moliparty/peko-java
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

代码-pub_sign接口签名

Browse Source
This commit is contained in:
khalil
2024-04-23 20:54:25 +08:00
parent 8ad2894a57
commit db12d443d4
7 changed files with 33 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
accompany-base/accompany-common/src/main/java/com/accompany/common/constant/ApplicationConstant.java
View File

@@ -48,8 +48,8 @@ public class ApplicationConstant {
/**
* 公参名
*/
public static final List<String> PUBLIC_PARAMTER_NAMES = Arrays
.asList(new String[]{"pub_sign", "pub_uid", "pub_ticket", "appVersion", "appVersionCode", "channel", "deviceId", "ispType", "model", "netType", "os",
"osVersion", "app", "ticket", "client"});
public static final List<String> PUBLIC_PARAMTER_NAMES = List.of("pub_sign", "pub_uid", "pub_ticket",
"appVersion", "appVersionCode", "channel", "deviceId", "ispType", "model", "netType", "os", "osVersion", "app", "ticket", "client", "deviceId",
"androidId", "channel", "lang", "mcc", "oaid", "oaidMd5");
}

5
accompany-base/accompany-core/src/main/java/com/accompany/core/util/KeyStore.java
View File

@@ -7,10 +7,7 @@ package com.accompany.core.util;
public interface KeyStore {
String DES_ENCRYPT_KEY = "1ea53d260ecf11e7b56e00163e046a26";
String DES_ENCRYPT_KEY_SMS_PARAMS = "70d26f6a5c214d3b858f3f8daad7a161";
String DES_ENCRYPT_KEY_SMS_SIGN = "c8d514b3cdc44e898e027940e84f036c";
String DES_SIGN_KEY = "rpbs6us1m8r2j9g6u06ff2bo18orwaya";
}

2
accompany-base/accompany-core/src/main/java/com/accompany/core/util/MD5.java
View File

@@ -4,7 +4,7 @@ import java.nio.charset.StandardCharsets;
public class MD5 {
public static void main(String[] args) throws Exception {
String str = "12345678";
String str = "key=rpbs6us1m8r2j9g6u06ff2bo18orwaya";
System.out.println(getMD5(str));
}

14
accompany-business/accompany-business-web/src/main/java/com/accompany/business/config/WebInterceptorConfig.java
View File

@@ -6,7 +6,7 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.*;
@Configuration
public class WebInterceptorConfig implements WebMvcConfigurer {
public class WebInterceptorConfig extends WebMvcConfigurationSupport {
/**
* 自己定义的拦截器类
@@ -48,8 +48,15 @@ public class WebInterceptorConfig implements WebMvcConfigurer {
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(getSecurityInterceptor()).addPathPatterns("/**")
.excludePathPatterns("/")
.excludePathPatterns("/receive/**")
.excludePathPatterns("/ios/pay/callback/**")
.excludePathPatterns("/yidun/callback/**")
.excludePathPatterns("/certification/callback/**")
.excludePathPatterns("/payment/mycard/**")
.excludePathPatterns("/payment/payermax/callback/**");
registry.addInterceptor(getLoginInterceptor()).addPathPatterns("/**");
registry.addInterceptor(getSecurityInterceptor()).addPathPatterns("/**");
registry.addInterceptor(getAppVersionInterceptor());
registry.addInterceptor(getModelHallAuthInterceptor());
registry.addInterceptor(getWebInterceptor());
@@ -65,8 +72,7 @@ public class WebInterceptorConfig implements WebMvcConfigurer {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/**").addResourceLocations(
"classpath:/static/");
registry.addResourceHandler("/**").addResourceLocations("classpath:/static/");
registry.addResourceHandler("/swagger-ui/**").addResourceLocations("classpath:/META-INF/resources/webjars/springfox-swagger-ui/").resourceChain(false);
registry.addResourceHandler("/webjars/**").addResourceLocations(
"classpath:/META-INF/resources/webjars/");

13
accompany-business/accompany-business-web/src/main/java/com/accompany/business/interceptor/SecurityInterceptor.java
View File

@@ -6,6 +6,7 @@ import com.accompany.core.service.common.JedisService;
import com.accompany.core.util.KeyStore;
import com.accompany.core.util.MD5;
import com.accompany.core.util.StringUtils;
import com.alibaba.fastjson.JSON;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -13,11 +14,13 @@ import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Arrays;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
/**
* @author yangziwen
@@ -60,7 +63,8 @@ public class SecurityInterceptor extends BasicInterceptor {
}
this.writeResponse(response, 403, "Illegal Request");
logger.warn("非法请求: uri={}, headers={}, parameters={}", request.getRequestURI(), request.getHeaderNames(), request.getParameterMap());
logger.warn("非法请求: uri={}, headers={}, parameters={}",
request.getRequestURI(), JSON.toJSONString(request.getHeaderNames()), JSON.toJSONString(request.getParameterMap()));
return false;
}
@@ -87,20 +91,23 @@ public class SecurityInterceptor extends BasicInterceptor {
continue;
}
builder.append(name).append("=").append(request.getParameter(name)).append("&");
String param = String.join(",", entry.getValue());
builder.append(name).append("=").append(param).append("&");
}
// 去除最后一个多余的连接符
if (builder.length() > 0) {
builder.replace(builder.length() - 1, builder.length(), "");
builder.append("&");
}
builder.append("&key=").append(KeyStore.DES_ENCRYPT_KEY_SMS_PARAMS);
builder.append("key=").append(KeyStore.DES_SIGN_KEY);
String serverSign = MD5.getMD5(builder.toString());
Matcher matcher = pattern.matcher(serverSign);
serverSign = matcher.replaceAll("");
String clientSign = request.getParameter(ApplicationConstant.PublicParameters.SIGN);
logger.info("uri={}, client sign={}, server sign={}, sign string={}", request.getRequestURI(), clientSign, serverSign, builder.toString());
return StringUtils.equalsIgnoreCase(clientSign, serverSign);
}

2
accompany-oauth2/accompany-oauth2-web/src/main/java/com/accompany/oauth2/config/WebMvcConfig.java
View File

@@ -36,7 +36,7 @@ public class WebMvcConfig implements WebMvcConfigurer{
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(getSecurityInterceptor());
registry.addInterceptor(getSecurityInterceptor()).addPathPatterns("/**").excludePathPatterns("/");
registry.addInterceptor(getLoginInterceptor());
}

10
accompany-oauth2/accompany-oauth2-web/src/main/java/com/accompany/oauth2/interceptor/SecurityInterceptor.java
View File

@@ -6,6 +6,7 @@ import com.accompany.common.utils.StringUtils;
import com.accompany.core.service.common.JedisService;
import com.accompany.core.util.KeyStore;
import com.accompany.core.util.MD5;
import com.alibaba.fastjson.JSON;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -86,21 +87,24 @@ public class SecurityInterceptor extends BasicInterceptor {
continue;
}
builder.append(name).append("=").append(request.getParameter(name)).append("&");
String param = String.join(",", entry.getValue());
builder.append(name).append("=").append(param).append("&");
}
// 去除最后一个多余的连接符
if (builder.length() > 0) {
builder.replace(builder.length() - 1, builder.length(), "");
builder.append("&");
}
builder.append("&key=").append(KeyStore.DES_ENCRYPT_KEY_SMS_PARAMS);
builder.append("key=").append(KeyStore.DES_SIGN_KEY);
String serverSign = MD5.getMD5(builder.toString());
Matcher matcher = pattern.matcher(serverSign);
serverSign = matcher.replaceAll("");
String clientSign = request.getParameter(ApplicationConstant.PublicParameters.SIGN);
logger.info("uri={}, client sign={}, server sign={}, sign string={}", request.getRequestURI(), serverSign, clientSign, builder.toString());
logger.warn("非法请求: uri={}, headers={}, parameters={}",
request.getRequestURI(), JSON.toJSONString(request.getHeaderNames()), JSON.toJSONString(request.getParameterMap()));
return StringUtils.equalsIgnoreCase(clientSign, serverSign);
}