Comments (3)
看错误信息像是因为数据不全?
from wxjava.
为了解决支付退款回调验签错误的问题,建议进行以下修改:
校验传入的加密信息格式
在进行Base64解码之前,可以增加对加密信息格式的校验逻辑,以确保传入的加密字符串是一个合法的Base64编码字符串。
使用URL兼容的Base64解码器
考虑到可能存在非标准的Base64编码字符串(如URL安全类型的Base64编码),建议使用getUrlDecoder()
来替换默认的解码器,增强解码过程的兼容性。
修改后的代码示例
import java.util.Base64;
public void parseRefundNotifyV3Result(String encryptedInfo) {
// 1. 校验传入的加密信息格式
if (!isValidBase64String(encryptedInfo)) {
throw new IllegalArgumentException("非法的Base64加密信息格式");
}
CertificatesVerifier certificatesVerifier = ...; // 初始化验证器
// 2. 使用URL兼容的Base64解码器
byte[] decodeBytes = Base64.getUrlDecoder().decode(encryptedInfo);
// 验签过程
boolean result = certificatesVerifier.verify(decodeBytes);
...
}
// 校验Base64字符串的有效性
public boolean isValidBase64String(String str) {
if (str == null || str.trim().isEmpty()) {
return false;
}
// 移除Base64字符串可能包含的所有换行符
String sanitizedStr = str.replaceAll("\\s+", "");
// 校验字符串是否仅包含Base64允许的字符,以及是否长度是4的倍数
return sanitizedStr.matches("^[A-Za-z0-9+/]+={0,2}$") && sanitizedStr.length() % 4 == 0;
}
以上修改旨在提升支付退款回调验签过程中对Base64编码字符串处理的容错性和兼容性。
[注意] 该Comment由AI生成,仅供参考。
from wxjava.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
from wxjava.
Related Issues (20)
- WxMpHostConfig地址需要支持配置化 HOT 1
- 支付私钥字符串BUG
- TransferCreateResult 商家转账到零钱,新增 batch_status 返回值,版本4.6.0 HOT 1
- https://developer.work.weixin.qq.com/document/path/97126 HOT 1
- weixin-java-cp-solon-plugin redisson配置失败 HOT 3
- 可否增加小程序 生物认证秘钥签名验证 HOT 1
- 获取企业所有打卡规则WxCpCropCheckinOption无法获取“late_rule”数据
- 消息路由规则添加事件正则支持eventRegex HOT 1
- GenerateShortLinkRequest结构 HOT 1
- 缺少接口 平台收付通-提交注销申请单等
- 添加发起商家转账接口的notify_url字段,提供相应的回调处理功能
- Caused by: java.lang.ClassNotFoundException: com.github.binarywang.wxpay.service.WxPayService HOT 1
- 企微设置工作台模板和数据是否能支持enable_webview_click参数的传递
- BUG:wx-java-pay 4.6.2.B 更新微信证书异常
- 微信开放平台更换服务器证书通知官方 HOT 1
- WXCP 临时素材上传接口增加本地文件或输入流上传重载 HOT 1
- Expected BEGIN_OBJECT but was STRING at line 1 column
- 媒资管理返回信息封装的实体中缺少status字段 HOT 2
- 获取用户手机号码getPhoneNoInfo
- 获取临时素材文件名有问题
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wxjava.