微信开放平台API（一）第三方系统接入

139 阅读 0 评论 92 点赞

我是靠谱客的博主碧蓝狗，这篇文章主要介绍微信开放平台API（一）第三方系统接入，现在分享给大家，希望可以做个参考。

最近接手一个公众号，决定学习下微信开放平台API，丰富下这个服务号。

在接入之前，首先最重要的就是阅读微信提供的API接口文档

一、接入操作步骤，参照接入指南，操作自己的服务号，初次接入本人选择的是明文模式

二、在页面中需要填写第三方服务器一个servlet的url，用于接入验证，下面代码是doGet的方法，用于接收来自微信的验证请求

sha1的签名生成算法参考了网上代码，如果需要删除，请随时联系我

复制代码

package com.access;

import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collections;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class MyWeixinServlet extends HttpServlet {
	
	private static final long serialVersionUID = 1L;
	
	private static final char[] HEX_DIGITS = { '0', '1', '2', '3', '4', '5',
        '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };

@Override
	protected void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		
		try {

response.setCharacterEncoding("UTF-8");
			request.setCharacterEncoding("UTF-8");
			/****************************************准备参数*************************************************/
			/**
			  微信接入验证时提交的4个参数，
			signature：微信加密签名，signature结合了开发者填写的token参数和请求中的timestamp参数、nonce参数。
			timestamp：时间戳
			nonce：随机数
			echostr：随机字符串*/
			
			String signature = request.getParameter("signature");
			String timestamp = request.getParameter("timestamp");
			String nonce = request.getParameter("nonce");
			String echostr = request.getParameter("echostr");
			
			System.out.println("signature:"+signature);
			System.out.println("timestamp:"+timestamp);
			System.out.println("nonce:"+nonce);
			System.out.println("echostr:"+echostr);
			
			//自定义token
			String token = "zheshiwodetoken";
			
			/**
			        校验流程如下：
				1. 将token、timestamp、nonce三个参数进行字典序排序
				2. 将三个参数字符串拼接成一个字符串进行sha1加密
				3. 开发者获得加密后的字符串可与signature对比，标识该请求来源于微信
			*/
			//构建token、timestamp、nonce的数组，并进行字典排序
			ArrayList<String> arl = new ArrayList<String>();
			arl.add(token);
			arl.add(timestamp);
			arl.add(nonce);
			
			Collections.sort(arl);
			
			//构建sha1字符串
			String sha1 ="";
			for (int i = 0; i < arl.size(); i++) {
				sha1+=arl.get(i);
	        }
			System.out.println("for sha1:"+sha1);
			
			//使用sha1算法获得摘要sig
			MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
			messageDigest.update(sha1.getBytes());
			String sig = getFormattedText(messageDigest.digest());
			
			//signature校验
			PrintWriter out = null;
			if(signature.equals(sig)){
				//校验成功，返回echostr，接入成功
				System.out.println("sha1: true!!!!!"+sig);
				out = response.getWriter();
				out.write(echostr);
				out.flush();
			}else{
				//校验失败，理论上是应该报错的，我省懒，一样返回了echostr，这个请注意。。。
				System.out.println("sha1: false!!!!!"+sig);
				out = response.getWriter();
				out.write(echostr);
				out.flush();
			}
		} catch (Exception e) {
			e.printStackTrace();
		}
	}
	
	private static String getFormattedText(byte[] bytes) {

int len = bytes.length;

StringBuilder buf = new StringBuilder(len * 2);

// 鎶婂瘑鏂囪浆鎹㈡垚鍗佸叚杩涘埗鐨勫瓧绗︿覆褰㈠紡

for (int j = 0; j < len; j++) {
			buf.append(HEX_DIGITS[(bytes[j] >> 4) & 0x0f]);

buf.append(HEX_DIGITS[bytes[j] & 0x0f]);

}

return buf.toString();

}
	
	@Override
	protected void doPost(HttpServletRequest request, HttpServletResponse response){
		try{
			InputStream is = request.getInputStream();
			{
				byte[] b = new byte[1024];
				int len = 0;
				StringBuilder builder = new StringBuilder();
				while ((len = is.read(b)) != -1) {
					byte[] t = new byte[len];
					System.arraycopy(b, 0, t, 0, len);
					builder.append(new String(t, "utf-8"));
				}
				
				System.out.println("get message:"+builder);
				
			}
		}catch (Exception e){
			e.printStackTrace();
		}
	}
	
	public static void main(String args[]) throws NoSuchAlgorithmException{
		String a = "1426521501";
		String s = "871891313";
		
		String d = "zheshiwodetouken";
		
		String sha1 = a + s + d;
		MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
		messageDigest.update(sha1.getBytes());
		String sig = getFormattedText(messageDigest.digest());
		
		System.out.println(sig);
	}
}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
package com.access;


import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collections;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;



public class MyWeixinServlet extends HttpServlet {
	
	private static final long serialVersionUID = 1L;
	
	private static final char[] HEX_DIGITS = { '0', '1', '2', '3', '4', '5',
        '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };

	
	@Override
	protected void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		
		try {

			response.setCharacterEncoding("UTF-8");
			request.setCharacterEncoding("UTF-8");
			/****************************************准备参数*************************************************/
			/**
			  微信接入验证时提交的4个参数，
			signature：微信加密签名，signature结合了开发者填写的token参数和请求中的timestamp参数、nonce参数。
			timestamp：时间戳
			nonce：随机数
			echostr：随机字符串*/
			
			String signature = request.getParameter("signature");
			String timestamp = request.getParameter("timestamp");
			String nonce = request.getParameter("nonce");
			String echostr = request.getParameter("echostr");
			
			System.out.println("signature:"+signature);
			System.out.println("timestamp:"+timestamp);
			System.out.println("nonce:"+nonce);
			System.out.println("echostr:"+echostr);
			
			//自定义token
			String token = "zheshiwodetoken";
			
			/**
			        校验流程如下：
				1. 将token、timestamp、nonce三个参数进行字典序排序
				2. 将三个参数字符串拼接成一个字符串进行sha1加密
				3. 开发者获得加密后的字符串可与signature对比，标识该请求来源于微信
			*/
			//构建token、timestamp、nonce的数组，并进行字典排序
			ArrayList<String> arl = new ArrayList<String>();
			arl.add(token);
			arl.add(timestamp);
			arl.add(nonce);
			
			Collections.sort(arl);
			
			//构建sha1字符串
			String sha1 ="";
			for (int i = 0; i < arl.size(); i++) {
				sha1+=arl.get(i);
	        }
			System.out.println("for sha1:"+sha1);
			
			//使用sha1算法获得摘要sig
			MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
			messageDigest.update(sha1.getBytes());
			String sig = getFormattedText(messageDigest.digest());
			
			//signature校验
			PrintWriter out = null;
			if(signature.equals(sig)){
				//校验成功，返回echostr，接入成功
				System.out.println("sha1: true!!!!!"+sig);
				out = response.getWriter();
				out.write(echostr);
				out.flush();
			}else{
				//校验失败，理论上是应该报错的，我省懒，一样返回了echostr，这个请注意。。。
				System.out.println("sha1: false!!!!!"+sig);
				out = response.getWriter();
				out.write(echostr);
				out.flush();
			}
		} catch (Exception e) {
			e.printStackTrace();
		}
	}
	
	private static String getFormattedText(byte[] bytes) {

		int len = bytes.length;

		StringBuilder buf = new StringBuilder(len * 2);

		// 鎶婂瘑鏂囪浆鎹㈡垚鍗佸叚杩涘埗鐨勫瓧绗︿覆褰㈠紡

		for (int j = 0; j < len; j++) {
			buf.append(HEX_DIGITS[(bytes[j] >> 4) & 0x0f]);

			buf.append(HEX_DIGITS[bytes[j] & 0x0f]);

		}

		return buf.toString();

	}
	
	@Override
	protected void doPost(HttpServletRequest request, HttpServletResponse response){
		try{
			InputStream is = request.getInputStream();
			{
				byte[] b = new byte[1024];
				int len = 0;
				StringBuilder builder = new StringBuilder();
				while ((len = is.read(b)) != -1) {
					byte[] t = new byte[len];
					System.arraycopy(b, 0, t, 0, len);
					builder.append(new String(t, "utf-8"));
				}
				
				System.out.println("get message:"+builder);
				
			}
		}catch (Exception e){
			e.printStackTrace();
		}
	}
	
	public static void main(String args[]) throws NoSuchAlgorithmException{
		String a = "1426521501";
		String s = "871891313";
		
		String d = "zheshiwodetouken";
		
		String sha1 = a + s + d;
		MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
		messageDigest.update(sha1.getBytes());
		String sig = getFormattedText(messageDigest.digest());
		
		System.out.println(sig);
	}
}