Api接口加签验签

时间 2019-12-13

标签 api 接口繁體版

原文原文链接

加密传参流程

每一个接口固定参数timestamp，appkey，sign参数必传!json

1. 参数按照参数名ASCII码从小到大排序（字典序），使用URL键值对的格式服务器

（即key1=value1&key2=value2…）app

注：时间戳timestamp和appkey参数也参与排序并url拼接ide

最终拼接获得字符串stringApost

2. 在stringA最后拼接上appsecret参数获得stringSignTemp字符串，并对stringSignTemp进行MD5运算获得32位小写sign加密字符串ui

假设一个查询接口提供2个参数id和name加密

则url

StringA=” appkey=xxx&id=100&name=张三&timestamp=1551528809”spa

stringSignTemp= StringA +”&appsecret=yyy”code

sign=MD5(stringSignTemp)

最终Post表单传参

参数名	说明	是否必选	类型	备注
id		否	int
name		否	string
timestamp	时间戳字符串	是	string	时间戳字符串”1551528809”
appkey	appkey值	是	string
sign	sign签名值	是	string

拦截器代码

public class ApiInterceptor implements HandlerInterceptor {
        private static final Logger log = LoggerFactory.getLogger(ApiInterceptor.class);

        @Override
        public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
                throws Exception {
            Gson gson = new GsonBuilder().serializeNulls().enableComplexMapKeySerialization().setDateFormat("yyyy-MM-dd HH:mm:ss").create();
            Map parameterMap = MapUtil.getParameterMap(request);
            String requestUrl = request.getServletPath();
            log.info(" 请求地址为: " + requestUrl + " 请求参数为: " + gson.toJson(parameterMap));

            try {
                String timestamp = "";
                String appkey = "";
                String sign = "";
                if (parameterMap.containsKey("timestamp")) {
                    timestamp = parameterMap.get("timestamp").toString();
                    //验证时间戳
                    Long timestampL = new Long(timestamp);
                    Calendar timestampCalendar = Calendar.getInstance();
                    timestampCalendar.setTimeInMillis(timestampL * 1000L);
                    //设置过时时间
                    timestampCalendar.add(Calendar.MINUTE, 10);
                    Date timestampDate = timestampCalendar.getTime();
                    Date nowDate = new Date();
                    if (timestampDate.compareTo(nowDate) < 0) {
                        responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, ResponseCodeMsg.TIMESTAMP_EXPIRE_MSG, null)));
                        return false;
                    }
                } else {
                    responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, ResponseCodeMsg.TIMESTAMP_ERROR_MSG, null)));
                    return false;
                }
                if (parameterMap.containsKey("appkey")) {
                    appkey = parameterMap.get("appkey").toString();
                } else {
                    responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, ResponseCodeMsg.APPKEY_ERROR_MSG, null)));
                    return false;
                }
                if (parameterMap.containsKey("sign")) {
                    sign = parameterMap.get("sign").toString();
                } else {
                    responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, ResponseCodeMsg.SIGN_ERROR_MSG, null)));
                    return false;
                }

                Map map2 = new HashMap();
                map2.putAll(parameterMap);
                map2.remove("sign");
                String urls = MapUtil.formatMapToUrl(map2, false);
                urls += "&appsecret=" + OakConfig.getApiAppSecret();
                String newSign = MD5Util.md5(urls);
                //log.info("拼接urls参数为：" + urls + " 服务器端签名sign为：" + newSign);
                if (!sign.equals(newSign)) {
                    responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, ResponseCodeMsg.SIGN_CHECK_ERROR_MSG, null)));
                    return false;
                }
                return true;
            } catch (Exception e) {
                log.error(e.toString());
                responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, "请求异常!", null)));
                return false;
            }
        }

        @Override
        public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
                               ModelAndView modelAndView) throws Exception {

        }

        @Override
        public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
                throws Exception {

        }

        private void responseJson(HttpServletResponse response, String json) throws Exception {
            PrintWriter writer = null;
            response.setCharacterEncoding("UTF-8");
            response.setContentType("text/json; charset=utf-8");
            try {
                writer = response.getWriter();
                writer.print(json);
            } catch (IOException e) {
                log.error(e.toString());
            } finally {
                if (writer != null)
                    writer.close();
            }
        }

    }