package com.gaoxiao.framework.controller.gaojia;
import com.gaoxiao.framework.commonfiles.entity.StatusResult;
import com.gaoxiao.framework.commonfiles.utils.PayCommonUtil;
import com.gaoxiao.framework.modules.user.entity.MemberOrder;
import com.gaoxiao.framework.modules.user.enums.StatusEnum;
import com.gaoxiao.framework.modules.user.service.MemberCouponService;
import com.gaoxiao.framework.modules.user.service.MemberOrderService;
import com.tenpay.util.XMLUtil;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.util.HashMap;
import java.util.Map;
import java.util.SortedMap;
import java.util.TreeMap;
/**
* Created by xuxiang on 2016/8/23.
*/
@Controller
@RequestMapping("pay/aliPay")
public class GetAliNotifyUrl {
protected static final Logger LOG = LoggerFactory
.getLogger(GetAliNotifyUrl.class);
@Autowired
private MemberOrderService memberOrderService;
@Autowired
private MemberCouponService memberCouponService;
@RequestMapping(value = "payNotifyUrl", produces = "application/json;charset=UTF-8")
@ResponseBody
public String payNotifyUrl(HttpServletRequest request, HttpServletResponse response) throws Exception {
BufferedReader reader = null;
reader = request.getReader();
String line = "";
String xmlString = null;
StringBuffer inputString = new StringBuffer();
while ((line = reader.readLine()) != null) {
inputString.append(line);
}
xmlString = inputString.toString();
request.getReader().close();
System.out.println("----接收到的數據如下:---" + xmlString);
Map<String, String> map = new HashMap<String, String>();
String result_code = "";
String return_code = "";
String out_trade_no = "";
map = XMLUtil.doXMLParse(xmlString);
result_code = map.get("result_code");
out_trade_no = map.get("out_trade_no");
return_code = map.get("return_code");
if (checkSign(xmlString)) {
this.memberOrderService.updateOrderInfo(out_trade_no);
MemberOrder memberOrder = memberOrderService.get(out_trade_no);
String couponId = memberOrder.getCouponId();
if (StringUtils.isNotEmpty(couponId)) {
memberCouponService.updateStatus(couponId);
}
return returnXML(result_code);
} else {
return returnXML("FAIL");
}
}
private boolean checkSign(String xmlString) {
Map<String, String> map = null;
try {
map = XMLUtil.doXMLParse(xmlString);
} catch (Exception e) {
e.printStackTrace();
}
String signFromAPIResponse = map.get("sign").toString();
if (signFromAPIResponse == "" || signFromAPIResponse == null) {
System.out.println("API返回的數據簽名數據不存在,有可能被第三方篡改!!!");
return false;
}
System.out.println("服務器回包里面的簽名是:" + signFromAPIResponse);
//清掉返回數據對象里面的Sign數據(不能把這個數據也加進去進行簽名),然后用簽名算法進行簽名
map.put("sign", "");
//將API返回的數據根據用簽名算法進行計算新的簽名,用來跟API返回的簽名進行比較
String signForAPIResponse = getSign(map);
if (!signForAPIResponse.equals(signFromAPIResponse)) {
//簽名驗不過,表示這個API返回的數據有可能已經被篡改了
System.out.println("API返回的數據簽名驗證不通過,有可能被第三方篡改!!! signForAPIResponse生成的簽名為" + signForAPIResponse);
return false;
}
System.out.println("恭喜,API返回的數據簽名驗證通過!!!");
return true;
}
private String returnXML(String return_code) {
return "<xml><return_code><![CDATA["
+ return_code
+ "]]></return_code><return_msg><![CDATA[OK]]></return_msg></xml>";
}
public String getSign(Map<String, String> map) {
SortedMap<String, String> signParams = new TreeMap<String, String>();
for (Map.Entry<String, String> stringStringEntry : map.entrySet()) {
signParams.put(stringStringEntry.getKey(), stringStringEntry.getValue());
}
signParams.remove("sign");
String sign = PayCommonUtil.createSign("UTF-8", signParams);
return sign;
}
}
(注:工具類可以參考http://www.cnblogs.com/xu-xiang/p/5797575.html)
