收藏
回答

api v3 支付通知签名验证失败

支付成功后,收到微信的异步通知,但是签名验证一直失败,请问是什么原因?

1、签名验证的 证书是使用的微信平台的公共证书;

2、签名的数据已经规定格式构造验签名串

3、已经检查平台证书序列号,是一致的

签名验证方法如下:

回答关注问题邀请回答
收藏

1 个回答

  • 天到海角
    天到海角
    09-24

    微信支付成功响应数据

    Wechatpay-Serial =33C58FB834FD8D57F482330F6801E29DBC821867

    Wechatpay-Timestamp =1600912005

    Wechatpay-Nonce =msOq4nFDHozoPBWz6aacRqU5QTvIH4k1

    Wechatpay-Signaturee =p5OoflMcnB3jjU6zVz6yX6xpkIN7kwlN7XOIlDIzr/wdR1QVJBUA5I5Q2/eKYaXo9C5S7JcwqgxGvBsjGguR1qoYejlBi5DUYSnEPxG8bPRYL7t8YxUUVrwGuLldJEHjLY091zZfrF7mJj6g8ZbKCK4tHc0ohJ7W0X3UX+mII7bDyFzdX7FB9Nn3agPFPYmagOZTYOOavTD/ruDQ1l701kqUU3PRXBURn9mfrwmu8Zla3XTKE5Qicr7RUkENraKHsxXHhdPx/9oF22YS7oMHMguISoM5r3ol8gZO/ODf+EW7W/YsHuNMwOhoUiPpA6m4X6uN0nRDfZNrgS0jTigkMg==

    json ={"summary":"支付成功","event_type":"TRANSACTION.SUCCESS","create_time":"2020-09-24T09:46:43+08:00","resource":{"associated_data":"transaction","ciphertext":"2NfzGf55RhfZMTAf9YKRs4V31NmtdM/4kqIQI8brgb4Pwzy0H1V+9ySkbkLV7X0Dnuj/pFr43szKjdrY65qktcFRHJmLUgLv8asEKhuBC+klzIGBjqz/DUhf2ZefEJ9HJHJTAsRcl2Hm/1HnS/ogmu6hxCxavz3qhhxovLY6EeqLySQMAqdCVxycieV0O3WkmIeWp9q1uFARqGh36OevRLK1X28zOIP93RZ4h0M94/xHb8lfW7F8HWSa2vUv673//fKonQpUy3L90N9284sKdXeobHSlMvQ6HI4mmHK5Nrdvv41uOlv/bkgtMTrYiKbsIdvxtwZMyT+qK2wghU8Q68SmwaWeOQRSBMV7eWxKvtMy4P822onhkSEHhZEJfnyWsEPyK4TCUroU2n+CMARi0WhqvgIL14MjUIV+ftbr6eGxSepHv4Rv8IYH1AVTj7F8plIoUbVesOzEiCO6Wd35WfaMYeGoK3U/LLhus/A/VomgDvpaFGBDYPcKuehNpQhgHJWpx1iL+8Q2nhNM4dpTGrC2NeGV/zUJWmDwWj551kkCD4qUp9XmjAERk/L7mq3EPcpXGXvDdfQibAh0MqNpiHMZEx5hIvre3cTIavZ5MDn4eoxNtKm1W5h92/XQg7ZEGixR36+SpuAOWNvcoTvs9lPpHL6/Efx61RUyFocdi+CiBj/OSHPvsG71tboSu7hSjsFBntx0AdKc/12vaojFdWKiu7/oyDV424cKBWhqj3L2EYVcj540bq/uC/KpOUqwy4nRbqhG/Id14V4pgjXa7SXLfPa7EwKQ5g==","original_type":"transaction","nonce":"DovlSe7EE9pD","algorithm":"AEAD_AES_256_GCM"},"resource_type":"encrypt-resource","id":"01368359-c4db-5653-b05a-83118634e17f"}

    生成待签名字符串:

    使用工具进行验证也是签名验证失败,证书是通过https://github.com/wechatpay-apiv3/CertificateDownloader 下载工具下载的微信平台公钥证书。证书序列号和微信支付响应的序列号一致。

    09-24
    有用 1
    回复 2
    • 天到海角
      天到海角
      09-24
      找到原因了。使用spring 注解@RequestBody String bodyData获取的request body json数据顺序变了,所以一直签名验证不通过。通过 request.getReader() 读取的数据没问题,签名验证通过
      09-24
      1
      回复
    • 飞行
      飞行
      10-12回复天到海角
      大佬,能不能让我看下你接收通知的处理代码?我这里也是出这问题了,解决不了了,没用@RequestBody
      10-12
      回复
登录 后发表内容
问题标签