微信公众号开发1-验证消息的确来自微信服务器

最新推荐文章于 2023-04-10 06:54:15 发布

Torey_Li

最新推荐文章于 2023-04-10 06:54:15 发布

阅读量1.5k

点赞数 2

文章标签：微信公众号开发

本文链接：https://blog.csdn.net/Torey_Li/article/details/90143183

版权

1 进入测试号
在这里插入图片描述
2 使用ngrok实现内网穿透
3 验证消息的确来自微信服务器

WxMessageController.java

package com.torey.shxqgy.shxqgy.controller;

import com.torey.shxqgy.shxqgy.service.WxService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;

/**
 * @ClassName：WxMessage
 * @Description：
 * @author: Torey
 */
@RestController
public class WxMessageController {
    @Autowired
    private HttpServletRequest request;
    @Autowired
    private HttpServletResponse response;
    @RequestMapping(value = "/wx/wxRes",method = RequestMethod.GET )
    public void wxMessageGet(){
        System.out.println("GET");
        yanZhengWx();
    }
    @RequestMapping(value = "/wx/wxRes",method = RequestMethod.POST )
    public void wxMessagePost(){
        System.out.println("POST");
    }

    private boolean yanZhengWx() {
       String signature	=request.getParameter("signature");//微信加密签名，signature结合了开发者填写的token参数和请求中的timestamp参数、nonce参数。
       String timestamp	=request.getParameter("timestamp");//时间戳
       String nonce	=request.getParameter("nonce");//随机数
       String echostr	=request.getParameter("echostr");//随机字符串
        //校验请求
        if(WxService.check(timestamp,nonce,signature)){
            PrintWriter writer = null;
            try {
                writer = response.getWriter();
            } catch (IOException e) {
                e.printStackTrace();
            }
            //原样返回echost参数
            writer.print(echostr);
            writer.flush();
            writer.close();
            System.out.println("接入成功");
        }else {
            System.out.println("接入失败");
        }
        return  true;
    }
}

WxService.java

package com.torey.shxqgy.shxqgy.service;

import com.torey.shxqgy.shxqgy.config.WxConfig;
import org.apache.commons.lang3.StringUtils;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;

/**
 * @ClassName：WxService
 * @Description：
 * @author: Torey
 */
public class WxService {
    /**
     * @author: LiTaoFeng
     * @description:验证签名
     */
    public static boolean check(String timestamp,String nonce,String signature) {
        //1）将token、timestamp、nonce三个参数进行字典序排序
        // 2）将三个参数字符串拼接成一个字符串进行sha1加密
        // 3）开发者获得加密后的字符串可与signature对比，标识该请求来源于微信
        //1）将token、timestamp、nonce三个参数进行字典序排序
        String[] strs=new String[]{WxConfig.TOKEN,timestamp,nonce};
        Arrays.sort(strs);
        // 2）将三个参数字符串拼接成一个字符串进行sha1加密
        String str = StringUtils.join(strs, "");
        String shal = shal(str);
        System.out.println(shal);
        System.out.println(signature);
        return shal.equalsIgnoreCase(signature);
    }
    /**
     * @author: LiTaoFeng
     * @description:进行shal加密
     */
    private static String shal(String src){
        //获取一个加密对象
        MessageDigest md = null;
        try {
            md = MessageDigest.getInstance("sha1");

        char[] chars={'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
        StringBuilder sb = new StringBuilder();
        //加密
        byte[] digest = md.digest(src.getBytes());
        //处理加密结果
        for (byte b : digest) {
            sb.append(chars[(b>>4)&15]) ;
            sb.append(chars[b&15]);
        }
        return sb.toString();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        return null;
    }
}