Skip to content

修复: 支付公钥模式下回调验证失败问题 #3788

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
binarywang merged 2 commits into from
Dec 2, 2025
Merged

修复: 支付公钥模式下回调验证失败问题 #3788

binarywang merged 2 commits into from
Dec 2, 2025

Conversation

Copy link
Contributor

Copilot AI commented Dec 2, 2025
edited
Loading

使用微信支付公钥模式时,回调验证抛出"非法请求,头部信息验证失败"。根因是 PublicCertificateVerifier.verify()serialNumber.contains() 未做空值检查,当 Wechatpay-Serial 头为空时导致 NPE。

修改内容

  • PublicCertificateVerifier.java: 添加 serialNumber != null 空值检查,确保公钥模式下序列号为空时直接走公钥验证逻辑
// Before
if (!serialNumber.contains("PUB_KEY_ID") && this.certificateVerifier != null) {

// After  
if (serialNumber != null && !serialNumber.contains("PUB_KEY_ID") && this.certificateVerifier != null) {

Fixes #3526

Original prompt

This section details on the original issue you should resolve

<issue_title>最新版本支付公钥回调验证失败:非法请求,头部信息验证失败</issue_title>
<issue_description>### 简要描述
最新版本支付公钥回调验证失败:非法请求,头部信息验证失败
`com.github.binarywang.wxpay.exception.WxPayException: 非法请求,头部信息验证失败
at com.github.binarywang.wxpay.service.impl.BaseWxPayServiceImpl.baseParseOrderNotifyV3Result(BaseWxPayServiceImpl.java:377)
at com.github.binarywang.wxpay.service.impl.BaseWxPayServiceImpl.parseOrderNotifyV3Result(BaseWxPayServiceImpl.java:366)

`
前面都能够向微信发起订单了 this.wxPayService.createOrderV3(TradeTypeEnum.JSAPI, wxPayUnifiedOrderV3Request);
为啥这里还会验证错误勒?

模块版本情况

`
com.github.binarywang
weixin-java-pay
4.7.5-20250603.122757

`

返回的body String notifyData

{ "summary" : "支付成功", "event_type" : "TRANSACTION.SUCCESS", "create_time" : "2025-06-09T17:25:36+08:00", "resource" : { "associated_data" : "transaction", "ciphertext" : "oZCqdfDooIDgW9KFr9Hux8W5n1dIgMWlVRM5uIFeuNlnKvzTDO1fUARqU6nfdTdTbSLIW/E+FDFJZ/WRp/yvzQdti+FkhMHBd1zoL6zig4Mg48099qqIT3o8rL4svu08rAsNgZujiR26vFkFmbQgYela1ErPnPHqUeBBw4AkTBKnDFYWQidsCKgbiZf9U+/inmzuoc9sR/Lxw2DqqkI1g+7JWOkt9dJUpZz9xkk7NzWuBc2r28nhtVwb95JEgH1H7U29G9u+Tlkv1UjoGzStnK9S9AHevtS2Hb6V59nlIvxJGCMvtuaUYOBGzgKE8f7Gq4oHm0J4vgwqy8ootxgZKGUDKzhpPK/bOaYlJzEw4aR7eOBphmdWWgoaTjlYPSVQ2fl1nlYEpCNUziUFgLKq75B73PI9kMPUD4GBzi9tkn8xJR3A66MYdZASsqanq8jrpN/Wi7g4sXz8nZ8TvVludYYSAIXWp+39fOq3L+4nVmzHHs0FaeZ06vgpbcICse8YqBY2rHqesRgy0VCtDnNZdJsYH7c6P01wgWvGEgm/Qwh/4IVvHpBorJxrapTKxnJ0bxCH9kK1B0ggGhS8POzYD42GytE=", "original_type" : "transaction", "nonce" : "PGa9hbsICgFo", "algorithm" : "AEAD_AES_256_GCM" }, "resource_type" : "encrypt-resource", "id" : "0b30992d-09b5-5bd6-bd06-300e2dd13c4e" }
微信客服说返回的顺序不对,应该是下面这种

Image</issue_description>

Comments on the Issue (you are @copilot in this section)

Custom agent used: 全部用中文
需要用中文,包括PR标题和分析总结过程

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@binarywang
修复: 支付公钥模式下回调验证serialNumber空指针异常
1d56c03 
Co-authored-by: binarywang <1343140+binarywang@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix payment callback verification failure for latest version 修复: 支付公钥模式下回调验证失败问题 Dec 2, 2025
Copilot AI requested a review from binarywang December 2, 2025 03:44
@binarywang binarywang marked this pull request as ready for review December 2, 2025 04:07
@binarywang binarywang merged commit f7a196c into develop Dec 2, 2025
1 check failed
@binarywang binarywang deleted the copilot/fix-payment-callback-verification branch December 2, 2025 04:08
@binarywang binarywang added this to the 4.8.0 milestone Dec 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@binarywang binarywang Awaiting requested review from binarywang

Assignees

@binarywang binarywang

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

4.8.0

Development

Successfully merging this pull request may close these issues.

最新版本支付公钥回调验证失败:非法请求,头部信息验证失败 ContentValue支持Contact控件

2 participants

@binarywang