我在调用微信商家转账的时候,为什么总是提示错误的签名,验签失败呢? 我的微信退款都是正常的,
这个是我请求签名的body 很疑惑啊!
{
"transfer_scene_report_infos" : [ {
"info_type" : "活动名称",
"info_content" : "团长佣金提现"
}, {
"info_type" : "奖励说明",
"info_content" : "业务推广佣金"
} ],
"transfer_amount" : 20,
"openid" : "oejHs6y1_bptfZN4WJH2122222222222222222kzr8w",
"appid" : "wxf431cd56222222222ae5d",
"out_bill_no" : "456213978",
"user_recv_perception" : "现金营销",
"transfer_scene_id" : "1000",
"transfer_remark" : "openId"
}
public String getToken(String method, HttpUrl url, String body) throws SignatureException, NoSuchAlgorithmException, InvalidKeyException, UnsupportedEncodingException {
String nonceStr = WXPayUtil.generateNonceStr(); //WXPayUtil是微信支付自带的sdk
long timestamp = System.currentTimeMillis() / 1000; //生成时间戳
//需要加密的参数
String canonicalUrl = url.encodedPath();
if (url.encodedQuery() != null) {
canonicalUrl += "?" + url.encodedQuery();
}
String parameter = method + "\n"
+ canonicalUrl + "\n"
+ timestamp + "\n"
+ nonceStr + "\n"
+ body + "\n";
//对参数进行加密
byte[] bytes = parameter.getBytes(StandardCharsets.UTF_8);
Signature sign = Signature.getInstance("SHA256withRSA");
PrivateKey privateKey = PemUtil.loadPrivateKeyFromPath(ConstantPropertiesUtils.PEM); //privateKeyPath是商户证书密钥的位置apiclient_key.pem
sign.initSign(privateKey); //商户密钥文件路径
sign.update(bytes);
String signature = Base64.getEncoder().encodeToString(sign.sign());
//获取token
String token = "mchid=\"" + ConstantPropertiesUtils.PARTNER + "\"," //商户号
+ "nonce_str=\"" + nonceStr + "\","
+ "timestamp=\"" + timestamp + "\","
+ "serial_no=\"" + ConstantPropertiesUtils.MERCHANT + "\"," //merchantSerialNumber是微信支付中申请的证书序列号
+ "signature=\"" + signature + "\"";
String schema = "WECHATPAY2-SHA256-RSA2048 "; //注意有一个空格
return schema + token;
}
{"code":"SIGN_ERROR","detail":{"detail":{"issue":"sign not match"},"field":"signature","location":"authorization","sign_information":{"method":"POST","sign_message_length":414,"truncated_sign_message":"POST\n/v3/fund-app/mch-transfer/transfer-bills\n1737012721\na1bb4289f3e3472c8bb4a3085824218e\n{\"transf\n","url":"/v3/fund-app/mch-transfer/transfer-bills"}},"message":"错误的签名,验签失败"}
还请参照排查指引错误根据文档排查:https://developers.weixin.qq.com/community/develop/article/doc/0004eae4f94c981f6c101ba7e6d813
并配合签名验证工具https://pay.weixin.qq.com/docs/merchant/sdk-tools/signature-verification-tool.html进行排查。
另外,建议直接用sdk,因为sdk已经集成了自动签名、验签、加密的流程,如果这里新的转账业务,sdk还未支持的情况下,使用自定义http的请求方式即可https://github.com/wechatpay-apiv3/wechatpay-java?tab=readme-ov-file#%E5%8F%91%E9%80%81-http-%E8%AF%B7%E6%B1%82