Merge branch 'dev-pay' into test6.9.13

 package com.yohoufo.order.service.pay.weixin.ssl;
 
+import com.yoho.core.security.WechatHelper;
 import com.yohoufo.common.utils.HttpClient;
 import org.apache.http.client.config.RequestConfig;
 import org.apache.http.config.Registry;
@@ -11,65 +12,36 @@ import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
 import org.apache.http.ssl.SSLContextBuilder;
-import org.apache.http.ssl.TrustStrategy;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import javax.annotation.PostConstruct;
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLContext;
-import java.io.InputStream;
-import java.security.KeyStore;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
 
 public abstract class HttpSslClientAbstract extends HttpClient {
-	private Logger logger = LoggerFactory.getLogger(getClass());
-	
+
 	//最大总数
 	private final int sslMaxTotal = 10;
 	
 	//默认并发数
 	private final int sslDefaultMaxPerRoute = 5;
+
+	@Autowired
+	private WechatHelper wechatHelper;
+
+	protected abstract String getMchId();
 	
-	
-	protected abstract String getMchCertPath();
-	
-	protected abstract String getMchCertPassword();
 
 	@Override
 	@PostConstruct
 	public void init() throws Exception {
 		HttpClientBuilder b = HttpClientBuilder.create();
 
-    	logger.info("begin init cert for ssl: {}", getMchCertPath());
-    	
-		KeyStore keyStore  = KeyStore.getInstance("PKCS12");
-		InputStream instream = this.getClass().getResourceAsStream(getMchCertPath());
-		if(instream == null ) {
-			logger.error("failed to load cert file: {}", getMchCertPath());;
-			return;
-		}
-				
-		try {
-		    keyStore.load(instream, getMchCertPassword().toCharArray());
-		    logger.info("finish load keyStore: {}", getMchCertPassword());
-		} finally {
-		    instream.close();
-		}
-		
 		// setup a Trust Strategy that allows all certificates.
-		//
-		SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null,
-				new TrustStrategy() {
-					@Override
-					public boolean isTrusted(X509Certificate[] arg0, String arg1)
-							throws CertificateException {
-						return true;
-					}
-				})
-				.loadKeyMaterial(keyStore, getMchCertPassword().toCharArray())
-				.build();
+		SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
+		sslContextBuilder.loadTrustMaterial(null, (arg0, arg1) -> true);
+		loadKeyMaterial(sslContextBuilder);
+		SSLContext sslContext = sslContextBuilder.build();
 		b.setSSLContext(sslContext);
 
 		// don't check Hostnames, either.
@@ -112,6 +84,9 @@ public abstract class HttpSslClientAbstract extends HttpClient {
 		// -- done!
 		httpClient = b.build();
 	}
-	
+
+	private void loadKeyMaterial(SSLContextBuilder sslContextBuilder) throws Exception {
+		wechatHelper.loadKeyMaterial(getMchId(), sslContextBuilder);
+	}
 	
 }

@@ -9,12 +9,7 @@ import org.springframework.stereotype.Component;
 @Component
 public class WxMiniappHttpSslClient extends HttpSslClientAbstract {
     @Override
-    protected String getMchCertPath() {
-        return WeixinPayConfig.Miniapp.APP_PARTNER_CERT;
-    }
-
-    @Override
-    protected String getMchCertPassword() {
+    protected String getMchId() {
         return WeixinPayConfig.Miniapp.MALL_ID;
     }
 }

@@ -7,12 +7,7 @@ import org.springframework.stereotype.Component;
 public class WxUFORealAppHttpSslClient extends HttpSslClientAbstract {
 
 	@Override
-	protected String getMchCertPath() {
-		return WeixinPayConfig.WECHAT_PAY_UFOREAL_APP_PARTNER_CERT;
-	}
-
-	@Override
-	protected String getMchCertPassword() {
+	protected String getMchId() {
 		return WeixinPayConfig.PARTNER_ID;
 	}