第三方接口暴露 3

3 years ago · e338601bbc
5 changed files with 294 additions and 23 deletions
--- a/epmet-auth/src/main/java/com/epmet/controller/ThirdLoginController.java
+++ b/epmet-auth/src/main/java/com/epmet/controller/ThirdLoginController.java
@ -224,7 +224,7 @@ public class ThirdLoginController {
     * @return
     */
    @PostMapping("sso-govlogin-yantai/{authCode}")
-    public Result<UserTokenResultDTO> yantaiSSOLogin(@RequestParam(value = "authCode") String authCode) {
+    public Result<UserTokenResultDTO> yantaiSSOLogin(@PathVariable(value = "authCode") String authCode) {
        return new Result<UserTokenResultDTO>().ok(thirdLoginService.yanTaiSSOLogin(authCode));
    }

--- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/utils/api/yt/TestMs4.java
+++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/utils/api/yt/TestMs4.java
@ -0,0 +1,184 @@
+package com.epmet.commons.tools.utils.api.yt;
+
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.pqc.math.linearalgebra.ByteUtils;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.*;
+import java.util.Arrays;
+
+/**
+ * sm4加密算法工具类
+ *
+ * @explain sm4加密、解密与加密结果验证 可逆算法
+ * @Autor：jingyao
+ */
+public class TestMs4 {
+    static {
+        Security.addProvider(new BouncyCastleProvider());
+    }
+
+    private static final String ENCODING = "UTF-8";
+    public static final String ALGORITHM_NAME = "SM4";
+    // 加密算法/分组加密模式/分组填充方式
+    // PKCS5Padding-以8个字节为一组进行分组加密
+    // 定义分组加密模式使用：PKCS5Padding
+    public static final String ALGORITHM_NAME_ECB_PADDING = "SM4/ECB/PKCS5Padding";
+    // 128-32位16进制；256-64位16进制
+    public static final int DEFAULT_KEY_SIZE = 128;
+
+    /**
+     * 生成ECB暗号
+     *
+     * @param algorithmName 算法名称
+     * @param mode          模式
+     * @param key
+     * @return
+     * @throws Exception
+     * @explain ECB模式（电子密码本模式：Electronic codebook）
+     */
+    private static Cipher generateEcbCipher(String algorithmName, int mode, byte[] key) throws Exception {
+        Cipher cipher = Cipher.getInstance(algorithmName, BouncyCastleProvider.PROVIDER_NAME);
+        Key sm4Key = new SecretKeySpec(key, ALGORITHM_NAME);
+        cipher.init(mode, sm4Key);
+        return cipher;
+    }
+
+    /**
+     * 自动生成密钥
+     *
+     * @return
+     * @throws NoSuchAlgorithmException
+     * @throws NoSuchProviderException
+     * @explain
+     */
+    public static byte[] generateKey() throws Exception {
+        return generateKey(DEFAULT_KEY_SIZE);
+    }
+
+
+    //加密******************************************
+
+    /**
+     * @param keySize
+     * @return
+     * @throws Exception
+     * @explain 系统产生秘钥
+     */
+    public static byte[] generateKey(int keySize) throws Exception {
+        KeyGenerator kg = KeyGenerator.getInstance(ALGORITHM_NAME, BouncyCastleProvider.PROVIDER_NAME);
+        kg.init(keySize, new SecureRandom());
+        return kg.generateKey().getEncoded();
+    }
+
+    /**
+     * sm4加密
+     *
+     * @param hexKey   16进制密钥（忽略大小写）
+     * @param paramStr 待加密字符串
+     * @return 返回16进制的加密字符串
+     * @throws Exception
+     * @explain 加密模式：ECB 密文长度不固定，会随着被加密字符串长度的变化而变化
+     */
+    public static String encryptEcb(String hexKey, String paramStr) throws Exception {
+        String cipherText = "";
+        // 16进制字符串-->byte[]
+        byte[] keyData = ByteUtils.fromHexString(hexKey);
+        // String-->byte[]
+        byte[] srcData = paramStr.getBytes(ENCODING);
+        // 加密后的数组
+        byte[] cipherArray = encrypt_Ecb_Padding(keyData, srcData);
+        // byte[]-->hexString
+        cipherText = ByteUtils.toHexString(cipherArray);
+        return cipherText;
+    }
+
+    /**
+     * 加密模式之Ecb
+     *
+     * @param key
+     * @param data
+     * @return
+     * @throws Exception
+     */
+    public static byte[] encrypt_Ecb_Padding(byte[] key, byte[] data) throws Exception {
+        Cipher cipher = generateEcbCipher(ALGORITHM_NAME_ECB_PADDING, Cipher.ENCRYPT_MODE, key);//声称Ecb暗号,通过第二个参数判断加密还是解密
+        return cipher.doFinal(data);
+    }
+
+    //解密****************************************
+
+    /**
+     * sm4解密
+     *
+     * @param hexKey     16进制密钥
+     * @param cipherText 16进制的加密字符串（忽略大小写）
+     * @return 解密后的字符串
+     * @throws Exception
+     * @explain 解密模式：采用ECB
+     */
+    public static String decryptEcb(String hexKey, String cipherText) throws Exception {
+        // 用于接收解密后的字符串
+        String decryptStr = "";
+        // hexString-->byte[]
+        byte[] keyData = ByteUtils.fromHexString(hexKey);
+        // hexString-->byte[]
+        byte[] cipherData = ByteUtils.fromHexString(cipherText);
+        // 解密
+        byte[] srcData = decrypt_Ecb_Padding(keyData, cipherData);
+        // byte[]-->String
+        decryptStr = new String(srcData, ENCODING);
+        return decryptStr;
+    }
+
+    /**
+     * 解密
+     *
+     * @param key
+     * @param cipherText
+     * @return
+     * @throws Exception
+     * @explain
+     */
+    public static byte[] decrypt_Ecb_Padding(byte[] key, byte[] cipherText) throws Exception {
+        Cipher cipher = generateEcbCipher(ALGORITHM_NAME_ECB_PADDING, Cipher.DECRYPT_MODE, key);//生成Ecb暗号,通过第二个参数判断加密还是解密
+        return cipher.doFinal(cipherText);
+    }
+
+    /**
+     * 校验加密前后的字符串是否为同一数据
+     *
+     * @param hexKey     16进制密钥（忽略大小写）
+     * @param cipherText 16进制加密后的字符串
+     * @param paramStr   加密前的字符串
+     * @return 是否为同一数据
+     * @throws Exception
+     * @explain
+     */
+    public static boolean verifyEcb(String hexKey, String cipherText, String paramStr) throws Exception {
+        // 用于接收校验结果
+        boolean flag = false;
+        // hexString-->byte[]
+        byte[] keyData = ByteUtils.fromHexString(hexKey);
+        // 将16进制字符串转换成数组
+        byte[] cipherData = ByteUtils.fromHexString(cipherText);
+        // 解密
+        byte[] decryptData = decrypt_Ecb_Padding(keyData, cipherData);
+        // 将原字符串转换成byte[]
+        byte[] srcData = paramStr.getBytes(ENCODING);
+        // 判断2个数组是否一致
+        flag = Arrays.equals(decryptData, srcData);
+        return flag;
+    }
+
+    public static void main(String[] args) throws Exception {
+        String text = "5d22ea44c7599a48f0d4446b1b7fbb4bb8353922df437d39c3a38549c0f2549cbd021ada00a8be83027ae06203c3daea2eedc5bd0875c7e509c7049045c5349577f2c21bcec328a5ea0bf341191e5bdba978566dddd16f1cf1928ff5cbd826dd33289fb45a8a04585f1f24ab04f59426371a5a0a0f2ee3e7b00d2bdfba7810524ce4c33130eda077546fa4c4191d0117f7a44e1cadac6c69a7d437653be1f958a459e0f025d471e09ab4636c38013032948ffb0827040ed6f3436be090f545186928a7b0b2bfc65782452606607ce8555ba130caacad73998da704428a07276a2699889c9872eebba5de8b72cdbe88705483293b00ab3ecb3aa57d283a4ecab40b71bc0a10e9ec626f07b2293255349fb2270d37e81c5c3d0de0b0f0706ed1872f60f039ce2e51effc39aef9747d67457e072cf3170a9c19589c1bab1a7d9d80";
+        String s = TestMs4.decryptEcb("dbcff4c9f4774e6cb56080f279149d59", text);
+        System.out.println(s);
+    }
+
+}
+
--- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/utils/api/yt/YantaiApi.java
+++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/utils/api/yt/YantaiApi.java
@ -7,9 +7,12 @@ import com.epmet.commons.tools.exception.EpmetErrorCode;
 import com.epmet.commons.tools.exception.EpmetException;
 import com.epmet.commons.tools.utils.HttpClientManager;
 import com.epmet.commons.tools.utils.Result;
+import com.fasterxml.jackson.core.JsonProcessingException;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;

+import javax.crypto.BadPaddingException;
+import java.security.InvalidKeyException;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
@ -24,8 +27,10 @@ import java.util.Map;
 */
@Slf4j
 public class YantaiApi {
-    private static final String SSO_SERVER = "http://localhost:8080/";
-    private static final String CLIENT_ID = "1000006";
+    private static final String SSO_SERVER = "http://172.20.46.155:8080/sso/";
+    private static final String CLIENT_ID = "1000009";
+    private static final String CLIENT_SECRET = "a1f9879119bc4080ab5575f832b7d98b";
+    private static final String SSO_CLIENT_TOKEN = "PRm5Db96atozjPQsJOuwlA==";

    /**
     * desc:根据组织id获取下级组织
@ -35,8 +40,8 @@ public class YantaiApi {
     */
    public static List<OrgData> getChildOuInfoByGuid(String organizationId) {
        try {
-            if (StringUtils.isBlank(organizationId)){
-                throw new EpmetException(EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getCode(),EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getMsg(),EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getMsg());
+            if (StringUtils.isBlank(organizationId)) {
+                throw new EpmetException(EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getCode(), EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getMsg(), EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getMsg());
            }
            //加密
            String organizationIdEn = SM4UtilsForYanTai.dealEncryptData(organizationId);
@ -69,14 +74,14 @@ public class YantaiApi {
     */
    public static List<UserData> getUserByOuGuid(String organizationId) {
        try {
-            if (StringUtils.isBlank(organizationId)){
-                throw new EpmetException(EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getCode(),EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getMsg(),EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getMsg());
+            if (StringUtils.isBlank(organizationId)) {
+                throw new EpmetException(EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getCode(), EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getMsg(), EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getMsg());
            }
            //加密
            String organizationIdEn = SM4UtilsForYanTai.dealEncryptData(organizationId);
            //pwd = URLEncoder.encode(pwd, "UTF-8");
            System.out.println("加密组织Id = " + organizationIdEn);
-            String url = SSO_SERVER+"ouinfo/getUserByOuGuid?organizationId=" + organizationIdEn;
+            String url = SSO_SERVER + "ouinfo/getUserByOuGuid?organizationId=" + organizationIdEn;

            Map<String, Object> headerMap = new HashMap<>();
            Map<String, Object> paramMap = new HashMap<>();
@ -103,29 +108,41 @@ public class YantaiApi {
     */
    public static YantaiSSOUser getLoginToken(String code) {
        try {
-            if (StringUtils.isBlank(code)){
-                throw new EpmetException(EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getCode(),EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getMsg(),EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getMsg());
+            if (StringUtils.isBlank(code)) {
+                throw new EpmetException(EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getCode(), EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getMsg(), EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getMsg());
            }
            //加密
            String organizationIdEn = SM4UtilsForYanTai.dealEncryptData(code);
            //pwd = URLEncoder.encode(pwd, "UTF-8");
-            System.out.println("加密组织Id = " + organizationIdEn);
-            String url = "logintoken?client_id="+CLIENT_ID+"&client_code=" + code;
+            log.info("getLoginToken加密组织Id = " + organizationIdEn);
+            String url = SSO_SERVER + "logintoken?client_id=" + CLIENT_ID + "&client_code=" + code;

            Map<String, Object> headerMap = new HashMap<>();
            Map<String, Object> paramMap = new HashMap<>();
            log.info("getUserByOuGuid request param: url:{},header:{}", url, headerMap);
            Result<String> result = HttpClientManager.getInstance().sendGet(url, paramMap, headerMap);
+            if (!result.success() || StringUtils.isBlank(result.getData())) {
+                log.info("getUserByOuGuid fail result:{}", JSON.toJSONString(result));
+                throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(), "获取token为空", "获取token为空");
+            }
            log.info("getUserByOuGuid request result:{}", result);
            JSONObject jsonObject = JSONObject.parseObject(result.getData());
            //解密
            String errcode = jsonObject.getString("errcode");
-            if (!NumConstant.ZERO_STR.equals(errcode)){
-                throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(),"获取token失败","获取token失败");
+            if (!NumConstant.ZERO_STR.equals(errcode)) {
+                throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(), "获取token失败", "获取token失败");
            }
-            String data = SM4UtilsForYanTai.dealDecryptData(jsonObject.getString("data"));
+            String sencondData = jsonObject.getString("data");
+            log.info("getLoginToken jiami data:{}", sencondData);
+            //String data = SM4UtilsForYanTai.dealDecryptData(sencondData);
+
+
+            String data = TestMs4.decryptEcb(CLIENT_SECRET, sencondData);
+            log.info("getLoginToken jiemi data:{}", sencondData);
            YantaiSSOUser userData = JSON.parseObject(data, YantaiSSOUser.class);
            log.info("getUserByOuGuid request real result:{}", JSON.toJSONString(userData));
+            String userInfoMobile = getUserInfoMobile(userData.getUserGuid());
+            userData.setMobile(userInfoMobile);
            return userData;
        } catch (Exception e) {
            log.error("getUserByOuGuid exception", e);
@ -133,12 +150,76 @@ public class YantaiApi {
        return null;
    }

-    public static void main(String[] args) {
-        String serverUrl = "http://172.20.46.155:8080/sso/login";
-        Map<String,Object> param = new HashMap<>();
-        param.put("client_id","1000006");
-        param.put("redirect_url","https://epmet-open.elinkservice.cn/epmet-oper-gov/");
-        Result<String> stringResult = HttpClientManager.getInstance().sendGet(serverUrl, param);
-        System.out.println(JSON.toJSONString(stringResult));
+    public static String getUserInfoMobile(String userId) {
+        try {
+            JSONObject token = new JSONObject();
+            token.put("token", "iJCDUgCBV/Zk5FkkaxLypA==");
+            // token.put("token","iJCDUgCBV/Zk5FkkaxLypA==");
+            token.put("expiration", System.currentTimeMillis());
+
+            String tokanStr = SM4UtilsForYanTai.dealEncryptData(token.toString());
+            String userIdEn = SM4UtilsForYanTai.dealEncryptData(userId);
+            System.out.println(tokanStr + "__" + userIdEn);
+            String serverUrl = "http://172.20.46.155:8082/person/userInfo/getUserByUserGuid";
+            //String serverUrl = "http://120.220.248.247:8081/person/userInfo/getUserByUserGuid";
+            Map<String, Object> param = new HashMap<>();
+            param.put("userGuid", userIdEn);
+            Map<String, Object> headerMap = new HashMap<>();
+            headerMap.put("Authorization", "Bearer " + tokanStr);
+            Result<String> result = HttpClientManager.getInstance().sendGet(serverUrl, param, headerMap);
+            System.out.println(JSON.toJSONString(result));
+            if (!result.success() || StringUtils.isBlank(result.getData())) {
+                log.info("getUserInfoMobile fail result:{}", JSON.toJSONString(result));
+                throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(), "获取用户信息失败", "获取用户信息失败");
+            }
+            String data = result.getData();
+            log.info("getUserInfoMobile jiami data:{}", JSON.parseObject(data));
+            JSONObject jsonObject = JSON.parseObject(data);
+            String secondCode = jsonObject.getString("code");
+            String secondMessage = jsonObject.getString("message");
+            if (!"200".equals(secondCode)) {
+                throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(), "获取人员信息接口返回失败" + secondMessage, "获取人员信息接口返回失败" + secondMessage);
+            }
+            String data1 = SM4UtilsForYanTai.dealDecryptData(jsonObject.getString("data"));
+            String telephoneNumber = JSON.parseObject(data1).getString("mobileTelephoneNumber");
+            log.info("getUserInfoMobile jiemi data:{}", telephoneNumber);
+            return telephoneNumber;
+        } catch (Exception e) {
+            log.error("getUserInfoMobile exception", e);
+        }
+        return null;
+    }
+
+    public static void main(String[] args) throws BadPaddingException, InvalidKeyException, JsonProcessingException {
+//        JSONObject token = new JSONObject();
+//        token.put("token", SSO_CLIENT_TOKEN);
+//        token.put("expiration", System.currentTimeMillis());
+//
+//        String tokanStr = SM4UtilsForYanTai.dealEncryptData(token.toString());
+//        String testUserId = "0ffd76e2-27b5-4b33-be9a-186f9f878bf1";
+//        String userId = SM4UtilsForYanTai.dealEncryptData(testUserId);
+//        System.out.println(tokanStr + "__" + userId);
+//        String serverUrl = "http://172.20.46.155:8082/person/userInfo/getUserByUserGuid";
+//        //String serverUrl = "http://120.220.248.247:8081/person/userInfo/getUserByUserGuid";
+//        Map<String, Object> param = new HashMap<>();
+//        param.put("userGuid", userId);
+//        Map<String, Object> headerMap = new HashMap<>();
+//        headerMap.put("Authorization", "Bearer " + tokanStr);
+//        Result<String> stringResult = HttpClientManager.getInstance().sendGet(serverUrl, param, headerMap);
+//        System.out.println(JSON.toJSONString(stringResult));
+//
+//        String data = stringResult.getData();
+//        JSONObject jsonObject = JSON.parseObject(data);
+//        String secondCode = jsonObject.getString("code");
+//        String secondMessage = jsonObject.getString("message");
+//        System.out.println(secondCode);
+//        System.out.println(secondMessage);
+//        String data1 = SM4UtilsForYanTai.dealDecryptData(jsonObject.getString("data"));
+//        System.out.println("======" + data1);
+     String s = SM4UtilsForYanTai.dealDecryptData("R5TbfdZPJ7QA9uo02EGT/uDWyUWapZTmTQZwwLYnX5ZChQhV8bYa17yJ+d+KC5vUm9P/O9J25pkpKSzUSaXEmJz3oniLQdj3OyhmZFghKAKVbK/By+3oyVQG3ApRUMwir64RkvnjpP7MjgUaXXongNRheMrsarV2fjr8ZYDzIH0bhsTDgo0/qNSSmFc+0sWmcvraDyeeI5nRNyjaBzybuBQzOCkqf3LtQAwnqWj8lCVPi5dH7KiTzM0pwZWzhfr21xzaw80fQkUMznBfkiJJM8nI2vqgZfa6TgtTH3h7JYLq8LDcu5UMJpMuVjbWwW41N41I+c9magDCUOJ9LkbmrUTvg2Y0asccP7U3jt9NNgwmRT5L/vxNmuapDaADjFR83P3ospRaclr3vo9OWMORSw==");
+        System.out.println("sssssss:"+s);
+
+
+        getLoginToken("0d554bccfbac4be3846d643252daf92b");
    }
 }
--- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/utils/api/yt/YantaiSSOUser.java
+++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/utils/api/yt/YantaiSSOUser.java
@ -27,4 +27,9 @@ public class YantaiSSOUser implements Serializable {
    private String userGuid;
    private String userName;

+    /**
+     * 二次请求结果
+     */
+    private String mobile;
+
 }
--- a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/IcFollowUpRecordServiceImpl.java
+++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/IcFollowUpRecordServiceImpl.java
@ -83,6 +83,7 @@ public class IcFollowUpRecordServiceImpl extends BaseServiceImpl<IcFollowUpRecor
        if (null == staffInfo) {
            throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(), "查询工作人员缓存信息异常", EpmetErrorCode.SERVER_ERROR.getMsg());
        }
+
        IcFollowUpRecordEntity entity = ConvertUtils.sourceToTarget(dto, IcFollowUpRecordEntity.class);
        entity.setAgencyId(staffInfo.getAgencyId());
        insert(entity);