Skip to content

修复: 支付公钥模式下回调验证失败问题#3788

Merged
binarywang merged 2 commits intodevelopfrom
copilot/fix-payment-callback-verification
Dec 2, 2025
Merged

修复: 支付公钥模式下回调验证失败问题#3788
binarywang merged 2 commits intodevelopfrom
copilot/fix-payment-callback-verification

Conversation

Copy link
Contributor

Copilot AI commented Dec 2, 2025
edited
Loading

使用微信支付公钥模式时,回调验证抛出"非法请求,头部信息验证失败"。根因是 PublicCertificateVerifier.verify()serialNumber.contains() 未做空值检查,当 Wechatpay-Serial 头为空时导致 NPE。

修改内容

  • PublicCertificateVerifier.java: 添加 serialNumber != null 空值检查,确保公钥模式下序列号为空时直接走公钥验证逻辑
// Before
if (!serialNumber.contains("PUB_KEY_ID") && this.certificateVerifier != null) {

// After  
if (serialNumber != null && !serialNumber.contains("PUB_KEY_ID") && this.certificateVerifier != null) {

Fixes #3526

Original prompt

This section details on the original issue you should resolve

<issue_title>最新版本支付公钥回调验证失败:非法请求,头部信息验证失败</issue_title>
<issue_description>### 简要描述
最新版本支付公钥回调验证失败:非法请求,头部信息验证失败
`com.github.binarywang.wxpay.exception.WxPayException: 非法请求,头部信息验证失败
at com.github.binarywang.wxpay.service.impl.BaseWxPayServiceImpl.baseParseOrderNotifyV3Result(BaseWxPayServiceImpl.java:377)
at com.github.binarywang.wxpay.service.impl.BaseWxPayServiceImpl.parseOrderNotifyV3Result(BaseWxPayServiceImpl.java:366)

`
前面都能够向微信发起订单了 this.wxPayService.createOrderV3(TradeTypeEnum.JSAPI, wxPayUnifiedOrderV3Request);
为啥这里还会验证错误勒?

模块版本情况

`
com.github.binarywang
weixin-java-pay
4.7.5-20250603.122757

`

返回的body String notifyData

{ "summary" : "支付成功", "event_type" : "TRANSACTION.SUCCESS", "create_time" : "2025-06-09T17:25:36+08:00", "resource" : { "associated_data" : "transaction", "ciphertext" : "oZCqdfDooIDgW9KFr9Hux8W5n1dIgMWlVRM5uIFeuNlnKvzTDO1fUARqU6nfdTdTbSLIW/E+FDFJZ/WRp/yvzQdti+FkhMHBd1zoL6zig4Mg48099qqIT3o8rL4svu08rAsNgZujiR26vFkFmbQgYela1ErPnPHqUeBBw4AkTBKnDFYWQidsCKgbiZf9U+/inmzuoc9sR/Lxw2DqqkI1g+7JWOkt9dJUpZz9xkk7NzWuBc2r28nhtVwb95JEgH1H7U29G9u+Tlkv1UjoGzStnK9S9AHevtS2Hb6V59nlIvxJGCMvtuaUYOBGzgKE8f7Gq4oHm0J4vgwqy8ootxgZKGUDKzhpPK/bOaYlJzEw4aR7eOBphmdWWgoaTjlYPSVQ2fl1nlYEpCNUziUFgLKq75B73PI9kMPUD4GBzi9tkn8xJR3A66MYdZASsqanq8jrpN/Wi7g4sXz8nZ8TvVludYYSAIXWp+39fOq3L+4nVmzHHs0FaeZ06vgpbcICse8YqBY2rHqesRgy0VCtDnNZdJsYH7c6P01wgWvGEgm/Qwh/4IVvHpBorJxrapTKxnJ0bxCH9kK1B0ggGhS8POzYD42GytE=", "original_type" : "transaction", "nonce" : "PGa9hbsICgFo", "algorithm" : "AEAD_AES_256_GCM" }, "resource_type" : "encrypt-resource", "id" : "0b30992d-09b5-5bd6-bd06-300e2dd13c4e" }
微信客服说返回的顺序不对,应该是下面这种

Image</issue_description>

Comments on the Issue (you are @copilot in this section)

Custom agent used: 全部用中文
需要用中文,包括PR标题和分析总结过程

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@binarywang
修复: 支付公钥模式下回调验证serialNumber空指针异常
1d56c03 
Co-authored-by: binarywang <1343140+binarywang@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix payment callback verification failure for latest version 修复: 支付公钥模式下回调验证失败问题 Dec 2, 2025
Copilot AI requested a review from binarywang December 2, 2025 03:44
@binarywang binarywang marked this pull request as ready for review December 2, 2025 04:07
@binarywang binarywang merged commit f7a196c into develop Dec 2, 2025
1 check failed
@binarywang binarywang deleted the copilot/fix-payment-callback-verification branch December 2, 2025 04:08
@binarywang binarywang added this to the 4.8.0 milestone Dec 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@binarywang binarywang Awaiting requested review from binarywang

Assignees

@binarywang binarywang

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

4.8.0

Development

Successfully merging this pull request may close these issues.

最新版本支付公钥回调验证失败:非法请求,头部信息验证失败 ContentValue支持Contact控件

2 participants

@binarywang