SpringBoot 支付宝沙箱支付 natapp内网穿透
沙箱应用支付宝开放平台 (alipay.com)
1、生成商户私钥、公钥(记得保存)
2、利用商户公钥生成支付宝公钥
Natapp内网穿透
NATAPP-内网穿透 基于ngrok的国内高速内网映射工具
1、注册 登陆 购买隧道
配置好服务的ip地址/域名、端口号
2、下载客户端,解压
3、使用本地配置文件config.ini
使用本地配置文件config.ini - NATAPP-内网穿透 基于ngrok的国内高速内网映射工具
windows下载连接http://download.natapp.cn/assets/downloads/windowsconfig/config.ini
将隧道的authtoken填到config.ini中
#将本文件放置于natapp同级目录 程序将读取 [default] 段
#在命令行参数模式如 natapp -authtoken=xxx 等相同参数将会覆盖掉此配置
#命令行参数 -config= 可以指定任意config.ini文件
[default]
authtoken= #对应一条隧道的authtoken
clienttoken= #对应客户端的clienttoken,将会忽略authtoken,若无请留空,
log=none #log 日志文件,可指定本地文件, none=不做记录,stdout=直接屏幕输出 ,默认为none
loglevel=ERROR #日志等级 DEBUG, INFO, WARNING, ERROR 默认为 DEBUG
http_proxy= #代理设置 如 http://10.123.10.10:3128 非代理上网用户请务必留空
4、双击运行natapp.exe
注意:免费渠道的域名每次启动都会变
SpringBoot集成沙箱支付
1、导入依赖com.alipay.sdk : alipay-sdk-java - Maven Central Repository Search
com.alipay.sdk
alipay-sdk-java
4.34.43.ALL
2、支付请求模板(工具类 用来发请求,调用支付页)
填好生成的商户私钥、支付宝公钥等信息
package com.atguigu.gulimall.order.config;
import com.alipay.api.AlipayApiException;
import com.alipay.api.AlipayClient;
import com.alipay.api.DefaultAlipayClient;
import com.alipay.api.request.AlipayTradePagePayRequest;
import com.atguigu.gulimall.order.vo.PayVo;
import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;
@ConfigurationProperties(prefix = "alipay")
@Component
@Data
public class AlipayTemplate {
//在支付宝创建的应用的id
private String app_id = "2021000120605643";
// 商户私钥,您的PKCS8格式RSA2私钥
private String merchant_private_key = "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCGgFVi3/Wv/T7dwJlCKP+7rwRS9ohLMPXXv9QIlfEFjDnJdMr9n7XIfTwZHd2MnkJfmT1bTtoQlN6pbU9ju+Mrl9Vf/EvB1GU9msJPD4A3n1REJPAMDzHO9d52ssbvL0WFKkQkGwbmcSX8c3ZBN26qahP9kqTtxSbwrT5I14syY2BMbjfilsKD6FkkrM1BgS1tTbiWbvaBiZWY+7AsHveCRXkoq6SdJIjbBH9SozWggDlRnkRoXZ6XwfuPa8ShfqVNbxngWs0umzA8O5me1PMFgYRyW4jfwsvDUZ0l3ONxkmX1tBENSyaXmrhE+uDNetQVYs19mewJzEIm9SsZJMaJAgMBAAECggEATv6yp5a3+rv3H1CN8rCXukiJdpx64gaIbUWqJ7zAySxZiDuDOUCDCJSdJndG9t7ARtt+kNEX/CMjP0kHFqF0Q9cyJ+TLLbUsHOl28+47tO9sE3XKUprd+xqmpPpNIo+V+icfzEDfZZrQ35uEubrv0UDqKsTk/w0K2NI3QZrukxGzbNR43N5uNqaPc1HVqpS8G7/cB2wZc8bm0rIWT839CW/yo1AOTLILpXogOzOffvEvrI+t2MAwFm0yh+VUwoJMoLwRR+UYzu8RuuFad0BvxgAzWi7hdOviSxiWmCk0frzwevYbpQHSicjpWAyPa/4sZkwDj7QpNi3gVDsHz8UgLQKBgQDctcdW+T2SXXlrSYcr4qAyLNjFFRUM/Jwz8nU7HLVN7hJDwq6FQIDMCfBj/oGngU7CpfI6Wg2R8z9g6rlz/pGN7JGBedQ6zWv1YSiaNjMvq2ayNdkdS6c60i01YJB16+KkCvX2Gc5SmkJ50fcu9EouNGIwmwguE0psaBhRkv1RGwKBgQCcAc/bWV4dqPqSJA8Y4ML+nSn9hQjzmJ/5ZnUogJo93w5a/NHtbbQaaVNwSP3lIA9Y0rDHVns/guUEjvLxsiE099ELggm3YN9qJN9CC/jc+ZmtokX+FFCeeFRM8wL1InIMhwjzVmquSBdbWrgk2ig3+en3qkVv0AEmXEfUSNHlKwKBgFMTKQEXt5FMFdPITVS7bMj2EHG+SbolqzXyYSXq3GOE5OMUeFQ3v0MNyqoYtfyys06Y3+AO3WS+RnDYaQ28GFVvYiV2EehAQg6Oj5XcKNAcl/8kPaDFRSDi05lvy3BXZWuRpJsJg5ub7MGlwoCt+u4BUaQx9pZBNJYxaFXsGeVZAoGAASDaOgHpdll0hn4QRePKRUEpvpWpvOlLrugYzNQxSWVFm07czdTPSqmcWuGMRI34znGnqalsdschlOjbxPe+2b05G9Yy78qZkxD1NGsVv7NmcyULUI0hECRap7vSN6eqH4EShYAIgX4v/Q8o6ctSIyWBlbL7kZV1jKt6MYTdT8UCgYAr1uNIajCqUVxaf9/zdC3eW1HQLfg0U4poXMmswUYxMljlPlqq0zUAKT9FsIdCl7lhZfYAHKWDpKDOdw7MpvsMb1GmV+haEERNP2Kt3OEiL+OHPxep6hV6q9dc9ZCenBI6Jap23ZbhYIYkwPBsvbhDj00Ns48R6+Q3l9ycHPsKJw==";
// 支付宝公钥,查看地址:https://openhome.alipay.com/platform/keyManage.htm 对应APPID下的支付宝公钥。
private String alipay_public_key = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmgMIoYr8KxzMnVgSTqFIBQxQIyf77T/Wx6xAWQuG9NBgBvbBhykWgTJJOyKgB1eBoyFGqtJmHilKlYjIe2G7uk/QtUWyNvUxtwihDN/fHMSn2ye7Sqmzf3/7pGwrjD9zEPxfqG+d7UCWv5l4yp6zoiMA0Z3kqAW+Uq+hIBXNLuur9Ur2sgOga64dt7MUGMTHo2GIvr/iP1f7hClNtVyJ6bsGCjf+PQUc7KiPcbb1AUY4ZStHWN4DemToo6REqGgz002ZMesUelCslq+ssPGXpaTsXqCvD6PNpVvDTEkvs3MNfAXUsVY0uJNzgtsA0x2FAOAlDHoYOlUqCAUAq2VBQIDAQAB";
// 服务器[异步通知]页面路径 需http://格式的完整路径,不能加?id=123这类自定义参数,必须外网可以正常访问
// 支付宝会悄悄的给我们发送一个请求,告诉我们支付成功的信息(异步回调地址,内网穿透natapp)
private String notify_url = "http://csbu4q.natappfree.cc/payed/notify";
// 页面跳转同步通知页面路径 需http://格式的完整路径,不能加?id=123这类自定义参数,必须外网可以正常访问
//同步通知,支付成功,一般跳转到成功页
private String return_url = "http://member.gulimall.com/memberOrder.html";
// 签名方式
private String sign_type = "RSA2";
// 字符编码格式
private String charset = "utf-8";
//支付失效时间(支付宝自动收单功能)
private String timeout = "30m";
// 支付宝网关; https://openapi.alipaydev.com/gateway.do
private String gatewayUrl = "https://openapi.alipaydev.com/gateway.do";
public String pay(PayVo vo) throws AlipayApiException {
//AlipayClient alipayClient = new DefaultAlipayClient(AlipayTemplate.gatewayUrl, AlipayTemplate.app_id, AlipayTemplate.merchant_private_key, "json", AlipayTemplate.charset, AlipayTemplate.alipay_public_key, AlipayTemplate.sign_type);
//1、根据支付宝的配置生成一个支付客户端
AlipayClient alipayClient = new DefaultAlipayClient(gatewayUrl,
app_id, merchant_private_key, "json",
charset, alipay_public_key, sign_type);
//2、创建一个支付请求 //设置请求参数
AlipayTradePagePayRequest alipayRequest = new AlipayTradePagePayRequest();
alipayRequest.setReturnUrl(return_url);
alipayRequest.setNotifyUrl(notify_url);
//商户订单号,商户网站订单系统中唯一订单号,必填
String out_trade_no = vo.getOut_trade_no();
//付款金额,必填
String total_amount = vo.getTotal_amount();
//订单名称,必填
String subject = vo.getSubject();
//商品描述,可空
String body = vo.getBody();
//https://opendocs.alipay.com/open/028r8t?scene=22 相关参数
//timeout_express支付失效时间(支付宝自动收单功能)
alipayRequest.setBizContent("{\"out_trade_no\":\""+ out_trade_no +"\","
+ "\"total_amount\":\""+ total_amount +"\","
+ "\"subject\":\""+ subject +"\","
+ "\"body\":\""+ body +"\","
+ "\"timeout_express\":\""+ timeout +"\","
+ "\"product_code\":\"FAST_INSTANT_TRADE_PAY\"}");
String result = alipayClient.pageExecute(alipayRequest).getBody();
//会收到支付宝的响应,响应的是一个页面,只要浏览器显示这个页面,就会自动来到支付宝的收银台页面
System.out.println("支付宝的响应:"+result);
return result;
}
//https://opendocs.alipay.com/open/028wob统一收单交易关闭接口
//可以手动调用支付宝收单功能,防止由于时延问题,在最后一刻支付成功,异步回调(修改订单状态)没到时,订单刚好解锁完成,释放库存
//如果同时传了 out_trade_no和 trade_no,则以 trade_no为准
public String close(String tradeNo,String outTradeNo) throws AlipayApiException {
//获得初始化的AlipayClient
AlipayClient alipayClient = new DefaultAlipayClient(gatewayUrl, app_id, merchant_private_key, "json", charset, alipay_public_key, sign_type);
//设置请求参数
AlipayTradeCloseRequest alipayRequest = new AlipayTradeCloseRequest();
// //商户订单号(商户网站订单系统中唯一订单号)、支付宝交易号
// //请二选一设置
JSONObject bizContent = new JSONObject();
bizContent.put("trade_no", tradeNo);
bizContent.put("out_trade_no", outTradeNo);
alipayRequest.setBizContent(bizContent.toString());
//请求
String result = alipayClient.execute(alipayRequest).getBody();
return result;
}
3、支付请求模板参数Vo
小程序文档 - 支付宝文档中心 (alipay.com) 相关参数,自己按需封装
package com.atguigu.gulimall.order.vo;
import lombok.Data;
@Data
public class PayVo {
private String out_trade_no; // 商户订单号 必填
private String subject; // 订单名称 必填
private String total_amount; // 付款金额 必填
private String body; // 商品描述 可空
}
4、支付宝异步回调Vo(支付成功后的异步回调参数)
异步通知参数说明 - 支付宝文档中心 (alipay.com)
package com.atguigu.gulimall.order.vo;
import lombok.Data;
import lombok.ToString;
@ToString
@Data
public class PayAsyncVo {
private String gmt_create;
private String charset;
private String gmt_payment;
private Date notify_time;
private String subject;
private String sign;
private String buyer_id;//支付者的id
private String body;//订单的信息
private String invoice_amount;//支付金额
private String version;
private String notify_id;//通知id
private String fund_bill_list;
private String notify_type;//通知类型; trade_status_sync
private String out_trade_no;//订单号
private String total_amount;//支付的总额
private String trade_status;//交易状态 TRADE_SUCCESS
private String trade_no;//流水号
private String auth_app_id;//
private String receipt_amount;//商家收到的款
private String point_amount;//
private String app_id;//应用id
private String buyer_pay_amount;//最终支付的金额
private String sign_type;//签名类型
private String seller_id;//商家的id
}
Demo
1、构造好PayVo,通过Alipay工具类调用支付宝支付页
package com.atguigu.gulimall.order.web;
import com.alipay.api.AlipayApiException;
import com.atguigu.gulimall.order.config.AlipayTemplate;
import com.atguigu.gulimall.order.service.OrderService;
import com.atguigu.gulimall.order.vo.PayVo;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class PayWebController {
@Autowired
AlipayTemplate alipayTemplate;
@Autowired
OrderService orderService;
/**
* 1、将支付页让浏览器展示。
* 2、支付成功以后.我们要跳到订单的列表页
@param orderSn
* @return
* @throws AlipayApiException
*/
@ResponseBody
@GetMapping(value = "/payOrder",produces = MediaType.TEXT_HTML_VALUE) //produces = "text/html"
public String payOrder(@RequestParam String orderSn) throws AlipayApiException {
// PayVo payVo = new PayVo();
// payVo.setOut_trade_no(orderSn);//订单号
// payVo.setBody();//订单的备注0
// payVo.setTotal_amount();//付款金额
// payVo.setSubject();//订单的主体
PayVo payVo = orderService.getOrderPay(orderSn); //构建好请求模板的参数
String pay = alipayTemplate.pay(payVo);//通过工具类调用支付页
//返回的是一个页面。将此页面直接交给浏览器就行
System.out.println(pay);
return pay;
}
}
2、用沙箱账号支付成功后,会跳转到你指定的returl_url成功页。并且会给我们指定的异步回调地址notify_url(一定要是公网能访问到的「内网穿透」)发通知。
3、异步回调验签。验签成功,处理业务逻辑代码(修改订单状态)
只要我们收到了支付宝给我们的异步的通知,告诉我们订单支付成功。返回**success **,支付宝就再也不通知
package com.atguigu.gulimall.order.listener;
import com.alipay.api.AlipayApiException;
import com.alipay.api.internal.util.AlipaySignature;
import com.atguigu.gulimall.order.config.AlipayTemplate;
import com.atguigu.gulimall.order.service.OrderService;
import com.atguigu.gulimall.order.vo.PayAsyncVo;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import java.io.UnsupportedEncodingException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
@RestController
public class OrderPayedListener {
@Autowired
AlipayTemplate alipayTemplate;
@Autowired
OrderService orderService;
@PostMapping("/payed/notify")
public String handleAlipayed(PayAsyncVo vo, HttpServletRequest request) throws AlipayApiException, UnsupportedEncodingException {
//只要我们收到了支付宝给我们的异步的通知,告诉我们订单支付成功。返回success,支付宝就再也不通知
// Map map = request.getParameterMap();
// for (String key : map.keySet()) {
// String value = request.getParameter(key);
// System.out.println("参数名:"+key+"-->参数值:"+value);
// }
//TODO 验签
//获取支付宝POST过来反馈信息
Map<String,String> params = new HashMap<String,String>();
Map<String,String[]> requestParams = request.getParameterMap();
for (Iterator<String> iter = requestParams.keySet().iterator(); iter.hasNext();) {
String name = (String) iter.next();
String[] values = (String[]) requestParams.get(name);
String valueStr = "";
for (int i = 0; i < values.length; i++) {
valueStr = (i == values.length - 1) ? valueStr + values[i]
: valueStr + values[i] + ",";
}
//乱码解决,这段代码在出现乱码时使用
// valueStr = new String(valueStr.getBytes("ISO-8859-1"), "utf-8");
params.put(name, valueStr);
}
//调用SDK验证签名
boolean signVerified = AlipaySignature.rsaCheckV1(params, alipayTemplate.getAlipay_public_key(), alipayTemplate.getCharset(), alipayTemplate.getSign_type());
if (signVerified){
System.out.println("签名验证成功...");
//验签成功,处理业务逻辑代码
String result = orderService.handlePayResult(vo);
return result;
// return "success";
}else{
System.out.println("签名验证失败...");
return "error";
}
}
}
4、收单
1、订单在支付页,不支付,一直刷新,订单过期了才支付,订单状态改为已支付了,但是库存解锁了。
- 使用支付宝自动收单功能解决。只要一段时间不支付,就不能支付了。
private String timeout = "30m"; //Alipay工具类中指定
2、由于时延等问题。订单解锁完成,正在解锁库存的时候,异步通知才到
- 订单解锁,手动调用收单
alipayTemplate.close(orderEntity.getOrderSn(),null);
3、网络阻塞问题,订单支付成功的异步通知一直不到达
- 查询订单列表时,ajax获取当前未支付的订单状态,查询订单状态时,再获取一下支付宝此订单的状态
4、其他各种问题
- 每天晚上闲时下载支付宝对账单,一一进行对账
丑域名访问Nginx转给网关集群时会丢失Host头(order.gulimall.com)
