2.回调验签
<h1>1、验证签名过程</h1>
<h2>1)、回调接口传回报文,验签前(举例)</h2>
<pre><code>{
&quot;merchant_id&quot;: &quot;testMerchant001&quot;,
&quot;partner_id&quot;: &quot;RFT&quot;,
&quot;timestamp&quot;: &quot;20180924235824387&quot;,
&quot;sign_type&quot;: &quot;SHA256&quot;,
&quot;sign&quot;: &quot;0g02YUW2fRRrAaMlYrwUmVAS1rb6loTJQ+4ffFNB7DM=&quot;
}</code></pre>
<h2>2)、临时保存"sign"值,去除"sign"后把所有参数根据参数名k排序(升序)并拼接</h2>
<pre><code>merchant_id=testMerchant001&amp;partner_id=RFT&amp;sign_type=SHA256&amp;timestamp=20180924235824387</code></pre>
<h2>3)、追加验证签名密钥signVerificationKey(从融赋通获取,如:key=282b00eb561b455caac86925c6xxxxxx)</h2>
<pre><code>merchant_id=testMerchant001&amp;partner_id=RFT&amp;sign_type=SHA256&amp;timestamp=20180924235824387&amp;key=282b00eb561b455caac86925c6xxxxxx</code></pre>
<h2>4)、生成签名并base64</h2>
<pre><code>0g02YUW2fRRrAaMlYrwUmVAS1rb6loTJQ+4ffFNB7DM=</code></pre>
<h2>5)、验证传回签名(步骤2中"sign")与当前生成是否一致</h2>
<h1>2、验证签名代码参考</h1>
<pre><code> public static void main(String[] args) {
// 从融赋通获取
String signVerificationKey = &quot;282b00eb561b455caac86925c6xxxxxx&quot;;
// 举例回调传入参数
String param = &quot;{\n&quot; +
&quot; \&quot;merchant_id\&quot;: \&quot;testMerchant001\&quot;,\n&quot; +
&quot; \&quot;partner_id\&quot;: \&quot;RFT\&quot;,\n&quot; +
&quot; \&quot;timestamp\&quot;: \&quot;20180924235824387\&quot;,\n&quot; +
&quot; \&quot;sign_type\&quot;: \&quot;SHA256\&quot;,\n&quot; +
&quot; \&quot;sign\&quot;: \&quot;0g02YUW2fRRrAaMlYrwUmVAS1rb6loTJQ+4ffFNB7DM=\&quot;\n&quot; +
&quot;}\n&quot;;
JSONObject jsonObject = JSON.parseObject(param);
String verifySign = jsonObject.getString(&quot;sign&quot;);
jsonObject.remove(&quot;sign&quot;);
// 参数排序
String paramSort = getSortKVStr(jsonObject);
System.out.println(paramSort);
// 追加签名密钥signGenerationKey
String paramSortAppendkey = paramSort + &quot;&amp;key=&quot; + signVerificationKey;
System.out.println(paramSortAppendkey);
try {
MessageDigest digest = MessageDigest.getInstance(&quot;SHA-256&quot;);
// 执行加签转base64
byte[] paramHash = digest.digest(paramSortAppendkey.getBytes(StandardCharsets.UTF_8));
String base64Sign = Base64.getEncoder().encodeToString(paramHash);
System.out.println(&quot;验证签名结果: &quot; + verifySign.equals(base64Sign));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
/**
* 参数排序
* @param values
* @return 排序后输出String
*/
private static String getSortKVStr(Map&lt;String, Object&gt; values) {
List&lt;String&gt; keys = new ArrayList&lt;&gt;(values.keySet());
Collections.sort(keys);
StringBuilder sb = new StringBuilder();
for (String key : keys) {
//附件不参与签名验签
if (&quot;file&quot;.equals(key)) {
continue;
}
Object value = values.get(key);
if (value == null || &quot;&quot;.equals(value)) {
continue;
}
if (sb.length() &gt; 0)
sb.append('&amp;');
sb.append(key).append(&quot;=&quot;).append(value);
}
String sortKVStr = sb.toString();
System.out.println(&quot;sort kv string for sign:&quot; + sortKVStr);
return sortKVStr;
}</code></pre>