package org.sxl.weixin; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Arrays; import javax.servlet.http.HttpServletRequest; public class WeiXinValidateToken { /** * * @param signature * 微信加密签名,signature结合了开发者填写的token参数和请求中的timestamp参数、nonce参数。 * @param timestamp * 时间戳 * @param nonce * 随机数 * @param echostr * 随机字符串 * @return 是否通过验证 * @throws NoSuchAlgorithmException */ public boolean Validate(String signature, String token, String timestamp, String nonce) throws NoSuchAlgorithmException { String[] array = new String[] { token, timestamp, nonce }; StringBuffer sb = new StringBuffer(); // 字符串排序 Arrays.sort(array); for (int i = 0; i < 3; i++) { sb.append(array[i]); } String str = sb.toString(); // SHA1签名生成 MessageDigest md = MessageDigest.getInstance("SHA-1"); md.update(str.getBytes()); byte[] digest = md.digest(); StringBuffer hexstr = new StringBuffer(); String shaHex = ""; for (int i = 0; i < digest.length; i++) { shaHex = Integer.toHexString(digest[i] & 0xFF); if (shaHex.length() < 2) { hexstr.append(0); } hexstr.append(shaHex); } if (signature.equals(hexstr)) { return true; } else { return false; } } /** * * @param request * 请求 * @param token * 密钥 * @return 随机数 */ public String ValidateRequest(HttpServletRequest request, String token) { String signature = request.getParameter("signature"); String echostr = request.getParameter("echostr"); String timestamp = request.getParameter("timestamp"); String nonce = request.getParameter("nonce "); boolean val = false; try { val = Validate(signature, token, timestamp, nonce); } catch (NoSuchAlgorithmException e) { // TODO Auto-generated catch block e.printStackTrace(); } if(val==true){ return echostr; }else{ return ""; } } }