diff --git a/epmet-auth/src/main/java/com/epmet/controller/GovWebController.java b/epmet-auth/src/main/java/com/epmet/controller/GovWebController.java index e096c6a65a..d0afcf3c32 100644 --- a/epmet-auth/src/main/java/com/epmet/controller/GovWebController.java +++ b/epmet-auth/src/main/java/com/epmet/controller/GovWebController.java @@ -1,19 +1,22 @@ package com.epmet.controller; +import com.epmet.commons.tools.utils.RSASignature; import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.validator.ValidatorUtils; import com.epmet.dto.form.GovWebLoginFormDTO; import com.epmet.dto.result.UserTokenResultDTO; import com.epmet.service.GovWebService; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; + /** - * @Description PC工作端-登陆服务 * @author sun + * @Description PC工作端-登陆服务 */ @RestController @RequestMapping("govweb") @@ -21,7 +24,10 @@ public class GovWebController { @Autowired private GovWebService govWebService; - + @Value("${epmet.login.publicKey}") + private String publicKey; + @Value("${epmet.login.privateKey}") + private String privateKey; /** * @param formDTO @@ -32,8 +38,30 @@ public class GovWebController { @PostMapping("login") public Result workLogin(@RequestBody GovWebLoginFormDTO formDTO) { ValidatorUtils.validateEntity(formDTO); + + try { + if (formDTO.getPassword().length() > 50) { + String newPassword = RSASignature.decryptByPrivateKey(formDTO.getPassword(), privateKey); + formDTO.setPassword(newPassword); + } + + } catch (Exception e) { + e.printStackTrace(); + } return new Result().ok(govWebService.login(formDTO)); } + /** + * desc: 获取前端密码加密 公钥 + * + * @return com.epmet.commons.tools.utils.Result + * @author LiuJanJun + * @date 2021/3/8 5:07 下午 + */ + @PostMapping("getKey") + public Result getResiWxPhone() { + return new Result().ok(publicKey); + } + } diff --git a/epmet-auth/src/main/resources/bootstrap.yml b/epmet-auth/src/main/resources/bootstrap.yml index 25b9a31702..b2068e7118 100644 --- a/epmet-auth/src/main/resources/bootstrap.yml +++ b/epmet-auth/src/main/resources/bootstrap.yml @@ -145,3 +145,9 @@ thirdplat: appId: 7a5aec009ba4eba8e254ee64fe3775e1 appKey: 14faef9af508d1c253b720ea5a43f9de appSecret: 38e7c2604c8dd33c445705d25eebbfc12a2f7ed8a87111e9e10a40312d3a1595 + +epmet: + login: + publicKey: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKjgDaHWqWgquoatbC4zzQCgqE8C425VIOyzJVVgH1HUYCHpuNUnGCv3HBAl2RsziWQqQgd1xxl0C3a5J4J69o8CAwEAAQ== + privateKey: MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAqOANodapaCq6hq1sLjPNAKCoTwLjblUg7LMlVWAfUdRgIem41ScYK/ccECXZGzOJZCpCB3XHGXQLdrkngnr2jwIDAQABAkAyYaWvgrtHuHetdk+v+QRQC54q9FGluP/5nfilX+f4IUf8j92o/ZohTtmJn9qcDiAP4wxCLIsfy4IW3psST78BAiEA0A/E0WvtI7spWnjfw+wMDhdVMIbIJvDbj/cqMwRZInUCIQDPyO2sbXpwDjmAvyn0jpGJJxU5POWYdI37rTf9fScMcwIhAMkWNHbjBHKANVuHb10ACjakPmWEHnXkW5AspdBg53TxAiARPbzq99KXBbcjxbj3f/T3inSqYTEz60f0wDTLJd1dnQIhAIFe6Jd1TduIxGk1PDh/b/3q0jNGgVXkFnUBnKWDaL9N + diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/utils/RSASignature.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/utils/RSASignature.java new file mode 100644 index 0000000000..ac051e7093 --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/utils/RSASignature.java @@ -0,0 +1,251 @@ +package com.epmet.commons.tools.utils; + +import javax.crypto.Cipher; +import java.security.*; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; +import java.util.Base64; + +/** + * @author jianjun liu + * @date 2020-06-05 16:48 + **/ + +public class RSASignature { + + + //非对称密钥算法 + private static final String KEY_ALGORITHM = "RSA"; + //密钥长度,在512到65536位之间,建议不要太长,否则速度很慢,生成的加密数据很长 + private static final int KEY_SIZE = 512; + //字符编码 + private static final String CHARSET = "UTF-8"; + + /** + * 生成密钥对 + * + * @return KeyPair 密钥对 + */ + public static KeyPair getKeyPair() throws Exception { + return getKeyPair(null); + } + + /** + * 生成密钥对 + * + * @param password 生成密钥对的密码 + * @return + * @throws Exception + */ + public static KeyPair getKeyPair(String password) throws Exception { + //实例化密钥生成器 + KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM); + //初始化密钥生成器 + if (password == null) { + keyPairGenerator.initialize(KEY_SIZE); + } else { + SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG"); + secureRandom.setSeed(password.getBytes(CHARSET)); + keyPairGenerator.initialize(KEY_SIZE, secureRandom); + } + //生成密钥对 + return keyPairGenerator.generateKeyPair(); + } + + /** + * 取得私钥 + * + * @param keyPair 密钥对 + * @return byte[] 私钥 + */ + public static byte[] getPrivateKeyBytes(KeyPair keyPair) { + return keyPair.getPrivate().getEncoded(); + } + + /** + * 取得Base64编码的私钥 + * + * @param keyPair 密钥对 + * @return String Base64编码的私钥 + */ + public static String getPrivateKey(KeyPair keyPair) { + return Base64.getEncoder().encodeToString(getPrivateKeyBytes(keyPair)); + } + + /** + * 取得公钥 + * + * @param keyPair 密钥对 + * @return byte[] 公钥 + */ + public static byte[] getPublicKeyBytes(KeyPair keyPair) { + return keyPair.getPublic().getEncoded(); + } + + /** + * 取得Base64编码的公钥 + * + * @param keyPair 密钥对 + * @return String Base64编码的公钥 + */ + public static String getPublicKey(KeyPair keyPair) { + return Base64.getEncoder().encodeToString(getPublicKeyBytes(keyPair)); + } + + /** + * 私钥加密 + * + * @param data 待加密数据 + * @param privateKey 私钥字节数组 + * @return byte[] 加密数据 + */ + public static byte[] encryptByPrivateKey(byte[] data, byte[] privateKey) throws Exception { + //实例化密钥工厂 + KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); + //生成私钥 + PrivateKey key = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(privateKey)); + //数据加密 + Cipher cipher = Cipher.getInstance(KEY_ALGORITHM); + cipher.init(Cipher.ENCRYPT_MODE, key); + return cipher.doFinal(data); + } + + /** + * 私钥加密 + * + * @param data 待加密数据 + * @param privateKey Base64编码的私钥 + * @return String Base64编码的加密数据 + */ + public static String encryptByPrivateKey(String data, String privateKey) throws Exception { + byte[] key = Base64.getDecoder().decode(privateKey); + return Base64.getEncoder().encodeToString(encryptByPrivateKey(data.getBytes(CHARSET), key)); + } + + /** + * 公钥加密 + * + * @param data 待加密数据 + * @param publicKey 公钥字节数组 + * @return byte[] 加密数据 + */ + public static byte[] encryptByPublicKey(byte[] data, byte[] publicKey) throws Exception { + //实例化密钥工厂 + KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); + //生成公钥 + PublicKey key = keyFactory.generatePublic(new X509EncodedKeySpec(publicKey)); + //数据加密 + Cipher cipher = Cipher.getInstance(KEY_ALGORITHM); + cipher.init(Cipher.ENCRYPT_MODE, key); + return cipher.doFinal(data); + } + + /** + * 公钥加密 + * + * @param data 待加密数据 + * @param publicKey Base64编码的公钥 + * @return String Base64编码的加密数据 + */ + public static String encryptByPublicKey(String data, String publicKey) throws Exception { + byte[] key = Base64.getDecoder().decode(publicKey); + return Base64.getEncoder().encodeToString(encryptByPublicKey(data.getBytes(CHARSET), key)); + } + + /** + * 私钥解密 + * + * @param data 待解密数据 + * @param privateKey 私钥字节数组 + * @return byte[] 解密数据 + */ + public static byte[] decryptByPrivateKey(byte[] data, byte[] privateKey) throws Exception { + //实例化密钥工厂 + KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); + //生成私钥 + PrivateKey key = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(privateKey)); + //数据解密 + Cipher cipher = Cipher.getInstance(KEY_ALGORITHM); + cipher.init(Cipher.DECRYPT_MODE, key); + return cipher.doFinal(data); + } + + /** + * 私钥解密 + * + * @param data Base64编码的待解密数据 + * @param privateKey Base64编码的私钥 + * @return String 解密数据 + */ + public static String decryptByPrivateKey(String data, String privateKey) throws Exception { + byte[] key = Base64.getDecoder().decode(privateKey); + return new String(decryptByPrivateKey(Base64.getDecoder().decode(data), key), CHARSET); + } + + /** + * 公钥解密 + * + * @param data 待解密数据 + * @param publicKey 公钥字节数组 + * @return byte[] 解密数据 + */ + public static byte[] decryptByPublicKey(byte[] data, byte[] publicKey) throws Exception { + //实例化密钥工厂 + KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); + //产生公钥 + PublicKey key = keyFactory.generatePublic(new X509EncodedKeySpec(publicKey)); + //数据解密 + Cipher cipher = Cipher.getInstance(KEY_ALGORITHM); + cipher.init(Cipher.DECRYPT_MODE, key); + return cipher.doFinal(data); + } + + /** + * 公钥解密 + * + * @param data Base64编码的待解密数据 + * @param publicKey Base64编码的公钥 + * @return String 解密数据 + */ + public static String decryptByPublicKey(String data, String publicKey) throws Exception { + byte[] key = Base64.getDecoder().decode(publicKey); + return new String(decryptByPublicKey(Base64.getDecoder().decode(data), key), CHARSET); + } + + /** + * 测试加解密方法 + * + * @param args + * @throws Exception + */ + public static void main(String[] args) throws Exception { + //生成密钥对,一般生成之后可以放到配置文件中 + KeyPair keyPair = RSASignature.getKeyPair(); + //公钥 + String publicKey = RSASignature.getPublicKey(keyPair); + //私钥 + String privateKey = RSASignature.getPrivateKey(keyPair); + + System.out.println("公钥:\n" + publicKey); + System.out.println("私钥:\n" + privateKey); + + String data = "RSA 加解密测试!"; + { + System.out.println("\n===========私钥加密,公钥解密=============="); + String s1 = RSASignature.encryptByPrivateKey(data, privateKey); + System.out.println("加密后的数据:" + s1); + String s2 = RSASignature.decryptByPublicKey(s1, publicKey); + System.out.println("解密后的数据:" + s2 + "\n\n"); + } + + { + System.out.println("\n===========公钥加密,私钥解密=============="); + String s1 = RSASignature.encryptByPublicKey(data, publicKey); + System.out.println("加密后的数据:" + s1); + String s2 = RSASignature.decryptByPrivateKey(s1, privateKey); + System.out.println("解密后的数据:" + s2 + "\n\n"); + } + + } + +} diff --git a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/common/util/RSASignature.java b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/common/util/RSASignature.java deleted file mode 100644 index c79906908d..0000000000 --- a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/common/util/RSASignature.java +++ /dev/null @@ -1,152 +0,0 @@ -package com.epmet.openapi.scan.common.util; - -import org.apache.commons.codec.binary.Base64; -import org.bouncycastle.util.encoders.UrlBase64; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import javax.crypto.Cipher; -import java.io.ByteArrayInputStream; -import java.io.InputStream; -import java.security.KeyFactory; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.Signature; -import java.security.cert.Certificate; -import java.security.cert.CertificateFactory; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; - -/** - * @author jianjun liu - * @date 2020-06-05 16:48 - **/ - -public class RSASignature { - private static final Logger LOGGER = LoggerFactory.getLogger(RSASignature.class); - public static final String KEY_ALGORITHM = "RSA"; - public static final String SIGNATURE_ALGORITHM = "SHA1WithRSA"; - public static final String ENCODING = "utf-8"; - public static final String X509 = "X.509"; - - /** - * 获取私钥 - * - * @param key - * @return - * @throws Exception - */ - public static PrivateKey getPrivateKey(String key) throws Exception { - byte[] keyBytes = Base64.decodeBase64(key.getBytes(ENCODING)); - PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes); - KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); - PrivateKey privateKey = keyFactory.generatePrivate(keySpec); - return privateKey; - } - - /** - * 获取公钥 - * - * @param key - * @return - * @throws Exception - */ - public static PublicKey getPublicKey(String key) throws Exception { - byte[] keyBytes = Base64.decodeBase64(key.getBytes(ENCODING)); - CertificateFactory certificateFactory = CertificateFactory.getInstance(X509); - InputStream in = new ByteArrayInputStream(keyBytes); - Certificate certificate = certificateFactory.generateCertificate(in); - PublicKey publicKey = certificate.getPublicKey(); - return publicKey; - } - - /** - * 使用公钥对明文进行加密,返回BASE64编码的字符串 - * - * @param publicKey - * @param plainText - * @return - */ - public static String encrypt(String publicKey, String plainText) { - try { - KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); - byte[] encodedKey = Base64.decodeBase64(publicKey.getBytes(ENCODING)); - PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey)); - Cipher cipher = Cipher.getInstance(KEY_ALGORITHM); - cipher.init(Cipher.ENCRYPT_MODE, pubKey); - byte[] enBytes = cipher.doFinal(plainText.getBytes()); - return new String(Base64.encodeBase64(enBytes)); - } catch (Exception e) { - LOGGER.error("rsa encrypt exception: {}", e.getMessage(), e); - } - return null; - } - - /** - * 使用私钥对明文密文进行解密 - * - * @param privateKey - * @param enStr - * @return - */ - public static String decrypt(String privateKey, String enStr) { - try { - PrivateKey priKey = getPrivateKey(privateKey); - Cipher cipher = Cipher.getInstance(KEY_ALGORITHM); - cipher.init(Cipher.DECRYPT_MODE, priKey); - byte[] deBytes = cipher.doFinal(Base64.decodeBase64(enStr)); - return new String(deBytes); - } catch (Exception e) { - LOGGER.error("rsa decrypt exception: {}", e.getMessage(), e); - } - return null; - } - - /** - * RSA私钥签名 - * - * @param content 待签名数据 - * @param privateKey 私钥 - * @return 签名值 - */ - public static String signByPrivateKey(String content, String privateKey) { - try { - PrivateKey priKey = getPrivateKey(privateKey); - Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); - signature.initSign(priKey); - signature.update(content.getBytes(ENCODING)); - byte[] signed = signature.sign(); - return new String(UrlBase64.encode(signed), ENCODING); - } catch (Exception e) { - LOGGER.error("sign error, content: {}", content, e); - } - return null; - } - - /** - * 公钥验签 - * - * @param content - * @param sign - * @param publicKey - * @return - */ - public static boolean verifySignByPublicKey(String content, String sign, String publicKey) { - try { - KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); - byte[] encodedKey = Base64.decodeBase64(publicKey.getBytes(ENCODING)); - PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey)); - - Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); - signature.initVerify(pubKey); - signature.update(content.getBytes(ENCODING)); - - return signature.verify(UrlBase64.decode(sign.getBytes(ENCODING))); - - } catch (Exception e) { - LOGGER.error("verify sign error, content: {}, sign: {}", content, sign, e); - } - return false; - } - -}