Merge branch 'master' of http://192.168.168.218/wcyuee/szpt

src/main/java/com/zksy/szpt/filter/SignatureVerificationFilter.java

@@ -116,8 +116,7 @@ public class SignatureVerificationFilter extends OncePerRequestFilter {
 
         // 校验appId
         AppStore appStore = this.appStoreService.getAppSecretInfo(appId);
-        String appSecret = appStore.getAppSecret();
-        if (!StringUtils.hasText(appSecret)) {
+        if (appStore == null || appStore.getAppSecret() == null) {
             this.write(response, "appId无效：" + appId);
             return false;
         }
@@ -134,10 +133,12 @@ public class SignatureVerificationFilter extends OncePerRequestFilter {
 
         body = objectMapper.writeValueAsString(objectMap);
         logger.info("请求参数appId: {}, nonce: {}, timestampStr: {}, 原始body: {}, deptCode: {}", appId, nonce, timestampStr, body, deptCode);
+        String appSecret = appStore.getAppSecret();
         body = EncryptUtil.getInstance().AESEncode(body, appSecret);
-//        logger.info("appSecret{}加密后body: {}", appSecret,body);
+        logger.info("appSecret:{}加密后body: {}", appSecret,body);
         // 校验签名appId+nonce+timestampStr+aes(body,secret)+detCode
         String data = String.format("%s%s%s%s%s", appId, nonce, timestampStr, body, deptCode);
+        logger.info("待签名数据:{}", data);
         String generatedSignature = DigestUtil.md5Hex(data);
         if (!generatedSignature.equals(sign)) {
             logger.warn("签名有误,generatedSignature:{},sign:{},appId:{},nonce:{},timestampStr:{},deptCode:{}", generatedSignature, sign, appId, nonce, timestampStr, deptCode);

src/main/java/com/zksy/szpt/util/EncryptUtil.java

@@ -5,6 +5,7 @@ import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
 import javax.crypto.Cipher;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
+import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
@@ -135,13 +136,34 @@ public class EncryptUtil {
         return keyGeneratorES(res, DES, key, keySizeDES, false);
     }
 
+    /**
+     * 使用AES加密算法经行加密（可逆）
+     *
+     * @param data      需要加密的密文
+     * @param password 秘钥
+     */
+    public String AESEncode(String data, String password) {
+        byte[] key = password.getBytes();//16字节密钥
+        byte[] iv = "1234567890123456" .getBytes();//iv
+        SecretKey secretKey = new SecretKeySpec(key, "AES");
+        try {
+            IvParameterSpec ivSpec = new IvParameterSpec(iv);
+            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");//加密算法/模式/填充方式
+            cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
+            byte[] encrypted = cipher.doFinal(data.getBytes());//密文字节数组
+            return Base64.encode(encrypted);
+        } catch (Exception e) {
+            return null;
+        }
+    }
+
     /**
      * 使用AES加密算法经行加密（可逆）
      *
      * @param res      需要加密的密文
      * @param key 秘钥
      */
-    public String AESEncode(String res, String key) {
+    public String AESEncode1(String res, String key) {
         return keyGeneratorES(res, AES, key, keySizeAES, true);
     }
 

src/main/java/com/zksy/szpt/util/SignatureUtil.java

@@ -5,5 +5,5 @@ public class SignatureUtil {
     public static String TIMESTAMP = "x-szpt-timestamp";
     public static String NONCE = "x-szpt-nonce";
     public static String APPID = "x-szpt-appid";
-    public static String DEPT_CODE = "x-szpt-dept_code";
+    public static String DEPT_CODE = "x-szpt-dept-code";
 }

src/main/resources/application-prod.yml

+spring:
+  datasource:
+    url: jdbc:mysql://192.168.168.110:3306/szpt?useUnicode=true&characterEncoding=UTF-8&useSSL=false&autoReconnect=true&failOverReadOnly=false&serverTimezone=GMT%2B8
+    username: root
+    password: 123456
+    driver-class-name: com.mysql.cj.jdbc.Driver
+    type: com.alibaba.druid.pool.DruidDataSource
+  redis:
+    database: 0
+    port: 6379
+    password: 1qaz2wsx
+    timeout: 1000
+    host: 192.168.168.110
\ No newline at end of file

src/test/java/com/zksy/szpt/TestAppStore.java

@@ -15,13 +15,16 @@ public class TestAppStore {
     @Test
     @DisplayName("新增AppId")
     public void addAppId() {
+        for (int i = 0; i < 10000; i++) {
             AppStoreDTO appStoreDTO = new AppStoreDTO();
             appStoreDTO.setAppKey("scale");
             appStoreDTO.setAppSecret(DigestUtil.md5Hex("scale"));
-        appStoreDTO.setDeptCode("3302020201");
+            appStoreDTO.setDeptCode("330102");
 
-        TestHttpUtil.signatureAndRequest("/rest/appStore/updateAppIdSecret", appStoreDTO, AppStoreDTO.class);
             TestHttpUtil.signatureAndRequest("/rest/appStore/insertAppStore", appStoreDTO, AppStoreDTO.class);
+        }
+
+//        TestHttpUtil.signatureAndRequest("/rest/appStore/insertAppStore", appStoreDTO, AppStoreDTO.class);
 //        TestHttpUtil.signatureAndRequest("/rest/appStore/insertAppStore", appStoreDTO);
     }
 

src/test/java/com/zksy/szpt/TestHttpUtil.java

@@ -14,9 +14,9 @@ public class TestHttpUtil {
     private static final org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(TestHttpUtil.class);
     static String nonce = "2";
     static String timestampStr = "21";
-    static String appId = "scale";
-    static String appSecret = DigestUtil.md5Hex("scale");;
-    static String deptCode = "3302020201";
+    static String appId = "1872576325743943682";
+    static String appSecret = DigestUtil.md5Hex("2");;
+    static String deptCode = "330102";
 
     private static final ObjectMapper objectMapper = new ObjectMapper();