兼容老的验签

2025-08-08 10:33:22 +08:00
parent 6e22ad187e
commit 83b691fa0d
2 changed files with 45 additions and 2 deletions
--- a/coolstore-partner-common/src/main/java/com/cool/store/utils/OpenSignatureUtil.java
+++ b/coolstore-partner-common/src/main/java/com/cool/store/utils/OpenSignatureUtil.java
@@ -52,6 +52,40 @@ public class OpenSignatureUtil {
        return hmacSha256(sb.toString(), appSecret);
    }
    public static String generateSignOld(Map<String, String> params, String appSecret) {
        // 1. 分离固定参数和业务参数
        String appKey = params.get("appKey");
        String timestamp = params.get("timestamp");
        // 2. 创建不包含固定参数的临时Map用于排序
        Map<String, String> sortedParams = new TreeMap<>(
                params.entrySet().stream()
                        .filter(e -> !"appKey".equals(e.getKey()))
                        .filter(e -> !"timestamp".equals(e.getKey()))
                        .filter(e -> !"sign".equals(e.getKey()))
                        .filter(e -> e.getValue() != null && !e.getValue().isEmpty())
                        .collect(Collectors.toMap(
                                Map.Entry::getKey,
                                Map.Entry::getValue
                        ))
        );
        // 3. 构建参数字符串：业务参数（排序后） + 固定参数
        StringBuilder sb = new StringBuilder();
        // 3.1 添加排序后的业务参数
        sortedParams.forEach((key, value) -> {
            sb.append(key).append("=").append(value).append("&");
        });
        // 3.2 添加固定参数（不参与排序）
        sb.append("appkey=").append(appKey)
                .append("&timestamp=").append(timestamp);
        log.info("待签名字符串：{}", sb);
        // 4. 生成签名
        return hmacSha256(sb.toString(), appSecret);
    }
    private static String hmacSha256(String data, String key) {
        try {
--- a/coolstore-partner-web/src/main/java/com/cool/store/config/OpenApiValidateFilter.java
+++ b/coolstore-partner-web/src/main/java/com/cool/store/config/OpenApiValidateFilter.java
@@ -131,10 +131,19 @@ public class OpenApiValidateFilter implements Filter {
            params.put("timestamp", timestampStr);
            String serverSign = OpenSignatureUtil.generateSign(params, coolAppSecret);
            //兼容老验签模式
            SortedMap<String, String> paramsOld = objectMapper.readValue(
                    jsonBody,
                    new TypeReference<TreeMap<String, String>>() {}
            );
            paramsOld.put("appKey",appKey);
            paramsOld.put("timestamp", timestampStr);
-            log.info("{}",serverSign);
+            String serverSignOld = OpenSignatureUtil.generateSignOld(paramsOld, coolAppSecret);
            log.info("serverSign{}",serverSign);
            log.info("serverSignOld：{}",serverSignOld);
-            if (!serverSign.equalsIgnoreCase(clientSign)) {
+            if (!serverSign.equalsIgnoreCase(clientSign)&&!serverSignOld.equalsIgnoreCase(clientSign)) {
                res.setStatus(HttpStatus.OK.value());
                res.setCharacterEncoding("UTF-8");
                res.getWriter().write(JSON.toJSONString(