#355 修复为支持拉取订单评价数据接口而引入的签名bug

Author: binarywang

weixin-java-mp/src/main/java/me/chanjar/weixin/mp/bean/menu/WxMpSelfMenuInfo.java

@@ -38,7 +38,7 @@ public void setButtons(List<WxMpSelfMenuButton> buttons) {
 
   public static class WxMpSelfMenuButton implements Serializable {
     private static final long serialVersionUID = -4426602953309048341L;
-    
+
     /**
      * <pre>
      * 菜单的类型，公众平台官网上能够设置的菜单类型有view（跳转网页）、text（返回文本，下同）、img、photo、video、voice。

weixin-java-pay/src/main/java/com/github/binarywang/wxpay/bean/request/WxPayBaseRequest.java

@@ -14,6 +14,8 @@
 
 import java.math.BigDecimal;
 
+import static com.github.binarywang.wxpay.constant.WxPayConstants.SignType.ALL_SIGN_TYPES;
+
 /**
  * <pre>
  * Created by Binary Wang on 2016-10-24.
@@ -189,8 +191,9 @@ public String toXML() {
    * </pre>
    *
    * @param config 支付配置对象，用于读取相应系统配置信息
+   * @param isIgnoreSignType 签名时，是否忽略signType
    */
-  public void checkAndSign(WxPayConfig config) throws WxPayException {
+  public void checkAndSign(WxPayConfig config, boolean isIgnoreSignType) throws WxPayException {
     this.checkFields();
 
     if (StringUtils.isBlank(getAppid())) {
@@ -209,11 +212,24 @@ public void checkAndSign(WxPayConfig config) throws WxPayException {
       this.setSubMchId(config.getSubMchId());
     }
 
+    if (StringUtils.isBlank(getSignType())) {
+      if (config.getSignType() != null && !ALL_SIGN_TYPES.contains(config.getSignType())) {
+        throw new WxPayException("非法的signType配置：" + config.getSignType() + "，请检查配置！");
+      }
+      this.setSignType(StringUtils.trimToNull(config.getSignType()));
+    } else {
+      if (!ALL_SIGN_TYPES.contains(this.getSignType())) {
+        throw new WxPayException("非法的sign_type参数：" + this.getSignType());
+      }
+    }
+
     if (StringUtils.isBlank(getNonceStr())) {
       this.setNonceStr(String.valueOf(System.currentTimeMillis()));
     }
+
     //设置签名字段的值
-    this.setSign(SignUtils.createSign(this, config.getMchKey(), this.signType));
+    this.setSign(SignUtils.createSign(this, this.getSignType(), config.getMchKey(),
+      isIgnoreSignType));
   }
 
 }

weixin-java-pay/src/main/java/com/github/binarywang/wxpay/bean/request/WxPayRefundRequest.java

@@ -165,12 +165,12 @@ public class WxPayRefundRequest extends WxPayBaseRequest {
   private String refundDesc;
 
   @Override
-  public void checkAndSign(WxPayConfig config) throws WxPayException {
+  public void checkAndSign(WxPayConfig config, boolean isIgnoreSignType) throws WxPayException {
     if (StringUtils.isBlank(this.getOpUserId())) {
       this.setOpUserId(config.getMchId());
     }
 
-    super.checkAndSign(config);
+    super.checkAndSign(config, isIgnoreSignType);
   }
 
   @Override

weixin-java-pay/src/main/java/com/github/binarywang/wxpay/bean/request/WxPayUnifiedOrderRequest.java

@@ -349,7 +349,7 @@ protected void checkConstraints() throws WxPayException {
   }
 
   @Override
-  public void checkAndSign(WxPayConfig config) throws WxPayException {
+  public void checkAndSign(WxPayConfig config, boolean isIgnoreSignType) throws WxPayException {
     if (StringUtils.isBlank(this.getNotifyURL())) {
       this.setNotifyURL(config.getNotifyUrl());
     }
@@ -358,7 +358,7 @@ public void checkAndSign(WxPayConfig config) throws WxPayException {
       this.setTradeType(config.getTradeType());
     }
 
-    super.checkAndSign(config);
+    super.checkAndSign(config, isIgnoreSignType);
   }
 
 }

weixin-java-pay/src/main/java/com/github/binarywang/wxpay/bean/result/WxPayBaseResult.java

@@ -216,12 +216,13 @@ protected Integer getXmlValueAsInt(String... path) {
   /**
    * 校验返回结果签名
    *
+   * @param signType     签名类型
    * @param checkSuccess 是否同时检查结果是否成功
    */
-  public void checkResult(WxPayServiceAbstractImpl wxPayService, boolean checkSuccess) throws WxPayException {
+  public void checkResult(WxPayServiceAbstractImpl wxPayService, String signType, boolean checkSuccess) throws WxPayException {
     //校验返回结果签名
     Map<String, String> map = toMap();
-    if (getSign() != null && !SignUtils.checkSign(map, wxPayService.getConfig().getMchKey())) {
+    if (getSign() != null && !SignUtils.checkSign(map, signType, wxPayService.getConfig().getMchKey())) {
       this.getLogger().debug("校验结果签名失败，参数：{}", map);
       throw new WxPayException("参数格式校验错误！");
     }

weixin-java-pay/src/main/java/com/github/binarywang/wxpay/config/WxPayConfig.java

@@ -36,6 +36,7 @@ public class WxPayConfig {
   private String subMchId;
   private String notifyUrl;
   private String tradeType;
+  private String signType;
   private SSLContext sslContext;
   private String keyPath;
   private boolean useSandboxEnv = false;
@@ -139,6 +140,19 @@ public void setTradeType(String tradeType) {
     this.tradeType = tradeType;
   }
 
+  /**
+   * 签名方式
+   * 有两种HMAC_SHA256 和MD5
+   * @see com.github.binarywang.wxpay.constant.WxPayConstants.SignType
+   */
+  public String getSignType() {
+    return this.signType;
+  }
+
+  public void setSignType(String signType) {
+    this.signType = signType;
+  }
+
   public SSLContext getSslContext() {
     return this.sslContext;
   }

weixin-java-pay/src/main/java/com/github/binarywang/wxpay/constant/WxPayConstants.java

@@ -1,6 +1,9 @@
 package com.github.binarywang.wxpay.constant;
 
+import com.google.common.collect.Lists;
+
 import java.text.SimpleDateFormat;
+import java.util.List;
 
 /**
  * <pre>
@@ -96,6 +99,7 @@ public static class TradeType {
   public static class SignType {
     public static final String HMAC_SHA256 = "HMAC-SHA256";
     public static final String MD5 = "MD5";
+    public static final List<String> ALL_SIGN_TYPES = Lists.newArrayList(HMAC_SHA256, MD5);
   }
 
   /**