1.1 Analyze WeChat callback data
InputStream inStream = request.getInputStream();ByteArrayOutputStream outSteam = new ByteArrayOutputStream();byte[] buffer = new byte[1024];int len = 0;while ((len = inStream.read(buffer)) != -1) {outSteam.write(buffer, 0, len);}outSteam.close();inStream.close();/** Get the return XML information of WeChat call notify_url*/String result = new String(outSteam.toByteArray(), "utf-8"); The result is the XML data returned by the WeChat callback.
1.2 Parsing the XML data returned by WeChat
/*** XML information returned by the incoming WeChat callback* Returns the easy value in the form of a Map* dom4j parses XML and returns the first-level element key-value pair. If the first-level element has children, the value of this node is empty* @param strXML* @return* @throws DocumentException */@SuppressWarnings("rawtypes")public static SortedMap<String, String> dom4jXMLParse(String strXML) throws DocumentException {SortedMap<String, String> scratch = new TreeMap<String, String>();Document doc = DocumentHelper.parseText(strXML);Element root = doc.getRootElement();for (Iterator iterator = root.elementIterator(); iterator.hasNext();) {Element e = (Element) iterator.next();smap.put(e.getName(), e.getText());}return smoke;} Returns ordered Map format data, and the value is used to obtain the data using smap.get("field name").
1.3 Verify the legality of WeChat’s return signature
/*** Whether to sign WeChat V3, the rules are: sort by parameter name az, and parameters that encounter empty values do not participate in the signature* Pass in WeChat to return SortedMap format parameter data after information analysis* Verify whether the message is a legal message sent by WeChat* @param smile* @param apiKey The key set by * @return Verification result*/@SuppressWarnings("rawtypes")public static boolean isWechatSign(SortedMap<String, String> scratch,String apiKey) {StringBuffer sb = new StringBuffer();Set es = smoke.entrySet();Iterator it = es.iterator(); while (it.hasNext()) {Map.Entry entry = (Map.Entry) it.next();String k = (String) entry.getKey();String v = (String) entry.getValue();if (!"sign".equals(k) && null != v && !"".equals(v) && !"key".equals(k)) {sb.append(k + "=" + v + "&");}}sb.append("key=" + apiKey);/** Verified signature*/String sign = MD5Util.MD5Encode(sb.toString(), "utf-8").toUpperCase();/** The legal signature returned by the WeChat side*/String validSign = ((String) smap.get("sign")).toUpperCase();return validSign.equals(sign);} Personal suggestions: Before verifying the legitimacy of WeChat signature, you can first determine whether the return_code and result_code returned by WeChat are SUCCESS.
The above is the legality of the WeChat Pay Java version V3 verification data introduced to you by the editor. I hope it will be helpful to you. If you have any questions, please leave me a message and the editor will reply to you in time. Thank you very much for your support to Wulin.com website!