验证票据
概述: 验证票据(component_verify_ticket),在第三方平台创建审核通过后,微信服务器会向其 ”授权事件接收URL” 每隔 10 分钟以 POST 的方式推送 component_verify_ticket
参数:
参数 | 类型 | 字段描述 |
---|---|---|
AppId | string | 第三方平台 appid |
CreateTime | number | 时间戳,单位:s |
InfoType | string | 固定为:“component_verify_ticket” |
ComponentVerifyTicket | string | Ticket 内容 |
推送内容解密后的示例:
<xml>
<AppId>some_appid</AppId>
<CreateTime>1413192605</CreateTime>
<InfoType>component_verify_ticket</InfoType>
<ComponentVerifyTicket>some_verify_ticket</ComponentVerifyTicket>
</xml>
代码
Controller层
@ApiOperation(value = "获取票据")
@RequestMapping(value = "/wxapp", method = RequestMethod.POST)
public String getUserCumulate(@RequestParam("timestamp") String timestamp,
@RequestParam("nonce") String nonce,
@RequestParam("msg_signature") String msgSignature,
@RequestBody String postData) throws Exception {
//微信没10分钟调此接口,我盟需要接收四个参数
//postData接收微信传的加密的xml
wxTicketService.parseRequest(timestamp, nonce, msgSignature, postData);
return "success";
}
Service
String parseRequest(String timestamp, String nonce, String msgSignature, String postData) throws Exception;
ServiceImpl
/**
* 第三方平台appId
*/
private static final String PLATFORM_APP_ID = "*";
/**
* 第三方平台 消息加解密Key
*/
private static final String PLATFORM_AES_KEY = "*";
/**
* 第三方平台 消息校验Token
*/
private static final String PLATFORM_COMPONENT_TOKEN = "*";
@Override
public String parseRequest(String timeStamp, String nonce, String msgSignature, String postData) throws Exception {
//这个类是微信官网提供的解密类,需要用到消息校验Token 消息加密Key和服务平台appid
WXBizMsgCrypt pc = new WXBizMsgCrypt(PLATFORM_COMPONENT_TOKEN, PLATFORM_AES_KEY, PLATFORM_APP_ID);
String xml = pc.decryptMsg(msgSignature, timeStamp, nonce, postData);
JSONObject jsonObject = XmlUtils.xml2Json(xml);// 将xml转为JSON
//取xml里数据
JSONObject json = jsonObject.getJSONObject("xml");
//保存ComponentVerifyTicket
String componentVerifyTicket = json.getString("ComponentVerifyTicket");
if (StringUtils.isNotEmpty(componentVerifyTicket)) {
// 存储平台授权票据,保存ticket redis存储
redisTemplate.opsForValue().set(CacheConstants.COMPONENT_VERIFY_TICKET, componentVerifyTicket, 2, TimeUnit.HOURS);//验证码有效期2小时
} else {
throw new RuntimeException("微信开放平台,第三方平台获取【验证票据】失败");
}
return "success";
}
工具类和导入的依赖:
AesException
@SuppressWarnings("serial")
public class AesException extends Exception {
public final static int OK = 0;
public final static int ValidateSignatureError = -40001;
public final static int ParseXmlError = -40002;
public final static int ComputeSignatureError = -40003;
public final static int IllegalAesKey = -40004;
public final static int ValidateAppidError = -40005;
public final static int EncryptAESError = -40006;
public final static int DecryptAESError = -40007;
public final static int IllegalBuffer = -40008;
//public final static int EncodeBase64Error = -40009;
//public final static int DecodeBase64Error = -40010;
//public final static int GenReturnXmlError = -40011;
private int code;
private static String getMessage(int code) {
switch (code) {
case ValidateSignatureError:
return "签名验证错误";
case ParseXmlError:
return "xml解析失败";
case ComputeSignatureError:
return "sha加密生成签名失败";
case IllegalAesKey:
return "SymmetricKey非法";
case ValidateAppidError:
return "appid校验失败";
case EncryptAESError:
return "aes加密失败";
case DecryptAESError:
return "aes解密失败";
case IllegalBuffer:
return "解密后得到的buffer非法";
// case EncodeBase64Error:
// return "base64加密错误";
// case DecodeBase64Error:
// return "base64解密错误";
// case GenReturnXmlError:
// return "xml生成失败";
default:
return null; // cannot be
}
}
public int getCode() {
return code;
}
AesException(int code) {
super(getMessage(code));
this.code = code;
}
}
WXBizMsgCrypt
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.Charset;
import java.util.Arrays;
import java.util.Random;
/**
* 提供接收和推送给公众平台消息的加解密接口(UTF8编码的字符串).
* <ol>
* <li>第三方回复加密消息给公众平台</li>
* <li>第三方收到公众平台发送的消息,验证消息的安全性,并对消息进行解密。</li>
* </ol>
* 说明:异常java.security.InvalidKeyException:illegal Key Size的解决方案
* <ol>
* <li>在官方网站下载JCE无限制权限策略文件(JDK7的下载地址:
* http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html</li>
* <li>下载后解压,可以看到local_policy.jar和US_export_policy.jar以及readme.txt</li>
* <li>如果安装了JRE,将两个jar文件放到%JRE_HOME%\lib\security目录下覆盖原来的文件</li>
* <li>如果安装了JDK,将两个jar文件放到%JDK_H