package com.gaoxiao.framework.controller.gaojia;
import com.gaoxiao.framework.commonfiles.entity.StatusResult;
import com.gaoxiao.framework.commonfiles.utils.PayCommonUtil;
import com.gaoxiao.framework.modules.user.entity.MemberOrder;
import com.gaoxiao.framework.modules.user.enums.StatusEnum;
import com.gaoxiao.framework.modules.user.service.MemberCouponService;
import com.gaoxiao.framework.modules.user.service.MemberOrderService;
import com.tenpay.util.XMLUtil;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.util.HashMap;
import java.util.Map;
import java.util.SortedMap;
import java.util.TreeMap;
/**
* Created by xuxiang on 2016/8/23.
*/
@Controller
@RequestMapping("pay/aliPay")
public class GetAliNotifyUrl {
protected static final Logger LOG = LoggerFactory
.getLogger(GetAliNotifyUrl.class);
@Autowired
private MemberOrderService memberOrderService;
@Autowired
private MemberCouponService memberCouponService;
@RequestMapping(value = "payNotifyUrl", produces = "application/json;charset=UTF-8")
@ResponseBody
public String payNotifyUrl(HttpServletRequest request, HttpServletResponse response) throws Exception {
BufferedReader reader = null;
reader = request.getReader();
String line = "";
String xmlString = null;
StringBuffer inputString = new StringBuffer();
while ((line = reader.readLine()) != null) {
inputString.append(line);
}
xmlString = inputString.toString();
request.getReader().close();
System.out.println("----接收到的数据如下:---" + xmlString);
Map<String, String> map = new HashMap<String, String>();
String result_code = "";
String return_code = "";
String out_trade_no = "";
map = XMLUtil.doXMLParse(xmlString);
result_code = map.get("result_code");
out_trade_no = map.get("out_trade_no");
return_code = map.get("return_code");
if (checkSign(xmlString)) {
this.memberOrderService.updateOrderInfo(out_trade_no);
MemberOrder memberOrder = memberOrderService.get(out_trade_no);
String couponId = memberOrder.getCouponId();
if (StringUtils.isNotEmpty(couponId)) {
memberCouponService.updateStatus(couponId);
}
return returnXML(result_code);
} else {
return returnXML("FAIL");
}
}
private boolean checkSign(String xmlString) {
Map<String, String> map = null;
try {
map = XMLUtil.doXMLParse(xmlString);
} catch (Exception e) {
e.printStackTrace();
}
String signFromAPIResponse = map.get("sign").toString();
if (signFromAPIResponse == "" || signFromAPIResponse == null) {
System.out.println("API返回的数据签名数据不存在,有可能被第三方篡改!!!");
return false;
}
System.out.println("服务器回包里面的签名是:" + signFromAPIResponse);
//清掉返回数据对象里面的Sign数据(不能把这个数据也加进去进行签名),然后用签名算法进行签名
map.put("sign", "");
//将API返回的数据根据用签名算法进行计算新的签名,用来跟API返回的签名进行比较
String signForAPIResponse = getSign(map);
if (!signForAPIResponse.equals(signFromAPIResponse)) {
//签名验不过,表示这个API返回的数据有可能已经被篡改了
System.out.println("API返回的数据签名验证不通过,有可能被第三方篡改!!! signForAPIResponse生成的签名为" + signForAPIResponse);
return false;
}
System.out.println("恭喜,API返回的数据签名验证通过!!!");
return true;
}
private String returnXML(String return_code) {
return "<xml><return_code><![CDATA["
+ return_code
+ "]]></return_code><return_msg><![CDATA[OK]]></return_msg></xml>";
}
public String getSign(Map<String, String> map) {
SortedMap<String, String> signParams = new TreeMap<String, String>();
for (Map.Entry<String, String> stringStringEntry : map.entrySet()) {
signParams.put(stringStringEntry.getKey(), stringStringEntry.getValue());
}
signParams.remove("sign");
String sign = PayCommonUtil.createSign("UTF-8", signParams);
return sign;
}
}
(注:工具类可以参考http://www.cnblogs.com/xu-xiang/p/5797575.html)