在开发中与其他银行系统对接时,发现对数据内容加签后,签名无法通过HTTP传递,无法验签。
httpPost.setHeader("signature", signature);
这是由于加密后签名存在特殊字符,不满足RFC 7230规范
org.apache.coyote.http11.Http11Processor - Error parsing HTTP request header
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: The HTTP header line [o9esxbfw4jrokvrgreixks+9kpus/gXQhiwDId/gYbfPZ7smvwl96HXg1Stvi3Z2tbqDBYf2fYt1] does not conform to RFC 7230 and has been ignored.
does not conform to RFC 7230 and has been ignored.
解决办法1
在SpringBoot主启动类设置System属性,允许特殊字符
@Bean
public void allowRfc() {
System.setProperty("tomcat.util.http.parser.HttpParser.requestTargetAllow", "|{}");
}
但是很遗憾,无效
解决办法2
通过URLEncoder
对加密后的签名串encode
//加签
String signature = SignUtils.sign(PRIVATE_KEY_FILE, content);
//真正的签名内容
System.out.println("签名为:" + signature);
//encode
String other=URLEncoder.encode(signature,"UTF-8");
//验签
boolean b = SignUtils.verify(PUBLIC_KEY_FILE, content, URLDecoder.decode(other,"UTF-8"));
if (b) {
System.out.println("验签成功");
} else {
System.out.println("验签失败");
}