|
|
@@ -2,6 +2,7 @@ package com.fdkankan.ucenter.aop;
|
|
|
|
|
|
import com.alibaba.fastjson.JSONObject;
|
|
|
import com.fdkankan.redis.util.RedisUtil;
|
|
|
+import com.fdkankan.sign.RsaUtils;
|
|
|
import com.fdkankan.sign.SignUtils;
|
|
|
import com.fdkankan.ucenter.annotation.VerifySign;
|
|
|
import com.fdkankan.ucenter.common.constants.ResultCode;
|
|
|
@@ -44,7 +45,6 @@ public class SignVerifyAspect {
|
|
|
String sign = request.getHeader(verifySign.signParam().toLowerCase());
|
|
|
String appId = request.getHeader(verifySign.appId().toLowerCase());
|
|
|
|
|
|
- log.info("verifySign--requestPath:{},sign:{},appId:{}",request.getRequestURL(),sign,appId);
|
|
|
AppSecret byAppId = null;
|
|
|
if(redisUtil.hasKey("ucenter:sign:appid:"+appId)){
|
|
|
byAppId = JSONObject.parseObject(redisUtil.get("ucenter:sign:appid:"+appId),AppSecret.class);
|
|
|
@@ -52,9 +52,11 @@ public class SignVerifyAspect {
|
|
|
byAppId = appSecretService.getByAppId(appId);
|
|
|
}
|
|
|
if(byAppId == null){
|
|
|
+ log.info("verifySign--requestPath:{},sign:{},appId:{}",request.getRequestURL(),sign,appId);
|
|
|
throw new BusinessException(ResultCode.SIGN_ERROR);
|
|
|
}
|
|
|
- if(!SignUtils.checkSign(sign,appId,byAppId.getPrivateKey())){
|
|
|
+ if(!checkSign(sign,appId,byAppId.getPrivateKey())){
|
|
|
+ log.info("verifySign-checkSign-error-requestPath:{},sign:{},appId:{}",request.getRequestURL(),sign,appId);
|
|
|
throw new BusinessException(ResultCode.SIGN_ERROR);
|
|
|
}
|
|
|
if(!redisUtil.hasKey("ucenter:sign:appid:"+appId)){
|
|
|
@@ -63,4 +65,39 @@ public class SignVerifyAspect {
|
|
|
return joinPoint.proceed();
|
|
|
}
|
|
|
|
|
|
+
|
|
|
+ public static Boolean checkSign(String sign,String appIdValue,String privateKey) {
|
|
|
+ try {
|
|
|
+ if(StringUtils.isBlank(sign)){
|
|
|
+ log.info("checkSign-blank-sign:{},appId:{},privateKey:{}",sign,appIdValue,privateKey);
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+ String deTxt = RsaUtils.decipher(sign, privateKey);
|
|
|
+ if(StringUtils.isBlank(deTxt)){
|
|
|
+ log.info("checkSign-blank-deTxt-sign:{},appId:{},privateKey:{}",sign,appIdValue,privateKey);
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+ org.json.JSONObject jsonObject = new org.json.JSONObject(deTxt);
|
|
|
+ String appId = jsonObject.getString("appId");
|
|
|
+ Long timestamp = jsonObject.getLong("timestamp");
|
|
|
+ if(StringUtils.isBlank(appId) || timestamp == null){
|
|
|
+ log.info("checkSign-appid-isBlank-sign:{},appId:{},privateKey:{}",sign,appIdValue,privateKey);
|
|
|
+
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+ if(!appId.equals(appIdValue)){
|
|
|
+ log.info("checkSign-appid-equals-sign:{},appId:{},appIdValue:{},privateKey:{}",sign,appId,appIdValue,privateKey);
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+ Long time = new Date().getTime();
|
|
|
+ if(time< timestamp || time -timestamp >1000 * 60 *5){
|
|
|
+ log.info("checkSign-time--sign:{},appId:{},appIdValue:{},privateKey:{}",sign,appId,appIdValue,privateKey);
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+ return true;
|
|
|
+ }catch (Exception e){
|
|
|
+ log.info("checkSign-blank-deTxt-sign:{},appId:{},privateKey:{}",sign,appIdValue,privateKey,e);
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+ }
|
|
|
}
|
lyhzzz