一、背景

本文不是要讲述支付服务的对账模块具体怎么做，仅是介绍如何对接浦发银行的对账接口。

也就是说，本文限读取到对账文件的内容，不会进一步去讲述如何与支付平台进行对账。

如果要获取商户的对账单，需要遵循以下步骤，涉及到浦发银行的两个接口。

• 对公收单API对账单下载
• 公共文件下载

二、对接流程

三、浦发银行开放平台

上文说到，要想获取对账文件内容，需要对接两个接口。所以，你需要在开放平台进行申请。

否则会报500错误：{ “httpCode”:“500”, “httpMessage”:“Internal Server Error”, “moreInformation”:“Not registered to plan” }

待审批通过后，就可以开始联调接口了。

四、接口说明

1、对公收单API对账单下载

这个接口的调用方式和之前的接口一样。请求入参和响应报文都非常易懂，最终为了得到对账单文件fileId，作为下一个接口的入参。

• 接口URI：/api/corporateAccounts/payments/statements

• 请求方式：GET

• 请求入参：
  

• 响应报文：
  

• 示例报文（成功报文）

# 请求报文：
{"mrchId": "310319982990001","clrgDate": "20240418"
}# 响应报文：
{"statusCode": "0000","transNo": "04972404201170910292596024","status": "UPLOADED","flDwnldNtrlnkg": "SCMCHT_DTL_310319982990001_20240418.txt","errCode": "","errInfo": ""
}

• 对账文件还未上传时的报文示例：

# 请求报文：
{"mrchId": "310319982990001","clrgDate": "20240418"
}# 响应报文：
{"statusCode": "0000","transNo": "04972404191111116409199107","status": "UPLOADING","flDwnldNtrlnkg": "","errCode": "","errInfo": ""
}

2、公共文件下载

• 接口URI：/apiFile/download

• 请求方式：GET

• 请求入参：
  
  

注意：fileId参数是跟在url中，比如：http://etest4.spdb.com.cn/spdb/uat/apiFile/download?fileId=SCMCHT_DTL_310319982990001_20240418.txt

• 响应报文：

返回内容是通过二进制流的方式，

判断http header的statusCode是否等于0000，如果交易失败，那么在http response body里将返回以下字段：

反之，当交易成功的时候，它则不会返回httpCode、httpMessage和moreInformation等字段，取而代之，返回的是文件流，见下：

由下面的对账单内容可知，有用的信息只有交易时间/浦发银行支付/退款流水号以及交易金额等字段。 注意：这里没有返回商户支付订单号，对于要两边对账的情况会有麻烦。。（限于篇幅，后期有空再单独讲述如何解析对账文本吧，对账文本要取得交易金额都够喝一壶的：因为所有字段之间不是使用“=”符号隔开，它这里必须使用跳表符“\t”来隔开，最后去掉前后空格字符才是交易金额）

• 当日既无支付或退款流水

="商户扫码支付交易对账明细表"
="清算日期:"	="20240420"
="商户编号:"	="310319982990001"		="商户名称:"	="xxx公司"
="商户清算周期:"	="T+1"		="开户行:"	="xxx银行"		="户名:"	="xxx"
="清算账号类型:"	="他行对私"			="清算账号:"	="62********xxx7"
="按终端号汇总："
="终端号"	="交易时间"		="交易类型"	="交易渠道"	="流水号"	="订单号"							="交易本金"		="应收商户手续费"	="清算金额"	="交易参考号"	="发卡行名称"	="支付账号"="按交易类型汇总："
="交易类型"	="交易时间"		="终端号"	="交易渠道"	="流水号"	="订单号"							="交易本金"		="应收商户手续费"	="清算金额"	="交易参考号"	="发卡行名称"	="支付账号"="按交易渠道汇总："
="交易渠道"	="交易时间"		="终端号"	="交易类型"	="流水号"	="订单号"							="交易本金"		="应收商户手续费"	="清算金额"	="交易参考号"	="发卡行名称"	="支付账号"="总计"	="笔数："	0              																         0.00	         0.00	         0.00

• 当日有支付或退款流水

="商户扫码支付交易对账明细表"
="清算日期:"	="20240419"
="商户编号:"	="310319982990001"		="商户名称:"	="xxx公司"
="商户清算周期:"	="T+1"		="开户行:"	="xx银行"		="户名:"	="xxxx"
="清算账号类型:"	="他行对私"			="清算账号:"	="62********xxx7"
="按终端号汇总："
="终端号"	="交易时间"		="交易类型"	="交易渠道"	="流水号"	="订单号"							="交易本金"		="应收商户手续费"	="清算金额"	="交易参考号"	="发卡行名称"	="支付账号"
="98A00162"	="0419095033"	="扫码支付"	="微信    "	="072760"	="1901041909503311585281072760"	         0.01	         0.01	         0.00		="            "	="          "	=""
="98A00162"	="0419095543"	="扫码退货"	="微信    "	="072786"	="5901041909554311128351072786"	        -0.01	         0.00	        -0.01		="            "	="          "	=""
="98A00162"	="0419102811"	="扫码支付"	="微信    "	="072951"	="1901041910281111156541072951"	         0.01	         0.01	         0.00		="            "	="          "	=""
="98A00162"	="0419103146"	="扫码退货"	="微信    "	="073054"	="5901041910314611136322073054"	        -0.01	         0.00	        -0.01		="            "	="          "	=""
="小计"	="笔数："	4              																         0.00	         0.02	        -0.02="按交易类型汇总："
="交易类型"	="交易时间"		="终端号"	="交易渠道"	="流水号"	="订单号"							="交易本金"		="应收商户手续费"	="清算金额"	="交易参考号"	="发卡行名称"	="支付账号"
="扫码支付"	="0419095033"	="98A00162"	="微信    "	="072760"	="1901041909503311585281072760"	         0.01	         0.01	         0.00		="            "	="          "	=""
="扫码支付"	="0419102811"	="98A00162"	="微信    "	="072951"	="1901041910281111156541072951"	         0.01	         0.01	         0.00		="            "	="          "	=""
="小计"	="笔数："	2              																         0.02	         0.02	         0.00
="扫码退货"	="0419095543"	="98A00162"	="微信    "	="072786"	="5901041909554311128351072786"	        -0.01	         0.00	        -0.01		="            "	="          "	=""
="扫码退货"	="0419103146"	="98A00162"	="微信    "	="073054"	="5901041910314611136322073054"	        -0.01	         0.00	        -0.01		="            "	="          "	=""
="小计"	="笔数："	2              																        -0.02	         0.00	        -0.02="按交易渠道汇总："
="交易渠道"	="交易时间"		="终端号"	="交易类型"	="流水号"	="订单号"							="交易本金"		="应收商户手续费"	="清算金额"	="交易参考号"	="发卡行名称"	="支付账号"
="微信    "	="0419095033"	="98A00162"	="扫码支付"	="072760"	="1901041909503311585281072760"	         0.01	         0.01	         0.00		="            "	="          "	=""
="微信    "	="0419095543"	="98A00162"	="扫码退货"	="072786"	="5901041909554311128351072786"	        -0.01	         0.00	        -0.01		="            "	="          "	=""
="微信    "	="0419102811"	="98A00162"	="扫码支付"	="072951"	="1901041910281111156541072951"	         0.01	         0.01	         0.00		="            "	="          "	=""
="微信    "	="0419103146"	="98A00162"	="扫码退货"	="073054"	="5901041910314611136322073054"	        -0.01	         0.00	        -0.01		="            "	="          "	=""
="小计"	="笔数："	4              																         0.00	         0.02	        -0.02="总计"	="笔数："	4              																         0.00	         0.02	        -0.02

# 报没有下载权限的错误
{"httpCode": "500","httpMessage": "Internal Server Error","moreInformation": "No download privileges"
}

• No fileId报错

文件ID参数的传送方式不对，因为我错把fileId放在http reqeust body里。

# 报未传fileId的错误
{"httpCode": "400","httpMessage": "Request Params Error","moreInformation": "No fileId"
}

四、公共文件下载接口的代码实现

因为该接口和其他接口的特殊差异，故此特别指出。

1、生成普通签名（详见下文）

# 浦发开放平台，申请的app的secret
String secret = "ZDUkZC00NmZ0LTxxxxxxxxxU2ZWZ2MmZxMC44NTU3Mzk4MDE0NjQ1NTg1MC4w";String sign = SPDBSMSignature.downloadSign(sm2PrivateKey, "fileId=" + fileId);

2、传递http header字段

String clientId = "bf4b4874-xxxxxxxxx-a318-7631afbd14a7";HttpResponse response = HttpRequest.get(fileUrl)# 浦发开放平台申请的APP.header("X-SPDB-Client-ID", clientId)# 上一步生成的签名.header("X-SPDB-SIGNATURE", sign).header("X-SPDB-SM", "true").header("X-SPDB-LABEL", "0001").execute();

3、响应解析

    if (response.isOk()) {if ("0000".equals(response.header("statusCode"))) {InputStream byteStream = response.bodyStream();try {# 注意，这里的编码格式选择GBK，否则内容会出现乱码String content = IOUtils.toString(byteStream, "GBK");if (log.isInfoEnabled()) {log.info("读取对账单文件, fileUrl={},content={}", fileUrl, content);}return content;} catch (IOException e) {log.error("读取文件内容出现异常, fileUrl={}", fileUrl, e);}}} else {log.warn("调用浦发银行对账单接口返回报错, fileUrl={}, status={}, body={}",fileUrl, response.getStatus(), response.body());}

五、普通验签

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.Security;import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;import org.apache.commons.codec.digest.DigestUtils;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.pqc.math.linearalgebra.ByteUtils;/*** API公共对象存储 for JAVA* 要求 jdk版本 1.8 以上*/
public class SPDBSMSignature {static {Security.addProvider(new BouncyCastleProvider());}// 算法名称public static final String ALGORITHM_NAME = "sm4";// P5填充public static final String ALGORITHM_NAME_ECB_PADDING = "SM4/ECB/PKCS5Padding";/*** 密钥加密** @param algorithm 算法名称* @param content 密钥* @param charset 编码格式* @return*/public static String keyDigest(String algorithm, String content, String charset) {try {MessageDigest digest = MessageDigest.getInstance(algorithm);digest.update(content.getBytes(charset));byte[] digestBytes = digest.digest();return DatatypeConverter.printHexBinary(digestBytes).toLowerCase();} catch (Exception e) {e.printStackTrace();}return null;}/*** 请求报文体加密** @param algorithm 算法名称* @param content 请求报文体* @param charset 编码格式* @return*/public static String dataDigest(String algorithm, byte[] content, String charset) {try {MessageDigest digest = MessageDigest.getInstance(algorithm);digest.update(content);byte[] digestBytes = digest.digest();return DatatypeConverter.printBase64Binary(digestBytes);} catch (Exception e) {e.printStackTrace();}return null;}/*** MD5加密** @param hash* @return*/public static String md5Digest(String hash) {String md5Str = DigestUtils.md5Hex(hash);return md5Str;}/**** 说明：sm3加密处理** @param data* @return 2019年11月26日**/public static String sm3(String data) {String charset = "UTF-8";String sm3Data = "";try {byte[] dataBytes = data.getBytes(charset);byte[] hashBytes = hash(dataBytes);sm3Data = ByteUtils.toHexString(hashBytes);} catch (UnsupportedEncodingException e) {e.printStackTrace();}return sm3Data;}/**** 返回长度为32位的byte数组 生成对应的hash值** @param dataBytes* @return 2019年10月28日**/public static byte[] hash(byte[] dataBytes) {SM3Digest digest = new SM3Digest();digest.update(dataBytes, 0, dataBytes.length);byte[] hash = new byte[digest.getDigestSize()];digest.doFinal(hash, 0);return hash;}/*** P5填充加密** @param key 密钥* @param data 请求报文体* @return*/public static byte[] encrypt(byte[] key, byte[] data) {try {Cipher cipher = Cipher.getInstance(ALGORITHM_NAME_ECB_PADDING,BouncyCastleProvider.PROVIDER_NAME);SecretKeySpec sm4Key = new SecretKeySpec(key, ALGORITHM_NAME);cipher.init(Cipher.ENCRYPT_MODE, sm4Key);return cipher.doFinal(data);} catch (Exception e) {e.printStackTrace();}return null;}/*** P5填充解密** @param key 密钥* @param signature 签名* @return*/public static byte[] decrypt(byte[] key, byte[] signature) {try {Cipher cipher = Cipher.getInstance(ALGORITHM_NAME_ECB_PADDING,BouncyCastleProvider.PROVIDER_NAME);SecretKeySpec sm4Key = new SecretKeySpec(key, ALGORITHM_NAME);cipher.init(Cipher.DECRYPT_MODE, sm4Key);return cipher.doFinal(signature);} catch (Exception e) {e.printStackTrace();}return null;}/*** 签名** @param key 密钥* @param data 请求报文体* @return*/public static String sign(String key, byte[] data) {try {String charset = "UTF-8";String shaKey = keyDigest("SHA-256", key, charset);String sm3Key = sm3(shaKey);String sm4Key = md5Digest(sm3Key);String sm4Data = sm3(dataDigest("SHA-1", data, charset));byte[] keyBytes = ByteUtils.fromHexString(sm4Key);byte[] dataBytes = sm4Data.getBytes(charset);byte[] encryptBytes = encrypt(keyBytes, dataBytes);String hexSignature = ByteUtils.toHexString(encryptBytes).toUpperCase();byte[] signBytes = hexSignature.getBytes(charset);return DatatypeConverter.printBase64Binary(signBytes);} catch (Exception e) {e.printStackTrace();}return null;}/*** 验签** @param sm4Key 密钥* @param signature 签名* @param data 请求报文体* @return*/public static boolean validateSign(String key, String signature, byte[] data) {String charset = "UTF-8";String shaKey = keyDigest("SHA-256", key, charset);String sm3Key = sm3(shaKey);String sm4Key = md5Digest(sm3Key);byte[] keyBytes = ByteUtils.fromHexString(sm4Key);String sm4Data = sm3(dataDigest("SHA-1", data, charset));byte[] signBytes = DatatypeConverter.parseBase64Binary(signature);String hexSignature = new String(signBytes).toLowerCase();byte[] cipherBytes = ByteUtils.fromHexString(hexSignature);byte[] decrypt = decrypt(keyBytes, cipherBytes);String cipherData = new String(decrypt);return sm4Data.equals(cipherData);}public static String downloadSign(String key, String data) throws UnsupportedEncodingException{String sign = sign(key, data.getBytes("UTF-8"));return sign;}public static String metadata(String filename, String filesize){String sha1Sign = dataDigest("SHA-1", filename.getBytes(), "UTF-8");String metadata = "{\"fileName\":\""+filename+"\",\"fileSize\":\""+filesize+"\",\"fileSha1\":\""+sha1Sign+"\"}";return metadata;}public static String uploadSign(String key, String metadata) throws UnsupportedEncodingException{String sign = sign(key, metadata.getBytes("UTF-8"));return sign;}
}

对接浦发银行系列文章目录：

对接浦发银行支付（一）-- 总体概述与准备工作

对接浦发银行支付（二）-- 公众号JSAPI支付

对接浦发银行支付（三）-- QR扫码付

对接浦发银行支付（四）-- 支付回调接口

对接浦发银行支付（五）-- 主动查询支付结果

对接浦发银行支付（六）-- 请求退款接口与查询退款结果接口

对接浦发银行支付（七）-- 关单接口

对接浦发银行支付（八）-- 对账接口