首页 发现 帮助
注册 登录
tjf
/
shujuju
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: cca417ec01
分支列表 标签列表
shujuju
/
boman-wechat
/
src
/
main
/
java
/
com
/
boman
/
wechat
/
utils
/
CheckAuthUtils.java

CheckAuthUtils.java 2.5 KB
文件历史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. package com.boman.wechat.utils;
    2. 

  2. 

  3. import org.slf4j.Logger;
    4. 

  4. import org.slf4j.LoggerFactory;
    5. 

  5. 

  6. import java.security.MessageDigest;
    7. 

  7. import java.security.NoSuchAlgorithmException;
    8. 

  8. import java.util.Arrays;
    9. 

  9. 

  10. /**
    11. 

  11.  * @author shiqian
    12. 

  12.  * @date 2021年08月04日 13:38
    13. 

  13.  **/
    14. 

  14. public class CheckAuthUtils {
    15. 

  15. 

  16.     private static final Logger LOGGER = LoggerFactory.getLogger(CheckAuthUtils.class);
    17. 

  17. 

  18.     /** 定义Token 务必与服务器保持一**/
    19. 

  19.     public static String AUTHORIZATION = "Authorization";
    20. 

  20. 

  21.     public static final String SIGNATURE = "signature";
    22. 

  22.     public static final String TIMESTAMP = "timestamp";
    23. 

  23.     public static final String NONCE = "nonce";
    24. 

  24.     public static final String ECHOSTR = "echostr";
    25. 

  25.     public static final String SHA_1 = "SHA-1";
    26. 

  26. 

  27. 

  28.     /**
    29. 

  29.      * 验证签名
    30. 

  30.      *
    31. 

  31.      * @param signature
    32. 

  32.      * @param timestamp
    33. 

  33.      * @param nonce
    34. 

  34.      * @return
    35. 

  35.      */
    36. 

  36.     public static boolean checkSignature(String signature, String timestamp, String nonce) {
    37. 

  37.         // 将token、timestamp、nonce三个参数进行字典排序
    38. 

  38.         String[] arr = new String[]{AUTHORIZATION, timestamp, nonce};
    39. 

  39.         Arrays.sort(arr);
    40. 

  40. 

  41.         // 将三个参数字符串拼接成一个字符串
    42. 

  42.         StringBuilder content = new StringBuilder();
    43. 

  43.         for (String s : arr) {
    44. 

  44.             content.append(s);
    45. 

  45.         }
    46. 

  46. 

  47.         try {
    48. 

  48.             //获取加密工具
    49. 

  49.             MessageDigest md = MessageDigest.getInstance(SHA_1);
    50. 

  50.             // 对拼接好的字符串进行sha1加密
    51. 

  51.             byte[] digest = md.digest(content.toString().getBytes());
    52. 

  52.             String tmpStr = byteToStr(digest);
    53. 

  53.             //获得加密后的字符串与signature对比
    54. 

  54.             boolean result = tmpStr.equals(signature.toUpperCase());
    55. 

  55.             LOGGER.info("method: checkSignature, tmpStr: {}, result: {}", tmpStr, result);
    56. 

  56.             return result;
    57. 

  57.         } catch (NoSuchAlgorithmException e) {
    58. 

  58.             e.printStackTrace();
    59. 

  59.         }
    60. 

  60.         return false;
    61. 

  61.     }
    62. 

  62. 

  63.     private static String byteToStr(byte[] byteArray) {
    64. 

  64.         StringBuilder strDigest = new StringBuilder();
    65. 

  65.         for (byte b : byteArray) {
    66. 

  66.             strDigest.append(byteToHexStr(b));
    67. 

  67.         }
    68. 

  68.         return strDigest.toString();
    69. 

  69.     }
    70. 

  70. 

  71.     private static String byteToHexStr(byte mByte) {
    72. 

  72.         char[] digit = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
    73. 

  73.         char[] tempArr = new char[2];
    74. 

  74.         tempArr[0] = digit[(mByte >>> 4) & 0X0F];
    75. 

  75.         tempArr[1] = digit[mByte & 0X0F];
    76. 

  76.         return new String(tempArr);
    77. 

  77.     }
    78. 

  78. 

  79. }
    80.