微信公衆號開發1-驗證消息的確來自微信服務器

1 進入測試號

2 使用ngrok實現內網穿透
3 驗證消息的確來自微信服務器

WxMessageController.java

package com.torey.shxqgy.shxqgy.controller;

import com.torey.shxqgy.shxqgy.service.WxService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;

/**
 * @ClassName：WxMessage
 * @Description：
 * @author: Torey
 */
@RestController
public class WxMessageController {
    @Autowired
    private HttpServletRequest request;
    @Autowired
    private HttpServletResponse response;
    @RequestMapping(value = "/wx/wxRes",method = RequestMethod.GET )
    public void wxMessageGet(){
        System.out.println("GET");
        yanZhengWx();
    }
    @RequestMapping(value = "/wx/wxRes",method = RequestMethod.POST )
    public void wxMessagePost(){
        System.out.println("POST");
    }

    private boolean yanZhengWx() {
       String signature	=request.getParameter("signature");//微信加密簽名，signature結合了開發者填寫的token參數和請求中的timestamp參數、nonce參數。
       String timestamp	=request.getParameter("timestamp");//時間戳
       String nonce	=request.getParameter("nonce");//隨機數
       String echostr	=request.getParameter("echostr");//隨機字符串
        //校驗請求
        if(WxService.check(timestamp,nonce,signature)){
            PrintWriter writer = null;
            try {
                writer = response.getWriter();
            } catch (IOException e) {
                e.printStackTrace();
            }
            //原樣返回echost參數
            writer.print(echostr);
            writer.flush();
            writer.close();
            System.out.println("接入成功");
        }else {
            System.out.println("接入失敗");
        }
        return  true;
    }
}

WxService.java

package com.torey.shxqgy.shxqgy.service;

import com.torey.shxqgy.shxqgy.config.WxConfig;
import org.apache.commons.lang3.StringUtils;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;

/**
 * @ClassName：WxService
 * @Description：
 * @author: Torey
 */
public class WxService {
    /**
     * @author: LiTaoFeng
     * @description:驗證簽名
     */
    public static boolean check(String timestamp,String nonce,String signature) {
        //1）將token、timestamp、nonce三個參數進行字典序排序
        // 2）將三個參數字符串拼接成一個字符串進行sha1加密
        // 3）開發者獲得加密後的字符串可與signature對比，標識該請求來源於微信
        //1）將token、timestamp、nonce三個參數進行字典序排序
        String[] strs=new String[]{WxConfig.TOKEN,timestamp,nonce};
        Arrays.sort(strs);
        // 2）將三個參數字符串拼接成一個字符串進行sha1加密
        String str = StringUtils.join(strs, "");
        String shal = shal(str);
        System.out.println(shal);
        System.out.println(signature);
        return shal.equalsIgnoreCase(signature);
    }
    /**
     * @author: LiTaoFeng
     * @description:進行shal加密
     */
    private static String shal(String src){
        //獲取一個加密對象
        MessageDigest md = null;
        try {
            md = MessageDigest.getInstance("sha1");

        char[] chars={'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
        StringBuilder sb = new StringBuilder();
        //加密
        byte[] digest = md.digest(src.getBytes());
        //處理加密結果
        for (byte b : digest) {
            sb.append(chars[(b>>4)&15]) ;
            sb.append(chars[b&15]);
        }
        return sb.toString();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        return null;
    }
}