本篇要讲的是:
官方文档:https://pay.weixin.qq.com/wiki/doc/api/tools/mch_pay.php?chapter=14_2
$ lsb_release -a
LSB Version: :core-4.1-amd64:core-4.1-noarch
Distributor ID: CentOS
Description: CentOS Linux release 7.4.1708 (Core)
Release: 7.4.1708
Codename: Core
微信商户平台:https://pay.weixin.qq.com/index.php/core/cert/api_cert
账户中心 --> API安全 --> 下载证书(或者申请)
申请证书的步骤可以按照官方文档提示来做,也可以去网上找资料,很多的教程,这个比较简单,我这里就不说了。我们这里说的是如果配置和代码通过的流程
证书下载后,可以看到三个证书如图
可以看教程:https://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html
在Linux上的CentOS 6安装ca-certificates包:
$ yum install ca-certificates
启用动态CA配置特性
$ update-ca-trust force-enable
把从微信商户平台下载的三个证书的其中两个(apiclient_cert.pem
和apiclient_key.pem
)拷贝到这个目录下
$ /etc/pki/ca-trust/source/anchors/
从本地把证书拷贝到服务器上很简单的,使用scp命令就行
$ scp /User/victor/Desktop/apiclient_cert.pem root@你的服务器IP:/etc/pki/ca-trust/source/anchors/
$ scp /User/victor/Desktop/apiclient_key.pem root@你的服务器IP:/etc/pki/ca-trust/source/anchors/
因为我们项目使用的API是:企业付款到零钱
import hashlib
import string
import random
from xml.etree import ElementTree
import urllib3
def get_nonce_str(self):
return ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(32))
def md5(unencrypted_str):
'''
参考文档:https://docs.python.org/2/library/hashlib.html#module-hashlib
:param unencrypted_str: 未加密字符串
:return: 加密后的字符串
'''
m = hashlib.md5()
m.update(unencrypted_str.encode("utf-8"))
return m.hexdigest()
def generate_signature(self, parameters):
"""
构建请求JSSDK接口时的参数签名
参数名区分大小写
"""
unsinged_str = '&'.join(['{}={}'.format(key, parameters[key]) for key in sorted(parameters)])
unsinged_str += "&key=" + self.merchant_secret
signedstr = self.md5(unsinged_str).upper()
return signedstr
def enterprise_pay_to_person(self, openid, receiver_user_name, amount, remark, spbill_create_ip):
"""
企业付款到零钱
https://pay.weixin.qq.com/wiki/doc/api/tools/mch_pay.php?chapter=14_1
需要用到微信支付证书,请到微信支付商户下载并安装
微信支付HTTPS服务器证书验证指引: https://pay.weixin.qq.com/wiki/doc/api/micropay.php?chapter=23_4
"""
out_trade_no = 你的交易单号
nonce_str = self.get_nonce_str()
parameters = {
"mch_appid" : 你的APP_ID,
"mchid" : 商户号,
"nonce_str" : nonce_str,
# "sign" : "",
"partner_trade_no" : out_trade_no,
"openid" : openid,
"check_name" : "FORCE_CHECK",
"re_user_name" : receiver_user_name,
"amount" : amount, # 企业付款金额,单位为分
"desc" : remark,
"spbill_create_ip" : spbill_create_ip,
}
# 生成签名
parameters["sign"] = self.generate_signature(parameters)
# 构建xml格式的参数
xml_parameters = ""
for key, value in parameters.items():
xml_parameters += "<{}>{}{}>".format(key, value, key)
xml_parameters += ""
# 请求接口
general_url = "https://api.mch.weixin.qq.com/mmpaymkttransfers/promotion/transfers"
# 服务端生产环境
server_root_ca_filepath = "/etc/pki/tls/certs/ca-bundle.crt" # 看文章底部解释
cert_ca_filepath ='/etc/pki/ca-trust/source/anchors/apiclient_cert.pem'
key_ca_filepath = '/etc/pki/ca-trust/source/anchors/apiclient_key.pem'
# 本地测试环境
# server_root_ca_filepath = "/Users/victor/Desktop/1535260341_20190816_cert/cacert.pem"
# cert_ca_filepath = "/Users/victor/Desktop/1535260341_20190816_cert/apiclient_cert.pem"
# key_ca_filepath = "/Users/victor/Desktop/1535260341_20190816_cert/apiclient_key.pem"
# https://stackoverflow.com/questions/23954120/using-certificates-in-urllib3
# 重点关注这里!!!
httpreq = urllib3.PoolManager(cert_reqs='CERT_REQUIRED',
cert_file=cert_ca_filepath,
key_file=key_ca_filepath,
ca_certs=server_root_ca_filepath)
resp = httpreq.request("POST", general_url, headers={ 'Content-Type' : 'application/xml' }, body=xml_parameters.encode("utf-8"))
resp_data = str(resp.data, encoding="utf-8")
# 使用 requests 包来请求尝试
# resp = requests.post(general_url, data=xml_parameters, verify=server_root_ca_filepath)
# resp_data = str(resp.content, encoding="utf-8")
# 解析XML
returned_dict = {}
for child in ElementTree.fromstring(resp_data):
returned_dict[child.tag] = child.text
print(returned_dict)
证书配置错误时提示
{
'return_code': 'SUCCESS',
'return_msg': '证书出错,请登录微信支付商户平台下载证书',
'mch_appid': 'wx54611105e8382140', 'mchid': '1535260341',
'result_code': 'FAIL',
'err_code': 'CA_ERROR',
'err_code_des': '证书出错,请登录微信支付商户平台下载证书'
}
证书配置正确,没有开通企业付款到零钱
的功能时提示
{
'return_code': 'SUCCESS',
'return_msg': 'NO_AUTH',
'mch_appid': 'wx54611105e8382140',
'mchid': '1535260341',
'result_code': 'FAIL',
'err_code': 'NO_AUTH',
'err_code_des': '产品权限验证失败,请查看您当前是否具有该产品的权限'
}
证书配置正确,已经开通企业付款到零钱
的功能时提示:
该功能需要满足公众号90天,且最近30天连续有交易才能开通,所以,我在等
服务器根证书:
/etc/pki/tls/certs/ca-bundle.crt
来自你在CentOS下安装完后就能找到这个目录了
本地的根证书来自:
/Users/victor/Desktop/1535260341_20190816_cert/cacert.pem
来自 https://curl.haxx.se/ca/cacert.pem 微信文档有解释,文档地址:https://pay.weixin.qq.com/wiki/doc/api/micropay.php?chapter=23_4
觉得有用,请点赞,谢谢~