1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
| import java.io.BufferedReader;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jwk.JsonWebKey;
//Webhook 基本协议实现
//以下代码为示例,未妥善处理业务字段或异常等因素
public class WebServ extends HttpServlet{
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//配置项,测试时请修改以下配置
String jwkJson = "{\"kty\":\"oct\",\"k\":\"MDEyMzQ1Njc4OWFiY2RlZg\"}";
//组建自己的 PSK_TABLE, 可根据自己的需求修改
Map<String, JsonWebKey> psk_table = new HashMap<String, JsonWebKey>();
psk_table.put("0", JsonWebKey.Factory.newJwk(jwkJson));
response.setCharacterEncoding("UTF-8");
response.setHeader("content-type", "application/jwt;charset=UTF-8");
//获取请求头
PrintWriter res = response.getWriter();
BufferedReader br = request.getReader();
String req_body = null;
req_body = br.readLine();
br.close();
//构建解密jwe
JsonWebEncryption jwetoken = new JsonWebEncryption();
jwetoken.setCompactSerialization(req_body);
//从 protected 字段中解出来 kid
String kid = jwetoken.getKeyIdHeaderValue();
//通过 kid 确定要用哪个解密 key
JsonWebKey psk = psk_table.get(kid);
//用 key 解密取得解密后的内容
jwetoken.setKey(psk.getKey());
String plaintext = jwetoken.getPlaintextString();
//解码
Map<String, Object> jsonText = JSON.parseObject(plaintext);
//获取资源号id
String srcid = (String) jsonText.get("srcid");
JSONObject payload = new JSONObject();
//如果资源方有多张卡片,从 req 中解析出来 srcid,处理相应的业务逻辑
if (srcid.equals("123")) {
//do something
payload.put("msg", "success");
payload.put("status", 0);
JSONObject data = new JSONObject();
data.put("jump_url","/path/to/page3");
payload.fluentPut("data", data);
} else {
payload.put("msg", "Invalid srcid");
payload.put("status", 2);
}
//处理业务响应结果
String res_plaintext = JSON.toJSONString(payload);
//用请求的 header 和 key 生成加密结果,保持加密算法和头内容(kid/rid)与请求一致
JsonWebEncryption senderJwe = new JsonWebEncryption();
senderJwe.setPlaintext(res_plaintext);
senderJwe.setAlgorithmHeaderValue(jwetoken.getAlgorithmHeaderValue());
senderJwe.setEncryptionMethodHeaderParameter(jwetoken.getEncryptionMethodHeaderParameter());
senderJwe.setKey(psk.getKey());
senderJwe.setKeyIdHeaderValue(jwetoken.getKeyIdHeaderValue());
senderJwe.setHeader("rid", jwetoken.getHeader("rid"));
String res_body = senderJwe.getCompactSerialization();
res.write(res_body);
}
}
|
