微信公众号开发之服务器接入指南之Java版本

@GetMapping("/message")
    @ResponseBody
    public String checkToken(@RequestParam String signature, @RequestParam String timestamp,
                             @RequestParam String nonce, @RequestParam String echostr) {
        boolean result = wxService.checkSignature(signature, timestamp, nonce, echostr);
        if (result) 
            return echostr;
        return "FAILURE";
    }

public boolean checkSignature(String signature, String timestamp, String nonce, String echostr) {
    String[] array = new String[]{ "这里可以硬编码一个token", timestamp, nonce};
        //先对这三个字符串字典排序，然后拼接
        Arrays.sort(array);
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < array.length; i++) {
            sb.append(array[i]);
        }

        //使用SHA-1算法对拼接字符串加密
        MessageDigest messageDigest = null;
        String hexStr = null;

        try {
            messageDigest = MessageDigest.getInstance("SHA-1");
            byte[] digest = messageDigest.digest(sb.toString().getBytes());
            //将加密后的字符串转换成16进制字符串
            hexStr = StringUtil.bytesToHexStr(digest);

        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        //返回校验结果
        return signature.equalsIgnoreCase(hexStr);
    }

/**
     * @param bytes 加密字节数组
     * @return 转换后的16进制字符串
     * @description 字节数组转换成16进制字符串
     */
    public static String bytesToHexStr(byte[] bytes) {
        StringBuilder sb = new StringBuilder();
        int len = bytes.length;
        for (int i = 0; i < len; i++) {
            String hexStr = Integer.toHexString(bytes[i] & 0xff);
            if (hexStr.length() < 2) {
                sb.append(0);
            }
            sb.append(hexStr);
        }
        return sb.toString();
    }