当前位置:网站首页>Three-way joint interface data security issues
Three-way joint interface data security issues
2022-08-02 16:05:00 【zhangyu】
文档说明
A reporter in the docking process of some operations with a third party
对接流程
数据传输
Each request is to check the legitimacy of the request sources and data,采取以下策略,In the details of the interface will adopt what kind of encryption mode
获取 Token
请求地址:
POST https:xxxx
接口说明:获取调用凭据,有效期 24h、After obtaining after call interface is added to the request headerAuthorization
中
请求参数 | ||||
---|---|---|---|---|
字段 | 数据类型 | 是否必传 | 说明 | 示例 |
app_id | String | 是 | 客户端ID | thirdpartner |
app_secret | String | 是 | 客户端密钥 | @m2!2q15^#0d&@ |
响应参数 | ||
---|---|---|
字段 | 说明 | 示例 |
code | 响应状态码 | 200 |
msg | 响应描述信息 | 请求成功 |
data | 响应体 | eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQ… |
Conventional data encryption
Conventional data encryption,Each request data add random string
once_str
和时间戳timestamp
并通过 MD5 Data is encrypted to all、The receiver to the school to verify,示例如下
public class EncryptSign {
public static final String APP_ID = "thirdpartner";
public static final String APP_SECRET = "@m*2!2q1*5^#0d&@";
// 生成签名
public static String createSign(SortedMap<String, String> params) {
return params.keySet().stream()
.sorted()
.map(k -> k + "=" + params.get(k) + "&")
.reduce((x, y) -> x + y)
.map(d -> d.substring(0, d.length() - 1))
.map(d -> d.concat(APP_SECRET))
.map(EncryptSign::encode)
.map(String::toUpperCase)
.get();
}
public static boolean verifySign(HttpServletRequest request) {
Map<String, String[]> params = request.getParameterMap();
SortedMap<String, String> map = new TreeMap<>();
String expSign = null;
for (Map.Entry<String, String[]> pv : params.entrySet()) {
String param = pv.getKey();
String[] value = pv.getValue();
if (!param.equals("sign")) {
map.put(param, value[0]);
} else {
expSign = value[0];
}
}
return expSign.equals(createSign(map));
}
public static String generateOnceStr() {
return UUID.randomUUID().toString().replaceAll("-", "");
}
public static String encode(String value) {
StringBuilder sb = new StringBuilder();
try {
MessageDigest md = MessageDigest.getInstance(MD5);
byte[] bs = value.getBytes();
byte[] mb = md.digest(bs);
for (int i = 0; i < mb.length; i++) {
int v = mb[i] & 0xFF;
if (v < 16) {
sb.append("0");
}
sb.append(Integer.toHexString(v));
}
} catch (Exception e) {
e.printStackTrace();
}
return sb.toString();
}
public static void main(String[] args) {
//Create a random string and time stamp
String once_str = generateOnceStr();
String timestamp = String.valueOf(System.currentTimeMillis());
//测试数据集
SortedMap<String, String> params = new TreeMap<>();
params.put("param1", "a");
params.put("param2", "b");
params.put("once_str", once_str);
params.put("timestamp", timestamp);
//Conventional data encryption
params.put("sign", createSign(params));
System.out.println(params);
}
}
调用示例
Map<String, String> map = new HashMap<>();
// 业务参数
map.put("app_id", "xxxx");
map.put("app_secret", "xxxx");
// 公共参数
map.put("once_str", EncryptSign.generateOnceStr());
map.put("timestamp", String.valueOf(System.currentTimeMillis()));
// MD5 加密
map.put("sign", EncryptSign.createSign(map));
// Http 调用
String url = "http://xxx/xx/xx";
String result = HttpClientUtil.httpPost(url, map);
System.out.println(result);
敏感数据加密
涉及敏感数据,采用 AES 进行加解密,注意妥善保管密钥,示例如下
public class EncryptAES {
private static final String secret = "@5^22&%c*9^283*@";
private static final String algorithm = "AES/ECB/PKCS5Padding";
//加密
public static String encrypt(String content) {
try {
Security.addProvider(new SunJCE());
Cipher cipher = Cipher.getInstance(algorithm);
cipher.init(ENCRYPT_MODE, new SecretKeySpec(secret.getBytes(), AES));
return Base64.getEncoder().encodeToString(cipher.doFinal(content.getBytes("UTF-8")));
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
//解密
public static String decrypt(String encrypt) {
try {
Security.addProvider(new SunJCE());
Cipher cipher = Cipher.getInstance(algorithm);
cipher.init(DECRYPT_MODE, new SecretKeySpec(secret.getBytes("UTF-8"), AES));
return new String(cipher.doFinal(Base64.getDecoder().decode(encrypt)));
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
public static void main(String[] args) {
//Create a random string and time stamp
String once_str = EncryptSign.generateOnceStr();
String timestamp = String.valueOf(System.currentTimeMillis());
//测试数据集
SortedMap<String, String> params = new TreeMap<>();
params.put("param1", "a");
params.put("param2", "b");
params.put("once_str", once_str);
params.put("timestamp", timestamp);
String content = JSON.toJSONString(params);
System.out.println("明文: " + content);
System.out.println("加密: " + encrypt(content));
System.out.println("解密: " + decrypt(encrypt(content)));
}
}
调用示例
Map<String, String> map = new HashMap<>();
// 业务参数
map.put("app_id", "xxxx");
map.put("app_secret", "xxxx");
// 公共参数
map.put("once_str", EncryptSign.generateOnceStr());
map.put("timestamp", String.valueOf(System.currentTimeMillis()));
// AESEncapsulation encryption parameters to sign 字段
Map<String, String> param = new HashMap<>();
param.put("sign", EncryptAES.encrypt(toJSONString(map));
// Http 调用
String url = "http://xxx/xx/xx";
String result = HttpClientUtil.httpPost(url, param);
System.out.println(result);
边栏推荐
猜你喜欢
随机推荐
使用1D-1D EPE的光波导布局设计工具
内存和硬盘、磁盘的区别
仿真结果的格式&定制
CDH (computational Diffie-Hellman) problem and its differences with discrete logarithm and DDH problems
Unity插件-NGUI
Run ns3 with multiple processes
Unity-PlayMaker
JOOQ 报错 StackOverflowError
unity-shader(入门)
OpenPose 运行指令 ([email protected])
许多代码……
audio console无法连接到RPC服务
Litestar 4D – WebCatalog 7:全自动数据管理
TCP的三次握手和四次挥手
char array/string array|array pointer/pointer array/
极简式 Unity 获取 bilibili 直播弹幕、SC、上舰、礼物等 插件
Doubly linked list (normal iterators and const iterators)
理解:野指针,空指针,失效指针。
C#实现简单的计算器
饥荒联机版Mod开发——配置代码环境(二)