首页文档中心API帮助与支持 前往新版

全部文档 > 数据交互与安全

数据交互与安全Data exchange and security

采用HTTP标准的POST协议,POST一般用于页面跳转交互模式的请求和通知、后台系统调用模式的请求、后台通知模式的请求。
Using the HTTP standard POST protocol, POST is generally used for request and notification of page jump interaction mode, request of system call mode, and request of background notification mode.

接口响应异常的补偿逻辑:
Interface response to abnormal compensation logic:
1、携程请求供应商接口时出现异常或者超时,携程会进行3次补偿处理,同批次请求时请返回相同的结果。
1、When Ctrip requests supplier’s interface, if it is abnormal or overtime, Ctrip will do the compensation process 3 times with the batch code, please return the same result with the same batch code.
2、供应商请求携程接口时若因网络超时或其他原因导致没有收到携程处理结果响应,请用相同报文重试请求携程接口。
2、when supplier requests Ctrip interface,If the supplier doesn’t receive the Ctrip result due to network overtime or other reasons , please use the same message to retry Ctrip interface.

编码格式
Encoding format
格式:UTF-8
format: UTF-8
                
携程跟供应商交互的信息做到签名、防篡改。
The interactive information between Ctrip and supplier is signed in case of falsify.
验证签名步骤:
Verification Signature Steps:
	获取json报文中的body部分
Get json message in the body part
	对参数(accountId+serviceName+requestTime+body+version+signkey)进行拼接
The parameters (accountId+serviceName+requestTime+body+version+signkey) stitching
	拼接的参数进行MD5编码并转小写后进行签名比对验证
MD5 coding and lowercase stitching parameters to verify the signature comparison

Java签名组装示例代码:
Java signature assembly example code:
JSONObject json = JSONObject.fromObject(body);
String mybody = json.getString("body");
String sign = md5(accountId+serviceName+requestTime+mybody+version+signkey).toLowerCase();
return sign;
                
请求、响应报文的body部分采用AES加密后进行传输。
The body of request and response message is encrypted using AES.
加密后示例:
Encrypted example:
    {
       "header":{
		    "accountId":"xiecheng",
		    "serviceName":"CheckHealth",
		    "requestTime":"2017-01-05 10:00:00",
		    "version":"1.0",
		    "sign":"374d95774f17c3e354e73f7aaf21b5ec"
	   },
       "body":"RRRJJNGHELTYYYTTEWRKJJJKRKEWR=="
}

加密模式为AES-128-CBC,补码方式为AES/CBC/PKCS5Padding。
Encryption mode is AES-128-CBC, complement code is AES / CBC / PKCS5Padding.
加密的私钥(key)、初始化向量参数(iv)均为16位由携程生成给到供应商。
Encrypted private key (key), initialization vector parameters (iv) are 16 bits generated by Ctrip to the supplier.
AES代码示例:

    /**
     * 加密方法
     *
     * @param encData   要加密的数据
     * @param secretKey  密钥,16位的数字和字母
     * @param vector     初始化向量,16位的数字和字母
     * @return
     * @throws Exception
     */
    public static String encrypt(String encData, String secretKey, String vector) {
        try {
            byte[] raw = secretKey.getBytes("utf-8");
            SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");// "算法/模式/补码方式"
            IvParameterSpec iv = new IvParameterSpec(vector.getBytes("utf-8"));// 使用CBC模式,需要一个向量iv,可增加加密算法的强度
            cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
            byte[] encrypted = cipher.doFinal(encData.getBytes("utf-8"));
            return encodeBytes(encrypted);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }

    /**
     * 解密方法
     *
     * @param decData   要解密的数据
     * @param secretKey  密钥,16位的数字和字母
     * @param vector     初始化向量,16位的数字和字母
     * @return
     * @throws Exception
     */
    public static String decrypt(String decData, String secretKey, String vector) {
        try {
            byte[] raw = secretKey.getBytes("utf-8");
            SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            IvParameterSpec iv = new IvParameterSpec(vector.getBytes("utf-8"));
            cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
            byte[] encrypted1 = decodeBytes(decData);
            byte[] original = cipher.doFinal(encrypted1);
            return new String(original, "utf-8");
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }

    /**
     * 转16进制
     *
     * @param bytes
     * @return
     */
    public static String encodeBytes(byte[] bytes) {
        StringBuffer strBuf = new StringBuffer();
        for (int i = 0; i < bytes.length; i++) {
            strBuf.append((char) (((bytes[i] >> 4) & 0xF) + ((int) 'a')));
            strBuf.append((char) (((bytes[i]) & 0xF) + ((int) 'a')));
        }
        return strBuf.toString();
    }

    /**
     * 转字节数组
     *
     * @param str
     * @return
     */
    public static byte[] decodeBytes(String str) {
        byte[] bytes = new byte[str.length() / 2];
        for (int i = 0; i < str.length(); i += 2) {
            char c = str.charAt(i);
            bytes[i / 2] = (byte) ((c - 'a') << 4);
            c = str.charAt(i + 1);
            bytes[i / 2] += (c - 'a');
        }
        return bytes;
    }