4dkankan-v4
/
4dkankan-center-cloud-acl


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174
							package com.fdkankan.cloud.acl.service.impl;

import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.date.DateTime;
import cn.hutool.core.date.DateUtil;
import cn.hutool.core.thread.ThreadUtil;
import cn.hutool.core.util.StrUtil;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.aliyun.oss.ClientBuilderConfiguration;
import com.aliyun.oss.OSS;
import com.aliyun.oss.OSSClient;
import com.aliyun.oss.OSSClientBuilder;
import com.aliyun.oss.common.auth.CredentialsProviderFactory;
import com.aliyun.oss.common.utils.BinaryUtil;
import com.aliyun.oss.model.MatchMode;
import com.aliyun.oss.model.PolicyConditions;
import com.aliyun.sts20150401.Client;
import com.aliyun.sts20150401.models.AssumeRoleRequest;
import com.aliyun.sts20150401.models.AssumeRoleResponse;
import com.aliyun.sts20150401.models.AssumeRoleResponseBody;
import com.aliyun.teautil.models.RuntimeOptions;
import com.aliyuncs.auth.EnvironmentVariableCredentialsProvider;
import com.fdkankan.cloud.acl.bean.StsBean;
import com.fdkankan.cloud.acl.constant.RedisKey;
import com.fdkankan.cloud.acl.entity.AppConfig;
import com.fdkankan.cloud.acl.service.IAppConfigService;
import com.fdkankan.cloud.acl.service.IStsService;
import com.fdkankan.common.constant.ErrorCode;
import com.fdkankan.common.constant.ServerCode;
import com.fdkankan.common.exception.BusinessException;
import com.fdkankan.common.util.DateExtUtil;
import com.fdkankan.redis.util.RedisUtil;
import com.mybatisflex.core.query.QueryWrapper;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import com.aliyun.tea.*;

import java.io.File;
import java.time.Instant;
import java.time.ZoneId;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
import java.util.*;
import java.util.concurrent.ThreadPoolExecutor;

@Slf4j
@Service
public class StsServiceImpl implements IStsService {

    @Autowired
    private IAppConfigService appConfigService;
    @Autowired
    private Client stsClient;
    @Autowired
    private RedisUtil redisUtil;

    public static void main(String[] args) throws Exception {

        // 工程代码泄露可能会导致 AccessKey 泄露，并威胁账号下所有资源的安全性。以下代码示例仅供参考，建议使用更安全的 STS 方式，更多鉴权访问方式请参见：https://help.aliyun.com/document_detail/378657.html。
        com.aliyun.teaopenapi.models.Config config =
                new com.aliyun.teaopenapi.models.Config()
                        // 必填，请确保代码运行环境设置了环境变量 ALIBABA_CLOUD_ACCESS_KEY_ID。
                        .setAccessKeyId("LTAI5tJnqRzcURptuSVnG57Z")
                        // 必填，请确保代码运行环境设置了环境变量 ALIBABA_CLOUD_ACCESS_KEY_SECRET。
                        .setAccessKeySecret("1RomdGaoay2ABIUVSHOMG5HclPWw8D")
                        .setEndpoint("sts.cn-shenzhen.aliyuncs.com");
        // Endpoint 请参考 https://api.aliyun.com/product/Sts
        Client stsClient = new Client(config);

        com.aliyun.sts20150401.models.AssumeRoleRequest assumeRoleRequest = new com.aliyun.sts20150401.models.AssumeRoleRequest()
                .setDurationSeconds(3600L)
                .setRoleArn("acs:ram::1899912233141089:role/server-sts")
                .setRoleSessionName("app_user");
        //设置权限，如果为空，则默认跟随rolearn的权限
//        if(StrUtil.isNotEmpty(appConfig.getPolicy())){
//            assumeRoleRequest.setPolicy(appConfig.getPolicy());
//        }

        for (int i = 0; i < 200; i++){
            new Thread(new Runnable() {
                @Override
                public void run() {
                    RuntimeOptions runtime = new RuntimeOptions();
                    AssumeRoleResponse resp = null;

                    while (Objects.isNull(resp)){
                        resp = get(assumeRoleRequest, runtime);
                        if(Objects.isNull(resp)){
                            try {
                                Thread.sleep(500L);
                            } catch (InterruptedException e) {
                                throw new RuntimeException(e);
                            }
                        }
                    }
                    System.out.println(JSON.toJSONString(resp));
                }
                public AssumeRoleResponse get(AssumeRoleRequest assumeRoleRequest, RuntimeOptions runtime){
                    AssumeRoleResponse assumeRoleResponse = null;
                    try {
                        assumeRoleResponse = stsClient.assumeRoleWithOptions(assumeRoleRequest, runtime);
                    } catch (Exception e) {
                        System.out.println("请求失败");
                    }
                    return assumeRoleResponse;
                }

            }).start();
        }
    }


    @Override
    public StsBean genAssumeRole(String appCode) {

        AppConfig appConfig = appConfigService.getByAppCode(appCode);

        com.aliyun.sts20150401.models.AssumeRoleRequest assumeRoleRequest = new com.aliyun.sts20150401.models.AssumeRoleRequest()
                .setRoleArn(appConfig.getRoleArn())
                .setRoleSessionName(appConfig.getRoleSessionName());
        //设置权限，如果为空，则默认跟随rolearn的权限
        if(StrUtil.isNotEmpty(appConfig.getPolicy())){
            assumeRoleRequest.setPolicy(appConfig.getPolicy());
        }
        if(Objects.nonNull(appConfig.getDurationSeconds())){
            assumeRoleRequest.setDurationSeconds(appConfig.getDurationSeconds());
        }

        com.aliyun.teautil.models.RuntimeOptions runtime = new com.aliyun.teautil.models.RuntimeOptions();
        com.aliyun.sts20150401.models.AssumeRoleResponse resp = null;
        int index = 1;
        while (Objects.isNull(resp)){
            try {
                resp = stsClient.assumeRoleWithOptions(assumeRoleRequest, runtime);
            } catch (Exception e) {
                log.error("请求阿里云sts接口失败", e);
            }
            if(++index > 10 || Objects.nonNull(resp)){
                break;
            }
            ThreadUtil.sleep(200L);
        }
        if(Objects.isNull(resp)){
            throw new BusinessException(ErrorCode.SYSTEM_BUSY);
        }

        String accessKeyId = resp.getBody().getCredentials().getAccessKeyId();
        String accessKeySecret = resp.getBody().getCredentials().getAccessKeySecret();
        String securityToken = resp.getBody().getCredentials().getSecurityToken();
        String expiration =  this.converToBjTime(resp.getBody().getCredentials().getExpiration());
        long expirTimestamp = DateUtil.parse(expiration, DateExtUtil.dateStyle).getTime()/1000;

        return StsBean.builder().accessKeyId(accessKeyId).accessKeySecret(accessKeySecret).securityToken(securityToken).expiration(expiration).expirTimestamp(expirTimestamp).build();

    }

    public String converToBjTime(String dateStr) {
        Instant utcTime = Instant.parse(dateStr);
        ZoneId beijingZoneId = ZoneId.of("Asia/Shanghai");
        ZonedDateTime beijingTime = utcTime.atZone(beijingZoneId);
        return beijingTime.format(DateTimeFormatter.ofPattern(DateExtUtil.dateStyle));
    }

    @Override
    public StsBean getAssumeRole(String appCode) {
        //调用阿里云接口生成
        StsBean stsBean = this.genAssumeRole(appCode);
        return stsBean;
    }
}