English | 简体中文 | 繁體中文 | Русский язык | Français | Español | Português | Deutsch | 日本語 | 한국어 | Italiano | بالعربية
1.1 Parse wechat callback data
InputStream inStream = request.getInputStream();
ByteArrayOutputStream outSteam = new ByteArrayOutputStream();
byte[] buffer = new byte[1024];
int len = 0;
while ((len = inStream.read(buffer)) != -1) {
outSteam.write(buffer, 0, len);
}
outSteam.close();
inStream.close();
/** Get the returned XML information from the wechat notify_url */
String result = new String(outSteam.toByteArray(), "utf-8")-8");
The result is the XML data returned by the WeChat callback.
1.2 Parse the XML data returned by WeChat
/**
* The XML information returned by WeChat callback is passed in
* Return in the form of Map for easy access
* dom4Parse XML, return the key-value pairs of the first-level elements. If the first-level element has child nodes, the value of this node is empty
* @param strXML
* @return
* @throws DocumentException
*/
@SuppressWarnings("rawtypes")
public static SortedMap<String, String> dom4jXMLParse(String strXML) throws DocumentException {
SortedMap<String, String> smap = new TreeMap<String, String>();
Document doc = DocumentHelper.parseText(strXML);
Element root = doc.getRootElement();
for (Iterator iterator = root.elementIterator(); iterator.hasNext();) {
Element e = (Element) iterator.next();
smap.put(e.getName(), e.getText());
}
return smap;
}
The returned data is an ordered Map format, and the value is obtained by smap.get("field name").
1.3 Verify the legality of the signature returned by WeChat
/**
* Whether WeChat V3Signature, the rule is: sorted by parameter name a-z sorting, parameters with empty values do not participate in the signature
* The parameter data in the SortedMap format after the WeChat returned information is parsed
* Verify whether the message is a legitimate message sent by WeChat
* @param smap
* @param apiKey The set key
* @return Verification result
*/
@SuppressWarnings("rawtypes")
public static boolean isWechatSign(SortedMap<String, String> smap, String apiKey) {
StringBuffer sb = new StringBuffer();
Set es = smap.entrySet();
Iterator it = es.iterator();
while (it.hasNext()) {
Map.Entry entry = (Map.Entry) it.next();
String k = (String) entry.getKey();
String v = (String) entry.getValue();
if (!"sign".equals(k) && null != v && !"".equals(v) && !"key".equals(k)) {
sb.append(k + "=" + v + "&");
}
}
sb.append("key=" + apiKey);
/** Signature to be verified */
String sign = MD5Util.MD5Encode(sb.toString(), "utf-8).toUpperCase();
/** Legal signature returned by the WeChat client */
String validSign = ((String) smap.get("sign")).toUpperCase();
return validSign.equals(sign);
}
Personal suggestion: Before verifying the legality of the WeChat signature, you can first judge whether the return_code and result_code returned by WeChat are SUCCESS.
The following is the Java version of WeChat payment introduced by the editor to everyone3Verification of data legality (Deom), hoping it will be helpful to everyone. If you have any questions, please leave a message, and the editor will reply to everyone in time. Thank you very much for your support of the Yelling Tutorial website!
Declaration: The content of this article is from the Internet, the copyright belongs to the original author. The content is contributed and uploaded by Internet users spontaneously. This website does not own the copyright, has not been manually edited, and does not assume any relevant legal liability. If you find any content suspected of copyright infringement, please send an email to: notice#w3If you find any copyright infringement, please report to codebox.com (replace # with @ when sending an email) and provide relevant evidence. Once verified, this site will immediately delete the infringing content.