1 package com.owen.xx.util;
 2 
 3 import java.security.MessageDigest;
 4 import java.security.NoSuchAlgorithmException;
 5 import java.util.Arrays;
 6 
 7 /** 
 8  * 请求校验工具类 
 9  *  
10  * @author liufeng 
11  * @date 2013-05-18 
12  */  
13 public class SignUtil {  
14     // 与接口配置信息中的Token要一致  
15     private static String token = "ABCDEFG";  
16   
17     /** 
18      * 验证签名 
19      *  
20      * @param signature 
21      * @param timestamp 
22      * @param nonce 
23      * @return 
24      */  
25     public static boolean checkSignature(String signature, String timestamp, String nonce) {  
26         String[] arr = new String[] { token, timestamp, nonce };  
27         // 将token、timestamp、nonce三个参数进行字典序排序  
28         Arrays.sort(arr);  
29         StringBuilder content = new StringBuilder();  
30         for (int i = 0; i < arr.length; i++) {  
31             content.append(arr[i]);  
32         }  
33         MessageDigest md = null;  
34         String tmpStr = null;  
35   
36         try {  
37             md = MessageDigest.getInstance("SHA-1");  
38             // 将三个参数字符串拼接成一个字符串进行sha1加密  
39             byte[] digest = md.digest(content.toString().getBytes());  
40             tmpStr = byteToStr(digest);  
41         } catch (NoSuchAlgorithmException e) {  
42             e.printStackTrace();  
43         }  
44   
45         content = null;  
46         // 将sha1加密后的字符串可与signature对比，标识该请求来源于微信  
47         return tmpStr != null ? tmpStr.equals(signature.toUpperCase()) : false;  
48     }  
49   
50     /** 
51      * 将字节数组转换为十六进制字符串 
52      *  
53      * @param byteArray 
54      * @return 
55      */  
56     private static String byteToStr(byte[] byteArray) {  
57         String strDigest = "";  
58         for (int i = 0; i < byteArray.length; i++) {  
59             strDigest += byteToHexStr(byteArray[i]);  
60         }  
61         return strDigest;  
62     }  
63   
64     /** 
65      * 将字节转换为十六进制字符串 
66      *  
67      * @param mByte 
68      * @return 
69      */  
70     private static String byteToHexStr(byte mByte) {  
71         char[] Digit = { ‘0‘, ‘1‘, ‘2‘, ‘3‘, ‘4‘, ‘5‘, ‘6‘, ‘7‘, ‘8‘, ‘9‘, ‘A‘, ‘B‘, ‘C‘, ‘D‘, ‘E‘, ‘F‘ };  
72         char[] tempArr = new char[2];  
73         tempArr[0] = Digit[(mByte >>> 4) & 0X0F];  
74         tempArr[1] = Digit[mByte & 0X0F];  
75   
76         String s = new String(tempArr);  
77         return s;  
78     }  
79 }  

 1 package com.owen.xx.servlet;
 2 
 3 import java.io.IOException;
 4 import java.io.PrintWriter;
 5 
 6 import javax.servlet.ServletException;
 7 import javax.servlet.http.HttpServlet;
 8 import javax.servlet.http.HttpServletRequest;
 9 import javax.servlet.http.HttpServletResponse;
10 
11 import com.owen.omikeweichat.util.SignUtil;
12 
13 /**
14  * 核心请求处理类
15  * 
16  * @author liufeng
17  * @date 2013-05-18
18  */
19 public class CoreServlet extends HttpServlet {
20     private static final long serialVersionUID = 4440739483644821986L;
21 
22     /**
23      * 确认请求来自微信服务器
24      */
25     public void doGet(HttpServletRequest request, HttpServletResponse response)
26             throws ServletException, IOException {
27         // 微信加密签名
28         String signature = request.getParameter("signature");
29         // 时间戳
30         String timestamp = request.getParameter("timestamp");
31         // 随机数
32         String nonce = request.getParameter("nonce");
33         // 随机字符串
34         String echostr = request.getParameter("echostr");
35 
36         PrintWriter out = response.getWriter();
37         // 通过检验signature对请求进行校验，若校验成功则原样返回echostr，表示接入成功，否则接入失败
38         if (SignUtil.checkSignature(signature, timestamp, nonce)) {
39             out.print(echostr);
40         }
41         out.close();
42         out = null;
43     }
44 
45     /**
46      * 处理微信服务器发来的消息
47      */
48     public void doPost(HttpServletRequest request, HttpServletResponse response)
49             throws ServletException, IOException {
50         // TODO 消息的接收、处理、响应
51     }
52 
53 }