优化

7cc870f4 · 以墨为白 · 7be11259 · 7cc870f4 · 7cc870f4 · 7cc870f4
Commit 7cc870f4 authored Jan 10, 2025 by 以墨为白 🎧
3 changed files
--- a/src/main/java/com/zksy/szpt/filter/SignatureVerificationFilter.java
+++ b/src/main/java/com/zksy/szpt/filter/SignatureVerificationFilter.java
@@ -131,13 +131,15 @@ public class SignatureVerificationFilter extends OncePerRequestFilter {
        }
        body = objectMapper.writeValueAsString(objectMap);
+        logger.info("请求参数appId: {}, nonce: {}, timestampStr: {}, 原始body: {}", appId, nonce, timestampStr, body);
        body = EncryptUtil.getInstance().AESEncode(body, appSecret);
+//        logger.info("appSecret{}加密后body: {}", appSecret,body);
        // 校验签名appId+nonce+timestampStr+aes(body,secret)
        String data = String.format("%s%s%s%s", appId, nonce, timestampStr, body);
        String generatedSignature = DigestUtil.md5Hex(data);
        if (!generatedSignature.equals(sign)) {
            logger.warn("签名有误,generatedSignature:{},sign:{},appId:{},nonce:{},timestampStr:{}", generatedSignature, sign, appId, nonce, timestampStr);
-            write(response, "签名有误,sign: " + sign + ",appId:" + appId + ",nonce:" + nonce + ",timestamp:" + timestampStr);
+            write(response, "签名有误,sign: " + sign + ",appId: " + appId + ",nonce: " + nonce + ",timestamp: " + timestampStr);
            return false;
        }

--- a/src/test/java/com/zksy/szpt/TestAppStore.java
+++ b/src/test/java/com/zksy/szpt/TestAppStore.java
@@ -19,6 +19,8 @@ public class TestAppStore {
        appStoreDTO.setAppKey("us2");
        appStoreDTO.setAppSecret(DigestUtil.md5Hex("us"));
        appStoreDTO.setDeptCode("123456");
+        TestHttpUtil.signatureAndRequest("/rest/appStore/updateAppIdSecret", appStoreDTO, AppStoreDTO.class);
        TestHttpUtil.signatureAndRequest("/rest/appStore/insertAppStore", appStoreDTO, AppStoreDTO.class);
 //        TestHttpUtil.signatureAndRequest("/rest/appStore/insertAppStore", appStoreDTO);
    }

--- a/src/test/java/com/zksy/szpt/TestHttpUtil.java
+++ b/src/test/java/com/zksy/szpt/TestHttpUtil.java
@@ -15,7 +15,7 @@ public class TestHttpUtil {
    static String nonce = "2";
    static String timestampStr = "21";
    static String appId = "1872576325743943682";
-    static String appSecret = "2";
+    static String appSecret = DigestUtil.md5Hex("2");;
    static String deptCode = "330102";
    private static final ObjectMapper objectMapper = new ObjectMapper();
@@ -25,16 +25,17 @@ public class TestHttpUtil {
        Assertions.assertNotNull(path, "path不能为空");
        Assertions.assertNotNull(source, "请求参数不能为空");
        timestampStr = String.valueOf(System.currentTimeMillis() / 1000);
-        nonce = String.valueOf(System.currentTimeMillis() / 1000);
+        nonce = String.valueOf(System.currentTimeMillis());
-        appSecret = DigestUtil.md5Hex(appSecret);
        String json = null;
        try {
            json = objectMapper.writeValueAsString(source);
        } catch (JsonProcessingException e) {
            Assertions.fail("json序列化失败");
        }
+//        log.info("请求参数appId: {}, nonce: {}, timestampStr: {}, 原始body: {}", appId, nonce, timestampStr, json);
        //请求体加密
        json = EncryptUtil.getInstance().AESEncode(json, appSecret);
+//        log.info("{}加密后json: {}", appSecret,json);
        //签名appId+nonce+timestampStr+aes(body)
        String data = String.format("%s%s%s%s", appId, nonce, timestampStr, json);
        String generatedSignature = DigestUtil.md5Hex(data);
@@ -61,7 +62,6 @@ public class TestHttpUtil {
        Assertions.assertNotNull(source, "请求参数不能为空");
        timestampStr = String.valueOf(System.currentTimeMillis() / 1000);
        nonce = String.valueOf(System.currentTimeMillis() / 1000);
-        appSecret = DigestUtil.md5Hex(appSecret);
        String json = null;
        try {
            json = objectMapper.writeValueAsString(source);