package org.springblade.modules.signature.util; import java.io.IOException; import java.util.HashMap; import java.util.Map; import javax.servlet.http.HttpServletRequest; import com.qcloud.cos.utils.Md5Utils; import liquibase.util.MD5Util; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.springblade.common.utils.Md5SignUtil; import org.springblade.modules.signature.entity.BaseSign; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; /** * 签名验证工具类 * @author arsn * @since 2022-03-10 */ @Slf4j public class SignUtils { public static String prodSign(BaseSign sign, String accessKeySecret) throws IOException { Map map = new HashMap<>(); map.put("sign",sign.getSign()); map.put("accessKeyId",sign.getAccessKeyId()); map.put("accessDate",sign.getAccessDate()); return Md5SignUtil.signRequest(map,accessKeySecret); } public static void checkSign(BaseSign signRo, SysApiCo apiCo) throws IOException { // 验证账号是否存在 checkAccessKey(apiCo); // 验证账号是否有效 checkStatus(apiCo); // 验证账号是否到期 checkVldToTm(apiCo); // 验证是否有接口访问权限 checkMethod(apiCo); // 验证访问时间是否有效 // checkAccessDate(signRo); // 验证签名是否有效 checkSign(signRo, apiCo.getAkSecret()); } private static void checkSign(BaseSign signRo, String accessKeySecret) throws IOException { String sign = prodSign(signRo, accessKeySecret); if (!StringUtils.equals(sign, signRo.getSign())) { } } private static void checkAccessKey(SysApiCo apiCo) { if (null == apiCo) { // BssExpUtils.error("用户密钥不存在", log); } } private static void checkStatus(SysApiCo apiCo) { // if (apiCo.getStatus() == SysApiEn.Status.DISABLE.cd()) { // BssExpUtils.error("用户密钥停用", log); // } } @SuppressWarnings("deprecation") private static void checkMethod(SysApiCo apiCo) { String methodStr = apiCo.getMethod(); if (StringUtils.isNotBlank(methodStr)) { // HttpServletRequest request = HttpRequestUtils.getHttpServletRequest(); ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes(); HttpServletRequest request = requestAttributes.getRequest(); String reqtMethod = StringUtils.replaceAll(StringUtils.substring(request.getRequestURI(), 1), "/", "."); methodStr = StringUtils.replaceAll(methodStr, ",", ","); String[] methods = StringUtils.split(methodStr, ","); boolean authz = false; for (String method : methods) { if (StringUtils.equals(StringUtils.trim(method), reqtMethod)) { authz = true; break; } } if (!authz) { // BssExpUtils.error("没有访问该方法权限", log); } } } private static void checkVldToTm(SysApiCo apiCo) { // Date vldToTm = apiCo.getVldToTm(); // if (null != vldToTm && DateUtils.compareMill(vldToTm, DateUtils.getCurrentTime()) > 0) { // BssExpUtils.error("账号到期", log); // } } }