core/docs/CERTIFICATE_PATH_FIX.md

# 证书路径拼接规则修复

## 问题描述

生产环境中微信支付证书路径拼接错误，导致证书加载失败：

**错误路径**：
```
/www/wwwroot/file.ws/wechat/10550//20250727/c27fe16e08314431a56c3489818af64f.pem
```

**正确路径**：
```
/www/wwwroot/file.ws/file/20250727/c27fe16e08314431a56c3489818af64f.pem
```

## 修复方案

修改证书路径拼接规则为：`uploadPath + "file" + 数据库存储的相对路径`

## 修改的文件

### 1. WxNativePayController.java
**文件路径**: `src/main/java/com/gxwebsoft/common/system/controller/WxNativePayController.java`

**修改内容**:
```java
// 修改前
apiclientKey = config.getUploadPath().concat("/file").concat(payment.getApiclientKey());

// 修改后
String relativePath = payment.getApiclientKey();
apiclientKey = config.getUploadPath() + "file" + relativePath;
log.info("生产环境证书路径构建 - 上传根路径: {}", config.getUploadPath());
log.info("生产环境证书路径构建 - 数据库相对路径: {}", relativePath);
log.info("生产环境证书路径构建 - 完整路径: {}", apiclientKey);
```

### 2. AlipayConfigUtil.java
**文件路径**: `src/main/java/com/gxwebsoft/common/core/utils/AlipayConfigUtil.java`

**修改内容**:
```java
// 修改前
this.appCertPublicKey = pathConfig.getUploadPath() + "file" + payment.getString("appCertPublicKey");
this.alipayCertPublicKey = pathConfig.getUploadPath() + "file" + payment.getString("alipayCertPublicKey");
this.alipayRootCert = pathConfig.getUploadPath() + "file" + payment.getString("alipayRootCert");

// 修改后
String appCertPath = payment.getString("appCertPublicKey");
String alipayCertPath = payment.getString("alipayCertPublicKey");
String rootCertPath = payment.getString("alipayRootCert");

this.appCertPublicKey = pathConfig.getUploadPath() + "file" + appCertPath;
this.alipayCertPublicKey = pathConfig.getUploadPath() + "file" + alipayCertPath;
this.alipayRootCert = pathConfig.getUploadPath() + "file" + rootCertPath;

log.info("生产环境支付宝证书路径构建:");
log.info("上传根路径: {}", pathConfig.getUploadPath());
log.info("应用证书 - 数据库路径: {}, 完整路径: {}", appCertPath, this.appCertPublicKey);
log.info("支付宝证书 - 数据库路径: {}, 完整路径: {}", alipayCertPath, this.alipayCertPublicKey);
log.info("根证书 - 数据库路径: {}, 完整路径: {}", rootCertPath, this.alipayRootCert);
```

### 3. CertificateHealthService.java
**文件路径**: `src/main/java/com/gxwebsoft/common/core/service/CertificateHealthService.java`

**修改内容**:
```java
// 修改前
String fullPath = uploadPath + "file" + relativePath;

// 修改后
String fullPath = uploadPath + "file" + relativePath;
log.debug("生产环境证书路径构建 - 上传根路径: {}, 相对路径: {}, 完整路径: {}", 
         uploadPath, relativePath, fullPath);
```

### 4. SettingServiceImpl.java
**文件路径**: `src/main/java/com/gxwebsoft/common/system/service/impl/SettingServiceImpl.java`

**修改内容**:
```java
// 修改前
final String privateKey = pathConfig.getUploadPath().concat("file").concat(apiclientKey);
final String apiclientCert = pathConfig.getUploadPath().concat("file").concat(jsonObject.getString("apiclientCert"));

// 修改后
final String privateKey = pathConfig.getUploadPath() + "file" + apiclientKey;
final String apiclientCert = pathConfig.getUploadPath() + "file" + jsonObject.getString("apiclientCert");
```

## 路径构建规则

### 生产环境配置
- **上传根路径**: `/www/wwwroot/file.ws/` (来自 `application-prod.yml` 的 `config.upload-path`)
- **文件目录**: `file`
- **数据库相对路径**: `/20250727/c27fe16e08314431a56c3489818af64f.pem`

### 最终路径
```
/www/wwwroot/file.ws/ + file + /20250727/c27fe16e08314431a56c3489818af64f.pem
= /www/wwwroot/file.ws/file/20250727/c27fe16e08314431a56c3489818af64f.pem
```

## 验证方法

1. **重新部署应用**
2. **查看日志输出**，确认路径构建正确：
   ```
   生产环境证书路径构建 - 上传根路径: /www/wwwroot/file.ws/
   生产环境证书路径构建 - 数据库相对路径: /20250727/c27fe16e08314431a56c3489818af64f.pem
   生产环境证书路径构建 - 完整路径: /www/wwwroot/file.ws/file/20250727/c27fe16e08314431a56c3489818af64f.pem
   ```
3. **测试微信支付功能**，确认证书加载成功

## 注意事项

1. 确保数据库中存储的证书路径格式正确（以 `/` 开头的相对路径）
2. 确保服务器上的证书文件存在于正确位置
3. 修改后需要重新编译和部署应用
4. 建议在测试环境先验证修改效果

## 相关配置

### application-prod.yml
```yaml
config:
  upload-path: /www/wwwroot/file.ws/
```

### 数据库字段示例
```sql
-- sys_payment 表中的 apiclient_key 字段应该存储类似这样的值：
-- /20250727/c27fe16e08314431a56c3489818af64f.pem
```