-
-
Notifications
You must be signed in to change notification settings - Fork 8.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
支付退款回调验签错误 #3234
Comments
看错误信息像是因为数据不全? |
为了解决支付退款回调验签错误的问题,建议进行以下修改: 校验传入的加密信息格式在进行Base64解码之前,可以增加对加密信息格式的校验逻辑,以确保传入的加密字符串是一个合法的Base64编码字符串。 使用URL兼容的Base64解码器考虑到可能存在非标准的Base64编码字符串(如URL安全类型的Base64编码),建议使用 修改后的代码示例import java.util.Base64;
public void parseRefundNotifyV3Result(String encryptedInfo) {
// 1. 校验传入的加密信息格式
if (!isValidBase64String(encryptedInfo)) {
throw new IllegalArgumentException("非法的Base64加密信息格式");
}
CertificatesVerifier certificatesVerifier = ...; // 初始化验证器
// 2. 使用URL兼容的Base64解码器
byte[] decodeBytes = Base64.getUrlDecoder().decode(encryptedInfo);
// 验签过程
boolean result = certificatesVerifier.verify(decodeBytes);
...
}
// 校验Base64字符串的有效性
public boolean isValidBase64String(String str) {
if (str == null || str.trim().isEmpty()) {
return false;
}
// 移除Base64字符串可能包含的所有换行符
String sanitizedStr = str.replaceAll("\\s+", "");
// 校验字符串是否仅包含Base64允许的字符,以及是否长度是4的倍数
return sanitizedStr.matches("^[A-Za-z0-9+/]+={0,2}$") && sanitizedStr.length() % 4 == 0;
} 以上修改旨在提升支付退款回调验签过程中对Base64编码字符串处理的容错性和兼容性。 [注意] 该Comment由AI生成,仅供参考。 |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
#3288 |
简要描述
支付退款回调验签错误
模块版本情况
日志
如果日志不多,直接使用md代码引用格式贴在此处,否则如果太长,请将日志放在 pastebin 或者其他地方,然后将其url地址贴在这里
The text was updated successfully, but these errors were encountered: