• Java Http接口加签、验签操作方法


    1、业务背景

    最近接触了一些电商业务,发现在处理电商业务接口时,比如淘宝、支付类接口,接口双方为了确保数据参数在传输过程中未经过篡改,都需要对接口数据进行加签,然后在接口服务器端对接口参数进行验签,确保两个签名是一样的,验签通过之后再进行业务逻辑处理。我们这里主要介绍一下处理思路,至于签名算法我不做过多介绍,网上一大堆。

    2、处理思路

    双方约定好,参数按特定顺序排列,比如按首字母的顺序排列,如url:http://xxx/xxx.do?a=wersd&b=sd2354&c=4&signature=XXXXXXXXXXXX(signature为传入的签名),等你拿到入参后,将参数串a=wersd&b=sd2354&c=4按你们约定的签名规则,自己用md5加签一次,然后和入参的signature值对比,以确认调用者是否合法,这就是接口签名验证的思路。

    3、实例练习

    接口双方经过沟通,对接口达成如下共识:

    1、注意事项,主要指接口的的协议、传入参数类型、签名算法、文件格式等说明

    2、下面是一个电商业务接口的真实案例,双方约定好了接口URL、业务参数、固定参数、签名以及返回数据格式

    接口调用时,接口调用方代码如下(仅供参考):
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    87
    88
    89
    90
    91
    92
    93
    94
    95
    96
    97
    98
    99
    100
    101
    102
    103
    104
    105
    106
    107
    108
    109
    110
    111
    112
    113
    114
    115
    116
    117
    118
    119
    120
    121
    122
    package com.pcmall;
     
    import java.io.BufferedReader;                 
    import java.io.DataOutputStream;                   
    import java.io.IOException;                
    import java.io.InputStreamReader;                  
    import java.io.UnsupportedEncodingException;                   
    import java.net.HttpURLConnection;                 
    import java.net.URL;                   
    import java.net.URLEncoder;                
    import java.security.MessageDigest;                
    import java.security.NoSuchAlgorithmException;                 
    import java.util.ArrayList;                
    import java.util.Collections;                  
    import java.util.Iterator;                 
    import java.util.List;                 
    import java.util.Map;                  
    import java.util.TreeMap;
                         
    public class APITest {                 
      static String TEST_URL = "待定";                   
      static String TEST_KEY = "待定";                   
      static String TEST_SEC = "待定";                   
                         
      public static void main(String[] args) throws UnsupportedEncodingException, NoSuchAlgorithmException {                   
        String result = getResult(TEST_URL, getReqParam());                
        System.out.print(result);                  
      }                
                         
      private static String getReqParam() throws UnsupportedEncodingException, NoSuchAlgorithmException {                  
        TreeMap<String, String> req = new TreeMap<String, String>();           
        req.put("a", TEST_KEY);                
        req.put("f", "json");                  
        req.put("l", "zh_CN");                 
        req.put("m", "zhongan.repair.query");                  
        req.put("v", "1.0");                   
        req.put("i", "" + System.currentTimeMillis() / 1000);                  
        req.put("params", "{"assignNo":"TEST018"}");                   
        req.put("s", sign(req, null, TEST_SEC));                   
                             
        StringBuilder param = new StringBuilder();                 
        for (Iterator<Map.Entry<String, String>> it = req.entrySet().iterator(); it.hasNext();) {                  
          Map.Entry<String, String> e = it.next();                   
          param.append("&").append(e.getKey()).append("=").append(URLEncoder.encode(e.getValue(), "UTF-8"));                   
        }                  
                             
        return param.toString().substring(1);                  
      }                
                         
      private static String sign(Map<String, String> paramValues, List<String> ignoreParamNames, String secret) throws NoSuchAlgorithmException, UnsupportedEncodingException {                
        StringBuilder sb = new StringBuilder();                
        List<String> paramNames = new ArrayList<String>(paramValues.size());                   
        paramNames.addAll(paramValues.keySet());                   
        if (ignoreParamNames != null && ignoreParamNames.size() > 0) {                  
          for (String ignoreParamName : ignoreParamNames) {                
            paramNames.remove(ignoreParamName);                
          }                
        }                  
        Collections.sort(paramNames);                  
                             
        sb.append(secret);                 
        for (String paramName : paramNames) {                  
          sb.append(paramName).append(paramValues.get(paramName));                 
        }                  
        sb.append(secret);                 
                         
        MessageDigest md = MessageDigest.getInstance("SHA-1");                 
        return byte2hex(md.digest(sb.toString().getBytes("UTF-8")));                   
      }                
                         
      private static String byte2hex(byte[] bytes) {                   
        StringBuilder sign = new StringBuilder();                  
        for (int i = 0; i < bytes.length; i++) {                
          String hex = Integer.toHexString(bytes[i] & 0xFF);                   
          if (hex.length() == 1) {                 
            sign.append("0");                  
          }                
          sign.append(hex.toUpperCase());                  
        }                  
        return sign.toString();                
      }                
                         
      private static String getResult(String urlStr, String content) {                 
        URL url = null;                
        HttpURLConnection connection = null;                   
        try {                  
          url = new URL(urlStr);                   
          connection = (HttpURLConnection) url.openConnection();                   
          connection.setDoOutput(true);                
          connection.setDoInput(true);                 
          connection.setRequestMethod("POST");                 
          connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded;charset=UTF-8");                
          connection.setUseCaches(false);                  
          connection.connect();                
                             
          DataOutputStream out = new DataOutputStream(connection.getOutputStream());                   
          out.write(content.getBytes("UTF-8"));                
          out.flush();                 
          out.close();                 
                             
          BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream(), "UTF-8"));                 
          StringBuffer buffer = new StringBuffer();                
          String line = "";                
          while ((line = reader.readLine()) != null) {                 
            buffer.append(line);                   
          }                
          reader.close();                  
                         
          return buffer.toString();                
        } catch (IOException e) {                  
          e.printStackTrace();                 
        } finally {                
          if (connection != null) {                
            connection.disconnect();                   
          }                
        }                  
                             
        return null;                   
      }
       
       
    }

    服务器端代码如下(仅供参考):

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    @RequestMapping("/repairTakeOrder")
        @ResponseBody
        public ResponseVO repairTakeOrder(@RequestBody String jsonStr) {
            logger.info("repairTakeOrder入参:" + jsonStr);
     
            ResponseVO responseVO = null;
            try {
                RepairOrder repairOrder = JackJsonUtil.toBean(jsonStr,
                        RepairOrder.class);
                TreeMap<String, String> paramsMap = new TreeMap<String, String>();
                paramsMap.put("gsxx01", repairOrder.getGsxx01());
                paramsMap.put("orderType", repairOrder.getOrderType().toString());
                paramsMap.put("serviceNo", repairOrder.getServiceNo());
                paramsMap.put("vipCard", repairOrder.getVipCard());
                paramsMap.put("customerName", repairOrder.getCustomerName());
                paramsMap.put("customerPhone", repairOrder.getCustomerPhone());
                paramsMap.put("customerTel", repairOrder.getCustomerTel());
                paramsMap.put("province", repairOrder.getProvince());
                paramsMap.put("city", repairOrder.getCity());
                paramsMap.put("county", repairOrder.getCounty());
                paramsMap.put("address", repairOrder.getAddress());
                paramsMap.put("salerCode", repairOrder.getSalerCode());
                paramsMap.put("salerName", repairOrder.getSalerName());
                paramsMap.put("storeCode", repairOrder.getStoreCode());
                paramsMap.put("storeName", repairOrder.getStoreName());
                paramsMap.put("site", repairOrder.getSite());
     
                paramsMap.put("siteDesp", repairOrder.getSiteDesp());
                paramsMap.put("engineerCode", repairOrder.getEngineerCode());
                paramsMap.put("engineerName", repairOrder.getEngineerName());
                if (repairOrder.getServiceDate() != null) {
                    paramsMap.put("serviceDate",
                            DateUtils.formatDate(repairOrder.getServiceDate()));
                }
     
                if (repairOrder.getSalePrice() != null) {
                    paramsMap.put("salePrice", repairOrder.getSalePrice()
                            .toString());
                }
     
                paramsMap.put("profitCenter", repairOrder.getProfitCenter());
                paramsMap.put("costCenter", repairOrder.getCostCenter());
                paramsMap.put("gsxx02", repairOrder.getGsxx02());
                paramsMap.put("returnReason", repairOrder.getReturnReason());
                if (repairOrder.getOriOrder() != null) {
                    paramsMap.put("oriOrder", repairOrder.getOriOrder().toString());
                }
     
                if (repairOrder.getOriServiceNo() != null) {
                    paramsMap.put("oriServiceNo", repairOrder.getOriServiceNo());
                }
     
                // 拼接签名原串(a=1&b=2)
                String paramSrc = RequestUtils.getParamSrc(paramsMap);
                logger.info("签名原串:" + paramSrc);
                //进行验签操作
                if (SignUtils.verifymd5(paramSrc, repairOrder.getSign())) {
                    //处理业务逻辑
                    responseVO=erpServiceImpl.repairTakeOrder(repairOrder);
                     
                } else {
                    responseVO = new ResponseVO();
                    responseVO.setSuccess(false);
                    responseVO.setErrorMsg("验签失败");
                }
     
            } catch (Exception e) {
                logger.error("", e);
                responseVO = new ResponseVO();
                responseVO.setSuccess(false);
                responseVO.setErrorMsg(StringUtils.isNotBlank(e.getMessage()) ? e.getMessage() : "后台异常");
            }
            return responseVO;
     
        }

    以上这篇Java Http接口加签、验签操作方法就是小编分享给大家的全部内容了,希望能给大家一个参考,也希望大家多多支持脚本之家。

  • 相关阅读:
    将文献的bibtex引用格式批量转换为bibitem格式参考文献
    ubuntu下webbench作网站压力测试教程【webbench安装】
    Windows10安装虚拟机VMware并且安装ubuntu16系统
    ubuntu 16.04系统下解决MySQL 的root用户重置密码问题
    elementui 中 日期时间插件 结束时间大于开始时间
    SqlDbType 与 .Net 数据类型对照表
    可用的datatable转换成List<T>
    【beyond compare4 秘钥】亲测4.1.6可用
    winform 自定义控件圆按钮插件
    net framework 4.0 wcf发布到IIS
  • 原文地址:https://www.cnblogs.com/wuer888/p/7890711.html
Copyright © 2020-2023  润新知