【微信开发】微信开发之开启开发模式（二）

2021-10-30 15:19:29

2. 程序源码

GitHub源码位置 :

-- HTTP : https://github.com/han1202012/WeChatVerify.git

-- SSH : git@github.com:han1202012/WeChatVerify.git

CSDN下载认证程序的war包和源码 : http://download.csdn.net/detail/han1202012/6999207

微信验证war包下载 :

-- 访问地址 : ip地址:80/WeChatVerify/verifyServlet ;

-- Token : 注意Token是 "hanshuliang" ;

程序结构 :

【微信开发】微信开发之开启开发模式（二）

Servlet源码 :

package shuliang.han.vertify.servlet;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import shuliang.han.vertify.VerifyUtils;
public class VerifyServlet extends HttpServlet {
    private static final long serialVersionUID = 4440739483644L;
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
    throws ServletException, IOException {
 
  //获取微信服务器发送给我们的四个参数
  String signature = req.getParameter("signature");
  String timestamp = req.getParameter("timestamp");
  String nonce = req.getParameter("nonce");
  String echostr = req.getParameter("echostr");
 
  //创建一个出处流, 用于向微信服务器发送数据
  PrintWriter out = resp.getWriter();
 
  //如果校验通过, 向微信服务器发送echostr参数
  if(VerifyUtils.checkSignature(signature, timestamp, nonce)){
    out.print(echostr);
  }
 
  //释放资源
  out.close();
  out = null;
 
    }
    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp)
    throws ServletException, IOException {
  //注意这里不能有任何操作, 否则不能完成验证
    }
}

验证工具类源码 :

package shuliang.han.vertify;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
public class VerifyUtils {
    private final static String token = "hanshuliang";
    public static boolean checkSignature(String signature, String timestamp, String nonce) {
 
  //将token timestamp nonce 按照字典顺序排序
  String[] params = new String[]{token, timestamp, nonce};
  Arrays.sort(params);
 
  //将上面三个参数排序之后拼接成字符串
  StringBuffer buffer = new StringBuffer();
  for(int i = 0; i < params.length; i ++){
    buffer.append(params[i]);
  }
 
  //str用于存储加密后的字符串
  String str = null;
 
  try {
    //获取sha1加密对象
    MessageDigest digest = MessageDigest.getInstance("SHA-1");
    //将组合后的字符串使用sha1加密, 加密后获得一个byte数组
    byte[] byteDigest = digest.digest(buffer.toString().getBytes());
    //获取加密后的字符串, 将byte数组转化为字符串
    str = byte2str(byteDigest);
  } catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
  }
 
  /*
   * 将加密后的字符串 与 signature 参数进行比较, 
   * 如果加密后的字符串为null直接返回false
   * 如果加密后的字符串不为null, 直接返回
   */
  boolean isVerified = (str != null) ? str.equals(signature.toUpperCase()) : false;
 
  return isVerified;
    }
    /*
  * 将byte数组转为字符串
  */
    public static String byte2str(byte[] byteArray) {
  String str = "";
  for(int i = 0; i < byteArray.length; i ++){
    str += byte2HexStr(byteArray[i]);
  }
  return str;
    }
    /*
  * 将byte转为字符串
  */
    public static String byte2HexStr(byte b) {
  char[] digit = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
 
  char[] temp = new char[2];
  temp[0] = digit[(b >>> 4) & 0x0F];
  temp[1] = digit[b & 0x0F];
 
  String s = new String(temp);
 
  return s;
    }
}

web.xml配置文件 :

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" 
    xmlns="http://java.sun.com/xml/ns/javaee" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
    http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
    <servlet>
  <servlet-name>verifyServlet</servlet-name>
  <servlet-class>shuliang.han.vertify.servlet.VerifyServlet</servlet-class>
    </servlet>
    <servlet-mapping>
  <servlet-name>verifyServlet</servlet-name>
  <url-pattern>/verifyServlet</url-pattern>
    </servlet-mapping>
  <welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
  </welcome-file-list>
</web-app>

三. 进行校验

1.部署程序

(1) 导出war包

【微信开发】微信开发之开启开发模式（二）

(2) 将war包上传到服务器

【微信开发】微信开发之开启开发模式（二）

(3) 配置Tomcat的server.xml文件

微信服务器只能接受80端口数据 :

<Connector port="80" protocol="HTTP/1.1" 
               connectionTimeout="20000" 
               redirectPort="8443" />

2. 使用阿里云服务器

将上面的程序导出的war包, 放到阿里云Tomcat服务器下 : 使用 http://hanshuliang.com:8080/WeChatVerify/verifyServlet 登陆;

-- 结果 : 这是正常情况, 因为在POST中没有添加参数;

TTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
java.lang.NullPointerException
    java.lang.String.compareTo(String.java:1168)
    java.lang.String.compareTo(String.java:92)
    java.util.Arrays.mergeSort(Arrays.java:1144)
    java.util.Arrays.sort(Arrays.java:1079)
    shuliang.han.vertify.VerifyUtils.checkSignature(VerifyUtils.java:13)
    shuliang.han.vertify.servlet.VerifyServlet.doGet(VerifyServlet.java:28)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
note The full stack trace of the root cause is available in the Apache Tomcat/6.0.20 logs.
Apache Tomcat/6.0.20