[置顶] 接口对接:关于明文和密钥,还有生成Sign工具类

第一步:

首先是定义明文(key)和密钥(secret)

现在是保存在配置文件中,如util.properties

secret是由MD5(key+6位随机数)生成

key=autoapp
secret=0000c034de3026ca9b49c5f7652899b1


第二步:

签名工具(SignUtil)

package com.appbox.util.business;

import java.util.Map;
import java.util.TreeMap;
import java.util.Map.Entry;

import com.appbox.util.encryption.MD5;

public class SignUtil {
        //返回生成的签名,获得http请求的parameters的key+value组成
	public static String generatSign(Map<String, Object> parameters, String secret){
		Map<String, Object> sortedmap = getSortedData(parameters);
		StringBuffer bs = new StringBuffer();
		for(Entry<String, Object> o : sortedmap.entrySet()){
			if(!"sign".equals(o.getKey())){
				bs.append(o.getKey() + "=" + ((String[]) o.getValue())[0] + "&");
			}
		}
		String result = bs.deleteCharAt(bs.length() - 1).toString();
		System.out.println(result);
		return MD5.Md5(secret + result);
	}
	
	public static Map<String, Object> getSortedData(Map<String, Object> map){
		if(map == null){
			return null;
		}
	
		Map<String, Object> m = new TreeMap<String, Object>();
		for(Entry<String, Object>o : map.entrySet()){
			m.put(o.getKey(), o.getValue());
		}
		return m;
	}
	
}


 第三步:创建拦截器

package com.appbox.util.interceptor;

import java.io.UnsupportedEncodingException;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;

import org.apache.struts2.ServletActionContext;

import com.alibaba.fastjson.JSONObject;
import com.appbox.base.baseaction.BaseAction;
import com.appbox.base.vo.HttpRequest;
import com.appbox.util.business.SignUtil;
import com.appbox.util.property.PropertiesUtil;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;

/**
 * 请求参数拦截器 用于包装和校验定制平台请求参数
 */
@SuppressWarnings("serial")
public class ParamsInterceptor extends BaseAction implements Interceptor {
	
	private static String msg;
	
	@Override
	public void destroy() {
		// TODO Auto-generated method stub
		
	}

	public void init() {
		// TODO Auto-generated method stub
		
	}

	@Override
	public String intercept(ActionInvocation invocation) throws Exception {
		// TODO Auto-generated method stub
		
		ActionContext context = invocation.getInvocationContext();
		HttpServletRequest request = ServletActionContext.getRequest();
		request.setCharacterEncoding("UTF-8");
		System.out.println("request"+request);
		HttpRequest req =  createHttpRequest(request);
		JSONObject json = new JSONObject();

		if(!checkProperties(req)){
			json.put("msg", msg);
			json.put("state", false);
			return ajaxJson(json.toJSONString());
		}
		
		if(!checksign(request,req )){
			json.put("msg", msg);
			json.put("state", false);
			return ajaxJson(json.toJSONString());
		}
		
		return invocation.invoke();
	}


	/**
	 * 验证key/sign/secret
	 * @param request
	 * @param req
	 * @return
	 */
	private boolean checksign(HttpServletRequest request, HttpRequest req) {
		String key = request.getParameter("key");
		String key_ad = PropertiesUtil.getPropertyValue("key");
		if (key == null || !key_ad.equals(key)) {
			msg = "key不正确";
			return false;
		}
		//密钥是MD5(key+随机6位数)
		String secret = PropertiesUtil.getPropertyValue("secret");
		try {
			request.setCharacterEncoding("utf-8");
		} catch (UnsupportedEncodingException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		Map map = request.getParameterMap();
		System.out.println("提交的签名值:" + req.getSign());

		String sign = SignUtil.generatSign(map, secret);
		System.out.println("系统生成的签名值:" + sign);
		if (!sign.equalsIgnoreCase(req.getSign())) {
			msg = "签名不正确";
			return false;
		}
		return true;
	}

	/**
	 * 验证请求参数非空
	 * @param req
	 * @return
	 */
	private boolean checkProperties(HttpRequest req) {
		if (req.getKey() == null || req.getKey().isEmpty()) {
			msg = "key不为空";
			return false;
		}
//		if (req.getSign() == null || req.getSign().isEmpty()) {
//			msg = "签名不为空";
//			return false;
//		}
		if (req.getIconpath() == null || req.getIconpath().isEmpty()) {
			msg = "软件图标不为空";
			return false;
		}
		if	(req.getApppath() == null || req.getApppath().isEmpty()){
			msg = "平台上已上传媒体路径不为空";
			return false;
		}
		if	(req.getType() == null || req.getType().isEmpty()){
			msg = "媒体类型不为空";
			return false;
		}
		if	(req.getCustomername() == null || req.getCustomername().isEmpty()){
			msg = "媒体主名称不为空";
			return false;
		}
		if	(req.getMedianame() == null || req.getMedianame().isEmpty()){
			msg = "媒体名称不为空";
			return false;
		}
		if	(req.getDesc() == null || req.getDesc().isEmpty()){
			msg = "媒体简介不为空";
			return false;
		}
		if	(req.getIdcode() == null || req.getIdcode().isEmpty()){
			msg = "软件标识码不为空";
			return false;
		}
		return true;
	}
	/**
	 * 获得请求
	 * @param request
	 * @return
	 */
	private HttpRequest createHttpRequest(HttpServletRequest request) {
		HttpRequest req = new HttpRequest();
		req.setKey(request.getParameter("key"));
		req.setApppath(request.getParameter("apppath"));
		req.setDesc(request.getParameter("desc"));
		req.setEmail(request.getParameter("email"));
		req.setIconpath(request.getParameter("iconpath"));
		req.setIdcode(request.getParameter("idcode"));
//		req.setIpaddr();  //ip地址
		req.setCustomername(request.getParameter("customername"));
		req.setMedianame(request.getParameter("medianame"));
		req.setSign(request.getParameter("sign"));
		req.setType(request.getParameter("type"));
		return req;
	}
	
}


第四步:配置总项目src下的struts.xml配置文件

<!-- 平台对接  -->
    <package name="struts-paramsinterceptor" extends="json-default">
       <interceptors>
           <interceptor name="paramsInterceptor" class="com.appbox.util.interceptor.ParamsInterceptor"></interceptor>
           
           <interceptor-stack name="paramsStack">
               <interceptor-ref name="defaultStack" />
               <interceptor-ref name="paramsInterceptor" />
           </interceptor-stack>
       </interceptors>
       <default-interceptor-ref name="paramsStack"></default-interceptor-ref>
       
    </package>


 


你可能感兴趣的:([置顶] 接口对接:关于明文和密钥,还有生成Sign工具类)