Maven项目,微信支付退款异步通知验签本机测试没问题,打war包上传到服务器的Tomcat中测试抛出异常。
# 微信服务器返回来的数据
<xml>
<return_code>SUCCESS</return_code>
<appid><![CDATA[xxxxxxxxxxx]]></appid>
<mch_id><![CDATA[xxxxxxxxxxx]]></mch_id>
<nonce_str><![CDATA[9ed0a110d1db9686cde45a46a8b9f695]]></nonce_str>
<req_info><![CDATA[36DbbQa7HqJ0etz/6SIVmR96CTm49EgsJjKcMDZ2NBuIqlPG2ZRifAIcGBxlQpO7Jrp5IynSnAOubkyC7rad1i1hVAyf2nBQxi8H6R4h+QyEbV0n55qe28AJh46qOjDZa6enczYDTsJNRNtcR/ymbjPjFR6k2qfhFAeRO/J7DWqG3BVr5IYyJKuvKJi7x4uL4W8WUKGnp5PAYFXPX+s0aFL3Y2aNal77cI11krldSaSyRsNTbAqdiG1P5NYAhQzOATGT93CbxBCSLUtN7v9u5X8bW59clMNeF1/3UBqtZqpwVxMhCZbocCvwYXrzrt6d2MtrS/oYOpkoAvjIMUXJtCqZrNd2lBqN+xx7ylWnhQ7hfVM+hF3iXTM450BcnkvYy0f8UxyVadkZ3WULcQFjJKnDLxWv2t3FjiwGBbtzXJHSRme0fR7TkC4+L8OOilrLn3S+SPWcxgQzkiIwpsYCwQ47fa1edLrdrl8qT7HWB+/XBfDgc4w5TmlmQR5iQRJIF4sHSX839PF+zH4Rjqq+fipqRBoDCF4YW7GWXuRcw81TsR6D8UJc1g5XvipmFa2vtLxmzp3pO+TT3SdRVp1VZKm1+ktvlLqLJSlxcKTOxvBWb4xdBrfuze571uHncCGyBzCSbSbAuZ5+z9kOcrO0b/sVSxq6VEm/l/vMVjj2mFyM6sd6G3Cty7Wu0sPtEJROCvWfWvxSpKQM6vOLONqGIyjM7R1B8QdOZzMLVTkvbabjkrafEgQtxSruPs6Ww45Ri4js9pBKSdz8++Ksc3DIZD1fz4r7ZyC4j0M6Sqt/MlodrwzPfyGVuOpa3DojcovVD2CPkD1NXP2DwKLtIEtb790igxBcSOgyOT3Kpj5hh/g51QReFseLcnNtZE9iW1rfBIIHtXhj+3i068dyEvpi0CwrXRtsmk4/tbAc1bxqpIRFuNtcKCQBvfqvCiEbqrT83TPowNGY9zFkkZawc6xghPszH4aujHb9QFoPjNkmC5nXVMIrTr2DtXHkO2RNhAWh9OZKZQ3eEPjKmG2wPXvg5zrvVXu5Ena1C/rtUOqwbHI=]]></req_info>
</xml>
// 验签时抛出的异常
java.lang.SecurityException: JCE cannot authenticate the provider BC
at javax.crypto.Cipher.getInstance(Cipher.java:656)
at javax.crypto.Cipher.getInstance(Cipher.java:595)
at com.kkcode.kkclass.common.utils.WxDecodeUtil.decryptData(WxDecodeUtil.java:40)
at com.kkcode.kkclass.wechat.pay.service.impl.WxPayServiceImpl.refundAsyncNotify(WxPayServiceImpl.java:260)
at com.kkcode.kkclass.wechat.pay.controller.WxPayController.refundAsyncNotify(WxPayController.java:50)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:189)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:800)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1038)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:908)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.actuate.web.trace.servlet.HttpTraceFilter.doFilterInternal(HttpTraceFilter.java:90)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at com.kkcode.kkclass.security.JwtTokenAuthenticationFilter.doFilterInternal(JwtTokenAuthenticationFilter.java:37)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:74)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:130)
at org.springframework.boot.web.servlet.support.ErrorPageFilter.access$000(ErrorPageFilter.java:66)
at org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:105)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:123)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:117)
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:106)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at psiprobe.Tomcat90AgentValve.invoke(Tomcat90AgentValve.java:35)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:853)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1587)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.SecurityException: Cannot verify jar:file:/opt/apache-tomcat-9.0.21/webapps/kkclass/WEB-INF/lib/bcprov-jdk15on-1.60.jar!/
at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:448)
at javax.crypto.JarVerifier.verifyJars(JarVerifier.java:363)
at javax.crypto.JarVerifier.verify(JarVerifier.java:289)
at javax.crypto.JceSecurity.verifyProviderJar(JceSecurity.java:164)
at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:190)
at javax.crypto.Cipher.getInstance(Cipher.java:652)
... 109 more
Caused by: java.security.PrivilegedActionException: java.io.FileNotFoundException: /opt/apache-tomcat-9.0.21/webapps/kkclass/WEB-INF/lib/bcprov-jdk15on-1.60.jar (没有那个文件或目录)
at java.security.AccessController.doPrivileged(Native Method)
at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:426)
... 114 more
Caused by: java.io.FileNotFoundException: /opt/apache-tomcat-9.0.21/webapps/kkclass/WEB-INF/lib/bcprov-jdk15on-1.60.jar (没有那个文件或目录)
at java.util.zip.ZipFile.open(Native Method)
at java.util.zip.ZipFile.<init>(ZipFile.java:225)
at java.util.zip.ZipFile.<init>(ZipFile.java:155)
at java.util.jar.JarFile.<init>(JarFile.java:166)
at java.util.jar.JarFile.<init>(JarFile.java:103)
at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:93)
at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69)
at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:99)
at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
at sun.net.www.protocol.jar.JarURLConnection.getJarFile(JarURLConnection.java:89)
at javax.crypto.JarVerifier$2.run(JarVerifier.java:440)
at javax.crypto.JarVerifier$2.run(JarVerifier.java:427)
... 116 more
话不多说,直接上解决的方法
1、下载和maven依赖中相同版本号的bcprov-jdk15on的jar包,我下载的为bcprov-jdk15on-1.60.jar。因为我的pom中依赖的为:
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.60</version>
</dependency>
2、修改该依赖的作用域为
<scope>provider</scope>
3、将此jar包加入到$JAVA_HOME/jre/lib/ext文件夹下
4、在
$JAVA_HOME/jre/lib/security文件夹下找到java.security文件,再次文件中加入security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider
有可能你不是10,看看当前你的这个文件中security.provider.序号最大的为多少,在它的基础上+1即可
5、最最最重要的一步,记得重启你的Tomcat。
猜测该异常出现的原因:在网上看到说bcprov-jdk15on这个包是带有签名的,不可以对他进行解压或压缩等等操作,所以我猜测出现此异常的原因:maven项目在打包时破坏了这个Jar包的签名,所以导致此异常的出现。
所以说我们将该Jar包直接加入到$JAVA_HOME/jre/lib/ext目录下,这样不会破坏该Jar包的签名,并且在JVM启动时将该Jar包等下的类进行加载。
有兴趣的可以再看一下该链接中的内容,IBM一位大牛对
BouncyCastle一点阐述
BouncyCastle is a great name for a product and provides cryptography using the Java Cryptography Extensions. It has been around long before there were standards in JSE or JEE for cryptography. WAS has its own security for cryptography and can be updated from here: http://www.ibm.com/developerworks/java/jdk/security/index.html.
Since there are many different companies that make cryptography extensions, Sun/Oracle added to the Java specification how new ones could be added to the JVM. To do so the java.security file needs to be updated with the security providers that are available to the JVM. This is the same for all JVMs, whether it is Oracle, IBM, OpenJDK, etc. This tells the JVM that it is permitted to load security from the list in the file only. The reason it needs to be added is so that malicious code cannot be run as a security provider.
Adding the jar to the ext directory allows the JVM to load the security classes when the JVM starts.
