diff --git a/epmet-auth/src/main/java/com/epmet/controller/GovWebController.java b/epmet-auth/src/main/java/com/epmet/controller/GovWebController.java index d0afcf3c32..e096c6a65a 100644 --- a/epmet-auth/src/main/java/com/epmet/controller/GovWebController.java +++ b/epmet-auth/src/main/java/com/epmet/controller/GovWebController.java @@ -1,22 +1,19 @@ package com.epmet.controller; -import com.epmet.commons.tools.utils.RSASignature; import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.validator.ValidatorUtils; import com.epmet.dto.form.GovWebLoginFormDTO; import com.epmet.dto.result.UserTokenResultDTO; import com.epmet.service.GovWebService; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; - /** - * @author sun * @Description PC工作端-登陆服务 + * @author sun */ @RestController @RequestMapping("govweb") @@ -24,10 +21,7 @@ public class GovWebController { @Autowired private GovWebService govWebService; - @Value("${epmet.login.publicKey}") - private String publicKey; - @Value("${epmet.login.privateKey}") - private String privateKey; + /** * @param formDTO @@ -38,30 +32,8 @@ public class GovWebController { @PostMapping("login") public Result workLogin(@RequestBody GovWebLoginFormDTO formDTO) { ValidatorUtils.validateEntity(formDTO); - - try { - if (formDTO.getPassword().length() > 50) { - String newPassword = RSASignature.decryptByPrivateKey(formDTO.getPassword(), privateKey); - formDTO.setPassword(newPassword); - } - - } catch (Exception e) { - e.printStackTrace(); - } return new Result().ok(govWebService.login(formDTO)); } - /** - * desc: 获取前端密码加密 公钥 - * - * @return com.epmet.commons.tools.utils.Result - * @author LiuJanJun - * @date 2021/3/8 5:07 下午 - */ - @PostMapping("getKey") - public Result getResiWxPhone() { - return new Result().ok(publicKey); - } - } diff --git a/epmet-auth/src/main/resources/bootstrap.yml b/epmet-auth/src/main/resources/bootstrap.yml index ce7eb5edd5..25b9a31702 100644 --- a/epmet-auth/src/main/resources/bootstrap.yml +++ b/epmet-auth/src/main/resources/bootstrap.yml @@ -136,25 +136,12 @@ shutdown: # 调用第三方平台相关参数 thirdplat: - jcetCend: - domain: @thirdplat.jcet.c.domain@ - appkey: @thirdplat.jcet.c.appkey@ - appsecret: @thirdplat.jcet.c.appsecret@ - jcetGend: - domain: @thirdplat.jcet.g.domain@ - appkey: @thirdplat.jcet.g.appkey@ - appsecret: @thirdplat.jcet.g.appsecret@ + jcet: + domain: @thirdplat.jcet.domain@ + appkey: @thirdplat.jcet.appkey@ + appsecret: @thirdplat.jcet.appsecret@ pyld: domain: https://epmet-ext9.elinkservice.cn/platform appId: 7a5aec009ba4eba8e254ee64fe3775e1 appKey: 14faef9af508d1c253b720ea5a43f9de appSecret: 38e7c2604c8dd33c445705d25eebbfc12a2f7ed8a87111e9e10a40312d3a1595 - -epmet: - login: - publicKey: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKjgDaHWqWgquoatbC4zzQCgqE8C425VIOyzJVVgH1HUYCHpuNUnGCv3HBAl2RsziWQqQgd1xxl0C3a5J4J69o8CAwEAAQ== - privateKey: MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAqOANodapaCq6hq1sLjPNAKCoTwLjblUg7LMlVWAfUdRgIem41ScYK/ccECXZGzOJZCpCB3XHGXQLdrkngnr2jwIDAQABAkAyYaWvgrtHuHetdk+v+QRQC54q9FGluP/5nfilX+f4IUf8j92o/ZohTtmJn9qcDiAP4wxCLIsfy4IW3psST78BAiEA0A/E0WvtI7spWnjfw+wMDhdVMIbIJvDbj/cqMwRZInUCIQDPyO2sbXpwDjmAvyn0jpGJJxU5POWYdI37rTf9fScMcwIhAMkWNHbjBHKANVuHb10ACjakPmWEHnXkW5AspdBg53TxAiARPbzq99KXBbcjxbj3f/T3inSqYTEz60f0wDTLJd1dnQIhAIFe6Jd1TduIxGk1PDh/b/3q0jNGgVXkFnUBnKWDaL9N - # third服务的相关配置 - third: - urlPrefix: @epmet.third.urlprefix@ - diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/utils/RSASignature.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/utils/RSASignature.java deleted file mode 100644 index ac051e7093..0000000000 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/utils/RSASignature.java +++ /dev/null @@ -1,251 +0,0 @@ -package com.epmet.commons.tools.utils; - -import javax.crypto.Cipher; -import java.security.*; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; -import java.util.Base64; - -/** - * @author jianjun liu - * @date 2020-06-05 16:48 - **/ - -public class RSASignature { - - - //非对称密钥算法 - private static final String KEY_ALGORITHM = "RSA"; - //密钥长度,在512到65536位之间,建议不要太长,否则速度很慢,生成的加密数据很长 - private static final int KEY_SIZE = 512; - //字符编码 - private static final String CHARSET = "UTF-8"; - - /** - * 生成密钥对 - * - * @return KeyPair 密钥对 - */ - public static KeyPair getKeyPair() throws Exception { - return getKeyPair(null); - } - - /** - * 生成密钥对 - * - * @param password 生成密钥对的密码 - * @return - * @throws Exception - */ - public static KeyPair getKeyPair(String password) throws Exception { - //实例化密钥生成器 - KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM); - //初始化密钥生成器 - if (password == null) { - keyPairGenerator.initialize(KEY_SIZE); - } else { - SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG"); - secureRandom.setSeed(password.getBytes(CHARSET)); - keyPairGenerator.initialize(KEY_SIZE, secureRandom); - } - //生成密钥对 - return keyPairGenerator.generateKeyPair(); - } - - /** - * 取得私钥 - * - * @param keyPair 密钥对 - * @return byte[] 私钥 - */ - public static byte[] getPrivateKeyBytes(KeyPair keyPair) { - return keyPair.getPrivate().getEncoded(); - } - - /** - * 取得Base64编码的私钥 - * - * @param keyPair 密钥对 - * @return String Base64编码的私钥 - */ - public static String getPrivateKey(KeyPair keyPair) { - return Base64.getEncoder().encodeToString(getPrivateKeyBytes(keyPair)); - } - - /** - * 取得公钥 - * - * @param keyPair 密钥对 - * @return byte[] 公钥 - */ - public static byte[] getPublicKeyBytes(KeyPair keyPair) { - return keyPair.getPublic().getEncoded(); - } - - /** - * 取得Base64编码的公钥 - * - * @param keyPair 密钥对 - * @return String Base64编码的公钥 - */ - public static String getPublicKey(KeyPair keyPair) { - return Base64.getEncoder().encodeToString(getPublicKeyBytes(keyPair)); - } - - /** - * 私钥加密 - * - * @param data 待加密数据 - * @param privateKey 私钥字节数组 - * @return byte[] 加密数据 - */ - public static byte[] encryptByPrivateKey(byte[] data, byte[] privateKey) throws Exception { - //实例化密钥工厂 - KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); - //生成私钥 - PrivateKey key = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(privateKey)); - //数据加密 - Cipher cipher = Cipher.getInstance(KEY_ALGORITHM); - cipher.init(Cipher.ENCRYPT_MODE, key); - return cipher.doFinal(data); - } - - /** - * 私钥加密 - * - * @param data 待加密数据 - * @param privateKey Base64编码的私钥 - * @return String Base64编码的加密数据 - */ - public static String encryptByPrivateKey(String data, String privateKey) throws Exception { - byte[] key = Base64.getDecoder().decode(privateKey); - return Base64.getEncoder().encodeToString(encryptByPrivateKey(data.getBytes(CHARSET), key)); - } - - /** - * 公钥加密 - * - * @param data 待加密数据 - * @param publicKey 公钥字节数组 - * @return byte[] 加密数据 - */ - public static byte[] encryptByPublicKey(byte[] data, byte[] publicKey) throws Exception { - //实例化密钥工厂 - KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); - //生成公钥 - PublicKey key = keyFactory.generatePublic(new X509EncodedKeySpec(publicKey)); - //数据加密 - Cipher cipher = Cipher.getInstance(KEY_ALGORITHM); - cipher.init(Cipher.ENCRYPT_MODE, key); - return cipher.doFinal(data); - } - - /** - * 公钥加密 - * - * @param data 待加密数据 - * @param publicKey Base64编码的公钥 - * @return String Base64编码的加密数据 - */ - public static String encryptByPublicKey(String data, String publicKey) throws Exception { - byte[] key = Base64.getDecoder().decode(publicKey); - return Base64.getEncoder().encodeToString(encryptByPublicKey(data.getBytes(CHARSET), key)); - } - - /** - * 私钥解密 - * - * @param data 待解密数据 - * @param privateKey 私钥字节数组 - * @return byte[] 解密数据 - */ - public static byte[] decryptByPrivateKey(byte[] data, byte[] privateKey) throws Exception { - //实例化密钥工厂 - KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); - //生成私钥 - PrivateKey key = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(privateKey)); - //数据解密 - Cipher cipher = Cipher.getInstance(KEY_ALGORITHM); - cipher.init(Cipher.DECRYPT_MODE, key); - return cipher.doFinal(data); - } - - /** - * 私钥解密 - * - * @param data Base64编码的待解密数据 - * @param privateKey Base64编码的私钥 - * @return String 解密数据 - */ - public static String decryptByPrivateKey(String data, String privateKey) throws Exception { - byte[] key = Base64.getDecoder().decode(privateKey); - return new String(decryptByPrivateKey(Base64.getDecoder().decode(data), key), CHARSET); - } - - /** - * 公钥解密 - * - * @param data 待解密数据 - * @param publicKey 公钥字节数组 - * @return byte[] 解密数据 - */ - public static byte[] decryptByPublicKey(byte[] data, byte[] publicKey) throws Exception { - //实例化密钥工厂 - KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); - //产生公钥 - PublicKey key = keyFactory.generatePublic(new X509EncodedKeySpec(publicKey)); - //数据解密 - Cipher cipher = Cipher.getInstance(KEY_ALGORITHM); - cipher.init(Cipher.DECRYPT_MODE, key); - return cipher.doFinal(data); - } - - /** - * 公钥解密 - * - * @param data Base64编码的待解密数据 - * @param publicKey Base64编码的公钥 - * @return String 解密数据 - */ - public static String decryptByPublicKey(String data, String publicKey) throws Exception { - byte[] key = Base64.getDecoder().decode(publicKey); - return new String(decryptByPublicKey(Base64.getDecoder().decode(data), key), CHARSET); - } - - /** - * 测试加解密方法 - * - * @param args - * @throws Exception - */ - public static void main(String[] args) throws Exception { - //生成密钥对,一般生成之后可以放到配置文件中 - KeyPair keyPair = RSASignature.getKeyPair(); - //公钥 - String publicKey = RSASignature.getPublicKey(keyPair); - //私钥 - String privateKey = RSASignature.getPrivateKey(keyPair); - - System.out.println("公钥:\n" + publicKey); - System.out.println("私钥:\n" + privateKey); - - String data = "RSA 加解密测试!"; - { - System.out.println("\n===========私钥加密,公钥解密=============="); - String s1 = RSASignature.encryptByPrivateKey(data, privateKey); - System.out.println("加密后的数据:" + s1); - String s2 = RSASignature.decryptByPublicKey(s1, publicKey); - System.out.println("解密后的数据:" + s2 + "\n\n"); - } - - { - System.out.println("\n===========公钥加密,私钥解密=============="); - String s1 = RSASignature.encryptByPublicKey(data, publicKey); - System.out.println("加密后的数据:" + s1); - String s2 = RSASignature.decryptByPrivateKey(s1, privateKey); - System.out.println("解密后的数据:" + s2 + "\n\n"); - } - - } - -} diff --git a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/common/util/RSASignature.java b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/common/util/RSASignature.java new file mode 100644 index 0000000000..4b45f8ce2e --- /dev/null +++ b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/common/util/RSASignature.java @@ -0,0 +1,152 @@ +package com.epmet.openapi.scan.common.util; + +import org.apache.commons.codec.binary.Base64; +import org.bouncycastle.util.encoders.UrlBase64; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.crypto.Cipher; +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.security.KeyFactory; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.Signature; +import java.security.cert.Certificate; +import java.security.cert.CertificateFactory; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; + +/** + * @author jianjun liu + * @date 2020-06-05 16:48 + **/ + +public class RSASignature { + private static final Logger LOGGER = LoggerFactory.getLogger(RSASignature.class); + public static final String KEY_ALGORITHM = "RSA"; + public static final String SIGNATURE_ALGORITHM = "SHA1WithRSA"; + public static final String ENCODING = "utf-8"; + public static final String X509 = "X.509"; + + /** + * 获取私钥 + * + * @param key + * @return + * @throws Exception + */ + public static PrivateKey getPrivateKey(String key) throws Exception { + byte[] keyBytes = Base64.decodeBase64(key.getBytes(ENCODING)); + PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes); + KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); + PrivateKey privateKey = keyFactory.generatePrivate(keySpec); + return privateKey; + } + + /** + * 获取公钥 + * + * @param key + * @return + * @throws Exception + */ + public static PublicKey getPublicKey(String key) throws Exception { + byte[] keyBytes = Base64.decodeBase64(key.getBytes(ENCODING)); + CertificateFactory certificateFactory = CertificateFactory.getInstance(X509); + InputStream in = new ByteArrayInputStream(keyBytes); + Certificate certificate = certificateFactory.generateCertificate(in); + PublicKey publicKey = certificate.getPublicKey(); + return publicKey; + } + + /** + * 使用公钥对明文进行加密,返回BASE64编码的字符串 + * + * @param publicKey + * @param plainText + * @return + */ + public static String encrypt(String publicKey, String plainText) { + try { + KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); + byte[] encodedKey = Base64.decodeBase64(publicKey.getBytes(ENCODING)); + PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey)); + Cipher cipher = Cipher.getInstance(KEY_ALGORITHM); + cipher.init(Cipher.ENCRYPT_MODE, pubKey); + byte[] enBytes = cipher.doFinal(plainText.getBytes()); + return new String(Base64.encodeBase64(enBytes)); + } catch (Exception e) { + LOGGER.error("rsa encrypt exception: {}", e.getMessage(), e); + } + return null; + } + + /** + * 使用私钥对明文密文进行解密 + * + * @param privateKey + * @param enStr + * @return + */ + public static String decrypt(String privateKey, String enStr) { + try { + PrivateKey priKey = getPrivateKey(privateKey); + Cipher cipher = Cipher.getInstance(KEY_ALGORITHM); + cipher.init(Cipher.DECRYPT_MODE, priKey); + byte[] deBytes = cipher.doFinal(Base64.decodeBase64(enStr)); + return new String(deBytes); + } catch (Exception e) { + LOGGER.error("rsa decrypt exception: {}", e.getMessage(), e); + } + return null; + } + + /** + * RSA私钥签名 + * + * @param content 待签名数据 + * @param privateKey 私钥 + * @return 签名值 + */ + public static String signByPrivateKey(String content, String privateKey) { + try { + PrivateKey priKey = getPrivateKey(privateKey); + Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); + signature.initSign(priKey); + signature.update(content.getBytes(ENCODING)); + byte[] signed = signature.sign(); + return new String(UrlBase64.encode(signed), ENCODING); + } catch (Exception e) { + LOGGER.error("sign error, content: {}", content, e); + } + return null; + } + + /** + * 公钥验签 + * + * @param content + * @param sign + * @param publicKey + * @return + */ + public static boolean verifySignByPublicKey(String content, String sign, String publicKey) { + try { + KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); + byte[] encodedKey = Base64.decodeBase64(publicKey.getBytes(ENCODING)); + PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey)); + + Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); + signature.initVerify(pubKey); + signature.update(content.getBytes(ENCODING)); + + return signature.verify(UrlBase64.decode(sign.getBytes(ENCODING))); + + } catch (Exception e) { + LOGGER.error("verify sign error, content: {}, sign: {}", content, sign, e); + } + return false; + } + +}