1、获取微信公众号signature需要有三个参数 ---- appId 、appsecret 、 url
appId 和 appsecret 只需登录“微信公众平台”--“开发”--“基本设置”
url则是前台传过来的当前页面的地址值
2、获取微信公众号signature需要先获取三个参数 noncestr、timestamp、jsapi_ticket,以及上面的url值
由这四个参数组合后进行加密,便是signature
其中noncestr、timestamp获取很简单,只是单纯的获取随机数和时间戳
而jsapi_ticket则先需获取access_token,在获取access_token过程中就会用到上面的appId 、appsecret
获取到的jsapi_ticket以及access_token是有时间限制的,正常为7200秒,需注意!!!
粗略讲解到此结束!!!
一、先获取access_token
public String getAccessToken(String appId , String appSecret){ // 网页授权接口 String GetPageAccessTokenUrl = "https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid="+appId+"&secret="+appSecret; HttpClient client = null; String access_token = null; int expires_in = 0; try { client = new DefaultHttpClient(); HttpGet httpget = new HttpGet(GetPageAccessTokenUrl); ResponseHandler<String> responseHandler = new BasicResponseHandler(); String response = client.execute(httpget, responseHandler); JSONObject OpenidJSONO = JSONObject.fromObject(response); access_token = String.valueOf(OpenidJSONO.get("access_token"));//获取access_token expires_in = Integer.parseInt(String.valueOf(OpenidJSONO.get("expires_in")));//获取时间 } catch (Exception e) { throw new CommonRuntimeException("获取AccessToken出错!"); } finally { client.getConnectionManager().shutdown(); } return access_token; }
二、获取jsapi_ticket
public String getTicket(String accessToken) { // 网页授权接口 String GetPageAccessTokenUrl = "https://api.weixin.qq.com/cgi-bin/ticket/getticket?access_token="+accessToken+"&type=jsapi"; HttpClient client = null; String ticket = ""; int expires_in = 0; try { client = new DefaultHttpClient(); HttpGet httpget = new HttpGet(GetPageAccessTokenUrl); ResponseHandler<String> responseHandler = new BasicResponseHandler(); String response = client.execute(httpget, responseHandler); JSONObject OpenidJSONO = JSONObject.fromObject(response); ticket = String.valueOf(OpenidJSONO.get("ticket"));//获取ticket expires_in = Integer.parseInt(String.valueOf(OpenidJSONO.get("expires_in")));//获取时间 } catch (Exception e) { throw new CommonRuntimeException("获取Ticket出错!"); } finally { client.getConnectionManager().shutdown(); } return ticket; }
三、SHA1加密,参数是由url、jsapi_ticket、noncestr、timestamp组合而成
public String SHA1(String str) { try { MessageDigest digest = java.security.MessageDigest .getInstance("SHA-1"); //如果是SHA加密只需要将"SHA-1"改成"SHA"即可 digest.update(str.getBytes()); byte messageDigest[] = digest.digest(); // Create Hex String StringBuffer hexStr = new StringBuffer(); // 字节数组转换为 十六进制 数 for (int i = 0; i < messageDigest.length; i++) { String shaHex = Integer.toHexString(messageDigest[i] & 0xFF); if (shaHex.length() < 2) { hexStr.append(0); } hexStr.append(shaHex); } return hexStr.toString(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } return null; }
四、获取 Signature
public String getSignature(String url) { String signature = ""; String appid = *********;//微信公众号的appid String appsecret = ***********;//微信公众号的appsecret //获取noncestr String noncestr = UUID.randomUUID().toString(); //获取timestamp String timestamp = Long.toString(System.currentTimeMillis() / 1000); //获取access_token String access_token = getAccessToken(appid , appsecret); //获取jspai_ticket String jsapi_ticket = getTicket(access_token); //将四个数据进行组合,传给SHA1进行加密 String str = "jsapi_ticket=" + jsapi_ticket + "&noncestr=" + noncestr + "×tamp=" + timestamp + "&url=" + url; //sha1加密 signature = SHA1(str); return signature ; }
经过上方四个步骤就可以获得signature了,但在我自己实现的过程中,遇到了一个问题,在此提醒一下
若appid、appsecret使用的是企业微信公众号,则会在获取access_token、jsapi_ticket中取得null值
报了IP地址不在于白名单中,我采取了使用个人微信公众号的解决方法,则可以正常使用。