- 发者提交信息后,微信服务器将发送GET请求到填写的服务器地址URL上
@RequestMapping("/weixin")
public String validate(@RequestParam(name="signature",required=false) String signature,
@RequestParam(name="timestamp",required=false) String timestamp,
@RequestParam(name="nonce",required=false) String nonce,
@RequestParam(name="echostr",required=false) String echostr) {
// 校验成功原样返回随机字符串
if (wxService.checkSignature(signature, timestamp, nonce)) {
return echostr;
} else {
return "";
}
}
public interface WxService {
boolean checkSignature(String signature, String timestamp, String nonce, String token);
}
@Service
public class WxServiceImpl implements WxService {
@Override
public boolean checkSignature(String signature, String timestamp, String nonce, String token) {
// 1.将token、timestamp、nonce三个参数进行字典序排序
String[] arr = new String[]{token, timestamp, nonce};
Arrays.sort(arr);
// 2.将三个参数字符串拼接成一个字符串进行sha1加密
StringBuilder sb = new StringBuilder();
for (int i = 0; i < arr.length; i++) {
sb.append(arr[i]);
}
String temp = sha1(sb.toString());
// 3.开发者获得加密后的字符串可与signature对比,标识该请求来源于微信
return signature.equals(temp);
}
public String sha1(String str) {
if (null == str || 0 == str.length()) {
return null;
}
char hexDigits[] = {
'0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f'
};
try {
MessageDigest mdTemp = MessageDigest.getInstance("SHA1");
mdTemp.update(str.getBytes("UTF-8"));
byte[] md = mdTemp.digest();
int j = md.length;
char buf[] = new char[j * 2];
int k = 0;
for (byte byte0 : md) {
buf[k++] = hexDigits[byte0 >>> 4 & 0xf];
buf[k++] = hexDigits[byte0 & 0xf];
}
return new String(buf);
} catch (Exception e) {
return null;
}
}
}