Skip to content

Fix PEM format private key and certificate handling in WeChat Pay config #3712

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: develop
Choose a base branch
from
Draft

Fix PEM format private key and certificate handling in WeChat Pay config #3712

wants to merge 3 commits into from

Conversation

Copilot
Copy link
Contributor

@Copilot Copilot AI commented Sep 22, 2025
edited
Loading

The loadConfigInputStream method in WxPayConfig was incorrectly applying Base64 decoding to all string inputs, causing failures when users provided PEM format private keys or certificates via setPrivateKeyString() or setPrivateCertString().

Problem

When users called:

payConfig.setPrivateKeyString("-----BEGIN PRIVATE KEY-----\nMIIE...\n-----END PRIVATE KEY-----");
payConfig.setPrivateCertString("-----BEGIN CERTIFICATE-----\nMIIC...\n-----END CERTIFICATE-----");

The SDK would throw WxRuntimeException: 无效的密钥格式 (Invalid Key Format) because:

  1. loadConfigInputStream always applied Base64 decoding to string inputs
  2. PEM format strings contain headers (-----BEGIN PRIVATE KEY-----) with characters that are invalid in Base64
  3. This caused IllegalArgumentException: Illegal base64 character 2d (hyphen character)
  4. The corrupted data then failed validation in PemUtils.loadPrivateKey()

Solution

Added intelligent format detection to distinguish between:

  • PEM format (contains -----BEGIN and -----END markers): Pass through as UTF-8 bytes for PemUtils to handle
  • Pure Base64 format: Continue decoding as before for backward compatibility

Changes

  • Modified loadConfigInputStream method with smart format detection
  • Added StandardCharsets import for proper UTF-8 encoding
  • Created comprehensive test coverage for both scenarios
  • Maintained full backward compatibility with existing Base64 usage

Testing

The fix handles all scenarios correctly:

// PEM format (now works)
payConfig.setPrivateKeyString("-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----");

// Base64 format (continues to work)
payConfig.setPrivateKeyString("MIIEvQIBADANBgkqhkiG9w0BAQE...");

This resolves WeChat Pay v3 API initialization failures in JDK 21 environments while preserving compatibility with existing implementations.

Fixes #3680.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI and others added 2 commits September 22, 2025 16:47
@Copilot @binarywang
Fix private key format detection for PEM strings in WeChat Pay config
6ac60cf 
- Add detection for PEM format strings vs Base64 format in loadConfigInputStream
- PEM format strings (with -----BEGIN/-----END headers) are now passed through directly
- Base64 format strings continue to be decoded as before
- Fixes InvalidKeySpecException when using setPrivateKeyString() with PEM content
- Resolves JDK 21 compatibility issue with WeChat Pay v3 API initialization

Co-authored-by: binarywang <1343140+binarywang@users.noreply.github.com>
@Copilot @binarywang
Add comprehensive test coverage for PEM certificate format fix
4e5ccd0 
- Add test for setPrivateCertString() with PEM format content
- Verify that both private key and certificate PEM formats work correctly
- Ensure backward compatibility with Base64 format is maintained
- Complete fix for JDK 21 compatibility issue #3680

Co-authored-by: binarywang <1343140+binarywang@users.noreply.github.com>
@Copilot Copilot AI changed the title [WIP] 4.7.0 v3请求构造异常!无效的密钥格式 Fix PEM format private key and certificate handling in WeChat Pay config Sep 22, 2025
@Copilot Copilot AI requested a review from binarywang September 22, 2025 16:50
Copilot finished work on behalf of binarywang September 22, 2025 16:50
@binarywang binarywang added this to the 4.7.9 milestone Sep 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@binarywang binarywang Awaiting requested review from binarywang

Assignees

@binarywang binarywang

Copilot code review Copilot

Labels
None yet
Projects
None yet
Milestone
4.7.9
Development

Successfully merging this pull request may close these issues.

4.7.0 v3请求构造异常!无效的密钥格式
2 participants
@Copilot @binarywang