From 5bd7fea7313d2df12743efa3dfea5db3dffe9eb9 Mon Sep 17 00:00:00 2001
From: zz <coml_aaron@163.com>
Date: Thu, 28 Oct 2021 15:48:42 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E8=BF=87=E6=BB=A4=E5=99=A8?=
 =?UTF-8?q?=E9=80=BB=E8=BE=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../com/xhpc/evcs/encryption/Aes128Cbc.java   |  8 +--
 .../xhpc/evcs/api/QueryTokenController.java   | 16 ++++--
 .../java/com/xhpc/evcs/config/EvcsFilter.java | 55 +++++++++++--------
 3 files changed, 45 insertions(+), 34 deletions(-)

diff --git a/evcs-modules/evcs-common/src/main/java/com/xhpc/evcs/encryption/Aes128Cbc.java b/evcs-modules/evcs-common/src/main/java/com/xhpc/evcs/encryption/Aes128Cbc.java
index 5ddd2aa1..1bb4b113 100644
--- a/evcs-modules/evcs-common/src/main/java/com/xhpc/evcs/encryption/Aes128Cbc.java
+++ b/evcs-modules/evcs-common/src/main/java/com/xhpc/evcs/encryption/Aes128Cbc.java
@@ -64,11 +64,9 @@ public class Aes128Cbc {
             InvalidKeyException {
 
         System.out.println(encrypt("{\"PageNo\": \"1\", \"PageSize\": 49}", "8LpncubmWiPCzY3V", "av6A8QdnRaVRMXu6"));
-        System.out.println(encrypt("{\"StartChargeSeq\":\"MA5FF58R7202110221602214945\"," +
-                        "\"ConnectorId\":\"5503141278230501\",\"QRCode\":\"ddg\",\"PlateNum\":\"dk4520\",\"ChargingAmt\":6," +
-                        "\"driverId\":\"15183246728\"}",
-                "8LpncubmWiPCzY3V"
-                , "av6A8QdnRaVRMXu6"));
+        System.out.println(encrypt("{\"StationIDs\":[\"1\"]}", "8LpncubmWiPCzY3V", "av6A8QdnRaVRMXu6"));
+        System.out.println(encrypt("{\"OperatorID\":\"MA5FNJXW9\", \"OperatorSecret\":\"Ut5UFdqDthiJyncU\"}",
+                "8LpncubmWiPCzY3V", "av6A8QdnRaVRMXu6"));
         System.out.println(new BigDecimal("244.0111117").setScale(6, RoundingMode.HALF_UP).doubleValue());
     }
 
diff --git a/evcs-modules/evcs-core/src/main/java/com/xhpc/evcs/api/QueryTokenController.java b/evcs-modules/evcs-core/src/main/java/com/xhpc/evcs/api/QueryTokenController.java
index bea0ebfd..56536994 100644
--- a/evcs-modules/evcs-core/src/main/java/com/xhpc/evcs/api/QueryTokenController.java
+++ b/evcs-modules/evcs-core/src/main/java/com/xhpc/evcs/api/QueryTokenController.java
@@ -13,6 +13,7 @@ import org.joda.time.DateTime;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RestController;
 
 import java.io.IOException;
@@ -29,7 +30,8 @@ public class QueryTokenController extends CoreDispatcher {
     private AuthSecretTokenRepository authSecretTokenRepository;
 
     @PostMapping("/v1/query_token")
-    public CommonResponse queryToken(@RequestBody TokenRequest tokenRequest) throws IOException {
+    public CommonResponse queryToken(@RequestHeader(value = "enc.out", defaultValue = "true") String encout,
+                                     @RequestBody TokenRequest tokenRequest) throws IOException {
 
         log.debug("<<query token request body: " + tokenRequest);
         CommonResponse resp = new CommonResponse();
@@ -68,11 +70,13 @@ public class QueryTokenController extends CoreDispatcher {
             resp.setData(JSONUtil.toJSONString(tokenResponse));
             byte[] buf = JSONUtil.toJSONString(resp).getBytes(StandardCharsets.UTF_8);
             log.debug("out.plain: {}", new String(buf, StandardCharsets.UTF_8));
-            final JsonNode encrypt = EvcsFilter.encryptRespOut(authSecretTokenIn.getDataSecret(),
-                    authSecretTokenIn.getDataSecretIV(), authSecretTokenIn.getSigSecret(), buf);
-            resp.setData(encrypt.get("Data"));
-            resp.setSig(encrypt.get("Sig").asText());
-            log.debug("out.enc: {}", resp);
+            if (!encout.equalsIgnoreCase("false") || !authSecretTokenIn.isEncrypt()) {
+                final JsonNode encrypt = EvcsFilter.encryptRespOut(authSecretTokenIn.getDataSecret(),
+                        authSecretTokenIn.getDataSecretIV(), authSecretTokenIn.getSigSecret(), buf);
+                resp.setData(encrypt.get("Data"));
+                resp.setSig(encrypt.get("Sig").asText());
+                log.debug("out.enc: {}", resp);
+            }
         }
         return resp;
     }
diff --git a/evcs-modules/evcs-core/src/main/java/com/xhpc/evcs/config/EvcsFilter.java b/evcs-modules/evcs-core/src/main/java/com/xhpc/evcs/config/EvcsFilter.java
index ed73f982..c40dc2f2 100644
--- a/evcs-modules/evcs-core/src/main/java/com/xhpc/evcs/config/EvcsFilter.java
+++ b/evcs-modules/evcs-core/src/main/java/com/xhpc/evcs/config/EvcsFilter.java
@@ -61,8 +61,12 @@ public class EvcsFilter extends OncePerRequestFilter {
             chain.doFilter(request, response);
             return;
         }
-
         ServletRequest requestWrapper = new HttpServletRequestRepeatReadWrapper(request);
+        final String encin = request.getHeader("enc.in");
+//        if (encin != null && encin.equals("false")) { //todo comment out in prd env
+//            chain.doFilter(requestWrapper, response);
+//            return;
+//        }
         Scanner scanner = new Scanner(requestWrapper.getInputStream(), "UTF-8").useDelimiter("\\A");
         String bodyString = scanner.hasNext() ? scanner.next() : null;
         log.debug("in.enc: {}", bodyString);
@@ -91,11 +95,6 @@ public class EvcsFilter extends OncePerRequestFilter {
                     return;
                 }
             } else if (authorization == null) { //todo giv't better arrangement
-                final String encin = request.getHeader("enc.in");
-                if (encin != null && encin.equals("false")) {
-                    chain.doFilter(requestWrapper, response);
-                    return;
-                }
                 if (servletPath.endsWith("/query_token")) {
                     authSecretTokenIn = authSecretTokenRepository.findByOperatorId3irdptyAndSecretTokenType(operatorId,
                             AuthSecretToken.SECRET_TOKEN_TYPE_IN).orElse(null);
@@ -141,12 +140,13 @@ public class EvcsFilter extends OncePerRequestFilter {
                     && now.before(authSecretTokenIn.getTokenExpiry())
                     && authorization != null && authorization.substring(7).equals(authSecretTokenIn.getToken())) {
                 try {
-                    if (authSecretTokenIn.isEncrypt()) {
+                    if (authSecretTokenIn.isEncrypt() && !"false".equals(encin)) {
                         decryptedReq = decrypt(request, authSecretTokenIn, commonRequest, bodyString);
                     } else {
-                        decryptedReq = ((String) commonRequest.getData()).getBytes(StandardCharsets.UTF_8);
+                        decryptedReq = commonRequest.getData().getBytes(StandardCharsets.UTF_8);
                     }
-                    log.debug("in.dec: {}", new String(decryptedReq));
+                    commonRequest.setData(new String(decryptedReq));
+                    log.debug("in.dec: {}", commonRequest);
                 } catch (BadPaddingException | InvalidAlgorithmParameterException | NoSuchAlgorithmException | IllegalBlockSizeException | NoSuchPaddingException | InvalidKeyException e) {
                     erroMsg = e.getMessage();
                 }
@@ -154,7 +154,8 @@ public class EvcsFilter extends OncePerRequestFilter {
                 erroMsg = "Authorization error, check OperatorID or token expiry";
             }
             if (decryptedReq != null && decryptedReq.length > 0) {
-                requestWrapper = new HttpServletRequestWritableWrapper(request, decryptedReq);
+                requestWrapper = new HttpServletRequestWritableWrapper(request,
+                        JSONUtil.toJSONString(commonRequest).getBytes(StandardCharsets.UTF_8));
             } else {
                 resp.setRet("4004");
                 resp.setMsg(erroMsg);
@@ -270,10 +271,16 @@ public class EvcsFilter extends OncePerRequestFilter {
         final String encin = request.getHeader("enc.in");
         if ("POST".equalsIgnoreCase(request.getMethod())) {
             if (request.getServletPath().endsWith("/query_token")) {
-                String encryptedMsg = commonRequest.getData();
-                String data = Aes128Cbc.decryptString(encryptedMsg, authSecretToken.getDataSecret(), authSecretToken
-                        .getDataSecretIV());
-                commonRequest.setData(data);
+                String data;
+                if ((encin != null && "false".equals(encin)) || commonRequest.getData() == null) {
+                    data = bodyString;
+                } else if (commonRequest.getData() == null) {
+                    data = Aes128Cbc.decryptString(bodyString, authSecretToken.getDataSecret(), authSecretToken
+                            .getDataSecretIV());
+                } else {
+                    data = Aes128Cbc.decryptString(commonRequest.getData(), authSecretToken.getDataSecret(), authSecretToken
+                            .getDataSecretIV());
+                }
                 buf = data.getBytes(StandardCharsets.UTF_8);
             } else {
                 String authorization = request.getHeader("Authorization");
@@ -287,22 +294,24 @@ public class EvcsFilter extends OncePerRequestFilter {
                     JsonNode dataNode = rootNode.path("Data");
                     JsonNode timestampNode = rootNode.path("TimeStamp");
                     JsonNode seqNode = rootNode.path("Seq");
-                    String computedSig = HMAC.hmacDigest(
-                            operatorIDNode.asText().concat(dataNode.asText()).concat(timestampNode.asText()).concat(seqNode.asText()),
-                            authSecretToken.getSigSecret());
-                    if (encin == null || encin.equals("true") && !computedSig.equals(sigNode.asText())) {
-                        throw new InvalidAlgorithmParameterException("Illegal Sig, computed: ".concat(computedSig));
-                    }
                     if (!dataNode.isNull()) {
+                        String computedSig = HMAC.hmacDigest(
+                                operatorIDNode.asText().concat(dataNode.asText()).concat(timestampNode.asText()).concat(seqNode.asText()),
+                                authSecretToken.getSigSecret());
+                        if ((encin != null && !"false".equals(encin)) && !computedSig.equals(sigNode.asText())) {
+                            throw new InvalidAlgorithmParameterException("Illegal Sig, computed: ".concat(computedSig));
+                        }
                         String rawData = dataNode.asText();
+                        String decryptedData;
                         if (rawData.startsWith("{")) {
-                            ((ObjectNode) rootNode).put("Data", rawData);
+                            decryptedData = rawData;
+//                            ((ObjectNode) rootNode).put("Data", rawData);
                         } else {
-                            String decryptedData = Aes128Cbc.decryptString(rawData, authSecretToken.getDataSecret(),
+                            decryptedData = Aes128Cbc.decryptString(rawData, authSecretToken.getDataSecret(),
                                     authSecretToken.getDataSecretIV());
                             ((ObjectNode) rootNode).put("Data", decryptedData);
                         }
-                        buf = rootNode.toString().getBytes();
+                        buf = decryptedData.getBytes();//rootNode.toString().getBytes();
                     }
                 }
             }