@@ -298,50 +298,32 @@ public CloseableHttpClient initApiV3HttpClient() throws WxPayException {
298298 PrivateKey merchantPrivateKey = null ;
299299 PublicKey publicKey = null ;
300300
301- // 使用完全公钥模式时,只加载公钥相关配置,避免下载平台证书使灰度切换无法达到100%覆盖
302- if (this .fullPublicKeyModel ) {
303- if (StringUtils .isBlank (this .getCertSerialNo ())) {
304- throw new WxPayException ("使用公钥模式时,请确保certSerialNo(apiV3证书序列号)值已设置" );
301+ // 不使用完全公钥模式时,同时兼容平台证书和公钥
302+ X509Certificate certificate = null ;
303+ // 尝试从p12证书中加载私钥和证书
304+ Object [] objects = this .p12ToPem ();
305+ if (objects != null ) {
306+ merchantPrivateKey = (PrivateKey ) objects [0 ];
307+ certificate = (X509Certificate ) objects [1 ];
308+ this .certSerialNo = certificate .getSerialNumber ().toString (16 ).toUpperCase ();
309+ }
310+ if (certificate == null && StringUtils .isBlank (this .getCertSerialNo ()) && StringUtils .isNotBlank (this .getPrivateCertPath ())) {
311+ try (InputStream certInputStream = this .loadConfigInputStream (this .getPrivateCertString (), this .getPrivateCertPath (),
312+ this .privateCertContent , "privateCertPath" )) {
313+ certificate = PemUtils .loadCertificate (certInputStream );
305314 }
315+ this .certSerialNo = certificate .getSerialNumber ().toString (16 ).toUpperCase ();
316+ }
317+
318+ if (this .getPublicKeyString () != null || this .getPublicKeyPath () != null || this .publicKeyContent != null ) {
306319 if (StringUtils .isBlank (this .getPublicKeyId ())) {
307- throw new WxPayException ("使用公钥模式时,请确保publicKeyId值已设置" );
308- }
309- if (StringUtils .isBlank (this .getPublicKeyString ()) && StringUtils .isBlank (this .getPublicKeyPath ()) && this .getPublicKeyContent () == null ) {
310- throw new WxPayException ("使用公钥模式时,请确保publicKeyString/publicKeyPath/publicKeyContent其中一项值已设置" );
320+ throw new WxPayException ("请确保和publicKeyId配套使用" );
311321 }
312-
313322 try (InputStream pubInputStream =
314323 this .loadConfigInputStream (this .getPublicKeyString (), this .getPublicKeyPath (),
315- this .getPublicKeyContent () , "publicKeyPath" )) {
324+ this .publicKeyContent , "publicKeyPath" )) {
316325 publicKey = PemUtils .loadPublicKey (pubInputStream );
317326 }
318- } else {
319- // 不使用完全公钥模式时,同时兼容平台证书和公钥
320- X509Certificate certificate = null ;
321- // 尝试从p12证书中加载私钥和证书
322- Object [] objects = this .p12ToPem ();
323- if (objects != null ) {
324- merchantPrivateKey = (PrivateKey ) objects [0 ];
325- certificate = (X509Certificate ) objects [1 ];
326- this .certSerialNo = certificate .getSerialNumber ().toString (16 ).toUpperCase ();
327- }
328- if (certificate == null && StringUtils .isBlank (this .getCertSerialNo ()) && StringUtils .isNotBlank (this .getPrivateCertPath ())) {
329- try (InputStream certInputStream = this .loadConfigInputStream (this .getPrivateCertString (), this .getPrivateCertPath (),
330- this .privateCertContent , "privateCertPath" )) {
331- certificate = PemUtils .loadCertificate (certInputStream );
332- }
333- this .certSerialNo = certificate .getSerialNumber ().toString (16 ).toUpperCase ();
334- }
335- if (this .getPublicKeyString () != null || this .getPublicKeyPath () != null || this .publicKeyContent != null ) {
336- if (StringUtils .isBlank (this .getPublicKeyId ())) {
337- throw new WxPayException ("请确保和publicKeyId配套使用" );
338- }
339- try (InputStream pubInputStream =
340- this .loadConfigInputStream (this .getPublicKeyString (), this .getPublicKeyPath (),
341- this .publicKeyContent , "publicKeyPath" )) {
342- publicKey = PemUtils .loadPublicKey (pubInputStream );
343- }
344- }
345327 }
346328
347329 // 加载api私钥
@@ -358,6 +340,7 @@ public CloseableHttpClient initApiV3HttpClient() throws WxPayException {
358340 // 构造证书验签器
359341 Verifier certificatesVerifier ;
360342 if (this .fullPublicKeyModel ) {
343+ // 使用完全公钥模式时,只加载公钥相关配置,避免下载平台证书使灰度切换无法达到100%覆盖
361344 certificatesVerifier = VerifierBuilder .buildPublicCertVerifier (this .publicKeyId , publicKey );
362345 } else {
363346 certificatesVerifier = VerifierBuilder .build (
0 commit comments