🎨 #3288【微信支付】修复由于微信签名探测导致的验签错误的问题

Author: je45

weixin-java-pay/src/main/java/com/github/binarywang/wxpay/exception/WxSignTestException.java

@@ -0,0 +1,31 @@
+package com.github.binarywang.wxpay.exception;
+
+/**
+ * <pre>
+ *   微信支付签名探测异常类
+ * </pre>
+ * @author je45
+ * @date 2024/11/27 9:35
+ */
+public class WxSignTestException extends WxPayException {
+  private static final long serialVersionUID = -303371909244098058L;
+
+  /**
+   * Instantiates a new Wx pay exception.
+   *
+   * @param customErrorMsg the custom error msg
+   */
+  public WxSignTestException(String customErrorMsg) {
+    super(customErrorMsg);
+  }
+
+  /**
+   * Instantiates a new Wx pay exception.
+   *
+   * @param customErrorMsg the custom error msg
+   * @param tr             the tr
+   */
+  public WxSignTestException(String customErrorMsg, Throwable tr) {
+    super(customErrorMsg, tr);
+  }
+}

weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/BaseWxPayServiceImpl.java

@@ -17,6 +17,7 @@
 import com.github.binarywang.wxpay.constant.WxPayConstants.SignType;
 import com.github.binarywang.wxpay.constant.WxPayConstants.TradeType;
 import com.github.binarywang.wxpay.exception.WxPayException;
+import com.github.binarywang.wxpay.exception.WxSignTestException;
 import com.github.binarywang.wxpay.service.*;
 import com.github.binarywang.wxpay.util.SignUtils;
 import com.github.binarywang.wxpay.util.XmlConfig;
@@ -343,7 +344,11 @@ public WxPayOrderNotifyResult parseOrderNotifyResult(String xmlData, String sign
    * @param data   通知数据
    * @return true:校验通过 false:校验不通过
    */
-  private boolean verifyNotifySign(SignatureHeader header, String data) {
+  private boolean verifyNotifySign(SignatureHeader header, String data) throws WxSignTestException {
+    String wxPaySign = header.getSignature();
+    if(wxPaySign.startsWith("WECHATPAY/SIGNTEST/")){
+      throw new WxSignTestException("微信支付签名探测流量");
+    }
     String beforeSign = String.format("%s\n%s\n%s\n",
       header.getTimeStamp(),
       header.getNonce(),

weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/PayScoreServiceImpl.java

@@ -7,6 +7,7 @@
 import com.github.binarywang.wxpay.bean.payscore.WxPayScoreResult;
 import com.github.binarywang.wxpay.config.WxPayConfig;
 import com.github.binarywang.wxpay.exception.WxPayException;
+import com.github.binarywang.wxpay.exception.WxSignTestException;
 import com.github.binarywang.wxpay.service.PayScoreService;
 import com.github.binarywang.wxpay.service.WxPayService;
 import com.github.binarywang.wxpay.v3.util.AesUtils;
@@ -327,7 +328,11 @@ public WxPayScoreResult decryptNotifyDataResource(PayScoreNotifyData data) throw
    * @param data   通知数据
    * @return true:校验通过 false:校验不通过
    */
-  private boolean verifyNotifySign(SignatureHeader header, String data) {
+  private boolean verifyNotifySign(SignatureHeader header, String data) throws WxSignTestException {
+    String wxPaySign = header.getSigned();
+    if(wxPaySign.startsWith("WECHATPAY/SIGNTEST/")){
+      throw new WxSignTestException("微信支付签名探测流量");
+    }
     String beforeSign = String.format("%s\n%s\n%s\n", header.getTimeStamp(), header.getNonce(), data);
     return payService.getConfig().getVerifier().verify(header.getSerialNo(),
       beforeSign.getBytes(StandardCharsets.UTF_8), header.getSigned());