1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93
| import java.io.BufferedReader; import java.io.IOException; import java.io.PrintWriter; import java.util.HashMap; import java.util.Map; import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSONObject; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.jose4j.jwe.JsonWebEncryption; import org.jose4j.jwk.JsonWebKey;
//Webhook 基本协议实现 //以下代码为示例,未妥善处理业务字段或异常等因素 public class WebServ extends HttpServlet{
@Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { } @Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { //配置项,测试时请修改以下配置 String jwkJson = "{\"kty\":\"oct\",\"k\":\"MDEyMzQ1Njc4OWFiY2RlZg\"}"; //组建自己的 PSK_TABLE, 可根据自己的需求修改 Map<String, JsonWebKey> psk_table = new HashMap<String, JsonWebKey>(); psk_table.put("0", JsonWebKey.Factory.newJwk(jwkJson)); response.setCharacterEncoding("UTF-8"); response.setHeader("content-type", "application/jwt;charset=UTF-8"); //获取请求头 PrintWriter res = response.getWriter(); BufferedReader br = request.getReader(); String req_body = null; req_body = br.readLine(); br.close(); //构建解密jwe JsonWebEncryption jwetoken = new JsonWebEncryption(); jwetoken.setCompactSerialization(req_body); //从 protected 字段中解出来 kid String kid = jwetoken.getKeyIdHeaderValue(); //通过 kid 确定要用哪个解密 key JsonWebKey psk = psk_table.get(kid); //用 key 解密取得解密后的内容 jwetoken.setKey(psk.getKey()); String plaintext = jwetoken.getPlaintextString(); //解码 Map<String, Object> jsonText = JSON.parseObject(plaintext); //获取资源号id String srcid = (String) jsonText.get("srcid"); JSONObject payload = new JSONObject(); //如果资源方有多张卡片,从 req 中解析出来 srcid,处理相应的业务逻辑 if (srcid.equals("123")) { //do something payload.put("msg", "success"); payload.put("status", 0); JSONObject data = new JSONObject(); data.put("jump_url","/path/to/page3"); payload.fluentPut("data", data); } else { payload.put("msg", "Invalid srcid"); payload.put("status", 2); } //处理业务响应结果 String res_plaintext = JSON.toJSONString(payload); //用请求的 header 和 key 生成加密结果,保持加密算法和头内容(kid/rid)与请求一致 JsonWebEncryption senderJwe = new JsonWebEncryption(); senderJwe.setPlaintext(res_plaintext); senderJwe.setAlgorithmHeaderValue(jwetoken.getAlgorithmHeaderValue()); senderJwe.setEncryptionMethodHeaderParameter(jwetoken.getEncryptionMethodHeaderParameter()); senderJwe.setKey(psk.getKey()); senderJwe.setKeyIdHeaderValue(jwetoken.getKeyIdHeaderValue()); senderJwe.setHeader("rid", jwetoken.getHeader("rid")); String res_body = senderJwe.getCompactSerialization(); res.write(res_body); } }
|