Common parameter verification

java code

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
private boolean commonVerify(String dto, HttpServletRequest request, HttpServletResponse response) throws Exception {
JSONObject json = JSONObject.parseObject(dto);
if (null == json) {
response.getWriter().write(objectWriter.writeValueAsString(ResultData.error(790004, "request error request body is empty")));
return false;
}
if (StringUtils.isBlank(json.getString("sign"))) {
response.getWriter().write(objectWriter.writeValueAsString(ResultData.error(790004, "sign not blank")));
return false;
}
if (null == json.getLong("merchantId")) {
response.getWriter().write(objectWriter.writeValueAsString(ResultData.error(790004, "merchantId not blank")));
return false;
}
if (null == json.getLong("appId")) {
response.getWriter().write(objectWriter.writeValueAsString(ResultData.error(790004, "appId not blank")));
return false;
}
if (StringUtils.isBlank(json.getString("timestamp"))) {
response.getWriter().write(objectWriter.writeValueAsString(ResultData.error(790004, "timestamp not blank")));
return false;
}
NpMerchantApp merchantApp = merchantAppMapper.selectByMerchanId(json.getLong("merchantId"));
if (null == merchantApp) {
response.getWriter().write(objectWriter.writeValueAsString(ResultData.error(4003, "merchant does not exist")));
return false;
}
if (0 != Long.compare(merchantApp.getAppId(), json.getLong("appId"))) {
response.getWriter().write(objectWriter.writeValueAsString(ResultData.error(4006,"app mismatching"));
return false;
}
// ApiSignUtil.verify
if (!ApiSignUtil.verify(json.toString(), merchantApp.getAppKey(), json.getString("sign"))) {
response.getWriter().write(objectWriter.writeValueAsString(ResultData.error(4002, "signature error")));
return false;
}
return true;
}

Signature verification

java code

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

public static boolean verify(String jsonStr, String key, String sign) {
String s = sign(jsonStr, key);
return StringUtils.equals(s, sign);
}

public static String sign(JSONObject jsonObject, String key) {
try {
if (jsonObject==null) {
return "";
}
StringBuilder build = new StringBuilder();
Set<String> keySet = jsonObject.keySet();
List<String> keys = new ArrayList<>(keySet);
Collections.sort(keys);
for (int i = 0; i < keys.size(); i++) {
String k = keys.get(i);
String v = jsonObject.getString(k);
if (StringUtils.isBlank(k) || StringUtils.isBlank(v) || StringUtils.equals("sign", k) || StringUtils.equals("mqcount", k)) {
continue;
}
build.append(k).append("=").append(v).append("&");
}
build.append("key=").append(key);
String sign = Md5Utils.hash(build.toString()).toUpperCase();

log.info("Request API parameter signature string:{}", build.toString());
log.info("Request the final signature of API parameters:{}", sign);
return sign;
} catch (Exception e) {
log.error("SDK signature abnormal: {}", e);
return "";
}
}

Credit limit query

java code

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

@Override
public CreditqueryVO creditquery(CreditqueryDTO dto) {
CreditqueryVO vo = new CreditqueryVO();
if(StringUtils.isBlank(dto.getMerchantUserId()) && StringUtils.isBlank(dto.getMobile())){
throw new BaseException(ResultCode.PARAM_ERROR, "merchantUserId and mobile cannot be empty at the same time");
}
String merchantUserId = dto.getMerchantUserId();
Long npuid=null;
String whitelistMerchant=","+"2020000808"+",";
vo.setMerchantUserId(dto.getMerchantUserId());
vo.setMobile(dto.getMobile());
NpPreCredit preCredit = creditMapper.selectByMerchantAndUserId(dto.getMerchantId(), dto.getMerchantUserId());
if(null==preCredit){
if(whitelistMerchant.indexOf(dto.getMerchantId().toString())>-1) {//白名单商户
vo.setCreditRemain(new BigDecimal(0));
vo.setCreditTotal(new BigDecimal(0));
vo.setStatus(0);
vo.setActiveStatus(0);
return vo;
}else{//非白名单商户
npuid=creditMapper.selectUidBymobile(dto.getMobile());
if(npuid!=null){//可以找到用户,构造一个虚假的预授信信息
preCredit =new NpPreCredit();
preCredit.setNpUserId(npuid);
preCredit.setActiveStatus(0);
preCredit.setPreCreditAmount(new BigDecimal(1000));
return returnCreditqueryVO(preCredit,vo);
}else{//直接返回假的额度
vo.setCreditRemain(new BigDecimal(1000));//钱包可用额度
vo.setCreditTotal(new BigDecimal(1000));//钱包授信额度
vo.setStatus(1);//0不可用 1可用
vo.setActiveStatus(0);
return vo;
}
}
}else{
if(whitelistMerchant.indexOf(dto.getMerchantId().toString())>-1) {//白名单商户
NpUserWallet wallet = walletMapper.selectByUserId(preCredit.getNpUserId());
if (null == wallet || wallet.getStatus() == 1) {
vo.setMerchantUserId(dto.getMerchantUserId());
vo.setCreditRemain(preCredit.getPreCreditAmount());
vo.setCreditTotal(preCredit.getPreCreditAmount());
vo.setStatus(1);
vo.setActiveStatus(preCredit.getActiveStatus());
return vo;
}
vo.setMerchantUserId(dto.getMerchantUserId());
vo.setCreditRemain(wallet.getCreditRemain());
vo.setCreditTotal(wallet.getCreditTotal());
vo.setStatus(wallet.getStatus() == 2 ? 1 : 0);
vo.setActiveStatus(preCredit.getActiveStatus());
return vo;
}else{//非白名单商户
return returnCreditqueryVO( preCredit,vo);
}
}
}