com.anjiplus.open.sdk.utils.SignUtils Maven / Gradle / Ivy
package com.anjiplus.open.sdk.utils;
import org.apache.commons.lang3.StringUtils;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.Map;
/**
* 验证签名,防止数据被篡改
* @author lr
*/
public class SignUtils {
private final static String SIGN_PARAM="sign";
private final static String CHARSET_UTF8 = "UTF-8";
/**
* 生产签名
* @param params 参数
* @param secret 私钥
* @return 秘钥
* @throws IOException 异常
*/
public static String generateSign(Map params, String secret) throws IOException {
// 第一步:检查参数是否已经排序
String[] keys = params.keySet().toArray(new String[0]);
Arrays.sort(keys);
// 第二步:把所有参数名和参数值串在一起
StringBuilder query = new StringBuilder();
for (String key : keys) {
//跳过参数"sign",sign不参与签名
if(StringUtils.equals(SIGN_PARAM,key)) {
continue;
}
Object value = params.get(key);
if (value !=null && !"".equals(value)) {
query.append(key).append(value);
}
}
// 第三步:使用HMAC加密
byte[] bytes = encryptHMAC(query.toString(), secret);
// 第四步:把二进制转化为大写的十六进制(正确签名应该为32大写字符串,此方法需要时使用)
return byte2hex(bytes);
}
/**
* 加密
* @param data 加密数据
* @param secret 秘钥
* @return 加密的字节
* @throws IOException 异常
*/
public static byte[] encryptHMAC(String data, String secret) throws IOException {
byte[] bytes = null;
try {
SecretKey secretKey = new SecretKeySpec(secret.getBytes(CHARSET_UTF8), "HmacMD5");
Mac mac = Mac.getInstance(secretKey.getAlgorithm());
mac.init(secretKey);
bytes = mac.doFinal(data.getBytes(CHARSET_UTF8));
} catch (GeneralSecurityException gse) {
throw new IOException(gse.toString());
}
return bytes;
}
/**
* 转16进制
* @param bytes 字节数组
* @return 返回16进制
*/
public static String byte2hex(byte[] bytes) {
StringBuilder sign = new StringBuilder();
for (int i = 0; i < bytes.length; i++) {
String hex = Integer.toHexString(bytes[i] & 0xFF);
if (hex.length() == 1) {
sign.append("0");
}
sign.append(hex.toUpperCase());
}
return sign.toString();
}
}