摘要:
A=wersd&b=sd2354&c=4&signatur=XXXXXXXXXXXXX。获得输入参数后,应根据商定的签名规则,用md5对参数字符串a=wersd&b=sd2354&c=4进行签名,然后将其与输入参数的签名值进行比较,以确认调用者是否合法。这就是接口签名验证的思想。
1、业务背景
最近接触了一些电商业务,发现在处理电商业务接口时,比如淘宝、支付类接口,接口双方为了确保数据参数在传输过程中未经过篡改,都需要对接口数据进行加签,然后在接口服务器端对接口参数进行验签,确保两个签名是一样的,验签通过之后再进行业务逻辑处理。我们这里主要介绍一下处理思路,至于签名算法我不做过多介绍,网上一大堆。
2、处理思路
双方约定好,参数按特定顺序排列,比如按首字母的顺序排列,如url:http://xxx/xxx.do?a=wersd&b=sd2354&c=4&signature=XXXXXXXXXXXX(signature为传入的签名),等你拿到入参后,将参数串a=wersd&b=sd2354&c=4按你们约定的签名规则,自己用md5加签一次,然后和入参的signature值对比,以确认调用者是否合法,这就是接口签名验证的思路。
3、实例练习
接口双方经过沟通,对接口达成如下共识:
1、注意事项,主要指接口的的协议、传入参数类型、签名算法、文件格式等说明
2、下面是一个电商业务接口的真实案例,双方约定好了接口URL、业务参数、固定参数、签名以及返回数据格式
接口调用时,接口调用方代码如下(仅供参考):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 | packagecom.pcmall;importjava.io.BufferedReader; importjava.io.DataOutputStream; importjava.io.IOException; importjava.io.InputStreamReader; importjava.io.UnsupportedEncodingException; importjava.net.HttpURLConnection; importjava.net.URL; importjava.net.URLEncoder; importjava.security.MessageDigest; importjava.security.NoSuchAlgorithmException; importjava.util.ArrayList; importjava.util.Collections; importjava.util.Iterator; importjava.util.List; importjava.util.Map; importjava.util.TreeMap; publicclassAPITest { staticString TEST_URL = "待定"; staticString TEST_KEY = "待定"; staticString TEST_SEC = "待定"; publicstaticvoidmain(String[] args) throwsUnsupportedEncodingException, NoSuchAlgorithmException { String result = getResult(TEST_URL, getReqParam()); System.out.print(result); } privatestaticString getReqParam() throwsUnsupportedEncodingException, NoSuchAlgorithmException { TreeMap<String, String> req = newTreeMap<String, String>(); req.put("a", TEST_KEY); req.put("f", "json"); req.put("l", "zh_CN"); req.put("m", "zhongan.repair.query"); req.put("v", "1.0"); req.put("i", ""+ System.currentTimeMillis() / 1000); req.put("params", "{"assignNo":"TEST018"}"); req.put("s", sign(req, null, TEST_SEC)); StringBuilder param = newStringBuilder(); for(Iterator<Map.Entry<String, String>> it = req.entrySet().iterator(); it.hasNext();) { Map.Entry<String, String> e = it.next(); param.append("&").append(e.getKey()).append("=").append(URLEncoder.encode(e.getValue(), "UTF-8")); } returnparam.toString().substring(1); } privatestaticString sign(Map<String, String> paramValues, List<String> ignoreParamNames, String secret) throwsNoSuchAlgorithmException, UnsupportedEncodingException { StringBuilder sb = newStringBuilder(); List<String> paramNames = newArrayList<String>(paramValues.size()); paramNames.addAll(paramValues.keySet()); if(ignoreParamNames != null&& ignoreParamNames.size() > 0) { for(String ignoreParamName : ignoreParamNames) { paramNames.remove(ignoreParamName); } } Collections.sort(paramNames); sb.append(secret); for(String paramName : paramNames) { sb.append(paramName).append(paramValues.get(paramName)); } sb.append(secret); MessageDigest md = MessageDigest.getInstance("SHA-1"); returnbyte2hex(md.digest(sb.toString().getBytes("UTF-8"))); } privatestaticString byte2hex(byte[] bytes) { StringBuilder sign = newStringBuilder(); for(inti = 0; i < bytes.length; i++) { String hex = Integer.toHexString(bytes[i] & 0xFF); if(hex.length() == 1) { sign.append("0"); } sign.append(hex.toUpperCase()); } returnsign.toString(); } privatestaticString getResult(String urlStr, String content) { URL url = null; HttpURLConnection connection = null; try{ url = newURL(urlStr); connection = (HttpURLConnection) url.openConnection(); connection.setDoOutput(true); connection.setDoInput(true); connection.setRequestMethod("POST"); connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded;charset=UTF-8"); connection.setUseCaches(false); connection.connect(); DataOutputStream out = newDataOutputStream(connection.getOutputStream()); out.write(content.getBytes("UTF-8")); out.flush(); out.close(); BufferedReader reader = newBufferedReader(newInputStreamReader(connection.getInputStream(), "UTF-8")); StringBuffer buffer = newStringBuffer(); String line = ""; while((line = reader.readLine()) != null) { buffer.append(line); } reader.close(); returnbuffer.toString(); } catch(IOException e) { e.printStackTrace(); } finally{ if(connection != null) { connection.disconnect(); } } returnnull; } } |
服务器端代码如下(仅供参考):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 | @RequestMapping("/repairTakeOrder") @ResponseBody publicResponseVO repairTakeOrder(@RequestBodyString jsonStr) { logger.info("repairTakeOrder入参:"+ jsonStr); ResponseVO responseVO = null; try{ RepairOrder repairOrder = JackJsonUtil.toBean(jsonStr, RepairOrder.class); TreeMap<String, String> paramsMap = newTreeMap<String, String>(); paramsMap.put("gsxx01", repairOrder.getGsxx01()); paramsMap.put("orderType", repairOrder.getOrderType().toString()); paramsMap.put("serviceNo", repairOrder.getServiceNo()); paramsMap.put("vipCard", repairOrder.getVipCard()); paramsMap.put("customerName", repairOrder.getCustomerName()); paramsMap.put("customerPhone", repairOrder.getCustomerPhone()); paramsMap.put("customerTel", repairOrder.getCustomerTel()); paramsMap.put("province", repairOrder.getProvince()); paramsMap.put("city", repairOrder.getCity()); paramsMap.put("county", repairOrder.getCounty()); paramsMap.put("address", repairOrder.getAddress()); paramsMap.put("salerCode", repairOrder.getSalerCode()); paramsMap.put("salerName", repairOrder.getSalerName()); paramsMap.put("storeCode", repairOrder.getStoreCode()); paramsMap.put("storeName", repairOrder.getStoreName()); paramsMap.put("site", repairOrder.getSite()); paramsMap.put("siteDesp", repairOrder.getSiteDesp()); paramsMap.put("engineerCode", repairOrder.getEngineerCode()); paramsMap.put("engineerName", repairOrder.getEngineerName()); if(repairOrder.getServiceDate() != null) { paramsMap.put("serviceDate", DateUtils.formatDate(repairOrder.getServiceDate())); } if(repairOrder.getSalePrice() != null) { paramsMap.put("salePrice", repairOrder.getSalePrice() .toString()); } paramsMap.put("profitCenter", repairOrder.getProfitCenter()); paramsMap.put("costCenter", repairOrder.getCostCenter()); paramsMap.put("gsxx02", repairOrder.getGsxx02()); paramsMap.put("returnReason", repairOrder.getReturnReason()); if(repairOrder.getOriOrder() != null) { paramsMap.put("oriOrder", repairOrder.getOriOrder().toString()); } if(repairOrder.getOriServiceNo() != null) { paramsMap.put("oriServiceNo", repairOrder.getOriServiceNo()); } // 拼接签名原串(a=1&b=2) String paramSrc = RequestUtils.getParamSrc(paramsMap); logger.info("签名原串:"+ paramSrc); //进行验签操作 if(SignUtils.verifymd5(paramSrc, repairOrder.getSign())) { //处理业务逻辑 responseVO=erpServiceImpl.repairTakeOrder(repairOrder); } else{ responseVO = newResponseVO(); responseVO.setSuccess(false); responseVO.setErrorMsg("验签失败"); } } catch(Exception e) { logger.error("", e); responseVO = newResponseVO(); responseVO.setSuccess(false); responseVO.setErrorMsg(StringUtils.isNotBlank(e.getMessage()) ? e.getMessage() : "后台异常"); } returnresponseVO; } |
以上这篇Java Http接口加签、验签操作方法就是小编分享给大家的全部内容了,希望能给大家一个参考,也希望大家多多支持脚本之家。