微信wxp协议 服务器设置,微信支付

构造验签名串

首先，商户先从应答中获取以下信息。

HTTP头Wechatpay-Timestamp 中的应答时间戳。

HTTP头Wechatpay-Nonce 中的应答随机串。

应答主体(response Body)，需要按照接口返回的顺序进行验签，错误的顺序将导致验签失败。

然后，请按照以下规则构造应答的验签名串。签名串共有三行，行尾以 结束，包括最后一行。 为换行符(ASCII编码值为0x0A)。若应答报文主体为空(如HTTP状态码为204 No Content)，最后一行仅为一个 换行符。

应答时间戳

应答随机串

应答报文主体

如某个应答的HTTP报文为(省略了ciphertext的具体内容)：

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 02 Apr 2019 12:59:40 GMT

Content-Type: application/json; charset=utf-8

Content-Length: 2204

Connection: keep-alive

Keep-Alive: timeout=8

Content-Language: zh-CN

Request-ID: e2762b10-b6b9-5108-a42c-16fe2422fc8a

Wechatpay-Nonce: c5ac7061fccab6bf3e254dcf98995b8c

Wechatpay-Signature: CtcbzwtQjN8rnOXItEBJ5aQFSnIXESeV28Pr2YEmf9wsDQ8Nx25ytW6FXBCAFdrr0mgqngX3AD9gNzjnNHzSGTPBSsaEkIfhPF4b8YRRTpny88tNLyprXA0GU5ID3DkZHpjFkX1hAp/D0fva2GKjGRLtvYbtUk/OLYqFuzbjt3yOBzJSKQqJsvbXILffgAmX4pKql+Ln+6UPvSCeKwznvtPaEx+9nMBmKu7Wpbqm/+2ksc0XwjD+xlvlECkCxfD/OJ4gN3IurE0fpjxIkvHDiinQmk51BI7zQD8k1znU7r/spPqB+vZjc5ep6DC5wZUpFu5vJ8MoNKjCu8wnzyCFdA==

Wechatpay-Timestamp: 1554209980

Wechatpay-Serial: 5157F09EFDC096DE15EBE81A47057A7232F1B8E1

Cache-Control: no-cache, must-revalidate

{"data":[{"serial_no":"5157F09EFDC096DE15EBE81A47057A7232F1B8E1","effective_time":"2018-03-26T11:39:50+08:00","expire_time":"2023-03-25T11:39:50+08:00","encrypt_certificate":{"algorithm":"AEAD_AES_256_GCM","nonce":"4de73afd28b6","associated_data":"certificate","ciphertext":"..."}}]}

则验签名串为

1554209980

c5ac7061fccab6bf3e254dcf98995b8c

{"data":[{"serial_no":"5157F09EFDC096DE15EBE81A47057A7232F1B8E1","effective_time":"2018-03-26T11:39:50+08:00","expire_time":"2023-03-25T11:39:50+08:00","encrypt_certificate":{"algorithm":"AEAD_AES_256_GCM","nonce":"4de73afd28b6","associated_data":"certificate","ciphertext":"..."}}]}

构造验签名串 首先，商户先从应答中获取以下信息。 HTTP头Wechatpay-Timestamp 中的应答时间戳。 HTTP头Wechatpay-Nonce 中的应答随机串。 应答主体(response Body)，需要按照接口返回的顺序进行验签，错误的顺序将导致验签失败。 然后，请按照以下规则构造应答的验签名串。签名串共有三行，行尾以 结束，包括最后一行。 为换行符(ASCII编码值为0x0A)。若应答报文主体为空(如HTTP状态码为204 No Content)，最后一行仅为一个 换行符。 应答时间戳 应答随机串 应答报文主体 如某个应答的HTTP报文为(省略了ciphertext的具体内容)： HTTP/1.1 200 OK Server: nginx Date: Tue, 02 Apr 2019 12:59:40 GMT Content-Type: application/json; charset=utf-8 Content-Length: 2204 Connection: keep-alive Keep-Alive: timeout=8 Content-Language: zh-CN Request-ID: e2762b10-b6b9-5108-a42c-16fe2422fc8a Wechatpay-Nonce: c5ac7061fccab6bf3e254dcf98995b8c Wechatpay-Signature: CtcbzwtQjN8rnOXItEBJ5aQFSnIXESeV28Pr2YEmf9wsDQ8Nx25ytW6FXBCAFdrr0mgqngX3AD9gNzjnNHzSGTPBSsaEkIfhPF4b8YRRTpny88tNLyprXA0GU5ID3DkZHpjFkX1hAp/D0fva2GKjGRLtvYbtUk/OLYqFuzbjt3yOBzJSKQqJsvbXILffgAmX4pKql+Ln+6UPvSCeKwznvtPaEx+9nMBmKu7Wpbqm/+2ksc0XwjD+xlvlECkCxfD/OJ4gN3IurE0fpjxIkvHDiinQmk51BI7zQD8k1znU7r/spPqB+vZjc5ep6DC5wZUpFu5vJ8MoNKjCu8wnzyCFdA== Wechatpay-Timestamp: 1554209980 Wechatpay-Serial: 5157F09EFDC096DE15EBE81A47057A7232F1B8E1 Cache-Control: no-cache, must-revalidate {"data":[{"serial_no":"5157F09EFDC096DE15EBE81A47057A7232F1B8E1","effective_time":"2018-03-26T11:39:50+08:00","expire_time":"2023-03-25T11:39:50+08:00","encrypt_certificate":{"algorithm":"AEAD_AES_256_GCM","nonce":"4de73afd28b6","associated_data":"certificate","ciphertext":"..."}}]} 则验签名串为 1554209980 c5ac7061fccab6bf3e254dcf98995b8c {"data":[{"serial_no":"5157F09EFDC096DE15EBE81A47057A7232F1B8E1","effective_time":"2018-03-26T11:39:50+08:00","expire_time":"2023-03-25T11:39:50+08:00","encrypt_certificate":{"algorithm":"AEAD_AES_256_GCM","nonce":"4de73afd28b6","associated_data":"certificate","ciphertext":"..."}}]}