package org.springblade.modules.signature.util;
|
|
import java.io.IOException;
|
import java.util.HashMap;
|
import java.util.Map;
|
|
import javax.servlet.http.HttpServletRequest;
|
|
import com.qcloud.cos.utils.Md5Utils;
|
import liquibase.util.MD5Util;
|
import lombok.extern.slf4j.Slf4j;
|
import org.apache.commons.lang3.StringUtils;
|
import org.springblade.common.utils.Md5SignUtil;
|
import org.springblade.modules.signature.entity.BaseSign;
|
import org.springframework.web.context.request.RequestContextHolder;
|
import org.springframework.web.context.request.ServletRequestAttributes;
|
|
/**
|
* 签名验证工具类
|
* @author arsn
|
* @since 2022-03-10
|
*/
|
@Slf4j
|
public class SignUtils {
|
|
public static String prodSign(BaseSign sign, String accessKeySecret) throws IOException {
|
Map<String, Object> map = new HashMap<>();
|
map.put("sign",sign.getSign());
|
map.put("accessKeyId",sign.getAccessKeyId());
|
map.put("accessDate",sign.getAccessDate());
|
return Md5SignUtil.signRequest(map,accessKeySecret);
|
}
|
|
public static void checkSign(BaseSign signRo, SysApiCo apiCo) throws IOException {
|
// 验证账号是否存在
|
checkAccessKey(apiCo);
|
// 验证账号是否有效
|
checkStatus(apiCo);
|
// 验证账号是否到期
|
checkVldToTm(apiCo);
|
// 验证是否有接口访问权限
|
checkMethod(apiCo);
|
// 验证访问时间是否有效
|
// checkAccessDate(signRo);
|
// 验证签名是否有效
|
checkSign(signRo, apiCo.getAkSecret());
|
}
|
|
private static void checkSign(BaseSign signRo, String accessKeySecret) throws IOException {
|
String sign = prodSign(signRo, accessKeySecret);
|
if (!StringUtils.equals(sign, signRo.getSign())) {
|
|
}
|
}
|
|
private static void checkAccessKey(SysApiCo apiCo) {
|
if (null == apiCo) {
|
// BssExpUtils.error("用户密钥不存在", log);
|
}
|
}
|
|
private static void checkStatus(SysApiCo apiCo) {
|
// if (apiCo.getStatus() == SysApiEn.Status.DISABLE.cd()) {
|
// BssExpUtils.error("用户密钥停用", log);
|
// }
|
}
|
|
@SuppressWarnings("deprecation")
|
private static void checkMethod(SysApiCo apiCo) {
|
String methodStr = apiCo.getMethod();
|
if (StringUtils.isNotBlank(methodStr)) {
|
// HttpServletRequest request = HttpRequestUtils.getHttpServletRequest();
|
ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
|
HttpServletRequest request = requestAttributes.getRequest();
|
String reqtMethod = StringUtils.replaceAll(StringUtils.substring(request.getRequestURI(), 1), "/", ".");
|
|
methodStr = StringUtils.replaceAll(methodStr, ",", ",");
|
String[] methods = StringUtils.split(methodStr, ",");
|
boolean authz = false;
|
for (String method : methods) {
|
if (StringUtils.equals(StringUtils.trim(method), reqtMethod)) {
|
authz = true;
|
break;
|
}
|
}
|
if (!authz) {
|
// BssExpUtils.error("没有访问该方法权限", log);
|
}
|
}
|
}
|
|
private static void checkVldToTm(SysApiCo apiCo) {
|
// Date vldToTm = apiCo.getVldToTm();
|
// if (null != vldToTm && DateUtils.compareMill(vldToTm, DateUtils.getCurrentTime()) > 0) {
|
// BssExpUtils.error("账号到期", log);
|
// }
|
}
|
}
|