适配腾讯

pom.xml

@@ -216,6 +216,12 @@
         </dependency>
 
         <dependency>
+            <groupId>com.tencentcloudapi</groupId>
+            <artifactId>tencentcloud-sdk-java</artifactId>
+            <version>3.1.1124</version>
+        </dependency>
+
+        <dependency>
             <groupId>software.amazon.awssdk</groupId>
             <artifactId>sts</artifactId>
         </dependency>

src/main/java/com/fdkankan/cloud/acl/aop/CheckSignatureAspect.java

@@ -2,6 +2,7 @@ package com.fdkankan.cloud.acl.aop;
 
 import cn.hutool.core.codec.Base64;
 import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.asymmetric.RSA;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.fdkankan.cloud.acl.entity.AppConfig;
 import com.fdkankan.cloud.acl.entity.AppKeyConfig;
@@ -101,6 +102,14 @@ public class CheckSignatureAspect {
 		String test = "8b4a0b35ef8b456eae47dc56bd72b56a-" +  "1729673747";
 		String s = RsaUtil.create(null, publicKey).encryptByPublicKey(test);
 		System.out.println(s);
+
+
+		RSA rsa1 = new RSA();
+        System.out.println(rsa1.getPrivateKeyBase64());
+        System.out.println(rsa1.getPublicKeyBase64());
+
+
+
 	}
 
 }

src/main/java/com/fdkankan/cloud/acl/config/TencentConfig.java

@@ -0,0 +1,44 @@
+package com.fdkankan.cloud.acl.config;
+
+import com.tencentcloudapi.common.Credential;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
+import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
+import software.amazon.awssdk.regions.Region;
+import software.amazon.awssdk.services.sts.StsClient;
+
+@ConditionalOnProperty(name = "cloud.type", havingValue = "aws")
+@Configuration
+public class TencentConfig {
+
+    @Value("${cloud.sts.accessKeyId}")
+    private String accessKeyId;
+
+    @Value("${cloud.sts.accessKeySecret}")
+    private String accessKeySecret;
+
+    @Value("${cloud.sts.endpoint}")
+    private String endpoint;
+
+    @Value("${cloud.sts.region}")
+    private String region;
+
+
+
+    /**
+     * 使用AK&SK初始化账号Client
+     * @return Client
+     * @throws Exception
+     */
+    @Bean("stsClient")
+    public TencentStsClient initClient(){
+        Credential credential = new Credential(accessKeyId, accessKeySecret);
+        TencentStsClient stsClient = new TencentStsClient(endpoint, credential, region);
+        return stsClient;
+    }
+
+
+}

src/main/java/com/fdkankan/cloud/acl/config/TencentStsClient.java

@@ -0,0 +1,126 @@
+package com.fdkankan.cloud.acl.config;
+
+import com.tencentcloudapi.common.AbstractClient;
+import com.tencentcloudapi.common.Credential;
+import com.tencentcloudapi.common.exception.TencentCloudSDKException;
+import com.tencentcloudapi.common.profile.ClientProfile;
+import com.tencentcloudapi.sts.v20180813.models.AssumeRoleRequest;
+import com.tencentcloudapi.sts.v20180813.models.AssumeRoleResponse;
+
+public class TencentStsClient extends AbstractClient{
+//    private static String endpoint = "sts.tencentcloudapi.com";
+    private static String service = "sts";
+    private static String version = "2018-08-13";
+    
+    public TencentStsClient(String endpoint, Credential credential, String region) {
+        this(endpoint, credential, region, new ClientProfile());
+    }
+
+    public TencentStsClient(String endPoint, Credential credential, String region, ClientProfile profile) {
+        super(endPoint, TencentStsClient.version, credential, region, profile);
+    }
+
+    /**
+     *申请扮演角色临时访问凭证。
+
+1、角色策略组成
+
+（1）角色信任策略：指定谁可以扮演该角色；
+
+（2）角色权限策略：指定扮演角色后可以执行哪些操作。
+
+
+2、角色可扮演条件
+
+（1）给用户绑定允许调用AssumeRole的策略 ；
+
+（2）将用户添加为角色信任策略中的主体。
+     * @param req AssumeRoleRequest
+     * @return AssumeRoleResponse
+     * @throws TencentCloudSDKException
+     */
+    public AssumeRoleResponse AssumeRole(AssumeRoleRequest req) throws TencentCloudSDKException{
+        return this.internalRequest(req, "AssumeRole", AssumeRoleResponse.class);
+    }
+
+//    /**
+//     *本接口（AssumeRoleWithSAML）用于根据 SAML 断言申请角色临时访问凭证。
+//
+//注意：当使用签名方法 V3 调用本接口时，请求头无须传入 X-TC-Token, 但 Authorization 需要传入值 SKIP。
+//     * @param req AssumeRoleWithSAMLRequest
+//     * @return AssumeRoleWithSAMLResponse
+//     * @throws TencentCloudSDKException
+//     */
+//    public AssumeRoleWithSAMLResponse AssumeRoleWithSAML(AssumeRoleWithSAMLRequest req) throws TencentCloudSDKException{
+//        req.setSkipSign(true);
+//        return this.internalRequest(req, "AssumeRoleWithSAML", AssumeRoleWithSAMLResponse.class);
+//    }
+//
+//    /**
+//     *申请OIDC角色临时访问凭证。
+//
+//注意：当使用签名方法 V3 调用本接口时，请求头无须传入 X-TC-Token, 但 Authorization 需要传入值 SKIP。
+//     * @param req AssumeRoleWithWebIdentityRequest
+//     * @return AssumeRoleWithWebIdentityResponse
+//     * @throws TencentCloudSDKException
+//     */
+//    public AssumeRoleWithWebIdentityResponse AssumeRoleWithWebIdentity(AssumeRoleWithWebIdentityRequest req) throws TencentCloudSDKException{
+//        req.setSkipSign(true);
+//        return this.internalRequest(req, "AssumeRoleWithWebIdentity", AssumeRoleWithWebIdentityResponse.class);
+//    }
+//
+//    /**
+//     *获取当前调用者的身份信息。
+//
+//接口支持主账号，子账号长期密钥以及AssumeRole，GetFederationToken生成的临时访问凭证身份获取。
+//     * @param req GetCallerIdentityRequest
+//     * @return GetCallerIdentityResponse
+//     * @throws TencentCloudSDKException
+//     */
+//    public GetCallerIdentityResponse GetCallerIdentity(GetCallerIdentityRequest req) throws TencentCloudSDKException{
+//        req.setSkipSign(false);
+//        return this.internalRequest(req, "GetCallerIdentity", GetCallerIdentityResponse.class);
+//    }
+//
+//    /**
+//     ***使用说明**
+//
+//返回一组临时访问凭证，典型的应用场景是代理应用程序集中申请临时访问凭证，下发给企业网络内其他分布式终端应用，比如终端应用上传文件到COS场景，本接口仅支持永久密钥调用。
+//
+//**最佳实践**
+//
+//1. 临时访问凭据在有效期内都可以使用，建议在有效期内重复使用，以避免业务请求速率上升后被限频
+//2. 授予临时访问凭证权限的CAM策略，建议按权限最小化原则
+//3. 调用接口的永久密钥，建议不要使用主账号
+//     * @param req GetFederationTokenRequest
+//     * @return GetFederationTokenResponse
+//     * @throws TencentCloudSDKException
+//     */
+//    public GetFederationTokenResponse GetFederationToken(GetFederationTokenRequest req) throws TencentCloudSDKException{
+//        req.setSkipSign(false);
+//        return this.internalRequest(req, "GetFederationToken", GetFederationTokenResponse.class);
+//    }
+//
+//    /**
+//     *获取MFA临时证书
+//     * @param req GetSessionTokenRequest
+//     * @return GetSessionTokenResponse
+//     * @throws TencentCloudSDKException
+//     */
+//    public GetSessionTokenResponse GetSessionToken(GetSessionTokenRequest req) throws TencentCloudSDKException{
+//        req.setSkipSign(false);
+//        return this.internalRequest(req, "GetSessionToken", GetSessionTokenResponse.class);
+//    }
+//
+//    /**
+//     *拉取API密钥列表
+//     * @param req QueryApiKeyRequest
+//     * @return QueryApiKeyResponse
+//     * @throws TencentCloudSDKException
+//     */
+//    public QueryApiKeyResponse QueryApiKey(QueryApiKeyRequest req) throws TencentCloudSDKException{
+//        req.setSkipSign(false);
+//        return this.internalRequest(req, "QueryApiKey", QueryApiKeyResponse.class);
+//    }
+
+}

src/main/java/com/fdkankan/cloud/acl/factory/sts/CosStsHandler.java

@@ -0,0 +1,47 @@
+package com.fdkankan.cloud.acl.factory.sts;
+
+import com.fdkankan.cloud.acl.bean.StsBean;
+import com.fdkankan.cloud.acl.config.TencentConfig;
+import com.fdkankan.cloud.acl.config.TencentStsClient;
+import com.fdkankan.cloud.acl.entity.AppConfig;
+import com.fdkankan.common.util.DateExtUtil;
+import com.tencentcloudapi.sts.v20180813.models.AssumeRoleResponse;
+import com.tencentcloudapi.sts.v20180813.models.Credentials;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
+import org.springframework.stereotype.Component;
+import software.amazon.awssdk.services.sts.model.AssumeRoleRequest;
+
+import javax.annotation.Resource;
+import java.time.Instant;
+import java.time.ZoneId;
+import java.time.format.DateTimeFormatter;
+
+/**
+ * 初始化空间模型
+ */
+@ConditionalOnBean(value = TencentConfig.class)
+@Component
+public class CosStsHandler implements StsHandler {
+
+    @Resource
+    private TencentStsClient stsClient;
+
+    @Override
+    public StsBean init(AppConfig appConfig) {
+        AssumeRoleRequest roleRequest = AssumeRoleRequest.builder()
+                .roleArn(appConfig.getRoleArn())
+                .roleSessionName(appConfig.getRoleSessionName())
+                .durationSeconds(appConfig.getDurationSeconds().intValue())
+                .build();
+        AssumeRoleResponse roleResponse = stsClient.get(roleRequest);
+        Credentials myCreds = roleResponse.credentials();
+        String accessKeyId = myCreds.accessKeyId();
+        String accessKeySecret = myCreds.secretAccessKey();
+        String securityToken = myCreds.sessionToken();
+        Instant exTime = myCreds.expiration();
+        DateTimeFormatter dateFormat = DateTimeFormatter.ofPattern(DateExtUtil.dateStyle).withZone(ZoneId.systemDefault());
+        String expiration = dateFormat.format(exTime);
+
+        return StsBean.builder().accessKeyId(accessKeyId).accessKeySecret(accessKeySecret).securityToken(securityToken).expiration(expiration).expirTimestamp(exTime.getEpochSecond()).build();
+    }
+}