diff --git a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/config/FeignConfig.java b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/config/FeignConfig.java index d7cefaa..58009b2 100644 --- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/config/FeignConfig.java +++ b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/config/FeignConfig.java @@ -40,8 +40,6 @@ public class FeignConfig implements RequestInterceptor { @Override public void apply(RequestTemplate template) { ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes(); - - log.info("--------白名单-"+tokenWhiteList); log.info("--------请求url-"+template.url()); if (Objects.nonNull(attributes)) { if (isNonExistsWhiteList(template.url())) { diff --git a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/crypto/service/CrypServiceImpl.java b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/crypto/service/CrypServiceImpl.java new file mode 100644 index 0000000..648bbaf --- /dev/null +++ b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/crypto/service/CrypServiceImpl.java @@ -0,0 +1,235 @@ +package com.chinaunicom.mall.ebtp.common.crypto.service; + +import com.alibaba.fastjson.JSON; +import com.alibaba.fastjson.serializer.SerializerFeature; +import com.chinaunicom.mall.ebtp.common.crypto.exception.InvalidArgumentException; +import com.chinaunicom.mall.ebtp.common.crypto.security.CryptoPrimitives; +import com.chinaunicom.mall.ebtp.common.crypto.tenderfee.BidTenderFeeBaseParam; +import com.chinaunicom.mall.ebtp.common.crypto.tenderfee.test; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.io.IOUtils; +import org.bouncycastle.crypto.CryptoException; +import org.bouncycastle.util.encoders.Base64; + +import java.io.*; +import java.net.URL; +import java.security.PrivateKey; +import java.util.ArrayList; +import java.util.List; + +@Slf4j +public class CrypServiceImpl { + + private static final String SIGNING_ALGORITHM = "SHA256withECDSA"; + private static final String DATA_PATH = "C:\\Users\\user\\Downloads\\debian-edu-10.8.0-amd64-netinst.iso.torrent"; + + // 私钥文件路径 - 加密 + private static String PEM_PATH = "admin_certPrivate.pem"; + + // 证书文件路径 - 解密 + private static String CRT_PATH = "admin.crt"; + public static void main(String[] args) throws ClassNotFoundException, IllegalAccessException, InstantiationException, CryptoException, InvalidArgumentException, UnsupportedEncodingException { + + URL pem = test.class.getClassLoader().getResource(PEM_PATH); + URL crt = test.class.getClassLoader().getResource(CRT_PATH); + + PEM_PATH = pem.getPath(); + CRT_PATH = crt.getPath(); + + // example of HashMap entity, treeMap can also work out, + // but LinkedHashMap is NOT supported +// Map map = new HashMap<>(1); +// map.put("SECTION_ID","L3307"); +// map.put("DOCUMENT_ID","8533"); +// map.put("CONTENT_FILE_HASH","12321123"); +// map.put("TP_ID","L3307A"); +// +// String signature = signObject(map,PEM_PATH); +// System.out.println("signature of Map: "+signature); +// boolean isOk = verifyObject(signature,map,CRT_PATH); +// System.out.println("verify result of Map: "+ isOk); + + // example of bean entity + + String pemVal = "-----BEGIN PRIVATE KEY-----\n" + + "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgjF+tq8oc1tNjot69\n" + + "9OQgzr7Dqg1OkVo4PY4tKBL8+82hRANCAARKLIuOloTZe1B0J0k+CITZdsx8Gham\n" + + "JTuxCRGLdCLpq6wHHGEqWn9VDkwk5eX6OYQxYuBRiPZp7gP/njpx5CkF\n" + + "-----END PRIVATE KEY-----"; + + String crtVal = "-----BEGIN CERTIFICATE-----\n" + + "MIICgzCCAimgAwIBAgIULDLuWrkCL3UaWO5u7yiu8UghEjEwCgYIKoZIzj0EAwIw\n" + + "ZzELMAkGA1UEBhMCQ04xETAPBgNVBAgTCFNoYW5Eb25nMQ4wDAYDVQQHEwVKaU5h\n" + + "bjEYMBYGA1UEChMPYWRtaW50MDgxMmFvcmczMRswGQYDVQQDExJjYS5hZG1pbnQw\n" + + "ODEyYW9yZzMwHhcNMjEwODE3MDExODAwWhcNMjIwODE3MDEyMzAwWjAzMRwwDQYD\n" + + "VQQLEwZjbGllbnQwCwYDVQQLEwRvcmczMRMwEQYDVQQDDAphZG1pbkBvcmczMFkw\n" + + "EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESiyLjpaE2XtQdCdJPgiE2XbMfBoWpiU7\n" + + "sQkRi3Qi6ausBxxhKlp/VQ5MJOXl+jmEMWLgUYj2ae4D/546ceQpBaOB5jCB4zAO\n" + + "BgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUcyAwVSk9V615\n" + + "ryVrpykYwJbUs7UwKwYDVR0jBCQwIoAgOIS8Yvvj2hRg0V3+x659Mn60B09bt8Fl\n" + + "eRcf79zjGRkwFAYDVR0RBA0wC4IJSlpaSEpTLTcyMGEGCCoDBAUGBwgBBFV7ImF0\n" + + "dHJzIjp7ImhmLkFmZmlsaWF0aW9uIjoib3JnMyIsImhmLkVucm9sbG1lbnRJRCI6\n" + + "ImFkbWluQG9yZzMiLCJoZi5UeXBlIjoiY2xpZW50In19MAoGCCqGSM49BAMCA0gA\n" + + "MEUCIQCi/6V6gmt4k5MUSfym9RFGqPwmD1hyWmtWKj448PXALAIgQfHHiX+P2M6k\n" + + "GqneZYuHHxazU37s5ZaFBPylOJJEO2Y=\n" + + "-----END CERTIFICATE-----"; + + // 需正确设置bean的@JSONField,以确保解析到的字段名称与文档一致 + List paramList = new ArrayList<>(); + BidTenderFeeBaseParam bean = new BidTenderFeeBaseParam(); + bean.setTenderId("8533"); + bean.setShoppingCartId("L3307"); + bean.setAmount("1000"); + bean.setTpId("L3307A"); + bean.setSectionId("1111"); + + paramList.add(bean); + // 用于签名的Bean将被signObject转换为json(String,然后转换为byte[]),请确保该json只包含文档规定的业务字段,且“SGIN"不应包含其中 + String signatureOfBean = signObject2(paramList,pemVal); + // 生成的签名现在可以追加到签名字段 + System.out.println("signature of Bean: "+signatureOfBean); + boolean isOkBean = verifyValue(signatureOfBean,paramList,crtVal); + System.out.println("verify result of Bean: "+ isOkBean); + + } + + /** + * 验证数据实体 + * @param signatureString Base64加密的密钥 + * @param entity 数据实体 + * @param crtKey 证书路径 + * @return + */ + public static boolean verifyValue(String signatureString, Object entity, String crtKey){ + return verifyValue(signatureString,JSON.toJSONBytes(entity,SerializerFeature.MapSortField,SerializerFeature.SortField),crtKey); + } + + /** + * 验证二进制数据串 + * @param signatureString Base64加密的密钥 + * @param plainData 源数据 + * @param crtKey 证书路径 + * @return + */ + public static boolean verifyValue(String signatureString, byte[] plainData, String crtKey){ + byte[] signature = Base64.decode(signatureString); + CryptoPrimitives cp = null; + boolean result = false; + try { + cp = new CryptoPrimitives(); + cp.init(); + byte[] crtBytes = crtKey.getBytes(); + result = cp.verify(crtBytes, SIGNING_ALGORITHM, signature, plainData); + } catch (ClassNotFoundException | IllegalAccessException | InstantiationException | InvalidArgumentException | com.chinaunicom.mall.ebtp.common.crypto.exception.CryptoException e) { + e.printStackTrace(); + } + return result; + } + /** + * 验证二进制数据串 + * @param signatureString Base64加密的密钥 + * @param plainData 源数据 + * @param crtPath 证书路径 + * @return + */ + public static boolean verifyBytes(String signatureString, byte[] plainData, String crtPath){ + byte[] signature = Base64.decode(signatureString); + CryptoPrimitives cp = null; + boolean result = false; + try { + cp = new CryptoPrimitives(); + cp.init(); + byte[] crtBytes = readAsBytes(crtPath); + result = cp.verify(crtBytes, SIGNING_ALGORITHM, signature, plainData); + } catch (ClassNotFoundException | IllegalAccessException | InstantiationException | InvalidArgumentException | com.chinaunicom.mall.ebtp.common.crypto.exception.CryptoException e) { + e.printStackTrace(); + } + return result; + } + + /** + * 验证数据实体 + * @param signatureString Base64加密的密钥 + * @param entity 数据实体 + * @return + */ + public static boolean verifyObject(String signatureString, Object entity){ + URL crt = test.class.getClassLoader().getResource(CRT_PATH); + return verifyObject(signatureString,entity,crt.getPath()); + } + /** + * 验证数据实体 + * @param signatureString Base64加密的密钥 + * @param entity 数据实体 + * @param crtPath 证书路径 + * @return + */ + public static boolean verifyObject(String signatureString, Object entity, String crtPath){ + return verifyBytes(signatureString,JSON.toJSONBytes(entity,SerializerFeature.MapSortField,SerializerFeature.SortField),crtPath); + } + + /** + * 生成签名 + * @param object 数据实体 + * @return Base64加密的密钥 + */ + public static String signObject(Object object){ + URL pem = test.class.getClassLoader().getResource(PEM_PATH); + return signObject(object,pem.getPath()); + } + /** + * 生成签名 + * @param object 数据实体 + * @param privateVal 密钥路径 + * @return Base64加密的密钥 + */ + public static String signObject2(Object object, String privateVal){ + CryptoPrimitives cp = null; + byte[] signature = null; + try { + cp = new CryptoPrimitives(); + cp.init(); + byte[] pemBytes = privateVal.getBytes(); + PrivateKey key = cp.bytesToPrivateKey(pemBytes); + signature = cp.sign(key, JSON.toJSONBytes(object, SerializerFeature.MapSortField,SerializerFeature.SortField)); + } catch (ClassNotFoundException | IllegalAccessException | InstantiationException | InvalidArgumentException | com.chinaunicom.mall.ebtp.common.crypto.exception.CryptoException e) { + e.printStackTrace(); + } + return signature==null?"":Base64.toBase64String(signature); + } + /** + * 生成签名 + * @param object 数据实体 + * @param privatePath 密钥路径 + * @return Base64加密的密钥 + */ + public static String signObject(Object object, String privatePath){ + CryptoPrimitives cp = null; + byte[] signature = null; + try { + cp = new CryptoPrimitives(); + cp.init(); + byte[] pemBytes = readAsBytes(privatePath); + PrivateKey key = cp.bytesToPrivateKey(pemBytes); + signature = cp.sign(key, JSON.toJSONBytes(object, SerializerFeature.MapSortField,SerializerFeature.SortField)); + } catch (ClassNotFoundException | IllegalAccessException | InstantiationException | InvalidArgumentException | com.chinaunicom.mall.ebtp.common.crypto.exception.CryptoException e) { + e.printStackTrace(); + } + return signature==null?"":Base64.toBase64String(signature); + } + + private static byte[] readAsBytes(String path) { + File file = new File(path); + byte[] result={}; + try(FileInputStream is = new FileInputStream(file); + BufferedInputStream bis =new BufferedInputStream(is);) + { + result = IOUtils.toByteArray(bis); + }catch (FileNotFoundException e){ + log.error(path+" not found"); + }catch (IOException e){ + log.error(e.toString()); + } + return result; + } +} diff --git a/uboot-common/src/main/resources/admin.crt b/uboot-common/src/main/resources/admin.crt new file mode 100644 index 0000000..677b006 --- /dev/null +++ b/uboot-common/src/main/resources/admin.crt @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICgzCCAimgAwIBAgIULDLuWrkCL3UaWO5u7yiu8UghEjEwCgYIKoZIzj0EAwIw +ZzELMAkGA1UEBhMCQ04xETAPBgNVBAgTCFNoYW5Eb25nMQ4wDAYDVQQHEwVKaU5h +bjEYMBYGA1UEChMPYWRtaW50MDgxMmFvcmczMRswGQYDVQQDExJjYS5hZG1pbnQw +ODEyYW9yZzMwHhcNMjEwODE3MDExODAwWhcNMjIwODE3MDEyMzAwWjAzMRwwDQYD +VQQLEwZjbGllbnQwCwYDVQQLEwRvcmczMRMwEQYDVQQDDAphZG1pbkBvcmczMFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESiyLjpaE2XtQdCdJPgiE2XbMfBoWpiU7 +sQkRi3Qi6ausBxxhKlp/VQ5MJOXl+jmEMWLgUYj2ae4D/546ceQpBaOB5jCB4zAO +BgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUcyAwVSk9V615 +ryVrpykYwJbUs7UwKwYDVR0jBCQwIoAgOIS8Yvvj2hRg0V3+x659Mn60B09bt8Fl +eRcf79zjGRkwFAYDVR0RBA0wC4IJSlpaSEpTLTcyMGEGCCoDBAUGBwgBBFV7ImF0 +dHJzIjp7ImhmLkFmZmlsaWF0aW9uIjoib3JnMyIsImhmLkVucm9sbG1lbnRJRCI6 +ImFkbWluQG9yZzMiLCJoZi5UeXBlIjoiY2xpZW50In19MAoGCCqGSM49BAMCA0gA +MEUCIQCi/6V6gmt4k5MUSfym9RFGqPwmD1hyWmtWKj448PXALAIgQfHHiX+P2M6k +GqneZYuHHxazU37s5ZaFBPylOJJEO2Y= +-----END CERTIFICATE----- diff --git a/uboot-common/src/main/resources/admin_certPrivate.pem b/uboot-common/src/main/resources/admin_certPrivate.pem new file mode 100644 index 0000000..d738684 --- /dev/null +++ b/uboot-common/src/main/resources/admin_certPrivate.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgjF+tq8oc1tNjot69 +9OQgzr7Dqg1OkVo4PY4tKBL8+82hRANCAARKLIuOloTZe1B0J0k+CITZdsx8Gham +JTuxCRGLdCLpq6wHHGEqWn9VDkwk5eX6OYQxYuBRiPZp7gP/njpx5CkF +-----END PRIVATE KEY-----