页面签名验证
在使用微信JS接口时,页面必须经过签名算法的验证,才能调用相应的JS接口。
签名生成规则如下:参与签名的字段包括noncestr(随机字符串), 有效的jsapi_ticket, timestamp(时间戳), url(当前网页的URL,不包含#及其后面部分) 。对所有待签名参数按照字段名的ASCII 码从小到大排序(字典序)后,使用URL键值对的格式(即key1=value1&key2=value2…)拼接成字符串string1。这里需要注意的是所有参数名均为小写字符。对string1作sha1加密,字段名和字段值都采用原始值,不进行URL 转义。
JAVA 签名代码:
//随机串
private String noncestr;
//时间戳
private String timestamp;
//签名
private String signature;
//生成签名
public void sign(String jsapi_ticket, String url) {
System.out.println("/******************生成签名开始*********************/");
noncestr = create_nonce_str();
timestamp = create_timestamp();
String str = "jsapi_ticket=" + jsapi_ticket +
"&noncestr=" + noncestr +
"×tamp=" + timestamp +
"&url=" + url;
//注意这里参数名必须全部小写,且必须有序
System.out.println(">>>签名字符串:" + str);
try
{
MessageDigest crypt = MessageDigest.getInstance("SHA-1");
crypt.reset();
crypt.update(str.getBytes("UTF-8"));
signature = byteToHex(crypt.digest());
}
catch (NoSuchAlgorithmException e)
{
e.printStackTrace();
System.out.println(">>>报错:" + e.toString());
}
catch (UnsupportedEncodingException e)
{
e.printStackTrace();
System.out.println(">>>报错:" + e.toString());
}finally
{
System.out.println("/******************生成签名结束*********************/");
}
}
//字节转换
private static String byteToHex(final byte[] hash) {
Formatter formatter = new Formatter();
for (byte b : hash)
{
formatter.format("%02x", b);
}
String result = formatter.toString();
formatter.close();
return result;
}
//创建随机串
private static String create_nonce_str() {
return UUID.randomUUID().toString();
}
//创建时间戳
private static String create_timestamp() {
return Long.toString(System.currentTimeMillis() / 1000);
}
public String getNoncestr() {
return noncestr;
}
public void setNoncestr(String noncestr) {
this.noncestr = noncestr;
}
public String getTimestamp() {
return timestamp;
}
public void setTimestamp(String timestamp) {
this.timestamp = timestamp;
}
public String getSignature() {
return signature;
}
public void setSignature(String signature) {
this.signature = signature;
}
浙公网安备 33010602011771号