接口签名规则及Java代码demo实现
签名规则 签名生成的通用步骤如下: 第一步,设所有发送或者接收到的数据为集合M,将集合M内非空参数值的参数按照参数名ASCII码从小到大排序(字典序),使用URL键值对的格式(即key1=value1&key2=value2…)拼接成字符串stringA。 特别注意以下重要规则: ◆ 参数名ASCII码从小到大排序(字典序); ◆ 如果参数的值为空不参与签名; ◆ 参数名区分大小写; ◆ 验证接口调用传送的sign参数不参与签名,将生成的签名与该sign值作校验。 第二步,在stringA最后拼接上key得到stringSignTemp字符串,并对stringSignTemp进行MD5运算,再将得到的字符串所有字符转换为大写,得到sign值signValue。 注意:密钥的长度为32个字节。
1.导入jar implementation("commons-beanutils:commons-beanutils:1.9.3")
2.MD5工具类
代码语言:javascript复制import java.security.MessageDigest;
public class MD5 {
private final static String[] hexDigits = {"0", "1", "2", "3", "4", "5", "6", "7",
"8", "9", "a", "b", "c", "d", "e", "f"};
/**
* 转换字节数组为16进制字串
* @param b 字节数组
* @return 16进制字串
*/
public static String byteArrayToHexString(byte[] b) {
StringBuilder resultSb = new StringBuilder();
for (byte aB : b) {
resultSb.append(byteToHexString(aB));
}
return resultSb.toString();
}
/**
* 转换byte到16进制
* @param b 要转换的byte
* @return 16进制格式
*/
private static String byteToHexString(byte b) {
int n = b;
if (n < 0) {
n = 256 n;
}
int d1 = n / 16;
int d2 = n % 16;
return hexDigits[d1] hexDigits[d2];
}
/**
* MD5编码
* @param origin 原始字符串
* @return 经过MD5加密之后的结果
*/
public static String MD5Encode(String origin) {
String resultString = null;
try {
resultString = origin;
MessageDigest md = MessageDigest.getInstance("MD5");
resultString = byteArrayToHexString(md.digest(resultString.getBytes()));
} catch (Exception e) {
e.printStackTrace();
}
return resultString;
}
}3.实体类
代码语言:javascript复制import java.util.List;
public class UploadReqVO {
//手机号
private String mobile;
//姓名
private String realname;
//身份证号
private String idno;
//字符数组
private List<String> testBase64Str;
private String sign;
public String getMobile() {
return mobile;
}
public void setMobile(String mobile) {
this.mobile = mobile;
}
public String getRealname() {
return realname;
}
public void setRealname(String realname) {
this.realname = realname;
}
public String getIdno() {
return idno;
}
public void setIdno(String idno) {
this.idno = idno;
}
public List<String> getTestBase64Str() {
return testBase64Str;
}
public void setTestBase64Str(List<String> testBase64Str) {
this.testBase64Str = testBase64Str;
}
public String getSign() {
return sign;
}
public void setSign(String sign) {
this.sign = sign;
}
}4.签名类及测试类
代码语言:javascript复制import com.alibaba.fastjson.JSON;
import org.apache.commons.beanutils.BeanUtils;
import org.apache.tomcat.util.security.MD5Encoder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;
import org.xml.sax.SAXException;
import javax.xml.parsers.ParserConfigurationException;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.util.*;
public class Signature {
private static Logger log = LoggerFactory.getLogger(Signature.class);
/**
* 对象入参,对象转MAP
* @param object
* @return
* @throws Exception
*/
public static String getSignNew(Object object,String key) throws Exception {
Map<String, String> map = BeanUtils.describe(object);
return getSignNew(map,key);
}
public static String getSignNewArray(UploadReqVO object, String key) throws Exception {
Map<String, String> map = BeanUtils.describe(object);
//覆盖
map.put("testBase64Str", JSON.toJSONString(object.getTestBase64Str()).replace(""",""));
return getSignNew(map,key);
}
/**
* 签名
* @param map
* @return
*/
private static String getSignNew(Map<String,String> map,String key) throws Exception{
ArrayList<String> list = new ArrayList<String>();
for(Map.Entry<String,String> entry:map.entrySet()){
if(entry.getValue() != null && !StringUtils.isEmpty(entry.getValue().toString()) && !"null".equals(entry.getValue())
&& !"class".equals(entry.getKey())){ //空字符串 entry.getValue()!=""){
list.add(entry.getKey() "=" entry.getValue() "&");
}
}
int size = list.size();
String [] arrayToSort = list.toArray(new String[size]);
// Arrays.sort(arrayToSort, String.CASE_INSENSITIVE_ORDER); //忽略大小写
Arrays.sort(arrayToSort);
StringBuilder sb = new StringBuilder();
for(int i = 0; i < size; i ) {
sb.append(arrayToSort[i]);
}
String result = sb.toString();
//过滤最后一个字符串&
int lastIdx = result.lastIndexOf("&");
result = result.substring(0,lastIdx);
// result = "key=" key; //去掉key= 字符串
result = key; //key直接拼接在后面
try{
log.info("Sign Before MD5:" result);
result = MD5.MD5Encode(result);
log.info("Sign Result:" result);
}catch (Exception e) {
e.printStackTrace();
}
return result;
}
public static boolean checkIsSignValidFromResyponseStringObject(Object object,String key) throws Exception {
Map<String, String> map = org.apache.commons.beanutils.BeanUtils.describe(object);
return checkIsSignValidFromResponseString(map,key);
}
public static boolean checkIsSignValidFromResponseStringArray(UploadReqVO object, String key) throws Exception {
Map<String, String> map = BeanUtils.describe(object);
//覆盖
map.put("testBase64Str", JSON.toJSONString(object.getTestBase64Str()).replace(""",""));
return checkIsSignValidFromResponseString(map,key);
}
/**
* object转换为map 验证签名
* @param map
* @return
* @throws ParserConfigurationException
* @throws IOException
* @throws SAXException
* @throws IllegalAccessException
*/
private static boolean checkIsSignValidFromResponseString(Map<String,String> map,String key) throws Exception {
String signFromAPIResponse = null;
if(map.get("sign")!=null){
signFromAPIResponse = map.get("sign").toString();
}
if(signFromAPIResponse=="" || signFromAPIResponse == null){
log.info("signFromAPIResponse报空");
return false;
}
//清掉返回数据对象里面的Sign数据(不能把这个数据也加进去进行签名),然后用签名算法进行签名
map.put("sign","");
map.put("class","");
//将API返回的数据根据用签名算法进行计算新的签名,用来跟API返回的签名进行比较
//重新签名
log.info("签名前的map=" map);
String signForAPIResponse = Signature.getSignNew(map,key);
log.info("签名后的字符串=" signForAPIResponse);
if(!signForAPIResponse.equals(signFromAPIResponse)){
//签名验不过,表示这个API返回的数据有可能已经被篡改了
log.info("匹配不一致");
return false;
}
return true;
}
public static void main(String[] args) {
String key = "testkey123testkey123testkey12345";
try {
UploadReqVO uploadReqVo = new UploadReqVO();
List<String> pic1List = new ArrayList<String>();
String pic5 = Base64.getEncoder().encodeToString("测试字符串1".getBytes(StandardCharsets.UTF_8));
pic1List.add(pic5);
String pic6 = Base64.getEncoder().encodeToString("测试字符串2".getBytes(StandardCharsets.UTF_8));
pic1List.add(pic6);
uploadReqVo.setTestBase64Str(pic1List);
uploadReqVo.setIdno("465601200810081204");
uploadReqVo.setRealname("测试员");
uploadReqVo.setMobile("19945558899");
uploadReqVo.setSign("");
//数组方法
String signStr3 = Signature.getSignNewArray(uploadReqVo,key);
//非数组方法
// String signStr3 = Signature.getSignNew(uploadReqVo,key);
System.out.println("(上传图片)签名字符串:" signStr3);
uploadReqVo.setSign(signStr3);
System.out.println("(上传图片)参数json=" JSON.toJSONString(uploadReqVo));
//验证签名
//数组方法
boolean flag3 = Signature.checkIsSignValidFromResponseStringArray(uploadReqVo,key);
//非数组方法
// boolean flag3 = Signature.checkIsSignValidFromResyponseStringObject(uploadReqVo,key);
System.out.println("(上传图片)验证签名是否一致=" flag3);
} catch (Exception e) {
e.printStackTrace();
}
}
}打印输出日志对比:
//数组方式
16:56:50.014 [main] INFO com.example.utils.Signature - Sign Before MD5:idno=465601200810081204&mobile=19945558899&realname=测试员&testBase64Str=[5rWL6K V5a2X56ym5LiyMQ==,5rWL6K V5a2X56ym5LiyMg==]testkey123testkey123testkey12345
16:56:50.061 [main] INFO com.example.utils.Signature - Sign Result:61867a7f32594eec1967fcddea8d96c3
(上传图片)签名字符串:61867a7f32594eec1967fcddea8d96c3
(上传图片)参数json={"idno":"465601200810081204","mobile":"19945558899","realname":"测试员","sign":"61867a7f32594eec1967fcddea8d96c3","testBase64Str":["5rWL6K V5a2X56ym5LiyMQ==","5rWL6K V5a2X56ym5LiyMg=="]}
16:56:50.089 [main] INFO com.example.utils.Signature - 签名前的map={testBase64Str=[5rWL6K V5a2X56ym5LiyMQ==,5rWL6K V5a2X56ym5LiyMg==], mobile=19945558899, sign=, class=, idno=465601200810081204, realname=测试员}
16:56:50.089 [main] INFO com.example.utils.Signature - Sign Before MD5:idno=465601200810081204&mobile=19945558899&realname=测试员&testBase64Str=[5rWL6K V5a2X56ym5LiyMQ==,5rWL6K V5a2X56ym5LiyMg==]testkey123testkey123testkey12345
16:56:50.089 [main] INFO com.example.utils.Signature - Sign Result:61867a7f32594eec1967fcddea8d96c3
16:56:50.089 [main] INFO com.example.utils.Signature - 签名后的字符串=61867a7f32594eec1967fcddea8d96c3
(上传图片)验证签名是否一致=true
//非数组方法,弊端是:testBase64Str构建签名字符串的时候,默认取数组的第一个字符,而不是[]结构的全部数据。
16:59:15.692 [main] INFO com.example.utils.Signature - Sign Before MD5:idno=465601200810081204&mobile=19945558899&realname=测试员&testBase64Str=5rWL6K V5a2X56ym5LiyMQ==testkey123testkey123testkey12345
16:59:15.697 [main] INFO com.example.utils.Signature - Sign Result:bfc9246143246f1852b4a29732aabcf6
(上传图片)签名字符串:bfc9246143246f1852b4a29732aabcf6
(上传图片)参数json={"idno":"465601200810081204","mobile":"19945558899","realname":"测试员","sign":"bfc9246143246f1852b4a29732aabcf6","testBase64Str":["5rWL6K V5a2X56ym5LiyMQ==","5rWL6K V5a2X56ym5LiyMg=="]}
16:59:15.775 [main] INFO com.example.utils.Signature - 签名前的map={testBase64Str=5rWL6K V5a2X56ym5LiyMQ==, mobile=19945558899, sign=, class=, idno=465601200810081204, realname=测试员}
16:59:15.775 [main] INFO com.example.utils.Signature - Sign Before MD5:idno=465601200810081204&mobile=19945558899&realname=测试员&testBase64Str=5rWL6K V5a2X56ym5LiyMQ==testkey123testkey123testkey12345
16:59:15.775 [main] INFO com.example.utils.Signature - Sign Result:bfc9246143246f1852b4a29732aabcf6
16:59:15.775 [main] INFO com.example.utils.Signature - 签名后的字符串=bfc9246143246f1852b4a29732aabcf6
(上传图片)验证签名是否一致=true
