From 13ad1545b68e575deb1790f3a32788eec9a666a9 Mon Sep 17 00:00:00 2001 From: egan Date: Sun, 10 Dec 2017 22:29:53 +0800 Subject: [PATCH] =?UTF-8?q?=E9=93=B6=E8=81=94=E5=9F=BA=E7=A1=80=E5=AE=8C?= =?UTF-8?q?=E6=88=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../pay/common/api/BasePayConfigStorage.java | 45 + .../pay/common/api/PayConfigStorage.java | 12 + .../pay/common/util/sign/CertDescriptor.java | 315 +++++++ .../pay/common/util/sign/SignUtils.java | 2 +- .../pay/common/util/sign/encrypt/RSA.java | 63 +- .../pay/common/util/sign/encrypt/RSA2.java | 27 +- .../pay/demo/controller/PayController.java | 7 +- pay-java-union/README.md | 67 ++ .../pay/union/api/UnionPayConfigStorage.java | 27 + .../egzosn/pay/union/api/UnionPayService.java | 53 +- .../com/egzosn/pay/union/sdk/CertUtil.java | 790 ------------------ .../com/egzosn/pay/union/sdk/SDKConfig.java | 679 --------------- 12 files changed, 578 insertions(+), 1509 deletions(-) create mode 100644 pay-java-common/src/main/java/com/egzosn/pay/common/util/sign/CertDescriptor.java create mode 100644 pay-java-union/README.md delete mode 100644 pay-java-union/src/main/java/com/egzosn/pay/union/sdk/CertUtil.java delete mode 100644 pay-java-union/src/main/java/com/egzosn/pay/union/sdk/SDKConfig.java diff --git a/pay-java-common/src/main/java/com/egzosn/pay/common/api/BasePayConfigStorage.java b/pay-java-common/src/main/java/com/egzosn/pay/common/api/BasePayConfigStorage.java index cc7ebd0..389778f 100644 --- a/pay-java-common/src/main/java/com/egzosn/pay/common/api/BasePayConfigStorage.java +++ b/pay-java-common/src/main/java/com/egzosn/pay/common/api/BasePayConfigStorage.java @@ -1,6 +1,9 @@ package com.egzosn.pay.common.api; import com.egzosn.pay.common.bean.MsgType; +import com.egzosn.pay.common.bean.result.PayException; +import com.egzosn.pay.common.exception.PayErrorException; +import com.egzosn.pay.common.util.sign.CertDescriptor; import java.util.concurrent.locks.Lock; import java.util.concurrent.locks.ReentrantLock; @@ -15,11 +18,19 @@ import java.util.concurrent.locks.ReentrantLock; */ public abstract class BasePayConfigStorage implements PayConfigStorage{ + /** + * 证书管理器 + */ + private volatile CertDescriptor certDescriptor; /** * 应用私钥,rsa_private pkcs8格式 生成签名时使用 */ private volatile String keyPrivate; + /** + * 应用私钥,rsa_private pkcs8格式 生成签名时使用 + */ + private volatile String keyPrivateCertPwd; /** * 支付平台公钥(签名校验使用) */ @@ -70,6 +81,21 @@ public abstract class BasePayConfigStorage implements PayConfigStorage{ */ private boolean isTest = false; + /** + * 是否为证书签名 + */ + private boolean isCertSign = false; + + + public CertDescriptor getCertDescriptor() { + if (!isCertSign){ + throw new PayErrorException(new PayException("certDescriptor fail", "isCertSign is false")); + } + if(null == certDescriptor){ + certDescriptor = new CertDescriptor(); + } + return certDescriptor; + } @Override public String getKeyPrivate() { @@ -80,6 +106,14 @@ public abstract class BasePayConfigStorage implements PayConfigStorage{ this.keyPrivate = keyPrivate; } + public String getKeyPrivateCertPwd() { + return keyPrivateCertPwd; + } + + public void setKeyPrivateCertPwd(String keyPrivateCertPwd) { + this.keyPrivateCertPwd = keyPrivateCertPwd; + } + @Override public String getKeyPublic() { return keyPublic; @@ -207,4 +241,15 @@ public abstract class BasePayConfigStorage implements PayConfigStorage{ public void setTest(boolean test) { isTest = test; } + + public boolean isCertSign() { + return isCertSign; + } + + public void setCertSign(boolean certSign) { + isCertSign = certSign; + if (certSign){ + certDescriptor = new CertDescriptor(); + } + } } diff --git a/pay-java-common/src/main/java/com/egzosn/pay/common/api/PayConfigStorage.java b/pay-java-common/src/main/java/com/egzosn/pay/common/api/PayConfigStorage.java index f5321fc..8d1ba85 100644 --- a/pay-java-common/src/main/java/com/egzosn/pay/common/api/PayConfigStorage.java +++ b/pay-java-common/src/main/java/com/egzosn/pay/common/api/PayConfigStorage.java @@ -1,6 +1,7 @@ package com.egzosn.pay.common.api; import com.egzosn.pay.common.bean.MsgType; +import com.egzosn.pay.common.util.sign.CertDescriptor; import java.util.concurrent.locks.Lock; @@ -14,6 +15,17 @@ import java.util.concurrent.locks.Lock; */ public interface PayConfigStorage { + /** + * 获取证书解释器 + * @return 证书解释器 + */ + CertDescriptor getCertDescriptor(); + + /** + * 获取私钥证书密码 + * @return 私钥证书密码 + */ + String getKeyPrivateCertPwd(); /** * 应用id * @return 应用id diff --git a/pay-java-common/src/main/java/com/egzosn/pay/common/util/sign/CertDescriptor.java b/pay-java-common/src/main/java/com/egzosn/pay/common/util/sign/CertDescriptor.java new file mode 100644 index 0000000..cab3c4e --- /dev/null +++ b/pay-java-common/src/main/java/com/egzosn/pay/common/util/sign/CertDescriptor.java @@ -0,0 +1,315 @@ +/** + * + * Licensed Property to China UnionPay Co., Ltd. + * + * (C) Copyright of China UnionPay Co., Ltd. 2010 + * All Rights Reserved. + * + * + * Modification History: + * ============================================================================= + * Author Date Description + * ------------ ---------- --------------------------------------------------- + * xshu 2014-05-28 证书工具类. + * ============================================================================= + */ +package com.egzosn.pay.common.util.sign; + +import com.egzosn.pay.common.util.str.StringUtils; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import java.io.*; +import java.math.BigInteger; +import java.security.*; +import java.security.cert.*; +import java.security.spec.RSAPublicKeySpec; +import java.util.*; + + +/** + * @ClassName: CertDescriptor + * @Description: acpsdk证书工具类,主要用于对证书的加载和使用 + * @date 2016-7-22 下午2:46:20 + * 声明:以下代码只是为了方便接入方测试而提供的样例代码,商户可以根据自己需要,按照技术文档编写。该代码仅供参考,不提供编码,性能,规范性等方面的保障 + */ +public class CertDescriptor { + protected static final Log log = LogFactory.getLog(CertDescriptor.class); + /** 证书容器,存储对商户请求报文签名私钥证书. */ + private KeyStore keyStore = null; + + /** 验签中级证书 */ + private X509Certificate publicKeyCert = null; + + + + + /** + * 通过证书路径初始化为公钥证书 + * @param path + * @return + */ + private static X509Certificate initCert(String path) { + X509Certificate encryptCertTemp = null; + CertificateFactory cf = null; + FileInputStream in = null; + try { + cf = CertificateFactory.getInstance("X.509", "BC"); + in = new FileInputStream(path); + encryptCertTemp = (X509Certificate) cf.generateCertificate(in); + // 打印证书加载信息,供测试阶段调试 + log.warn("[" + path + "][CertId=" + + encryptCertTemp.getSerialNumber().toString() + "]"); + } catch (CertificateException e) { + log.error("InitCert Error", e); + } catch (FileNotFoundException e) { + log.error("InitCert Error File Not Found", e); + } catch (NoSuchProviderException e) { + log.error("LoadVerifyCert Error No BC Provider", e); + } finally { + if (null != in) { + try { + in.close(); + } catch (IOException e) { + log.error(e.toString()); + } + } + } + return encryptCertTemp; + } + + /** + * 通过keyStore 获取私钥签名证书PrivateKey对象 + * + * @return + */ + public PrivateKey getSignCertPrivateKey() { + try { + Enumeration aliasenum = keyStore.aliases(); + String keyAlias = null; + if (aliasenum.hasMoreElements()) { + keyAlias = aliasenum.nextElement(); + } + PrivateKey privateKey = (PrivateKey) keyStore.getKey(keyAlias, + "SDKConfig.getConfig().getSignCertPwd()".toCharArray()); + return privateKey; + } catch (KeyStoreException e) { + log.error("getSignCertPrivateKey Error", e); + return null; + } catch (UnrecoverableKeyException e) { + log.error("getSignCertPrivateKey Error", e); + return null; + } catch (NoSuchAlgorithmException e) { + log.error("getSignCertPrivateKey Error", e); + return null; + } + } + + + + + /** + * 配置的签名私钥证书certId + * + * @return 证书的物理编号 + */ + public String getSignCertId() { + try { + Enumeration aliasenum = keyStore.aliases(); + String keyAlias = null; + if (aliasenum.hasMoreElements()) { + keyAlias = aliasenum.nextElement(); + } + X509Certificate cert = (X509Certificate) keyStore + .getCertificate(keyAlias); + return cert.getSerialNumber().toString(); + } catch (Exception e) { + log.error("getSignCertId Error", e); + return null; + } + } + + + + + /** + * 将签名私钥证书文件读取为证书存储对象 + * + * @param signCertPath + * 证书文件名 + * @param signCertPwd + * 证书密码 + * @param signCertType + * 证书类型 + */ + public void initPrivateSignCert(String signCertPath, String signCertPwd, String signCertType) { + + if (null != keyStore) { + keyStore = null; + } + try { + keyStore = getKeyInfo(signCertPath, + signCertPwd,signCertType); + log.info("InitSignCert Successful. CertId=[" + + getSignCertId() + "]"); + } catch (IOException e) { + log.error("InitSignCert Error", e); + } + } + + /** + * 将签名私钥证书文件读取为证书存储对象 + * + * @param pfxkeyfile + * 证书文件名 + * @param keypwd + * 证书密码 + * @param type + * 证书类型 + * @return 证书对象 + * @throws IOException + */ + private KeyStore getKeyInfo(String pfxkeyfile, String keypwd, + String type) throws IOException { + log.warn("加载签名证书==>" + pfxkeyfile); + FileInputStream fis = null; + try { + KeyStore ks = KeyStore.getInstance(type, "BC"); + log.warn("Load RSA CertPath=[" + pfxkeyfile + "],Pwd=["+ keypwd + "],type=["+type+"]"); + fis = new FileInputStream(pfxkeyfile); + char[] nPassword = null; + nPassword = null == keypwd || "".equals(keypwd.trim()) ? null: keypwd.toCharArray(); + if (null != ks) { + ks.load(fis, nPassword); + } + return ks; + } catch (Exception e) { + log.error("getKeyInfo Error", e); + return null; + } finally { + if(null!=fis) + fis.close(); + } + } + + + /** + * 通过keystore获取私钥证书的certId值 + * @param keyStore + * @return + */ + private String getCertIdIdByStore(KeyStore keyStore) { + Enumeration aliasenum = null; + try { + aliasenum = keyStore.aliases(); + String keyAlias = null; + if (aliasenum.hasMoreElements()) { + keyAlias = aliasenum.nextElement(); + } + X509Certificate cert = (X509Certificate) keyStore + .getCertificate(keyAlias); + return cert.getSerialNumber().toString(); + } catch (KeyStoreException e) { + log.error("getCertIdIdByStore Error", e); + return null; + } + } + + /** + * 使用模和指数生成RSA公钥 注意:此代码用了默认补位方式,为RSA/None/PKCS1Padding,不同JDK默认的补位方式可能不同 + * + * @param modulus + * 模 + * @param exponent + * 指数 + * @return + */ + private PublicKey getPublicKey(String modulus, String exponent) { + try { + BigInteger b1 = new BigInteger(modulus); + BigInteger b2 = new BigInteger(exponent); + KeyFactory keyFactory = KeyFactory.getInstance("RSA", "BC"); + RSAPublicKeySpec keySpec = new RSAPublicKeySpec(b1, b2); + return keyFactory.generatePublic(keySpec); + } catch (Exception e) { + log.error("构造RSA公钥失败:" + e); + return null; + } + } + + /** + * 将字符串转换为X509Certificate对象. + * + * @param x509CertString + * @return + */ + public X509Certificate genCertificateByStr(String x509CertString) { + X509Certificate x509Cert = null; + try { + CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC"); + InputStream tIn = new ByteArrayInputStream(x509CertString.getBytes("ISO-8859-1")); + x509Cert = (X509Certificate) cf.generateCertificate(tIn); + } catch (Exception e) { + log.error("gen certificate error", e); + } + return x509Cert; + } + + /** + * 用配置文件acp_sdk.properties配置路径 加载敏感信息加密证书 + */ + public void initPublicCert(String certPath) { + if (!StringUtils.isEmpty(certPath)) { + publicKeyCert = initCert(certPath); + log.info("Load MiddleCert Successful"); + } else { + log.info("WARN: acpsdk.middle.path is empty"); + } + } + /** + * 从配置文件acp_sdk.properties中获取验签公钥使用的中级证书 + * @return + */ + public X509Certificate getPublicCert() { + return publicKeyCert; + } + + + /** + * 获取证书的CN + * @param aCert + * @return + */ + private String getIdentitiesFromCertficate(X509Certificate aCert) { + String tDN = aCert.getSubjectDN().toString(); + String tPart = ""; + if ((tDN != null)) { + String tSplitStr[] = tDN.substring(tDN.indexOf("CN=")).split("@"); + if (tSplitStr != null && tSplitStr.length > 2 + && tSplitStr[2] != null) + tPart = tSplitStr[2]; + } + return tPart; + } + + + + + + /** + * 证书文件过滤器 + * + */ + static class CerFilter implements FilenameFilter { + public boolean isCer(String name) { + if (name.toLowerCase().endsWith(".cer")) { + return true; + } else { + return false; + } + } + public boolean accept(File dir, String name) { + return isCer(name); + } + } + +} diff --git a/pay-java-common/src/main/java/com/egzosn/pay/common/util/sign/SignUtils.java b/pay-java-common/src/main/java/com/egzosn/pay/common/util/sign/SignUtils.java index 22962ac..1e03f5b 100644 --- a/pay-java-common/src/main/java/com/egzosn/pay/common/util/sign/SignUtils.java +++ b/pay-java-common/src/main/java/com/egzosn/pay/common/util/sign/SignUtils.java @@ -121,7 +121,7 @@ public enum SignUtils { * @return 去掉空值与签名参数后的新签名,拼接后字符串 */ public static String parameterText(Map parameters, String separator) { - return parameterText(parameters, separator, "sign", "key", "sign_type"); + return parameterText(parameters, separator, "signature", "sign", "key", "sign_type"); } /** diff --git a/pay-java-common/src/main/java/com/egzosn/pay/common/util/sign/encrypt/RSA.java b/pay-java-common/src/main/java/com/egzosn/pay/common/util/sign/encrypt/RSA.java index 430dd01..26aef76 100644 --- a/pay-java-common/src/main/java/com/egzosn/pay/common/util/sign/encrypt/RSA.java +++ b/pay-java-common/src/main/java/com/egzosn/pay/common/util/sign/encrypt/RSA.java @@ -5,6 +5,7 @@ import javax.crypto.Cipher; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.InputStream; +import java.io.UnsupportedEncodingException; import java.security.KeyFactory; import java.security.PrivateKey; import java.security.PublicKey; @@ -47,22 +48,22 @@ public class RSA{ return null; } + + /** * RSA签名 * @param content 待签名数据 * @param privateKey 私钥 + * @param signAlgorithms 签名算法 + * @param characterEncoding 编码格式 * @return 签名值 */ - public static String sign(byte[] content,PrivateKey privateKey) { + public static String sign(String content, PrivateKey privateKey, String signAlgorithms, String characterEncoding) { try { - - java.security.Signature signature = java.security.Signature.getInstance(privateKey.getAlgorithm()); - + java.security.Signature signature = java.security.Signature.getInstance(signAlgorithms); signature.initSign(privateKey); - signature.update(content); - + signature.update(content.getBytes(characterEncoding)); byte[] signed = signature.sign(); - return Base64.encode(signed); } catch (Exception e) { e.printStackTrace(); @@ -71,6 +72,7 @@ public class RSA{ return null; } + /** * RSA签名 * @param content 待签名数据 @@ -82,6 +84,17 @@ public class RSA{ return sign(content, privateKey, SIGN_ALGORITHMS, characterEncoding); } + /** + * RSA签名 + * @param content 待签名数据 + * @param privateKey 私钥 + * @param characterEncoding 编码格式 + * @return 签名值 + */ + public static String sign(String content, PrivateKey privateKey ,String characterEncoding){ + return sign(content, privateKey, SIGN_ALGORITHMS, characterEncoding); + } + /** * RSA验签名检查 * @param content 待签名数据 @@ -105,6 +118,27 @@ public class RSA{ } return false; } + + /** + * RSA验签名检查 + * @param content 待签名数据 + * @param sign 签名值 + * @param publicKey 公钥 + * @param signAlgorithms 签名算法 + * @param characterEncoding 编码格式 + * @return 布尔值 + */ + public static boolean verify(String content, String sign, PublicKey publicKey, String signAlgorithms, String characterEncoding){ + try { + java.security.Signature signature = java.security.Signature.getInstance(signAlgorithms); + signature.initVerify(publicKey); + signature.update( content.getBytes(characterEncoding) ); + return signature.verify( Base64.decode(sign) ); + } catch (Exception e) { + e.printStackTrace(); + } + return false; + } /** * RSA验签名检查 * @param content 待签名数据 @@ -117,7 +151,20 @@ public class RSA{ return verify(content, sign, publicKey, SIGN_ALGORITHMS, characterEncoding); } - + + + /** + * RSA验签名检查 + * @param content 待签名数据 + * @param sign 签名值 + * @param publicKey 公钥 + * @param characterEncoding 编码格式 + * @return 布尔值 + */ + public static boolean verify(String content, String sign, PublicKey publicKey, String characterEncoding){ + return verify(content, sign, publicKey, SIGN_ALGORITHMS, characterEncoding); + } + /** * 解密 * @param content 密文 diff --git a/pay-java-common/src/main/java/com/egzosn/pay/common/util/sign/encrypt/RSA2.java b/pay-java-common/src/main/java/com/egzosn/pay/common/util/sign/encrypt/RSA2.java index 3caac65..a4c59c4 100644 --- a/pay-java-common/src/main/java/com/egzosn/pay/common/util/sign/encrypt/RSA2.java +++ b/pay-java-common/src/main/java/com/egzosn/pay/common/util/sign/encrypt/RSA2.java @@ -2,6 +2,7 @@ package com.egzosn.pay.common.util.sign.encrypt; import java.security.PrivateKey; +import java.security.PublicKey; public class RSA2 { @@ -16,6 +17,16 @@ public class RSA2 { + /** + * RSA签名 + * @param content 待签名数据 + * @param privateKey 私钥 + * @param characterEncoding 编码格式 + * @return 签名值 + */ + public static String sign(String content, PrivateKey privateKey ,String characterEncoding){ + return RSA.sign(content, privateKey, SIGN_SHA256RSA_ALGORITHMS, characterEncoding); + } /** * RSA验签名检查 @@ -29,7 +40,21 @@ public class RSA2 { return RSA.verify(content, sign, publicKey, SIGN_SHA256RSA_ALGORITHMS, characterEncoding ); } - + + + + /** + * RSA验签名检查 + * @param content 待签名数据 + * @param sign 签名值 + * @param publicKey 公钥 + * @param characterEncoding 编码格式 + * @return 布尔值 + */ + public static boolean verify(String content, String sign, PublicKey publicKey, String characterEncoding){ + return RSA.verify(content, sign, publicKey, SIGN_SHA256RSA_ALGORITHMS, characterEncoding); + } + /** * 解密 * @param content 密文 diff --git a/pay-java-demo/src/main/java/com/egzosn/pay/demo/controller/PayController.java b/pay-java-demo/src/main/java/com/egzosn/pay/demo/controller/PayController.java index 0a10ba9..66c3cf0 100644 --- a/pay-java-demo/src/main/java/com/egzosn/pay/demo/controller/PayController.java +++ b/pay-java-demo/src/main/java/com/egzosn/pay/demo/controller/PayController.java @@ -13,9 +13,6 @@ import com.egzosn.pay.demo.entity.PayType; import com.egzosn.pay.demo.request.QueryOrder; import com.egzosn.pay.demo.service.ApyAccountService; import com.egzosn.pay.demo.service.PayResponse; -import com.egzosn.pay.union.api.UnionPayService; -import com.egzosn.pay.union.enums.UnionTransactionType; -import com.egzosn.pay.union.request.UnionQueryOrder; import com.egzosn.pay.wx.bean.WxTransactionType; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; @@ -344,13 +341,13 @@ public class PayController { * @param order 订单的请求体 * @return 返回查询回来的结果集,支付方原值返回 */ - @RequestMapping("unionRefundOrConsumeUndo") +/* @RequestMapping("unionRefundOrConsumeUndo") public Map unionQuery(UnionQueryOrder order,String transactionType) { PayResponse payResponse = service.getPayResponse(order.getPayId()); UnionPayService service = (UnionPayService)payResponse.getService(); return service.unionRefundOrConsumeUndo(order,UnionTransactionType.valueOf(transactionType)); - } + }*/ /** * 交易关闭接口 diff --git a/pay-java-union/README.md b/pay-java-union/README.md new file mode 100644 index 0000000..f59a937 --- /dev/null +++ b/pay-java-union/README.md @@ -0,0 +1,67 @@ + + +## 微信支付简单例子 + +#### 支付配置 + +```java + + UnionPayConfigStorage configStorage = new UnionPayConfigStorage(); + configStorage.setMchId("合作者id(商户号)"); + configStorage.setAppid("应用id"); + configStorage.setKeyPublic("密钥"); + configStorage.setKeyPrivate("密钥"); + configStorage.setNotifyUrl("异步回调地址"); + configStorage.setReturnUrl("同步回调地址"); + configStorage.setSignType("签名方式"); + configStorage.setInputCharset("utf-8"); + //是否为测试账号,沙箱环境 此处暂未实现 + configStorage.setTest(true); + +``` + +#### 网络请求配置 + +```java + + HttpConfigStorage httpConfigStorage = new HttpConfigStorage(); + /* 网路代理配置 根据需求进行设置**/ + //http代理地址 + httpConfigStorage.setHttpProxyHost("192.168.1.69"); + //代理端口 + httpConfigStorage.setHttpProxyPort(3308); + //代理用户名 + httpConfigStorage.setHttpProxyUsername("user"); + //代理密码 + httpConfigStorage.setHttpProxyPassword("password"); + /* /网路代理配置 根据需求进行设置**/ + + /* 网络请求ssl证书 根据需求进行设置**/ + //设置ssl证书路径 + httpConfigStorage.setKeystorePath("证书绝对路径"); + //设置ssl证书对应的密码 + httpConfigStorage.setStorePassword("证书对应的密码"); + /* /网络请求ssl证书**/ + +``` + +#### 创建支付服务 + +```java + + //支付服务 + PayService service = new WxPayService(configStorage); + + //设置网络请求配置根据需求进行设置 + //service.setRequestTemplateConfigStorage(httpConfigStorage) + +``` + +#### 创建支付订单信息 + +```java + + //支付订单基础信息 + PayOrder payOrder = new PayOrder("订单title", "摘要", new BigDecimal(0.01) , UUID.randomUUID().toString().replace("-", "")); + +``` diff --git a/pay-java-union/src/main/java/com/egzosn/pay/union/api/UnionPayConfigStorage.java b/pay-java-union/src/main/java/com/egzosn/pay/union/api/UnionPayConfigStorage.java index dc763af..d79b28a 100644 --- a/pay-java-union/src/main/java/com/egzosn/pay/union/api/UnionPayConfigStorage.java +++ b/pay-java-union/src/main/java/com/egzosn/pay/union/api/UnionPayConfigStorage.java @@ -2,6 +2,7 @@ package com.egzosn.pay.union.api; import com.egzosn.pay.common.api.BasePayConfigStorage; + /** * @author Actinia * @email hayesfu@qq.com @@ -11,11 +12,17 @@ import com.egzosn.pay.common.api.BasePayConfigStorage; */ public class UnionPayConfigStorage extends BasePayConfigStorage { + /** * 商户号 */ private volatile String merId; + /** + * 应用私钥,rsa_private pkcs8格式 生成签名时使用 + */ + private volatile String keyPrivatePwd; + /** * 商户收款账号 */ @@ -30,6 +37,26 @@ public class UnionPayConfigStorage extends BasePayConfigStorage { private volatile String accessType = "0"; + @Override + public void setKeyPrivate(String keyPrivate) { + super.setKeyPrivate(keyPrivate); + if (isCertSign() && keyPrivate.length() < 1024 && keyPrivate.contains(";")){ + String[] split = keyPrivate.split(";"); + keyPrivatePwd = split[1]; + super.setKeyPrivate(split[0]); + getCertDescriptor().initPrivateSignCert(getKeyPrivate(), keyPrivatePwd, "PKCS12"); + } + } + + + @Override + public void setKeyPublic(String keyPublic) { + super.setKeyPublic(keyPublic); + if (isCertSign() && keyPublic.length() < 1024 ){ + getCertDescriptor().initPublicCert(keyPublic); + } + } + @Override public String getAppid () { return null; diff --git a/pay-java-union/src/main/java/com/egzosn/pay/union/api/UnionPayService.java b/pay-java-union/src/main/java/com/egzosn/pay/union/api/UnionPayService.java index ac68bee..465b64b 100644 --- a/pay-java-union/src/main/java/com/egzosn/pay/union/api/UnionPayService.java +++ b/pay-java-union/src/main/java/com/egzosn/pay/union/api/UnionPayService.java @@ -10,9 +10,8 @@ import com.egzosn.pay.common.exception.PayErrorException; import com.egzosn.pay.common.http.HttpConfigStorage; import com.egzosn.pay.common.util.MatrixToImageWriter; import com.egzosn.pay.common.util.sign.SignUtils; +import com.egzosn.pay.common.util.sign.encrypt.*; import com.egzosn.pay.common.util.str.StringUtils; -import com.egzosn.pay.union.sdk.CertUtil; -import com.egzosn.pay.union.sdk.SDKConfig; import com.egzosn.pay.union.sdk.SDKConstants; import com.egzosn.pay.union.enums.UnionTransactionType; import com.egzosn.pay.union.request.UnionQueryOrder; @@ -24,10 +23,7 @@ import java.io.InputStream; import java.math.BigDecimal; import java.text.DateFormat; import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.HashMap; -import java.util.Map; -import java.util.TreeMap; +import java.util.*; /** * @author Actinia @@ -36,7 +32,7 @@ import java.util.TreeMap; */ public class UnionPayService extends BasePayService { //日志 - protected static final Log log = LogFactory.getLog(UnionPayService.class); + protected static final Log LOG = LogFactory.getLog(UnionPayService.class); /** * 测试域名 */ @@ -70,7 +66,6 @@ public class UnionPayService extends BasePayService { public UnionPayService (PayConfigStorage payConfigStorage, HttpConfigStorage configStorage) { super(payConfigStorage, configStorage); - SDKConfig.getConfig().loadPropertiesFromSrc(); } @@ -208,32 +203,38 @@ public class UnionPayService extends BasePayService { * @return 请求参数 */ private Map setSign(Map parameters){ + SignUtils signUtils = SignUtils.valueOf(payConfigStorage.getSignType()); String signStr; - String key = payConfigStorage.getKeyPrivate(); + switch (signUtils){ case RSA: parameters.put(SDKConstants.param_signMethod, SDKConstants.SIGNMETHOD_RSA); - parameters.put(SDKConstants.param_certId, CertUtil.getSignCertId()); - signStr = SignUtils.SHA1.createSign(SignUtils.parameterText(parameters),"", payConfigStorage.getInputCharset()); + parameters.put(SDKConstants.param_certId, payConfigStorage.getCertDescriptor().getSignCertId()); + signStr = SignUtils.SHA1.createSign( SignUtils.parameterText(parameters, "&", "signature"),"", payConfigStorage.getInputCharset()); + parameters.put(SDKConstants.param_signature, RSA.sign(signStr, payConfigStorage.getCertDescriptor().getSignCertPrivateKey(), payConfigStorage.getInputCharset())); break; case RSA2: parameters.put(SDKConstants.param_signMethod, SDKConstants.SIGNMETHOD_RSA); - parameters.put(SDKConstants.param_certId, CertUtil.getSignCertId()); - signStr = SignUtils.SHA256.createSign(SignUtils.parameterText(parameters),"", payConfigStorage.getInputCharset()); + parameters.put(SDKConstants.param_certId, payConfigStorage.getCertDescriptor().getSignCertId()); + signStr = SignUtils.SHA256.createSign( SignUtils.parameterText(parameters, "&", "signature"),"", payConfigStorage.getInputCharset()); + parameters.put(SDKConstants.param_signature, RSA2.sign(signStr, payConfigStorage.getCertDescriptor().getSignCertPrivateKey(), payConfigStorage.getInputCharset())); break; + case SHA1: case SHA256: case SM3: - signStr = SignUtils.parameterText(parameters); + String key = payConfigStorage.getKeyPrivate(); + signStr = SignUtils.parameterText(parameters, "&", "signature"); key = signUtils.createSign(key,"",payConfigStorage.getInputCharset()) + "&"; + parameters.put(SDKConstants.param_signature, signUtils.createSign(signStr, key, payConfigStorage.getInputCharset())); break; default: throw new PayErrorException(new PayException("sign fail", "未找到的签名类型")); } - parameters.put(SDKConstants.param_signature, signUtils.createSign(signStr, key, payConfigStorage.getInputCharset())); + return parameters; } @@ -246,17 +247,19 @@ public class UnionPayService extends BasePayService { SignUtils signUtils = SignUtils.valueOf(payConfigStorage.getSignType()); //签名原文 String stringSign = resData.get(SDKConstants.param_signature).toString(); - String data = SignUtils.parameterText(resData); + String data = SignUtils.parameterText(resData, "&", "signature"); switch (signUtils){ case RSA: - //todo 不确定这样可靠 - return SignUtils.RSA.verify(resData,stringSign,payConfigStorage.getKeyPublic(),payConfigStorage.getInputCharset()); + data = SignUtils.SHA1.createSign(data,"", payConfigStorage.getInputCharset()); + return RSA.verify(data, stringSign, payConfigStorage.getCertDescriptor().getPublicCert().getPublicKey(), payConfigStorage.getInputCharset()); + case RSA2: + data = SignUtils.SHA256.createSign(data,"", payConfigStorage.getInputCharset()); + return RSA2.verify(data, stringSign, payConfigStorage.getCertDescriptor().getPublicCert().getPublicKey(), payConfigStorage.getInputCharset()); + case SHA1: case SHA256: - String before = SignUtils.SHA256.createSign(SDKConfig.getConfig().getSecureKey(),"",payConfigStorage.getInputCharset()); - String nowSign = SignUtils.SHA256.createSign(data,"&"+before,payConfigStorage.getInputCharset()); - return stringSign.equals(nowSign); case SM3: - return SignUtils.SM3.verify(data,stringSign,SDKConfig.getConfig().getSecureKey(),payConfigStorage.getInputCharset()); + String before = signUtils.createSign(payConfigStorage.getKeyPublic(),"",payConfigStorage.getInputCharset()); + return signUtils.verify(data, stringSign, "&"+before, payConfigStorage.getInputCharset()); default: return false; } @@ -571,11 +574,11 @@ public class UnionPayService extends BasePayService { // } // public String getBackTransUrl () { - return payConfigStorage.isTest() ? String.format(BACK_TRANS_URL,TEST_BASE_DOMAIN):String.format(BACK_TRANS_URL,RELEASE_BASE_DOMAIN); + return String.format(BACK_TRANS_URL, payConfigStorage.isTest() ? TEST_BASE_DOMAIN : RELEASE_BASE_DOMAIN); } public String getSingleQueryUrl () { - return payConfigStorage.isTest() ? String.format(SINGLE_QUERY_URL,TEST_BASE_DOMAIN):String.format(SINGLE_QUERY_URL,RELEASE_BASE_DOMAIN); + return String.format(SINGLE_QUERY_URL, payConfigStorage.isTest() ? TEST_BASE_DOMAIN : RELEASE_BASE_DOMAIN); } // // public String getBatchTransUrl () { @@ -583,7 +586,7 @@ public class UnionPayService extends BasePayService { // } public String getFileTransUrl () { - return payConfigStorage.isTest() ? String.format(FILE_TRANS_URL,TEST_BASE_DOMAIN):String.format(FILE_TRANS_URL,RELEASE_BASE_DOMAIN); + return String.format(FILE_TRANS_URL, payConfigStorage.isTest() ? TEST_BASE_DOMAIN : RELEASE_BASE_DOMAIN); } // public String getAppTransUrl () { diff --git a/pay-java-union/src/main/java/com/egzosn/pay/union/sdk/CertUtil.java b/pay-java-union/src/main/java/com/egzosn/pay/union/sdk/CertUtil.java deleted file mode 100644 index dae3fb6..0000000 --- a/pay-java-union/src/main/java/com/egzosn/pay/union/sdk/CertUtil.java +++ /dev/null @@ -1,790 +0,0 @@ -/** - * - * Licensed Property to China UnionPay Co., Ltd. - * - * (C) Copyright of China UnionPay Co., Ltd. 2010 - * All Rights Reserved. - * - * - * Modification History: - * ============================================================================= - * Author Date Description - * ------------ ---------- --------------------------------------------------- - * xshu 2014-05-28 证书工具类. - * ============================================================================= - */ -package com.egzosn.pay.union.sdk; - -import com.egzosn.pay.common.util.str.StringUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -import java.io.*; -import java.math.BigInteger; -import java.security.*; -import java.security.cert.*; -import java.security.spec.RSAPublicKeySpec; -import java.util.*; -import java.util.concurrent.ConcurrentHashMap; - -/** - * @ClassName: CertUtil - * @Description: acpsdk证书工具类,主要用于对证书的加载和使用 - * @date 2016-7-22 下午2:46:20 - * - */ -public class CertUtil { - /** - * 日志 - */ - protected static final Log log = LogFactory.getLog(CertUtil.class); - - public static final String UNIONPAY_CNNAME = "中国银联股份有限公司"; - - /** 证书容器,存储对商户请求报文签名私钥证书. */ - private static KeyStore keyStore = null; - /** 敏感信息加密公钥证书 */ - private static X509Certificate encryptCert = null; - /** 磁道加密公钥 */ - private static PublicKey encryptTrackKey = null; - /** 验证银联返回报文签名证书. */ - private static X509Certificate validateCert = null; - /** 验签中级证书 */ - private static X509Certificate middleCert = null; - /** 验签根证书 */ - private static X509Certificate rootCert = null; - /** 验证银联返回报文签名的公钥证书存储Map. */ - private static Map certMap = new HashMap(); - /** 商户私钥存储Map */ - private final static Map keyStoreMap = new ConcurrentHashMap(); - - - - static { - init(); - } - - /** - * 初始化所有证书. - */ - private static void init() { - try { - addProvider();//向系统添加BC provider - initSignCert();//初始化签名私钥证书 - initMiddleCert();//初始化验签证书的中级证书 - initRootCert();//初始化验签证书的根证书 - initEncryptCert();//初始化加密公钥 - initTrackKey();//构建磁道加密公钥 - initValidateCertFromDir();//初始化所有的验签证书 - } catch (Exception e) { - e.printStackTrace(); - log.error("init失败。(如果是用对称密钥签名的可无视此异常。)", e); - } - } - - /** - * 添加签名,验签,加密算法提供者 - */ - private static void addProvider(){ - if (Security.getProvider("BC") == null) { - log.info("add BC provider"); - Security.addProvider(new BouncyCastleProvider()); - } else { - Security.removeProvider("BC"); //解决eclipse调试时tomcat自动重新加载时,BC存在不明原因异常的问题。 - Security.addProvider(new BouncyCastleProvider()); - log.info("re-add BC provider"); - } -// printSysInfo(); - } - - /** - * 用配置文件acp_sdk.properties中配置的私钥路径和密码 加载签名证书 - */ - private static void initSignCert() { - if(!"01".equals(SDKConfig.getConfig().getSignMethod())){ - log.info("非rsa签名方式,不加载签名证书。"); - return; - } - if (SDKConfig.getConfig().getSignCertPath() == null - || SDKConfig.getConfig().getSignCertPwd() == null - || SDKConfig.getConfig().getSignCertType() == null) { - log.error("WARN: " + SDKConfig.SDK_SIGNCERT_PATH + "或" + SDKConfig.SDK_SIGNCERT_PWD - + "或" + SDKConfig.SDK_SIGNCERT_TYPE + "为空。 停止加载签名证书。"); - return; - } - if (null != keyStore) { - keyStore = null; - } - try { - keyStore = getKeyInfo(SDKConfig.getConfig().getSignCertPath(), - SDKConfig.getConfig().getSignCertPwd(), SDKConfig - .getConfig().getSignCertType()); - log.info("InitSignCert Successful. CertId=[" - + getSignCertId() + "]"); - } catch (IOException e) { - e.printStackTrace(); - log.error("InitSignCert Error", e); - } - } - - /** - * 用配置文件acp_sdk.properties配置路径 加载敏感信息加密证书 - */ - private static void initMiddleCert() { -// log.info("加载中级证书==>"+SDKConfig.getConfig().getMiddleCertPath()); - if (!StringUtils.isEmpty(SDKConfig.getConfig().getMiddleCertPath())) { - middleCert = initCert(SDKConfig.getConfig().getMiddleCertPath()); - log.info("Load MiddleCert Successful"); - } else { - log.info("WARN: acpsdk.middle.path is empty"); - } - } - - /** - * 用配置文件acp_sdk.properties配置路径 加载敏感信息加密证书 - */ - private static void initRootCert() { -// log.info("加载根证书==>"+SDKConfig.getConfig().getRootCertPath()); - if (!StringUtils.isEmpty(SDKConfig.getConfig().getRootCertPath())) { - rootCert = initCert(SDKConfig.getConfig().getRootCertPath()); - log.info("Load RootCert Successful"); - } else { - log.info("WARN: acpsdk.rootCert.path is empty"); - } - } - - /** - * 用配置文件acp_sdk.properties配置路径 加载银联公钥上级证书(中级证书) - */ - private static void initEncryptCert() { -// log.info("加载敏感信息加密证书==>"+SDKConfig.getConfig().getEncryptCertPath()); - if (!StringUtils.isEmpty(SDKConfig.getConfig().getEncryptCertPath())) { - encryptCert = initCert(SDKConfig.getConfig().getEncryptCertPath()); - log.info("Load EncryptCert Successful"); - } else { - log.info("WARN: acpsdk.encryptCert.path is empty"); - } - } - - /** - * 用配置文件acp_sdk.properties配置路径 加载磁道公钥 - */ - private static void initTrackKey() { - if (!StringUtils.isEmpty(SDKConfig.getConfig().getEncryptTrackKeyModulus()) - && !StringUtils.isEmpty(SDKConfig.getConfig().getEncryptTrackKeyExponent())) { - encryptTrackKey = getPublicKey(SDKConfig.getConfig().getEncryptTrackKeyModulus(), - SDKConfig.getConfig().getEncryptTrackKeyExponent()); - log.info("LoadEncryptTrackKey Successful"); - } else { - log.info("WARN: acpsdk.encryptTrackKey.modulus or acpsdk.encryptTrackKey.exponent is empty"); - } - } - - /** - * 用配置文件acp_sdk.properties配置路径 加载验证签名证书 - */ - private static void initValidateCertFromDir() { - if(!"01".equals(SDKConfig.getConfig().getSignMethod())){ - log.info("非rsa签名方式,不加载验签证书。"); - return; - } - certMap.clear(); - String dir = SDKConfig.getConfig().getValidateCertDir(); - log.info("加载验证签名证书目录==>" + dir +" 注:如果请求报文中version=5.1.0那么此验签证书目录使用不到,可以不需要设置(version=5.0.0必须设置)。"); - if (StringUtils.isEmpty(dir)) { - log.error("WARN: acpsdk.validateCert.dir is empty"); - return; - } - CertificateFactory cf = null; - FileInputStream in = null; - try { - cf = CertificateFactory.getInstance("X.509", "BC"); - }catch (NoSuchProviderException e) { - log.error("LoadVerifyCert Error: No BC Provider", e); - return ; - } catch (CertificateException e) { - log.error("LoadVerifyCert Error", e); - return ; - } - File fileDir = new File(dir); - File[] files = fileDir.listFiles(new CerFilter()); - for (int i = 0; i < files.length; i++) { - File file = files[i]; - try { - in = new FileInputStream(file.getAbsolutePath()); - validateCert = (X509Certificate) cf.generateCertificate(in); - if(validateCert == null) { - log.error("Load verify cert error, " + file.getAbsolutePath() + " has error cert content."); - continue; - } - certMap.put(validateCert.getSerialNumber().toString(), - validateCert); - // 打印证书加载信息,供测试阶段调试 - log.info("[" + file.getAbsolutePath() + "][CertId=" - + validateCert.getSerialNumber().toString() + "]"); - } catch (CertificateException e) { - log.error("LoadVerifyCert Error", e); - e.printStackTrace(); - }catch (FileNotFoundException e) { - log.error("LoadVerifyCert Error File Not Found", e); - e.printStackTrace(); - }finally { - if (null != in) { - try { - in.close(); - } catch (IOException e) { - log.error(e.toString()); - e.printStackTrace(); - } - } - } - } - log.info("LoadVerifyCert Finish"); - } - - /** - * 用给定的路径和密码 加载签名证书,并保存到certKeyStoreMap - * - * @param certFilePath - * @param certPwd - */ - private static void loadSignCert(String certFilePath, String certPwd) { - KeyStore keyStore = null; - try { - keyStore = getKeyInfo(certFilePath, certPwd, "PKCS12"); - keyStoreMap.put(certFilePath, keyStore); - log.info("LoadRsaCert Successful"); - } catch (IOException e) { - log.error("LoadRsaCert Error", e); - e.printStackTrace(); - } - } - - /** - * 通过证书路径初始化为公钥证书 - * @param path - * @return - */ - private static X509Certificate initCert(String path) { - X509Certificate encryptCertTemp = null; - CertificateFactory cf = null; - FileInputStream in = null; - try { - cf = CertificateFactory.getInstance("X.509", "BC"); - in = new FileInputStream(path); - encryptCertTemp = (X509Certificate) cf.generateCertificate(in); - // 打印证书加载信息,供测试阶段调试 - log.info("[" + path + "][CertId=" - + encryptCertTemp.getSerialNumber().toString() + "]"); - } catch (CertificateException e) { - log.error("InitCert Error", e); - e.printStackTrace(); - } catch (FileNotFoundException e) { - e.printStackTrace(); - log.error("InitCert Error File Not Found", e); - } catch (NoSuchProviderException e) { - e.printStackTrace(); - log.error("LoadVerifyCert Error No BC Provider", e); - } finally { - if (null != in) { - try { - in.close(); - } catch (IOException e) { - e.printStackTrace(); - log.error(e.toString()); - } - } - } - return encryptCertTemp; - } - - /** - * 通过keyStore 获取私钥签名证书PrivateKey对象 - * - * @return - */ - public static PrivateKey getSignCertPrivateKey() { - try { - Enumeration aliasenum = keyStore.aliases(); - String keyAlias = null; - if (aliasenum.hasMoreElements()) { - keyAlias = aliasenum.nextElement(); - } - PrivateKey privateKey = (PrivateKey) keyStore.getKey(keyAlias, - SDKConfig.getConfig().getSignCertPwd().toCharArray()); - return privateKey; - } catch (KeyStoreException e) { - e.printStackTrace(); - log.error("getSignCertPrivateKey Error", e); - return null; - } catch (UnrecoverableKeyException e) { - e.printStackTrace(); - log.error("getSignCertPrivateKey Error", e); - return null; - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - log.error("getSignCertPrivateKey Error", e); - return null; - } - } - /** - * 通过指定路径的私钥证书 获取PrivateKey对象 - * - * @return - */ - public static PrivateKey getSignCertPrivateKeyByStoreMap(String certPath, - String certPwd) { - if (!keyStoreMap.containsKey(certPath)) { - loadSignCert(certPath, certPwd); - } - try { - Enumeration aliasenum = keyStoreMap.get(certPath) - .aliases(); - String keyAlias = null; - if (aliasenum.hasMoreElements()) { - keyAlias = aliasenum.nextElement(); - } - PrivateKey privateKey = (PrivateKey) keyStoreMap.get(certPath) - .getKey(keyAlias, certPwd.toCharArray()); - return privateKey; - } catch (KeyStoreException e) { - e.printStackTrace(); - log.error("getSignCertPrivateKeyByStoreMap Error", e); - return null; - } catch (UnrecoverableKeyException e) { - e.printStackTrace(); - log.error("getSignCertPrivateKeyByStoreMap Error", e); - return null; - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - log.error("getSignCertPrivateKeyByStoreMap Error", e); - return null; - } - } - - /** - * 获取敏感信息加密证书PublicKey - * - * @return - */ - public static PublicKey getEncryptCertPublicKey() { - if (null == encryptCert) { - String path = SDKConfig.getConfig().getEncryptCertPath(); - if (!StringUtils.isEmpty(path)) { - encryptCert = initCert(path); - return encryptCert.getPublicKey(); - } else { - log.error("acpsdk.encryptCert.path is empty"); - return null; - } - } else { - return encryptCert.getPublicKey(); - } - } - - /** - * 重置敏感信息加密证书公钥 - */ - public static void resetEncryptCertPublicKey() { - encryptCert = null; - } - - /** - * 获取磁道加密证书PublicKey - * - * @return - */ - public static PublicKey getEncryptTrackPublicKey() { - if (null == encryptTrackKey) { - initTrackKey(); - } - return encryptTrackKey; - } - - /** - * 通过certId获取验签证书Map中对应证书PublicKey - * - * @param certId 证书物理序号 - * @return 通过证书编号获取到的公钥 - */ - public static PublicKey getValidatePublicKey(String certId) { - X509Certificate cf = null; - if (certMap.containsKey(certId)) { - // 存在certId对应的证书对象 - cf = certMap.get(certId); - return cf.getPublicKey(); - } else { - // 不存在则重新Load证书文件目录 - initValidateCertFromDir(); - if (certMap.containsKey(certId)) { - // 存在certId对应的证书对象 - cf = certMap.get(certId); - return cf.getPublicKey(); - } else { - log.error("缺少certId=[" + certId + "]对应的验签证书."); - return null; - } - } - } - - /** - * 获取配置文件acp_sdk.properties中配置的签名私钥证书certId - * - * @return 证书的物理编号 - */ - public static String getSignCertId() { - try { - Enumeration aliasenum = keyStore.aliases(); - String keyAlias = null; - if (aliasenum.hasMoreElements()) { - keyAlias = aliasenum.nextElement(); - } - X509Certificate cert = (X509Certificate) keyStore - .getCertificate(keyAlias); - return cert.getSerialNumber().toString(); - } catch (Exception e) { - log.error("getSignCertId Error", e); - return null; - } - } - - /** - * 获取敏感信息加密证书的certId - * - * @return - */ - public static String getEncryptCertId() { - if (null == encryptCert) { - String path = SDKConfig.getConfig().getEncryptCertPath(); - if (!StringUtils.isEmpty(path)) { - encryptCert = initCert(path); - return encryptCert.getSerialNumber().toString(); - } else { - log.error("acpsdk.encryptCert.path is empty"); - return null; - } - } else { - return encryptCert.getSerialNumber().toString(); - } - } - - /** - * 将签名私钥证书文件读取为证书存储对象 - * - * @param pfxkeyfile - * 证书文件名 - * @param keypwd - * 证书密码 - * @param type - * 证书类型 - * @return 证书对象 - * @throws IOException - */ - private static KeyStore getKeyInfo(String pfxkeyfile, String keypwd, - String type) throws IOException { - log.info("加载签名证书==>" + pfxkeyfile); - FileInputStream fis = null; - try { - KeyStore ks = KeyStore.getInstance(type, "BC"); - log.info("Load RSA CertPath=[" + pfxkeyfile + "],Pwd=["+ keypwd + "],type=["+type+"]"); - fis = new FileInputStream(pfxkeyfile); - char[] nPassword = null; - nPassword = null == keypwd || "".equals(keypwd.trim()) ? null: keypwd.toCharArray(); - if (null != ks) { - ks.load(fis, nPassword); - } - return ks; - } catch (Exception e) { - log.error("getKeyInfo Error", e); - e.printStackTrace(); - return null; - } finally { - if(null!=fis) - fis.close(); - } - } - - /** - * 通过签名私钥证书路径,密码获取私钥证书certId - * @param certPath - * @param certPwd - * @return - */ - public static String getCertIdByKeyStoreMap(String certPath, String certPwd) { - if (!keyStoreMap.containsKey(certPath)) { - // 缓存中未查询到,则加载RSA证书 - loadSignCert(certPath, certPwd); - } - return getCertIdIdByStore(keyStoreMap.get(certPath)); - } - - /** - * 通过keystore获取私钥证书的certId值 - * @param keyStore - * @return - */ - private static String getCertIdIdByStore(KeyStore keyStore) { - Enumeration aliasenum = null; - try { - aliasenum = keyStore.aliases(); - String keyAlias = null; - if (aliasenum.hasMoreElements()) { - keyAlias = aliasenum.nextElement(); - } - X509Certificate cert = (X509Certificate) keyStore - .getCertificate(keyAlias); - return cert.getSerialNumber().toString(); - } catch (KeyStoreException e) { - log.error("getCertIdIdByStore Error", e); - return null; - } - } - - /** - * 使用模和指数生成RSA公钥 注意:此代码用了默认补位方式,为RSA/None/PKCS1Padding,不同JDK默认的补位方式可能不同 - * - * @param modulus - * 模 - * @param exponent - * 指数 - * @return - */ - private static PublicKey getPublicKey(String modulus, String exponent) { - try { - BigInteger b1 = new BigInteger(modulus); - BigInteger b2 = new BigInteger(exponent); - KeyFactory keyFactory = KeyFactory.getInstance("RSA", "BC"); - RSAPublicKeySpec keySpec = new RSAPublicKeySpec(b1, b2); - return keyFactory.generatePublic(keySpec); - } catch (Exception e) { - log.error("构造RSA公钥失败:" + e); - return null; - } - } - - /** - * 将字符串转换为X509Certificate对象. - * - * @param x509CertString - * @return - */ - public static X509Certificate genCertificateByStr(String x509CertString) { - X509Certificate x509Cert = null; - try { - CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC"); - InputStream tIn = new ByteArrayInputStream( - x509CertString.getBytes("ISO-8859-1")); - x509Cert = (X509Certificate) cf.generateCertificate(tIn); - } catch (Exception e) { - log.error("gen certificate error", e); - } - return x509Cert; - } - - /** - * 从配置文件acp_sdk.properties中获取验签公钥使用的中级证书 - * @return - */ - public static X509Certificate getMiddleCert() { - if (null == middleCert) { - String path = SDKConfig.getConfig().getMiddleCertPath(); - if (!StringUtils.isEmpty(path)) { - initMiddleCert(); - } else { - log.error(SDKConfig.SDK_MIDDLECERT_PATH + " not set in " + SDKConfig.FILE_NAME); - return null; - } - } - return middleCert; - } - - /** - * 从配置文件acp_sdk.properties中获取验签公钥使用的根证书 - * @return - */ - public static X509Certificate getRootCert() { - if (null == rootCert) { - String path = SDKConfig.getConfig().getRootCertPath(); - if (!StringUtils.isEmpty(path)) { - initRootCert(); - } else { - log.error(SDKConfig.SDK_ROOTCERT_PATH + " not set in " + SDKConfig.FILE_NAME); - return null; - } - } - return rootCert; - } - - /** - * 获取证书的CN - * @param aCert - * @return - */ - private static String getIdentitiesFromCertficate(X509Certificate aCert) { - String tDN = aCert.getSubjectDN().toString(); - String tPart = ""; - if ((tDN != null)) { - String tSplitStr[] = tDN.substring(tDN.indexOf("CN=")).split("@"); - if (tSplitStr != null && tSplitStr.length > 2 - && tSplitStr[2] != null) - tPart = tSplitStr[2]; - } - return tPart; - } - - /** - * 验证书链。 - * @param cert - * @return - */ - private static boolean verifyCertificateChain(X509Certificate cert){ - - if ( null == cert) { - log.error("cert must Not null"); - return false; - } - - X509Certificate middleCert = CertUtil.getMiddleCert(); - if (null == middleCert) { - log.error("middleCert must Not null"); - return false; - } - - X509Certificate rootCert = CertUtil.getRootCert(); - if (null == rootCert) { - log.error("rootCert or cert must Not null"); - return false; - } - - try { - - X509CertSelector selector = new X509CertSelector(); - selector.setCertificate(cert); - - Set trustAnchors = new HashSet(); - trustAnchors.add(new TrustAnchor(rootCert, null)); - PKIXBuilderParameters pkixParams = new PKIXBuilderParameters( - trustAnchors, selector); - - Set intermediateCerts = new HashSet(); - intermediateCerts.add(rootCert); - intermediateCerts.add(middleCert); - intermediateCerts.add(cert); - - pkixParams.setRevocationEnabled(false); - - CertStore intermediateCertStore = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(intermediateCerts), "BC"); - pkixParams.addCertStore(intermediateCertStore); - - CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC"); - - @SuppressWarnings("unused") - PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder - .build(pkixParams); - log.info("verify certificate chain succeed."); - return true; - } catch (CertPathBuilderException e){ - log.error("verify certificate chain fail.", e); - } catch (Exception e) { - log.error("verify certificate chain exception: ", e); - } - return false; - } - - /** - * 检查证书链 - * - * @param cert - * 待验证的证书 - * @return - */ - public static boolean verifyCertificate(X509Certificate cert) { - - if ( null == cert) { - log.error("cert must Not null"); - return false; - } - try { - cert.checkValidity();//验证有效期 -// cert.verify(middleCert.getPublicKey()); - if(!verifyCertificateChain(cert)){ - return false; - } - } catch (Exception e) { - log.error("verifyCertificate fail", e); - return false; - } - - if(SDKConfig.getConfig().isIfValidateCNName()){ - // 验证公钥是否属于银联 - if(!UNIONPAY_CNNAME.equals(CertUtil.getIdentitiesFromCertficate(cert))) { - log.error("cer owner is not CUP:" + CertUtil.getIdentitiesFromCertficate(cert)); - return false; - } - } else { - // 验证公钥是否属于银联 - if(!UNIONPAY_CNNAME.equals(CertUtil.getIdentitiesFromCertficate(cert)) - && !"00040000:SIGN".equals(CertUtil.getIdentitiesFromCertficate(cert))) { - log.error("cer owner is not CUP:" + CertUtil.getIdentitiesFromCertficate(cert)); - return false; - } - } - return true; - } - - /** - * 打印系统环境信息 - */ - private static void printSysInfo() { - log.info("================= SYS INFO begin===================="); - log.info("os_name:" + System.getProperty("os.name")); - log.info("os_arch:" + System.getProperty("os.arch")); - log.info("os_version:" + System.getProperty("os.version")); - log.info("java_vm_specification_version:" - + System.getProperty("java.vm.specification.version")); - log.info("java_vm_specification_vendor:" - + System.getProperty("java.vm.specification.vendor")); - log.info("java_vm_specification_name:" - + System.getProperty("java.vm.specification.name")); - log.info("java_vm_version:" - + System.getProperty("java.vm.version")); - log.info("java_vm_name:" + System.getProperty("java.vm.name")); - log.info("java.version:" + System.getProperty("java.version")); - log.info("java.vm.vendor=[" + System.getProperty("java.vm.vendor") + "]"); - log.info("java.version=[" + System.getProperty("java.version") + "]"); -// printProviders(); - log.info("================= SYS INFO end====================="); - } - - /** - * 打jre中印算法提供者列表 - */ - private static void printProviders() { - log.info("Providers List:"); - Provider[] providers = Security.getProviders(); - for (int i = 0; i < providers.length; i++) { - log.info(i + 1 + "." + providers[i].getName()); - } - } - - /** - * 证书文件过滤器 - * - */ - static class CerFilter implements FilenameFilter { - public boolean isCer(String name) { - if (name.toLowerCase().endsWith(".cer")) { - return true; - } else { - return false; - } - } - @Override - public boolean accept(File dir, String name) { - return isCer(name); - } - } - -} diff --git a/pay-java-union/src/main/java/com/egzosn/pay/union/sdk/SDKConfig.java b/pay-java-union/src/main/java/com/egzosn/pay/union/sdk/SDKConfig.java deleted file mode 100644 index c36c13a..0000000 --- a/pay-java-union/src/main/java/com/egzosn/pay/union/sdk/SDKConfig.java +++ /dev/null @@ -1,679 +0,0 @@ -package com.egzosn.pay.union.sdk; - -import com.egzosn.pay.common.util.str.StringUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import java.io.*; -import java.util.Properties; - -/** - * - * @ClassName SDKConfig - * @Description acpsdk配置文件acp_sdk.properties配置信息类 - * @date 2016-7-22 下午4:04:55 - * @lastUpdate Actinia Date:2017/11/7 0007 21:55 - * - */ -public class SDKConfig { - protected final Log log = LogFactory.getLog(SDKConfig.class); - - public static final String FILE_NAME = "acp_sdk.properties"; - /** 前台请求URL. */ - private String frontRequestUrl; - /** 后台请求URL. */ - private String backRequestUrl; - /** 单笔查询 */ - private String singleQueryUrl; - /** 批量查询 */ - private String batchQueryUrl; - /** 批量交易 */ - private String batchTransUrl; - /** 文件传输 */ - private String fileTransUrl; - /** 签名证书路径. */ - private String signCertPath; - /** 签名证书密码. */ - private String signCertPwd; - /** 签名证书类型. */ - private String signCertType; - /** 加密公钥证书路径. */ - private String encryptCertPath; - /** 验证签名公钥证书目录. */ - private String validateCertDir; - /** 按照商户代码读取指定签名证书目录. */ - private String signCertDir; - /** 磁道加密证书路径. */ - private String encryptTrackCertPath; - /** 磁道加密公钥模数. */ - private String encryptTrackKeyModulus; - /** 磁道加密公钥指数. */ - private String encryptTrackKeyExponent; - /** 有卡交易. */ - private String cardRequestUrl; - /** app交易 */ - private String appRequestUrl; - /** 证书使用模式(单证书/多证书) */ - private String singleMode; - /** 安全密钥(SHA256和SM3计算时使用) */ - private String secureKey; - /** 中级证书路径 */ - private String middleCertPath; - /** 根证书路径 */ - private String rootCertPath; - /** 是否验证验签证书CN,除了false都验 */ - private boolean ifValidateCNName = true; - /** 是否验证https证书,默认都不验 */ - private boolean ifValidateRemoteCert = false; - /** signMethod,没配按01吧 */ - private String signMethod = "01"; - - /** frontUrl */ - private String frontUrl; - /** backUrl */ - private String backUrl; - - /*缴费相关地址*/ - private String jfFrontRequestUrl; - private String jfBackRequestUrl; - private String jfSingleQueryUrl; - private String jfCardRequestUrl; - private String jfAppRequestUrl; - - private String qrcBackTransUrl; - private String qrcB2cIssBackTransUrl; - private String qrcB2cMerBackTransUrl; - - /** 配置文件中的前台URL常量. */ - public static final String SDK_FRONT_URL = "acpsdk.frontTransUrl"; - /** 配置文件中的后台URL常量. */ - public static final String SDK_BACK_URL = "acpsdk.backTransUrl"; - /** 配置文件中的单笔交易查询URL常量. */ - public static final String SDK_SIGNQ_URL = "acpsdk.singleQueryUrl"; - /** 配置文件中的批量交易查询URL常量. */ - public static final String SDK_BATQ_URL = "acpsdk.batchQueryUrl"; - /** 配置文件中的批量交易URL常量. */ - public static final String SDK_BATTRANS_URL = "acpsdk.batchTransUrl"; - /** 配置文件中的文件类交易URL常量. */ - public static final String SDK_FILETRANS_URL = "acpsdk.fileTransUrl"; - /** 配置文件中的有卡交易URL常量. */ - public static final String SDK_CARD_URL = "acpsdk.cardTransUrl"; - /** 配置文件中的app交易URL常量. */ - public static final String SDK_APP_URL = "acpsdk.appTransUrl"; - - /** 以下缴费产品使用,其余产品用不到,无视即可 */ - // 前台请求地址 - public static final String JF_SDK_FRONT_TRANS_URL= "acpsdk.jfFrontTransUrl"; - // 后台请求地址 - public static final String JF_SDK_BACK_TRANS_URL="acpsdk.jfBackTransUrl"; - // 单笔查询请求地址 - public static final String JF_SDK_SINGLE_QUERY_URL="acpsdk.jfSingleQueryUrl"; - // 有卡交易地址 - public static final String JF_SDK_CARD_TRANS_URL="acpsdk.jfCardTransUrl"; - // App交易地址 - public static final String JF_SDK_APP_TRANS_URL="acpsdk.jfAppTransUrl"; - // 人到人 - public static final String QRC_BACK_TRANS_URL="acpsdk.qrcBackTransUrl"; - // 人到人 - public static final String QRC_B2C_ISS_BACK_TRANS_URL="acpsdk.qrcB2cIssBackTransUrl"; - // 人到人 - public static final String QRC_B2C_MER_BACK_TRANS_URL="acpsdk.qrcB2cMerBackTransUrl"; - - - /** 配置文件中签名证书路径常量. */ - public static final String SDK_SIGNCERT_PATH = "acpsdk.signCert.path"; - /** 配置文件中签名证书密码常量. */ - public static final String SDK_SIGNCERT_PWD = "acpsdk.signCert.pwd"; - /** 配置文件中签名证书类型常量. */ - public static final String SDK_SIGNCERT_TYPE = "acpsdk.signCert.type"; - /** 配置文件中密码加密证书路径常量. */ - public static final String SDK_ENCRYPTCERT_PATH = "acpsdk.encryptCert.path"; - /** 配置文件中磁道加密证书路径常量. */ - public static final String SDK_ENCRYPTTRACKCERT_PATH = "acpsdk.encryptTrackCert.path"; - /** 配置文件中磁道加密公钥模数常量. */ - public static final String SDK_ENCRYPTTRACKKEY_MODULUS = "acpsdk.encryptTrackKey.modulus"; - /** 配置文件中磁道加密公钥指数常量. */ - public static final String SDK_ENCRYPTTRACKKEY_EXPONENT = "acpsdk.encryptTrackKey.exponent"; - /** 配置文件中验证签名证书目录常量. */ - public static final String SDK_VALIDATECERT_DIR = "acpsdk.validateCert.dir"; - - /** 配置文件中是否加密cvn2常量. */ - public static final String SDK_CVN_ENC = "acpsdk.cvn2.enc"; - /** 配置文件中是否加密cvn2有效期常量. */ - public static final String SDK_DATE_ENC = "acpsdk.date.enc"; - /** 配置文件中是否加密卡号常量. */ - public static final String SDK_PAN_ENC = "acpsdk.pan.enc"; - /** 配置文件中证书使用模式 */ - public static final String SDK_SINGLEMODE = "acpsdk.singleMode"; - /** 配置文件中安全密钥 */ - public static final String SDK_SECURITYKEY = "acpsdk.secureKey"; - /** 配置文件中根证书路径常量 */ - public static final String SDK_ROOTCERT_PATH = "acpsdk.rootCert.path"; - /** 配置文件中根证书路径常量 */ - public static final String SDK_MIDDLECERT_PATH = "acpsdk.middleCert.path"; - /** 配置是否需要验证验签证书CN,除了false之外的值都当true处理 */ - public static final String SDK_IF_VALIDATE_CN_NAME = "acpsdk.ifValidateCNName"; - /** 配置是否需要验证https证书,除了true之外的值都当false处理 */ - public static final String SDK_IF_VALIDATE_REMOTE_CERT = "acpsdk.ifValidateRemoteCert"; - /** signmethod */ - public static final String SDK_SIGN_METHOD ="acpsdk.signMethod"; - /** version */ - public static final String SDK_VERSION = "acpsdk.version"; - /** 后台通知地址 */ - public static final String SDK_BACKURL = "acpsdk.backUrl"; - /** 前台通知地址 */ - public static final String SDK_FRONTURL = "acpsdk.frontUrl"; - /** 操作对象. */ - private static SDKConfig config = new SDKConfig(); - /** 属性文件对象. */ - private Properties properties; - - - private SDKConfig () { - super(); - } - - /** - * 获取config对象. - * @return - */ - public static SDKConfig getConfig() { - return config; - } - - /** - * 从classpath路径下加载配置参数 - */ - public void loadPropertiesFromSrc() { - InputStream in = null; - try { - log.info("从classpath: " +SDKConfig.class.getClassLoader().getResource("").getPath()+" 获取属性文件"+FILE_NAME); - in = SDKConfig.class.getClassLoader().getResourceAsStream(FILE_NAME); - if (null != in) { - properties = new Properties(); - try { - properties.load(in); - } catch (IOException e) { - throw e; - } - } else { - log.info(FILE_NAME + "属性文件未能在classpath指定的目录下 "+SDKConfig.class.getClassLoader().getResource("").getPath()+" 找到!"); - return; - } - loadProperties(properties); - } catch (IOException e) { - log.info(e.getMessage(), e); - } finally { - if (null != in) { - try { - in.close(); - } catch (IOException e) { - log.info(e.getMessage(), e); - } - } - } - } - - /** - * 根据传入的 {@link #loadProperties(java.util.Properties)}对象设置配置参数 - * - * @param pro - */ - public void loadProperties(Properties pro) { - log.info("开始从属性文件中加载配置项"); - String value = null; - - value = pro.getProperty(SDK_SIGNCERT_PATH); - if (!StringUtils.isEmpty(value)) { - this.signCertPath = value.trim(); - } - value = pro.getProperty(SDK_SIGNCERT_PWD); - if (!StringUtils.isEmpty(value)) { - this.signCertPwd = value.trim(); - } - value = pro.getProperty(SDK_SIGNCERT_TYPE); - if (!StringUtils.isEmpty(value)) { - this.signCertType = value.trim(); - } - value = pro.getProperty(SDK_ENCRYPTCERT_PATH); - if (!StringUtils.isEmpty(value)) { - this.encryptCertPath = value.trim(); - } - value = pro.getProperty(SDK_VALIDATECERT_DIR); - if (!StringUtils.isEmpty(value)) { - this.validateCertDir = value.trim(); - } - value = pro.getProperty(SDK_FRONT_URL); - if (!StringUtils.isEmpty(value)) { - this.frontRequestUrl = value.trim(); - } - value = pro.getProperty(SDK_BACK_URL); - if (!StringUtils.isEmpty(value)) { - this.backRequestUrl = value.trim(); - } - value = pro.getProperty(SDK_BATQ_URL); - if (!StringUtils.isEmpty(value)) { - this.batchQueryUrl = value.trim(); - } - value = pro.getProperty(SDK_BATTRANS_URL); - if (!StringUtils.isEmpty(value)) { - this.batchTransUrl = value.trim(); - } - value = pro.getProperty(SDK_FILETRANS_URL); - if (!StringUtils.isEmpty(value)) { - this.fileTransUrl = value.trim(); - } - value = pro.getProperty(SDK_SIGNQ_URL); - if (!StringUtils.isEmpty(value)) { - this.singleQueryUrl = value.trim(); - } - value = pro.getProperty(SDK_CARD_URL); - if (!StringUtils.isEmpty(value)) { - this.cardRequestUrl = value.trim(); - } - value = pro.getProperty(SDK_APP_URL); - if (!StringUtils.isEmpty(value)) { - this.appRequestUrl = value.trim(); - } - value = pro.getProperty(SDK_ENCRYPTTRACKCERT_PATH); - if (!StringUtils.isEmpty(value)) { - this.encryptTrackCertPath = value.trim(); - } - - value = pro.getProperty(SDK_SECURITYKEY); - if (!StringUtils.isEmpty(value)) { - this.secureKey = value.trim(); - } - value = pro.getProperty(SDK_ROOTCERT_PATH); - if (!StringUtils.isEmpty(value)) { - this.rootCertPath = value.trim(); - } - value = pro.getProperty(SDK_MIDDLECERT_PATH); - if (!StringUtils.isEmpty(value)) { - this.middleCertPath = value.trim(); - } - - /**缴费部分**/ - value = pro.getProperty(JF_SDK_FRONT_TRANS_URL); - if (!StringUtils.isEmpty(value)) { - this.jfFrontRequestUrl = value.trim(); - } - - value = pro.getProperty(JF_SDK_BACK_TRANS_URL); - if (!StringUtils.isEmpty(value)) { - this.jfBackRequestUrl = value.trim(); - } - - value = pro.getProperty(JF_SDK_SINGLE_QUERY_URL); - if (!StringUtils.isEmpty(value)) { - this.jfSingleQueryUrl = value.trim(); - } - - value = pro.getProperty(JF_SDK_CARD_TRANS_URL); - if (!StringUtils.isEmpty(value)) { - this.jfCardRequestUrl = value.trim(); - } - - value = pro.getProperty(JF_SDK_APP_TRANS_URL); - if (!StringUtils.isEmpty(value)) { - this.jfAppRequestUrl = value.trim(); - } - - value = pro.getProperty(QRC_BACK_TRANS_URL); - if (!StringUtils.isEmpty(value)) { - this.qrcBackTransUrl = value.trim(); - } - - value = pro.getProperty(QRC_B2C_ISS_BACK_TRANS_URL); - if (!StringUtils.isEmpty(value)) { - this.qrcB2cIssBackTransUrl = value.trim(); - } - - value = pro.getProperty(QRC_B2C_MER_BACK_TRANS_URL); - if (!StringUtils.isEmpty(value)) { - this.qrcB2cMerBackTransUrl = value.trim(); - } - - value = pro.getProperty(SDK_ENCRYPTTRACKKEY_EXPONENT); - if (!StringUtils.isEmpty(value)) { - this.encryptTrackKeyExponent = value.trim(); - } - - value = pro.getProperty(SDK_ENCRYPTTRACKKEY_MODULUS); - if (!StringUtils.isEmpty(value)) { - this.encryptTrackKeyModulus = value.trim(); - } - - value = pro.getProperty(SDK_IF_VALIDATE_CN_NAME); - if (!StringUtils.isEmpty(value)) { - if( "false".equals(value.trim())) { - this.ifValidateCNName = false; - } - } - - value = pro.getProperty(SDK_IF_VALIDATE_REMOTE_CERT); - if (!StringUtils.isEmpty(value)) { - if( "true".equals(value.trim())) { - this.ifValidateRemoteCert = true; - } - } - - value = pro.getProperty(SDK_SIGN_METHOD); - if (!StringUtils.isEmpty(value)) { - this.signMethod = value.trim(); - } - - value = pro.getProperty(SDK_SIGN_METHOD); - if (!StringUtils.isEmpty(value)) { - this.signMethod = value.trim(); - } - - value = pro.getProperty(SDK_FRONTURL); - if (!StringUtils.isEmpty(value)) { - this.frontUrl = value.trim(); - } - value = pro.getProperty(SDK_BACKURL); - if (!StringUtils.isEmpty(value)) { - this.backUrl = value.trim(); - } - } - - public String getSignMethod () { - return signMethod; - } - - public void setSignMethod (String signMethod) { - this.signMethod = signMethod; - } - - public String getSignMethodByStr(String signStr) { - if(StringUtils.isBlank(signStr)){ - return SDKConstants.SIGNMETHOD_RSA; - } - signStr = signStr.toUpperCase(); - switch (signStr) { - case "RSA": - return SDKConstants.SIGNMETHOD_RSA; - case "SHA256": - return SDKConstants.SIGNMETHOD_SHA256; - case "sm3": - return SDKConstants.SIGNMETHOD_SM3; - default: - return SDKConstants.SIGNMETHOD_RSA; - } - } - - public String getFrontRequestUrl() { - return frontRequestUrl; - } - - public void setFrontRequestUrl(String frontRequestUrl) { - this.frontRequestUrl = frontRequestUrl; - } - - public String getBackRequestUrl() { - return backRequestUrl; - } - - public void setBackRequestUrl(String backRequestUrl) { - this.backRequestUrl = backRequestUrl; - } - - public String getSignCertPath() { - return signCertPath; - } - - public void setSignCertPath(String signCertPath) { - this.signCertPath = signCertPath; - } - - public String getSignCertPwd() { - return signCertPwd; - } - - public void setSignCertPwd(String signCertPwd) { - this.signCertPwd = signCertPwd; - } - - public String getSignCertType() { - return signCertType; - } - - public void setSignCertType(String signCertType) { - this.signCertType = signCertType; - } - - public String getEncryptCertPath() { - return encryptCertPath; - } - - public void setEncryptCertPath(String encryptCertPath) { - this.encryptCertPath = encryptCertPath; - } - - public String getValidateCertDir() { - return validateCertDir; - } - - public void setValidateCertDir(String validateCertDir) { - this.validateCertDir = validateCertDir; - } - - public String getSingleQueryUrl() { - return singleQueryUrl; - } - - public void setSingleQueryUrl(String singleQueryUrl) { - this.singleQueryUrl = singleQueryUrl; - } - - public String getBatchQueryUrl() { - return batchQueryUrl; - } - - public void setBatchQueryUrl(String batchQueryUrl) { - this.batchQueryUrl = batchQueryUrl; - } - - public String getBatchTransUrl() { - return batchTransUrl; - } - - public void setBatchTransUrl(String batchTransUrl) { - this.batchTransUrl = batchTransUrl; - } - - public String getFileTransUrl() { - return fileTransUrl; - } - - public void setFileTransUrl(String fileTransUrl) { - this.fileTransUrl = fileTransUrl; - } - - public String getSignCertDir() { - return signCertDir; - } - - public void setSignCertDir(String signCertDir) { - this.signCertDir = signCertDir; - } - - public Properties getProperties() { - return properties; - } - - public void setProperties(Properties properties) { - this.properties = properties; - } - - public String getCardRequestUrl() { - return cardRequestUrl; - } - - public void setCardRequestUrl(String cardRequestUrl) { - this.cardRequestUrl = cardRequestUrl; - } - - public String getAppRequestUrl() { - return appRequestUrl; - } - - public void setAppRequestUrl(String appRequestUrl) { - this.appRequestUrl = appRequestUrl; - } - - public String getEncryptTrackCertPath() { - return encryptTrackCertPath; - } - - public void setEncryptTrackCertPath(String encryptTrackCertPath) { - this.encryptTrackCertPath = encryptTrackCertPath; - } - - public String getJfFrontRequestUrl() { - return jfFrontRequestUrl; - } - - public void setJfFrontRequestUrl(String jfFrontRequestUrl) { - this.jfFrontRequestUrl = jfFrontRequestUrl; - } - - public String getJfBackRequestUrl() { - return jfBackRequestUrl; - } - - public void setJfBackRequestUrl(String jfBackRequestUrl) { - this.jfBackRequestUrl = jfBackRequestUrl; - } - - public String getJfSingleQueryUrl() { - return jfSingleQueryUrl; - } - - public void setJfSingleQueryUrl(String jfSingleQueryUrl) { - this.jfSingleQueryUrl = jfSingleQueryUrl; - } - - public String getJfCardRequestUrl() { - return jfCardRequestUrl; - } - - public void setJfCardRequestUrl(String jfCardRequestUrl) { - this.jfCardRequestUrl = jfCardRequestUrl; - } - - public String getJfAppRequestUrl() { - return jfAppRequestUrl; - } - - public void setJfAppRequestUrl(String jfAppRequestUrl) { - this.jfAppRequestUrl = jfAppRequestUrl; - } - - public String getSingleMode() { - return singleMode; - } - - public void setSingleMode(String singleMode) { - this.singleMode = singleMode; - } - - public String getEncryptTrackKeyExponent() { - return encryptTrackKeyExponent; - } - - public void setEncryptTrackKeyExponent(String encryptTrackKeyExponent) { - this.encryptTrackKeyExponent = encryptTrackKeyExponent; - } - - public String getEncryptTrackKeyModulus() { - return encryptTrackKeyModulus; - } - - public void setEncryptTrackKeyModulus(String encryptTrackKeyModulus) { - this.encryptTrackKeyModulus = encryptTrackKeyModulus; - } - - public String getSecureKey() { - return secureKey; - } - - public void setSecureKey(String securityKey) { - this.secureKey = securityKey; - } - - public String getMiddleCertPath() { - return middleCertPath; - } - - public void setMiddleCertPath(String middleCertPath) { - this.middleCertPath = middleCertPath; - } - - public boolean isIfValidateCNName() { - return ifValidateCNName; - } - - public void setIfValidateCNName(boolean ifValidateCNName) { - this.ifValidateCNName = ifValidateCNName; - } - - public boolean isIfValidateRemoteCert() { - return ifValidateRemoteCert; - } - - public void setIfValidateRemoteCert(boolean ifValidateRemoteCert) { - this.ifValidateRemoteCert = ifValidateRemoteCert; - } - - public String getQrcBackTransUrl() { - return qrcBackTransUrl; - } - - public void setQrcBackTransUrl(String qrcBackTransUrl) { - this.qrcBackTransUrl = qrcBackTransUrl; - } - - public String getQrcB2cIssBackTransUrl() { - return qrcB2cIssBackTransUrl; - } - - public void setQrcB2cIssBackTransUrl(String qrcB2cIssBackTransUrl) { - this.qrcB2cIssBackTransUrl = qrcB2cIssBackTransUrl; - } - - public String getQrcB2cMerBackTransUrl() { - return qrcB2cMerBackTransUrl; - } - - public void setQrcB2cMerBackTransUrl(String qrcB2cMerBackTransUrl) { - this.qrcB2cMerBackTransUrl = qrcB2cMerBackTransUrl; - } - - - public String getFrontUrl() { - return frontUrl; - } - - public void setFrontUrl(String frontUrl) { - this.frontUrl = frontUrl; - } - - public String getBackUrl() { - return backUrl; - } - - public void setBackUrl(String backUrl) { - this.backUrl = backUrl; - } - - public String getRootCertPath() { - return rootCertPath; - } - - public void setRootCertPath(String rootCertPath) { - this.rootCertPath = rootCertPath; - } - -}