稿，文章观点仅代表作者本人，不代表本站立场，不承担相关法律责任。如若转载，请注明出处。 如若内容造成侵权/违法违规/事实不符，请点击【内容举报】进行投诉反馈！