与第三方公司对接接口的权限校验

与第三方对接接口时的校验

调用方法时需要传参：

@ApiModelProperty("加密时间戳")
public String timestamp;

@ApiModelProperty("加密密文")
public String cipher;

调用方封装参数：

//被调用方法地址
private static final String url = "";

//DTO为参数对象 根据业务需求调整
Map<String, String> cipher = CipherUtil.getCipher();
DTO dto = DTO.builder()
    .cipher(cipher.get("cipher"))
    .timestamp(cipher.get("timestamp"))
    .build();
String jsonString = JSON.toJSONString(dto);
HttpClientUtils.doPostWithJson(url,jsonString);

被调用方校验

if (!CipherUtil.verifyCipher(dto)){
	throw new BusinessException( "验证失败！");
}

工具类：

public class CipherUtil {//32位小写加密

    //双方定义好密钥
    private static final String PRIVATE_KEY = "";

    /**
     * 获取时间戳和密文
     * @return
     */
    public static Map<String,String> getCipher(){
        try {
            String timestamp = Long.toString(System.currentTimeMillis());
            String cipher = getMD5(PRIVATE_KEY + "&" + timestamp);
            Map<String,String> map = new HashMap<>();
            map.put("timestamp", timestamp);
            map.put("cipher",cipher);
            return map;
        }catch (Exception e){
            e.printStackTrace();
        }
        return null;
    }

    /**
     * 给请求对象添加时间戳和密文
     * @param t
     * @param <T>
     */
    public static <T> void addCipher(T t){
        try {
            String timestamp = Long.toString(System.currentTimeMillis());
            String cipher = getMD5(PRIVATE_KEY + "&" + timestamp);

            Class<?> clazz = t.getClass();
            clazz.getMethod("setTimestamp", String.class).invoke(t,timestamp);
            clazz.getMethod("setCipher", String.class).invoke(t,cipher);
        }catch (Exception e){
            e.printStackTrace();
        }
    }

    /**
     * 验证时间戳和密文是否正确
     * @param timestamp
     * @param cipher
     * @return
     */
    public static boolean verifyCipher(String timestamp, String cipher){
        try {
            String trueCipher = getMD5(PRIVATE_KEY + "&" + timestamp);
            if(cipher.equals(trueCipher)){
                return true;
            }
        }catch (Exception e){
            e.printStackTrace();
        }
        return false;
    }

    /**
     * 验证请求对象时间戳和密文是否正确
     * @param t
     * @param <T>
     * @return
     */
    public static <T> boolean verifyCipher(T t){
        try {
            Class<?> clazz = t.getClass();
            String timestamp = clazz.getMethod("getTimestamp").invoke(t).toString();
            String cipher = clazz.getMethod("getCipher").invoke(t).toString();

            String trueCipher = getMD5(PRIVATE_KEY + "&" + timestamp);
            if(cipher.equals(trueCipher)){
                return true;
            }
        }catch (Exception e){
            e.printStackTrace();
        }
        return false;
    }

    //获取md5方法
    private static String getMD5(String requestBody) {
        return encode("md5", requestBody);
    }
    private static String encode(String algorithm, String value) {
        if (value == null) {
            return null;
        }
        try {
            MessageDigest messageDigest
                    = MessageDigest.getInstance(algorithm);
            messageDigest.update(value.getBytes());
            return getFormattedText(messageDigest.digest());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
    private static String getFormattedText(byte[] bytes) {
        int len = bytes.length;
        StringBuilder buf = new StringBuilder(len * 2);
        for (int j = 0; j < len; j++) {
            buf.append(HEX_DIGITS[(bytes[j] >> 4) & 0x0f]);
            buf.append(HEX_DIGITS[bytes[j] & 0x0f]);
        }
        return buf.toString();
    }
    private static final char[] HEX_DIGITS = { '0', '1', '2', '3', '4', '5',
            '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };

}