公司最近开发小程序,涉及到支付功能. 现在支付功能已经做完,特此记录一下自己踩坑经验:
众所周知,微信小程序目前只能使用微信支付, 而且微信小程序支付相对于app支付,h5支付都要简单一些,但是该支付文档对java这语言是非常不友好的,居然没有demo, 网上虽说有很多博客,但是找了好多都是跑不通, 乱七八糟的很多都跑不通, 以下 代码不是自己写的,大多都是这儿抄一点哪儿抄一顿,但是能跑通,亲测没毛病,如果有毛病可以留言交流.废话不多说,先说准备工作!对依赖不清楚或者回调失败的请访问: https://www.keppel.fun/articles/2019/03/06/1551844306979.html
1. 登录微信公众平台, 开通微信支付功能
2. 登录微信商户平台
3. 准备完毕, 小程序代码
4. 后端统一下单和支付回调接口
5. 相关配置类以及工具类
6. 最后还有些jar包说明一下
这是准备工作的第一步, 确保小程序对应的支付功能已经开启
该步骤需要获取两个参数, 一个是商户号, 一个是支付秘钥, 如下图所示
注意秘钥自己要保护好,相当于支付密码,每次签名都需要该参数, 该参数只能设置的时候看得见,其余的时候是没法看得见.所以要记好了!
微信小程序发起支付的请求到开发者服务器, 后台预下单返回一个prepay_id, 还有其他乱七八糟的参数.然后微信小程序调用支付方法进行支付, 最后微信服务器会发起回调函数到开发者服务器.
var app = getApp()
data: {
motto: 'Hello World',
userInfo: {}
onLoad: function () {
payoff: function(e){
var that = this;
success: function(res) {
success: function(re) {
fail: function () {
// 获取用户的收货地址
getAddress: function (re,code) {
var that = this;
success: function (add) {
that.getOpenId(re, add.userName,add.provinceName,add.cityName,add.countyName,
getOpenId: function(re, userName, provinceName, cityName, countryName, detailInfo, telNumber,code){
var that = this;
// 开发者服务器地址
url: 'http://1d7a111.iok.la:10534/api/getUnionId',
method: 'POST',
header: {
'content-type': 'application/x-www-form-urlencoded'
data: { encryptedData: re.encryptedData, iv: re.iv, code: code },
success: function(res) {
var openId = res.data.userInfo.openId;
var unionId = res.data.userInfo.unionId;
// console.log('res>', openId);
that.loginPlatform(userName, provinceName, cityName, countryName, detailInfo, telNumber,unionId, openId);
// 登录
loginPlatform: function (userName, provinceName, cityName, countryName, detailInfo, telNumber,unionId, openId) {
var that = this;
url: 'http://1d7a111.iok.la:12534/api/login/platform',
method: 'POST',
header: {
'content-type': 'application/json'
data: { unionId: unionId, platform: 'WECHAT' },
success: function(res) {
console.log('res', res.data.token);
var token = res.data.token;
that.xiadan(userName, provinceName, cityName, countryName, detailInfo, telNumber,openId, token);
xiadan: function (userName, provinceName, cityName, countryName, detailInfo, telNumber,openId, token){
console.log('openId', openId);
console.log('token', token);
var that = this;
url: 'http://1d7a01111.iok.la:12534/api/v1/weixin/payment',
method: 'POST',
header: {
'content-type': 'application/json',
'authorization': 'Bearer ' + token
data: {
openId: openId,
cfId: '5b32f553aff8ca411f839eb4',
planId: '5b32f5cbaff8ca111f839eb7',
quantity: 2,
orderRemark: '说点啥备注好?',
name: userName,
phone: telNumber,
province: provinceName,
city: cityName,
district: countryName,
address: detailInfo
success: function(res) {
requestPayment: function(obj){
'timeStamp': obj.timeStamp,
'nonceStr': obj.nonceStr,
'package': obj.package,
'signType': obj.signType,
'paySign': obj.paySign,
* @Author: YFei
* @Date: Created in 18:10 2018/7/25
* @Description:
@RequestMapping(value = "/api/v1")
public class WXAppletPayCtrl {
private static final long serialVersionUID = 1L;
private static final Logger L = Logger.getLogger(WXAppletPayCtrl.class);
private String notify_url;
private final String trade_type = "JSAPI";
private final String url = "https://api.mch.weixin.qq.com/pay/unifiedorder";
* @param request
* @return
* @throws UnsupportedEncodingException
* @throws DocumentException
value = "/weixin/payment",
method = RequestMethod.POST
public Map payment(@Valid @RequestBody NewWXOrderRequest request, HttpServletRequest httpServletRequest) {
Map map = new HashMap();
String money = "10";
String title = "商品名字";
try {
OrderInfo order = new OrderInfo();
order.setTotal_fee(Integer.parseInt(money)); // 该金钱其实10 是 0.1元
String sign = Signature.getSign(order);
String result = HttpRequest.sendPost(url, order);
XStream xStream = new XStream();
xStream.alias("xml", OrderReturnInfo.class);
OrderReturnInfo returnInfo = (OrderReturnInfo)xStream.fromXML(result);
// 二次签名
if ("SUCCESS".equals(returnInfo.getReturn_code()) && returnInfo.getReturn_code().equals(returnInfo.getResult_code())) {
SignInfo signInfo = new SignInfo();
long time = System.currentTimeMillis()/1000;
String sign1 = Signature.getSign(signInfo);
Map payInfo = new HashMap();
payInfo.put("timeStamp", signInfo.getTimeStamp());
payInfo.put("nonceStr", signInfo.getNonceStr());
payInfo.put("package", signInfo.getRepay_id());
payInfo.put("signType", signInfo.getSignType());
payInfo.put("paySign", sign1);
map.put("status", 200);
map.put("msg", "统一下单成功!");
map.put("data", payInfo);
// 此处可以写唤起支付前的业务逻辑
// 业务逻辑结束
return map;
map.put("status", 500);
map.put("msg", "统一下单失败!");
map.put("data", null);
return map;
} catch (Exception e) {
L.error("-------", e);
return null;
* 微信小程序支付成功回调函数
* @param request
* @param response
* @throws Exception
@RequestMapping(value = "/weixin/callback")
public void wxNotify(HttpServletRequest request,HttpServletResponse response) throws Exception{
BufferedReader br = new BufferedReader(new InputStreamReader((ServletInputStream)request.getInputStream()));
String line = null;
StringBuilder sb = new StringBuilder();
while((line = br.readLine()) != null){
String notityXml = sb.toString();
String resXml = "";
System.out.println("接收到的报文:" + notityXml);
Map map = PayUtil.doXMLParse(notityXml);
String returnCode = (String) map.get("return_code");
Map<String, String> validParams = PayUtil.paraFilter(map); //回调验签时需要去除sign和空值参数
String validStr = PayUtil.createLinkString(validParams);//把数组所有元素,按照“参数=参数值”的模式用“&”字符拼接成字符串
String sign = PayUtil.sign(validStr, Configure.getKey(), "utf-8").toUpperCase();//拼装生成服务器端验证的签名
// 因为微信回调会有八次之多,所以当第一次回调成功了,那么我们就不再执行逻辑了
// bla bla bla....
resXml = "<xml>" + "<return_code><![CDATA[SUCCESS]]></return_code>"
+ "<return_msg><![CDATA[OK]]></return_msg>" + "</xml> ";
} else {
resXml = "<xml>" + "<return_code><![CDATA[FAIL]]></return_code>"
+ "<return_msg><![CDATA[报文为空]]></return_msg>" + "</xml> ";
BufferedOutputStream out = new BufferedOutputStream(
以上是统一下单的接口和微信支付成功的回调接口, 注意的如果springboot项目中的springsecurity,一定要注意放行回调地址, 否则回调会失败.
* 签名
* @author zuoliangzhu
public class Signature {
private static final Logger L = Logger.getLogger(Signature.class);
* 签名算法
* @param o 要参与签名的数据对象
* @return 签名
* @throws IllegalAccessException
public static String getSign(Object o) throws IllegalAccessException {
ArrayList<String> list = new ArrayList<String>();
Class cls = o.getClass();
Field[] fields = cls.getDeclaredFields();
for (Field f : fields) {
if (f.get(o) != null && f.get(o) != "") {
String name = f.getName();
XStreamAlias anno = f.getAnnotation(XStreamAlias.class);
if(anno != null)
name = anno.value();
list.add(name + "=" + f.get(o) + "&");
int size = list.size();
String [] arrayToSort = list.toArray(new String[size]);
Arrays.sort(arrayToSort, String.CASE_INSENSITIVE_ORDER);
StringBuilder sb = new StringBuilder();
for(int i = 0; i < size; i ++) {
String result = sb.toString();
result += "key=" + Configure.getKey();
result = MD5.MD5Encode(result).toUpperCase();
return result;
public static String getSign(Map<String,Object> map){
ArrayList<String> list = new ArrayList<String>();
for(Map.Entry<String,Object> entry:map.entrySet()){
list.add(entry.getKey() + "=" + entry.getValue() + "&");
int size = list.size();
String [] arrayToSort = list.toArray(new String[size]);
Arrays.sort(arrayToSort, String.CASE_INSENSITIVE_ORDER);
StringBuilder sb = new StringBuilder();
for(int i = 0; i < size; i ++) {
String result = sb.toString();
result += "key=" + Configure.getKey();
//Util.log("Sign Before MD5:" + result);
result = MD5.MD5Encode(result).toUpperCase();
//Util.log("Sign Result:" + result);
return result;
public class Configure {
// 商户支付秘钥
private static String key = "xxxxxxNOBVmszxxxxxxxxxxxxxxxxxxx";
private static String appID = "wx42ebbFFFFFFFFFF";
private static String mch_id = "1499111112";
// 小程序的secret
private static String secret = "xxxxxxxxxxxxxxxxxxx";
public static String getSecret() {
return secret;
public static void setSecret(String secret) {
Configure.secret = secret;
public static String getKey() {
return key;
public static void setKey(String key) {
Configure.key = key;
public static String getAppID() {
return appID;
public static void setAppID(String appID) {
Configure.appID = appID;
public static String getMch_id() {
return mch_id;
public static void setMch_id(String mch_id) {
Configure.mch_id = mch_id;
public class HttpRequest {
private static final int socketTimeout = 10000;
private static final int connectTimeout = 30000;
* post请求
* @throws IOException
* @throws ClientProtocolException
* @throws NoSuchAlgorithmException
* @throws KeyStoreException
* @throws KeyManagementException
* @throws UnrecoverableKeyException
public static String sendPost(String url, Object xmlObj) throws ClientProtocolException, IOException, UnrecoverableKeyException, KeyManagementException, KeyStoreException, NoSuchAlgorithmException {
HttpPost httpPost = new HttpPost(url);
XStream xStreamForRequestPostData = new XStream(new DomDriver("UTF-8", new XmlFriendlyNameCoder("-_", "_")));
xStreamForRequestPostData.alias("xml", xmlObj.getClass());
String postDataXML = xStreamForRequestPostData.toXML(xmlObj);
StringEntity postEntity = new StringEntity(postDataXML, "UTF-8");
httpPost.addHeader("Content-Type", "text/xml");
RequestConfig requestConfig = RequestConfig.custom().setSocketTimeout(socketTimeout).setConnectTimeout(connectTimeout).build();
HttpClient httpClient = HttpClients.createDefault();
HttpResponse response = httpClient.execute(httpPost);
HttpEntity entity = response.getEntity();
String result = EntityUtils.toString(entity, "UTF-8");
return result;
* 自定义证书管理器,信任所有证书
* @author pc
public static class MyX509TrustManager implements X509TrustManager {
public void checkClientTrusted(
java.security.cert.X509Certificate[] arg0, String arg1)
throws CertificateException {
public void checkServerTrusted(
java.security.cert.X509Certificate[] arg0, String arg1)
throws CertificateException {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
import java.security.MessageDigest;
* User: rizenguo
* Date: 2014/10/23
* Time: 15:43
public class MD5 {
private final static String[] hexDigits = {"0", "1", "2", "3", "4", "5", "6", "7",
"8", "9", "a", "b", "c", "d", "e", "f"};
* 转换字节数组为16进制字串
* @param b 字节数组
* @return 16进制字串
public static String byteArrayToHexString(byte[] b) {
StringBuilder resultSb = new StringBuilder();
for (byte aB : b) {
return resultSb.toString();
* 转换byte到16进制
* @param b 要转换的byte
* @return 16进制格式
private static String byteToHexString(byte b) {
int n = b;
if (n < 0) {
n = 256 + n;
int d1 = n / 16;
int d2 = n % 16;
return hexDigits[d1] + hexDigits[d2];
* MD5编码
* @param origin 原始字符串
* @return 经过MD5加密之后的结果
public static String MD5Encode(String origin) {
String resultString = null;
try {
resultString = origin;
MessageDigest md = MessageDigest.getInstance("MD5");
resultString = byteArrayToHexString(md.digest(resultString.getBytes()));
} catch (Exception e) {
return resultString;
* 预订单
* @author zuoliangzhu
public class OrderInfo {
private String appid;// 小程序ID
private String mch_id;// 商户号
private String nonce_str;// 随机字符串
private String sign_type;//签名类型
private String sign;// 签名
private String body;// 商品描述
private String out_trade_no;// 商户订单号
private int total_fee;// 标价金额 ,单位为分
private String spbill_create_ip;// 终端IP
private String notify_url;// 通知地址
private String trade_type;// 交易类型
private String openid;//用户标识
public String getSign_type() {
return sign_type;
public void setSign_type(String sign_type) {
this.sign_type = sign_type;
public String getOpenid() {
return openid;
public void setOpenid(String openid) {
this.openid = openid;
public String getAppid() {
return appid;
public void setAppid(String appid) {
this.appid = appid;
public String getMch_id() {
return mch_id;
public void setMch_id(String mch_id) {
this.mch_id = mch_id;
public String getNonce_str() {
return nonce_str;
public void setNonce_str(String nonce_str) {
this.nonce_str = nonce_str;
public String getSign() {
return sign;
public void setSign(String sign) {
this.sign = sign;
public String getBody() {
return body;
public void setBody(String body) {
this.body = body;
public String getOut_trade_no() {
return out_trade_no;
public void setOut_trade_no(String out_trade_no) {
this.out_trade_no = out_trade_no;
public int getTotal_fee() {
return total_fee;
public void setTotal_fee(int total_fee) {
this.total_fee = total_fee;
public String getSpbill_create_ip() {
return spbill_create_ip;
public void setSpbill_create_ip(String spbill_create_ip) {
this.spbill_create_ip = spbill_create_ip;
public String getNotify_url() {
return notify_url;
public void setNotify_url(String notify_url) {
this.notify_url = notify_url;
public String getTrade_type() {
return trade_type;
public void setTrade_type(String trade_type) {
this.trade_type = trade_type;
public class OrderReturnInfo {
private String return_code;
private String return_msg;
private String result_code;
private String appid;
private String mch_id;
private String nonce_str;
private String sign;
private String prepay_id;
private String trade_type;
public String getReturn_code() {
return return_code;
public void setReturn_code(String return_code) {
this.return_code = return_code;
public String getReturn_msg() {
return return_msg;
public void setReturn_msg(String return_msg) {
this.return_msg = return_msg;
public String getResult_code() {
return result_code;
public void setResult_code(String result_code) {
this.result_code = result_code;
public String getAppid() {
return appid;
public void setAppid(String appid) {
this.appid = appid;
public String getMch_id() {
return mch_id;
public void setMch_id(String mch_id) {
this.mch_id = mch_id;
public String getNonce_str() {
return nonce_str;
public void setNonce_str(String nonce_str) {
this.nonce_str = nonce_str;
public String getSign() {
return sign;
public void setSign(String sign) {
this.sign = sign;
public String getPrepay_id() {
return prepay_id;
public void setPrepay_id(String prepay_id) {
this.prepay_id = prepay_id;
public String getTrade_type() {
return trade_type;
public void setTrade_type(String trade_type) {
this.trade_type = trade_type;
* 随机字符串生成
* @author zuoliangzhu
public class RandomStringGenerator {
* 获取一定长度的随机字符串
* @param length 指定字符串长度
* @return 一定长度的字符串
public static String getRandomStringByLength(int length) {
String base = "abcdefghijklmnopqrstuvwxyz0123456789";
Random random = new Random();
StringBuffer sb = new StringBuffer();
for (int i = 0; i < length; i++) {
int number = random.nextInt(base.length());
return sb.toString();
* 签名信息
* @author zuoliangzhu
public class SignInfo {
private String appId;//小程序ID
private String timeStamp;//时间戳
private String nonceStr;//随机串
private String repay_id;
private String signType;//签名方式
public String getAppId() {
return appId;
public void setAppId(String appId) {
this.appId = appId;
public String getTimeStamp() {
return timeStamp;
public void setTimeStamp(String timeStamp) {
this.timeStamp = timeStamp;
public String getNonceStr() {
return nonceStr;
public void setNonceStr(String nonceStr) {
this.nonceStr = nonceStr;
public String getRepay_id() {
return repay_id;
public void setRepay_id(String repay_id) {
this.repay_id = repay_id;
public String getSignType() {
return signType;
public void setSignType(String signType) {
this.signType = signType;
public class PayUtil {
* 签名字符串
* @param text 需要签名的字符串
* @param key 密钥
* @param input_charset 编码格式
* @return 签名结果
public static String sign(String text, String key, String input_charset) {
text = text + "&key=" + key;
return DigestUtils.md5Hex(getContentBytes(text, input_charset));
* 签名字符串
* @param text 需要签名的字符串
* @param sign 签名结果
* @param key 密钥
* @param input_charset 编码格式
* @return 签名结果
public static boolean verify(String text, String sign, String key, String input_charset) {
text = text + key;
String mysign = DigestUtils.md5Hex(getContentBytes(text, input_charset));
if (mysign.equals(sign)) {
return true;
} else {
return false;
* @param content
* @param charset
* @return
* @throws SignatureException
* @throws UnsupportedEncodingException
public static byte[] getContentBytes(String content, String charset) {
if (charset == null || "".equals(charset)) {
return content.getBytes();
try {
return content.getBytes(charset);
} catch (UnsupportedEncodingException e) {
throw new RuntimeException("MD5签名过程中出现错误,指定的编码集不对,您目前指定的编码集是:" + charset);
private static boolean isValidChar(char ch) {
if ((ch >= '0' && ch <= '9') || (ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <= 'z'))
return true;
if ((ch >= 0x4e00 && ch <= 0x7fff) || (ch >= 0x8000 && ch <= 0x952f))
return true;// 简体中文汉字编码
return false;
* 除去数组中的空值和签名参数
* @param sArray 签名参数组
* @return 去掉空值与签名参数后的新签名参数组
public static Map<String, String> paraFilter(Map<String, String> sArray) {
Map<String, String> result = new HashMap<String, String>();
if (sArray == null || sArray.size() <= 0) {
return result;
for (String key : sArray.keySet()) {
String value = sArray.get(key);
if (value == null || value.equals("") || key.equalsIgnoreCase("sign")
|| key.equalsIgnoreCase("sign_type")) {
result.put(key, value);
return result;
* 把数组所有元素排序,并按照“参数=参数值”的模式用“&”字符拼接成字符串
* @param params 需要排序并参与字符拼接的参数组
* @return 拼接后字符串
public static String createLinkString(Map<String, String> params) {
List<String> keys = new ArrayList<String>(params.keySet());
String prestr = "";
for (int i = 0; i < keys.size(); i++) {
String key = keys.get(i);
String value = params.get(key);
if (i == keys.size() - 1) {// 拼接时,不包括最后一个&字符
prestr = prestr + key + "=" + value;
} else {
prestr = prestr + key + "=" + value + "&";
return prestr;
* @param requestUrl 请求地址
* @param requestMethod 请求方法
* @param outputStr 参数
public static String httpRequest(String requestUrl,String requestMethod,String outputStr) {
// 创建SSLContext
StringBuffer buffer = null;
try {
URL url = new URL(requestUrl);
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
if (null != outputStr) {
OutputStream os = conn.getOutputStream();
// 读取服务器端返回的内容
InputStream is = conn.getInputStream();
InputStreamReader isr = new InputStreamReader(is, "utf-8");
BufferedReader br = new BufferedReader(isr);
buffer = new StringBuffer();
String line = null;
while ((line = br.readLine()) != null) {
}catch(Exception e){
return buffer.toString();
public static String urlEncodeUTF8(String source){
String result=source;
try {
result=java.net.URLEncoder.encode(source, "UTF-8");
} catch (UnsupportedEncodingException e) {
return result;
* 解析xml,返回第一级元素键值对。如果第一级元素有子节点,则此节点的值是子节点的xml数据。
* @param strxml
* @return
* @throws JDOMException
* @throws IOException
public static Map doXMLParse(String strxml) throws Exception {
if(null == strxml || "".equals(strxml)) {
return null;
Map m = new HashMap();
InputStream in = String2Inputstream(strxml);
SAXBuilder builder = new SAXBuilder();
Document doc = builder.build(in);
Element root = doc.getRootElement();
List list = root.getChildren();
Iterator it = list.iterator();
while(it.hasNext()) {
Element e = (Element) it.next();
String k = e.getName();
String v = "";
List children = e.getChildren();
if(children.isEmpty()) {
v = e.getTextNormalize();
} else {
v = getChildrenText(children);
m.put(k, v);
return m;
* 获取子结点的xml
* @param children
* @return String
public static String getChildrenText(List children) {
StringBuffer sb = new StringBuffer();
if(!children.isEmpty()) {
Iterator it = children.iterator();
while(it.hasNext()) {
Element e = (Element) it.next();
String name = e.getName();
String value = e.getTextNormalize();
List list = e.getChildren();
sb.append("<" + name + ">");
if(!list.isEmpty()) {
sb.append("</" + name + ">");
return sb.toString();
public static InputStream String2Inputstream(String str) {
return new ByteArrayInputStream(str.getBytes());
好了,就这些了,应该没漏了.. 抄了不少朋友的代码,大同小异
这里使用gradle管理jar包, 如果是maven自行转换
// https://mvnrepository.com/artifact/org.codehaus.xfire/xfire-core
compile group: 'org.codehaus.xfire', name: 'xfire-core', version: '1.2.6'
// https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk16
compile group: 'org.bouncycastle', name: 'bcprov-jdk16', version: '1.46'
// https://mvnrepository.com/artifact/com.thoughtworks.xstream/xstream
compile group: 'com.thoughtworks.xstream', name: 'xstream', version: '1.4.7'
// https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient
compile group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.2'
compile 'org.jdom:jdom2:2.0.5'
// compile("org.springframework.boot:spring-boot-starter-undertow")
另外还有application.yml文件里面说明一下, 有一个回调地址
wxapplet.config.weixinpay.notifyurl: http://localhost:8080/api/v1/weixin/wxappletpaycallback