🎨 #3620 【小程序】修复同城配送API签名错误问题（添加RSA私钥序列号到签名payload和请求头）

Author: Copilot

weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/api/impl/BaseWxMaServiceImpl.java

@@ -912,6 +912,10 @@ public String postWithSignature(String url, JsonObject jsonObject) throws WxErro
     String rndStr = UUID.randomUUID().toString().replace("-", "").substring(0, 30);
     String aesKey = this.getWxMaConfig().getApiSignatureAesKey();
     String aesKeySn = this.getWxMaConfig().getApiSignatureAesKeySn();
+    String rsaKeySn = this.getWxMaConfig().getApiSignatureRsaPrivateKeySn();
+    if (rsaKeySn == null || rsaKeySn.isEmpty()) {
+      throw new SecurityException("ApiSignatureRsaPrivateKeySn不能为空，请检查配置");
+    }
 
     jsonObject.addProperty("_n", rndStr);
     jsonObject.addProperty("_appid", appId);
@@ -956,7 +960,7 @@ public String postWithSignature(String url, JsonObject jsonObject) throws WxErro
       String requestJson = reqData.toString();
 
       // 计算签名 RSA
-      String payload = urlPath + "\n" + appId + "\n" + timestamp + "\n" + requestJson;
+      String payload = urlPath + "\n" + appId + "\n" + timestamp + "\n" + rsaKeySn + "\n" + requestJson;
       byte[] dataBuffer = payload.getBytes(StandardCharsets.UTF_8);
       RSAPrivateKey priKey;
       try {
@@ -985,6 +989,7 @@ public String postWithSignature(String url, JsonObject jsonObject) throws WxErro
       header.put("Wechatmp-Signature", signatureString);
       header.put("Wechatmp-Appid", appId);
       header.put("Wechatmp-TimeStamp", String.valueOf(timestamp));
+      header.put("Wechatmp-Serial", rsaKeySn);
       log.debug("发送请求uri:{}, headers:{}, postData:{}", url, header, requestJson);
       WxMaApiResponse response =
           this.execute(ApiSignaturePostRequestExecutor.create(this), url, header, requestJson);