For the access procedure, please refer to the WeChat public platform
Available test numbers for development testing
1. Fill in the server configuration (I used the test number for development), as shown in the figure below
2. Verify that the message comes from the WeChat server
Send request, request address: http://cmy.ngrok.xiaomiqiu.cn/wechat/chat (URL address configured in WeChat, WeChat public account interface must start with http:// or https://, respectively support 80 ports and 443 ports ) can be used for intranet penetration, specifically Baidu (the Xiaomi ball I use, the test is completely ok)
The specific verification request code is as follows:
@Controller
@RequestMapping("/wechat")
public class WxController {
private final static String MEDIATYPE_CHARSET_JSON_UTF8 = MediaType.APPLICATION_JSON_VALUE + ";charset=UTF-8";
@RequestMapping(value = "/chat", method = {RequestMethod.GET, RequestMethod.POST}, produces = MEDIATYPE_CHARSET_JSON_UTF8)
public void get(HttpServletRequest request, HttpServletResponse response) throws Exception {
//If it is a get request, it is developer mode verification
if ("get".equals(request.getMethod().toLowerCase())) {
String signature = request.getParameter("signature");
String timestamp = request.getParameter("timestamp");
String nonce = request.getParameter("nonce");
String echostr = request.getParameter("echostr");
PrintWriter out = response.getWriter();
if (CheckUtil.checkSignature(signature, timestamp, nonce)) {
//If the verification is successful, return the obtained random string in the same way
out.print(echostr);
}
}else{
............... }
}
Verification tool class CheckUtil.java
public class CheckUtil {
public static final String token = "xiaodou"; //Developers define their own Token
public static boolean checkSignature(String signature,String timestamp,String nonce){
//1. Define an array to store tooken, timestamp, nonce
String[] arr = {token,timestamp,nonce};
//2. Sort the array
Arrays.sort(arr);
//3. Generate a string
StringBuffer sb = new StringBuffer();
for(String s : arr){
sb.append(s);
}
//4.sha1 encryption, there are ready-made codes on the Internet
String temp = getSha1(sb.toString());
//5. Compare the encrypted string with the encrypted signature from WeChat, and return the result
return temp.equals(signature);
}
public static String getSha1(String str){
if(str==null||str.length()==0){
return null;
}
char hexDigits[] = {'0','1','2','3','4','5','6','7','8','9',
'a','b','c','d','e','f'};
try {
MessageDigest mdTemp = MessageDigest.getInstance("SHA1");
mdTemp.update(str.getBytes("UTF-8"));
byte[] md = mdTemp.digest();
int j = md.length;
char buf[] = new char[j*2];
int k = 0;
for (int i = 0; i < j; i++) {
byte byte0 = md[i];
buf[k++] = hexDigits[byte0 >>> 4 & 0xf];
buf[k++] = hexDigits[byte0 & 0xf];
}
return new String(buf);
} catch (Exception e) {
// TODO: handle exception
return null;
}
}
}
Run the code, enter the corresponding URL and Token in the test number, and click Submit.
If the configuration is successful, it means that it has entered the developer mode and can start developing.
