public class SignUtils {
public static String getSign(Map<String, String> requestMap, String appKey) {
return hmacSHA256Encrypt(requestMap2Str(requestMap), appKey);
}
private static String hmacSHA256Encrypt(String encryptText, String encryptKey) {
byte[] result = null;
try {
//根据给定的字节数组构造一个密钥,第二参数指定一个密钥算法的名称
SecretKeySpec signinKey = new SecretKeySpec(encryptKey.getBytes("UTF-8"), "HmacSHA256");
//生成一个指定 Mac 算法 的 Mac 对象
Mac mac = Mac.getInstance("HmacSHA256");
//用给定密钥初始化 Mac 对象
mac.init(signinKey);
//完成 Mac 操作
byte[] rawHmac = mac.doFinal(encryptText.getBytes("UTF-8"));
return ByteFormat.bytesToHexString(rawHmac);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
private static String requestMap2Str(Map<String, String> requestMap) {
String[] keys = requestMap.keySet().toArray(new String[0]);
Arrays.sort(keys);
StringBuilder stringBuilder = new StringBuilder();
for (String str : keys) {
if (!str.equals("sign")) {
stringBuilder.append(str).append(requestMap.get(str));
}
}
return stringBuilder.toString();
}
}
/**
* 格式化操作类
*/
public class ByteFormat {
private static final char[] HEX = new char[]{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
public ByteFormat() {
}
public static final String bytesToHexString(byte[] bArray) {
StringBuffer sb = new StringBuffer(bArray.length);
for (int i = 0; i < bArray.length; ++i) {
String sTemp = Integer.toHexString(255 & bArray[i]);
if (sTemp.length() < 2) {
sb.append(0);
}
sb.append(sTemp.toUpperCase());
}
return sb.toString();
}
public static byte[] hexToBytes(String str) {
if (str == null) {
return null;
} else {
char[] hex = str.toCharArray();
int length = hex.length / 2;
byte[] raw = new byte[length];
for (int i = 0; i < length; ++i) {
int high = Character.digit(hex[i * 2], 16);
int low = Character.digit(hex[i * 2 + 1], 16);
int value = high << 4 | low;
if (value > 127) {
value -= 256;
}
raw[i] = (byte) value;
}
return raw;
}
}
}
public static void main(String[] args) {
String appKey = "123";
Map<String, String> params = new HashMap<String, String>();
params.put("token", "123");
params.put("appId", "123");
String sign = SignUtils.getSign(params, appKey);
String sign1 = SignUtils.getSign(params, appKey);
System.out.println("sign: " +sign);
System.out.println("sign1: " +sign1);
System.out.println(sign1.equals(sign)?"密钥相等":"签名错误");
}
在对外暴露的API当中 某些比较严谨的API为了方式是别人篡改或者恶意添加参数可以添加Sign 签名去保证接口不被篡改