签名、验签及切面验签

public class FaceDTO implements Serializable {

    @NotEmpty(message = "appid不能为空")
    @Length(min = 1,max = 8,message = "长度不符")
    private String app_id;

    @NotEmpty(message = "timestamp不能为空")
    private String timestamp;

    @NotEmpty(message = "random不能为空")
    private String random;

    @NotEmpty(message = "idno不能为空")
    private String id_no;

    @NotEmpty(message = "faceimage不能为空")
    private String face_image;

    @NotEmpty(message = "sign不能为空")
    private String sign;
}

  * 验证签名
     *
     * @param faceVerifyRequestDTO
     * @return true 签名验证成功 false 签名验证失败
     */
    private boolean verifySign(FaceVerifyRequestDTO faceVerifyRequestDTO, String appkey) {
        String idno = faceVerifyRequestDTO.getId_no();
        String random = faceVerifyRequestDTO.getRandom();
        String timestamp = faceVerifyRequestDTO.getTimestamp();
        String appid = faceVerifyRequestDTO.getApp_id();

        String md5Value = idno + random + timestamp + appid;
        String md5 = MD5.md5(md5Value, appkey);
        log.info("appkey={}",appkey);
        log.info("参数sign={}",faceVerifyRequestDTO.getSign());
        log.info("sign={}",md5);
        if (StringUtils.upperCase(faceVerifyRequestDTO.getSign()).equals(StringUtils.upperCase(md5))) {
            return true;
        }
        return false;
    }

```java
app_id	是	String	应用id
timestamp	是	String	时间戳（毫秒值）例如：1533266925000
random	是	String	随机数（3位）
id_no	是	String	加密后的身份证加密串3DES（身份证+appkey（秘钥））
face_image	是	Base64	人脸图片
sign	是	String	数字签名  
MD5(id_no（加密后的身份证串）+random+timestamp+app_id（明文）和appkey（秘钥）) 

切面验签

import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;

import static java.lang.annotation.RetentionPolicy.RUNTIME;

@Target({ElementType.TYPE, ElementType.METHOD})
@Retention(RUNTIME)
@Documented
public @interface SignatureVerify {

}

import com.alibaba.fastjson.JSON;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.servlet.http.HttpServletRequest;


@Component
@Aspect
@Order(1)
public class SignatureInterceptor {
    private static final Log LOGGER = LogFactory.getLog(SignatureInterceptor.class);


    @Pointcut("@annotation(com.xxx.annotation.SignatureVerify)")
    public void pointCut(){}

    /**
     * 切面验签
     * @param joinPoint
     */
    @Around("pointCut()")
    public Object around(ProceedingJoinPoint joinPoint) throws Throwable {
        String methodName = joinPoint.getSignature().getName();
        LOGGER.info("***************执行"+methodName+"开始******************");
        RequestAttributes ra = RequestContextHolder.getRequestAttributes();
        ServletRequestAttributes sra = (ServletRequestAttributes) ra;
        HttpServletRequest request = sra.getRequest();
        String signature = request.getHeader(Consts.SIGNATURE);
        Object[] args = joinPoint.getArgs();
        //签名参数
        String params = "";
        if(args.length>0){
            params = args[0].toString();
        }
        LOGGER.info("签名参数："+ params+",Signature:"+signature);
        if(StringUtils.isBlank(params)){
           LOGGER.info("签名参数不能为空");
        }
        //验证签名
        if (!SignatureUtil.verifySignature(signature, params)) {
            LOGGER.info("验签失败："+ params);
        }

        Object[] obj = new Object[1];
        String response = "";
        //解密
        if(!StringUtils.isBlank(params)) {
            String originParams = params;
            params = AESUtil.aesDecrypt(params);
            if(params == null) {
                LOGGER.info("解密失败："+ originParams);
            }
            else {
                String requestBody = params;
                LOGGER.info("请求参数："+params);
                obj[0] = requestBody;
                Object responseResult = joinPoint.proceed(obj);
            }
        }
        LOGGER.info("***************执行"+methodName+"结束******************");
        return response;
    }
}