POST\n /v3/marketing/favor/media/image-upload\n 1739854234\n aa3ea8f02276438b90a63cfeea0d5c56\n\n
这个签名串计算出的签名值能通过签名校验
POST\n
/v3/marketing/favor/media/image-upload\n
1739854337\n
b08f3dcc57664f308d76615e17766826\n
{"filename":"50d23bdcab1242b68f49e64d41439844.png","sha256":"cfbf7c2a60d18cb397b3ff8155abb04271aea8361feb55ec1a59d76adcdc53b9"}\n
这个按照文档中给的签名串构建计算出的签名通过不了签名校验
{"code":"SIGN_ERROR","detail":{"detail":{"issue":"sign not match"},"field":"signature","location":"authorization","sign_information":{"method":"POST","sign_message_length":89,"truncated_sign_message":"POST\n/v3/marketing/favor/media/image-upload\n1739854337\nb08f3dcc57664f308d76615e17766826\n\n","url":"/v3/marketing/favor/media/image-upload"}},"message":"错误的签名,验签失败"}
//计算文件摘要
String sha256 = DigestUtils.sha256Hex(imageBytes);
System.out.println("SHA-256: " + sha256);
//构建签名串
String timestamp = String.valueOf(System.currentTimeMillis() / 1000);
String nonceStr = UUID.randomUUID().toString().replaceAll("-", "");
Map<String, String> dataMap = new HashMap<>();
dataMap.put("filename", newFileName);
dataMap.put("sha256",sha256);
ObjectMapper objectMapper = new ObjectMapper();
String jsonBody = objectMapper.writeValueAsString(dataMap);
System.out.println("jsonBody:"+jsonBody.toString());
//生成签名串signatureStr
String signatureStr = buileSignature("POST",apiurl,timestamp,nonceStr,jsonBody);
// String signatureStr = buileSignature("POST",apiurl,timestamp,nonceStr);
System.out.println("signatureStr:"+signatureStr);
//计算签名值
String sign = createSign(signatureStr);
System.out.println("sign:"+sign);
//构造Authorization
String authorization = String.format("WECHATPAY2-SHA256-RSA2048 mchid=\"%s\",nonce_str=\"%s\",timestamp=\"%s\",serial_no=\"%s\",signature=\"%s\"",
mchId,
nonceStr,
timestamp,
certSerialNo, // 证书序列号
sign);
按照规范,jsonBody.toString() 是要通过multipart/form-data 里的 meta 字段发给服务端,你这个有没有发呢?