碼上快樂

相關內容    簡體    繁體

Java Http接口加簽、驗簽操作方法

本文轉載自   查看原文   2017-11-24 15:09   8903    java

1、業務背景

最近接觸了一些電商業務,發現在處理電商業務接口時,比如淘寶、支付類接口,接口雙方為了確保數據參數在傳輸過程中未經過篡改,都需要對接口數據進行加簽,然后在接口服務器端對接口參數進行驗簽,確保兩個簽名是一樣的,驗簽通過之后再進行業務邏輯處理。我們這里主要介紹一下處理思路,至於簽名算法我不做過多介紹,網上一大堆。

2、處理思路

雙方約定好,參數按特定順序排列,比如按首字母的順序排列,如url:http://xxx/xxx.do?a=wersd&b=sd2354&c=4&signature=XXXXXXXXXXXX(signature為傳入的簽名),等你拿到入參后,將參數串a=wersd&b=sd2354&c=4按你們約定的簽名規則,自己用md5加簽一次,然后和入參的signature值對比,以確認調用者是否合法,這就是接口簽名驗證的思路。

3、實例練習

接口雙方經過溝通,對接口達成如下共識:

1、注意事項,主要指接口的的協議、傳入參數類型、簽名算法、文件格式等說明

2、下面是一個電商業務接口的真實案例,雙方約定好了接口URL、業務參數、固定參數、簽名以及返回數據格式

接口調用時,接口調用方代碼如下(僅供參考):
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package com.pcmall;
 
import java.io.BufferedReader;                 
import java.io.DataOutputStream;                   
import java.io.IOException;                
import java.io.InputStreamReader;                  
import java.io.UnsupportedEncodingException;                   
import java.net.HttpURLConnection;                 
import java.net.URL;                   
import java.net.URLEncoder;                
import java.security.MessageDigest;                
import java.security.NoSuchAlgorithmException;                 
import java.util.ArrayList;                
import java.util.Collections;                  
import java.util.Iterator;                 
import java.util.List;                 
import java.util.Map;                  
import java.util.TreeMap;
                     
public class APITest {                 
   static String TEST_URL = "待定" ;                   
   static String TEST_KEY = "待定" ;                   
   static String TEST_SEC = "待定" ;                   
                     
   public static void main(String[] args) throws UnsupportedEncodingException, NoSuchAlgorithmException {                   
     String result = getResult(TEST_URL, getReqParam());                
     System.out.print(result);                  
   }                
                     
   private static String getReqParam() throws UnsupportedEncodingException, NoSuchAlgorithmException {                  
     TreeMap<String, String> req = new TreeMap<String, String>();           
     req.put( "a" , TEST_KEY);                
     req.put( "f" , "json" );                  
     req.put( "l" , "zh_CN" );                 
     req.put( "m" , "zhongan.repair.query" );                  
     req.put( "v" , "1.0" );                   
     req.put( "i" , "" + System.currentTimeMillis() / 1000 );                  
     req.put( "params" , "{\"assignNo\":\"TEST018\"}" );                   
     req.put( "s" , sign(req, null , TEST_SEC));                   
                         
     StringBuilder param = new StringBuilder();                 
     for (Iterator<Map.Entry<String, String>> it = req.entrySet().iterator(); it.hasNext();) {                  
       Map.Entry<String, String> e = it.next();                   
       param.append( "&" ).append(e.getKey()).append( "=" ).append(URLEncoder.encode(e.getValue(), "UTF-8" ));                   
     }                  
                         
     return param.toString().substring( 1 );                  
   }                
                     
   private static String sign(Map<String, String> paramValues, List<String> ignoreParamNames, String secret) throws NoSuchAlgorithmException, UnsupportedEncodingException {                
     StringBuilder sb = new StringBuilder();                
     List<String> paramNames = new ArrayList<String>(paramValues.size());                   
     paramNames.addAll(paramValues.keySet());                   
     if (ignoreParamNames != null && ignoreParamNames.size() > 0 ) {                  
       for (String ignoreParamName : ignoreParamNames) {                
         paramNames.remove(ignoreParamName);                
       }                
     }                  
     Collections.sort(paramNames);                  
                         
     sb.append(secret);                 
     for (String paramName : paramNames) {                  
       sb.append(paramName).append(paramValues.get(paramName));                 
     }                  
     sb.append(secret);                 
                     
     MessageDigest md = MessageDigest.getInstance( "SHA-1" );                 
     return byte2hex(md.digest(sb.toString().getBytes( "UTF-8" )));                   
   }                
                     
   private static String byte2hex( byte [] bytes) {                   
     StringBuilder sign = new StringBuilder();                  
     for ( int i = 0 ; i < bytes.length; i++) {                
       String hex = Integer.toHexString(bytes[i] & 0xFF );                   
       if (hex.length() == 1 ) {                 
         sign.append( "0" );                  
       }                
       sign.append(hex.toUpperCase());                  
     }                  
     return sign.toString();                
   }                
                     
   private static String getResult(String urlStr, String content) {                 
     URL url = null ;                
     HttpURLConnection connection = null ;                   
     try {                  
       url = new URL(urlStr);                   
       connection = (HttpURLConnection) url.openConnection();                   
       connection.setDoOutput( true );                
       connection.setDoInput( true );                 
       connection.setRequestMethod( "POST" );                 
       connection.setRequestProperty( "Content-Type" , "application/x-www-form-urlencoded;charset=UTF-8" );                
       connection.setUseCaches( false );                  
       connection.connect();                
                         
       DataOutputStream out = new DataOutputStream(connection.getOutputStream());                   
       out.write(content.getBytes( "UTF-8" ));                
       out.flush();                 
       out.close();                 
                         
       BufferedReader reader = new BufferedReader( new InputStreamReader(connection.getInputStream(), "UTF-8" ));                 
       StringBuffer buffer = new StringBuffer();                
       String line = "" ;                
       while ((line = reader.readLine()) != null ) {                 
         buffer.append(line);                   
       }                
       reader.close();                  
                     
       return buffer.toString();                
     } catch (IOException e) {                  
       e.printStackTrace();                 
     } finally {                
       if (connection != null ) {                
         connection.disconnect();                   
       }                
     }                  
                         
     return null ;                   
   }
   
   
}

服務器端代碼如下(僅供參考):

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
@RequestMapping ( "/repairTakeOrder" )
     @ResponseBody
     public ResponseVO repairTakeOrder( @RequestBody String jsonStr) {
         logger.info( "repairTakeOrder入參:" + jsonStr);
 
         ResponseVO responseVO = null ;
         try {
             RepairOrder repairOrder = JackJsonUtil.toBean(jsonStr,
                     RepairOrder. class );
             TreeMap<String, String> paramsMap = new TreeMap<String, String>();
             paramsMap.put( "gsxx01" , repairOrder.getGsxx01());
             paramsMap.put( "orderType" , repairOrder.getOrderType().toString());
             paramsMap.put( "serviceNo" , repairOrder.getServiceNo());
             paramsMap.put( "vipCard" , repairOrder.getVipCard());
             paramsMap.put( "customerName" , repairOrder.getCustomerName());
             paramsMap.put( "customerPhone" , repairOrder.getCustomerPhone());
             paramsMap.put( "customerTel" , repairOrder.getCustomerTel());
             paramsMap.put( "province" , repairOrder.getProvince());
             paramsMap.put( "city" , repairOrder.getCity());
             paramsMap.put( "county" , repairOrder.getCounty());
             paramsMap.put( "address" , repairOrder.getAddress());
             paramsMap.put( "salerCode" , repairOrder.getSalerCode());
             paramsMap.put( "salerName" , repairOrder.getSalerName());
             paramsMap.put( "storeCode" , repairOrder.getStoreCode());
             paramsMap.put( "storeName" , repairOrder.getStoreName());
             paramsMap.put( "site" , repairOrder.getSite());
 
             paramsMap.put( "siteDesp" , repairOrder.getSiteDesp());
             paramsMap.put( "engineerCode" , repairOrder.getEngineerCode());
             paramsMap.put( "engineerName" , repairOrder.getEngineerName());
             if (repairOrder.getServiceDate() != null ) {
                 paramsMap.put( "serviceDate" ,
                         DateUtils.formatDate(repairOrder.getServiceDate()));
             }
 
             if (repairOrder.getSalePrice() != null ) {
                 paramsMap.put( "salePrice" , repairOrder.getSalePrice()
                         .toString());
             }
 
             paramsMap.put( "profitCenter" , repairOrder.getProfitCenter());
             paramsMap.put( "costCenter" , repairOrder.getCostCenter());
             paramsMap.put( "gsxx02" , repairOrder.getGsxx02());
             paramsMap.put( "returnReason" , repairOrder.getReturnReason());
             if (repairOrder.getOriOrder() != null ) {
                 paramsMap.put( "oriOrder" , repairOrder.getOriOrder().toString());
             }
 
             if (repairOrder.getOriServiceNo() != null ) {
                 paramsMap.put( "oriServiceNo" , repairOrder.getOriServiceNo());
             }
 
             // 拼接簽名原串(a=1&b=2)
             String paramSrc = RequestUtils.getParamSrc(paramsMap);
             logger.info( "簽名原串:" + paramSrc);
             //進行驗簽操作
             if (SignUtils.verifymd5(paramSrc, repairOrder.getSign())) {
                 //處理業務邏輯
                 responseVO=erpServiceImpl.repairTakeOrder(repairOrder);
                 
             } else {
                 responseVO = new ResponseVO();
                 responseVO.setSuccess( false );
                 responseVO.setErrorMsg( "驗簽失敗" );
             }
 
         } catch (Exception e) {
             logger.error( "" , e);
             responseVO = new ResponseVO();
             responseVO.setSuccess( false );
             responseVO.setErrorMsg(StringUtils.isNotBlank(e.getMessage()) ? e.getMessage() : "后台異常" );
         }
         return responseVO;
 
     }

以上這篇Java Http接口加簽、驗簽操作方法就是小編分享給大家的全部內容了,希望能給大家一個參考,也希望大家多多支持腳本之家。


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 Java HTTP POST請求,接口參數加簽,驗簽的操作方法 java http接口 加簽,驗簽 Api接口加簽驗簽 對加簽驗簽的理解 java中RSA分段加解密與加簽驗簽 RSA加密,解密,加簽,驗簽 C# RSA 加簽和驗簽 RSA加密解密與加簽驗簽 rsa加解密及加簽驗簽 CA、加簽、驗簽、RSA算法
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM