private static final String MAC_NAME = "HmacSHA1";
private static final String ENCODING = "UTF-8";
/**
* 使用 HMAC-SHA1 签名方法对对参数进行签名
*/
public static void main(String[] args) throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeyException {
System.out.println("********************************* 签名 *********************************");
long timestamp = System.currentTimeMillis();
String appKey = "testtest";
String appSecret = "123456";
Map<String, String> map = new HashMap<>();
map.put("appKey", appKey);
map.put("k1", "k1");
map.put("k2", "k2");
map.put("timestamp", String.valueOf(timestamp));
String outSignData = getSignData(map);
// byte[] data = appSecret.getBytes(ENCODING);
// //根据给定的字节数组构造一个密钥,第二参数指定一个密钥算法的名称
// SecretKey secretKey = new SecretKeySpec(data, MAC_NAME);
// //生成一个指定 Mac 算法 的 Mac 对象
// Mac mac = Mac.getInstance(MAC_NAME);
// //用给定密钥初始化 Mac 对象
// mac.init(secretKey);
// byte[] text = outSignData.getBytes(ENCODING);
// String sign1 = new String(Base64.encodeBase64(mac.doFinal(text)));
// System.out.println("---------" + sign1);
byte[] hmac = new HmacUtils(HmacAlgorithms.HMAC_SHA_1, appSecret).hmac(outSignData);
String sign = new String(Base64.encodeBase64(hmac));
map.put("sign", sign);
System.out.println("outSign: " + sign);
System.out.println("outSignData: " + outSignData);
String outParams = JSONObject.toJSONString(map);
System.out.println("outParams: " + outParams);
System.out.println("\n\n********************************* 验签 *********************************");
Map<String, String> inMap = JSONObject.parseObject(outParams, new TypeReference<Map<String, String>>() {
});
// 校验请求是否过期
String inTimeStamp = inMap.getOrDefault("timestamp", "0");
System.out.println("timestamp:" + inTimeStamp);
LocalDateTime inTime = LocalDateTime.ofInstant(Instant.ofEpochMilli(Long.parseLong(inTimeStamp)), ZoneOffset.ofHours(8));
Duration duration = Duration.between(inTime, LocalDateTime.now());
long seconds = duration.get(SECONDS);
System.out.println("seconds: " + seconds);
if (seconds > 10 * 60) {
System.out.println("请求超时");
return;
}
String inSignData = getSignData(inMap);
System.out.println("inSignData: " + inSignData);
byte[] inHmac = new HmacUtils(HmacAlgorithms.HMAC_SHA_1, appSecret).hmac(inSignData);
String sign2 = new String(Base64.encodeBase64(inHmac));
System.out.println("sign2: " + sign2);
System.out.println("验签结果: " + sign.equals(sign2));
}
public static String getSignData(Map<String, String> params) {
StringBuilder content = new StringBuilder();
// key 自然排序
List<String> keys = new ArrayList<>(params.keySet());
Collections.sort(keys);
for (int i = 0; i < keys.size(); i++) {
String key = keys.get(i);
if ("sign".equals(key)) {
continue;
}
String value = params.get(key);
if (value != null) {
content.append(i == 0 ? "" : "&").append(key).append("=").append(value);
} else {
content.append(i == 0 ? "" : "&").append(key).append("=");
}
}
return content.toString();
}
HMAC-SHA1接口签名加签校验生成
最新推荐文章于 2024-03-29 16:45:50 发布