From 4d4294707bf76596918be0b15b85191939bd7c51 Mon Sep 17 00:00:00 2001
From: Copilot <198982749+Copilot@users.noreply.github.com>
Date: Sat, 15 Nov 2025 16:52:49 +0800
Subject: [PATCH] =?UTF-8?q?:art:=20#3728=20=E3=80=90=E5=BE=AE=E4=BF=A1?=
 =?UTF-8?q?=E6=94=AF=E4=BB=98=E3=80=91=E4=BF=AE=E5=A4=8DV3=E6=94=AF?=
 =?UTF-8?q?=E4=BB=98=E5=85=AC=E9=92=A5=E8=BD=AC=E8=B4=A6=E5=87=BA=E7=8E=B0?=
 =?UTF-8?q?=E7=9A=84=E7=AD=BE=E5=90=8D=E9=AA=8C=E8=AF=81=E5=A4=B1=E8=B4=A5?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../wxpay/v3/auth/PublicCertificateVerifier.java       | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/PublicCertificateVerifier.java b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/PublicCertificateVerifier.java
index 8c9c4f356..ac1dfbca6 100644
--- a/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/PublicCertificateVerifier.java
+++ b/weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/PublicCertificateVerifier.java
@@ -24,9 +24,17 @@ public class PublicCertificateVerifier implements Verifier{
 
     @Override
     public boolean verify(String serialNumber, byte[] message, String signature) {
+        // 如果序列号不包含"PUB_KEY_ID"且有证书验证器，先尝试证书验证
         if (!serialNumber.contains("PUB_KEY_ID") && this.certificateVerifier != null) {
-            return this.certificateVerifier.verify(serialNumber, message, signature);
+            try {
+                if (this.certificateVerifier.verify(serialNumber, message, signature)) {
+                    return true;
+                }
+            } catch (Exception e) {
+                // 证书验证失败，继续尝试公钥验证
+            }
         }
+        // 使用公钥验证（兜底方案，适用于公钥转账等场景）
         try {
             Signature sign = Signature.getInstance("SHA256withRSA");
             sign.initVerify(publicKey);