微信所有的支付结果都是加密处理的,他和订单支付成功的异步通知不一样。
他的基本返回是:
<xml> <return_code>SUCCESS</return_code> <appid><![CDATA[wx2421b1c4370ec43b]]></appid> <mch_id><![CDATA[10000100]]></mch_id> <nonce_str><![CDATA[TeqClE3i0mvn3DrK]]></nonce_str> <req_info><![CDATA[T87GAHG17TGAHG1TGHAHAHA1Y1CIOA9UGJH1GAHV871HAGAGQYQQPOOJMXNBCXBVNMNMAJAA]]></req_info> </xml>
我们需要对req_info解码才能看到退款的明文
解码后会得到明文:
<root> <out_refund_no><![CDATA[131811191610442717309]]></out_refund_no> <out_trade_no><![CDATA[71106718111915575302817]]></out_trade_no> <refund_account><![CDATA[REFUND_SOURCE_RECHARGE_FUNDS]]></refund_account> <refund_fee><![CDATA[3960]]></refund_fee> <refund_id><![CDATA[50000408942018111907145868882]]></refund_id> <refund_recv_accout><![CDATA[支付用户零钱]]></refund_recv_accout> <refund_request_source><![CDATA[API]]></refund_request_source> <refund_status><![CDATA[SUCCESS]]></refund_status> <settlement_refund_fee><![CDATA[3960]]></settlement_refund_fee> <settlement_total_fee><![CDATA[3960]]></settlement_total_fee> <success_time><![CDATA[2018-11-19 16:24:13]]></success_time> <total_fee><![CDATA[3960]]></total_fee> <transaction_id><![CDATA[4200000215201811190261405420]]></transaction_id> </root>
解密步骤如下:
(1)对加密串A做base64解码,得到加密串B
(2)对商户key做md5,得到32位小写key* ( key设置路径:微信商户平台(pay.weixin.qq.com)-->账户设置-->API安全-->密钥设置 )
(3)用key*对加密串B做AES-256-ECB解密(PKCS7Padding)
秘钥如果是服务商模式,请使用服务商的秘钥,否则使用商户的秘钥。
我们提供下java版的解密方法:
public static String getRefundDecrypt(String reqInfoSecret, String key) { String result = ""; try { Security.addProvider(new BouncyCastleProvider()); sun.misc.BASE64Decoder decoder = new sun.misc.BASE64Decoder(); byte[] bt = decoder.decodeBuffer(reqInfoSecret); String b = new String(bt); String md5key = MD5(key).toLowerCase(); System.out.println(md5key); SecretKey secretKey = new SecretKeySpec(md5key.getBytes(), "AES"); Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC"); cipher.init(Cipher.DECRYPT_MODE, secretKey); byte[] resultbt = cipher.doFinal(bt); result = new String(resultbt); } catch (Exception e) { e.printStackTrace(); } return result; }
OK 代码好了,实测有效