Etusivu Tutki Apua
Rekisteröidy Kirjaudu sisään
root
/
railway-prod2
1
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Puu: c5e7bd2627
Branchit Tagit
railway-prod2
/
railway-common
/
src
/
main
/
java
/
com
/
railway
/
common
/
utils
/
sign
/
SignatureUtil.java

SignatureUtil.java 5.1 KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141 
  1. package com.railway.common.utils.sign;
    2. 

  2. 

  3. import static com.railway.common.core.domain.dto.ReturnCode.SIGN_CHECK_FAIL;
    4. 

  4. 

  5. import com.railway.common.core.domain.AjaxResult;
    6. 

  6. import com.railway.common.core.domain.dto.ReturnCode;
    7. 

  7. import com.railway.common.utils.DateUtils;
    8. 

  8. import java.io.UnsupportedEncodingException;
    9. 

  9. import java.net.URLEncoder;
    10. 

  10. import java.security.InvalidKeyException;
    11. 

  11. import java.security.NoSuchAlgorithmException;
    12. 

  12. import java.time.LocalDateTime;
    13. 

  13. import java.util.Arrays;
    14. 

  14. import java.util.Map;
    15. 

  15. import javax.crypto.Mac;
    16. 

  16. import javax.crypto.spec.SecretKeySpec;
    17. 

  17. import javax.xml.bind.DatatypeConverter;
    18. 

  18. import lombok.extern.slf4j.Slf4j;
    19. 

  19. import org.apache.commons.lang3.StringUtils;
    20. 

  20. 

  21. /**
    22. 

  22.  * 接口签名检查
    23. 

  23.  *
    24. 

  24.  * @author zhaomn
    25. 

  25.  */
    26. 

  26. 

  27. @Slf4j
    28. 

  28. public class SignatureUtil {
    29. 

  29. 

  30.   public static final String STR_TIMESTAMP = "timestamp";
    31. 

  31.   public static final String STR_SIGNATURE = "signature";
    32. 

  32.   public static final long MAX_TIME_DIFF = 600L;
    33. 

  33. 

  34.   private static final String ENCODING = "UTF-8";
    35. 

  35.   private static final String HMAC_SHA256 = "HmacSHA256";
    36. 

  36. 

  37.   public static String getParamString(Map<String, String> paramMap)
    38. 

  38.       throws UnsupportedEncodingException {
    39. 

  39.     if (paramMap == null || paramMap.isEmpty()) {
    40. 

  40.       return "";
    41. 

  41.     }
    42. 

  42. 

  43.     // 对参数进行排序
    44. 

  44.     String[] sortedKeys = paramMap.keySet().toArray(new String[]{});
    45. 

  45.     Arrays.sort(sortedKeys);
    46. 

  46. 

  47.     final String SEPARATOR = "&";
    48. 

  48.     // 生成stringToSign字符串
    49. 

  49.     StringBuilder stringToSign = new StringBuilder();
    50. 

  50.     StringBuilder canonicalizedQueryString = new StringBuilder();
    51. 

  51.     boolean isFirst = true;
    52. 

  52.     for (String key : sortedKeys) {
    53. 

  53.       if (isFirst) {
    54. 

  54.         isFirst = false;
    55. 

  55.       } else {
    56. 

  56.         canonicalizedQueryString.append(SEPARATOR);
    57. 

  57.       }
    58. 

  58.       // 这里注意对key和value进行编码
    59. 

  59.       canonicalizedQueryString.append(percentEncode(key)).append("=")
    60. 

  60.           .append(percentEncode(paramMap.get(key)));
    61. 

  61.     }
    62. 

  62. 

  63.     // 这里注意对canonicalizedQueryString进行编码
    64. 

  64.     stringToSign.append(percentEncode(canonicalizedQueryString.substring(0)));
    65. 

  65.     return stringToSign.toString();
    66. 

  66.   }
    67. 

  67. 

  68.   private static String percentEncode(String value) throws UnsupportedEncodingException {
    69. 

  69.     return value != null ? URLEncoder.encode(value, ENCODING).replace("+", "%20").replace("*",
    70. 

  70.         "%2A").replace("%7E", "~") : null;
    71. 

  71.   }
    72. 

  72. 

  73.   public static AjaxResult checkTimestamp(String requestId, String userTimestamp){
    74. 

  74.     if (StringUtils.isBlank(userTimestamp)) {
    75. 

  75.       log.debug("checkSignature, missing parameters, requestId {}, timestamp {}",
    76. 

  76.           requestId, userTimestamp);
    77. 

  77.       return AjaxResult.error(ReturnCode.REQUIRED_PARAM_MISSING);
    78. 

  78.     }
    79. 

  79.     LocalDateTime urlDateTime = DateUtils.parseDateTime(userTimestamp);
    80. 

  80.     if (null == urlDateTime) {
    81. 

  81.       log.debug("checkSignature, time format error, requestId {}, timestamp {}",
    82. 

  82.           requestId, userTimestamp);
    83. 

  83.       return AjaxResult.error(ReturnCode.DATETIME_FORMAT_ERROR);
    84. 

  84.     }
    85. 

  85.     LocalDateTime now = LocalDateTime.now();
    86. 

  86.     if (urlDateTime.isAfter(now.plusSeconds(SignatureUtil.MAX_TIME_DIFF))
    87. 

  87.         || urlDateTime.isBefore(now.minusSeconds(SignatureUtil.MAX_TIME_DIFF))) {
    88. 

  88.       log.debug("checkSignature, time is shift too many, in {}, now {}", urlDateTime, now);
    89. 

  89.       return AjaxResult.error(ReturnCode.DATETIME_SHIFT_TOO_MANY);
    90. 

  90.     }
    91. 

  91.     return AjaxResult.success();
    92. 

  92.   }
    93. 

  93. 

  94.   public static AjaxResult checkSignature(String requestId, String strToSign,
    95. 

  95.       String userSignature, String aesKey) {
    96. 

  96.     if (StringUtils.isBlank(strToSign)) {
    97. 

  97.       return AjaxResult.success();
    98. 

  98.     }
    99. 

  99.     if (StringUtils.isBlank(userSignature)) {
    100. 

  100.       log.debug("checkSignature, missing parameters, requestId {}", requestId);
    101. 

  101.       return AjaxResult.error(ReturnCode.REQUIRED_PARAM_MISSING);
    102. 

  102.     }
    103. 

  103. 

  104.     String signature = createSignature(strToSign, aesKey);
    105. 

  105.     if (StringUtils.isEmpty(signature)) {
    106. 

  106.       log.debug("checkSignature, calc signature null {}", requestId);
    107. 

  107.       return AjaxResult.error(SIGN_CHECK_FAIL);
    108. 

  108.     }
    109. 

  109. 

  110.     boolean check = signature.equals(userSignature);
    111. 

  111.     if (!check) {
    112. 

  112.       log.debug(
    113. 

  113.           "checkSignature, signature not equal, strToSign {}, user signature {}, calc signature {}",
    114. 

  114.           strToSign, userSignature, signature);
    115. 

  115.       return AjaxResult.error(SIGN_CHECK_FAIL);
    116. 

  116.     }
    117. 

  117. 

  118.     return AjaxResult.success();
    119. 

  119.   }
    120. 

  120. 

  121.   private static String createSignature(String strToSign, String key) {
    122. 

  122.     try {
    123. 

  123.       SecretKeySpec signingKey = new SecretKeySpec(key.getBytes(ENCODING),
    124. 

  124.           SignatureUtil.HMAC_SHA256);
    125. 

  125.       Mac mac = Mac.getInstance(SignatureUtil.HMAC_SHA256);
    126. 

  126.       mac.init(signingKey);
    127. 

  127.       byte[] rawHmac = mac.doFinal(strToSign.getBytes(ENCODING));
    128. 

  128.       log.debug("printHexBinary= {}", DatatypeConverter.printHexBinary(rawHmac));
    129. 

  129.       log.debug("printBase64Binary= {}", DatatypeConverter.printBase64Binary(rawHmac));
    130. 

  130.       return DatatypeConverter.printBase64Binary(rawHmac);
    131. 

  131.     } catch (NoSuchAlgorithmException | InvalidKeyException | UnsupportedEncodingException ignore) {
    132. 

  132.     }
    133. 

  133.     return null;
    134. 

  134.   }
    135. 

  135. 

  136.   public static void main(String[] args) {
    137. 

  137.     createSignature(
    138. 

  138.         "code%3D12%26password%3DdB123456%26username%3D1088%26uuid%3Dacca0f11d8e2450e85fd45d76c49b951",
    139. 

  139.         "s#e@5f98H*^his%t");
    140. 

  140.   }
    141. 

  141. }
    142.