|
|
@@ -909,28 +909,32 @@ public class PayScoreServiceImpl implements PayScoreService {
|
|
|
if (wxPayConfig == null) {
|
|
|
throw new IllegalStateException("微信支付未配置");
|
|
|
}
|
|
|
+ String apiV2Key = wxPayConfig.getApiV2Key();
|
|
|
+ if (apiV2Key == null || apiV2Key.isEmpty()) {
|
|
|
+ throw new IllegalStateException("APIv2密钥未配置,请在商户平台-API安全中设置APIv2密钥");
|
|
|
+ }
|
|
|
|
|
|
String timestamp = String.valueOf(System.currentTimeMillis() / 1000);
|
|
|
String nonceStr = generateNonceStr(32);
|
|
|
String signType = "HMAC-SHA256";
|
|
|
|
|
|
- // 按 key 字典序拼接: mch_id, nonce_str, out_order_no, service_id, sign_type, timestamp
|
|
|
+ // 按 key 字典序拼接,末尾追加 &key={APIv2密钥}(微信支付V2签名规范)
|
|
|
String signMessage = "mch_id=" + wxPayConfig.getMchId() + "&"
|
|
|
+ "nonce_str=" + nonceStr + "&"
|
|
|
+ "out_order_no=" + outTradeNo + "&"
|
|
|
+ "service_id=" + wxPayConfig.getServiceId() + "&"
|
|
|
+ "sign_type=" + signType + "&"
|
|
|
- + "timestamp=" + timestamp;
|
|
|
+ + "timestamp=" + timestamp
|
|
|
+ + "&key=" + apiV2Key;
|
|
|
|
|
|
String sign;
|
|
|
try {
|
|
|
Mac mac = Mac.getInstance("HmacSHA256");
|
|
|
- byte[] keyBytes = wxPayConfig.getV3ApiKey().getBytes(StandardCharsets.UTF_8);
|
|
|
+ byte[] keyBytes = apiV2Key.getBytes(StandardCharsets.UTF_8);
|
|
|
SecretKeySpec secretKey = new SecretKeySpec(keyBytes, "HmacSHA256");
|
|
|
mac.init(secretKey);
|
|
|
byte[] signBytes = mac.doFinal(signMessage.getBytes(StandardCharsets.UTF_8));
|
|
|
- // openBusinessView 签名要求大写十六进制,不是 Base64
|
|
|
- // byte 转无符号防止负值输出 8 位 hex
|
|
|
+ // 输出大写十六进制
|
|
|
StringBuilder sb = new StringBuilder();
|
|
|
for (byte b : signBytes) {
|
|
|
sb.append(String.format("%02X", b & 0xFF));
|