From c738464bbd21c42837eaffbc58c4246ebe46c63e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 12 Mar 2026 02:55:12 +0000 Subject: [PATCH 1/3] Initial plan From 32a1169c787da9647a14e53e437d31f325187d6f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 12 Mar 2026 03:11:50 +0000 Subject: [PATCH 2/3] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=EF=BC=9A4.8.0=20?= =?UTF-8?q?=E5=B0=8F=E7=A8=8B=E5=BA=8F=20API=20=E7=AD=BE=E5=90=8D=E9=94=99?= =?UTF-8?q?=E8=AF=AF=E5=AF=BC=E8=87=B4=20getPhoneNumber=20=E8=BF=94?= =?UTF-8?q?=E5=9B=9E=2040234=EF=BC=8C=E6=9B=B4=E6=96=B0=E6=B5=8B=E8=AF=95?= =?UTF-8?q?=E8=A6=86=E7=9B=96=20getPhoneNumber=20=E5=9C=BA=E6=99=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: binarywang <1343140+binarywang@users.noreply.github.com> --- .../api/impl/WxMaSignaturePayloadTest.java | 49 +++++++++++-------- 1 file changed, 29 insertions(+), 20 deletions(-) diff --git a/weixin-java-miniapp/src/test/java/cn/binarywang/wx/miniapp/api/impl/WxMaSignaturePayloadTest.java b/weixin-java-miniapp/src/test/java/cn/binarywang/wx/miniapp/api/impl/WxMaSignaturePayloadTest.java index 82f436fe5..7d1066a0f 100644 --- a/weixin-java-miniapp/src/test/java/cn/binarywang/wx/miniapp/api/impl/WxMaSignaturePayloadTest.java +++ b/weixin-java-miniapp/src/test/java/cn/binarywang/wx/miniapp/api/impl/WxMaSignaturePayloadTest.java @@ -3,16 +3,21 @@ import static org.testng.Assert.assertEquals; import static org.testng.Assert.assertFalse; +import org.testng.annotations.DataProvider; import org.testng.annotations.Test; /** - * 验证同城配送 API 签名 payload 格式的单元测试。 + * 验证小程序 API 签名 payload 格式的单元测试。 * *

直接测试 {@link BaseWxMaServiceImpl#buildSignaturePayload} 生产方法, * 确保待签名串格式符合微信官方规范:
* {@code urlpath\nappid\ntimestamp\npostdata}
* 共 4 个字段,字段间以换行符 {@code \n} 分隔,末尾无额外回车符。 * + *

修复说明:4.8.0 版本在计算签名时错误地将 rsaKeySn 添加到签名串(5 个字段), + * 导致微信服务端返回 40234(invalid signature)。此测试验证修复后签名串格式正确(4 个字段, + * 不含 rsaKeySn),适用于所有走加密访问路径的接口(包括 getPhoneNumber、同城配送等)。 + * * @author GitHub Copilot * @see @@ -22,39 +27,43 @@ public class WxMaSignaturePayloadTest { private static final String URL_PATH = "https://api.weixin.qq.com/cgi-bin/express/intracity/createstore"; + private static final String GET_PHONE_NUMBER_URL_PATH = + "https://api.weixin.qq.com/wxa/business/getuserphonenumber"; private static final String APP_ID = "wx1234567890abcdef"; private static final long TIMESTAMP = 1700000000L; private static final String POST_DATA = "{\"iv\":\"abc\",\"data\":\"xyz\",\"authtag\":\"tag\"}"; private static final String RSA_KEY_SN = "some_serial_number"; /** - * 验证 buildSignaturePayload 返回的待签名串恰好包含 4 个字段, - * 格式为:urlpath\nappid\ntimestamp\npostdata + * 提供不同 API 接口 URL 作为测试数据,用于验证签名串格式在各接口中均符合规范。 */ - @Test - public void testPayloadHasExactlyFourFields() { - String payload = - BaseWxMaServiceImpl.buildSignaturePayload(URL_PATH, APP_ID, TIMESTAMP, POST_DATA); - - String[] parts = payload.split("\n", -1); - assertEquals(parts.length, 4, "待签名串应恰好包含 4 个字段(urlpath、appid、timestamp、postdata)"); - assertEquals(parts[0], URL_PATH, "第 1 段应为 urlpath"); - assertEquals(parts[1], APP_ID, "第 2 段应为 appid"); - assertEquals(parts[2], String.valueOf(TIMESTAMP), "第 3 段应为 timestamp"); - assertEquals(parts[3], POST_DATA, "第 4 段应为 postdata"); + @DataProvider(name = "apiUrlPaths") + public Object[][] apiUrlPaths() { + return new Object[][] { + {URL_PATH, "同城配送 createstore"}, + {GET_PHONE_NUMBER_URL_PATH, "getPhoneNumber"} + }; } /** - * 验证 buildSignaturePayload 返回的待签名串不包含 rsaKeySn。 - * rsaKeySn 应通过请求头 Wechatmp-Serial 传递,而不应出现在签名 payload 中。 + * 验证 buildSignaturePayload 返回的待签名串恰好包含 4 个字段, + * 格式为:urlpath\nappid\ntimestamp\npostdata。 + * 使用多个 URL 验证,覆盖同城配送及 getPhoneNumber 等接口(issue 4.8.0 升级后 40234 错误)。 */ - @Test - public void testPayloadDoesNotContainRsaKeySn() { + @Test(dataProvider = "apiUrlPaths") + public void testPayloadHasExactlyFourFields(String urlPath, String description) { String payload = - BaseWxMaServiceImpl.buildSignaturePayload(URL_PATH, APP_ID, TIMESTAMP, POST_DATA); + BaseWxMaServiceImpl.buildSignaturePayload(urlPath, APP_ID, TIMESTAMP, POST_DATA); + String[] parts = payload.split("\n", -1); + assertEquals(parts.length, 4, + description + " 签名串应恰好包含 4 个字段(urlpath、appid、timestamp、postdata)"); + assertEquals(parts[0], urlPath, description + " 第 1 段应为 urlpath"); + assertEquals(parts[1], APP_ID, description + " 第 2 段应为 appid"); + assertEquals(parts[2], String.valueOf(TIMESTAMP), description + " 第 3 段应为 timestamp"); + assertEquals(parts[3], POST_DATA, description + " 第 4 段应为 postdata"); assertFalse(payload.contains(RSA_KEY_SN), - "待签名串不应包含 rsaKeySn,rsaKeySn 应通过请求头 Wechatmp-Serial 传递"); + description + " 签名串不应包含 rsaKeySn,rsaKeySn 应通过请求头 Wechatmp-Serial 传递"); } /** From 3341b1aa9cf4f791f6c0446c51bc9a0af3e8de4f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 12 Mar 2026 06:41:48 +0000 Subject: [PATCH 3/3] =?UTF-8?q?=E8=A1=A5=E5=85=85=E8=AF=B4=E6=98=8E?= =?UTF-8?q?=EF=BC=9A=E6=9B=B4=E6=96=B0=20buildSignaturePayload=20=E5=92=8C?= =?UTF-8?q?=20getPhoneNumber=20=E7=9A=84=20Javadoc=EF=BC=8C=E6=98=8E?= =?UTF-8?q?=E7=A1=AE=E8=AE=B0=E5=BD=95=204.8.0=20=E7=AD=BE=E5=90=8D=20bug?= =?UTF-8?q?=20=E4=BF=AE=E5=A4=8D=E4=B8=8A=E4=B8=8B=E6=96=87?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: binarywang <1343140+binarywang@users.noreply.github.com> --- .../binarywang/wx/miniapp/api/WxMaUserService.java | 6 ++++++ .../wx/miniapp/api/impl/BaseWxMaServiceImpl.java | 14 ++++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/api/WxMaUserService.java b/weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/api/WxMaUserService.java index 21696701d..008c025f1 100644 --- a/weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/api/WxMaUserService.java +++ b/weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/api/WxMaUserService.java @@ -60,6 +60,12 @@ public interface WxMaUserService { /** * 获取手机号信息,基础库:2.21.2及以上或2023年8月28日起 * + *

若已配置 {@code apiSignatureAesKey} 及 {@code apiSignatureRsaPrivateKey} 开启服务端 API 签名, + * 该接口请求将自动走加密 + RSA 签名路径(见 + * API签名文档)。 + * 签名串格式为 {@code urlpath\nappid\ntimestamp\npostdata}(4 个字段), + * RSA 私钥序列号通过请求头 {@code Wechatmp-Serial} 传递,不包含在签名串中。 + * * @param code 每个code只能使用一次,code的有效期为5min。code获取方式参考手机号快速验证组件 * @return 用户手机号信息 * @throws WxErrorException . diff --git a/weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/api/impl/BaseWxMaServiceImpl.java b/weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/api/impl/BaseWxMaServiceImpl.java index 13b4248e2..6ab0293e0 100644 --- a/weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/api/impl/BaseWxMaServiceImpl.java +++ b/weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/api/impl/BaseWxMaServiceImpl.java @@ -915,11 +915,17 @@ private String base64Encode(byte[] data) { * {@code urlpath\nappid\ntimestamp\npostdata}
* 字段之间使用换行符 {@code \n} 分隔,共 4 个字段,末尾无额外回车符。 * - * @param urlPath 当前请求 API 的 URL,不含 Query 参数 - * @param appId 小程序 AppId - * @param timestamp 签名时的时间戳 - * @param postData 加密后的请求 POST 数据(JSON 字符串) + *

注意:RSA 私钥序列号(rsaKeySn)不应包含在待签名串中,它应通过请求头 + * {@code Wechatmp-Serial} 传递。4.8.0 曾错误地将 rsaKeySn 插入签名串(产生 5 个字段), + * 导致所有走 API 签名路径的接口(包括 {@code getPhoneNumber}、同城配送等)返回 40234 + * {@code invalid signature}。此方法明确使用 4 字段格式以确保签名正确。 + * + * @param urlPath 当前请求 API 的 URL,不含 Query 参数 + * @param appId 小程序 AppId + * @param timestamp 签名时的时间戳 + * @param postData 加密后的请求 POST 数据(JSON 字符串) * @return 拼接好的待签名串 + * @see 微信服务端API签名指南 */ static String buildSignaturePayload(String urlPath, String appId, long timestamp, String postData) { return urlPath + "\n" + appId + "\n" + timestamp + "\n" + postData;