微信公众号接入之排序问题小记

发  微信公众号作为强大的自媒体工具,对接一下是很正常的了。不过这不是本文的方向,本文的方向公众号接入的排序问题。

  最近接了一个重构的小项目,需要将原有的php的公众号后台系统,转换为java系统。当然,也很简单的了。

  

  不过,在接入的时候,遇到有一个有趣的问题,可以分享下。

  大家知道,要将微信在接到用户的请求之后,可以将消息转发给咱们在公众号后台指定的 server 地址,而在指定这个地址的时候,又需要先校验下这个地址是否连通的,是不是开发者自己的用来处理微信转发消息的地址。因此有一个服务器 token 的校验过程。
校验token的过程,算法很简单,引用微信文档原文如下:

开发者通过检验signature对请求进行校验(下面有校验方式)。若确认此次GET请求来自微信服务器,请原样返回echostr参数内容,则接入生效,成为开发者成功,否则接入失败。加密/校验流程如下:

1)将token、timestamp、nonce三个参数进行字典序排序

2)将三个参数字符串拼接成一个字符串进行sha1加密

3)开发者获得加密后的字符串可与signature对比,标识该请求来源于微信

php 示例如下:

private function checkSignature()
{
    _GET["signature"];
    _GET["timestamp"];
    _GET["nonce"];

    tmpArr = array(timestamp, $nonce);
    sort($tmpArr);        // 官方最新版demo已经修复该排序问题了 sort($tmpArr, SORT_STRING);
    $tmpStr = implode( $tmpArr );
    $tmpStr = sha1( $tmpStr );

    if( signature ){
        return true;
    }else{
        return false;
    }
}

而且,下方demo也给的妥妥的。好吧,对接是不会有问题了!

我也按照java版的demo,给整了个接入进来!java 的验证样例如下:

    public String validate(@ModelAttribute WxValidateBean validateBean) {
        String myValidToken = signatureWxReq(validateBean.getToken(), validateBean.getTimestamp(), validateBean.getNonce());
        if(myValidToken.equals(validateBean.getSignature())) {
            return validateBean.getEchostr();
        }
        return "";
    }
    
    public String signatureWxReq(String token, String timestamp, String nonce) {
        try {
            String[] array = new String[] { token, timestamp, nonce };
            StringBuffer sb = new StringBuffer();
            // 字符串排序
            Arrays.sort(array);
            for (int i = 0; i < 4; i++) {
                sb.append(array[i]);
            }
            String str = sb.toString();
            // SHA1签名生成
            MessageDigest md = MessageDigest.getInstance("SHA-1");
            md.update(str.getBytes());
            byte[] digest = md.digest();

            StringBuffer hexstr = new StringBuffer();
            String shaHex = "";
            for (int i = 0; i < digest.length; i++) {
                shaHex = Integer.toHexString(digest[i] & 0xFF);
                if (shaHex.length() < 2) {
                    hexstr.append(0);
                }
                hexstr.append(shaHex);
            }
            return hexstr.toString();
        } catch (Exception e) {
            e.printStackTrace();
            throw new RuntimeException("加密sign异常!");
        }
    }
    

  按理肯定也不会有问题了。不过为了保险起见,我还是写了个测试用例!自测一下!

    private final String oldSysWxAddress = "http://a.com/wx";
    private final String newSysWxAddress = "http://localhost:8080/wx";

    @Test
    public void testWxValidateToken() throws IOException {

        String token = "abc123";
        String timestamp = new Date().getTime() / 1000 + "";
        String nonce = "207665";        // 这个就随便一写的数字
        String echoStr = "1kjdslfj";
        String signature = signatureWxReq(token, timestamp, nonce);

        Map<String, String> params = new HashMap<>();
        params.put("token", token);
        params.put("timestamp", timestamp);
        params.put("nonce", nonce);
        params.put("signature", signature);
        params.put("echostr", echoStr);

        String oldSysResponse = HttpClientOp.doGet(oldSysWxAddress, params);
        Assert.assertEquals("老系统验证不通过,请检查加密算法!", oldSysResponse, echoStr);

        String newSysResponse = HttpClientOp.doGet(newSysWxAddress, params);
        Assert.assertEquals("新系统验证不通过,出bug了!", newSysResponse, echoStr);

        Assert.assertEquals("新老返回不一致,测试不通过!", newSysResponse, oldSysResponse);
        System.out.println("OK");

    }
    

 

  想着吧,也就走个过场得了。结果,还真不是这样!出问题了,"老系统验证不通过,请检查加密算法!" 。

  按理不应该啊!但是代码是理智的,咱们得找到bug不是。

  最后,通过一步步排查,终于发现了,原来是 php 的排序结果,与 java 的排序结果不一致,因此得到的加密串就不对了。

  为啥呢?sort($tmpArr); php是弱类型语言,我们请求的虽然看起来是字符串,但是解析后,因为得到的是一整串数字,因此就认为是可以用整型或这种比较数字大小方式了。

所以,一比较时间和 nonce 随机数,因为随机数位数小,因此自然就应该排在时间戳的前面了。

  

而对于 java 的排序呢? Arrays.sort(Object[] a), 我们来看一下源码!

    public static void sort(Object[] a) {
        if (LegacyMergeSort.userRequested)
            legacyMergeSort(a);
        else
            // 默认使用 ComparableTimSort 排序
            ComparableTimSort.sort(a, 0, a.length, null, 0, 0);
    }
    
    // ComparableTimSort.sort()
    /**
     * Sorts the given range, using the given workspace array slice
     * for temp storage when possible. This method is designed to be
     * invoked from public methods (in class Arrays) after performing
     * any necessary array bounds checks and expanding parameters into
     * the required forms.
     *
     * @param a the array to be sorted
     * @param lo the index of the first element, inclusive, to be sorted
     * @param hi the index of the last element, exclusive, to be sorted
     * @param work a workspace array (slice)
     * @param workBase origin of usable space in work array
     * @param workLen usable size of work array
     * @since 1.8
     */
    static void sort(Object[] a, int lo, int hi, Object[] work, int workBase, int workLen) {
        assert a != null && lo >= 0 && lo <= hi && hi <= a.length;

        int nRemaining  = hi - lo;
        if (nRemaining < 2)
            return;  // Arrays of size 0 and 1 are always sorted

        // If array is small, do a "mini-TimSort" with no merges
        if (nRemaining < MIN_MERGE) {
            // 二分插入排序
            int initRunLen = countRunAndMakeAscending(a, lo, hi);
            binarySort(a, lo, hi, lo + initRunLen);
            return;
        }

        /**
         * March over the array once, left to right, finding natural runs,
         * extending short natural runs to minRun elements, and merging runs
         * to maintain stack invariant.
         */
        ComparableTimSort ts = new ComparableTimSort(a, work, workBase, workLen);
        int minRun = minRunLength(nRemaining);
        do {
            // Identify next run
            int runLen = countRunAndMakeAscending(a, lo, hi);

            // If run is short, extend to min(minRun, nRemaining)
            if (runLen < minRun) {
                int force = nRemaining <= minRun ? nRemaining : minRun;
                binarySort(a, lo, lo + force, lo + runLen);
                runLen = force;
            }

            // Push run onto pending-run stack, and maybe merge
            ts.pushRun(lo, runLen);
            ts.mergeCollapse();

            // Advance to find next run
            lo += runLen;
            nRemaining -= runLen;
        } while (nRemaining != 0);

        // Merge all remaining runs to complete sort
        assert lo == hi;
        ts.mergeForceCollapse();
        assert ts.stackSize == 1;
    }


    /**
     * Returns the length of the run beginning at the specified position in
     * the specified array and reverses the run if it is descending (ensuring
     * that the run will always be ascending when the method returns).
     *
     * A run is the longest ascending sequence with:
     *
     *    a[lo] <= a[lo + 1] <= a[lo + 2] <= ...
     *
     * or the longest descending sequence with:
     *
     *    a[lo] >  a[lo + 1] >  a[lo + 2] >  ...
     *
     * For its intended use in a stable mergesort, the strictness of the
     * definition of "descending" is needed so that the call can safely
     * reverse a descending sequence without violating stability.
     *
     * @param a the array in which a run is to be counted and possibly reversed
     * @param lo index of the first element in the run
     * @param hi index after the last element that may be contained in the run.
              It is required that {@code lo < hi}.
     * @return  the length of the run beginning at the specified position in
     *          the specified array
     */
    @SuppressWarnings({"unchecked", "rawtypes"})
    private static int countRunAndMakeAscending(Object[] a, int lo, int hi) {
        assert lo < hi;
        int runHi = lo + 1;
        if (runHi == hi)
            return 1;

        // Find end of run, and reverse range if descending
        // 调用的是 XXObject.compareTo() 方法,找出第一个比后续值小的index, 作为快排的基点
        if (((Comparable) a[runHi++]).compareTo(a[lo]) < 0) { // Descending
            while (runHi < hi && ((Comparable) a[runHi]).compareTo(a[runHi - 1]) < 0)
                runHi++;
            reverseRange(a, lo, runHi);
        } else {                              // Ascending
            while (runHi < hi && ((Comparable) a[runHi]).compareTo(a[runHi - 1]) >= 0)
                runHi++;
        }

        return runHi - lo;
    }
    
    /**
     * 反转元素
     * Reverse the specified range of the specified array.
     *
     * @param a the array in which a range is to be reversed
     * @param lo the index of the first element in the range to be reversed
     * @param hi the index after the last element in the range to be reversed
     */
    private static void reverseRange(Object[] a, int lo, int hi) {
        hi--;
        while (lo < hi) {
            Object t = a[lo];
            a[lo++] = a[hi];
            a[hi--] = t;
        }
    }
    
    
    /**
     * 二分插入排序
     * Sorts the specified portion of the specified array using a binary
     * insertion sort.  This is the best method for sorting small numbers
     * of elements.  It requires O(n log n) compares, but O(n^2) data
     * movement (worst case).
     *
     * If the initial part of the specified range is already sorted,
     * this method can take advantage of it: the method assumes that the
     * elements from index {@code lo}, inclusive, to {@code start},
     * exclusive are already sorted.
     *
     * @param a the array in which a range is to be sorted
     * @param lo the index of the first element in the range to be sorted
     * @param hi the index after the last element in the range to be sorted
     * @param start the index of the first element in the range that is
     *        not already known to be sorted ({@code lo <= start <= hi})
     */
    @SuppressWarnings({"fallthrough", "rawtypes", "unchecked"})
    private static void binarySort(Object[] a, int lo, int hi, int start) {
        assert lo <= start && start <= hi;
        if (start == lo)
            start++;
        for ( ; start < hi; start++) {
            Comparable pivot = (Comparable) a[start];

            // Set left (and right) to the index where a[start] (pivot) belongs
            int left = lo;
            int right = start;
            assert left <= right;
            /*
             * Invariants:
             *   pivot >= all in [lo, left).
             *   pivot <  all in [right, start).
             */
            while (left < right) {
                int mid = (left + right) >>> 1;
                if (pivot.compareTo(a[mid]) < 0)
                    right = mid;
                else
                    left = mid + 1;
            }
            assert left == right;

            /*
             * The invariants still hold: pivot >= all in [lo, left) and
             * pivot < all in [left, start), so pivot belongs at left.  Note
             * that if there are elements equal to pivot, left points to the
             * first slot after them -- that‘s why this sort is stable.
             * Slide elements over to make room for pivot.
             */
            int n = start - left;  // The number of elements to move
            // Switch is just an optimization for arraycopy in default case
            switch (n) {
                case 2:  a[left + 2] = a[left + 1];
                case 1:  a[left + 1] = a[left];
                         break;
                default: System.arraycopy(a, left, a, left + 1, n);
            }
            a[left] = pivot;
        }
    }

    
    // String.compareTo() 方法,比较 char大小,即字典顺序
    public int compareTo(String anotherString) {
        int len1 = value.length;
        int len2 = anotherString.value.length;
        int lim = Math.min(len1, len2);
        char v1[] = value;
        char v2[] = anotherString.value;

        int k = 0;
        while (k < lim) {
            char c1 = v1[k];
            char c2 = v2[k];
            if (c1 != c2) {
                return c1 - c2;
            }
            k++;
        }
        return len1 - len2;
    }

 

  可以看到,Arrays.sort(), 对于小数的排序,是使用二分插入排序来做的,而具体排序先后,则是调用具体类的 compareTo() 方法,也就是说要进行比较的类,须实现 Comparator 接口。另外,从String的比较方法中,我们也可以看出 char 其实能保存很多东西而不只是 1-128。比如 char s = (char)"中"; 

      而对于排序算法,则针对不同情况,选择不同的合适算法,从而提高运行效率!

      而对于String.compareTo() 则是比较字符的ascii顺序!

 

微信公众号接入之排序问题小记

上一篇:微信小程序开发资料


下一篇:微信支付的几种场景及步骤