Java HmacSHA256 签名及验签
HmacSHA256 签名及验签
一个项目需要用到HmacSHA256 对数据进行签名 于是写了个工具类方便以后及大家直接引用。
验签参数
// 遍历排序后的字典,将所有参数按"keyvalue"格式拼接在一起
StringBuilder basestring = new StringBuilder();
for (Map.Entry<String, String> param : entrys) {
if(!StringUtils.isBlank(param.getValue())) {
basestring.append(param.getKey());
basestring.append(param.getValue());
}
}
basestring.append(secret);
logger.info("basestring is = {}", basestring);
// 使用SHA256对待签名串求签
boolean returnFlag = SignatureUtils.valid(basestring.toString(), secret, userSign);
if (! returnFlag ) {
logger.info("user sign error==============sign={}, string={}", clientSign, basestring);
}
工具代码
// 项目需要对表的数据进行签名
package com.api.common.utils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
public abstract class SignatureUtils {
private static Logger logger = LogManager.getLogger(SignatureUtils.class);
private static final String ALGORITHM = "HmacSHA256";
public static boolean valid(String message, String secret, String signature) {
return signature != null && signature.equals(sign(message, secret));
}
public static String sign(String message, String secret) {
try {
Mac hmac = Mac.getInstance(ALGORITHM);
SecretKeySpec secret_key = new SecretKeySpec(secret.getBytes(StandardCharsets.UTF_8), ALGORITHM);
hmac.init(secret_key);
byte[] bytes = hmac.doFinal(message.getBytes());
logger.info("service sign is "+byteArrayToHexString(bytes));
return byteArrayToHexString(bytes);
} catch (Exception ex) {
logger.error("签名错误:", ex);
}
return null;
}
private static String byteArrayToHexString(byte[] bytes) {
StringBuilder hs = new StringBuilder();
String tempStr;
for (int index = 0; bytes != null && index < bytes.length; index++) {
tempStr = Integer.toHexString(bytes[index] & 0XFF);
if (tempStr.length() == 1)
hs.append('0');
hs.append(tempStr);
}
return hs.toString().toLowerCase();
}
}