|
|
@@ -1,7 +1,10 @@
|
|
|
package com.td.WaDa.aspect;
|
|
|
|
|
|
+import cn.hutool.crypto.asymmetric.KeyType;
|
|
|
+import cn.hutool.crypto.asymmetric.RSA;
|
|
|
import com.td.WaDa.annotation.Decrypt;
|
|
|
import com.td.WaDa.annotation.Encrypt;
|
|
|
+import com.td.WaDa.common.pojo.ParameterRequestWrapper;
|
|
|
import com.td.WaDa.common.pojo.Result;
|
|
|
import com.td.WaDa.util.*;
|
|
|
import com.fasterxml.jackson.databind.DeserializationFeature;
|
|
|
@@ -23,6 +26,7 @@ import javax.servlet.http.HttpServletRequest;
|
|
|
import java.lang.annotation.Annotation;
|
|
|
import java.lang.reflect.Method;
|
|
|
import java.text.SimpleDateFormat;
|
|
|
+import java.util.HashMap;
|
|
|
|
|
|
/**
|
|
|
* AES + RSA 加解密AOP处理
|
|
|
@@ -42,31 +46,27 @@ public class SafetyAspect {
|
|
|
this.jwtTokenUtil = jwtTokenUtil;
|
|
|
this.tokenHeader = tokenHeader;
|
|
|
}
|
|
|
+
|
|
|
/**
|
|
|
* Pointcut 切入点
|
|
|
- * 匹配
|
|
|
- * com.td.boss.sys.*.controller、
|
|
|
- * com.td.boss.*.controller包下面的所有方法
|
|
|
- * "execution(public * com.td.boss.*.controller.*.*(..))" && ! execution(public * com.td.boss.game.*.controller.*.*(..))
|
|
|
- *
|
|
|
- * 下面需要验证加密
|
|
|
- * "execution(public * com.td.boss.game.*.controller.*.*(..))"
|
|
|
*/
|
|
|
@Pointcut(value = "execution(public * com.td.WaDa.sys.*.controller.*.*(..)) || " +
|
|
|
- "execution(public * com.td.WaDa.*.controller.*.*(..))")
|
|
|
- public void safetyAspect() {}
|
|
|
+ "execution(public * com.td.WaDa.*.controller.*.*(..))||" +
|
|
|
+ "execution(public * com.td.WaDa.game.*.controller.*.*(..))")
|
|
|
+ public void safetyAspect() {
|
|
|
+ }
|
|
|
|
|
|
/**
|
|
|
* 环绕通知
|
|
|
*/
|
|
|
@Around(value = "safetyAspect()")
|
|
|
public Object around(ProceedingJoinPoint pjp) {
|
|
|
- try {
|
|
|
+ try {
|
|
|
log.info("---------------进入aop---------------");
|
|
|
- //判断api加密开关是否开启 SysSettingUtil.getSysSetting()
|
|
|
- if("N".equals(redisSettingMap.getSysSettingMap().getSysApiEncrypt())){
|
|
|
- return pjp.proceed(pjp.getArgs());
|
|
|
- }
|
|
|
+ //判断api加密开关是否开启 SysSettingUtil.getSysSetting()
|
|
|
+ if ("N".equals(redisSettingMap.getSysSettingMap().getSysApiEncrypt())) {
|
|
|
+ return pjp.proceed(pjp.getArgs());
|
|
|
+ }
|
|
|
|
|
|
|
|
|
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
|
|
|
@@ -105,7 +105,7 @@ public class SafetyAspect {
|
|
|
//jackson
|
|
|
ObjectMapper mapper = new ObjectMapper();
|
|
|
//jackson 序列化和反序列化 date处理
|
|
|
- mapper.setDateFormat( new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"));
|
|
|
+ mapper.setDateFormat(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"));
|
|
|
|
|
|
//执行方法之前解密,且只拦截post请求
|
|
|
if ("post".equals(httpMethod) && hasDecrypt) {
|
|
|
@@ -115,26 +115,30 @@ public class SafetyAspect {
|
|
|
String aesKey = request.getParameter("aesKey");
|
|
|
//前端公钥
|
|
|
publicKey = request.getParameter("publicKey");
|
|
|
-
|
|
|
log.info("前端公钥:" + publicKey);
|
|
|
-
|
|
|
//后端私钥解密的到AES的key
|
|
|
- byte[] plaintext = RsaUtil.decryptByPrivateKey(Base64.decodeBase64(aesKey), RsaUtil.getPrivateKey());
|
|
|
+ //切换一个方式
|
|
|
+ log.info(redisSettingMap.getRSAPrivateKeyBase64());
|
|
|
+ RSA rsa = new RSA(redisSettingMap.getRSAPrivateKeyBase64(), null);
|
|
|
+ byte[] plaintext = rsa.decrypt(Base64.decodeBase64(aesKey), KeyType.PrivateKey);
|
|
|
+ //byte[] plaintext = RsaUtil.decryptByPrivateKey(Base64.decodeBase64(aesKey), RsaUtil.getPrivateKey());
|
|
|
aesKey = new String(plaintext);
|
|
|
log.info("解密出来的AES的key:" + aesKey);
|
|
|
-
|
|
|
-
|
|
|
//AES解密得到明文data数据
|
|
|
String decrypt = AesUtil.decrypt(data, aesKey);
|
|
|
log.info("解密出来的data数据:" + decrypt);
|
|
|
-
|
|
|
//设置到方法的形参中,目前只能设置只有一个参数的情况
|
|
|
mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
|
|
|
-
|
|
|
//注:参数最好用Vo对象来接参,单用String来接,args有长度但获取为空,很奇怪不知道为什么
|
|
|
- if(args.length > 0){
|
|
|
+ if (args.length > 0) {
|
|
|
args[0] = mapper.readValue(decrypt, args[0].getClass());
|
|
|
}
|
|
|
+ //HashMap hashMap = mapper.readValue(decrypt, HashMap.class);
|
|
|
+ //ParameterRequestWrapper parameterRequestWrapper = new ParameterRequestWrapper(request);
|
|
|
+ //for (Object key : hashMap.keySet()) {
|
|
|
+ // parameterRequestWrapper.addParameter(String.valueOf(key), hashMap.get(key));
|
|
|
+ //}
|
|
|
+ //request = (HttpServletRequest) parameterRequestWrapper;
|
|
|
}
|
|
|
|
|
|
//执行并替换最新形参参数 PS:这里有一个需要注意的地方,method方法必须是要public修饰的才能设置值,private的设置不了
|
|
|
@@ -151,8 +155,10 @@ public class SafetyAspect {
|
|
|
String data = AesUtil.encrypt(dataString, key);
|
|
|
|
|
|
//用前端的公钥来解密AES的key,并转成Base64
|
|
|
- String aesKey = Base64.encodeBase64String(RsaUtil.encryptByPublicKey(key.getBytes(), publicKey));
|
|
|
-
|
|
|
+ //String aesKey = Base64.encodeBase64String(RsaUtil.encryptByPublicKey(key.getBytes(), publicKey));
|
|
|
+ //切换一个方式
|
|
|
+ RSA rsa = new RSA(null, publicKey);
|
|
|
+ String aesKey = Base64.encodeBase64String(rsa.encrypt(key.getBytes(), KeyType.PublicKey));
|
|
|
//转json字符串并转成Object对象,设置到Result中并赋值给返回值o
|
|
|
o = Result.of(mapper.readValue("{\"data\":\"" + data + "\",\"aesKey\":\"" + aesKey + "\"}", Object.class));
|
|
|
}
|
|
|
@@ -161,8 +167,8 @@ public class SafetyAspect {
|
|
|
return o;
|
|
|
|
|
|
} catch (Throwable e) {
|
|
|
- //输出到日志文件中
|
|
|
- log.error(ErrorUtil.errorInfoToString(e));
|
|
|
+ //输出到日志文件中
|
|
|
+ log.error(ErrorUtil.errorInfoToString(e));
|
|
|
return Result.of(null, false, "加解密异常:\n\t" + e.getMessage());
|
|
|
}
|
|
|
}
|