wechatpay-apiv3 · xy-peng · Jan 11, 2022 · Jan 11, 2022
diff --git a/UPGRADING.md b/UPGRADING.md
@@ -1,6 +1,7 @@
 # 升级指南
 ## 从 0.3.0 升级至 0.4.0
-版本`0.4.0`提供了支持多商户号的[定时更新平台证书功能](#定时更新平台证书功能)，不兼容版本`0.3.0`。若你使用了`ScheduledUpdateCertificatesVerifier`，请使用`CertificatesManager`替换：
+版本`0.4.0`提供了支持多商户号的[定时更新平台证书功能](README.md#定时更新平台证书功能)，不兼容版本`0.3.0`。推荐升级方式如下：
+- 若你使用了`ScheduledUpdateCertificatesVerifier`，请使用`CertificatesManager`替换：
 ```diff
 -verifier = new ScheduledUpdateCertificatesVerifier(
 -                new WechatPay2Credentials(merchantId, new PrivateKeySigner(merchantSerialNumber, merchantPrivateKey)),
@@ -13,3 +14,4 @@
 +// 从证书管理器中获取verifier
 +verifier = certificatesManager.getVerifier(mchId);
 ```
+- 若你使用了`getLatestCertificate`方法，请使用`getValidCertificate`方法替换。
diff --git a/...in/java/com/wechat/pay/contrib/apache/httpclient/auth/AutoUpdateCertificatesVerifier.java b/...in/java/com/wechat/pay/contrib/apache/httpclient/auth/AutoUpdateCertificatesVerifier.java
@@ -98,11 +98,6 @@ public X509Certificate getValidCertificate() {
         return verifier.getValidCertificate();
     }
 
-    @Override
-    public X509Certificate getLatestCertificate() {
-        return verifier.getLatestCertificate();
-    }
-
     protected void autoUpdateCert() throws IOException, GeneralSecurityException {
         try (CloseableHttpClient httpClient = WechatPayHttpClientBuilder.create()
                 .withCredentials(credentials)

diff --git a/src/main/java/com/wechat/pay/contrib/apache/httpclient/auth/CertificatesVerifier.java b/src/main/java/com/wechat/pay/contrib/apache/httpclient/auth/CertificatesVerifier.java
@@ -62,26 +62,19 @@ public boolean verify(String serialNumber, byte[] message, String signature) {
 
     @Override
     public X509Certificate getValidCertificate() {
-        for (X509Certificate x509Cert : certificates.values()) {
-            try {
-                x509Cert.checkValidity();
-                return x509Cert;
-            } catch (CertificateExpiredException | CertificateNotYetValidException ignored) {
-            }
-        }
-        throw new NoSuchElementException("没有有效的微信支付平台证书");
-    }
-
-    @Override
-    public X509Certificate getLatestCertificate() {
         X509Certificate latestCert = null;
         for (X509Certificate x509Cert : certificates.values()) {
             // 若latestCert为空或x509Cert的证书有效开始时间在latestCert之后，则更新latestCert
             if (latestCert == null || x509Cert.getNotBefore().after(latestCert.getNotBefore())) {
                 latestCert = x509Cert;
             }
         }
-        return latestCert;
+        try {
+            latestCert.checkValidity();
+            return latestCert;
+        } catch (CertificateExpiredException | CertificateNotYetValidException e) {
+            throw new NoSuchElementException("没有有效的微信支付平台证书");
+        }
     }
 }
 
diff --git a/src/main/java/com/wechat/pay/contrib/apache/httpclient/auth/Verifier.java b/src/main/java/com/wechat/pay/contrib/apache/httpclient/auth/Verifier.java
@@ -10,13 +10,9 @@ public interface Verifier {
     boolean verify(String serialNumber, byte[] message, String signature);
 
     /**
-     * 该方法已废弃，请使用getLatestCertificate代替
+     * 获取合法的平台证书
      *
      * @return 合法证书
      */
-    @Deprecated
     X509Certificate getValidCertificate();
-
-    X509Certificate getLatestCertificate();
-
 }
diff --git a/src/main/java/com/wechat/pay/contrib/apache/httpclient/cert/CertificatesManager.java b/src/main/java/com/wechat/pay/contrib/apache/httpclient/cert/CertificatesManager.java
@@ -100,16 +100,11 @@ public boolean verify(String serialNumber, byte[] message, String signature) {
 
         @Override
         public X509Certificate getValidCertificate() {
-            return null;
-        }
-
-        @Override
-        public X509Certificate getLatestCertificate() {
             X509Certificate certificate;
             try {
                 certificate = CertificatesManager.this.getLatestCertificate(merchantId);
             } catch (NotFoundException e) {
-                throw new NoSuchElementException("没有最新的平台证书，merchantId:");
+                throw new NoSuchElementException("没有有效的微信支付平台证书");
             }
             return certificate;
         }
@@ -176,7 +171,7 @@ public void stop() {
         }
     }
 
-    public X509Certificate getLatestCertificate(String merchantId)
+    private X509Certificate getLatestCertificate(String merchantId)
             throws NotFoundException {
         if (merchantId == null || merchantId.isEmpty()) {
             throw new IllegalArgumentException("merchantId为空");
@@ -205,7 +200,8 @@ public X509Certificate getLatestCertificate(String merchantId)
      * 获取商户号为merchantId的验签器
      *
      * @param merchantId 商户号
-     * @return verifier
+     * @return 验签器
+     * @throws NotFoundException merchantId/merchantCertificates/apiV3Key/credentials为空
      */
     public Verifier getVerifier(String merchantId) throws NotFoundException {
         // 若商户信息不存在，返回错误

diff --git a/src/test/java/com/wechat/pay/contrib/apache/httpclient/RsaCryptoTest.java b/src/test/java/com/wechat/pay/contrib/apache/httpclient/RsaCryptoTest.java
@@ -8,6 +8,7 @@
 import static org.junit.Assert.assertTrue;
 
 import com.wechat.pay.contrib.apache.httpclient.auth.PrivateKeySigner;
+import com.wechat.pay.contrib.apache.httpclient.auth.Verifier;
 import com.wechat.pay.contrib.apache.httpclient.auth.WechatPay2Credentials;
 import com.wechat.pay.contrib.apache.httpclient.auth.WechatPay2Validator;
 import com.wechat.pay.contrib.apache.httpclient.cert.CertificatesManager;
@@ -37,7 +38,7 @@ public class RsaCryptoTest {
 
     private CloseableHttpClient httpClient;
     private CertificatesManager certificatesManager;
-
+    private Verifier verifier;
 
     @Before
     public void setup() throws Exception {
@@ -48,6 +49,7 @@ public void setup() throws Exception {
         certificatesManager.putMerchant(mchId, new WechatPay2Credentials(mchId,
                 new PrivateKeySigner(mchSerialNo, merchantPrivateKey)), apiV3Key.getBytes(StandardCharsets.UTF_8));
         // 从证书管理器中获取verifier
+        verifier = certificatesManager.getVerifier(mchId);
         httpClient = WechatPayHttpClientBuilder.create()
                 .withMerchant(mchId, mchSerialNo, merchantPrivateKey)
                 .withValidator(new WechatPay2Validator(certificatesManager.getVerifier(mchId)))
@@ -62,7 +64,8 @@ public void after() throws IOException {
     @Test
     public void encryptTest() throws Exception {
         String text = "helloworld";
-        String ciphertext = RsaCryptoUtil.encryptOAEP(text, certificatesManager.getLatestCertificate(mchId));
+        String ciphertext = RsaCryptoUtil
+                .encryptOAEP(text, verifier.getValidCertificate());
         System.out.println("ciphertext: " + ciphertext);
     }
 
@@ -71,7 +74,8 @@ public void postEncryptDataTest() throws Exception {
         HttpPost httpPost = new HttpPost("https://api.mch.weixin.qq.com/v3/smartguide/guides");
 
         String text = "helloworld";
-        String ciphertext = RsaCryptoUtil.encryptOAEP(text, certificatesManager.getLatestCertificate(mchId));
+        String ciphertext = RsaCryptoUtil
+                .encryptOAEP(text, verifier.getValidCertificate());
 
         String data = "{\n"
                 + "  \"store_id\" : 1234,\n"