package com.epmet.controller; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.PrintWriter; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Arrays; import java.util.Enumeration; /** * desc:微信配置测试 * * @author generator generator@elink-cn.com * @since v1.0.0 2020-03-08 */ @RestController @RequestMapping("wechat") public class WxController { private static Logger log = LoggerFactory.getLogger(WxController.class); @RequestMapping("check") public void get(HttpServletRequest request, HttpServletResponse response) throws Exception { System.out.println("========WechatController========= "); Enumeration pNames = request.getParameterNames(); while (pNames.hasMoreElements()) { String name = (String) pNames.nextElement(); String value = request.getParameter(name); // out.print(name + "=" + value); String log = "name =" + name + " value =" + value; } String signature = request.getParameter("signature");/// 微信加密签名 String timestamp = request.getParameter("timestamp");/// 时间戳 String nonce = request.getParameter("nonce"); /// 随机数 String echostr = request.getParameter("echostr"); // 随机字符串 response.reset(); PrintWriter out = response.getWriter(); // if (this.checkSignature(signature, timestamp, nonce)) { // out.print(echostr); // } out.close(); out = null; } /** * 校验签名 */ public static boolean checkSignature(String signature, String timestamp, String nonce) { System.out.println("signature:" + signature + "timestamp:" + timestamp + "nonc:" + nonce); String WECHAT_TOKEN = "1jkoyyih83nj8"; String[] arr = new String[]{WECHAT_TOKEN, timestamp, nonce}; // 将token、timestamp、nonce三个参数进行字典序排序 Arrays.sort(arr); StringBuilder content = new StringBuilder(); for (int i = 0; i < arr.length; i++) { content.append(arr[i]); } MessageDigest md = null; String tmpStr = null; try { md = MessageDigest.getInstance("SHA-1"); // 将三个参数字符串拼接成一个字符串进行sha1加密 byte[] digest = md.digest(content.toString().getBytes()); tmpStr = byteToStr(digest); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } content = null; // 将sha1加密后的字符串可与signature对比,标识该请求来源于微信 System.out.println(tmpStr.equals(signature.toUpperCase())); return tmpStr != null ? tmpStr.equals(signature.toUpperCase()) : false; } /** * 将字节数组转换为十六进制字符串 * * @param byteArray * @return */ private static String byteToStr(byte[] byteArray) { String strDigest = ""; for (int i = 0; i < byteArray.length; i++) { strDigest += byteToHexStr(byteArray[i]); } return strDigest; } /** * 将字节转换为十六进制字符串 * * @param mByte * @return */ private static String byteToHexStr(byte mByte) { char[] Digit = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'}; char[] tempArr = new char[2]; tempArr[0] = Digit[(mByte >>> 4) & 0X0F]; tempArr[1] = Digit[mByte & 0X0F]; String s = new String(tempArr); return s; } /** * 打开开发者模式签名认证 * @param signature * @param timestamp * @param nonce * @param echostr * @return */ @ResponseBody @RequestMapping(value = "/service", method = RequestMethod.GET) public Object defaultView(String signature, String timestamp, String nonce, String echostr) { if (echostr == null || echostr.isEmpty()) { return nonce; } if (this.checkSignature(signature, timestamp, nonce)) { return echostr; } return nonce; } }