isv server验证所有的post body通知请求-j9九游会登录

代码调用如下图所示。

/**
* 校验通知消息的合法性
* @param requestbody requestbody请求体
* @param request http请求通知消息
* @param accesskey 接入码
* @return 验证结果
*/
public static boolean verificaterequestparams(@requestbody requestbody requestbody, javax.servlet.http.httpservletrequest request,
string accesskey)
{
// beanutils来自包commons-beanutils,其版本必须要>=1.9.4,
// 否则需要执行paramsmap.remove("class"),移除参数中不存在的内容
map paramsmap = beanutils.describe(requestbody); 
string timestamp = paramsmap.get("timestamp");
string authtoken = request.getheader("authtoken");
 
//对剩下的参数进行排序，拼接成加密内容
map sortedmap = new treemap();
sortedmap.putall(paramsmap);
stringbuffer strbuffer = new stringbuffer();
set keyset = sortedmap.keyset();
iterator iter = keyset.iterator();
while (iter.hasnext())
{
string key = iter.next();
string value = sortedmap.get(key);
if (stringutils.isblank(value)) {
   continue;
}
strbuffer.append("&").append(key).append("=").append(value);
}
//修正消息体,去除第一个参数前面的&
string reqparams = strbuffer.tostring().substring(1);
string key = accesskey   timestamp;
string signature = null;
try
{
signature = generateresponsebodysignature(key, reqparams);
}
catch (invalidkeyexception | nosuchalgorithmexception
| illegalstateexception | unsupportedencodingexception e)
{
// todo auto-generated catch block
}
return authtoken.equals(signature);
}

/**
* 生成http响应消息体签名示例demo
* @param key 用户在isv console分配的accesskey，请登录后查看
* @param body http响应的报文
* @return 加密结果
* @throws invalidkeyexception
* @throws nosuchalgorithmexception
* @throws illegalstateexception
* @throws unsupportedencodingexception
*/
public static string generateresponsebodysignature(string key, string body)
throws invalidkeyexception, nosuchalgorithmexception,
illegalstateexception, unsupportedencodingexception
{
return base_64(hmacsha256(key, body));
}

/**
*
* hamcsha256加密算法
* @param mackey 密钥key
* @param macdata 加密内容-响应消息体
* @return 加密密文
* @throws nosuchalgorithmexception
* @throws invalidkeyexception
* @throws illegalstateexception
* @throws unsupportedencodingexception
*/
public static byte[] hmacsha256(string mackey, string macdata)
throws nosuchalgorithmexception, invalidkeyexception,
illegalstateexception, unsupportedencodingexception
{
secretkeyspec secret =
new secretkeyspec(mackey.getbytes(), "hmacsha256");
mac mac = mac.getinstance("hmacsha256");
mac.init(secret);
byte[] dofinal = mac.dofinal(macdata.getbytes("utf-8"));
return dofinal;
}

/**
*
* 字节数组转字符串
* @param bytes 字节数组
* @return 字符串
*/
public static string base_64(byte[] bytes)
{
return new string(base64.encodebase64(bytes));
}