1. Distinguish the difference between Alipay public key and application public key, all signature verification is done using Alipay public key
2. Alipay scan code payment is a synchronous request, directly get the payment result, use the execute(request) method, the public key in the alipayclient created here can be set to null, that is, the synchronous request result will not be processed for signature verification
3. The sdkexecute(request) method is used to generate a unified order for app payment.
4. It is up to the merchant to decide whether to verify the signature of the app payment callback or not. Pay attention to the encoding of Chinese characters and special characters when verifying the signature.
(1) It is invalid to use the method officially provided by Alipay here to transcode,
valueStr = new String(valueStr.getBytes("ISO-8859-1"), "gbk");
(2) Transcode using the following method
valueStr = URLDecoder.decode(valueStr, "UTF-8");
(3) After using (2) transcoding, it is found that an error is reported: Signature length not correct: got 253 but was expecting 256. It means that the sign returned by Alipay is 256 long after transcoding, so the sign is not transcoded. , so far the problem is solved
if(!name.equals("sign")) valueStr = URLDecoder.decode(valueStr, "UTF-8");Regarding the transcoding problem, there should be a more elegant solution, no research
5. There is a delay of 10-20 minutes when modifying the account public key. During this time, both the original private key and the new private key can be used.