package com.matrix.component.dingding; import com.alibaba.fastjson.JSONObject; import com.dingtalk.api.DefaultDingTalkClient; import com.dingtalk.api.request.OapiGetJsapiTicketRequest; import com.dingtalk.api.request.OapiGettokenRequest; import com.dingtalk.api.response.OapiGetJsapiTicketResponse; import com.dingtalk.api.response.OapiGettokenResponse; import com.matrix.core.tools.StringUtils; import com.taobao.api.ApiException; import java.io.UnsupportedEncodingException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.text.SimpleDateFormat; import java.util.Formatter; import java.util.HashMap; import java.util.Map; /** * @author jiangyouyao * @description 钉钉授权凭证工具 */ public class AuthHelper { public static SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); /** * 在此方法中,为了避免频繁获取access_token, * 在距离上一次获取access_token时间在两个小时之内的情况, * 将直接从持久化存储中读取access_token * * 因为access_token和jsapi_ticket的过期时间都是7200秒 * 所以在获取access_token的同时也去获取了jsapi_ticket * 注:jsapi_ticket是在前端页面JSAPI做权限验证配置的时候需要使用的 * 具体信息请查看开发者文档--权限验证配置 */ public static String getAccessToken() throws OApiException { DefaultDingTalkClient client = new DefaultDingTalkClient("https://oapi.dingtalk.com/gettoken"); OapiGettokenRequest request = new OapiGettokenRequest(); request.setAppkey(DDEnvConfig.APPKEY); request.setAppsecret(DDEnvConfig.APPSECRET); request.setHttpMethod("GET"); OapiGettokenResponse response=null; try { response = client.execute(request); } catch (ApiException e) { e.printStackTrace(); } return response.getAccessToken(); } /** *正常的情况下,jsapi_ticket的有效期为7200秒,所以开发者需要在某个地方设计一个定时器,定期去更新jsapi_ticket */ public static String getJsapiTicket(String accessToken) throws OApiException { String jsTicket = ""; DefaultDingTalkClient client = new DefaultDingTalkClient("https://oapi.dingtalk.com/get_jsapi_ticket"); OapiGetJsapiTicketRequest req = new OapiGetJsapiTicketRequest(); req.setTopHttpMethod("GET"); OapiGetJsapiTicketResponse execute=null; try { execute = client.execute(req, accessToken); } catch (ApiException e) { e.printStackTrace(); } jsTicket= execute.getTicket(); return jsTicket; } public static String sign(String ticket, String nonceStr, long timeStamp, String url) throws OApiException { String plain = "jsapi_ticket=" + ticket + "&noncestr=" + nonceStr + "×tamp=" + String.valueOf(timeStamp) + "&url=" + url; try { MessageDigest sha1 = MessageDigest.getInstance("SHA-1"); sha1.reset(); sha1.update(plain.getBytes("UTF-8")); return bytesToHex(sha1.digest()); } catch (NoSuchAlgorithmException e) { throw new OApiResultException(e.getMessage()); } catch (UnsupportedEncodingException e) { throw new OApiResultException(e.getMessage()); } } private static String bytesToHex(byte[] hash) { Formatter formatter = new Formatter(); for (byte b : hash) { formatter.format("%02x", b); } String result = formatter.toString(); formatter.close(); return result; } /** * @Description: 得到页面验证参数 * @author:dingchuan * @return * 返回类型 String * @date 2016年11月27日 */ public static Map getConfig() { String url= DDEnvConfig.URL; String nonceStr = StringUtils.getRandomString(10); long timeStamp = System.currentTimeMillis(); String signedUrl = url; String accessToken = null; String ticket = null; String signature = null; Long agentid = null; try { accessToken = AuthHelper.getAccessToken(); ticket = AuthHelper.getJsapiTicket(accessToken); signature = AuthHelper.sign(ticket, nonceStr, timeStamp, signedUrl); agentid = DDEnvConfig.AGENT_ID; } catch (OApiException e) { e.printStackTrace(); } Map map= new HashMap<>(); map.put("jsticket",ticket); map.put("signature",signature); map.put("nonceStr",nonceStr); map.put("timeStamp",timeStamp+""); map.put("corpId", DDEnvConfig.CORP_ID); map.put("agentid",agentid+""); return map; } public static String getSsoToken() throws OApiException { String url = "https://oapi.dingtalk.com/sso/gettoken?corpid=" + DDEnvConfig.CORP_ID + "&corpsecret=" + DDEnvConfig.SSO_SECRET; JSONObject response = HttpHelper.httpGet(url); String ssoToken; if (response.containsKey("access_token")) { ssoToken = response.getString("access_token"); } else { throw new OApiResultException("Sso_token"); } return ssoToken; } }