优化过滤器逻辑
This commit is contained in:
zz
parent
78227a9677
commit
5bd7fea731
@ -64,11 +64,9 @@ public class Aes128Cbc {
|
|||||||
InvalidKeyException {
|
InvalidKeyException {
|
||||||
|
|
||||||
System.out.println(encrypt("{\"PageNo\": \"1\", \"PageSize\": 49}", "8LpncubmWiPCzY3V", "av6A8QdnRaVRMXu6"));
|
System.out.println(encrypt("{\"PageNo\": \"1\", \"PageSize\": 49}", "8LpncubmWiPCzY3V", "av6A8QdnRaVRMXu6"));
|
||||||
System.out.println(encrypt("{\"StartChargeSeq\":\"MA5FF58R7202110221602214945\"," +
|
System.out.println(encrypt("{\"StationIDs\":[\"1\"]}", "8LpncubmWiPCzY3V", "av6A8QdnRaVRMXu6"));
|
||||||
"\"ConnectorId\":\"5503141278230501\",\"QRCode\":\"ddg\",\"PlateNum\":\"dk4520\",\"ChargingAmt\":6," +
|
System.out.println(encrypt("{\"OperatorID\":\"MA5FNJXW9\", \"OperatorSecret\":\"Ut5UFdqDthiJyncU\"}",
|
||||||
"\"driverId\":\"15183246728\"}",
|
"8LpncubmWiPCzY3V", "av6A8QdnRaVRMXu6"));
|
||||||
"8LpncubmWiPCzY3V"
|
|
||||||
, "av6A8QdnRaVRMXu6"));
|
|
||||||
System.out.println(new BigDecimal("244.0111117").setScale(6, RoundingMode.HALF_UP).doubleValue());
|
System.out.println(new BigDecimal("244.0111117").setScale(6, RoundingMode.HALF_UP).doubleValue());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -13,6 +13,7 @@ import org.joda.time.DateTime;
|
|||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.web.bind.annotation.PostMapping;
|
import org.springframework.web.bind.annotation.PostMapping;
|
||||||
import org.springframework.web.bind.annotation.RequestBody;
|
import org.springframework.web.bind.annotation.RequestBody;
|
||||||
|
import org.springframework.web.bind.annotation.RequestHeader;
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
@ -29,7 +30,8 @@ public class QueryTokenController extends CoreDispatcher {
|
|||||||
private AuthSecretTokenRepository authSecretTokenRepository;
|
private AuthSecretTokenRepository authSecretTokenRepository;
|
||||||
|
|
||||||
@PostMapping("/v1/query_token")
|
@PostMapping("/v1/query_token")
|
||||||
public CommonResponse queryToken(@RequestBody TokenRequest tokenRequest) throws IOException {
|
public CommonResponse queryToken(@RequestHeader(value = "enc.out", defaultValue = "true") String encout,
|
||||||
|
@RequestBody TokenRequest tokenRequest) throws IOException {
|
||||||
|
|
||||||
log.debug("<<query token request body: " + tokenRequest);
|
log.debug("<<query token request body: " + tokenRequest);
|
||||||
CommonResponse resp = new CommonResponse();
|
CommonResponse resp = new CommonResponse();
|
||||||
@ -68,11 +70,13 @@ public class QueryTokenController extends CoreDispatcher {
|
|||||||
resp.setData(JSONUtil.toJSONString(tokenResponse));
|
resp.setData(JSONUtil.toJSONString(tokenResponse));
|
||||||
byte[] buf = JSONUtil.toJSONString(resp).getBytes(StandardCharsets.UTF_8);
|
byte[] buf = JSONUtil.toJSONString(resp).getBytes(StandardCharsets.UTF_8);
|
||||||
log.debug("out.plain: {}", new String(buf, StandardCharsets.UTF_8));
|
log.debug("out.plain: {}", new String(buf, StandardCharsets.UTF_8));
|
||||||
final JsonNode encrypt = EvcsFilter.encryptRespOut(authSecretTokenIn.getDataSecret(),
|
if (!encout.equalsIgnoreCase("false") || !authSecretTokenIn.isEncrypt()) {
|
||||||
authSecretTokenIn.getDataSecretIV(), authSecretTokenIn.getSigSecret(), buf);
|
final JsonNode encrypt = EvcsFilter.encryptRespOut(authSecretTokenIn.getDataSecret(),
|
||||||
resp.setData(encrypt.get("Data"));
|
authSecretTokenIn.getDataSecretIV(), authSecretTokenIn.getSigSecret(), buf);
|
||||||
resp.setSig(encrypt.get("Sig").asText());
|
resp.setData(encrypt.get("Data"));
|
||||||
log.debug("out.enc: {}", resp);
|
resp.setSig(encrypt.get("Sig").asText());
|
||||||
|
log.debug("out.enc: {}", resp);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return resp;
|
return resp;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -61,8 +61,12 @@ public class EvcsFilter extends OncePerRequestFilter {
|
|||||||
chain.doFilter(request, response);
|
chain.doFilter(request, response);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
ServletRequest requestWrapper = new HttpServletRequestRepeatReadWrapper(request);
|
ServletRequest requestWrapper = new HttpServletRequestRepeatReadWrapper(request);
|
||||||
|
final String encin = request.getHeader("enc.in");
|
||||||
|
// if (encin != null && encin.equals("false")) { //todo comment out in prd env
|
||||||
|
// chain.doFilter(requestWrapper, response);
|
||||||
|
// return;
|
||||||
|
// }
|
||||||
Scanner scanner = new Scanner(requestWrapper.getInputStream(), "UTF-8").useDelimiter("\\A");
|
Scanner scanner = new Scanner(requestWrapper.getInputStream(), "UTF-8").useDelimiter("\\A");
|
||||||
String bodyString = scanner.hasNext() ? scanner.next() : null;
|
String bodyString = scanner.hasNext() ? scanner.next() : null;
|
||||||
log.debug("in.enc: {}", bodyString);
|
log.debug("in.enc: {}", bodyString);
|
||||||
@ -91,11 +95,6 @@ public class EvcsFilter extends OncePerRequestFilter {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
} else if (authorization == null) { //todo giv't better arrangement
|
} else if (authorization == null) { //todo giv't better arrangement
|
||||||
final String encin = request.getHeader("enc.in");
|
|
||||||
if (encin != null && encin.equals("false")) {
|
|
||||||
chain.doFilter(requestWrapper, response);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
if (servletPath.endsWith("/query_token")) {
|
if (servletPath.endsWith("/query_token")) {
|
||||||
authSecretTokenIn = authSecretTokenRepository.findByOperatorId3irdptyAndSecretTokenType(operatorId,
|
authSecretTokenIn = authSecretTokenRepository.findByOperatorId3irdptyAndSecretTokenType(operatorId,
|
||||||
AuthSecretToken.SECRET_TOKEN_TYPE_IN).orElse(null);
|
AuthSecretToken.SECRET_TOKEN_TYPE_IN).orElse(null);
|
||||||
@ -141,12 +140,13 @@ public class EvcsFilter extends OncePerRequestFilter {
|
|||||||
&& now.before(authSecretTokenIn.getTokenExpiry())
|
&& now.before(authSecretTokenIn.getTokenExpiry())
|
||||||
&& authorization != null && authorization.substring(7).equals(authSecretTokenIn.getToken())) {
|
&& authorization != null && authorization.substring(7).equals(authSecretTokenIn.getToken())) {
|
||||||
try {
|
try {
|
||||||
if (authSecretTokenIn.isEncrypt()) {
|
if (authSecretTokenIn.isEncrypt() && !"false".equals(encin)) {
|
||||||
decryptedReq = decrypt(request, authSecretTokenIn, commonRequest, bodyString);
|
decryptedReq = decrypt(request, authSecretTokenIn, commonRequest, bodyString);
|
||||||
} else {
|
} else {
|
||||||
decryptedReq = ((String) commonRequest.getData()).getBytes(StandardCharsets.UTF_8);
|
decryptedReq = commonRequest.getData().getBytes(StandardCharsets.UTF_8);
|
||||||
}
|
}
|
||||||
log.debug("in.dec: {}", new String(decryptedReq));
|
commonRequest.setData(new String(decryptedReq));
|
||||||
|
log.debug("in.dec: {}", commonRequest);
|
||||||
} catch (BadPaddingException | InvalidAlgorithmParameterException | NoSuchAlgorithmException | IllegalBlockSizeException | NoSuchPaddingException | InvalidKeyException e) {
|
} catch (BadPaddingException | InvalidAlgorithmParameterException | NoSuchAlgorithmException | IllegalBlockSizeException | NoSuchPaddingException | InvalidKeyException e) {
|
||||||
erroMsg = e.getMessage();
|
erroMsg = e.getMessage();
|
||||||
}
|
}
|
||||||
@ -154,7 +154,8 @@ public class EvcsFilter extends OncePerRequestFilter {
|
|||||||
erroMsg = "Authorization error, check OperatorID or token expiry";
|
erroMsg = "Authorization error, check OperatorID or token expiry";
|
||||||
}
|
}
|
||||||
if (decryptedReq != null && decryptedReq.length > 0) {
|
if (decryptedReq != null && decryptedReq.length > 0) {
|
||||||
requestWrapper = new HttpServletRequestWritableWrapper(request, decryptedReq);
|
requestWrapper = new HttpServletRequestWritableWrapper(request,
|
||||||
|
JSONUtil.toJSONString(commonRequest).getBytes(StandardCharsets.UTF_8));
|
||||||
} else {
|
} else {
|
||||||
resp.setRet("4004");
|
resp.setRet("4004");
|
||||||
resp.setMsg(erroMsg);
|
resp.setMsg(erroMsg);
|
||||||
@ -270,10 +271,16 @@ public class EvcsFilter extends OncePerRequestFilter {
|
|||||||
final String encin = request.getHeader("enc.in");
|
final String encin = request.getHeader("enc.in");
|
||||||
if ("POST".equalsIgnoreCase(request.getMethod())) {
|
if ("POST".equalsIgnoreCase(request.getMethod())) {
|
||||||
if (request.getServletPath().endsWith("/query_token")) {
|
if (request.getServletPath().endsWith("/query_token")) {
|
||||||
String encryptedMsg = commonRequest.getData();
|
String data;
|
||||||
String data = Aes128Cbc.decryptString(encryptedMsg, authSecretToken.getDataSecret(), authSecretToken
|
if ((encin != null && "false".equals(encin)) || commonRequest.getData() == null) {
|
||||||
.getDataSecretIV());
|
data = bodyString;
|
||||||
commonRequest.setData(data);
|
} else if (commonRequest.getData() == null) {
|
||||||
|
data = Aes128Cbc.decryptString(bodyString, authSecretToken.getDataSecret(), authSecretToken
|
||||||
|
.getDataSecretIV());
|
||||||
|
} else {
|
||||||
|
data = Aes128Cbc.decryptString(commonRequest.getData(), authSecretToken.getDataSecret(), authSecretToken
|
||||||
|
.getDataSecretIV());
|
||||||
|
}
|
||||||
buf = data.getBytes(StandardCharsets.UTF_8);
|
buf = data.getBytes(StandardCharsets.UTF_8);
|
||||||
} else {
|
} else {
|
||||||
String authorization = request.getHeader("Authorization");
|
String authorization = request.getHeader("Authorization");
|
||||||
@ -287,22 +294,24 @@ public class EvcsFilter extends OncePerRequestFilter {
|
|||||||
JsonNode dataNode = rootNode.path("Data");
|
JsonNode dataNode = rootNode.path("Data");
|
||||||
JsonNode timestampNode = rootNode.path("TimeStamp");
|
JsonNode timestampNode = rootNode.path("TimeStamp");
|
||||||
JsonNode seqNode = rootNode.path("Seq");
|
JsonNode seqNode = rootNode.path("Seq");
|
||||||
String computedSig = HMAC.hmacDigest(
|
|
||||||
operatorIDNode.asText().concat(dataNode.asText()).concat(timestampNode.asText()).concat(seqNode.asText()),
|
|
||||||
authSecretToken.getSigSecret());
|
|
||||||
if (encin == null || encin.equals("true") && !computedSig.equals(sigNode.asText())) {
|
|
||||||
throw new InvalidAlgorithmParameterException("Illegal Sig, computed: ".concat(computedSig));
|
|
||||||
}
|
|
||||||
if (!dataNode.isNull()) {
|
if (!dataNode.isNull()) {
|
||||||
|
String computedSig = HMAC.hmacDigest(
|
||||||
|
operatorIDNode.asText().concat(dataNode.asText()).concat(timestampNode.asText()).concat(seqNode.asText()),
|
||||||
|
authSecretToken.getSigSecret());
|
||||||
|
if ((encin != null && !"false".equals(encin)) && !computedSig.equals(sigNode.asText())) {
|
||||||
|
throw new InvalidAlgorithmParameterException("Illegal Sig, computed: ".concat(computedSig));
|
||||||
|
}
|
||||||
String rawData = dataNode.asText();
|
String rawData = dataNode.asText();
|
||||||
|
String decryptedData;
|
||||||
if (rawData.startsWith("{")) {
|
if (rawData.startsWith("{")) {
|
||||||
((ObjectNode) rootNode).put("Data", rawData);
|
decryptedData = rawData;
|
||||||
|
// ((ObjectNode) rootNode).put("Data", rawData);
|
||||||
} else {
|
} else {
|
||||||
String decryptedData = Aes128Cbc.decryptString(rawData, authSecretToken.getDataSecret(),
|
decryptedData = Aes128Cbc.decryptString(rawData, authSecretToken.getDataSecret(),
|
||||||
authSecretToken.getDataSecretIV());
|
authSecretToken.getDataSecretIV());
|
||||||
((ObjectNode) rootNode).put("Data", decryptedData);
|
((ObjectNode) rootNode).put("Data", decryptedData);
|
||||||
}
|
}
|
||||||
buf = rootNode.toString().getBytes();
|
buf = decryptedData.getBytes();//rootNode.toString().getBytes();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user