明文请求
【签名验签规则】
此接口提交形式是HTTPkey-value,签名只针对value进行;
示例如下
https://payappdev.ecpic.com.cn/payplatform-payssl/mobilePay.action?User_name=MIST_APPPAY&TradeCode=MOBILE_PAY&Input_charset=1&Plug_id=&Pluguser_no=&Policy_no=ASHH481ZH914B000091W&Order_id=1469785557939&Order_amount=0.01&Pay_amount=0.01&Order_time=20160729174557&Product_id=123123&Product_name=路远车险&Product_desc=路远保险&Payer_name=张三&Payer_idType=0&Payer_id=&Payer_accName=&Payer_mobile=&Return_url=http%3A%2F%2Fwww.baidu.com&SpFlag=1&Platform_paynum=&B_company=&C_company=&attr1=116.228.131.212&attr2=wx56eb8b1ddc07ae69&attr3=oIVq0jj-lOkKktN5fcqBOq_qK3Qc&attr4=&attr5=&Sign_msg=2c3aec0a123abdaeab9cb53e6945e5d8&formValue=http%3A%2F%2F15.189.69.35%6855%2Dpayplatform-payssl%2FmobilePay.action
按照明文请求中签名规则得到Sign_msg后,将请求地址之外的所有参数(包含Sign_msg)以key=value&key=value形式组装
User_name=MIST_APPPAY&TradeCode=MOBILE_PAY&Input_charset=1&Plug_id=&Pluguser_no=&Policy_no=ASHH481ZH914B000091W&Order_id=1469785557939&Order_amount=0.01&Pay_amount=0.01&Order_time=20160729174557&Product_id=123123&Product_name=路远车险&Product_desc=路远保险&Payer_name=张三&Payer_idType=0&Payer_id=&Payer_accName=&Payer_mobile=&Return_url=http%3A%2F%2Fwww.baidu.com&SpFlag=1&Platform_paynum=&B_company=&C_company=&attr1=116.228.131.212&attr2=wx56eb8b1ddc07ae69&attr3=oIVq0jj-lOkKktN5fcqBOq_qK3Qc&attr4=&attr5=&Sign_msg=2c3aec0a123abdaeab9cb53e6945e5d8&formValue=http%3A%2F%2F15.189.69.35%6855%2Dpayplatform-payssl%2FmobilePay.action
package com.cpic.auap.client.handler;
import it.sauronsoftware.base64.Base64;
import java.net.URLEncoder;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.codec.digest.DigestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import com.cpic.auap.cache.constants.InterfaceRequestAddress;
import com.cpic.auap.cache.constants.SystemParContants;
import com.cpic.auap.client.mbts.model.pay.PayLinkDto;
import com.cpic.auap.common.constants.LoggerConstant;
import com.cpic.auap.common.utils.SystemParameterUtil;
import com.cpic.auap.core.utils.DateUtils;
/**
* @author wangzuojia
*
*/
@Component
public class MbtsPayHandler {
private static Logger logger = LoggerFactory.getLogger(LoggerConstant.LOGGER_PAY);
/**
* 生成支付链接
* @param mbtsOutUrl 资金地址
* @param orderId 订单号
* @param totalPlicyPremium 支付金额
* @param returnUrl 支付完成后返回的商户地址
* @param policyNo 保单号
* @param productId 产品代码
* @param signkey MD5秘钥
* @param aesKey AES秘钥
* @return
* @throws Exception
*/
public String getPayUrl2(PayLinkDto payLinkDto) throws Exception {
//mock_generatePayUrl 存储在数据库中,1:明文0:密文
String mock_generatePayUrl = SystemParameterUtil.getValueByKey(SystemParContants.MOCK_GENERATEPAYURL);
//商户在资金系统中的用户名
String userName = SystemParameterUtil.getValueByKey(SystemParContants.MBTS_PUA_APPPAY);
//根据入参拼接支付链接的内容
Map<String,String> map = new HashMap<String,String>();
map.put("User_name",userName);//PUA_APPPAY
map.put("TradeCode","MOBILE_PAY");
map.put("Input_charset","1");
map.put("Plug_id","");
map.put("Pluguser_no","");
map.put("Policy_no",payLinkDto.getPolicyNo());
map.put("Order_id",payLinkDto.getOrderId());
map.put("Order_amount",payLinkDto.getOrderAmount());
map.put("Pay_amount",payLinkDto.getOrderAmount());
map.put("Order_time",DateUtils.format(new Date(), "yyyyMMddHHmmss"));
map.put("Product_id",payLinkDto.getProductId());
map.put("Product_name","太平洋车险");
map.put("Product_desc","");
map.put("Payer_name","保险");
map.put("Payer_idType","");
map.put("Payer_id","");
map.put("Payer_accName","");
map.put("Payer_mobile","");
map.put("Return_url",payLinkDto.getApiRecallUrl());
map.put("SpFlag","1");
map.put("Platform_paynum","");
map.put("B_company","");
map.put("C_company","");
map.put("attr1","");
map.put("attr2","");
map.put("attr3","");
map.put("attr4","");
map.put("attr5","");
map.put("PayWay","");
map.put("Scenario",payLinkDto.getFromSource());
/*待MD5加密字符串。进行签名时,先将以下参数的值按顺序拼装起来,后面再附加一个双方约定好的签名密钥构成用来签名的字符串:{User_name}{TradeCode}{Input_charset}{Policy_no}{Order_id}{Order_amount}{Order_time}{Product_id}{Product_name}{return_url}{md5key}其中md5key是个事先约定的key值,然后对其进行MD5计算得到签名值*/
String key = payLinkDto.getSignkey2();//双方约定好的key(一般存储在数据库中)
String str = map.get("User_name")
+map.get("TradeCode")
+map.get("Input_charset")
+map.get("Policy_no")
+map.get("Order_id")
+map.get("Order_amount")
+map.get("Order_time")
+map.get("Product_id")
+map.get("Product_name")
+map.get("Return_url")
+key;
//对以上value进行MD5加密
String md532bit = DigestUtils.md5Hex(str);
map.put("Sign_msg",md532bit);
//拼接请求参数并且对value进行编码
String reqStr = "";
for (Map.Entry<String, String> entry : map.entrySet()) {
String key1 = entry.getKey();
String value1 = URLEncoder.encode(entry.getValue(), "UTF-8");
reqStr += ("&"+key1 + "=" + value1);
}
//去掉第一个&得到要加密的字符串
String aesStr = (String) reqStr.subSequence(1, reqStr.length());
logger.info("待加密的字符串:"+aesStr);
if("1".equals(mock_generatePayUrl)){//mock_generatePayUrl本实例是存储在数据库中的
logger.info("明文链接地址:"+(payLinkDto.getMbtsOutUrl()+aesStr));
return payLinkDto.getMbtsOutUrl()+aesStr;
}else if(!"1".equals(mock_generatePayUrl)){//密文
//使用双方约定好的AES key(aesStr)进行AES加密,得到AES密文encryptData
String encryptData = com.pingan.pay.security.SecurityManager.encryptByAES(payLinkDto.getSignkey3(), aesStr);
//进行BASE64编码:Base64.encode(encryptData.getBytes("UTF-8")),然后拼接必要的数据
return payLinkDto.getMbtsOutUrl()+"User_name="+map.get("User_name")+"&Sign_type=AES&Data="+new String(Base64.encode(encryptData.getBytes("UTF-8")));
}
return payLinkDto.getMbtsOutUrl()+aesStr;//默认明文
}
}
2 0
