调用部门接口里面有个加密签名,需要post json 开始试了半天要么提示参数缺少,要么是签名不对
后来接口方给提供了他们收到后处理的代码如下
public static String getParamsSign(String appkey,String secret,SortedMap<String,Object> params,String cut){ params.remove("xxmsign"); params.remove("appkey"); params.remove("sign"); StringBuilder sb = new StringBuilder(); sb.append(appkey); for (Map.Entry entry : params.entrySet()) { sb.append(entry.getKey()).append(cut).append(entry.getValue()); } sb.append(secret); return MD5Util.md5(sb.toString()); } public static boolean verifySign(HttpServletRequest httpServletRequest,String appKey,String secret,String clientSign,String cut){ SortedMap<String, Object> paramList = new TreeMap<>(); //获取所有参数名称 Enumeration<String> paramNames=httpServletRequest.getParameterNames(); while (paramNames.hasMoreElements()) { String parameterName = (String) paramNames.nextElement(); paramList.put(parameterName, ServletRequestUtils.getStringParameter(httpServletRequest, parameterName, "null")); } String serverSign=getParamsSign(appKey,secret,paramList,cut); return serverSign.toUpperCase().equals(clientSign.toUpperCase()); }
给出的示例
秘钥_appid=你的appidLineId=业务线标识id=codeDesc=描述系信息动createType=2ip=periodType=1stype=你的stype秘钥
在首尾各加上appsecret ,中间参数拼接,参数需要升序md5
后来zhangy 同学帮忙调试下,修改后如下
private String generateCode(User user) { SortedMap<String, String> exInputParams = new TreeMap<String,String>(); exInputParams.put("_appid","xxxx"); exInputParams.put("LineId","8"); exInputParams.put("periodType","3"); String desc="xxx"; exInputParams.put("codeDesc",desc); exInputParams.put("createType","2"); exInputParams.put("ip",user.getIp()); exInputParams.put("stype","xxx"); StringBuffer md5Str = new StringBuffer(); md5Str.append("appsecret"); for (Map.Entry entry : exInputParams.entrySet()) { md5Str.append(entry.getKey()).append("=").append(entry.getValue()); } md5Str.append("appsecret"); String sig = EncryptHelper.md5(md5Str.toString()); exInputParams.put("sign",sig); String map = HttpHelper.MapConvertParams(exInputParams); try { String respContent = HttpHelper.post("http://www.abc.com", map, 1000 * 60 * 2); return respContent; } catch (Exception e) { System.out.printf("异常消息:{%s},用户数据:{%s},发送内容:{%s}", e.getMessage(), user.toString(), map); } return null; }
用postman 重新发送消息,后来经过对比发现问题如下
传递参数的时候采用类对象转json,部分字段不是必须的没有赋值,但是md5加密的时候没有把这些放进去
主要是开始采用手动拼接方式造成的,对接口方提供的参数说明照抄,也想到过多余参数的问题,但是一直没有实践验证;
出了问题不可怕,一定要沟通清楚再下手,多思考才能事半功倍,否则只能事倍功半;