Skip to content

fix:适配最新版微信消息推送的验证方式 #252

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
NinjaKanami wants to merge 1 commit into
base: 2.8.x
Choose a base branch
from
Open

fix:适配最新版微信消息推送的验证方式 #252

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
147 changes: 73 additions & 74 deletions src/test/java/weixin/popular/example/ReceiveServletAES.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,23 +27,23 @@

/**
* 服务端事件消息接收 加密模式
* @author Yi
*
* @author Yi
*/
public class ReceiveServletAES extends HttpServlet{
public class ReceiveServletAES extends HttpServlet {

/**
*
*/
private static final long serialVersionUID = 1L;
*
*/
private static final long serialVersionUID = 1L;

private String appId = ""; //appid 通过微信后台获取
private String token = "test"; //通过微信后台获取
private String appId = ""; //appid 通过微信后台获取
private String token = "test"; //通过微信后台获取

private String encodingToken = ""; //Token(令牌) 通过微信后台获取
private String encodingAesKey = ""; //EncodingAESKey(消息加解密密钥) 通过微信后台获取
private String encodingToken = ""; //Token(令牌) 通过微信后台获取
private String encodingAesKey = ""; //EncodingAESKey(消息加解密密钥) 通过微信后台获取

//重复通知过滤
//重复通知过滤
private static ExpireKey expireKey = new DefaultExpireKey();

@Override
Expand All @@ -60,84 +60,83 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
String encrypt_type = request.getParameter("encrypt_type");
String msg_signature = request.getParameter("msg_signature");

WXBizMsgCrypt wxBizMsgCrypt = null;
//加密方式
boolean isAes = "aes".equals(encrypt_type);
if(isAes){
try {
wxBizMsgCrypt = new WXBizMsgCrypt(encodingToken, encodingAesKey, appId);
} catch (AesException e) {
e.printStackTrace();
}
}

//首次请求申请验证,返回echostr
if(isAes&&echostr!=null){
try {
echostr = URLDecoder.decode(echostr,"utf-8");
String echostr_decrypt = wxBizMsgCrypt.verifyUrl(msg_signature, timestamp, nonce, echostr);
outputStreamWrite(outputStream,echostr_decrypt);
return;
} catch (AesException e) {
e.printStackTrace();
}
}else if(echostr!=null){
outputStreamWrite(outputStream,echostr);
return;
WXBizMsgCrypt wxBizMsgCrypt = null;
//加密方式
boolean isAes = "aes".equals(encrypt_type);
if (isAes) {
try {
wxBizMsgCrypt = new WXBizMsgCrypt(encodingToken, encodingAesKey, appId);
} catch (AesException e) {
e.printStackTrace();
}
}

EventMessage eventMessage = null;
if(isAes){
try {
//获取XML数据(含加密参数)
String postData = StreamUtils.copyToString(inputStream, Charset.forName("utf-8"));
//解密XML 数据
String xmlData = wxBizMsgCrypt.decryptMsg(msg_signature, timestamp, nonce, postData);
//XML 转换为bean 对象
eventMessage = XMLConverUtil.convertToObject(EventMessage.class, xmlData);
} catch (AesException e) {
e.printStackTrace();
}
}else{
//验证请求签名
if(!signature.equals(SignatureUtil.generateEventMessageSignature(token,timestamp,nonce))){
System.out.println("The request signature is invalid");
return;
}

if(inputStream!=null){
//XML 转换为bean 对象
eventMessage = XMLConverUtil.convertToObject(EventMessage.class,inputStream);
}
if (isAes) {
//若为安全模式消息推送
try {
//获取XML数据(含加密参数)
String postData = StreamUtils.copyToString(inputStream, Charset.forName("utf-8"));
//解密XML 数据
assert wxBizMsgCrypt != null;
String xmlData = wxBizMsgCrypt.decryptMsg(msg_signature, timestamp, nonce, postData);
//XML 转换为bean 对象
eventMessage = XMLConverUtil.convertToObject(EventMessage.class, xmlData);
} catch (AesException e) {
e.printStackTrace();
}
} else {
//若非安全模式消息推送 则为验证消息推送 或 明文模式消息推送
if (signature == null) {
System.out.println("The request signature is null");
return;
}
//验证请求签名
if (!signature.equals(SignatureUtil.generateEventMessageSignature(encodingToken, timestamp, nonce))) {
System.out.println("The request signature is invalid");
return;
}
//首次请求申请验证,返回echostr
if (echostr != null) {
echostr = URLDecoder.decode(echostr, "utf-8");
outputStreamWrite(outputStream, echostr);
return;
}
//明文模式消息推送
if (inputStream != null) {
//XML 转换为bean 对象
eventMessage = XMLConverUtil.convertToObject(EventMessage.class, inputStream);
}
}

String key = eventMessage.getFromUserName() + "__"
+ eventMessage.getToUserName() + "__"
+ eventMessage.getMsgId() + "__"
+ eventMessage.getCreateTime();
if(expireKey.exists(key)){
//重复通知不作处理
return;
}else{
expireKey.add(key);
}

//创建回复
XMLMessage xmlTextMessage = new XMLTextMessage(
eventMessage.getFromUserName(),
eventMessage.getToUserName(),
"你好");
//回复
xmlTextMessage.outputStreamWrite(outputStream,wxBizMsgCrypt);
+ eventMessage.getToUserName() + "__"
+ eventMessage.getMsgId() + "__"
+ eventMessage.getCreateTime();
if (expireKey.exists(key)) {
//重复通知不作处理
return;
} else {
expireKey.add(key);
}

//创建回复
XMLMessage xmlTextMessage = new XMLTextMessage(
eventMessage.getFromUserName(),
eventMessage.getToUserName(),
"你好");
//回复
xmlTextMessage.outputStreamWrite(outputStream, wxBizMsgCrypt);
}

/**
* 数据流输出
*
* @param outputStream
* @param text
* @return
*/
private boolean outputStreamWrite(OutputStream outputStream,String text){
private boolean outputStreamWrite(OutputStream outputStream, String text) {
try {
outputStream.write(text.getBytes("utf-8"));
} catch (UnsupportedEncodingException e) {
Expand Down