shal加密的算法就不用自己写了，有现成的，自己写还容易写错

者模式一些参数简介

1.开发者提交信息后，服务器将发送GET请求到填写的服务器地址URL上，GET请求携带参数如下表所示：

signature	微信加密签名，signature结合了开发者填写的token参数和请求中的timestamp参数、nonce参数。
timestamp	时间戳
nonce	随机数
echostr	随机字符串

2.开发者通过检验signature对请求进行校验（下面有校验方式）。若确认此次GET请求来自微信服务器，请原样返回echostr参数内容，则接入生效，成为开发者成功，否则接入失败。加密/校验流程如下：

1）将token、timestamp、nonce三个参数进行字典序排序

2）将三个参数字符串拼接成一个字符串进行sha1加密

3）开发者获得加密后的字符串可与signature对比，标识该请求来源于微信

对应源代码

①加密/校验方法代码

package com.imooc.util;

import java.security.MessageDigest;

import java.util.Arrays;

public class CheckUtil {

private static final String tocken = "imooc";

public static boolean checkSignature(String signature,String timestamp,String nonce){

String arr[]=new String[]{tocken,timestamp,nonce};

//排序

Arrays.sort(arr);

//生成字符串

StringBuffer content = new StringBuffer();

for(int i=0;i<arr.length;i++){

content.append(arr[i]);

}

//sha1加密

String temp = getSha1(content.toString());

System.out.println("x-->"+temp);

System.out.println("z>>>"+signature);

return temp.equals(signature);

}

public static String getSha1(String str){

if(str==null||str.length()==0){

return null;

}

char hexDigits[]={'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};

MessageDigest mdTemp;

try{

mdTemp = MessageDigest.getInstance("SHA1");

mdTemp.update(str.getBytes("UTF-8"));

byte[] md = mdTemp.digest();

int j = md.length;

char buf[] = new char[j * 2];

int k = 0;

for (int i = 0; i < j; i++) {

byte byte0 = md[i];

buf[k++] = hexDigits[byte0 >>> 4 & 0xf];

buf[k++] = hexDigits[byte0 & 0xf];

}

return new String(buf);

} catch (Exception e) {

return null;

}

}

}

 

 ②servlet代码

package com.imooc.servlet;

import java.io.IOException;

import java.io.PrintWriter;

import java.util.Enumeration;

import javax.servlet.ServletConfig;

import javax.servlet.ServletContext;

import javax.servlet.ServletException;

import javax.servlet.http.HttpServlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import com.imooc.util.CheckUtil;

public class WeiXinServlet extends HttpServlet{

@Override

protected void doGet(HttpServletRequest req, HttpServletResponse resp)

throws ServletException, IOException {

// TODO Auto-generated method stub

String signature = req.getParameter("signature");

String timestamp = req.getParameter("timestamp");

String nonce = req.getParameter("nonce");

String echostr = req.getParameter("echostr");

PrintWriter out = resp.getWriter();

if(CheckUtil.checkSignature(signature, timestamp, nonce)){

out.print(echostr);

}else{

System.out.println("不匹配");

}

}

}

本地localhost可以访问

 

使用公网地址也可以访问这个servlet

 

靠，还是tocken验证失败