cuter44 / wxpay-sdk Goto Github PK

因为赛门铁克出售了CA业务, 所以微信企业 API 服务器更换了证书. 您需要更新软件包到 0.14.1 或者 自行替换证书 以解决问题.

自行替换证书的步骤如下:

1. 获得一份根证书副本, 通过以下任一方式:
   a. 从我们的源码下载
   b. 用浏览器导出 https://qyapi.weixin.qq.com/ 的根证书;
   c. ...
2. 把证书放到 classpath 上;
3. 配置使用新证书;

As Symentac sold their Web Certificate business, GeoTrust now become a child CA of DigiCert, i.e. no longer a Root CA.
Thereafter, Tencent changed their server cert rooting on a new DigiCert cert on 2018-2-28. Hence our original bundled certificates is no longer valid. You have to tweak it to catch up.

Release 0.14.1 fixed this problem. If you are unable to update the package there is still an alternative:

1. Acquire the new root cert, in any of these ways:
   a. Grab from our source code;
   b. Browse https://qyapi.weixin.qq.com/ , export it via browser;
   c. ...
2. Make it available in your classpath;
3. Config wxcp to find it, like this.

Thanks for your reliance of Nyaguruware. ฅ(⌯͒• ɪ •⌯͒)ฅ

WxpayErrorCode REFUNDNOTEXIST is seen while invoking RefundQuery, while passing a valid out_trade_no that with no yet any refund. This will caused an IllegalArgumentException on com.github.cuter44.wxpay.constants.WxpayErrorCode.forName(WxpayErrorCode.java:51).

We have fixed this problem. Patch is releasing in a few days.

Sorry about that.

It is the ERROR(but not documented in official docs)

Which is not included in WxpayErrorCode, and it may lead to java.lang.IllegalArgumentException: No enum constant com.github.cuter44.wxpay.constants.WxpayErrorCode.ERROR

Not really big deal, we will find some spare to fix it.

这个项目是怎么样打开的呢？

Due to latest explaination from wxpay official page. The current release may not meet the standards.

It is supposed to boom while converting between wxpay's time format(yyyyMMddHHmmss)(with GMT+8 timezone) and java.util.Date(w/o timezone) on a non-CST environment.
No reports received so far. So I haven't take a further exam to ensure its existence.

Currently there is no patch to it.
If you are suffering it, a quick way is to adjust your environment to make it using GMT+8 timezone. The JRE will apply this right fitting the wxpay requirement.
If you are not doing that, try to make a jury patch yourself, this should be rather easy for a skilled developer.

Sorry for the inconvenience.

获取得到prepay_id再签名后，回送给移动端的时候签名不对，不能进行支付

This feature allows wxpay-sdk distribute/accept distributed access_token across application context.

已经升级了jce的两个jar包，之后用这个JDK启动后，还是报错，具体堆栈信息如下：
ERROR c.f.fxl.web.m.api.v2.UserController - java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Usage constraint TLSServer check failed: SHA1 used with certificate: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US. Usage was tls server
at com.github.cuter44.wxmp.util.TokenKeeper.retrieveAccessToken(TokenKeeper.java:89)
at com.github.cuter44.wxmp.util.TokenKeeper.getAccessToken(TokenKeeper.java:111)
at com.github.cuter44.wxmp.util.TokenKeeper.retrieveJSSDKTicket(TokenKeeper.java:120)
at com.github.cuter44.wxmp.util.TokenKeeper.getJSSDKTicket(TokenKeeper.java:149)
at com.fangxuele.fxl.util.wx.WxmpUtil.getWxJssdkParam(WxmpUtil.java:58)
at com.fangxuele.fxl.service.v2.CustomerService.getWxJssdk(CustomerService.java:385)
at com.fangxuele.fxl.service.v2.CustomerService$$FastClassBySpringCGLIB$$c0c26860.invoke()
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673)
at com.fangxuele.fxl.service.v2.CustomerService$$EnhancerBySpringCGLIB$$19c3a251.getWxJssdk()

Whose .verify() is still not implemented yet.

As Tencent enriched available properties of notify API response, the com.github.cuter44.wxpay.resps.Notify#verify is out-dated and incompatible with current schema. which may cause verify() always returns false.
This problem will be solved in next time we rework the Notify (which is pending). If you're in emergency, you'd better implements your own version of verify(), or disable sign-verify(in config file, but may raise security risk).

Sorry to make you in trouble.

Due to one of the constants is set faultily. This two function did not performed correctly.
This bug has been fixed on 0.3.3, previous version are all affected. DO NOT USE THEM ANYMORE!

Errrr...my fault. (´・ω・｀)

java.lang.NullPointerException
at java.util.Hashtable.put(Hashtable.java:514)
at java.util.Properties.setProperty(Properties.java:161)
at com.github.cuter44.wxmsg.servlet.WxmsgGatewayServlet.doGet(WxmsgGatew
ayServlet.java:145)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:620)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:303)

Which is indicating wx-server is not sending signature as docs claiming.

We'll take further investigation later.

WeChat have migrate group into tags for UserInfo.

Hello all,
Unfortunately, we are seeing a massive trend that mixing wxmp and wxpay will be dangerous. It may take in poor performance, confusion, etc.
So we decide to make a slight isolation. The main idea is, to seperate wxmp and wxpay reqs/resps, each of them should have own package hierarchy and super-class. Another thing is, explicitly defining one-api-one-req, and .build().sign().execute() workflow.
These changes are pushing version code to 0.4.z, which means backwards incompatiable. Meanwhile 0.3.z codebase is no longer maintained. Projects using 0.3 CANNOT upgrade without adapting code, I HAVE TOLD YOU.

近期公司的APP在试用微信支付的时候突然报一下错误：

[framework] 2018-07-10 14:29:52,094 - com.pinghua.rest.WxpayRestServices -19043979 [http-apr-8080-exec-30] ERROR com.pinghua.rest.WxpayRestServices - unified order faild! javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1506) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:261) at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:118) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:314) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:357) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:218) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:194) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:85) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:186) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106) at com.github.cuter44.wxpay.reqs.WxpayRequestBase.executePostXML(WxpayRequestBase.java:286) at com.github.cuter44.wxpay.reqs.UnifiedOrder.execute(UnifiedOrder.java:93) at com.pinghua.rest.WxpayRestServices.unifiedOrder(WxpayRestServices.java:89) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:180) at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96) at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204) at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:115) at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58) at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:238) at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:222) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:163) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:137) at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:158) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:239) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:159) at javax.servlet.http.HttpServlet.service(HttpServlet.java:648) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:215) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at com.pinghua.filter.SecurityFilter.doFilter(SecurityFilter.java:140) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:147) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2500) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2489) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1488) ... 74 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ... 80 more

开始觉得可能是微信支付的证书过期了，后来证实确实过期了，然后重新申请了证书，并替换了系统WEB-INF/classes目录下的apiclient_cert.p12文件，重启后依然报上面的错误。

wxpay.properties 文件中的相关的配置参数为：LOAD_IDENTIFICATION=/apiclient_cert.p12

服务器环境：
Windows Server 2008 R2 Enterprise
JDK 1.8.0_60
Tomcat-8.0.32

Can't found file ".p12"

Support off-shore API node like below:

https://apihk.mch.weixin.qq.com/pay/orderquery    （建议接入点：东南亚）
https://apius.mch.weixin.qq.com/pay/orderquery    （建议接入点：其它）
https://api.mch.weixin.qq.com/pay/orderquery      （建议接入点：**国内）