假设根据timestamp,module,method,rpcType 4个字段做Key,Value值的拼接, 再拼接上appSecret,再进行MD5加密生成一个签名,然后对比,来检测请求是否合法。
首先构造一个Map
private Map<String, String> buildParamsMap(final RequestDTO dto) {
Map<String, String> map = Maps.newHashMapWithExpectedSize(4);
map.put("timestamp", dto.getTimestamp());
map.put("module", dto.getModule());
map.put("method", dto.getMethod());
map.put("rpcType", dto.getRpcType());
return map;
}
对Map进行Key的排序后,获取值,再拼装,再拼接appSecret,进行Md5加密,最后转成大写。代码如下:
/**
* acquired sign.
*
* @param signKey sign key
* @param params params
* @return sign
*/
private static String generateSign(final String signKey, final Map<String, String> params) {
List<String> storedKeys = Arrays.stream(params.keySet()
.toArray(new String[]{}))
.sorted(Comparator.naturalOrder())
.collect(Collectors.toList());
final String sign = storedKeys.stream()
.filter(key -> !Objects.equals(key, Constants.SIGN))
.map(key -> String.join("", key, params.get(key)))
.collect(Collectors.joining()).trim()
.concat(signKey);
return DigestUtils.md5DigestAsHex(sign.getBytes()).toUpperCase();
}
比较生成的sign是否一致