今天分享一下做支付宝小程序遇到的坑。ISV权限不足，建议在开发者中心检查对应功能是否已经添加。验签出错，建议检查签名字符串或签名私钥与应用公钥是否匹配

大家好，我是烤鸭：

今天分享一下做支付宝小程序遇到的坑。pom版本

  <!-- https://mvnrepository.com/artifact/com.alipay.sdk/alipay-sdk-java -->
        <dependency>
            <groupId>com.alipay.sdk</groupId>
            <artifactId>alipay-sdk-java</artifactId>
            <version>4.5.0.ALL</version>
        </dependency>

1. ISV权限不足，建议在开发者中心检查对应功能是否已经添加

支付宝对象初始化 发送请求:{"body":"{\"alipay_trade_query_response\":{\"code\":\"40006\",\"msg\":\"Insufficient Permissions\",\"sub_code\":\"isv.insufficient-isv-permissions\",\"sub_msg\":\"ISV权限不足，建议在开发者中心检查对应功能是否已经添加\"},\"alipay_cert_sn\":\"17400e36802cf62df705b4193ae1404f\",\"sign\":\"HJz1WnfP0lvBOAhmuhRNGUCwyDxhlBqLUk13saZlMPD/7NbrMv0vpQnxebUN819y7P+u03l+tnTQ+2G736KJe5t+e58YF2mG+pMfdUhVJZ5+0x8uMFKFvxsRl6u31KzB9cLnbqZ4tKbqiiy0JjQQu5P45vEVqXDgrijeiC6Oi6NyRfIg0/l4jApzKehhT564JKoXLMXLBVWJgcEcn5S0VI1a+aZPDyQlNNiA7nqthFYCEEgnTW7ngIZsZYWoTi5Oec0/MgithfsRZ87uD02mrILThyrMSEUonKUWHDX2WbfUcbV49jndu+T54OkFPR1pC2YHuxGoEvKoTsEkGi71Aw==\"}","code":"40006","errorCode":"40006","msg":"Insufficient Permissions","params":{},"subCode":"isv.insufficient-isv-permissions","subMsg":"ISV权限不足，建议在开发者中心检查对应功能是否已经添加","success":false}

首先说明不是沙箱环境。如果已经在后台申请开通了功能，大概率就是公钥和私钥没对上。由于选择的是公钥证书的方式，初始化的时候指定的是秘钥的地址。
构造代码如下：

        CertAlipayRequest certAlipayRequest = new CertAlipayRequest();
        certAlipayRequest.setServerUrl(url);
        certAlipayRequest.setAppId(appId);
        certAlipayRequest.setPrivateKey(privateKey);
        certAlipayRequest.setCertPath(appCertPath);
        certAlipayRequest.setAlipayPublicCertPath(alipayCertPath);
        certAlipayRequest.setRootCertPath(alipayRootCertPath);
        certAlipayRequest.setFormat(AlipayConstants.FORMAT_JSON);
        certAlipayRequest.setCharset(AlipayConstants.CHARSET_UTF8);
        certAlipayRequest.setSignType(AlipayConstants.SIGN_TYPE_RSA2);
        logger.info("支付宝对象初始化入参 :{}", JSONArray.toJSONString(certAlipayRequest));
        alipayClient = new DefaultAlipayClient(certAlipayRequest);

因为重新生成过证书，可能是这个原因，又按照教程搞了一遍证书，初始化可以了。

2. 验签出错，建议检查签名字符串或签名私钥与应用公钥是否匹配

[ERROR] [http-nio-8082-exec-1] [2019-08-31 11:56:45,189]  logErrorScene(333) | ErrorScene^_^40002^_^isv.invalid-signature^_^null^_^Windows 10^_^2019-08-31 11:56:45^_^ProtocalMustParams:app_cert_sn=0cf5b4f9b473c7101e07100897dd8b0a&charset=UTF-8&alipay_root_cert_sn=687b59193f3f462dd5336e5abf83c5d8_02941eef3187dddf3d3b83462e1dfcf6&method=alipay.trade.query&sign=JMKQzBAP79ZZYNfv/tcQ/4XbC5P7U5pK6Y8WwJwI+kil9EGrJbjC8Xx/xcd9KE8QsL9HBBoP1eYAaDXW0kzybAM77O73jR261ROGDqzDpowh5qrmWjTe7zq1wZTyKjNdlIl3/sT9bMz1r94yA5a/kTmhb8lWMPi1BPswmH6wUfqL+UEqSe22njIHyCGoKd86JV4zmoVT4Fl1c2rXlslq1YFD8DA2DeYQBVDTtRxkiRFtWpqBNGhrAhYcxedZTgcmJdrQIsJD69kXsc2hpkNsh4krUgE/9Q2Vw1LH3GOZwceAMyK8B8//o6584T1n1YkMgaOqU4nvsMpg9ebN8OLR3w==&version=1.0&app_id=2019060365454217&sign_type=RSA2&timestamp=2019-08-31 11:56:43^_^ProtocalOptParams:alipay_sdk=alipay-sdk-java-4.5.0.ALL&format=json^_^ApplicationParams:^_^Body:{"alipay_trade_query_response":{"code":"40002","msg":"Invalid Arguments","sub_code":"isv.invalid-signature","sub_msg":"验签出错，建议检查签名字符串或签名私钥与应用公钥是否匹配，网关生成的验签字符串为：alipay_root_cert_sn=687b59193f3f462dd5336e5abf83c5d8_02941eef3187dddf3d3b83462e1dfcf6&amp;alipay_sdk=alipay-sdk-java-4.5.0.ALL&amp;app_cert_sn=0cf5b4f9b473c7101e07100897dd8b0a&amp;app_id=2019060365454217&amp;charset=UTF-8&amp;format=json&amp;method=alipay.trade.query&amp;sign_type=RSA2&amp;timestamp=2019-08-31 11:56:43&amp;version=1.0"},"alipay_cert_sn":"17400e36802cf62df705b4193ae1404f","sign":"jFoLW1CEQTPu20RC08DHLgpBsu690HBlPGCN3V8dGuRE6c+I3VJAlIQ7kA4oiA3geJYwwrUJsAnuzqxwu/kIJemAQKmL9CuoyrN2ZF4MW0IfjFaZK9oYLVOV2YiqTxsMjGj9IGASqF2QbnYVEU7gFyTesOS+rnFCEpUJvZ1nSuvPzTttyQuVJgzHW8BqlRnk64E9a+lvPefQALAWiaDnxKChAMs3/Ikoe7Oi0lmll8V9YrFYVcYBsiF/+5jxBtxxstW9q9ihpi/rahp6wbLTES5KwOWN4MIniAUVQcACDvYfCQMcFeT+WBe171rpXFspjBNOY3DgO4opMeTM2qfV2Q=="}^_^975ms,992ms,197ms

这个问题是真的头疼,感觉公钥和秘钥都对。后来问了支付宝的技术。

在线技术客服网址：

https://cschannel.alipay.com/newPortal.htm?scene=mt_zczx
他说我的私钥不对。这是公钥证书配置后的。