前段时间,某项目压测,需要验证SSO login功能接口性能。发现login请求中为了安全,使用了签名验签算法。
于是从开发那要过来算法API ,用java代码实现。方便根据签名验签,生成批量的url信息(保存到参数化文件中),供login接口直接使用。
authorization API局部内容:
authorization = 签名+":"+时间戳
签名= Base64(HMAC-MD5(HTTP Method + HTTP Resource + TimeStamp + DATA, AccessKey))
下面分开来介绍具体实现:
1)auth算法实现:
/**
* 实现auth算法
* @param method
* @param path
* @param body
* @param accessKey
* @return
*/
public static String auth(String method,String path,String body,String accessKey){
long timestamp = new Date().getTime();
String requestVars = method+path+timestamp+body;
try {
byte[] signHmacMD5 = Hmacmd5.encryptHMAC(requestVars.getBytes(StandardCharsets.UTF_8),accessKey);
String signature = Base64.getEncoder().encodeToString(signHmacMD5);
String okStr = signature + ":" + timestamp;
System.out.println("******************signature:"+signature);
return java.net.URLEncoder.encode(okStr, "UTF-8");
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
/**
* MAC算法可选以下多种算法
*
* <pre>
* HmacMD5
* HmacSHA1
* HmacSHA256
* HmacSHA384
* HmacSHA512
* </pre>
*/
public static final String KEY_MAC = "HmacMD5";
/**
* HMAC加密
*
* @param data
* @param key
* @return
* @throws Exception
*/
public static byte[] encryptHMAC(byte[] data, String key) throws Exception {
SecretKey secretKey = new SecretKeySpec(key.getBytes(), KEY_MAC);
Mac mac = Mac.getInstance(secretKey.getAlgorithm());
mac.init(secretKey);
return mac.doFinal(data);
}
/*byte数组转换为HexString*/
public static String byteArrayToHexString(byte[] b) {
//StringBuffer sb = new StringBuffer(b.length * 2);
StringBuffer sb = new StringBuffer();
for (int i = 0; i < b.length; i++) {
int v = b[i] & 0xff;
if (v < 16) {
sb.append('0');
}
sb.append(Integer.toHexString(v));
}
return sb.toString();
}
createFile方法:生成批量url信息写入文件,供login接口使用。
/**
* 生成批量参数化 url数据,供login使用
* @param count 生成记录数量
* @param accessKey
* @param accessId
* @param userType
*/
public static void createFile(int count,String file, String accessKey, String accessId, String userType) {
String method = "GET";
String path = "/api/1/zhilian/login";
long i = 500000;
long counts = i+count;
if (file != null) {
try {
BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(file), "GB2312"));
while (i < counts) {
i++;
String userId = i + "00000";
String body = "{\"majorName\":\"dashi\",\"name\":\"ee\",\"orgCode\":\"123\",\"orgName\":\"OHOH\",\"phoneNumber\":\"" + userId + "\",\"schoolName\":\"TIANMEN\",\"userId\":\"" + userId + "\",\"userType\":\"" + userType + "\"}";
String authorization = auth(method, path, body, accessKey);
String url = "phoneNumber=" + userId + "&orgName=zhilian&orgCode=333&name=ss&majorName=wenxue&userType=" + userType + "&schoolName=beida&userId=" + userId + "&accessId=" + accessId + "&authorization=" + authorization;
try {
//转码为汉字
//String strOkDecode = java.net.URLDecoder.decode(strOk, "UTF-8");
//写入文件并换行
bw.write(url + "\r\n");
bw.flush();
} catch (IOException e) {
e.printStackTrace();
}
}
try {
bw.close();
} catch (IOException e) {
e.printStackTrace();
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
下面为全部代码:
import com.sun.org.slf4j.internal.Logger;
import com.sun.org.slf4j.internal.LoggerFactory;
import java.io.*;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.Signature;
import java.util.Base64;
import java.util.Date;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
/**
* @Author: jiajun.du
* @Date: 2020/8/31 17:38
*/
public class Hmacmd5 {
/**
* 基础加密组件
* @version 1.0
*/
private static Logger logger = LoggerFactory.getLogger(Hmacmd5.class);
/**
* MAC算法可选以下多种算法
*
* <pre>
* HmacMD5
* HmacSHA1
* HmacSHA256
* HmacSHA384
* HmacSHA512
* </pre>
*/
public static final String KEY_MAC = "HmacMD5";
/**
* HMAC加密
*
* @param data
* @param key
* @return
* @throws Exception
*/
public static byte[] encryptHMAC(byte[] data, String key) throws Exception {
SecretKey secretKey = new SecretKeySpec(key.getBytes(), KEY_MAC);
Mac mac = Mac.getInstance(secretKey.getAlgorithm());
mac.init(secretKey);
return mac.doFinal(data);
}
/*byte数组转换为HexString*/
public static String byteArrayToHexString(byte[] b) {
//StringBuffer sb = new StringBuffer(b.length * 2);
StringBuffer sb = new StringBuffer();
for (int i = 0; i < b.length; i++) {
int v = b[i] & 0xff;
if (v < 16) {
sb.append('0');
}
sb.append(Integer.toHexString(v));
}
return sb.toString();
}
/**
* 实现auth算法
* @param method
* @param path
* @param body
* @param accessKey
* @return
*/
public static String auth(String method,String path,String body,String accessKey){
long timestamp = new Date().getTime();
String requestVars = method+path+timestamp+body;
try {
byte[] signHmacMD5 = Hmacmd5.encryptHMAC(requestVars.getBytes(StandardCharsets.UTF_8),accessKey);
String signature = Base64.getEncoder().encodeToString(signHmacMD5);
String okStr = signature + ":" + timestamp;
System.out.println("******************signature:"+signature);
return java.net.URLEncoder.encode(okStr, "UTF-8");
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
/**
* 生成批量参数化 url数据,供login使用
* @param accessKey
* @param accessId
* @param userType
*/
public static void createFile(int count,String file, String accessKey, String accessId, String userType) {
String method = "GET";
String path = "/api/1/zhilian/login";
long i = 500000;
long counts = i+count;
if (file != null) {
try {
BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(file), "GB2312"));
while (i < counts) {
i++;
String userId = i + "00000";
String body = "{\"majorName\":\"XXXX\",\"name\":\"ss\",\"orgCode\":\"123\",\"orgName\":\"OHOH\",\"phoneNumber\":\"" + userId + "\",\"schoolName\":\"beida\",\"userId\":\"" + userId + "\",\"userType\":\"" + userType + "\"}";
String authorization = auth(method, path, body, accessKey);//调用签名算法
String url = "phoneNumber=" + userId + "&orgName=maker&orgCode=333&name=kk&majorName=wenxue&userType=" + userType + "&schoolName=beida&userId=" + userId + "&accessId=" + accessId + "&authorization=" + authorization;//组装url请求信息
try {
//转码为汉字
//String strOkDecode = java.net.URLDecoder.decode(strOk, "UTF-8");
//写入文件并换行
bw.write(url + "\r\n");
bw.flush();
} catch (IOException e) {
e.printStackTrace();
}
}
try {
bw.close();
} catch (IOException e) {
e.printStackTrace();
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
public static void main(String[] args) {
String fileName = "D:\\50.130\\urls0830.txt";
String accessKey = "000000";
String accessId = "222222";
String userType ="CAMPUS";
//生成1000条记录
Hmacmd5.createFile(1000,fileName,accessKey,accessId,userType);
}
}
生成测试数据一览:
如转发,记得带上 java实现SSO login登录-签名验签(Authorization算法-HMAC-MD5)功能_junior77的专栏-CSDN博客