MD5介面簽名認證
阿新 • • 發佈:2018-12-08
我方位資料來源,與三方做資料對接要做的兩件事情
1.因三方pull資料需要三方提供生產環境 IP 地址,我方配置IP白名單
2.三方公司會下發提供測試、生產環境的 securityKey=xxooYYxx 做簽名認證,請求引數多加一個 signature=xxyyddd
通常會用MD5做資料簽名認證
1.三方對請求引數做按欄位順序排序做加密
Map<String,String> map = new TreeMap<>();
map.put("Java","1");
map.put("PHP","2");
map.put("GO","3");
map.put("Python","4");
StringBuilder reqbuff = new StringBuilder();
for(Map.Entry<String,String> entry : map.entrySet()){
reqbuff.append(entry.getKey()).append("=").append(entry.getValue()).append("&");
}
reqbuff.delete(reqbuff.length()-1,reqbuff.length());
System.out.println("請求字串:" + reqbuff);
String reqSign = DigestUtils.md5Hex(reqbuff.toString());
System.out.println("MD5簽名:" + reqSign);
map.put("signature",reqSign);
//http.potst(url,map); post提交
2.我方對請求引數做簽名認證
// HttpServletRequest request = null;
// Map<String, String[]> paramMap = request.getParameterMap();
//從paramMap解析出key-value值 賦值到TreeMap 中
Map<String,String> map = new TreeMap<>();
map.put("Java","1");
map.put("PHP","2");
map.put("GO","3");
map.put("Python","4");
map.put("signature","5");
map.put("publickey","6");
//刪除掉簽名的欄位
map.remove("signature");
//拼接簽名的字串
StringBuilder sb = new StringBuilder();
for(Map.Entry<String,String> entry : map.entrySet()){
sb.append(entry.getKey()).append("=").append(entry.getValue()).append("&");
}
sb.delete(sb.length()-1,sb.length());
System.out.println("拼接好引數:" + sb);
String sign = DigestUtils.md5Hex(sb.toString());
System.out.println("MD5簽名:" + sign);
if(map.get("signature").equals(sign)){
System.out.println("驗籤成功:" + sign);
}如果Content-type=application/json的也用相同的方式處理