小程序云开发,接入微信支付,添加分账接收方
昨天调试一天,找不出原因的签名校验不通过一直在发生!
微信支付接口签名校验工具
https://pay.weixin.qq.com/wiki/doc/api/micropay.php?chapter=20_1
使用签名校验工具,对一模一样的StringA原字符串进行编译,我生成的原sign值和签名校验工具生成新sign值总是不一样。
数据比对:
原sign值:C714553B1E86EE6D6B190EA204890A4998F50325DD67B42D81B2C30DE9D7F380(我的代码)
新sign值:D8BE851C430B79BD374FC4D406944C8E175642A791A831ED23D453302D634EC9(签名校验工具)
我现在唯一想到的方法:能否给段小程序生成签名的示例代码?
将以下StringA原字符串加密为签名校验工具相同的结果就可以,非常感谢!
StringA:
appid=wx8c6e071527acdd96&mch_id=1374850001&nonce_str=762ZnhskWpfrysj0&receiver= { "account":"oBGH2RefE5Jj6T3IUP05sc2lgCcx", "name": "阿江", "relation_type": "USER", "type": "PERSONAL_OPENID" } &sign_type=HMAC-SHA256&key=693o12Kl341eZ81n1A5732a58Eb15cGF
我的代码(云函数中调用):
const CryptoJS = require('crypto-js')
let partnerKey=693o12Kl341eZ81n1A5732a58Eb15cGF
let StringA="appid=wx8c6e071527acdd96&mch_id=1374850001&nonce_str=762ZnhskWpfrysj0&receiver= { "account":"oBGH2RefE5Jj6T3IUP05sc2lgCcx", "name": "阿江", "relation_type": "USER", "type": "PERSONAL_OPENID" } &sign_type=HMAC-SHA256&key="+partnerKey
StringA = CryptoJS.HmacSHA256(StringA, partnerKey)
StringA = CryptoJS.enc.Hex.stringify(StringA)
StringA = StringA.toUpperCase()
XML测试数据:
<xml>
<appid>wx8c6e071527acdd96</appid>
<mch_id>1374850001</mch_id>
<nonce_str>762ZnhskWpfrysj0</nonce_str>
<receiver>
{
"account":"oBGH2RefE5Jj6T3IUP05sc2lgCcx",
"name": "阿江",
"relation_type": "USER",
"type": "PERSONAL_OPENID"
}
</receiver>
<sign_type>HMAC-SHA256</sign_type>
</xml>
非常感谢!
你用的云环境应该是Nodejs v10.15的吧?如果是,你可能不需要第三方库的支持就可以正确签名了,尝试下以下代码,转成xml后和官方验签工具结果一致。
const crypto = require('crypto') const key = 'exposed_your_key_here_have_risks' const data = { mch_id: '1374850001', nonce_str: '762ZnhskWpfrysj0', sign_type: 'HMAC-SHA256', appid: 'wx8c6e071527acdd96', receiver: JSON.stringify({ account: "oBGH2RefE5Jj6T3IUP05sc2lgCcx", name: "阿江", relation_type: "USER", type: "PERSONAL_OPENID" }), } const ksort = obj => Object.keys(obj).sort().reduce((des, k) => (des[k] = obj[k], des), {}) const toSignString = (obj, key) => `${Object.entries(obj).map(a => a.join('=')).join('&')}&key=${key}` const signHmacSha256 = (str, key) => crypto.createHmac('sha256', key).update(str).digest('hex').toUpperCase() const sign = signHmacSha256(toSignString(ksort(data), key), key) console.info(sign) //1E9FD7D75FD9868A23D4E19A81DBF55270AFB1EF686992BEC43A400292CA9550
原sign值: DF811C98FF3B694E3648EE980DFFA87DA56F6C8A14CAF6C43D023F49715C5F26(我的值)
新sign值:C2C3C2A957E672395B41791F9D54EF8AE4382DFEBBCE3C0AB98384C68D4EFFCC(微信支付接口签名校验工具)
//商户Key值我用的这个:
const key = 'exposed_your_key_here_have_risks'
<xml>
<appid>wx8c6e071527acdd96</appid>
<mch_id>1374850001</mch_id>
<nonce_str>762ZnhskWpfrysj0</nonce_str>
<receiver><![CDATA[{"account":"oBGH2RefE5Jj6T3IUP05sc2lgCcx","name":"阿江","relation_type":"USER","type":"PERSONAL_OPENID"}]]></receiver>
<sign>DF811C98FF3B694E3648EE980DFFA87DA56F6C8A14CAF6C43D023F49715C5F26</sign>
<sign_type>HMAC-SHA256</sign_type>
</xml>