服务器之家:专注于服务器技术及软件下载分享
分类导航

PHP教程|ASP.NET教程|JAVA教程|ASP教程|编程技术|正则表达式|

服务器之家 - 编程语言 - JAVA教程 - Java Http接口加签、验签操作方法

Java Http接口加签、验签操作方法

2020-07-07 13:17jingxian JAVA教程

下面小编就为大家带来一篇Java Http接口加签、验签操作方法。小编觉得挺不错的,现在就分享给大家,也给大家做个参考。一起跟随小编过来看看吧

1、业务背景

最近接触了一些电商业务,发现在处理电商业务接口时,比如淘宝、支付类接口,接口双方为了确保数据参数在传输过程中未经过篡改,都需要对接口数据进行加签,然后在接口服务器端对接口参数进行验签,确保两个签名是一样的,验签通过之后再进行业务逻辑处理。我们这里主要介绍一下处理思路,至于签名算法我不做过多介绍,网上一大堆。

2、处理思路

双方约定好,参数按特定顺序排列,比如按首字母的顺序排列,如url:http://xxx/xxx.do?a=wersd&b=sd2354&c=4&signature=XXXXXXXXXXXX(signature为传入的签名),等你拿到入参后,将参数串a=wersd&b=sd2354&c=4按你们约定的签名规则,自己用md5加签一次,然后和入参的signature值对比,以确认调用者是否合法,这就是接口签名验证的思路。

3、实例练习

接口双方经过沟通,对接口达成如下共识:

1、注意事项,主要指接口的的协议、传入参数类型、签名算法、文件格式等说明

Java Http接口加签、验签操作方法

2、下面是一个电商业务接口的真实案例,双方约定好了接口URL、业务参数、固定参数、签名以及返回数据格式

Java Http接口加签、验签操作方法

Java Http接口加签、验签操作方法

接口调用时,接口调用方代码如下(仅供参考):
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package com.pcmall;
 
import java.io.BufferedReader;                 
import java.io.DataOutputStream;                   
import java.io.IOException;                
import java.io.InputStreamReader;                  
import java.io.UnsupportedEncodingException;                   
import java.net.HttpURLConnection;                 
import java.net.URL;                   
import java.net.URLEncoder;                
import java.security.MessageDigest;                
import java.security.NoSuchAlgorithmException;                 
import java.util.ArrayList;                
import java.util.Collections;                  
import java.util.Iterator;                 
import java.util.List;                 
import java.util.Map;                  
import java.util.TreeMap;
                    
public class APITest {                 
  static String TEST_URL = "待定";                   
  static String TEST_KEY = "待定";                   
  static String TEST_SEC = "待定";                   
                    
  public static void main(String[] args) throws UnsupportedEncodingException, NoSuchAlgorithmException {                   
    String result = getResult(TEST_URL, getReqParam());                
    System.out.print(result);                  
  }                
                    
  private static String getReqParam() throws UnsupportedEncodingException, NoSuchAlgorithmException {                  
    TreeMap<String, String> req = new TreeMap<String, String>();           
    req.put("a", TEST_KEY);                
    req.put("f", "json");                  
    req.put("l", "zh_CN");                 
    req.put("m", "zhongan.repair.query");                  
    req.put("v", "1.0");                   
    req.put("i", "" + System.currentTimeMillis() / 1000);                  
    req.put("params", "{\"assignNo\":\"TEST018\"}");                   
    req.put("s", sign(req, null, TEST_SEC));                   
                        
    StringBuilder param = new StringBuilder();                 
    for (Iterator<Map.Entry<String, String>> it = req.entrySet().iterator(); it.hasNext();) {                  
      Map.Entry<String, String> e = it.next();                   
      param.append("&").append(e.getKey()).append("=").append(URLEncoder.encode(e.getValue(), "UTF-8"));                   
    }                  
                        
    return param.toString().substring(1);                  
  }                
                    
  private static String sign(Map<String, String> paramValues, List<String> ignoreParamNames, String secret) throws NoSuchAlgorithmException, UnsupportedEncodingException {                
    StringBuilder sb = new StringBuilder();                
    List<String> paramNames = new ArrayList<String>(paramValues.size());                   
    paramNames.addAll(paramValues.keySet());                   
    if (ignoreParamNames != null && ignoreParamNames.size() > 0) {                  
      for (String ignoreParamName : ignoreParamNames) {                
        paramNames.remove(ignoreParamName);                
      }                
    }                  
    Collections.sort(paramNames);                  
                        
    sb.append(secret);                 
    for (String paramName : paramNames) {                  
      sb.append(paramName).append(paramValues.get(paramName));                 
    }                  
    sb.append(secret);                 
                    
    MessageDigest md = MessageDigest.getInstance("SHA-1");                 
    return byte2hex(md.digest(sb.toString().getBytes("UTF-8")));                   
  }                
                    
  private static String byte2hex(byte[] bytes) {                   
    StringBuilder sign = new StringBuilder();                  
    for (int i = 0; i < bytes.length; i++) {                
      String hex = Integer.toHexString(bytes[i] & 0xFF);                   
      if (hex.length() == 1) {                 
        sign.append("0");                  
      }                
      sign.append(hex.toUpperCase());                  
    }                  
    return sign.toString();                
  }                
                    
  private static String getResult(String urlStr, String content) {                 
    URL url = null;                
    HttpURLConnection connection = null;                   
    try {                  
      url = new URL(urlStr);                   
      connection = (HttpURLConnection) url.openConnection();                   
      connection.setDoOutput(true);                
      connection.setDoInput(true);                 
      connection.setRequestMethod("POST");                 
      connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded;charset=UTF-8");                
      connection.setUseCaches(false);                  
      connection.connect();                
                        
      DataOutputStream out = new DataOutputStream(connection.getOutputStream());                   
      out.write(content.getBytes("UTF-8"));                
      out.flush();                 
      out.close();                 
                        
      BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream(), "UTF-8"));                 
      StringBuffer buffer = new StringBuffer();                
      String line = "";                
      while ((line = reader.readLine()) != null) {                 
        buffer.append(line);                   
      }                
      reader.close();                  
                    
      return buffer.toString();                
    } catch (IOException e) {                  
      e.printStackTrace();                 
    } finally {                
      if (connection != null) {                
        connection.disconnect();                   
      }                
    }                  
                        
    return null;                   
  }
  
  
}

服务器端代码如下(仅供参考):

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
@RequestMapping("/repairTakeOrder")
    @ResponseBody
    public ResponseVO repairTakeOrder(@RequestBody String jsonStr) {
        logger.info("repairTakeOrder入参:" + jsonStr);
 
        ResponseVO responseVO = null;
        try {
            RepairOrder repairOrder = JackJsonUtil.toBean(jsonStr,
                    RepairOrder.class);
            TreeMap<String, String> paramsMap = new TreeMap<String, String>();
            paramsMap.put("gsxx01", repairOrder.getGsxx01());
            paramsMap.put("orderType", repairOrder.getOrderType().toString());
            paramsMap.put("serviceNo", repairOrder.getServiceNo());
            paramsMap.put("vipCard", repairOrder.getVipCard());
            paramsMap.put("customerName", repairOrder.getCustomerName());
            paramsMap.put("customerPhone", repairOrder.getCustomerPhone());
            paramsMap.put("customerTel", repairOrder.getCustomerTel());
            paramsMap.put("province", repairOrder.getProvince());
            paramsMap.put("city", repairOrder.getCity());
            paramsMap.put("county", repairOrder.getCounty());
            paramsMap.put("address", repairOrder.getAddress());
            paramsMap.put("salerCode", repairOrder.getSalerCode());
            paramsMap.put("salerName", repairOrder.getSalerName());
            paramsMap.put("storeCode", repairOrder.getStoreCode());
            paramsMap.put("storeName", repairOrder.getStoreName());
            paramsMap.put("site", repairOrder.getSite());
 
            paramsMap.put("siteDesp", repairOrder.getSiteDesp());
            paramsMap.put("engineerCode", repairOrder.getEngineerCode());
            paramsMap.put("engineerName", repairOrder.getEngineerName());
            if (repairOrder.getServiceDate() != null) {
                paramsMap.put("serviceDate",
                        DateUtils.formatDate(repairOrder.getServiceDate()));
            }
 
            if (repairOrder.getSalePrice() != null) {
                paramsMap.put("salePrice", repairOrder.getSalePrice()
                        .toString());
            }
 
            paramsMap.put("profitCenter", repairOrder.getProfitCenter());
            paramsMap.put("costCenter", repairOrder.getCostCenter());
            paramsMap.put("gsxx02", repairOrder.getGsxx02());
            paramsMap.put("returnReason", repairOrder.getReturnReason());
            if (repairOrder.getOriOrder() != null) {
                paramsMap.put("oriOrder", repairOrder.getOriOrder().toString());
            }
 
            if (repairOrder.getOriServiceNo() != null) {
                paramsMap.put("oriServiceNo", repairOrder.getOriServiceNo());
            }
 
            // 拼接签名原串(a=1&b=2)
            String paramSrc = RequestUtils.getParamSrc(paramsMap);
            logger.info("签名原串:" + paramSrc);
            //进行验签操作
            if (SignUtils.verifymd5(paramSrc, repairOrder.getSign())) {
                //处理业务逻辑
                responseVO=erpServiceImpl.repairTakeOrder(repairOrder);
                
            } else {
                responseVO = new ResponseVO();
                responseVO.setSuccess(false);
                responseVO.setErrorMsg("验签失败");
            }
 
        } catch (Exception e) {
            logger.error("", e);
            responseVO = new ResponseVO();
            responseVO.setSuccess(false);
            responseVO.setErrorMsg(StringUtils.isNotBlank(e.getMessage()) ? e.getMessage() : "后台异常");
        }
        return responseVO;
 
    }

以上这篇Java Http接口加签、验签操作方法就是小编分享给大家的全部内容了,希望能给大家一个参考,也希望大家多多支持服务器之家。

  • Java
  • HTTP
  • 接口
  • 加签
  • 验签

    • 延伸 · 阅读

    精彩推荐
    最近更新
    编辑推荐
    阅读排行
    热门标签
    501   2000   1433   415   内存卡   随机抽取   选择排序法   对象池模式   子线程   下载器   十六进制字符   响应   静态工厂   构造函数   swt   Overview   短信猫   作业调度   空心菱形   htmlparser   支票   金额大写转换   终止循环体   AspectJ   面向切面编程   方法名   网址信息   动态代理模式   线程安全   验签  
    © 2019-2020 服务器之家 版权所有 www.zzvips.com 关于我们联系我们版权申明网站地图