shal加密的算法就不用自己写了,有现成的,自己写还容易写错
者模式一些参数简介
1.开发者提交信息后,服务器将发送GET请求到填写的服务器地址URL上,GET请求携带参数如下表所示:
signature | 微信加密签名,signature结合了开发者填写的token参数和请求中的timestamp参数、nonce参数。 |
timestamp | 时间戳 |
nonce | 随机数 |
echostr | 随机字符串 |
2.开发者通过检验signature对请求进行校验(下面有校验方式)。若确认此次GET请求来自微信服务器,请原样返回echostr参数内容,则接入生效,成为开发者成功,否则接入失败。加密/校验流程如下:
1)将token、timestamp、nonce三个参数进行字典序排序
2)将三个参数字符串拼接成一个字符串进行sha1加密
3)开发者获得加密后的字符串可与signature对比,标识该请求来源于微信
对应源代码
①加密/校验方法代码
package com.imooc.util;
import java.security.MessageDigest;import java.util.Arrays;public class CheckUtil {
private static final String tocken = "imooc"; public static boolean checkSignature(String signature,String timestamp,String nonce){String arr[]=new String[]{tocken,timestamp,nonce};
//排序 Arrays.sort(arr); //生成字符串 StringBuffer content = new StringBuffer(); for(int i=0;i<arr.length;i++){ content.append(arr[i]); } //sha1加密 String temp = getSha1(content.toString()); System.out.println("x-->"+temp); System.out.println("z>>>"+signature); return temp.equals(signature); } public static String getSha1(String str){ if(str==null||str.length()==0){ return null; } char hexDigits[]={'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'}; MessageDigest mdTemp; try{ mdTemp = MessageDigest.getInstance("SHA1"); mdTemp.update(str.getBytes("UTF-8")); byte[] md = mdTemp.digest(); int j = md.length; char buf[] = new char[j * 2]; int k = 0; for (int i = 0; i < j; i++) { byte byte0 = md[i]; buf[k++] = hexDigits[byte0 >>> 4 & 0xf]; buf[k++] = hexDigits[byte0 & 0xf]; } return new String(buf); } catch (Exception e) { return null; } }}
②servlet代码
package com.imooc.servlet;
import java.io.IOException;import java.io.PrintWriter;import java.util.Enumeration;import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import com.imooc.util.CheckUtil;
public class WeiXinServlet extends HttpServlet{@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { // TODO Auto-generated method stub String signature = req.getParameter("signature"); String timestamp = req.getParameter("timestamp"); String nonce = req.getParameter("nonce"); String echostr = req.getParameter("echostr"); PrintWriter out = resp.getWriter(); if(CheckUtil.checkSignature(signature, timestamp, nonce)){ out.print(echostr); }else{ System.out.println("不匹配"); } } }本地localhost可以访问
使用公网地址也可以访问这个servlet
靠,还是tocken验证失败