客戶端提供服務(wù)器給服務(wù)器訂單信息----服務(wù)器端拿到數(shù)據(jù)推送給銀聯(lián)指定的地址----銀聯(lián)給服務(wù)器端返回一個(gè)流水賬號----服務(wù)器將流水賬號返給客戶端
----客戶端由于集成了銀聯(lián)控件,根據(jù)流水賬號調(diào)用銀聯(lián)支付界面進(jìn)行支付----支付完成之后銀聯(lián)會(huì)回調(diào)服務(wù)器端提供的回調(diào)地址----服務(wù)器端根據(jù)回調(diào)參數(shù)處理業(yè)務(wù)邏輯
二,服務(wù)器端主要代碼解析.
upmp.properties
security.key=******//銀聯(lián)技術(shù)給我們提供的商戶密鑰
mer.id=88000000000***** //商戶的銀聯(lián)賬號
mer.back.end.url=/servlet/unionpaycallback//支付成功后銀聯(lián)的回調(diào)地址
mer.front.end.url=http://www.yourdomain.com/your_path/yourFrontEndUrl//支付成功后銀聯(lián)回調(diào)的前段地址,可不填
# message info
version=1.0.0//版本號
charset=UTF-8//編碼
sign.method=MD5//加密方法
# server url
upmp.trade.url=http://222.66.233.198:8080/gateway/merchant/trade//處理交易請求的銀聯(lián)地址
upmp.query.url=http://222.66.233.198:8080/gateway/merchant/query//查詢交易的銀聯(lián)地址
card=6226440123456785//銀聯(lián)提供的測試賬戶
password=111101//銀聯(lián)提供的測試密碼
下面是給銀聯(lián)推送訂單的代碼.
/**
* 銀聯(lián)支付推送給銀聯(lián)
*/
public String executeUnionPayMoney(String auth, String info, String basePath) {
//returnMap--返回的Map
//returnParams--定義的參數(shù)返回類型
Map<String,Object> returnMap = new HashMap<String,Object>();
String result ="";
try{
//把info中的信息解析成map
@SuppressWarnings("unchecked")
Map<String,Object> map = JSON.parseObject(info, Map.class);
OrderDao orderDao = (OrderDao) ac.getBean("orderDao");
if(map.get("order_id")!=null&&!map.get("order_id").equals("")&&
map.get("user_id")!=null&&!map.get("user_id").equals("")&&
map.get("payMoney")!=null&&!map.get("payMoney").equals("")){
//把訂單數(shù)據(jù)推給銀聯(lián)(訂單推送接口),根據(jù)返回結(jié)果是否為true
Order order = orderDao.getById(Long.valueOf(map.get("order_id").toString()));
Map<String, String> req = new HashMap<String, String>();
Map<String, String> reqReservedMap = new HashMap<String, String>();
reqReservedMap.put("user_id", map.get("user_id").toString());
reqReservedMap.put("order_id", map.get("order_id").toString());
reqReservedMap.put("opt", "0");//自己自定義的參數(shù),把Map轉(zhuǎn)換成json字符串,通過請求方保留域reqReserved傳遞給銀聯(lián),方便銀聯(lián)回調(diào)服務(wù)器時(shí),服務(wù)器處理業(yè)務(wù)邏輯使用
req.put("version", UpmpConfig.VERSION);// 版本號
req.put("charset", UpmpConfig.CHARSET);// 字符編碼
req.put("transType", "01");// 交易類型
req.put("merId", UpmpConfig.MER_ID);// 商戶代碼
//req.put("backEndUrl",basePath.substring(0, basePath.length()-1) + UpmpConfig.MER_BACK_END_URL);// 通知URL
req.put("backEndUrl",basePath.substring(0, basePath.length()-1) + UpmpConfig.MER_BACK_END_URL);// 通知URL 我自己提供給銀聯(lián)支付成功后的回調(diào)地址
req.put("frontEndUrl", UpmpConfig.MER_FRONT_END_URL);// 前臺(tái)通知URL(可選)
req.put("orderDescription", "航空機(jī)票付款");// 訂單描述(可選)
req.put("orderTime", new SimpleDateFormat("yyyyMMddHHmmss").format(new Date()));// 交易開始日期時(shí)間yyyyMMddHHmmss
req.put("orderTimeout", "");// 訂單超時(shí)時(shí)間yyyyMMddHHmmss(可選);默認(rèn)的是一小時(shí)
req.put("orderNumber", orderDao.getById(Long.valueOf(map.get("order_id").toString())).getOrderNum());//訂單號(商戶根據(jù)自己需要生成訂單號)
req.put("orderAmount", Integer.valueOf(map.get("payMoney").toString())*100+"");// 訂單金額;因?yàn)檫@里默認(rèn)的單位是分,而通常客戶端傳過來的單位是元,所以需要再此
//處進(jìn)行*100的操作,防止因?yàn)閱挝粨Q算導(dǎo)致支付出現(xiàn)問題,需要注意的是:銀聯(lián)回調(diào)時(shí)你如果從回調(diào)的參數(shù)中拿settleAmount,記得進(jìn)行除100的操作
req.put("orderCurrency", "156");// 交易幣種(可選) 156代表人民幣
req.put("reqReserved", new Gson().toJson(reqReservedMap));// 請求方保留域(可選,用于透傳商戶信息)//此處用于傳遞咱們自己的參數(shù),可以再銀聯(lián)回調(diào)時(shí)使用,
//此處我是以json字符串的方式傳遞參數(shù)的,之后解析json字符串即可獲取相關(guān)參數(shù).
Map<String, String> resp = new HashMap<String, String>();
boolean validResp = UpmpService.trade(req, resp);
if(order.getPayState()==0){
returnMap.put("errcode",-98);
returnMap.put("msg","該訂單已支付");
}else{
// 商戶的業(yè)務(wù)邏輯
if (validResp){
// 服務(wù)器應(yīng)答簽名驗(yàn)證成功
returnMap.put("tn", resp.get("tn"));//交易流水號,默認(rèn)的參數(shù)就是tn
returnMap.put("errcode",0);
returnMap.put("msg","成功返回流水號");
}else {
// 服務(wù)器應(yīng)答簽名驗(yàn)證失敗
returnMap.put("errcode",-100);
returnMap.put("msg","系統(tǒng)出錯(cuò)");
}
}
}else {
returnMap.put("errcode",-9);
returnMap.put("msg","傳值錯(cuò)誤");
}
}catch (Exception e) {
e.printStackTrace();
returnMap.put("errcode",-99);
returnMap.put("msg","服務(wù)器出現(xiàn)異常");
}
result=JSON.toJSONString(returnMap);
return result;
}
CallBackUnionPay.java
這個(gè)是我自己寫的一個(gè)銀聯(lián)回調(diào)的servlet,opt為自定義參數(shù),opt=0代表支付訂單,opt=1代表充值操作
/**
* Alipay.com Inc.
* Copyright (c) 2005-2008 All Rights Reserved.
*/
package com.unionpay.upmp.sdk.callback;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.airplane.base.AbstractExecution;
import com.airplane.dao.AccountDao;
import com.airplane.dao.IntegralDao;
import com.airplane.dao.OrderDao;
import com.airplane.dao.UserDao;
import com.airplane.domain.Account;
import com.airplane.domain.Integral;
import com.airplane.domain.Order;
import com.airplane.domain.User;
import com.google.gson.Gson;
import com.unionpay.upmp.sdk.service.UpmpService;
/**
* 接收通知并處理
*
* @author gxw
*/
public class CallBackUnionPay extends HttpServlet {
private static final long serialVersionUID = 7216412938937049671L;
private static Log logger = LogFactory.getLog(CallBackUnionPay.class);
@SuppressWarnings("unchecked")
public void doPost(HttpServletRequest request, HttpServletResponse response){
logger.info("==============================here===========================");
System.out.println("接收到通知!");
PrintWriter out;
try {
out = response.getWriter();
Map<String,String> params = new HashMap<String,String>();
Map requestParams = request.getParameterMap();
logger.info("request的參數(shù):"+requestParams);
for (Iterator iter = requestParams.keySet().iterator(); iter.hasNext();) {
String name = (String) iter.next();
String[] values = (String[]) requestParams.get(name);
String valueStr = "";
for (int i = 0; i < values.length; i++) {
valueStr = (i == values.length - 1) ? valueStr + values[i]
: valueStr + values[i] + ",";
}
params.put(name, valueStr);
}
logger.info("request處理后的參數(shù):"+params);
Map<String,String> personParams = new Gson().fromJson(params.get("reqReserved"), Map.class);//解析在上一步自定義的json參數(shù),方便處理業(yè)務(wù)邏輯.
if(UpmpService.verifySignature(params)){// 服務(wù)器簽名驗(yàn)證成功
//請?jiān)谶@里加上商戶的業(yè)務(wù)邏輯程序代碼
if("0".equals(personParams.get("opt"))){
String user_id = personParams.get("user_id");
String order_id = personParams.get("order_id");
logger.info("user_id"+user_id+"&order_id="+order_id);
//獲取通知返回參數(shù),可參考接口文檔中通知參數(shù)列表(以下僅供參考)
String transStatus = request.getParameter("transStatus");// 交易狀態(tài)
if (null != transStatus && transStatus.equals("00")) {
// 交易處理成功
}
out.println("success");
}
if("1".equals(personParams.get("opt"))){
String payMoney2 = params.get("settleAmount");
String user_id2 = personParams.get("user_id");
//獲取通知返回參數(shù),可參考接口文檔中通知參數(shù)列表(以下僅供參考)
String transStatus2 = request.getParameter("transStatus");// 交易狀態(tài)
if (null != transStatus2 && transStatus2.equals("00")) {
// 交易處理成功
}
out.println("success");
}
else{// 服務(wù)器簽名驗(yàn)證失敗
out.println("fail");
}
}
}catch (IOException e) {
e.printStackTrace();
logger.error(e);
}
}
/*public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
doPost(request, response);
}*/
}
]]>
2
3 public class PartnerConfig {
4
5 //合作商戶ID。用簽約支付寶賬號登錄ms.alipay.com后,在賬戶信息頁面獲取。
6 public static final String PARTNER = "2088011096718773";
7 // 賬戶ID。用簽約支付寶賬號登錄ms.alipay.com后,在賬戶信息頁面獲取。
8 public static final String SELLER = "2088011096718773";
9 // 商戶(RSA)私鑰
10 public static final String RSA_PRIVATE = "";
11
12 // 支付寶(RSA)公鑰 用簽約支付寶賬號登錄ms.alipay.com后,在密鑰管理頁面獲取。
13 public static final String RSA_ALIPAY_PUBLIC = "";
14
15 }PartnerConfig.java為封裝商家提供的屬性類,參數(shù)全部由商戶提供或者技術(shù)生成
PARTNER 與SELLER 為商戶提供的pid,可以再支付寶ms.alipay.com查看.
RSA_PRIVATE為支付寶提供的openssl-0.9.8k_WIN32(RSA密鑰生成工具)生成商戶私鑰.根據(jù)商戶私鑰生成商戶公鑰(RSA密鑰生成工具),把商戶公鑰在支付寶的私鑰管理頁面進(jìn)行提交,支付寶會(huì)為商戶提供一個(gè)支付寶公鑰既RSA_ALIPAY_PUBLIC字段的值
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.alipay.client.base.PartnerConfig;
import com.alipay.client.security.RSASignature;
/**
* 安全支付支付完成商戶同步處理程序
* 對支付寶返回訂單信息驗(yàn)簽名
*/
public class RSACallBack extends HttpServlet {
private static final long serialVersionUID = -2234271646410251381L;
//簽名成功
public static final String RESULT_CHECK_SIGN_SUCCEED = "T";
//簽名失敗
public static final String RESULT_CHECK_SIGN_FAILED = "F";
@SuppressWarnings("unchecked")
public void doPost(HttpServletRequest request, HttpServletResponse response)throws UnsupportedEncodingException {
//獲得待簽名數(shù)據(jù)和簽名值
String sign = URLDecoder.decode(request.getParameter("sign"),"utf-8");
String content = URLDecoder.decode(request.getParameter("content"),"utf-8");
String retVal = RESULT_CHECK_SIGN_FAILED;
//使用支付寶公鑰驗(yàn)簽名
try {
PrintWriter out = response.getWriter();
if(RSASignature.doCheck(content, sign, PartnerConfig.RSA_ALIPAY_PUBLIC)){
retVal=RESULT_CHECK_SIGN_SUCCEED;
}
response.setContentType("text/html");
System.out.println("retVal : " + retVal);
out.print(retVal);
out.flush();
out.close();
} catch (Exception e) {
e.printStackTrace();
System.out.println("驗(yàn)簽名失敗");
}
}
}
這個(gè)類基本不需要做修改,主要是RESULT_CHECK_SIGN_SUCCEED和RESULT_CHECK_SIGN_FAILED的值必須要與客戶端相應(yīng)代碼的相應(yīng)字段保持一致.這個(gè)類主要是支付完成之后客戶端與服務(wù)器進(jìn)行的一次驗(yàn)簽名,可以用來更新數(shù)據(jù)給客戶端.
* Alipay.com Inc.
* Copyright (c) 2005-2008 All Rights Reserved.
*/
package com.alipay.client.notify;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Date;
import java.util.Map;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.airplane.base.AbstractExecution;
import com.airplane.dao.IntegralDao;
import com.airplane.dao.OrderDao;
import com.airplane.dao.UserDao;
import com.airplane.domain.Integral;
import com.airplane.domain.Order;
import com.airplane.domain.User;
import com.alipay.client.base.PartnerConfig;
import com.alipay.client.security.RSASignature;
/**
* 接收通知并處理
*
* @author 3y
* @version $Id: NotifyReceiver.java, v 0.1 2011-8-15 下午03:11:58 3y Exp $
*/
public class RSANotifyReceiver extends HttpServlet {
private static final long serialVersionUID = 7216412938937049671L;
private static Log logger = LogFactory.getLog(RSANotifyReceiver.class);
@SuppressWarnings("unchecked")
public void doPost(HttpServletRequest request, HttpServletResponse response){
System.out.println("接收到通知!");
//獲得通知參數(shù)
try{
Map map = request.getParameterMap();
//獲得通知簽名
String sign = (String) ((Object[]) map.get("sign"))[0];
logger.info("sign="+sign);
//獲得待驗(yàn)簽名的數(shù)據(jù)
String verifyData = getVerifyData(map);
logger.info("verifyData="+verifyData);
boolean verified = false;
//使用支付寶公鑰驗(yàn)簽名
try {
verified = RSASignature.doCheck(verifyData, sign, PartnerConfig.RSA_ALIPAY_PUBLIC);
logger.info("verified="+verified);
} catch (Exception e) {
e.printStackTrace();
}
PrintWriter out = response.getWriter();
//驗(yàn)證簽名通過
if (verified) {
//根據(jù)交易狀態(tài)處理業(yè)務(wù)邏輯
//當(dāng)交易狀態(tài)成功,處理業(yè)務(wù)邏輯成功。回寫success
logger.info("支付寶支付:保存數(shù)據(jù)庫信息success");
out.print("success");
}else{
out.print("fail");
}
}
}else{
out.print("fail");
}
} else {
System.out.println("接收支付寶系統(tǒng)通知驗(yàn)證簽名失敗,請檢查!");
out.print("fail");
}
}catch (Exception e) {
e.printStackTrace();
logger.info(e);
}
}
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
doPost(request, response);
}
/**
* 獲得驗(yàn)簽名的數(shù)據(jù)
* @param map
* @return
* @throws Exception
*/
@SuppressWarnings("unchecked")
private String getVerifyData(Map map) {
String notify_data = (String) ((Object[]) map.get("notify_data"))[0];
logger.info(notify_data);
return "notify_data="+notify_data;
}
}
RSANotifyReceiver.java是支付寶回調(diào)服務(wù)器的servlet,需要安卓客戶端傳遞該servlet地址及相關(guān)參數(shù)給支付寶,支付寶會(huì)在支付完成之后進(jìn)行回調(diào).回調(diào)之后會(huì)返回消息給支付寶.
* Alipay.com Inc.
* Copyright (c) 2005-2008 All Rights Reserved.
*/
package com.alipay.client.trade;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.Security;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import com.airplane.action.BackStageAction;
import com.alipay.client.base.PartnerConfig;
import com.alipay.client.security.RSASignature;
import com.alipay.client.util.StringUtil;
/**
*
* 安全支付服務(wù)器端處理程序
*
* 1.將業(yè)務(wù)參數(shù):合作商戶ID、 外部交易號、商品名稱、商品的具體描述、商品總價(jià)、賣家?guī)簟otify_url這些參數(shù)按照固定順序簽名
* 2.將簽名結(jié)果返回客戶端
* @author 3Y
*/
public class RSATrade extends HttpServlet {
private static final long serialVersionUID = -3035307235076650766L;
private static Log logger = LogFactory.getLog(RSATrade.class);
static {
Security.addProvider(new BouncyCastleProvider());
}
String basePath="";
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws IOException {
System.out.println("request in");
response.setCharacterEncoding("utf-8");
PrintWriter out = response.getWriter();
logger.info("here");
//得到應(yīng)用服務(wù)器地址
String path = request.getContextPath();
basePath = request.getScheme() + "://" + request.getLocalAddr() + ":"
+ request.getServerPort() + path + "/";
logger.info("here1");
String strReString="";
//檢查商戶PartnerConfig.java文件的配置參數(shù)
logger.info(checkInfo());
if(!checkInfo()){
strReString="<result><is_success>F</is_success><error>缺少partner或者seller," +
"請?jiān)赾om/alipay/client/base/PartnerConfig.java中增加</error></result>";
out.print(strReString);
return;
}
String signData=getSignDate(request);
String sign = sign(signData,PartnerConfig.RSA_PRIVATE);
signData = URLEncoder.encode(signData,"utf-8");
sign = URLEncoder.encode(sign,"utf-8");
logger.info(signData);
logger.info(sign);
//返回待簽名數(shù)據(jù)和簽名數(shù)據(jù)
strReString="<result><is_success>T</is_success><content>"+signData+"</content><sign>"+sign+"</sign></result>";
logger.info(strReString);
//對返回客戶端的數(shù)據(jù)encode
out.print(strReString);
return;
}
//檢查商戶PartnerConfig.java文件的配置參數(shù)
private boolean checkInfo() {
String partner = PartnerConfig.PARTNER;
String seller = PartnerConfig.SELLER;
//如果合作商戶ID為空或者賬號ID為空返回false
if (StringUtil.isBlank(partner) || StringUtil.isBlank(seller))
return false;
return true;
}
/**
* 準(zhǔn)備待簽名的數(shù)據(jù)
*
* @param request
* @return
* @throws UnsupportedEncodingException
*/
private String getSignDate(
HttpServletRequest request) throws UnsupportedEncodingException {
request.setCharacterEncoding("utf-8");
//合作商戶ID
String partner = PartnerConfig.PARTNER;
//賣家?guī)ぬ?/span>
String seller = PartnerConfig.SELLER;
// 外部交易號 這里取當(dāng)前時(shí)間,商戶可根據(jù)自己的情況修改此參數(shù),但保證唯一性
String outTradeNo = System.currentTimeMillis() + "";
String opt = request.getParameter("opt").trim();
String user_id = request.getParameter("user_id").trim();
//opt:0為支付,1為充值
if("0".equals(opt)){
outTradeNo = request.getParameter("order_id").trim();
}else if("1".equals(opt)){
outTradeNo = System.currentTimeMillis() + "";
}
// 商品名稱
String subject = request.getParameter("subject").trim();
// 商品具體描述
String body = request.getParameter("body").trim();
// 商品總價(jià)
String totalFee = request.getParameter("total_fee").trim();
// 接收支付寶發(fā)送的通知的url 商戶可根據(jù)自己的情況修改此參數(shù)
String notify_url = basePath+"servlet/RSANotifyReceiver?opt=" + opt +"&order_id="+outTradeNo+"&user_id="+user_id+"&payMoney="+totalFee;
//組裝待簽名數(shù)據(jù)
String signData = "partner=" + "\"" + partner + "\"";
signData += "&";
signData += "seller=" + "\"" + seller + "\"";
signData += "&";
signData += "out_trade_no=" + "\"" + outTradeNo + "\"";
signData += "&";
signData += "subject=" + "\"" + subject+ "\"";
signData += "&";
signData += "body=" + "\"" + body + "\"";
signData += "&";
signData += "total_fee=" + "\""+ totalFee + "\"";
signData += "&";
signData += "notify_url=" + "\""+notify_url+ "\"";
return signData;
}
/**
* 對參數(shù)進(jìn)行簽名
*
* @param signData 待簽名數(shù)據(jù),key rsa商戶私鑰
* @return
*/
private String sign(String signData,String key) {
System.out.println("signData:"+signData);
String sign = "";
try {
sign = RSASignature.sign(signData, key);
} catch (Exception e1) {
e1.printStackTrace();
}
return sign;
}
}
RSATrade.java為客戶端與服務(wù)器端為商品信息進(jìn)行的簽名操作,簽名完成之后服務(wù)器會(huì)將簽名信息以及回調(diào)地址返給客戶端.客戶端拿到回調(diào)地址交給支付寶進(jìn)行回調(diào).
支付寶流程為:客戶端在支付寶支付之前請求RSATrade.java,此時(shí)服務(wù)器為商品信息注冊簽名,簽名完成之后服務(wù)器把簽名過的商品信息和支付寶的回調(diào)地址(RSANotifyReceiver
)和參數(shù)傳給客戶端,客戶端會(huì)把回調(diào)地址和簽過名的商品信息交給支付寶,支付寶在完成支付之后請求回調(diào)地址,進(jìn)行簽名和公鑰驗(yàn)證,驗(yàn)證成功即可執(zhí)行持久化操作.若操作成功,客戶端會(huì)請求RSACallBack.java類,進(jìn)行客戶端與服務(wù)器端的同步操作.
]]>