微信APP支付-Java后台实现

转自：http://blog.csdn.net/walle167/article/details/50957503

1 注册微信开放者平台

开发者平台地址：https://open.weixin.qq.com/

2 成为开发者

3 上传APP

4 开通微信支付功能

5 设置商户号信息

APP 支付能力开通后，微信会给你一个商户号，用户和密码等信息。需要验证商户信息，还需要设置一个加密的密钥字段，这里就不一一细说了。

6 开发接口

微信APP支付接口，是很好调试的，（不像微信公众平台，需要80端口），可以直接在本地就可以进行调试。具体业务就不细说，直接看代码就懂了。

1 基础信息配置

package com.cat.common.pay.weiChat.config;import java.util.Properties;import com.cat.common.properties.PropertiesUtil;public class WeiChartConfig {/*** 预支付请求地址*/public static final String  PrepayUrl = "https://api.mch.weixin.qq.com/pay/unifiedorder";/*** 查询订单地址*/public static final String  OrderUrl = "https://api.mch.weixin.qq.com/pay/orderquery";/*** 关闭订单地址*/public static final String  CloseOrderUrl = "https://api.mch.weixin.qq.com/pay/closeorder";/*** 申请退款地址*/public static final String  RefundUrl = "https://api.mch.weixin.qq.com/secapi/pay/refund";/*** 查询退款地址*/public static final String  RefundQueryUrl = "https://api.mch.weixin.qq.com/pay/refundquery";/*** 下载账单地址*/public static final String  DownloadBillUrl = "https://api.mch.weixin.qq.com/pay/downloadbill";/*** 商户APPID*/public static final String  AppId = "wxa6d495be83da0beb";/*** 商户账户*/public static final String  MchId = "1321004501";/*** 商户秘钥*/public static final String  AppSercret = "qx2016well03com14wuyou2016xueche";/*** 服务器异步通知页面路径*/public static String notify_url = getProperties().getProperty("notify_url");/*** 页面跳转同步通知页面路径*/public static String return_url = getProperties().getProperty("return_url");/*** 退款通知地址*/public static String refund_notify_url = getProperties().getProperty("refund_notify_url");/*** 退款需要证书文件，证书文件的地址*/public static String refund_file_path = getProperties().getProperty("refund_file_path");/*** 商品名称*/public static String subject =  getProperties().getProperty("subject");/*** 商品描述*/public static String body = getProperties().getProperty("body");private static  Properties properties;public static synchronized Properties getProperties(){if(properties == null){
//         String path = System.getenv(RSystemConfig.KEY_WEB_HOME_CONF) + "/weichart.properties";//自定义配置文件路径String path = "d://weichart.properties";//测试路径properties = PropertiesUtil.getInstance().getProperties(path);}return properties;}}

这里是 PropertiesUtil 类

package com.cat.common.properties;import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Properties;public class PropertiesUtil{private static PropertiesUtil instance;private Properties properties = new Properties();public synchronized static PropertiesUtil getInstance() {if(null == instance) {instance = new PropertiesUtil();}return instance;}/*** 获取配置* @param fileUrl* @return*/public Properties getProperties(String fileUrl){readProperties(fileUrl);return properties;}/*** 读取properties的全部信息* @param filePath*/public void readProperties(String filePath){InputStream in = null;try{in = new BufferedInputStream(new FileInputStream(filePath));properties.load(in);}catch(Exception e){e.printStackTrace();}finally{try{if(in != null)in.close();}catch(IOException e){e.printStackTrace();}}}
}

2 http /https请求的工具类

其中有需要证书的，也有不需要证书的。
证书是在需要退款接口的时候需要使用，直接把证书放在服务器上，然后传路径

package com.qx.client.common.pay.weichart.util.httpClient;import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyStore;
import java.util.Map;import javax.net.ssl.SSLContext;import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.StringRequestEntity;
import org.apache.commons.httpclient.params.HttpMethodParams;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;public class HttpClientUtil{public static String post(String url,Map<String, String> headMap,Map<String, String> params){try{HttpClient httpclient = new HttpClient();httpclient.getParams().setParameter(HttpMethodParams.HTTP_CONTENT_CHARSET, "UTF-8");PostMethod httpPost = new PostMethod(url);if(null != headMap){for(String key : headMap.keySet()){httpPost.setRequestHeader(key, headMap.get(key));}}if(null != params){for(String pkey : params.keySet()){httpPost.addParameter(pkey, params.get(pkey));}}httpclient.executeMethod(httpPost);BufferedReader reader = new BufferedReader(new InputStreamReader(httpPost.getResponseBodyAsStream()));StringBuffer stringBuffer = new StringBuffer();String str = "";while((str = reader.readLine()) != null){stringBuffer.append(str);}reader.close();return stringBuffer.toString();}catch(Exception e){e.printStackTrace();}return null;}public static String postHttplient(String url,String xmlInfo){try{HttpClient httpclient = new HttpClient();httpclient.getParams().setParameter(HttpMethodParams.HTTP_CONTENT_CHARSET, "UTF-8");PostMethod httpPost = new PostMethod(url);httpPost.setRequestEntity(new StringRequestEntity(xmlInfo));httpclient.executeMethod(httpPost);BufferedReader reader = new BufferedReader(new InputStreamReader(httpPost.getResponseBodyAsStream()));StringBuffer stringBuffer = new StringBuffer();String str = "";while((str = reader.readLine()) != null){stringBuffer.append(str);}reader.close();return stringBuffer.toString();}catch(Exception e){e.printStackTrace();}return null;}/*** 需要加密执行的* @param url* @param xmlInfo* @return* @throws Exception */public static String postHttplientNeedSSL(String url,String xmlInfo,String cretPath,String mrchId)throws Exception{//选择初始化密钥文件格式KeyStore keyStore = KeyStore.getInstance("PKCS12");//得到密钥文件流FileInputStream instream = new FileInputStream(new File(cretPath));try{//用商户的ID 来解读文件keyStore.load(instream, mrchId.toCharArray());}finally{instream.close();}//用商户的ID 来加载SSLContext sslcontext = SSLContexts.custom().loadKeyMaterial(keyStore, mrchId.toCharArray()).build();// Allow TLSv1 protocol onlySSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext, new String[] { "TLSv1" }, null, SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);//用最新的httpclient 加载密钥CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();StringBuffer ret = new StringBuffer();try{HttpPost httpPost = new HttpPost(url);httpPost.setEntity(new StringEntity(xmlInfo));CloseableHttpResponse response = httpclient.execute(httpPost);try{HttpEntity entity = response.getEntity();if(entity != null){BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(entity.getContent()));String text;while((text = bufferedReader.readLine()) != null){ret.append(text);}}EntityUtils.consume(entity);}finally{response.close();}}finally{httpclient.close();}return ret.toString();}public static String postHtpps(String urlStr,String xmlInfo){try{URL url = new URL(urlStr);URLConnection con = url.openConnection();con.setDoOutput(true);con.setRequestProperty("Pragma:", "no-cache");con.setRequestProperty("Cache-Control", "no-cache");con.setRequestProperty("Content-Type", "text/xml;charset=utf-8");OutputStreamWriter out = new OutputStreamWriter(con.getOutputStream(), "utf-8");out.write(xmlInfo);out.flush();out.close();BufferedReader br = new BufferedReader(new InputStreamReader(con.getInputStream()));StringBuffer lines = new StringBuffer();String line = "";for(line = br.readLine(); line != null; line = br.readLine()){lines.append(line);}return lines.toString();}catch(MalformedURLException e){e.printStackTrace();}catch(IOException e){e.printStackTrace();}return null;}}

4 调用API接口

其中包含 XML生成，和解析XML，请求参数字典排序，拼接密钥，MD5加密

这里是核心和微信交互的类。

package com.cat.common.pay.weiChat;import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Random;
import java.util.Set;import org.dom4j.Document;
import org.dom4j.DocumentException;
import org.dom4j.DocumentHelper;
import org.dom4j.Element;import com.cat.common.pay.weiChat.config.WeiChartConfig;
import com.cat.common.pay.weiChat.util.HttpClientUtil;public class WeiChartUtil{/*** 返回状态码*/public static final String ReturnCode = "return_code";/*** 返回信息*/public static final String ReturnMsg = "return_msg";/*** 业务结果*/public static final String ResultCode = "result_code";/*** 预支付交易会话标识*/public static final String PrepayId = "prepay_id";/*** 得到微信预付单的返回ID* @param orderId  商户自己的订单号* @param totalFee  总金额  （分）* @return*/public static Map<String, String> getPreyId(String orderId,String totalFee,String schoolLabel){Map<String, String> reqMap = new HashMap<String, String>();reqMap.put("appid", WeiChartConfig.AppId);reqMap.put("mch_id", WeiChartConfig.MchId);reqMap.put("nonce_str", getRandomString());reqMap.put("body", "【"+schoolLabel+"】"+ WeiChartConfig.body);//reqMap.put("detail", WeiChartConfig.subject); //非必填//reqMap.put("attach", "附加数据"); //非必填reqMap.put("out_trade_no", orderId); //商户系统内部的订单号,reqMap.put("total_fee", totalFee); //订单总金额，单位为分reqMap.put("spbill_create_ip", getHostIp()); //用户端实际ip// reqMap.put("time_start", "172.16.40.18"); //交易起始时间 非必填// reqMap.put("time_expire", "172.16.40.18"); //交易结束时间  非必填// reqMap.put("goods_tag", "172.16.40.18"); //商品标记 非必填reqMap.put("notify_url", WeiChartConfig.notify_url); //通知地址reqMap.put("trade_type", "APP"); //交易类型//reqMap.put("limit_pay", "no_credit"); //指定支付方式,no_credit 指定不能使用信用卡支  非必填reqMap.put("sign", getSign(reqMap));String reqStr = creatXml(reqMap);String retStr = HttpClientUtil.postHtpps(WeiChartConfig.PrepayUrl, reqStr);return getInfoByXml(retStr);}/*** 关闭订单* @param orderId  商户自己的订单号* @return*/public static Map<String, String> closeOrder(String orderId){Map<String, String> reqMap = new HashMap<String, String>();reqMap.put("appid", WeiChartConfig.AppId);reqMap.put("mch_id", WeiChartConfig.MchId);reqMap.put("nonce_str", getRandomString());reqMap.put("out_trade_no", orderId); //商户系统内部的订单号,reqMap.put("sign", getSign(reqMap));String reqStr = creatXml(reqMap);String retStr = HttpClientUtil.postHtpps(WeiChartConfig.CloseOrderUrl, reqStr);return getInfoByXml(retStr);}/*** 查询订单* @param orderId 商户自己的订单号* @return*/public static String getOrder(String orderId){Map<String, String> reqMap = new HashMap<String, String>();reqMap.put("appid", WeiChartConfig.AppId);reqMap.put("mch_id", WeiChartConfig.MchId);reqMap.put("nonce_str", getRandomString());reqMap.put("out_trade_no", orderId); //商户系统内部的订单号,reqMap.put("sign", getSign(reqMap));String reqStr = creatXml(reqMap);String retStr = HttpClientUtil.postHtpps(WeiChartConfig.OrderUrl, reqStr);return retStr;}/*** 退款* @param orderId  商户订单号* @param refundId  退款单号* @param totralFee 总金额（分）* @param refundFee 退款金额（分）* @param opUserId 操作员ID* @return*/public static Map<String, String> refundWei(String orderId,String refundId,String totralFee,String refundFee,String opUserId){Map<String, String> reqMap = new HashMap<String, String>();reqMap.put("appid", WeiChartConfig.AppId);reqMap.put("mch_id", WeiChartConfig.MchId);reqMap.put("nonce_str", getRandomString());reqMap.put("out_trade_no", orderId); //商户系统内部的订单号,reqMap.put("out_refund_no", refundId); //商户退款单号reqMap.put("total_fee", totralFee); //总金额reqMap.put("refund_fee", refundFee); //退款金额reqMap.put("op_user_id", opUserId); //操作员reqMap.put("sign", getSign(reqMap));String reqStr = creatXml(reqMap);String retStr = "";try{retStr = HttpClientUtil.postHttplientNeedSSL(WeiChartConfig.RefundUrl, reqStr, WeiChartConfig.refund_file_path, WeiChartConfig.MchId);}catch(Exception e){e.printStackTrace();return null;}return getInfoByXml(retStr);}/*** 退款查询* @param refundId  退款单号* @return*/public static Map<String, String> getRefundWeiInfo(String refundId){Map<String, String> reqMap = new HashMap<String, String>();reqMap.put("appid", WeiChartConfig.AppId);reqMap.put("mch_id", WeiChartConfig.MchId);reqMap.put("nonce_str", getRandomString());reqMap.put("out_refund_no", refundId); //商户退款单号reqMap.put("sign", getSign(reqMap));String reqStr = creatXml(reqMap);String retStr = HttpClientUtil.postHtpps(WeiChartConfig.RefundQueryUrl, reqStr);return getInfoByXml(retStr);}/**这个方法 可以自己写，以前我使用的是我公司封装的类，后来很多人找我要JAR包，所以我改成了这样，方便部分人直接使用代码，我自己未测试，不过应该问题不大，欢迎使用有问题的找我。* 传入map  生成头为XML的xml字符串，例：<xml><key>123</key></xml>* @param reqMap* @return*/public static String creatXml(Map<String, String> reqMap){Set<String> set = reqMap.keySet();StringBuffer b = new StringBuffer();b.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>");b.append("<xml>");for(String key : set){b.append("<"+key+">").append(reqMap.get(key)).append("</"+key+">");}b.append("</xml>");return b.toString();}/*** 得到加密值* @param map* @return*/public static String getSign(Map<String, String> map){String[] keys = map.keySet().toArray(new String[0]);Arrays.sort(keys);StringBuffer reqStr = new StringBuffer();for(String key : keys){String v = map.get(key);if(v != null && !v.equals("")){reqStr.append(key).append("=").append(v).append("&");}}reqStr.append("key").append("=").append(WeiChartConfig.AppSercret);return WeiMd5.encode(reqStr.toString()).toUpperCase();}/*** 得到10 位的时间戳* 如果在JAVA上转换为时间要在后面补上三个0 * @return*/public static String getTenTimes(){String t = new Date().getTime()+"";t = t.substring(0, t.length()-3);return t;}/*** 得到随机字符串* @param length* @return*/public static String getRandomString(){int length = 32;String str = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";Random random = new Random();StringBuffer sb = new StringBuffer();for(int i = 0; i < length; ++i){int number = random.nextInt(62);//[0,62)  sb.append(str.charAt(number));}return sb.toString();}/*** 得到本地机器的IP* @return*/private static String getHostIp(){String ip = "";try{ip = InetAddress.getLocalHost().getHostAddress();}catch(UnknownHostException e){e.printStackTrace();}return ip;}public static Map<String, String> getInfoByXml(String xmlStr){try{Map<String, String> m = new HashMap<String, String>();Document d = DocumentHelper.parseText(xmlStr);Element root = d.getRootElement();for ( Iterator<?> i = root.elementIterator(); i.hasNext(); ) {Element element = (Element) i.next();String name = element.getName();if(!element.isTextOnly()){//不是字符串 跳过。确定了微信放回的xml只有根目录continue;}else{m.put(name, element.getTextTrim());}}//对返回结果做校验.去除sign 字段再去加密String retSign = m.get("sign");m.remove("sign");String rightSing = getSign(m);if(rightSing.equals(retSign)){return m;}}catch(DocumentException e){// TODO Auto-generated catch blocke.printStackTrace();}return null;
}/*** 将金额转换成分* @param fee 元格式的* @return 分*/public static String changeToFen(Double fee){String priceStr = "";if(fee != null){int p = (int)(fee * 100); //价格变为分priceStr = Integer.toString(p);}return priceStr;}}

这个是这里面使用的MD5加密方法

package com.cat.common.pay.weiChat;import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
/** MD5 算法
*/
public class WeiMd5 {// 全局数组private final static String[] strDigits = { "0", "1", "2", "3", "4", "5","6", "7", "8", "9", "a", "b", "c", "d", "e", "f" };// 返回形式为数字跟字符串private static String byteToArrayString(byte bByte) {int iRet = bByte;// System.out.println("iRet="+iRet);if (iRet < 0) {iRet += 256;}int iD1 = iRet / 16;int iD2 = iRet % 16;return strDigits[iD1] + strDigits[iD2];}// 转换字节数组为16进制字串private static String byteToString(byte[] bByte) {StringBuffer sBuffer = new StringBuffer();for (int i = 0; i < bByte.length; i++) {sBuffer.append(byteToArrayString(bByte[i]));}return sBuffer.toString();}public static String encode(String strObj) {String resultString = null;try {resultString = new String(strObj);MessageDigest md = MessageDigest.getInstance("MD5");// md.digest() 该函数返回值为存放哈希值结果的byte数组try{resultString = byteToString(md.digest(strObj.getBytes("UTF-8")));}catch(UnsupportedEncodingException e){// TODO Auto-generated catch blocke.printStackTrace();}} catch (NoSuchAlgorithmException ex) {ex.printStackTrace();}return resultString;}}

在微信支付的调试过程中，发现了一个困扰了很长时间的BUG，或者说是一个问题。
就是微信请求预支付的时候如果传了中文，就是body中给的是中文，就会报body不是UTF-8格式。如果强行对字段进行编码，又会报加密错误。

但是这不是最主要的让人困扰的地方，最让我烦恼的是，我用本地的JDK调试的时候，它是OK 的。但是用TOMCAT 部署的时候却一直都不行

在网上有很多的说法，有的说，对body 进行编码转换UTF-8，有的说对整个请求的XML，进行编码。

还有的说编码格式用统一的。iso900…等等，巴拉巴拉的。。
反正我都不行。

最后在大神的帮助下，慢慢梳理，对发送请求的post方法上面想办法。
然后就是下面的这句关键

public static String postHtpps(String urlStr,String xmlInfo){try{URL url = new URL(urlStr);URLConnection con = url.openConnection();con.setDoOutput(true);con.setRequestProperty("Pragma:", "no-cache");con.setRequestProperty("Cache-Control", "no-cache");con.setRequestProperty("Content-Type", "text/xml;charset=utf-8");//在输入流里面进行转码，是最重要的OutputStreamWriter out = new OutputStreamWriter(con.getOutputStream(), "utf-8");out.write(xmlInfo);out.flush();out.close();BufferedReader br = new BufferedReader(new InputStreamReader(con.getInputStream()));StringBuffer lines = new StringBuffer();String line = "";for(line = br.readLine(); line != null; line = br.readLine()){lines.append(line);}return lines.toString();}catch(MalformedURLException e){e.printStackTrace();}catch(IOException e){e.printStackTrace();}return null;}}

小结：很多人看了我的这篇文章后，就直接COPY了我的代码去使用，然后在我之前发的版本中，有几个生成XML 和解析XML的类是我自己封装的JAR包，没有放上来，就很多人找我，加我的QQ留言说要我给源码。其实那是很简单的一些东西。没必要那么复杂。
我的建议是我的是一个启发的DEMO。让你能够尽快的上手使用，但是你自己一定需要好好的去看官方的文档，弄懂所有的流程，才能真正的掌握这个技巧。