增加json key 排序的方法，解决摘要签名顺序引起的验签失败问题

2025-07-16 22:22:56 +08:00 · 2025-07-16 22:22:56 +08:00 · 54ad2d6d3c
commit 54ad2d6d3c
parent 809d0832c3
3 changed files with 60 additions and 0 deletions
--- a/mall-common/src/main/java/com/suisung/mall/common/utils/CommonUtil.java
+++ b/mall-common/src/main/java/com/suisung/mall/common/utils/CommonUtil.java
@ -2,6 +2,7 @@ package com.suisung.mall.common.utils;

 import cn.hutool.core.util.ObjectUtil;
 import cn.hutool.core.util.StrUtil;
+import cn.hutool.json.JSONObject;
 import com.suisung.mall.common.api.StateCode;
 import com.suisung.mall.common.exception.ApiException;
 import org.apache.commons.codec.binary.Base64;
@ -290,6 +291,18 @@ public class CommonUtil {
        }
    }

+    /**
+     * 生成 md 摘要通用签名（参考了顺丰同城的做法）
+     *
+     * @param postData JSON 对象的 key 做了排序
+     * @param appId
+     * @param appKey
+     * @return
+     */
+    public static String generateOpenSign(JSONObject postData, String appId, String appKey) {
+        return generateOpenSign(JsonUtil.sortJsonObjectByKeyAsc(postData).toString(), appId, appKey);
+    }
+
    /**
     * 验证MD5摘要签名
     *
@ -314,6 +327,19 @@ public class CommonUtil {
        return sign.equals(sn);
    }

+    /**
+     * 验证MD5摘要签名
+     *
+     * @param sign
+     * @param postData JSON 对象的 key 做了排序
+     * @param appId
+     * @param appKey
+     * @return
+     */
+    public static boolean checkOpenSign(String sign, JSONObject postData, String appId, String appKey) {
+        return checkOpenSign(sign, JsonUtil.sortJsonObjectByKeyAsc(postData).toString(), appId, appKey);
+    }
+
    /**
     * 检查分账比例的数值是否在 0.00-100.00 范围内
     *
--- a/mall-common/src/main/java/com/suisung/mall/common/utils/JsonUtil.java
+++ b/mall-common/src/main/java/com/suisung/mall/common/utils/JsonUtil.java
@ -10,6 +10,7 @@ import org.slf4j.LoggerFactory;

 import java.io.IOException;
 import java.util.List;
+import java.util.TreeMap;

 /**
 * json转换工具类
@ -106,4 +107,31 @@ public class JsonUtil {
            }
        }
    }
+
+    /**
+     * 高性能JSONObject按key升序排序（asc）
+     * 利用TreeMap天然有序特性，减少中间集合操作
+     */
+    public static JSONObject sortJsonObjectByKeyAsc(JSONObject jsonObject) {
+        if (jsonObject == null || jsonObject.isEmpty()) {
+            return new JSONObject();
+        }
+
+        // 直接转换为TreeMap（自动按key升序），减少中间集合创建
+        TreeMap<String, Object> sortedMap = new TreeMap<>(jsonObject);
+
+        // 直接基于有序Map构造JSONObject（Hutool支持Map构造）
+        return new JSONObject(sortedMap);
+    }
+
+
+    public static void main(String[] args) {
+        JSONObject jsonObject = new JSONObject();
+        jsonObject.put("b", "2");
+        jsonObject.put("a", "1");
+        jsonObject.put("c", "3");
+        jsonObject.put("a", "2");
+        jsonObject.put("A", "1");
+        System.out.println(sortJsonObjectByKeyAsc(jsonObject));
+    }
 }
--- a/mall-shop/src/main/java/com/suisung/mall/shop/order/service/impl/ShopOrderBaseServiceImpl.java
+++ b/mall-shop/src/main/java/com/suisung/mall/shop/order/service/impl/ShopOrderBaseServiceImpl.java
@ -8613,6 +8613,7 @@ public class ShopOrderBaseServiceImpl extends BaseServiceImpl<ShopOrderBaseMappe
                Collections.singletonList(StateCode.DELIVERY_TYPE_SAME_CITY),
                null
        ));
+
        // 同城配送进行中订单数量
        jsonObject.putByPath("same_city_order.progress_count", shopOrderInfoService.getOrderCountByStoreId(storeId,
                Arrays.asList(StateCode.ORDER_STATE_WAIT_REVIEW, StateCode.ORDER_STATE_WAIT_FINANCE_REVIEW,
@ -8622,6 +8623,7 @@ public class ShopOrderBaseServiceImpl extends BaseServiceImpl<ShopOrderBaseMappe
                Collections.singletonList(StateCode.DELIVERY_TYPE_SAME_CITY),
                null
        ));
+
        // 同城配送超时订单数量
        jsonObject.putByPath("same_city_order.overtime_count", shopOrderInfoService.getOrderCountByStoreId(storeId,
                Arrays.asList(StateCode.ORDER_STATE_WAIT_REVIEW,
@ -8650,6 +8652,7 @@ public class ShopOrderBaseServiceImpl extends BaseServiceImpl<ShopOrderBaseMappe
                Arrays.asList(StateCode.DELIVERY_TYPE_EXPRESS, StateCode.DELIVERY_TYPE_EXP),
                null
        ));
+
        // 普通物流待支付订单数量
        jsonObject.putByPath("logistics_order.wait_pay_count", shopOrderInfoService.getOrderCountByStoreId(storeId,
                Collections.singletonList(StateCode.ORDER_STATE_WAIT_PAY),
@ -8659,6 +8662,7 @@ public class ShopOrderBaseServiceImpl extends BaseServiceImpl<ShopOrderBaseMappe
                Arrays.asList(StateCode.DELIVERY_TYPE_EXPRESS, StateCode.DELIVERY_TYPE_EXP),
                null
        ));
+
        // 普通物流待发货订单数量
        jsonObject.putByPath("logistics_order.wait_shipping_count", shopOrderInfoService.getOrderCountByStoreId(storeId,
                Arrays.asList(StateCode.ORDER_STATE_WAIT_REVIEW,
@ -8672,6 +8676,7 @@ public class ShopOrderBaseServiceImpl extends BaseServiceImpl<ShopOrderBaseMappe
                Arrays.asList(StateCode.DELIVERY_TYPE_EXPRESS, StateCode.DELIVERY_TYPE_EXP),
                null
        ));
+
        // 普通物流待收货订单数量
        jsonObject.putByPath("logistics_order.receiving_count", shopOrderInfoService.getOrderCountByStoreId(storeId,
                Collections.singletonList(StateCode.ORDER_STATE_SHIPPED),
@ -8681,6 +8686,7 @@ public class ShopOrderBaseServiceImpl extends BaseServiceImpl<ShopOrderBaseMappe
                Arrays.asList(StateCode.DELIVERY_TYPE_EXPRESS, StateCode.DELIVERY_TYPE_EXP),
                null
        ));
+        
        // 普通物流已完成订单数量
        jsonObject.putByPath("logistics_order.finished_count", shopOrderInfoService.getOrderCountByStoreId(storeId,
                Arrays.asList(StateCode.ORDER_STATE_RECEIVED, StateCode.ORDER_STATE_FINISH),