美天美牙
blame | 历史 | 原始文档
puzhibing
2023-10-08 22199bbdda579861736420fe26c2873ab0f5d21c 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

package com.sinata.rest.modular.auth.converter;


 


import com.alibaba.fastjson.JSON;


import com.alibaba.fastjson.support.spring.FastJsonHttpMessageConverter;


import com.sinata.rest.common.exception.BizExceptionEnum;


import com.sinata.rest.config.properties.JwtProperties;


import com.sinata.rest.core.exception.GunsException;


import com.sinata.rest.core.support.HttpKit;


import com.sinata.rest.core.util.MD5Util;


import com.sinata.rest.modular.auth.security.DataSecurityAction;


import com.sinata.rest.modular.auth.util.JwtTokenUtil;


import lombok.extern.slf4j.Slf4j;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.http.HttpInputMessage;


import org.springframework.http.converter.HttpMessageNotReadableException;


 


import java.io.IOException;


import java.io.InputStream;


import java.lang.reflect.Type;


 


/**


 * 带签名的http信息转化器


 */


@Slf4j


public class WithSignMessageConverter extends FastJsonHttpMessageConverter {


 


    @Autowired


    JwtProperties jwtProperties;


 


    @Autowired


    JwtTokenUtil jwtTokenUtil;


 


    @Autowired


    DataSecurityAction dataSecurityAction;


 


    @Override


    public Object read(Type type, Class<?> contextClass, HttpInputMessage inputMessage) throws IOException, HttpMessageNotReadableException {


        InputStream in = inputMessage.getBody();


        Object o = JSON.parseObject(in, super.getFastJsonConfig().getCharset(), BaseTransferEntity.class, super.getFastJsonConfig().getFeatures());


 


        //先转化成原始的对象


        BaseTransferEntity baseTransferEntity = (BaseTransferEntity) o;


 


        // 不需要验签接口,直接转化对象


        String[] authPath = jwtProperties.getAuthPath().split(",");


        for (int i = 0; i < authPath.length; i++) {


            if (HttpKit.getRequest().getServletPath().contains(authPath[i].trim())) {


                try {


                    String object = baseTransferEntity.getObject();


                    if (object == null) {


                        throw new GunsException(BizExceptionEnum.SIGN_OBJECT_NULL);


                    }


                    String json = dataSecurityAction.unlock(object.replace("\r\n", ""));


                    // 不需要验签,直接转化成应该的对象


                    return JSON.parseObject(json, type);


                } catch (Exception e) {


                    throw new GunsException(BizExceptionEnum.SIGN_ERROR);


                }


            }


        }


 


        //校验签名


        String header = HttpKit.getRequest().getHeader(jwtProperties.getHeader());


        if (header == null) {


            throw new GunsException(BizExceptionEnum.SIGN_HEARD_NULL);


        }


        String token = header.substring(7);


        String md5KeyFromToken = jwtTokenUtil.getMd5KeyFromToken(token);


 


        String object = baseTransferEntity.getObject();


        if (object == null) {


            throw new GunsException(BizExceptionEnum.SIGN_OBJECT_NULL);


        }


        String json = dataSecurityAction.unlock(object.replace("\r\n", ""));


        String encrypt = MD5Util.encrypt(object + md5KeyFromToken);


 


        if (encrypt.equals(baseTransferEntity.getSign())) {


            //System.out.println("签名校验成功!");


        } else {


            //System.out.println("签名校验失败,数据被改动过!");


            throw new GunsException(BizExceptionEnum.SIGN_ERROR);


        }


 


        //校验签名后再转化成应该的对象


        return JSON.parseObject(json, type);


    }


}