微信公众号授权接口验证工具类(明文)
2016-11-17 20:01
495 查看
package com.c8SoftWare.shop.util;
import java.security.MessageDigest;
import java.util.Arrays;
import javax.servlet.ServletRequest;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
/***
* 微信消息接口认证token摘要类
*
* 这个摘要类实现为单例,校验一个签名是否合法的例子如下
*
* <pre>
*
* WeixinMessageDigest wxDigest = WeixinMessageDigest.getInstance();
* boolean bValid = wxDigest.validate(signature, timestamp, nonce);
* </pre>
*
*
* @author liguocai
*/
public final class WeixinMessageDigest {
/**
* 单例持有类
*
* @author liguocai
*
*/
private static class SingletonHolder {
static final WeixinMessageDigest INSTANCE = new WeixinMessageDigest();
}
/**
* 获取单例
*
* @return
*/
public static WeixinMessageDigest getInstance() {
return SingletonHolder.INSTANCE;
}
private MessageDigest digest;
private WeixinMessageDigest() {
try {
digest = MessageDigest.getInstance("SHA-1");
} catch (Exception e) {
throw new InternalError("init MessageDigest error:" + e.getMessage());
}
}
/**
* 将字节数组转换成16进制字符串
*
* @param b
* @return
*/
private static String byte2hex(byte[] b) {
StringBuilder sbDes = new StringBuilder();
String tmp = null;
for (int i = 0; i < b.length; i++) {
tmp = (Integer.toHexString(b[i] & 0xFF));
if (tmp.length() == 1) {
sbDes.append("0");
}
sbDes.append(tmp);
}
return sbDes.toString();
}
private String encrypt(String strSrc) {
String strDes = null;
byte[] bt = strSrc.getBytes();
digest.update(bt);
strDes = byte2hex(digest.digest());
return strDes;
}
/**
* 校验请求的签名是否合法
*
* 加密/校验流程: 1. 将token、timestamp、nonce三个参数进行字典序排序 2. 将三个参数字符串拼接成一个字符串进行sha1加密
* 3. 开发者获得加密后的字符串可与signature对比,标识该请求来源于微信
*
* @param signature
* @param timestamp
* @param nonce
* @return
*/
public boolean validate(String signature, String timestamp, String nonce, String token) {
// 1. 将token、timestamp、nonce三个参数进行字典序排序
String[] arrTmp = { token, timestamp, nonce };
Arrays.sort(arrTmp);
StringBuffer sb = new StringBuffer();
// 2.将三个参数字符串拼接成一个字符串进行sha1加密
for (int i = 0; i < arrTmp.length; i++) {
sb.append(arrTmp[i]);
}
String expectedSignature = encrypt(sb.toString());
// 3. 开发者获得加密后的字符串可与signature对比,标识该请求来源于微信
if (expectedSignature.equals(signature)) {
return true;
}
return false;
}
public static void main(String[] args) {
String signature = "8dc30c79633581afefbc316ad93d802fdd6f4708";// 加密需要验证的签名
String timestamp = "1478176977";// 时间戳
String nonce = "895301173";// 随机数
String token = "cellcom";
WeixinMessageDigest wxDigest = WeixinMessageDigest.getInstance();
boolean bValid = wxDigest.validate(signature, timestamp, nonce, token);
if (bValid) {
System.out.println("token 验证成功!");
} else {
System.out.println("token 验证失败!");
}
}
@ResponseBody
@RequestMapping(value = "wei_test")
public String tel_getcitylist(ServletRequest request) throws Exception {
String signature = request.getParameter("signature");
String timestamp = request.getParameter("timestamp");
String nonce = request.getParameter("nonce");
String echostr = request.getParameter("echostr");
/**
* 8dc30c79633581afefbc316ad93d802fdd6f4708
* 1478176977
* 895301173
* 9192377613597506513
*/
System.err.println("----------------------------");
System.err.println(signature);
System.err.println(timestamp);
System.err.println(nonce);
System.err.println(echostr);
System.err.println("----------------------------");
return echostr;
}
}
import java.security.MessageDigest;
import java.util.Arrays;
import javax.servlet.ServletRequest;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
/***
* 微信消息接口认证token摘要类
*
* 这个摘要类实现为单例,校验一个签名是否合法的例子如下
*
* <pre>
*
* WeixinMessageDigest wxDigest = WeixinMessageDigest.getInstance();
* boolean bValid = wxDigest.validate(signature, timestamp, nonce);
* </pre>
*
*
* @author liguocai
*/
public final class WeixinMessageDigest {
/**
* 单例持有类
*
* @author liguocai
*
*/
private static class SingletonHolder {
static final WeixinMessageDigest INSTANCE = new WeixinMessageDigest();
}
/**
* 获取单例
*
* @return
*/
public static WeixinMessageDigest getInstance() {
return SingletonHolder.INSTANCE;
}
private MessageDigest digest;
private WeixinMessageDigest() {
try {
digest = MessageDigest.getInstance("SHA-1");
} catch (Exception e) {
throw new InternalError("init MessageDigest error:" + e.getMessage());
}
}
/**
* 将字节数组转换成16进制字符串
*
* @param b
* @return
*/
private static String byte2hex(byte[] b) {
StringBuilder sbDes = new StringBuilder();
String tmp = null;
for (int i = 0; i < b.length; i++) {
tmp = (Integer.toHexString(b[i] & 0xFF));
if (tmp.length() == 1) {
sbDes.append("0");
}
sbDes.append(tmp);
}
return sbDes.toString();
}
private String encrypt(String strSrc) {
String strDes = null;
byte[] bt = strSrc.getBytes();
digest.update(bt);
strDes = byte2hex(digest.digest());
return strDes;
}
/**
* 校验请求的签名是否合法
*
* 加密/校验流程: 1. 将token、timestamp、nonce三个参数进行字典序排序 2. 将三个参数字符串拼接成一个字符串进行sha1加密
* 3. 开发者获得加密后的字符串可与signature对比,标识该请求来源于微信
*
* @param signature
* @param timestamp
* @param nonce
* @return
*/
public boolean validate(String signature, String timestamp, String nonce, String token) {
// 1. 将token、timestamp、nonce三个参数进行字典序排序
String[] arrTmp = { token, timestamp, nonce };
Arrays.sort(arrTmp);
StringBuffer sb = new StringBuffer();
// 2.将三个参数字符串拼接成一个字符串进行sha1加密
for (int i = 0; i < arrTmp.length; i++) {
sb.append(arrTmp[i]);
}
String expectedSignature = encrypt(sb.toString());
// 3. 开发者获得加密后的字符串可与signature对比,标识该请求来源于微信
if (expectedSignature.equals(signature)) {
return true;
}
return false;
}
public static void main(String[] args) {
String signature = "8dc30c79633581afefbc316ad93d802fdd6f4708";// 加密需要验证的签名
String timestamp = "1478176977";// 时间戳
String nonce = "895301173";// 随机数
String token = "cellcom";
WeixinMessageDigest wxDigest = WeixinMessageDigest.getInstance();
boolean bValid = wxDigest.validate(signature, timestamp, nonce, token);
if (bValid) {
System.out.println("token 验证成功!");
} else {
System.out.println("token 验证失败!");
}
}
@ResponseBody
@RequestMapping(value = "wei_test")
public String tel_getcitylist(ServletRequest request) throws Exception {
String signature = request.getParameter("signature");
String timestamp = request.getParameter("timestamp");
String nonce = request.getParameter("nonce");
String echostr = request.getParameter("echostr");
/**
* 8dc30c79633581afefbc316ad93d802fdd6f4708
* 1478176977
* 895301173
* 9192377613597506513
*/
System.err.println("----------------------------");
System.err.println(signature);
System.err.println(timestamp);
System.err.println(nonce);
System.err.println(echostr);
System.err.println("----------------------------");
return echostr;
}
}
相关文章推荐
- C#微信公众号开发-高级接口-之网页授权oauth2.0获取用户基本信息(二)
- nodejs中微信公众号开发-接口配置和签名验证
- 微信公众平台申请消息接口验证工具
- Java基于微信公众号接口实现授权登录源码及原理分析
- C#微信公众号接口开发,灵活利用网页授权、带参数二维码、模板消息,提升用户体验之完成用户绑定个人微信及验证码获取
- 微信公众号开发(一)微信验证开发者服务器接口
- 公众号网页授权接口开发,实现微信公众号网页授权登录
- 微信公众平台申请消息接口验证工具
- 微信公众号平台网页授权接口中获取到的授权code传递给(即一个微信公众号网页授权给)任何其他多个回调域名下的url,解决了只能设置一个网页授权回调域名的问题,解决了redirect_uri参数错误的问
- Asp.net中基于Forms验证的角色验证授权
- Asp.net中基于Forms验证的角色验证授权
- Asp.net中基于Forms验证的角色验证授权(转)
- Asp.net中基于Forms验证的角色验证授权
- Asp.net中基于角色验证授权(转)
- 使用JAAS框架和LDAP做验证(Authentication)、授权(Authorization)
- Asp.net中基于Forms验证的角色验证授权
- ASP.NET中基于Forms验证的角色验证授权
- 收藏:如何实现路由器的本地验证和授权
- Asp.net中基于角色验证授权
- 身份验证和授权