isv server对响应消息体进行签名-j9九游会登录

代码调用如下图所示。

/**
* 校验通知消息的合法性
* @param request http请求通知消息
* @param accesskey 接入码
* @param encryptlength 加密长度
* @return 验证结果
*/
public static boolean verificaterequestparams(javax.servlet.http.httpservletrequest request,
string accesskey,int encryptlength)
{
//解析出url内容
map paramsmap = request.getparametermap();
string timestamp = null;
string authtoken = null;
string[] timestamparray = paramsmap.get("timestamp");
if (null != timestamparray && timestamparray.length > 0)
{
timestamp = timestamparray[0];
}
string[] authtokenarray = paramsmap.get("authtoken");
if (null != authtokenarray && authtokenarray.length > 0)
{
authtoken = authtokenarray[0];
}
//对剩下的参数进行排序，拼接成加密内容
map sortedmap = new treemap();
sortedmap.putall(paramsmap);
sortedmap.remove("authtoken");
stringbuffer strbuffer = new stringbuffer();
set keyset = sortedmap.keyset();
iterator iter = keyset.iterator();
while (iter.hasnext())
{
string key = iter.next();
string value = sortedmap.get(key)[0];
strbuffer.append("&").append(key).append("=").append(value);
}
//修正消息体,去除第一个参数前面的&
string reqparams = strbuffer.tostring().substring(1);
string key = accesskey   timestamp;
string signature = null;
try
{
signature = generateresponsebodysignature(key, reqparams);
}
catch (invalidkeyexception | nosuchalgorithmexception
| illegalstateexception | unsupportedencodingexception e)
{
// todo auto-generated catch block
}
return authtoken.equals(signature);
}