验证sign的API

发表于 | 分类于

验证sign的API

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
public class CommonServiceImpl implements CommonService {
	@Config(name = "token", defaultValue = "", description = "token")
	private static String token;
	@Config(name = "key", defaultValue = "", description = "key")
	private static String key;

	/**
	 * 一卡通余额查询
	 */

	@SuppressWarnings({ "unchecked", "rawtypes", "null" })
	public Object cardInfo() {
		// 1.验证sign,并获取userID
		// 1.1 拿到请求体中json
		HttpServletRequest request = HttpUtils.getRequest();
		// 1.2 声明变量
		String rawData = null;
		JSONObject jsonObject = null;
		String echoStr1 = null;
		String sign = null;
		String timestamp = null;
		String nonce = null;
		//1.3获取json数据相应字段
		try {
			rawData = Https.getRequestPostStr(request);
			jsonObject = JSONObject.parseObject(rawData);
			echoStr1 = (String) jsonObject.get("echoStr");
			sign = (String) jsonObject.get("sign");
			timestamp = (String) jsonObject.get("timestamp");
			nonce = (String) jsonObject.get("nonce");
		} catch (IOException e1) {
			// TODO Auto-generated catch block
			e1.printStackTrace();
		}
		// 1.4 添加sign验证字段
		String compareSign = Md5Utils.getMD5String(token + timestamp + nonce + echoStr1);
		// 1.5 声明变量
		String userId = null;
		String echoString = null;
		JSONObject jsonObject1 = null;
		// 1.6 AES解密请求体的echoStr字段
		try {
			echoString = AESUtil.decrypt(echoStr1, key);
			System.out.println("echoString============================" + echoString);
		} catch (InvalidKeyException e1) {
			// TODO Auto-generated catch block
			e1.printStackTrace();
		} catch (IllegalBlockSizeException e1) {
			// TODO Auto-generated catch block
			e1.printStackTrace();
		} catch (BadPaddingException e1) {
			// TODO Auto-generated catch block
			e1.printStackTrace();
		} catch (NoSuchPaddingException e1) {
			// TODO Auto-generated catch block
			e1.printStackTrace();
		} catch (NoSuchAlgorithmException e1) {
			// TODO Auto-generated catch block
			e1.printStackTrace();
		}
		//1.8拿到解密后json数据,并去除空格
		echoString = echoString.replaceAll(" ", "");
		jsonObject1 = JSONObject.parseObject(echoString);
		//1.9拿到json数据中userId字段
		userId = (String) jsonObject1.get("userId");
		// 2.根据userId去查询相应数据
		Map<String, Object> result = Maps.newHashMap();
		Map<String, Object> tempmap = Maps.newHashMap();
		String sql = "SELECT * FROM (SELECT to_char(cardaftbal,'fm99999999999999999990.00') AS cardaftbal FROM usr_datai.t_ykt_pubrecentdtl WHERE stuempno = ? ORDER BY transdate || transtime desc) WHERE rownum = 1 ";
		//本地测试sql
		// String sql = "SELECT CARDAFTBAL FROM T_IT_TESTAPI WHERE GH = ?";
		//2.1 声明余额和url变量
		String YE = null;
		String url = "http://ecard.sbs.edu.cn/web/ADMIN/";
		//2.2 根据userIdsql查询
		try {
			if (userId != null) {
				System.out.println("userId============================" + userId);
				List<Map<String, Object>> SSList = DbUtil.query(sql, new Object[] { userId });
				System.out.println("SSList============================" + SSList);
				//如果没有查询到数据,返回YE为0
				if (SSList != null) {
					for (Iterator iterators = SSList.iterator(); iterators.hasNext();) {
						Map<String, Object> example = (Map<String, Object>) iterators.next();// 获取当前遍历的元素,指定为Example对象
						Iterator entries = example.entrySet().iterator();
						while (entries.hasNext()) {
							Map.Entry entry = (Map.Entry) entries.next();
							Object key = entry.getKey();
							Object value = entry.getValue();
							if (key.equals("CARDAFTBAL")) {
								YE = value.toString();
								System.out.println("YE============================" + YE);
							}
						}
					}
				} else {
					YE = "0";
				}
				//2.3 如果sign校验成功,就根据规范返回值
				if (compareSign.equals(sign)) {
					// tempmap.put("Balance", YE);
					// tempmap.put("Url", url);
					List<Map<String, Object>> tempList = new ArrayList<Map<String, Object>>();
					Map<String, Object> tempMap = new HashMap<String, Object>();
					Map<String, Object> tempMap1 = new HashMap<String, Object>();
					tempMap.put("key", "Balance");
					tempMap.put("value ", YE);
					tempMap1.put("key", "Url");
					tempMap1.put("value ", url);
					tempList.add(tempMap);
					tempList.add(tempMap1);
					tempmap.put("keyValues", tempList);
					JSONObject itemJSONObj = new JSONObject(tempmap);
					System.out.println("tempmap============================" + itemJSONObj);
					String StrTempmap = itemJSONObj.toString();
					System.out.println("StrTempmap============================" + StrTempmap);
					String echoStr = AESUtil.encrypt(StrTempmap, key);
					result.put("status", "success");
					result.put("echoStr", echoStr);
				} else {
					result.put("status", "false");
				}
			} else {

			}
		} catch (Exception e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		return result;

	}

本文地址:https://tonysteven.github.io/2018/10/17/IDS-Api/
转载请注明出处,谢谢!

坚持原创技术分享,您的支持将鼓励我继续创作!