Updated on 2022-06-22 GMT+08:00

ISV Server Verifying Requests

The following figure shows the overall process of code invocation for request verification.

/**

* Verify the validity of requests.

* @param request --HTTP requests

* @param accessKey --Access key

* @param encryptLength --Length of the encrypted content

* @return --Verification result

*/

public static boolean verificateRequestParams(javax.servlet.http.HttpServletRequest request,

String accessKey,int encryptLength)

{

// Resolve the URL.

Map<String, String[]> paramsMap = request.getParameterMap();

String timeStamp = null;

String authToken = null;

String[] timeStampArray = paramsMap.get("timeStamp");

if (null != timeStampArray && timeStampArray.length > 0)

{

timeStamp = timeStampArray[0];

}

String[] authTokenArray = paramsMap.remove("authToken");

if (null != authTokenArray && authTokenArray.length > 0)

{

authToken = authTokenArray[0];

}

// Sort the remaining parameters and combine them to form the encrypted content.

Map<String, String[]> sortedMap = new TreeMap<String, String[]>();

sortedMap.putAll(paramsMap);

StringBuffer strBuffer = new StringBuffer();

Set<String> keySet = sortedMap.keySet();

Iterator<String> iter = keySet.iterator();

while (iter.hasNext())

{

String key = iter.next();

String value = sortedMap.get(key)[0];

strBuffer.append("&").append(key).append("=").append(value);

}

// Rectify the message body by removing the ampersand (&) before the first parameter.

String reqParams = strBuffer.toString().substring(1);

String key = accessKey + timeStamp;

String signature = null;

try

{

signature = generateResponseBodySignature(key, reqParams);

}

catch (InvalidKeyException | NoSuchAlgorithmException

| IllegalStateException | UnsupportedEncodingException e)

{

// TODO Auto-generated catch block

}

return authToken.equals(signature);

}

/**

* Generate an example signature demo of an HTTP response body.

* @param key --Access key obtained on the Seller Console. Log in to the Seller Console to view the access key.

* @param body --HTTP response message body

* @return --Encryption result

* @throws InvalidKeyException

* @throws NoSuchAlgorithmException

* @throws IllegalStateException

* @throws UnsupportedEncodingException

*/

public static String generateResponseBodySignature(String key, String body)

throws InvalidKeyException, NoSuchAlgorithmException,

IllegalStateException, UnsupportedEncodingException

{

return base_64(hmacSHA256(key, body));

}

/**

*

* HAMC-SHA256 encryption algorithm

* @param macKey --Key

* @param macData --Encryption content, that is, the response message body

* @return --Ciphertext

* @throws NoSuchAlgorithmException

* @throws InvalidKeyException

* @throws IllegalStateException

* @throws UnsupportedEncodingException

*/

public static byte[] hmacSHA256(String macKey, String macData)

throws NoSuchAlgorithmException, InvalidKeyException,

IllegalStateException, UnsupportedEncodingException

{

SecretKeySpec secret =

new SecretKeySpec(macKey.getBytes(), "HmacSHA256");

Mac mac = Mac.getInstance("HmacSHA256");

mac.init(secret);

byte[] doFinal = mac.doFinal(macData.getBytes("UTF-8"));

return doFinal;

}

/**

*

* Convert the byte array into a string.

* @param bytes --Byte array

* @return --String

*/

public static String base_64(byte[] bytes)

{

return new String(Base64.encodeBase64(bytes));

}