commit
ba415c136c
11 changed files with 177 additions and 40 deletions
@ -0,0 +1,31 @@ |
||||
package com.daqing.financial.hrauth.controller; |
||||
|
||||
|
||||
import com.daqing.financial.hrauth.util.WXPublicUtils; |
||||
import io.swagger.annotations.Api; |
||||
import lombok.extern.slf4j.Slf4j; |
||||
import org.springframework.web.bind.annotation.RequestMapping; |
||||
import org.springframework.web.bind.annotation.RestController; |
||||
|
||||
import javax.servlet.http.HttpServletRequest; |
||||
|
||||
@RestController |
||||
@RequestMapping("/wxpublic") |
||||
@Api(tags = "验证公众平台token") |
||||
@Slf4j |
||||
public class WXTokenController { |
||||
@RequestMapping("/verify_wx_token") |
||||
public String verifyWXToken(HttpServletRequest request) { |
||||
String msgSignature = request.getParameter("signature"); |
||||
String msgTimestamp = request.getParameter("timestamp"); |
||||
String msgNonce = request.getParameter("nonce"); |
||||
String echostr = request.getParameter("echostr"); |
||||
if (WXPublicUtils.verifyUrl(msgSignature, msgTimestamp, msgNonce)) { |
||||
return echostr; |
||||
} |
||||
return null; |
||||
} |
||||
|
||||
} |
||||
|
||||
|
@ -0,0 +1,47 @@ |
||||
package com.daqing.financial.hrauth.util; |
||||
|
||||
|
||||
import java.security.MessageDigest; |
||||
import java.util.Arrays; |
||||
|
||||
public class SHA1 { |
||||
|
||||
/** |
||||
* 用SHA1算法验证Token |
||||
* |
||||
* @param token 票据 |
||||
* @param timestamp 时间戳 |
||||
* @param nonce 随机字符串 |
||||
* @return 安全签名 |
||||
*/ |
||||
public static String getSHA1(String token, String timestamp, String nonce) { |
||||
try { |
||||
String[] array = new String[]{token, timestamp, nonce}; |
||||
StringBuffer sb = new StringBuffer(); |
||||
// 字符串排序
|
||||
Arrays.sort(array); |
||||
for (int i = 0; i < 3; i++) { |
||||
sb.append(array[i]); |
||||
} |
||||
String str = sb.toString(); |
||||
// SHA1签名生成
|
||||
MessageDigest md = MessageDigest.getInstance("SHA-1"); |
||||
md.update(str.getBytes()); |
||||
byte[] digest = md.digest(); |
||||
|
||||
StringBuffer hexstr = new StringBuffer(); |
||||
String shaHex = ""; |
||||
for (int i = 0; i < digest.length; i++) { |
||||
shaHex = Integer.toHexString(digest[i] & 0xFF); |
||||
if (shaHex.length() < 2) { |
||||
hexstr.append(0); |
||||
} |
||||
hexstr.append(shaHex); |
||||
} |
||||
return hexstr.toString(); |
||||
} catch (Exception e) { |
||||
e.printStackTrace(); |
||||
throw new IllegalArgumentException("用SHA1算法验证Token异常"); |
||||
} |
||||
} |
||||
} |
@ -0,0 +1,24 @@ |
||||
package com.daqing.financial.hrauth.util; |
||||
|
||||
|
||||
|
||||
public class WXPublicUtils { |
||||
|
||||
/** |
||||
* 验证Token |
||||
* @param msgSignature 签名串,对应URL参数的signature |
||||
* @param timeStamp 时间戳,对应URL参数的timestamp |
||||
* @param nonce 随机串,对应URL参数的nonce |
||||
* |
||||
* @return 是否为安全签名 |
||||
*/ |
||||
public static boolean verifyUrl(String msgSignature, String timeStamp, String nonce){ |
||||
// 这里的 WXPublicConstants.TOKEN 填写你自己设置的Token就可以了
|
||||
String signature = SHA1.getSHA1("123456", timeStamp, nonce); |
||||
if (!signature.equals(msgSignature)) { |
||||
// throw new AesException(AesException.ValidateSignatureError);
|
||||
throw new IllegalArgumentException("验证Token异常"); |
||||
} |
||||
return true; |
||||
} |
||||
} |
Loading…
Reference in new issue