About the Sign
Introduction
The secret key used to generate a signature for API request input parameters should be securely maintained by the merchant.
To generate a signature string:
Collect all required parameters that need to be verified into an array.
Sort the array alphabetically by parameter names (keys) in ascending ASCII order. It's important to note that only the parameter keys are sorted, not their values.
Exclude the 'sign' parameter itself from the array before generating the signature.
Example
Example request parameters
{
"appId": "TEST000001",
"sign": "TEST000001",
"merchantOrderNo": "11126"
}
Prepare the string concatenation for sign, convert the format to parameter_name=parameter_value, link with '&', and finally append the key (secret). The result is as follows:
appId=TEST000001&merchantOrderNo=11126&key=9999
Continuing from the prepared string for signing, perform the SHA-512 algorithm to generate the final signature.And change it into capital letters. The signature result is as follows:
95960053CC577FCAFC272410D5F70094DD0986F6C3266DB7D00D0B37A7CB12F6607125143987143EE168DA052C0A1FD436A0E14DBA57584CC977F82823318BDC
Java signature generation code example
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.SortedMap;
import java.util.*;
public class SHA512Utils {
public static final String ENCODE = "UTF-8";
/**
* compute the SHA hash of the message and sign it.
*
* @param signParams signature parameters
* @param key secret
* @return
*/
public static String SHAEncrypt(TreeMap<String, String> signParams, String key) {
signParams.remove("sign");
StringBuffer sb = new StringBuffer();
Set es = signParams.entrySet();
Iterator it = es.iterator();
while (it.hasNext()) {
Map.Entry entry = (Map.Entry) it.next();
String k = (String) entry.getKey();
String v = (String) entry.getValue();
if (null != v && !"".equals(v) && !"sign".equals(k)
&& !"key".equals(k)) {
sb.append(k + "=" + v + "&");
}
}
sb.append("key=" + key);
return encrypt(sb.toString(), ENCODE).toUpperCase();
}
public static String encrypt(String aValue, String encoding) {
aValue = aValue.trim();
byte value[];
try {
value = aValue.getBytes(encoding);
} catch (UnsupportedEncodingException e) {
value = aValue.getBytes();
}
MessageDigest md = null;
try {
md = MessageDigest.getInstance("SHA-512");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
return null;
}
return toHex(md.digest(value));
}
public static String toHex(byte input[]) {
if (input == null)
return null;
StringBuffer output = new StringBuffer(input.length * 2);
for (int i = 0; i < input.length; i++) {
int current = input[i] & 0xff;
if (current < 16)
output.append("0");
output.append(Integer.toString(current, 16));
}
return output.toString();
}
/**
* verify signature
*
* @param signParams sign parameters
* @param key secret
* @return
*/
public static boolean verifySHA(TreeMap<String, String> signParams, String key) {
String verifySign = signParams.get("sign");
String sign = SHAEncrypt(signParams, key);
if (sign.equalsIgnoreCase(verifySign)) {
return true;
}
return false;
}
}
Java signature generate code example:
import java.util.Map;
import com.alibaba.fastjson.JSONObject;
public class SignTest {
public static void main(String[] args) {
String jsonData="{\n" +
" \"appId\": \"TEST000001\",\n" +
" \"sign\": \"TEST000001\",\n" +
" \"merchantOrderNo\": \"11126\"\n" +
"}\n";
//Sign the data
TreeMap resultMap=JSONObject.parseObject(jsonData, TreeMap.class);
String result=SHA512Utils.SHAEncrypt(resultMap,"9999");
System.out.println(result);
//Verify the data,true=verify success
resultMap.put("sign","95960053CC577FCAFC272410D5F70094DD0986F6C3266DB7D00D0B37A7CB12F6607125143987143EE168DA052C0A1FD436A0E14DBA57584CC977F82823318BDC");
System.out.println(SHA512Utils.verifySHA(resultMap,"9999"));
}
}
Updated 5 days ago