1 進入測試號
2 使用ngrok實現內網穿透
3 驗證消息的確來自微信服務器
WxMessageController.java
package com.torey.shxqgy.shxqgy.controller;
import com.torey.shxqgy.shxqgy.service.WxService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
/**
* @ClassName:WxMessage
* @Description:
* @author: Torey
*/
@RestController
public class WxMessageController {
@Autowired
private HttpServletRequest request;
@Autowired
private HttpServletResponse response;
@RequestMapping(value = "/wx/wxRes",method = RequestMethod.GET )
public void wxMessageGet(){
System.out.println("GET");
yanZhengWx();
}
@RequestMapping(value = "/wx/wxRes",method = RequestMethod.POST )
public void wxMessagePost(){
System.out.println("POST");
}
private boolean yanZhengWx() {
String signature =request.getParameter("signature");//微信加密簽名,signature結合了開發者填寫的token參數和請求中的timestamp參數、nonce參數。
String timestamp =request.getParameter("timestamp");//時間戳
String nonce =request.getParameter("nonce");//隨機數
String echostr =request.getParameter("echostr");//隨機字符串
//校驗請求
if(WxService.check(timestamp,nonce,signature)){
PrintWriter writer = null;
try {
writer = response.getWriter();
} catch (IOException e) {
e.printStackTrace();
}
//原樣返回echost參數
writer.print(echostr);
writer.flush();
writer.close();
System.out.println("接入成功");
}else {
System.out.println("接入失敗");
}
return true;
}
}
WxService.java
package com.torey.shxqgy.shxqgy.service;
import com.torey.shxqgy.shxqgy.config.WxConfig;
import org.apache.commons.lang3.StringUtils;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
/**
* @ClassName:WxService
* @Description:
* @author: Torey
*/
public class WxService {
/**
* @author: LiTaoFeng
* @description:驗證簽名
*/
public static boolean check(String timestamp,String nonce,String signature) {
//1)將token、timestamp、nonce三個參數進行字典序排序
// 2)將三個參數字符串拼接成一個字符串進行sha1加密
// 3)開發者獲得加密後的字符串可與signature對比,標識該請求來源於微信
//1)將token、timestamp、nonce三個參數進行字典序排序
String[] strs=new String[]{WxConfig.TOKEN,timestamp,nonce};
Arrays.sort(strs);
// 2)將三個參數字符串拼接成一個字符串進行sha1加密
String str = StringUtils.join(strs, "");
String shal = shal(str);
System.out.println(shal);
System.out.println(signature);
return shal.equalsIgnoreCase(signature);
}
/**
* @author: LiTaoFeng
* @description:進行shal加密
*/
private static String shal(String src){
//獲取一個加密對象
MessageDigest md = null;
try {
md = MessageDigest.getInstance("sha1");
char[] chars={'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
StringBuilder sb = new StringBuilder();
//加密
byte[] digest = md.digest(src.getBytes());
//處理加密結果
for (byte b : digest) {
sb.append(chars[(b>>4)&15]) ;
sb.append(chars[b&15]);
}
return sb.toString();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return null;
}
}