https://api.weixin.qq.com/wxa/business/getuserencryptkey?access_token=75_Z80V_-_Tqd9pLYXdVvr8UfbwVAPOEC36h6jbE9z35IWtlCCEXcNr8P3NUXBNLAMOUZFUIAM2Qhg5ri6HIteK4WqtjkP9b_J9cuOJLvejlS5cPgTB4iqhwf8TU9cAFUeADAJOD 参数： access_token:75_Z80V_-_Tqd9pLYXdVvr8UfbwVAPOEC36h6jbE9z35IWtlCCEXcNr8P3NUXBNLAMOUZFUIAM2Qhg5ri6HIteK4WqtjkP9b_J9cuOJLvejlS5cPgTB4iqhwf8TU9cAFUeADAJOD openid:oZeIR0WhrKYK4sUde-ETXObpc-I0 signature:ab9193c40b5ffb84bda074d8468caf5981fa9990f5b46736b2e01100fe6a7a05 sig_method:hmac_sha256 [图片]

因为业务需求，需要对校验服务器所保存的登录态 session_key 是否合法。所以需要调用checkSessionKey，但是一直检验失败 接口文档地址：小程序登录 / 检验登录态 (qq.com) [图片] 使用了网上的hmac_sha256无法正确校验，一直返回 {     "errcode": 87009,     "errmsg": "invalid signature rid: 65e97785-265f7134-5e01ae56" } 我是这样请求的： [图片] 已经反复核对请求参数，其他三个参数应该是没有问题的，但是一直给我报87009错误。 Java代码hmac_sha256算法如下： import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; import java.nio.charset.StandardCharsets; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; public class SignatureUtil { public static String sign(String secretKey, String message) throws NoSuchAlgorithmException, InvalidKeyException { // 使用 HMAC-SHA256 算法 Mac sha256_HMAC = Mac.getInstance("HmacSHA256"); // 密钥规格 SecretKeySpec secret_key = new SecretKeySpec(secretKey.getBytes(StandardCharsets.UTF_8), "HmacSHA256"); // 初始化 Mac 实例 sha256_HMAC.init(secret_key); // 对消息进行签名 byte[] array = sha256_HMAC.doFinal(message.getBytes(StandardCharsets.UTF_8)); // 将签名转换为十六进制字符串 StringBuilder sb = new StringBuilder(); for (byte b : array) { sb.append(String.format("%02x", b)); } return sb.toString(); } public static void main(String[] args) { try { String sessionKey = "tBW1cE************bg=="; // 你的session_key String message = ""; // 要签名的空字符串 String signature = sign(sessionKey, message); System.out.println("Signature: " + signature); } catch (Exception e) { e.printStackTrace(); } } } 结果如下： Signature: 9fb498ec88e4ff180db55f********42c8b899c0ddc438903042eaab04fcb20a6 Process finished with exit code 0 已经卡住一天了，在网上查找大量资料无果，想问问是哪里出错了？

Response Code: 200 Response: {"session_key":"s5e9\/1DeB8UyOO0YsMxZEQ==","openid":"ohhBa5SnVFeO1dTS1PTQyYlp3KE4"} openid：ohhBa5SnVFeO1dTS1PTQyYlp3KE4 colde： 0f1YuPGa17sRlG0L41Ja16FwYk1YuPGg session_key： s5e9/1DeB8UyOO0YsMxZEQ== rawData： {"nickName":"小杨同学","gender":0,"language":"zh_CN","city":"","province":"","country":"","avatarUrl":"https://thirdwx.qlogo.cn/mmopen/vi_32/Q0j4TwGTfTL5fzC8pBD28oSTDNicFh333dKMQKgLxHfoWc0FNqZibu3K0qsJbPxKlQAicYSzibkw5VAh21Az69ibcXQ/132"} signature  :f8cf8ad973e4109a4a50bcf139a3af938206d998 Response_access_token: 74_8VFarlnhberhVIw087kw6csqHd_Ohh55_S6dV6_yG-sJN3zoH2oXI0r_tYZRMB8K7xGAF4vS_9Vc0sjyTb8k-M4ig-HHIUFQxt-Kz52_DAhoBqK1P56C9_KW3LkAEVhAAADHY access_token : 74_8VFarlnhberhVIw087kw6csqHd_Ohh55_S6dV6_yG-sJN3zoH2oXI0r_tYZRMB8K7xGAF4vS_9Vc0sjyTb8k-M4ig-HHIUFQxt-Kz52_DAhoBqK1P56C9_KW3LkAEVhAAADHY 自己加密的与微信返回的sigtrue一致，还是返回errcode":87009,"errmsg":"invalid signature rid，求大神解答 /** * 检查sessionkey是否有效 * * @date 2023/10/30 16:38 */ public static String sessiontimeliness(String date ,String sessionkey ,String openids) { String errcode =null; // 替换以下值为实际的 ACCESS_TOKEN、SIGNATURE、OPENID 和 SIG_METHOD String access_token = getcredential(); System.out.println("access_token : " + access_token); String signature = getUserSignature(date,sessionkey); String openid = openids; String sig_method = "hmac_sha256";//;getUsersig_method(date,sessionkey) // 构建请求URL getUsersig_method(date,sessionkey) String apiUrl = "https://api.weixin.qq.com/wxa/checksession" + "?access_token=" + access_token + "&signature=" + signature + "&openid=" + openid + "&sig_method=" + sig_method; System.out.println("验证Session-key ----apiUrl："+apiUrl); try { URL url = new URL(apiUrl); // 打开连接 HttpURLConnection connection = (HttpURLConnection) url.openConnection(); // 设置请求方法为GET connection.setRequestMethod("GET"); // 获取响应 BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream())); String line; StringBuilder response = new StringBuilder(); while ((line = reader.readLine()) != null) { response.append(line); } reader.close(); // 输出响应结果 System.out.println("检查sessionkey时效__Response:\n" + response.toString()); JSONObject jsonObject = JSON.parseObject(response.toString()); errcode = jsonObject.getString("errcode"); // 关闭连接 connection.disconnect(); } catch (Exception e) { throw new RuntimeException(e); } return errcode; } /** * 获取signature * * @date 2023/10/30 16:38 * <p> * <p> * String datas, String secretKey */staticStringStringStringStringnullString"拼接后的串：=======*************"try// 创建SHA-1消息摘要对象"SHA-1"// 将字符串转换为字节数组// 计算哈希值// 将哈希值转换为十六进制字符串newforString0xffif1'0'"Signature加密后的值："catch"SHA-1 algorithm is not available."return sha1; }