修正验证签名参数错误

2015-08-08 18:38:40 +08:00 · 2015-08-08 18:38:40 +08:00 · f0ecba5f9b
commit f0ecba5f9b
parent c358e366ee
3 changed files with 29 additions and 154 deletions
--- a/weixin4j-qy/src/main/java/com/foxinmy/weixin4j/qy/model/CorpInfo.java
+++ b/weixin4j-qy/src/main/java/com/foxinmy/weixin4j/qy/model/CorpInfo.java
@ -1,140 +0,0 @@
-package com.foxinmy.weixin4j.qy.model;
-
-import java.io.Serializable;
-
-import com.alibaba.fastjson.annotation.JSONField;
-import com.foxinmy.weixin4j.qy.type.CorpType;
-
-/**
- * 授权方企业号信息
- * 
- * @className CorpInfo
- * @author jy
- * @date 2015年6月12日
- * @since JDK 1.7
- * @see
- */
-public class CorpInfo implements Serializable {
-
-	private static final long serialVersionUID = 1251033124778972419L;
-	/**
-	 * 授权方企业号id
-	 */
-	@JSONField(name = "corpid")
-	private String corpId;
-	/**
-	 * 授权方企业号名称
-	 */
-	@JSONField(name = "corp_name")
-	private String corpName;
-	/**
-	 * 企业方形头像
-	 */
-	@JSONField(name = "corp_square_logo_url")
-	private String squareLogoUrl;
-	/**
-	 * 企业圆形头像
-	 */
-	@JSONField(name = "corp_round_logo_url")
-	private String roundLogoUrl;
-	/**
-	 * 授权方企业号类型
-	 */
-	@JSONField(name = "corp_type")
-	private String corpType;
-	/**
-	 * 授权方企业号用户规模
-	 */
-	@JSONField(name = "corp_user_max")
-	private Integer userMax;
-	/**
-	 * 授权方企业号应用规模
-	 */
-	@JSONField(name = "corp_agent_max")
-	private Integer agentMax;
-	/**
-	 * 授权方企业号二维码
-	 */
-	@JSONField(name = "corp_wxqrcode")
-	private String wxQrCode;
-
-	public String getCorpId() {
-		return corpId;
-	}
-
-	public String getCorpType() {
-		return corpType;
-	}
-
-	@JSONField(serialize = false)
-	public CorpType getFormatCorpType() {
-		return corpType != null ? CorpType.valueOf(corpType) : null;
-	}
-
-	public String getCorpName() {
-		return corpName;
-	}
-
-	public String getSquareLogoUrl() {
-		return squareLogoUrl;
-	}
-
-	public String getRoundLogoUrl() {
-		return roundLogoUrl;
-	}
-
-	public Integer getUserMax() {
-		return userMax;
-	}
-
-	public Integer getAgentMax() {
-		return agentMax;
-	}
-
-	public String getWxQrCode() {
-		return wxQrCode;
-	}
-
-	// ---------- setter 应该全部去掉
-
-	public void setCorpId(String corpId) {
-		this.corpId = corpId;
-	}
-
-	public void setCorpName(String corpName) {
-		this.corpName = corpName;
-	}
-
-	public void setSquareLogoUrl(String squareLogoUrl) {
-		this.squareLogoUrl = squareLogoUrl;
-	}
-
-	public void setRoundLogoUrl(String roundLogoUrl) {
-		this.roundLogoUrl = roundLogoUrl;
-	}
-
-	public void setCorpType(String corpType) {
-		this.corpType = corpType;
-	}
-
-	public void setUserMax(Integer userMax) {
-		this.userMax = userMax;
-	}
-
-	public void setAgentMax(Integer agentMax) {
-		this.agentMax = agentMax;
-	}
-
-	public void setWxQrCode(String wxQrCode) {
-		this.wxQrCode = wxQrCode;
-	}
-
-	@Override
-	public String toString() {
-		return "CorpInfo [corpType=" + corpId + ", corpName=" + corpName
-				+ ", squareLogoUrl=" + squareLogoUrl + ", roundLogoUrl="
-				+ roundLogoUrl + ", corpType=" + corpType + ", userMax="
-				+ userMax + ", agentMax=" + agentMax + ", wxQrCode=" + wxQrCode
-				+ "]";
-	}
-}
--- a/weixin4j-server/src/main/java/com/foxinmy/weixin4j/socket/WeixinRequestHandler.java
+++ b/weixin4j-server/src/main/java/com/foxinmy/weixin4j/socket/WeixinRequestHandler.java
@ -56,18 +56,34 @@ public class WeixinRequestHandler extends
 	protected void channelRead0(ChannelHandlerContext ctx, WeixinRequest request)
 			throws WeixinException {
 		final AesToken aesToken = request.getAesToken();
-		if (aesToken == null) {
+		if (aesToken == null
+				|| (StringUtil.isBlank(request.getSignature()) && StringUtil
+						.isBlank(request.getMsgSignature()))) {
 			ctx.writeAndFlush(HttpUtil.createHttpResponse(BAD_REQUEST))
 					.addListener(ChannelFutureListener.CLOSE);
 			return;
 		}
+		/**
+		 * 公众平台:无论Get,Post都带signature参数,当开启aes模式时带msg_signature参数
+		 * 企业号:无论Get,Post都带msg_signature参数
+		 **/
 		if (request.getMethod().equals(HttpMethod.GET.name())) {
-			if (MessageUtil.signature(aesToken.getToken(),
+			if (!StringUtil.isBlank(request.getSignature())
+					&& MessageUtil.signature(aesToken.getToken(),
 							request.getTimeStamp(), request.getNonce()).equals(
 							request.getSignature())) {
 				ctx.write(new SingleResponse(request.getEchoStr()));
 				return;
 			}
+			if (!StringUtil.isBlank(request.getMsgSignature())
+					&& MessageUtil.signature(aesToken.getToken(),
+							request.getTimeStamp(), request.getNonce(),
+							request.getEchoStr()).equals(
+							request.getMsgSignature())) {
+				ctx.write(new SingleResponse(MessageUtil.aesDecrypt(null,
+						aesToken.getAesKey(), request.getEchoStr())));
+				return;
+			}
 			ctx.writeAndFlush(HttpUtil.createHttpResponse(FORBIDDEN))
 					.addListener(ChannelFutureListener.CLOSE);
 			return;
@ -80,8 +96,8 @@ public class WeixinRequestHandler extends
 						.addListener(ChannelFutureListener.CLOSE);
 				return;
 			}
-			if (request.getEncryptType() == EncryptType.AES) {
-				if (!MessageUtil.signature(aesToken.getToken(),
+			if (request.getEncryptType() == EncryptType.AES
+					&& !MessageUtil.signature(aesToken.getToken(),
 							request.getTimeStamp(), request.getNonce(),
 							request.getEncryptContent()).equals(
 							request.getMsgSignature())) {
@ -89,7 +105,6 @@ public class WeixinRequestHandler extends
 						.addListener(ChannelFutureListener.CLOSE);
 				return;
 			}
-			}
 		} else {
 			ctx.writeAndFlush(HttpUtil.createHttpResponse(METHOD_NOT_ALLOWED))
 					.addListener(ChannelFutureListener.CLOSE);
--- a/weixin4j-server/src/main/java/com/foxinmy/weixin4j/util/MessageUtil.java
+++ b/weixin4j-server/src/main/java/com/foxinmy/weixin4j/util/MessageUtil.java
@ -159,7 +159,7 @@ public final class MessageUtil {
 			throw new WeixinException("-40008", "xml内容不合法:" + e.getMessage());
 		}
 		// 校验appId是否一致
-		if (!fromAppId.trim().equals(appId)) {
+		if (appId != null && !fromAppId.trim().equals(appId)) {
 			throw new WeixinException("-40005", "校验AppID失败,expect " + appId
 					+ ",but actual is " + fromAppId);
 		}