微信支付上线遇到的nss问题 （openjdk引起的祸）

前段时间在做微信支付服务，和微信相关的app id，商户信息都用的是我自己的，没什么问题。

要切到公司的生产环境，遇到的首个问题就是，打的war包启动不起来了， 后来发现公司的服务器安装的是jdk1.7的版本。而我本地的开发环境是1.8。（/擦汗）

果断的把

<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>

改为

<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
</configuration>
</plugin>

修改少许的代码。

重新上包。

OK 启动了， 在预下单的时候抛出java.security.ProviderException: java.security.KeyException异常

17:00:16.359 [pool-4-thread-1] 146 INFO  wxpay java sdk - get first report msg: v0,wxpay java sdk v1.0,708970befbd24aaea59332a13dad8aad,1505379616,45,api.mch.weixin.qq.com,true,2000,10000,0,0,0,5E491E9F5190A8F9F65FE6488E4303AD454FB082F48EEAA82E8EEBD3D4B81090
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1916)
17:00:16.360 [pool-4-thread-1] 151 INFO  wxpay java sdk - try get remain report msg
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1874)
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1857)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1378)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141)
at org.apache.http.impl.conn.BasicHttpClientConnectionManager.connect(BasicHttpClientConnectionManager.java:338)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
at com.shihou.module.pay.util.WXPay.WXPayRequest.requestOnce(WXPayRequest.java:126)
at com.shihou.module.pay.util.WXPay.WXPayRequest.request(WXPayRequest.java:144)
at com.shihou.module.pay.util.WXPay.WXPayRequest.requestWithoutCert(WXPayRequest.java:236)
at com.shihou.module.pay.service.WXPay.WechatService.prepayId(WechatService.java:63)
at com.shihou.module.pay.servlet.GetQRCodeServlet.wechat(GetQRCodeServlet.java:89)
at com.shihou.module.pay.servlet.GetQRCodeServlet.processPost(GetQRCodeServlet.java:38)
at com.shihou.module.pay.servlet.GetQRCodeServlet.processPost(GetQRCodeServlet.java:24)
at com.shihou.module.pay.servlet.base.BaseReturnJsonServlet.doPost(BaseReturnJsonServlet.java:37)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
at com.shihou.module.pay.servlet.base.BaseReturnJsonServlet.service(BaseReturnJsonServlet.java:28)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:745)

Caused by: java.security.ProviderException: java.security.KeyException
at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:146)
at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:704)
at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:78)
at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:717)

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:278)  at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:278)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:849)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1035)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371)
... 50 more
Caused by: java.security.KeyException

at sun.security.ec.ECKeyPairGenerator.generateECKeyPair(Native Method)
at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:126)
... 59 more ... 59 more

google说是nss的问题， 这种问题的解决办法呢有一下几种：（还有其他的环境留言）

1. yum install nss.x86_64     下载最新的nss版本
2.${jre_home}/lib/security/java.security             默认在/usr/lib/jvm/jre
打开10的支持：security.provider.10=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg
3.安装sun公司的jdk将openjdk覆盖掉

首先试了第二中解决方案，发现上述错误是不报了， 但是又报了ssl的错误。

这 ，，，，，

算了还是还原第二种方法，直接用第三种。

果断到官网下载jdk8。果断安装！果断测试！果断可以！

然，微信给我返回

{return_msg=签名错误, return_code=FAIL}

/笑哭 。。 到微信验证签名的网页验证了一下，没错啊！好了问题就是出在了key上。

好吧，等去泰国回来的产品经理和出差的另一个部门的老大回来，在上线吧！

具体原因：

实际上，Oracle JDK的构建过程由OpenJDK源代码构建，但还是两个不同的项目，所以极有可能是授权协议的不同引起的。

参考文章：https://www.bbsmax.com/A/Ae5RoNDAdQ/