@ResponseBody
public OfflineQRCodeResp OfflineQRCode(@RequestHeader("Authorization") String token,@RequestHeader("nonce") String nonce,
@RequestHeader("timestamp") String timestamp,
@RequestHeader("signature") String signature,
@RequestBody OfflineQRCodeReq in){
GlobalVars.IncreaseApiCallCount();
OfflineQRCodeResp resp = new OfflineQRCodeResp();
//--------------------- 验证签名 ----------------------
VerifySignatureReturn verifySignatureReturn = nonceService.verifySignature(nonce, timestamp, in.toString(), signature);
if (!verifySignatureReturn.isbSuccess()) {
resp.setCode(201);
resp.setMessage("签名验证失败," + verifySignatureReturn.getMessage());
resp.setTimestamp(in.getTimestamp());
return resp;
}
验证签名
@Override
public VerifySignatureReturn verifySignature(String nonce, String timestamp, String requestParams, String strClientSignValue) {
VerifySignatureReturn verifySignatureReturn = new VerifySignatureReturn();
boolean ret = false;
if (safe_enable == 0) {
verifySignatureReturn.setbSuccess(true);
return verifySignatureReturn;
}
// ------------- 时间戳 过期时间验证 --------------------
long lngTimeStamp = Long.parseLong(timestamp);
long lngCurTimeStamp = (new Date()).getTime();
long lngOffset = 0;
lngOffset = Math.abs(lngCurTimeStamp - lngTimeStamp);
if (lngOffset > 1000 * safe_expire) {
verifySignatureReturn.setbSuccess(false);
SimpleDateFormat sdf =new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS");
String strTimeString = sdf.format(new Date(Long.parseLong(String.valueOf(lngTimeStamp))));
verifySignatureReturn.setMessage("时间戳过期,差值=" + lngOffset + ",时间戳时间: " + strTimeString);
return verifySignatureReturn;
}
// ---------------- 随机数 验证 ---------------------
if (safe_nonce == 1) {
String cacheNonceString = cacheService.get(nonce);
if (cacheNonceString == null) {
cacheService.put(nonce);
}else {
verifySignatureReturn.setbSuccess(false);
verifySignatureReturn.setMessage("随机数失效");
return verifySignatureReturn;
}
}
// ---------------- 签名验证 ------------------------
String strSignValue = SignatureUitl.getSignature(nonce, timestamp, requestParams);
if (strClientSignValue.equalsIgnoreCase(strSignValue) == false) {
logger.info("签名验证失败,正确的签名: " + strSignValue);
verifySignatureReturn.setbSuccess(false);
verifySignatureReturn.setMessage("signature invalid.");
return verifySignatureReturn;
}
verifySignatureReturn.setbSuccess(true);
return verifySignatureReturn;
}