1、业务背景

最近接触了一些电商业务,发现在处理电商业务接口时,比如淘宝、支付类接口,接口双方为了确保数据参数在传输过程中未经过篡改,都需要对接口数据进行加签,然后在接口服务器端对接口参数进行验签,确保两个签名是一样的,验签通过之后再进行业务逻辑处理。我们这里主要介绍一下处理思路,至于签名算法我不做过多介绍,网上一大堆。

2、处理思路

双方约定好,参数按特定顺序排列,比如按首字母的顺序排列,如url:http://xxx/xxx.do?a=wersd&b=sd2354&c=4&signature=XXXXXXXXXXXX(signature为传入的签名),等你拿到入参后,将参数串a=wersd&b=sd2354&c=4按你们约定的签名规则,自己用md5加签一次,然后和入参的signature值对比,以确认调用者是否合法,这就是接口签名验证的思路。

3、实例练习

接口双方经过沟通,对接口达成如下共识:

1、注意事项,主要指接口的的协议、传入参数类型、签名算法、文件格式等说明

2、下面是一个电商业务接口的真实案例,双方约定好了接口URL、业务参数、固定参数、签名以及返回数据格式

接口调用时,接口调用方代码如下(仅供参考):
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package com.pcmall;
 
import java.io.BufferedReader;                 
import java.io.DataOutputStream;                   
import java.io.IOException;                
import java.io.InputStreamReader;                  
import java.io.UnsupportedEncodingException;                   
import java.net.HttpURLConnection;                 
import java.net.URL;                   
import java.net.URLEncoder;                
import java.security.MessageDigest;                
import java.security.NoSuchAlgorithmException;                 
import java.util.ArrayList;                
import java.util.Collections;                  
import java.util.Iterator;                 
import java.util.List;                 
import java.util.Map;                  
import java.util.TreeMap;
                     
public class APITest {                 
  static String TEST_URL = "待定";                   
  static String TEST_KEY = "待定";                   
  static String TEST_SEC = "待定";                   
                     
  public static void main(String[] args) throws UnsupportedEncodingException, NoSuchAlgorithmException {                   
    String result = getResult(TEST_URL, getReqParam());                
    System.out.print(result);                  
  }                
                     
  private static String getReqParam() throws UnsupportedEncodingException, NoSuchAlgorithmException {                  
    TreeMap<String, String> req = new TreeMap<String, String>();           
    req.put("a", TEST_KEY);                
    req.put("f", "json");                  
    req.put("l", "zh_CN");                 
    req.put("m", "zhongan.repair.query");                  
    req.put("v", "1.0");                   
    req.put("i", "" + System.currentTimeMillis() / 1000);                  
    req.put("params", "{\"assignNo\":\"TEST018\"}");                   
    req.put("s", sign(req, null, TEST_SEC));                   
                         
    StringBuilder param = new StringBuilder();                 
    for (Iterator<Map.Entry<String, String>> it = req.entrySet().iterator(); it.hasNext();) {                  
      Map.Entry<String, String> e = it.next();                   
      param.append("&").append(e.getKey()).append("=").append(URLEncoder.encode(e.getValue(), "UTF-8"));                   
    }                  
                         
    return param.toString().substring(1);                  
  }                
                     
  private static String sign(Map<String, String> paramValues, List<String> ignoreParamNames, String secret) throws NoSuchAlgorithmException, UnsupportedEncodingException {                
    StringBuilder sb = new StringBuilder();                
    List<String> paramNames = new ArrayList<String>(paramValues.size());                   
    paramNames.addAll(paramValues.keySet());                   
    if (ignoreParamNames != null && ignoreParamNames.size() > 0) {                  
      for (String ignoreParamName : ignoreParamNames) {                
        paramNames.remove(ignoreParamName);                
      }                
    }                  
    Collections.sort(paramNames);                  
                         
    sb.append(secret);                 
    for (String paramName : paramNames) {                  
      sb.append(paramName).append(paramValues.get(paramName));                 
    }                  
    sb.append(secret);                 
                     
    MessageDigest md = MessageDigest.getInstance("SHA-1");                 
    return byte2hex(md.digest(sb.toString().getBytes("UTF-8")));                   
  }                
                     
  private static String byte2hex(byte[] bytes) {                   
    StringBuilder sign = new StringBuilder();                  
    for (int i = 0; i < bytes.length; i++) {                
      String hex = Integer.toHexString(bytes[i] & 0xFF);                   
      if (hex.length() == 1) {                 
        sign.append("0");                  
      }                
      sign.append(hex.toUpperCase());                  
    }                  
    return sign.toString();                
  }                
                     
  private static String getResult(String urlStr, String content) {                 
    URL url = null;                
    HttpURLConnection connection = null;                   
    try {                  
      url = new URL(urlStr);                   
      connection = (HttpURLConnection) url.openConnection();                   
      connection.setDoOutput(true);                
      connection.setDoInput(true);                 
      connection.setRequestMethod("POST");                 
      connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded;charset=UTF-8");                
      connection.setUseCaches(false);                  
      connection.connect();                
                         
      DataOutputStream out = new DataOutputStream(connection.getOutputStream());                   
      out.write(content.getBytes("UTF-8"));                
      out.flush();                 
      out.close();                 
                         
      BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream(), "UTF-8"));                 
      StringBuffer buffer = new StringBuffer();                
      String line = "";                
      while ((line = reader.readLine()) != null) {                 
        buffer.append(line);                   
      }                
      reader.close();                  
                     
      return buffer.toString();                
    } catch (IOException e) {                  
      e.printStackTrace();                 
    } finally {                
      if (connection != null) {                
        connection.disconnect();                   
      }                
    }                  
                         
    return null;                   
  }
   
   
}

服务器端代码如下(仅供参考):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
@RequestMapping("/repairTakeOrder")
    @ResponseBody
    public ResponseVO repairTakeOrder(@RequestBody String jsonStr) {
        logger.info("repairTakeOrder入参:" + jsonStr);
 
        ResponseVO responseVO = null;
        try {
            RepairOrder repairOrder = JackJsonUtil.toBean(jsonStr,
                    RepairOrder.class);
            TreeMap<String, String> paramsMap = new TreeMap<String, String>();
            paramsMap.put("gsxx01", repairOrder.getGsxx01());
            paramsMap.put("orderType", repairOrder.getOrderType().toString());
            paramsMap.put("serviceNo", repairOrder.getServiceNo());
            paramsMap.put("vipCard", repairOrder.getVipCard());
            paramsMap.put("customerName", repairOrder.getCustomerName());
            paramsMap.put("customerPhone", repairOrder.getCustomerPhone());
            paramsMap.put("customerTel", repairOrder.getCustomerTel());
            paramsMap.put("province", repairOrder.getProvince());
            paramsMap.put("city", repairOrder.getCity());
            paramsMap.put("county", repairOrder.getCounty());
            paramsMap.put("address", repairOrder.getAddress());
            paramsMap.put("salerCode", repairOrder.getSalerCode());
            paramsMap.put("salerName", repairOrder.getSalerName());
            paramsMap.put("storeCode", repairOrder.getStoreCode());
            paramsMap.put("storeName", repairOrder.getStoreName());
            paramsMap.put("site", repairOrder.getSite());
 
            paramsMap.put("siteDesp", repairOrder.getSiteDesp());
            paramsMap.put("engineerCode", repairOrder.getEngineerCode());
            paramsMap.put("engineerName", repairOrder.getEngineerName());
            if (repairOrder.getServiceDate() != null) {
                paramsMap.put("serviceDate",
                        DateUtils.formatDate(repairOrder.getServiceDate()));
            }
 
            if (repairOrder.getSalePrice() != null) {
                paramsMap.put("salePrice", repairOrder.getSalePrice()
                        .toString());
            }
 
            paramsMap.put("profitCenter", repairOrder.getProfitCenter());
            paramsMap.put("costCenter", repairOrder.getCostCenter());
            paramsMap.put("gsxx02", repairOrder.getGsxx02());
            paramsMap.put("returnReason", repairOrder.getReturnReason());
            if (repairOrder.getOriOrder() != null) {
                paramsMap.put("oriOrder", repairOrder.getOriOrder().toString());
            }
 
            if (repairOrder.getOriServiceNo() != null) {
                paramsMap.put("oriServiceNo", repairOrder.getOriServiceNo());
            }
 
            // 拼接签名原串(a=1&b=2)
            String paramSrc = RequestUtils.getParamSrc(paramsMap);
            logger.info("签名原串:" + paramSrc);
            //进行验签操作
            if (SignUtils.verifymd5(paramSrc, repairOrder.getSign())) {
                //处理业务逻辑
                responseVO=erpServiceImpl.repairTakeOrder(repairOrder);
                 
            } else {
                responseVO = new ResponseVO();
                responseVO.setSuccess(false);
                responseVO.setErrorMsg("验签失败");
            }
 
        } catch (Exception e) {
            logger.error("", e);
            responseVO = new ResponseVO();
            responseVO.setSuccess(false);
            responseVO.setErrorMsg(StringUtils.isNotBlank(e.getMessage()) ? e.getMessage() : "后台异常");
        }
        return responseVO;
 
    }

以上这篇Java Http接口加签、验签操作方法就是小编分享给大家的全部内容了,希望能给大家一个参考,也希望大家多多支持脚本之家。

Java Http接口加签、验签操作方法的更多相关文章

  1. RSA体系 c++/java相互进行加签验签--转

    在web开发中,采用RSA公钥密钥体系自制ukey,文件证书登陆时,普遍的做法为:在浏览器端采用c++ activex控件,使用 c++的第三库openssl进行RAS加签操作,在服务器端采用java ...

  2. Java实现RSA密钥对并在加解密、加签验签中应用的实例

    一.项目结构 二.代码具体实现 1.密钥对生成的两种方式:一种生成公钥私文件,一种生成公钥私串 KeyPairGenUtil.java package com.wangjinxiang.genkey. ...

  3. java RSA 加签验签【转】

    引用自: http://blog.csdn.net/wangqiuyun/article/details/42143957/ java RSA 加签验签 package com.testdemo.co ...

  4. RSA加密解密及RSA加签验签

    RSA安全性应用场景说明 在刚接触RSA的时候,会混淆RSA加密解密和RSA加签验签的概念.简单来说加密解密是公钥加密私钥解密,持有公钥(多人持有)可以对数据加密,但是只有持有私钥(一人持有)才可以解 ...

  5. RSA加密解密与加签验签

    RSA公钥加密算法是1977年由罗纳德·李维斯特(Ron Rivest).阿迪·萨莫尔(Adi Shamir)和伦纳德·阿德曼(Leonard Adleman)一起提出的.1987年7月首次在美国公布 ...

  6. 微信小程序(17)-- RSA加密 解密 加签 验签

    RSA加密 解密 加签 验签 /** * 注:区分RSA私钥的类型,有pkcs1和pkcs8.pkcs8格式的私钥主要用于Java中 pkcs1格式: -----BEGIN RSA PRIVATE K ...

  7. Python rsa公私钥生成 rsa公钥加解密(分段加解密)-私钥加签验签实战

    一般现在的SAAS服务提供现在的sdk或api对接服务都涉及到一个身份验证和数据加密的问题.一般现在普遍的做法就是配置使用非对称加密的方式来解决这个问题,你持有SAAS公司的公钥,SAAS公司持有你的 ...

  8. 支付宝支付集成中:refund_fastpay_by_platform_nopwd接口服务器通知验签不通过

    在做p2p配资平台,也就是公司的项目,遇到了一个问题:refund_fastpay_by_platform_nopwd接口服务器通知验签不通过 下面是实录: 通知服务器的POST过来的数据: 1.si ...

  9. Java使用数字证书加密通信(加解密/加签验签)

    本文中使用的Base64Utils.java可参考:http://www.cnblogs.com/shindo/p/6346618.html 证书制作方法可参考:http://www.cnblogs. ...

随机推荐

  1. Android中Selector的用法(改变ListView和Button的默认背景)

    Android中的Selector的用法 http://blog.csdn.net/shakespeare001/article/details/7788400#comments Android中的S ...

  2. fzyzojP2984 -- 序列变换问题

    一个区间缩小变换的问题,并且n<=300 启示我们区间dp 我们考虑最后一定是在原串上扣一些,剩一些 所以不妨前求出[l,r]把[l,r]完全处理成什么样子的方案数 然后再来一遍序列dp,统计答 ...

  3. 2018-2019 ACM-ICPC ECfinal I. Misunderstood … Missing

    题目链接 首先有两个个属性值:\(A,D\),其中\(A\)表示目前攻击力,\(D\)表示每回合攻击的增量. 现在一共有\(n\)个回合,每一回合\(i\),可以有以下三种操作: 1.进行攻击,造成\ ...

  4. 总结: 《jQuery基础教程》 5-完结

    第5章:操作DOM HTML属性和DOM属性:attr()和prop() 获取表单控件的值:val() DOM操作方法的归纳: (1) 要在HTML中创建新元素,使用$()函数.(2) 要在每个匹配的 ...

  5. Java基础-字符串(String)常用方法

    Java基础-字符串(String)常用方法 作者:尹正杰 版权声明:原创作品,谢绝转载!否则将追究法律责任. 一.java的API概念 Java的API(API:Application(应用) Pr ...

  6. 【数据库-MySql】清空所有表格的所有数据

    方式一. drop procedure if exists del_all_tb; delimiter $$ create procedure del_all_tb(db char(20)) begi ...

  7. awk例子

     ls |awk -F . '{print $1}'|awk -F '-[0-9]' '{print $1}' 

  8. .NET 定时器类及使用方法

    Timer类实现定时任务 //2秒后开启该线程,然后每隔4s调用一次 System.Threading.Timer timer = new System.Threading.Timer((n) =&g ...

  9. python 12306 车次数据获取

    ssl._create_default_https_context = ssl._create_default_https_context train_data = '2018-10-20' head ...

  10. ArcGis数据分类(ClassBreaksDefinition)

    文章转载自:Arcgis数据分类那些事儿 数据分类.地图分级(Classification)通常用于Choropleth Map(面量图)的制作中,是专题制图中最初,也是最基本的一个步骤.没有进行过分 ...