生成签名
GET
http://test1.moranblog.cn/
最后修改时间:2023-08-01 02:54:48
责任人:未设置
生成数据签名的目的是确保数据的完整性和身份验证。数据签名是通过使用加密算法和密钥对数据进行处理,生成一个唯一的标识,称为签名。这个签名可以用来验证数据在传输或存储过程中是否被篡改过,并且可以确定数据的来源是否合法。
> 注:只有data里面的数据进行了签名,其他数据不进行签名
PHP方法:
php
//生成签名
function generateSignature($params, $secretKey)
{
// 对参数按照键名进行升序排序
ksort($params);
// 构建待签名字符串
$signString = $this->buildSignString($params);
// 生成签名
$signature = hash_hmac('sha256', $signString, $secretKey);
return $signature;
}
//构建签名字符串
function buildSignString($params, $prefix = '')
{
$signString = '';
foreach ($params as $key => $value) {
if (is_array($value)) {
// 如果值是数组,则进行递归处理
$subPrefix = $prefix ? $prefix . '[' . $key . ']' : $key;
$signString .= $this->buildSignString($value, $subPrefix);
} else {
$paramKey = $prefix ? $prefix . '[' . $key . ']' : $key;
$signString .= $paramKey . '=' . $value . '&';
}
}
return $signString;
}
JAVA 方法:
> 需要第三方依赖 com.google.gson
java
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import java.util.TreeMap;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
public class SignatureGenerator {
public String generateSignatureFromJson(String json, String secretKey)
throws NoSuchAlgorithmException, InvalidKeyException {
Gson gson = new Gson();
TypeToken<Map<String, Object>> typeToken = new TypeToken<Map<String, Object>>() {
};
Map<String, Object> params = gson.fromJson(json, typeToken.getType());
TreeMap<String, Object> sortedParams = new TreeMap<>(params);
String signString = buildSignString(sortedParams, "");
System.out.println("Sign String: " + signString);
return calculateHmacSha256(signString, secretKey);
}
private String buildSignString(Map<String, Object> params, String prefix) {
StringBuilder signString = new StringBuilder();
for (Map.Entry<String, Object> entry : params.entrySet()) {
String key = entry.getKey();
Object value = entry.getValue();
String paramKey = prefix + key;
if (value instanceof Map) {
@SuppressWarnings("unchecked")
Map<String, Object> subParams = (Map<String, Object>) value;
signString.append(buildSignString(subParams, paramKey + "."));
} else {
signString.append(paramKey).append("=").append(value).append("&");
}
}
return signString.toString();
}
private String calculateHmacSha256(String data, String secretKey)
throws NoSuchAlgorithmException, InvalidKeyException {
Mac hmacSha256 = Mac.getInstance("HmacSHA256");
SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
hmacSha256.init(secretKeySpec);
byte[] hmacBytes = hmacSha256.doFinal(data.getBytes(StandardCharsets.UTF_8));
StringBuilder hexString = new StringBuilder();
for (byte hmacByte : hmacBytes) {
String hex = Integer.toHexString(0xFF & hmacByte);
if (hex.length() == 1) {
hexString.append('0');
}
hexString.append(hex);
}
return hexString.toString();
}
public static void main(String[] args) {
SignatureGenerator signatureGenerator = new SignatureGenerator();
String json = "{\"appname\":\"默然博客\",\"appicon\":\"http://moranhtpro.cn/android.png\",\"application_introduction\":\"\",\"developer_contact_info\":\"\",\"official_group\":\"\",\"announcement_configuration\":{\"title\":\"\",\"content\":\"\"},\"updates_info\":{\"update_version\":\"1.0\",\"update_url\":\"\",\"update_content\":\"\"},\"app_exten_info\":[]}";
String secretKey = "osnjZbhHDpartfN9XLBiJSO4xzgKkTy7";
try {
String signature = signatureGenerator.generateSignatureFromJson(json, secretKey);
System.out.println("Signature: " + signature);
} catch (NoSuchAlgorithmException | InvalidKeyException e) {
System.out.println("Error: " + e.getMessage());
}
}
}
请求参数
无