许多业务系统,在对接诸如支付、银行等类型接口时,接口双方为了确保数据参数在传输过程中未经篡改,需要对接口数据进行加签和验签,确保两个签名是一样的,通过验签之后才能进行业务逻辑处理。本文分享常用的三种加密方式,并演示一个加签示例。
一、封装工具类
①Base64工具类
public class Base64Utils {
/**
* Base64加密
* @param str
* @return
*/
public static String encode(String str){
return new BASE64Encoder().encode(str.getBytes());
}
/**
* Base64解密
* @param str
* @return
* @throws Exception
*/
public static String decode(String str)throws Exception{
return new String(new BASE64Decoder().decodeBuffer(str));
}
}
②MD5工具类
public class Md5Utils {
/**
* MD5 32位大写
* @param data
* @return
*/
public static String md5(String data) {
String md5 = new String();
try {
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(data.getBytes());
byte b[] = md.digest();
int i;
StringBuffer buf = new StringBuffer("");
for (int offset = 0; offset < b.length; offset++) {
i = b[offset];
if (i < 0){
i += 256;
}
if (i < 16){
buf.append("0");
}
buf.append(Integer.toHexString(i));
}
md5 = buf.toString().toUpperCase();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return md5;
}
}
③SHA工具类
public class ShaUtils {
public static String shaEncode(String inStr) throws Exception {
MessageDigest sha = null;
try {
sha = MessageDigest.getInstance("SHA");
} catch (Exception e) {
return "";
}
byte[] byteArray = inStr.getBytes("UTF-8");
byte[] md5Bytes = sha.digest(byteArray);
StringBuffer hexValue = new StringBuffer();
for (int i = 0; i < md5Bytes.length; i++) {
int val = ((int) md5Bytes[i]) & 0xff;
if (val < 16) {
hexValue.append("0");
}
hexValue.append(Integer.toHexString(val));
}
return hexValue.toString().toUpperCase();
}
}
二、模拟业务场景
业务场景:Base64(SHA1(app_id+MD5(timestamp)+SHA1(app_secret+ sort_param)))
三、编写测试类
public class Test {
public static void main(String[] args) throws Exception {
//用户凭证
String appId = "admin";
String appSecret = "admin";
//时间
String timestamp = "20210412";
//业务参数,一般字典排序
String param = "test123456";
String innerSha = ShaUtils.shaEncode(appSecret + param);
System.out.println("内层SHA加密前:"+appSecret + param);
System.out.println("内层SHA加密后:"+innerSha);
String md5 = Md5Utils.md5(timestamp);
System.out.println("MD5加密前:"+timestamp);
System.out.println("MD5加密后:"+md5);
String outerSha = ShaUtils.shaEncode(appId+md5+innerSha);
System.out.println("外层SHA加密前:"+appId+md5+innerSha);
System.out.println("外层SHA加密后:"+outerSha);
String base64 = Base64Utils.encode(outerSha);
System.out.println("Base64加密前:"+outerSha);
System.out.println("加签后:"+base64);
}
}
运行结果:
四、验证
内层SHA加密:
MD5加密:
外层SHA加密:
Base64加密:
验证OK!