From 83b691fa0d1f638b234bf7eecfcf45ed9960b53d Mon Sep 17 00:00:00 2001
From: "shuo.wang" <shuo.wang@hao168.com>
Date: Fri, 8 Aug 2025 10:33:22 +0800
Subject: [PATCH] =?UTF-8?q?=E5=85=BC=E5=AE=B9=E8=80=81=E7=9A=84=E9=AA=8C?=
 =?UTF-8?q?=E7=AD=BE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../cool/store/utils/OpenSignatureUtil.java   | 34 +++++++++++++++++++
 .../store/config/OpenApiValidateFilter.java   | 13 +++++--
 2 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/coolstore-partner-common/src/main/java/com/cool/store/utils/OpenSignatureUtil.java b/coolstore-partner-common/src/main/java/com/cool/store/utils/OpenSignatureUtil.java
index 8b69c71aa..351ffe2c3 100644
--- a/coolstore-partner-common/src/main/java/com/cool/store/utils/OpenSignatureUtil.java
+++ b/coolstore-partner-common/src/main/java/com/cool/store/utils/OpenSignatureUtil.java
@@ -52,6 +52,40 @@ public class OpenSignatureUtil {
         return hmacSha256(sb.toString(), appSecret);
     }
 
+    public static String generateSignOld(Map<String, String> params, String appSecret) {
+        // 1. 分离固定参数和业务参数
+        String appKey = params.get("appKey");
+        String timestamp = params.get("timestamp");
+
+        // 2. 创建不包含固定参数的临时Map用于排序
+        Map<String, String> sortedParams = new TreeMap<>(
+                params.entrySet().stream()
+                        .filter(e -> !"appKey".equals(e.getKey()))
+                        .filter(e -> !"timestamp".equals(e.getKey()))
+                        .filter(e -> !"sign".equals(e.getKey()))
+                        .filter(e -> e.getValue() != null && !e.getValue().isEmpty())
+                        .collect(Collectors.toMap(
+                                Map.Entry::getKey,
+                                Map.Entry::getValue
+                        ))
+        );
+
+        // 3. 构建参数字符串：业务参数（排序后） + 固定参数
+        StringBuilder sb = new StringBuilder();
+
+        // 3.1 添加排序后的业务参数
+        sortedParams.forEach((key, value) -> {
+            sb.append(key).append("=").append(value).append("&");
+        });
+
+        // 3.2 添加固定参数（不参与排序）
+        sb.append("appkey=").append(appKey)
+                .append("&timestamp=").append(timestamp);
+        log.info("待签名字符串：{}", sb);
+        // 4. 生成签名
+        return hmacSha256(sb.toString(), appSecret);
+    }
+
 
     private static String hmacSha256(String data, String key) {
         try {
diff --git a/coolstore-partner-web/src/main/java/com/cool/store/config/OpenApiValidateFilter.java b/coolstore-partner-web/src/main/java/com/cool/store/config/OpenApiValidateFilter.java
index d72e9df04..59ad24a31 100644
--- a/coolstore-partner-web/src/main/java/com/cool/store/config/OpenApiValidateFilter.java
+++ b/coolstore-partner-web/src/main/java/com/cool/store/config/OpenApiValidateFilter.java
@@ -131,10 +131,19 @@ public class OpenApiValidateFilter implements Filter {
             params.put("timestamp", timestampStr);
 
             String serverSign = OpenSignatureUtil.generateSign(params, coolAppSecret);
+            //兼容老验签模式
+            SortedMap<String, String> paramsOld = objectMapper.readValue(
+                    jsonBody,
+                    new TypeReference<TreeMap<String, String>>() {}
+            );
+            paramsOld.put("appKey",appKey);
+            paramsOld.put("timestamp", timestampStr);
 
-            log.info("{}",serverSign);
+            String serverSignOld = OpenSignatureUtil.generateSignOld(paramsOld, coolAppSecret);
+            log.info("serverSign{}",serverSign);
+            log.info("serverSignOld：{}",serverSignOld);
 
-            if (!serverSign.equalsIgnoreCase(clientSign)) {
+            if (!serverSign.equalsIgnoreCase(clientSign)&&!serverSignOld.equalsIgnoreCase(clientSign)) {
                 res.setStatus(HttpStatus.OK.value());
                 res.setCharacterEncoding("UTF-8");
                 res.getWriter().write(JSON.toJSONString(