接受方定义:公司编号,停车场编号,公有KEY(签名),私有KEY(解密)
传参体制四部分:公司编号,停车场编号,时间戳(加来加密),排序后加密的body(date)数据,SIGN
验证码(密文),通过停车场编号,查询公KEY(用来签名),按规则生成签名,通用私KEY加解密,随机数判断数据是否重复,两年多,太细节的东西已经忘了,大概思路还是一样的。
1. 接口协议
1、 实现停车数据对接首先需要获得由XX科技统一发放的停车场的编码(parkId)和停车场密钥(secretKey)。
2、 在使用接口时,需要通过停车场编码(parkId)和停车场密钥(secretKey)实现对请求数据的安全签名。
3、 每个接口必须传四个参数:data(数据主体),sign(签名),parkId,timeStamp(数据传送时间戳-毫秒)
4、 接口协议:HTTP
5、数据报文格式:JSON
6、数据内容编码格式:UTF-8
7、Context-Type:application/json
2. 数据签名
停车场数据对接为了保证安全性,通过签名方式对所有请求进行合法性校验。
签名值(sign)根据统一签名规则计算得出,用于验证调用方身份,确保请求来源合法且信息未被篡改。
签名sign生成方法:对请求中的data数据加上appkey&parkkey,进行MD5并转为大写。
签名规则:
签名计算通过对待签名数据进行HASH计算得出。
HASH算法采用MD5算法,计算结果用16进制大写表示:
规则可以表示为:
sign=uppercase(Hex(MD5(待签名数据)))
待签名数据= data中的数据(不包含 “data”)+ “&” + parkId + “&” + secretKey++ “&” + timeStamp(顺序固定)
例如:对应的待签名数据(data主体)为:
[{
"GUID": "{1446CB91-31D0-423F-B978-32C46E0E4881}",
"appVersion": "V5.38.9.9",
"areaNo": "A",
"carType": 1,
"catalog": "external",
"chargeDevice": "",
"collectFee": 0,
"collectFeeRule": 0,
"enterCarColor": "",
"enterPicturePath": "",
"enterPlate": "鄂A11221",
"enterPlateColor": "",
"enterRecognition": "MANUAL",
"enterTime": "2019-06-21 17:11:05",
"enterTrack": 1,
"ignoreStatistics": 0,
"leaveCarColor": "",
"leavePicturePath": "",
"leavePlate": "鄂A11221",
"leavePlateColor": "",
"leaveRecognition": "MANUAL",
"leaveTime": "2019-06-21 17:12:03",
"leaveTrack": 2,
"loginGUID": "{7D32C7EC-7888-4329-8FEE-20590A89DA47}",
"originalCollectFee": 0,
"originalCollectFeeRule": 0,
"originalLoginGUID": "",
"originalSize": "small",
"outTradeNo": "",
"parkID": "42010313000026",
"payment": "cash",
"qrcodeVehicleGUID": "",
"size": "small",
"timeSpan": 0,
"tradeNo": "",
"inPic":"",
"outPic":""
}]
parkId: 42010616010111
secretKey: 23033fea5c27f6b2b7c45c5c15fd9b052f9f464e
timeStamp: 1561107517000
签名生成的sign为:A3DE1813F4DDBADFC18555E18A2E579D
package com.XXX.park.filter;
import java.io.IOException;
import java.io.PrintWriter;
import java.nio.charset.Charset;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.ArrayUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.RedisConnectionFailureException;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Component;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONException;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.serializer.SerializerFeature;
import com.XXX.park.bean.ParkingReg;
import com.XXX.park.bean.ThirdCompanyInfo;
import com.XXX.park.common.Constant;
import com.XXX.park.common.utils.RedisUtils;
import com.XXX.park.service.ParkingRegService;
import com.XXX.park.service.third.ThirdCompanyInfoService;
import com.XXX.park.utils.Utils;
import com.XXX.park.utils.http.Response;
/**
*
* @ClassName: ThirdApiFilter
* @Description: 请求预处理
* @author XEChen
* @date 2018年6月25日 上午11:22:53
*
*/
@Component
public class ThirdApiFilter implements Filter {
/**
* Logger for this class
*/
private static final Logger logger = LoggerFactory.getLogger(ThirdApiFilter.class);
private static final String CONTENT_TYPE = "application/json;charset=UTF-8";
/** 不拦截的url */
private static final String[] pathAuth = {
"cwsj", "carout", "carin", "carpic" };
private static final String HTTP_SUFFIX = "/api/third/1.0.0/";
@Autowired
private ThirdCompanyInfoService thirdCompanyInfoService<