1、业务背景
最近接触了一些电商业务,发现在处理电商业务接口时,比如淘宝、支付类接口,接口双方为了确保数据参数在传输过程中未经过篡改,都需要对接口数据进行加签,然后在接口服务器端对接口参数进行验签,确保两个签名是一样的,验签通过之后再进行业务逻辑处理。我们这里主要介绍一下处理思路,至于签名算法我不做过多介绍,网上一大堆。
2、处理思路
双方约定好,参数按特定顺序排列,比如按首字母的顺序排列,如url:http://xxx/xxx.do?a=wersd&b=sd2354&c=4&signature=xxxxxxxxxxxx(signature为传入的签名),等你拿到入参后,将参数串a=wersd&b=sd2354&c=4按你们约定的签名规则,自己用md5加签一次,然后和入参的signature值对比,以确认调用者是否合法,这就是接口签名验证的思路。
3、实例练习
接口双方经过沟通,对接口达成如下共识:
1、注意事项,主要指接口的的协议、传入参数类型、签名算法、文件格式等说明
2、下面是一个电商业务接口的真实案例,双方约定好了接口url、业务参数、固定参数、签名以及返回数据格式
我要评论
package com.pcmall;
import java.io.bufferedreader;
import java.io.dataoutputstream;
import java.io.ioexception;
import java.io.inputstreamreader;
import java.io.unsupportedencodingexception;
import java.net.httpurlconnection;
import java.net.url;
import java.net.urlencoder;
import java.security.messagedigest;
import java.security.nosuchalgorithmexception;
import java.util.arraylist;
import java.util.collections;
import java.util.iterator;
import java.util.list;
import java.util.map;
import java.util.treemap;
public class apitest {
static string test_url = "待定";
static string test_key = "待定";
static string test_sec = "待定";
public static void main(string[] args) throws unsupportedencodingexception, nosuchalgorithmexception {
string result = getresult(test_url, getreqparam());
system.out.print(result);
}
private static string getreqparam() throws unsupportedencodingexception, nosuchalgorithmexception {
treemap<string, string> req = new treemap<string, string>();
req.put("a", test_key);
req.put("f", "json");
req.put("l", "zh_cn");
req.put("m", "zhongan.repair.query");
req.put("v", "1.0");
req.put("i", "" + system.currenttimemillis() / 1000);
req.put("params", "{\"assignno\":\"test018\"}");
req.put("s", sign(req, null, test_sec));
stringbuilder param = new stringbuilder();
for (iterator<map.entry<string, string>> it = req.entryset().iterator(); it.hasnext();) {
map.entry<string, string> e = it.next();
param.append("&").append(e.getkey()).append("=").append(urlencoder.encode(e.getvalue(), "utf-8"));
}
return param.tostring().substring(1);
}
private static string sign(map<string, string> paramvalues, list<string> ignoreparamnames, string secret) throws nosuchalgorithmexception, unsupportedencodingexception {
stringbuilder sb = new stringbuilder();
list<string> paramnames = new arraylist<string>(paramvalues.size());
paramnames.addall(paramvalues.keyset());
if (ignoreparamnames != null && ignoreparamnames.size() > 0) {
for (string ignoreparamname : ignoreparamnames) {
paramnames.remove(ignoreparamname);
}
}
collections.sort(paramnames);
sb.append(secret);
for (string paramname : paramnames) {
sb.append(paramname).append(paramvalues.get(paramname));
}
sb.append(secret);
messagedigest md = messagedigest.getinstance("sha-1");
return byte2hex(md.digest(sb.tostring().getbytes("utf-8")));
}
private static string byte2hex(byte[] bytes) {
stringbuilder sign = new stringbuilder();
for (int i = 0; i < bytes.length; i++) {
string hex = integer.tohexstring(bytes[i] & 0xff);
if (hex.length() == 1) {
sign.append("0");
}
sign.append(hex.touppercase());
}
return sign.tostring();
}
private static string getresult(string urlstr, string content) {
url url = null;
httpurlconnection connection = null;
try {
url = new url(urlstr);
connection = (httpurlconnection) url.openconnection();
connection.setdooutput(true);
connection.setdoinput(true);
connection.setrequestmethod("post");
connection.setrequestproperty("content-type", "application/x-www-form-urlencoded;charset=utf-8");
connection.setusecaches(false);
connection.connect();
dataoutputstream out = new dataoutputstream(connection.getoutputstream());
out.write(content.getbytes("utf-8"));
out.flush();
out.close();
bufferedreader reader = new bufferedreader(new inputstreamreader(connection.getinputstream(), "utf-8"));
stringbuffer buffer = new stringbuffer();
string line = "";
while ((line = reader.readline()) != null) {
buffer.append(line);
}
reader.close();
return buffer.tostring();
} catch (ioexception e) {
e.printstacktrace();
} finally {
if (connection != null) {
connection.disconnect();
}
}
return null;
}
}
服务器端代码如下(仅供参考):
@requestmapping("/repairtakeorder")
@responsebody
public responsevo repairtakeorder(@requestbody string jsonstr) {
logger.info("repairtakeorder入参:" + jsonstr);
responsevo responsevo = null;
try {
repairorder repairorder = jackjsonutil.tobean(jsonstr,
repairorder.class);
treemap<string, string> paramsmap = new treemap<string, string>();
paramsmap.put("gsxx01", repairorder.getgsxx01());
paramsmap.put("ordertype", repairorder.getordertype().tostring());
paramsmap.put("serviceno", repairorder.getserviceno());
paramsmap.put("vipcard", repairorder.getvipcard());
paramsmap.put("customername", repairorder.getcustomername());
paramsmap.put("customerphone", repairorder.getcustomerphone());
paramsmap.put("customertel", repairorder.getcustomertel());
paramsmap.put("province", repairorder.getprovince());
paramsmap.put("city", repairorder.getcity());
paramsmap.put("county", repairorder.getcounty());
paramsmap.put("address", repairorder.getaddress());
paramsmap.put("salercode", repairorder.getsalercode());
paramsmap.put("salername", repairorder.getsalername());
paramsmap.put("storecode", repairorder.getstorecode());
paramsmap.put("storename", repairorder.getstorename());
paramsmap.put("site", repairorder.getsite());
paramsmap.put("sitedesp", repairorder.getsitedesp());
paramsmap.put("engineercode", repairorder.getengineercode());
paramsmap.put("engineername", repairorder.getengineername());
if (repairorder.getservicedate() != null) {
paramsmap.put("servicedate",
dateutils.formatdate(repairorder.getservicedate()));
}
if (repairorder.getsaleprice() != null) {
paramsmap.put("saleprice", repairorder.getsaleprice()
.tostring());
}
paramsmap.put("profitcenter", repairorder.getprofitcenter());
paramsmap.put("costcenter", repairorder.getcostcenter());
paramsmap.put("gsxx02", repairorder.getgsxx02());
paramsmap.put("returnreason", repairorder.getreturnreason());
if (repairorder.getoriorder() != null) {
paramsmap.put("oriorder", repairorder.getoriorder().tostring());
}
if (repairorder.getoriserviceno() != null) {
paramsmap.put("oriserviceno", repairorder.getoriserviceno());
}
// 拼接签名原串(a=1&b=2)
string paramsrc = requestutils.getparamsrc(paramsmap);
logger.info("签名原串:" + paramsrc);
//进行验签操作
if (signutils.verifymd5(paramsrc, repairorder.getsign())) {
//处理业务逻辑
responsevo=erpserviceimpl.repairtakeorder(repairorder);
} else {
responsevo = new responsevo();
responsevo.setsuccess(false);
responsevo.seterrormsg("验签失败");
}
} catch (exception e) {
logger.error("", e);
responsevo = new responsevo();
responsevo.setsuccess(false);
responsevo.seterrormsg(stringutils.isnotblank(e.getmessage()) ? e.getmessage() : "后台异常");
}
return responsevo;
}
以上这篇java http接口加签、验签操作方法就是小编分享给大家的全部内容了,希望能给大家一个参考,也希望大家多多支持移动技术网。
如对本文有疑问, 点击进行留言回复!!
application.yml配置文件属性自动装配到实体类中各种数据类型写法
关于java对象的反序列化时产生的异常补充:java.io.StreamCorruptedException: invalid type code: AC
网友评论