第一 微信服务与本服务的校验

第一 微信服务与本服务的校验

校验传参
signature 微信加密签名
timestamp 时间戳
nonce 随机数
echostr 随机字符串

请求方法接口
``
import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet(name = “CheckSignature”, urlPatterns = { “/CheckSignature/Mobile” })
public class CheckSignature extends HttpServlet{

private static final long serialVersionUID = 1L;

@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
	// Response返回
	resp.setContentType("text/html;charset=UTF-8");
	//微信加密签名
	String signature = req.getParameter("signature");
	//时间戳
    String timestamp = req.getParameter("timestamp");
    //随机数
    String nonce = req.getParameter("nonce");
    //随机字符串
    String echostr = req.getParameter("echostr");
    
	System.out.println(signature);
	System.out.println(timestamp);
	System.out.println(nonce);
	System.out.println(echostr);
	
    PrintWriter out =resp.getWriter();
    
    if (CheckUitl.checkSignature(signature, timestamp, nonce)) {
        System.err.println("验证成功");
        out.println(echostr);
    }		
    out.close();
	out = null;
}

}
工具类

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class CheckUitl {
	    // 与接口配置信息中的Token要一致
		private static String token = "icecdevchinaedunet";
	    
		public static boolean checkSignature(String signature, String timestamp,
				String nonce) {
			// 从请求中（也就是微信服务器传过来的）拿到的token, timestamp, nonce
			String[] arr = new String[] { token, timestamp, nonce };
			// 将token、timestamp、nonce三个参数进行字典序排序
			sort(arr);
			StringBuilder content = new StringBuilder();
			for (int i = 0; i < arr.length; i++) {
				content.append(arr[i]);
			}
			MessageDigest md = null;
			String tmpStr = null;
	 
			try {
				md = MessageDigest.getInstance("SHA-1");
				// 将三个参数字符串拼接成一个字符串进行sha1加密
				byte[] digest = md.digest(content.toString().getBytes());
				// 将字节数组转成字符串
				tmpStr = byteToStr(digest);
			} catch (NoSuchAlgorithmException e) {
				e.printStackTrace();
			}
	 
			content = null;
			// 将sha1加密后的字符串可与signature对比，标识该请求来源于微信
			return tmpStr != null ? tmpStr.equals(signature.toUpperCase()) : false;
		}
	 
		// 将加密后的字节数组变成字符串
		private static String byteToStr(byte[] byteArray) {
			String strDigest = "";
			for (int i = 0; i < byteArray.length; i++) {
				strDigest += byteToHexStr(byteArray[i]);
			}
			return strDigest;
		}
	 
		private static String byteToHexStr(byte mByte) {
			char[] Digit = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A',
					'B', 'C', 'D', 'E', 'F' };
			char[] tempArr = new char[2];
			tempArr[0] = Digit[(mByte >>> 4) & 0X0F];
			tempArr[1] = Digit[mByte & 0X0F];
	 
			String s = new String(tempArr);
			return s;
		}
	 
		// 用于字典排序
		public static void sort(String a[]) {
			for (int i = 0; i < a.length - 1; i++) {
				for (int j = i + 1; j < a.length; j++) {
					if (a[j].compareTo(a[i]) < 0) {
						String temp = a[i];
						a[i] = a[j];
						a[j] = temp;
					}
				}
			}
		}
}