优化证书相关操作，新增证书的存储方式

2026-06-01 05:19:47 +08:00 · 2019-04-15 00:08:09 +08:00
parent 6e5ba155c8
commit b29bd06e77
17 changed files with 572 additions and 471 deletions
--- a/pay-java-union/src/main/java/com/egzosn/pay/union/api/UnionPayConfigStorage.java
+++ b/pay-java-union/src/main/java/com/egzosn/pay/union/api/UnionPayConfigStorage.java
@@ -1,6 +1,10 @@
 package com.egzosn.pay.union.api;

 import com.egzosn.pay.common.api.BasePayConfigStorage;
+import com.egzosn.pay.common.bean.CertStoreType;
+
+import java.io.IOException;
+import java.io.InputStream;


 /**
@@ -32,104 +36,100 @@ public class UnionPayConfigStorage extends BasePayConfigStorage {
     */
    private String accessType = "0";

-    /**
-     * 中级证书路径
-     */
-    private String acpMiddleCert;
-    /**
-     * 根证书路径
-     */
-    private String acpRootCert;

    /**
-     * 私钥证书是否已经初始化
-     * 默认没有
+     * 应用私钥证书
     */
-    private boolean keyPrivateInit = false;
+    private Object keyPrivateCert;

    /**
-     * 公钥证书是否已经初始化
-     * 默认没有
+     * 中级证书
     */
-    private boolean keyPublicInit = false;
-
+    private Object acpMiddleCert;
+    /**
+     * 根证书
+     */
+    private Object acpRootCert;

+    /**
+     * 证书存储类型
+     */
+    private CertStoreType certStoreType;
    /**
     * 设置私钥证书
     *
-     * @param certificatePath 私钥证书地址
+     * @param certificate 私钥证书地址 或者证书内容字符串
     *                        私钥证书密码 {@link #setKeyPrivateCertPwd(String)}
     */
-    public void setKeyPrivateCert(String certificatePath) {
-        super.setKeyPrivate(certificatePath);
+    public void setKeyPrivateCert(String certificate) {
+        super.setKeyPrivate(certificate);
+        this.keyPrivateCert = certificate;
+    }
+    /**
+     * 设置私钥证书
+     *
+     * @param keyPrivateCert 私钥证书信息流
+     * 私钥证书密码 {@link #setKeyPrivateCertPwd(String)}
+     */
+    public void setKeyPrivateCert(InputStream keyPrivateCert) {
+        this.keyPrivateCert = keyPrivateCert;
+    }
+
+    public InputStream getKeyPrivateCertInputStream() throws IOException {
+        return certStoreType.getInputStream(keyPrivateCert);
    }

    /**
     * 设置中级证书
     *
-     * @param certificatePath 证书地址
+     * @param acpMiddleCert 证书信息或者证书路径
     */
-    public void setAcpMiddleCert(String certificatePath) {
-        this.acpMiddleCert = certificatePath;
+    public void setAcpMiddleCert(String acpMiddleCert) {
+        this.acpMiddleCert = acpMiddleCert;
+    }
+    /**
+     * 设置中级证书
+     *
+     * @param acpMiddleCert 证书文件
+     */
+    public void setAcpMiddleCert(InputStream acpMiddleCert) {
+        this.acpMiddleCert = acpMiddleCert;
    }

    /**
-     * 设置根证书路径
+     * 设置根证书
     *
-     * @param certificatePath 证书路径
+     * @param acpRootCert 证书路径或者证书信息字符串
     */
-    public void setAcpRootCert(String certificatePath) {
-        this.acpRootCert = certificatePath;
+    public void setAcpRootCert(String acpRootCert) {
+        this.acpRootCert = acpRootCert;
+    }
+    /**
+     * 设置根证书
+     *
+     * @param acpRootCert 证书文件流
+     */
+    public void setAcpRootCert(InputStream acpRootCert) {
+        this.acpRootCert = acpRootCert;
    }

    public String getAcpMiddleCert() {
-        return acpMiddleCert;
+        return (String) acpMiddleCert;
    }

    public String getAcpRootCert() {
-        return acpRootCert;
+        return (String) acpRootCert;
+    }
+    public InputStream getAcpMiddleCertInputStream() throws IOException {
+        return certStoreType.getInputStream(acpMiddleCert);
    }

-    /**
-     * 设置私钥证书与证书密码
-     *
-     * @param keyPrivate 私钥证书与证书对应的密码 格式: D:/certs/acp_test_sign.pfx;000000
-     *                   替代方法
-     *                   {@link #setKeyPrivateCert(String)}
-     *                   {@link #setKeyPrivateCertPwd(String)}
-     */
-    @Deprecated
-    @Override
-    public void setKeyPrivate(String keyPrivate) {
-        super.setKeyPrivate(keyPrivate);
-        if (isCertSign() && keyPrivate.length() < 1024 && keyPrivate.contains(";")) {
-            String[] split = keyPrivate.split(";");
-            super.setKeyPrivateCertPwd(split[1]);
-            super.setKeyPrivate(split[0]);
-            getCertDescriptor().initPrivateSignCert(getKeyPrivate(), getKeyPrivateCertPwd(), "PKCS12");
-            keyPrivateInit = true;
-        }
+    public InputStream getAcpRootCertInputStream() throws IOException {
+        return certStoreType.getInputStream(acpRootCert);
    }

-    /**
-     * 设置中级证书与根证书  格式：D:/certs/acp_test_middle.cer;D:/certs/acp_test_root.cer
-     *
-     * @param keyPublic 中级证书与根证书
-     *                  替代方法
-     *                  {@link #setAcpRootCert(String)}
-     *                  {@link #setAcpMiddleCert(String)}
-     */
-    @Deprecated
-    @Override
-    public void setKeyPublic(String keyPublic) {
-        super.setKeyPublic(keyPublic);
-        if (isCertSign() && keyPublic.length() < 1024) {
-            String[] split = keyPublic.split(";");
-            getCertDescriptor().initPublicCert(split[0]);
-            getCertDescriptor().initRootCert(split[1]);
-            keyPublicInit = true;
-        }
-    }
+
+

    @Override
    public String getAppid() {
@@ -199,11 +199,15 @@ public class UnionPayConfigStorage extends BasePayConfigStorage {
        this.accessType = accessType;
    }

-    public boolean isKeyPrivateInit() {
-        return keyPrivateInit;
+    /**
+     * 证书存储类型
+     * @return 证书存储类型
+     */
+    public CertStoreType getCertStoreType() {
+        return certStoreType;
    }

-    public boolean isKeyPublicInit() {
-        return keyPublicInit;
+    public void setCertStoreType(CertStoreType certStoreType) {
+        this.certStoreType = certStoreType;
    }
 }
--- a/pay-java-union/src/main/java/com/egzosn/pay/union/api/UnionPayService.java
+++ b/pay-java-union/src/main/java/com/egzosn/pay/union/api/UnionPayService.java
@@ -21,6 +21,7 @@ import com.egzosn.pay.union.bean.UnionTransactionType;

 import java.awt.image.BufferedImage;
 import java.io.ByteArrayInputStream;
+import java.io.IOException;
 import java.io.InputStream;
 import java.math.BigDecimal;
 import java.security.cert.*;
@@ -55,7 +56,10 @@ public class UnionPayService extends BasePayService<UnionPayConfigStorage> {
    private static final String FILE_TRANS_URL = "https://filedownload.%s/";
    private static final String APP_TRANS_URL = "https://gateway.%s/gateway/api/appTransReq.do";
    private static final String CARD_TRANS_URL = "https://gateway.%s/gateway/api/cardTransReq.do";
-
+    /**
+     * 证书解释器
+     */
+    private CertDescriptor certDescriptor = new CertDescriptor();
    /**
     * 构造函数
     *
@@ -81,15 +85,15 @@ public class UnionPayService extends BasePayService<UnionPayConfigStorage> {
        if (!payConfigStorage.isCertSign()) {
            return this;
        }
-        CertDescriptor certDescriptor = payConfigStorage.getCertDescriptor();
-        if (!payConfigStorage.isKeyPrivateInit()) {
-            certDescriptor.initPrivateSignCert(payConfigStorage.getKeyPrivate(), payConfigStorage.getKeyPrivateCertPwd(), "PKCS12");
-        }
-        if (!payConfigStorage.isKeyPublicInit()) {
-            certDescriptor.initPublicCert(payConfigStorage.getAcpMiddleCert());
-            certDescriptor.initRootCert(payConfigStorage.getAcpRootCert());
+        try {
+            certDescriptor.initPrivateSignCert(payConfigStorage.getKeyPrivateCertInputStream(), payConfigStorage.getKeyPrivateCertPwd(), "PKCS12");
+            certDescriptor.initPublicCert(payConfigStorage.getAcpMiddleCertInputStream());
+            certDescriptor.initRootCert(payConfigStorage.getAcpRootCertInputStream());
+        } catch (IOException e) {
+            LOG.error(e);
        }

+
        return this;
    }

@@ -127,7 +131,7 @@ public class UnionPayService extends BasePayService<UnionPayConfigStorage> {
     */
    private Map<String, Object> getCommonParam() {
        Map<String, Object> params = new TreeMap<>();
-        UnionPayConfigStorage configStorage = (UnionPayConfigStorage) payConfigStorage;
+        UnionPayConfigStorage configStorage = payConfigStorage;
        //银联接口版本
        params.put(SDKConstants.param_version, configStorage.getVersion());
        //编码方式
@@ -291,15 +295,15 @@ public class UnionPayService extends BasePayService<UnionPayConfigStorage> {
        switch (signUtils) {
            case RSA:
                parameters.put(SDKConstants.param_signMethod, SDKConstants.SIGNMETHOD_RSA);
-                parameters.put(SDKConstants.param_certId, payConfigStorage.getCertDescriptor().getSignCertId());
+                parameters.put(SDKConstants.param_certId, certDescriptor.getSignCertId());
                signStr = SignUtils.SHA1.createSign(SignUtils.parameterText(parameters, "&", "signature"), "", payConfigStorage.getInputCharset());
-                parameters.put(SDKConstants.param_signature, RSA.sign(signStr, payConfigStorage.getCertDescriptor().getSignCertPrivateKey(payConfigStorage.getKeyPrivateCertPwd()), payConfigStorage.getInputCharset()));
+                parameters.put(SDKConstants.param_signature, RSA.sign(signStr, certDescriptor.getSignCertPrivateKey(payConfigStorage.getKeyPrivateCertPwd()), payConfigStorage.getInputCharset()));
                break;
            case RSA2:
                parameters.put(SDKConstants.param_signMethod, SDKConstants.SIGNMETHOD_RSA);
-                parameters.put(SDKConstants.param_certId, payConfigStorage.getCertDescriptor().getSignCertId());
+                parameters.put(SDKConstants.param_certId, certDescriptor.getSignCertId());
                signStr = SignUtils.SHA256.createSign(SignUtils.parameterText(parameters, "&", "signature"), "", payConfigStorage.getInputCharset());
-                parameters.put(SDKConstants.param_signature, RSA2.sign(signStr, payConfigStorage.getCertDescriptor().getSignCertPrivateKey(payConfigStorage.getKeyPrivateCertPwd()), payConfigStorage.getInputCharset()));
+                parameters.put(SDKConstants.param_signature, RSA2.sign(signStr, certDescriptor.getSignCertPrivateKey(payConfigStorage.getKeyPrivateCertPwd()), payConfigStorage.getInputCharset()));
                break;
            case SHA1:
            case SHA256:
@@ -326,8 +330,8 @@ public class UnionPayService extends BasePayService<UnionPayConfigStorage> {
    private X509Certificate verifyCertificate(X509Certificate cert) {
        try {
            cert.checkValidity();//验证有效期
-            X509Certificate middleCert = payConfigStorage.getCertDescriptor().getPublicCert();
-            X509Certificate rootCert = payConfigStorage.getCertDescriptor().getRootCert();
+            X509Certificate middleCert = certDescriptor.getPublicCert();
+            X509Certificate rootCert = certDescriptor.getRootCert();

            X509CertSelector selector = new X509CertSelector();
            selector.setCertificate(cert);