签名无法通过HTTP传递

在开发中与其他银行系统对接时,发现对数据内容加签后,签名无法通过HTTP传递,无法验签。

httpPost.setHeader("signature", signature);

这是由于加密后签名存在特殊字符,不满足RFC 7230规范

org.apache.coyote.http11.Http11Processor - Error parsing HTTP request header
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: The HTTP header line [o9esxbfw4jrokvrgreixks+9kpus/gXQhiwDId/gYbfPZ7smvwl96HXg1Stvi3Z2tbqDBYf2fYt1] does not conform to RFC 7230 and has been ignored.
does not conform to RFC 7230 and has been ignored.

解决办法1

在SpringBoot主启动类设置System属性,允许特殊字符

@Bean
public void allowRfc() {
    System.setProperty("tomcat.util.http.parser.HttpParser.requestTargetAllow", "|{}");
}

但是很遗憾,无效

解决办法2

通过URLEncoder对加密后的签名串encode

 //加签
 String signature = SignUtils.sign(PRIVATE_KEY_FILE, content);
 //真正的签名内容
 System.out.println("签名为:" + signature);
 //encode
 String other=URLEncoder.encode(signature,"UTF-8");
 //验签
 boolean b = SignUtils.verify(PUBLIC_KEY_FILE, content, URLDecoder.decode(other,"UTF-8"));
 if (b) {
     System.out.println("验签成功");
 } else {
     System.out.println("验签失败");
 }

亲测可行

你可能感兴趣的:(签名无法通过HTTP传递)