yuyang/XH-Power-Cloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

优化过滤器逻辑

Browse Source
This commit is contained in:
zz 2021-10-28 15:48:42 +08:00
parent 78227a9677
commit 5bd7fea731
3 changed files with 45 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
evcs-modules/evcs-common/src/main/java/com/xhpc/evcs/encryption/Aes128Cbc.java
View File

@ -64,11 +64,9 @@ public class Aes128Cbc {
InvalidKeyException {
System.out.println(encrypt("{\"PageNo\": \"1\", \"PageSize\": 49}", "8LpncubmWiPCzY3V", "av6A8QdnRaVRMXu6"));
System.out.println(encrypt("{\"StartChargeSeq\":\"MA5FF58R7202110221602214945\"," +
"\"ConnectorId\":\"5503141278230501\",\"QRCode\":\"ddg\",\"PlateNum\":\"dk4520\",\"ChargingAmt\":6," +
"\"driverId\":\"15183246728\"}",
"8LpncubmWiPCzY3V"
, "av6A8QdnRaVRMXu6"));
System.out.println(encrypt("{\"StationIDs\":[\"1\"]}", "8LpncubmWiPCzY3V", "av6A8QdnRaVRMXu6"));
System.out.println(encrypt("{\"OperatorID\":\"MA5FNJXW9\", \"OperatorSecret\":\"Ut5UFdqDthiJyncU\"}",
"8LpncubmWiPCzY3V", "av6A8QdnRaVRMXu6"));
System.out.println(new BigDecimal("244.0111117").setScale(6, RoundingMode.HALF_UP).doubleValue());
}

16
evcs-modules/evcs-core/src/main/java/com/xhpc/evcs/api/QueryTokenController.java
View File

@ -13,6 +13,7 @@ import org.joda.time.DateTime;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RestController;
import java.io.IOException;
@ -29,7 +30,8 @@ public class QueryTokenController extends CoreDispatcher {
private AuthSecretTokenRepository authSecretTokenRepository;
@PostMapping("/v1/query_token")
public CommonResponse queryToken(@RequestBody TokenRequest tokenRequest) throws IOException {
public CommonResponse queryToken(@RequestHeader(value = "enc.out", defaultValue = "true") String encout,
@RequestBody TokenRequest tokenRequest) throws IOException {
log.debug("<<query token request body: " + tokenRequest);
CommonResponse resp = new CommonResponse();
@ -68,11 +70,13 @@ public class QueryTokenController extends CoreDispatcher {
resp.setData(JSONUtil.toJSONString(tokenResponse));
byte[] buf = JSONUtil.toJSONString(resp).getBytes(StandardCharsets.UTF_8);
log.debug("out.plain: {}", new String(buf, StandardCharsets.UTF_8));
final JsonNode encrypt = EvcsFilter.encryptRespOut(authSecretTokenIn.getDataSecret(),
authSecretTokenIn.getDataSecretIV(), authSecretTokenIn.getSigSecret(), buf);
resp.setData(encrypt.get("Data"));
resp.setSig(encrypt.get("Sig").asText());
log.debug("out.enc: {}", resp);
if (!encout.equalsIgnoreCase("false") || !authSecretTokenIn.isEncrypt()) {
final JsonNode encrypt = EvcsFilter.encryptRespOut(authSecretTokenIn.getDataSecret(),
authSecretTokenIn.getDataSecretIV(), authSecretTokenIn.getSigSecret(), buf);
resp.setData(encrypt.get("Data"));
resp.setSig(encrypt.get("Sig").asText());
log.debug("out.enc: {}", resp);
}
}
return resp;
}

55
evcs-modules/evcs-core/src/main/java/com/xhpc/evcs/config/EvcsFilter.java
View File

@ -61,8 +61,12 @@ public class EvcsFilter extends OncePerRequestFilter {
chain.doFilter(request, response);
return;
}
ServletRequest requestWrapper = new HttpServletRequestRepeatReadWrapper(request);
final String encin = request.getHeader("enc.in");
// if (encin != null && encin.equals("false")) { //todo comment out in prd env
// chain.doFilter(requestWrapper, response);
// return;
// }
Scanner scanner = new Scanner(requestWrapper.getInputStream(), "UTF-8").useDelimiter("\\A");
String bodyString = scanner.hasNext() ? scanner.next() : null;
log.debug("in.enc: {}", bodyString);
@ -91,11 +95,6 @@ public class EvcsFilter extends OncePerRequestFilter {
return;
}
} else if (authorization == null) { //todo giv't better arrangement
final String encin = request.getHeader("enc.in");
if (encin != null && encin.equals("false")) {
chain.doFilter(requestWrapper, response);
return;
}
if (servletPath.endsWith("/query_token")) {
authSecretTokenIn = authSecretTokenRepository.findByOperatorId3irdptyAndSecretTokenType(operatorId,
AuthSecretToken.SECRET_TOKEN_TYPE_IN).orElse(null);
@ -141,12 +140,13 @@ public class EvcsFilter extends OncePerRequestFilter {
&& now.before(authSecretTokenIn.getTokenExpiry())
&& authorization != null && authorization.substring(7).equals(authSecretTokenIn.getToken())) {
try {
if (authSecretTokenIn.isEncrypt()) {
if (authSecretTokenIn.isEncrypt() && !"false".equals(encin)) {
decryptedReq = decrypt(request, authSecretTokenIn, commonRequest, bodyString);
} else {
decryptedReq = ((String) commonRequest.getData()).getBytes(StandardCharsets.UTF_8);
decryptedReq = commonRequest.getData().getBytes(StandardCharsets.UTF_8);
}
log.debug("in.dec: {}", new String(decryptedReq));
commonRequest.setData(new String(decryptedReq));
log.debug("in.dec: {}", commonRequest);
} catch (BadPaddingException | InvalidAlgorithmParameterException | NoSuchAlgorithmException | IllegalBlockSizeException | NoSuchPaddingException | InvalidKeyException e) {
erroMsg = e.getMessage();
}
@ -154,7 +154,8 @@ public class EvcsFilter extends OncePerRequestFilter {
erroMsg = "Authorization error, check OperatorID or token expiry";
}
if (decryptedReq != null && decryptedReq.length > 0) {
requestWrapper = new HttpServletRequestWritableWrapper(request, decryptedReq);
requestWrapper = new HttpServletRequestWritableWrapper(request,
JSONUtil.toJSONString(commonRequest).getBytes(StandardCharsets.UTF_8));
} else {
resp.setRet("4004");
resp.setMsg(erroMsg);
@ -270,10 +271,16 @@ public class EvcsFilter extends OncePerRequestFilter {
final String encin = request.getHeader("enc.in");
if ("POST".equalsIgnoreCase(request.getMethod())) {
if (request.getServletPath().endsWith("/query_token")) {
String encryptedMsg = commonRequest.getData();
String data = Aes128Cbc.decryptString(encryptedMsg, authSecretToken.getDataSecret(), authSecretToken
.getDataSecretIV());
commonRequest.setData(data);
String data;
if ((encin != null && "false".equals(encin)) || commonRequest.getData() == null) {
data = bodyString;
} else if (commonRequest.getData() == null) {
data = Aes128Cbc.decryptString(bodyString, authSecretToken.getDataSecret(), authSecretToken
.getDataSecretIV());
} else {
data = Aes128Cbc.decryptString(commonRequest.getData(), authSecretToken.getDataSecret(), authSecretToken
.getDataSecretIV());
}
buf = data.getBytes(StandardCharsets.UTF_8);
} else {
String authorization = request.getHeader("Authorization");
@ -287,22 +294,24 @@ public class EvcsFilter extends OncePerRequestFilter {
JsonNode dataNode = rootNode.path("Data");
JsonNode timestampNode = rootNode.path("TimeStamp");
JsonNode seqNode = rootNode.path("Seq");
String computedSig = HMAC.hmacDigest(
operatorIDNode.asText().concat(dataNode.asText()).concat(timestampNode.asText()).concat(seqNode.asText()),
authSecretToken.getSigSecret());
if (encin == null || encin.equals("true") && !computedSig.equals(sigNode.asText())) {
throw new InvalidAlgorithmParameterException("Illegal Sig, computed: ".concat(computedSig));
}
if (!dataNode.isNull()) {
String computedSig = HMAC.hmacDigest(
operatorIDNode.asText().concat(dataNode.asText()).concat(timestampNode.asText()).concat(seqNode.asText()),
authSecretToken.getSigSecret());
if ((encin != null && !"false".equals(encin)) && !computedSig.equals(sigNode.asText())) {
throw new InvalidAlgorithmParameterException("Illegal Sig, computed: ".concat(computedSig));
}
String rawData = dataNode.asText();
String decryptedData;
if (rawData.startsWith("{")) {
((ObjectNode) rootNode).put("Data", rawData);
decryptedData = rawData;
// ((ObjectNode) rootNode).put("Data", rawData);
} else {
String decryptedData = Aes128Cbc.decryptString(rawData, authSecretToken.getDataSecret(),
decryptedData = Aes128Cbc.decryptString(rawData, authSecretToken.getDataSecret(),
authSecretToken.getDataSecretIV());
((ObjectNode) rootNode).put("Data", decryptedData);
}
buf = rootNode.toString().getBytes();
buf = decryptedData.getBytes();//rootNode.toString().getBytes();
}
}
}