fix(pay): 修复支付宝证书模式的签名验证

- 修改 AbstractAlipayPayClient 类中的签名验证逻辑 - 使用 cert.getPublicKey().getEncoded() 替代 cert.getEncoded() 获取公钥 -确保在证书模式下能够正确验证签名
2025-08-01 14:33:53 +08:00 · 2025-08-01 14:33:53 +08:00 · 5ccf95e34a
parent 5bc4a458be
commit 5ccf95e34a
1 changed files with 24 additions and 23 deletions
--- a/yudao-module-pay/yudao-module-pay-server/src/main/java/cn/iocoder/yudao/module/pay/framework/pay/core/client/impl/alipay/AbstractAlipayPayClient.java
+++ b/yudao-module-pay/yudao-module-pay-server/src/main/java/cn/iocoder/yudao/module/pay/framework/pay/core/client/impl/alipay/AbstractAlipayPayClient.java
@ -1,5 +1,28 @@
 package cn.iocoder.yudao.module.pay.framework.pay.core.client.impl.alipay;
 import static cn.hutool.core.date.DatePattern.NORM_DATETIME_FORMATTER;
 import static cn.iocoder.yudao.module.pay.framework.pay.core.client.impl.alipay.AlipayPayClientConfig.MODE_CERTIFICATE;
 import static cn.iocoder.yudao.module.pay.framework.pay.core.client.impl.alipay.AlipayPayClientConfig.MODE_PUBLIC_KEY;
 import java.nio.charset.StandardCharsets;
 import java.security.cert.X509Certificate;
 import java.time.LocalDateTime;
 import java.util.Collections;
 import java.util.Map;
 import java.util.Objects;
 import java.util.function.Supplier;
 import com.alipay.api.AlipayApiException;
 import com.alipay.api.AlipayConfig;
 import com.alipay.api.AlipayResponse;
 import com.alipay.api.DefaultAlipayClient;
 import com.alipay.api.domain.*;
 import com.alipay.api.internal.util.AlipaySignature;
 import com.alipay.api.internal.util.AntCertificationUtil;
 import com.alipay.api.internal.util.codec.Base64;
 import com.alipay.api.request.*;
 import com.alipay.api.response.*;
 import cn.hutool.core.bean.BeanUtil;
 import cn.hutool.core.date.LocalDateTimeUtil;
 import cn.hutool.core.lang.Assert;
@ -16,32 +39,10 @@ import cn.iocoder.yudao.module.pay.framework.pay.core.client.dto.refund.PayRefun
 import cn.iocoder.yudao.module.pay.framework.pay.core.client.dto.transfer.PayTransferRespDTO;
 import cn.iocoder.yudao.module.pay.framework.pay.core.client.dto.transfer.PayTransferUnifiedReqDTO;
 import cn.iocoder.yudao.module.pay.framework.pay.core.client.impl.AbstractPayClient;
 import com.alipay.api.AlipayApiException;
 import com.alipay.api.AlipayConfig;
 import com.alipay.api.AlipayResponse;
 import com.alipay.api.DefaultAlipayClient;
 import com.alipay.api.domain.*;
 import com.alipay.api.internal.util.AlipaySignature;
 import com.alipay.api.internal.util.AntCertificationUtil;
 import com.alipay.api.internal.util.codec.Base64;
 import com.alipay.api.request.*;
 import com.alipay.api.response.*;
 import lombok.Getter;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
 import java.nio.charset.StandardCharsets;
 import java.security.cert.X509Certificate;
 import java.time.LocalDateTime;
 import java.util.Collections;
 import java.util.Map;
 import java.util.Objects;
 import java.util.function.Supplier;
 import static cn.hutool.core.date.DatePattern.NORM_DATETIME_FORMATTER;
 import static cn.iocoder.yudao.module.pay.framework.pay.core.client.impl.alipay.AlipayPayClientConfig.MODE_CERTIFICATE;
 import static cn.iocoder.yudao.module.pay.framework.pay.core.client.impl.alipay.AlipayPayClientConfig.MODE_PUBLIC_KEY;
 /**
 * 支付宝抽象类，实现支付宝统一的接口、以及部分实现（退款）
 *
@ -353,7 +354,7 @@ public abstract class AbstractAlipayPayClient extends AbstractPayClient<AlipayPa
        } else if (Objects.equals(config.getMode(), MODE_CERTIFICATE)) {
            // 由于 rsaCertCheckV1 的第二个参数是 path，所以不能这么调用！！！通过阅读源码，发现可以采用如下方式！
            X509Certificate cert = AntCertificationUtil.getCertFromContent(config.getAlipayPublicCertContent());
-            String publicKey = Base64.encodeBase64String(cert.getEncoded());
+            String publicKey = Base64.encodeBase64String(cert.getPublicKey().getEncoded());
            verify = AlipaySignature.rsaCheckV1(params, publicKey,
                    StandardCharsets.UTF_8.name(), config.getSignType());
        } else {