After the developer submits the information, the server sends a GET request to the filled server address URL, and the GET request carries four parameters:
Parameters |
Describe |
Signature |
The cryptographic signature, signature, combines the token parameters and the timestamp parameters and Nonce parameters that the developer fills in. |
Timestamp |
Time stamp |
Nonce |
Random number |
Echostr |
Immediately after the string |
The developer verifies the request by verifying the signature (there is a check method below). If you confirm that the GET request is from the server, return the ECHOSTR parameter content as it is, and the access will be effective, or the access fails.
The encryption/verification process is as follows:
1. Three parameters of token, timestamp and nonce are sorted in dictionary order 2. The three parameter strings are stitched together into a string for SHA1 encryption 3. The developer obtains the encrypted string that can be compared to signature, which identifies the request from
Java code:
public class Signutil {private static String token = "Weixin"; public static Boolean Checksignature (string signature, string timestamp, String nonce) {Boolean result = false; Sort tokens, timestamp and nonce by dictionary order string[] array = new String[]{token, timestamp, nonce}; Arrays.sort (array); Concatenation of three parameter characters into a string str = Array[0].concat (array[1]). Concat (array[2]); String sha1str = null; try {//SHA1 encryption of the stitched string messagedigest MD = messagedigest.getinstance ("SHA-1"); Byte[] Digest = Md.digest (Str.getbytes ()); SHA1STR = Byte2str (digest); } catch (Exception e) {} if (sha1str! = null && sha1str.equals (signature)) {ResU Lt = true; } return result; }/* * Convert byte array to String */public static string Byte2str (byte[] array) {StringBuffer hexstr = new string Buffer (); String shahex= ""; for (int i = 0;i < Array.Length; i++) {Shahex = Integer.tohexstring (Array[i] & 0xFF); if (Shahex.length () < 2) {hexstr.append (0); } hexstr.append (Shahex); } return hexstr.tostring (); }}
Token check in Java