微信支付api v3支付回调的处理

微信支付回调返回的参数(POST)

  • Wechatpay-Serial(header)
  • Wechatpay-Signature(header)
  • Wechatpay-Timestamp(header)
  • Wechatpay-Nonce(header)
  • 主体(body)

验证签名

$verify=$smpw->_sign_verify([$timestamp, $nonce, $body], $signature);
if ($verify==1){
    echo 'ok';
}else echo 'failure';

    /**
     * 支付回调(验证签名
     * @param $data
     * @param $signature
     * @return int
     */
    public function _sign_verify($data, $signature): int {
        $message = implode("\n", $data) . "\n";
        $pu_key = openssl_pkey_get_public(file_get_contents('微信公钥的绝对地址'));//wxp_pub.pem1️⃣
        return openssl_verify(str_replace("\n\n", "\n", $message), base64_decode($signature), $pu_key, 'sha256WithRSAEncryption');
    }

参数解密

$obj=new AesUtil('API v3密钥');//1️⃣商户后台->账户中心->API安全->APIv3密钥
$body = json_decode($body, true);
if ($body['event_type']=='TRANSACTION.SUCCESS'){//通知类型
    $resource = $body['resource'];
    $decryption = $obj->decryptToString($resource['associated_data'], $resource['nonce'], $resource['ciphertext']);
    $result = json_decode($decryption, true);
    //var_dump($result);exit;
    //验证交易状态$result['trade_state']是否为SUCCESS
    //验证$result['mchid'], $result['appid']是否正确
    //验证实际支付金额$result['amount']['payer_total']和应支付金额是否一致
    //通过我们的支付单号$result['out_trade_no']来处理后续流程
    //通知应答
    echo json_encode(['code'=>'SUCCESS', 'message'=>'成功'], JSON_UNESCAPED_UNICODE);
}

参考

https://pay.weixin.qq.com/wiki/doc/apiv3/apis/chapter3_1_5.shtml

1️⃣ 微信公钥的获取:https://www.cuiwei.net/p/1351071019

感谢阅读这篇文章,如果你喜欢,或者遇到了问题,可以关注我的公众号