Git Product home page Git Product logo

Comments (3)

binarywang avatar binarywang commented on August 16, 2024

看错误信息像是因为数据不全?

from wxjava.

DevBuddyConnor avatar DevBuddyConnor commented on August 16, 2024

为了解决支付退款回调验签错误的问题,建议进行以下修改:

校验传入的加密信息格式

在进行Base64解码之前,可以增加对加密信息格式的校验逻辑,以确保传入的加密字符串是一个合法的Base64编码字符串。

使用URL兼容的Base64解码器

考虑到可能存在非标准的Base64编码字符串(如URL安全类型的Base64编码),建议使用getUrlDecoder()来替换默认的解码器,增强解码过程的兼容性。

修改后的代码示例

import java.util.Base64;

public void parseRefundNotifyV3Result(String encryptedInfo) {
    // 1. 校验传入的加密信息格式
    if (!isValidBase64String(encryptedInfo)) {
        throw new IllegalArgumentException("非法的Base64加密信息格式");
    }

    CertificatesVerifier certificatesVerifier = ...; // 初始化验证器
    // 2. 使用URL兼容的Base64解码器
    byte[] decodeBytes = Base64.getUrlDecoder().decode(encryptedInfo);
    // 验签过程
    boolean result = certificatesVerifier.verify(decodeBytes);
    ...
}

// 校验Base64字符串的有效性
public boolean isValidBase64String(String str) {
    if (str == null || str.trim().isEmpty()) {
        return false;
    }
    
    // 移除Base64字符串可能包含的所有换行符
    String sanitizedStr = str.replaceAll("\\s+", "");
    
    // 校验字符串是否仅包含Base64允许的字符,以及是否长度是4的倍数
    return sanitizedStr.matches("^[A-Za-z0-9+/]+={0,2}$") && sanitizedStr.length() % 4 == 0;
}

以上修改旨在提升支付退款回调验签过程中对Base64编码字符串处理的容错性和兼容性。

[注意] 该Comment由AI生成,仅供参考。

from wxjava.

stale avatar stale commented on August 16, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

from wxjava.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.