临时去除统一 api 签名校验
This commit is contained in:
chenbowen
@@ -256,10 +256,10 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
|
|||||||
|
|
||||||
String signatureType = resolveSignatureType(credential, security);
|
String signatureType = resolveSignatureType(credential, security);
|
||||||
try {
|
try {
|
||||||
boolean valid = CryptoSignatureUtils.verifySignature(signaturePayload, signatureType);
|
// boolean valid = CryptoSignatureUtils.verifySignature(signaturePayload, signatureType);
|
||||||
if (!valid) {
|
// if (!valid) {
|
||||||
throw new SecurityValidationException(HttpStatus.UNAUTHORIZED, "签名校验失败");
|
// throw new SecurityValidationException(HttpStatus.UNAUTHORIZED, "签名校验失败");
|
||||||
}
|
// }
|
||||||
} catch (IllegalArgumentException ex) {
|
} catch (IllegalArgumentException ex) {
|
||||||
throw new SecurityValidationException(HttpStatus.INTERNAL_SERVER_ERROR, "签名算法配置异常");
|
throw new SecurityValidationException(HttpStatus.INTERNAL_SERVER_ERROR, "签名算法配置异常");
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,9 +1,11 @@
|
|||||||
package com.zt.plat.module.databus.framework.integration.gateway.sample;
|
package com.zt.plat.module.databus.framework.integration.gateway.sample;
|
||||||
|
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||||
|
import com.fasterxml.jackson.core.type.TypeReference;
|
||||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
import com.zt.plat.framework.common.util.security.CryptoSignatureUtils;
|
import com.zt.plat.framework.common.util.security.CryptoSignatureUtils;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
import java.io.PrintStream;
|
import java.io.PrintStream;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.net.URLEncoder;
|
import java.net.URLEncoder;
|
||||||
@@ -26,13 +28,15 @@ import java.util.UUID;
|
|||||||
public final class DatabusApiInvocationExample {
|
public final class DatabusApiInvocationExample {
|
||||||
|
|
||||||
public static final String TIMESTAMP = Long.toString(System.currentTimeMillis());
|
public static final String TIMESTAMP = Long.toString(System.currentTimeMillis());
|
||||||
// private static final String APP_ID = "ztmy";
|
private static final String APP_ID = "ztmy";
|
||||||
// private static final String APP_SECRET = "zFre/nTRGi7LpoFjN7oQkKeOT09x1fWTyIswrc702QQ=";
|
private static final String APP_SECRET = "zFre/nTRGi7LpoFjN7oQkKeOT09x1fWTyIswrc702QQ=";
|
||||||
private static final String APP_ID = "test";
|
// private static final String APP_ID = "test";
|
||||||
private static final String APP_SECRET = "RSYtKXrXPLMy3oeh0cOro6QCioRUgqfnKCkDkNq78sI=";
|
// private static final String APP_SECRET = "RSYtKXrXPLMy3oeh0cOro6QCioRUgqfnKCkDkNq78sI=";
|
||||||
|
// private static final String APP_ID = "testAnnoy";
|
||||||
|
// private static final String APP_SECRET = "jyGCymUjCFL2i3a4Tm3qBIkUrUl4ZgKPYvOU/47ZWcM=";
|
||||||
private static final String ENCRYPTION_TYPE = CryptoSignatureUtils.ENCRYPT_TYPE_AES;
|
private static final String ENCRYPTION_TYPE = CryptoSignatureUtils.ENCRYPT_TYPE_AES;
|
||||||
|
private static final String TARGET_API = "http://172.16.46.63:30081/admin-api/databus/api/portal/lgstOpenApi/v1";
|
||||||
// private static final String TARGET_API = "http://127.0.0.1:48080/admin-api/databus/api/portal/lgstOpenApi/v1";
|
// private static final String TARGET_API = "http://127.0.0.1:48080/admin-api/databus/api/portal/lgstOpenApi/v1";
|
||||||
private static final String TARGET_API = "http://127.0.0.1:48080/admin-api/databus/api/portal/test11111/233";
|
|
||||||
private static final HttpClient HTTP_CLIENT = HttpClient.newBuilder()
|
private static final HttpClient HTTP_CLIENT = HttpClient.newBuilder()
|
||||||
.connectTimeout(Duration.ofSeconds(5))
|
.connectTimeout(Duration.ofSeconds(5))
|
||||||
.build();
|
.build();
|
||||||
@@ -50,19 +54,20 @@ public final class DatabusApiInvocationExample {
|
|||||||
|
|
||||||
public static void main(String[] args) throws Exception {
|
public static void main(String[] args) throws Exception {
|
||||||
OUT.println("=== GET 请求示例 ===");
|
OUT.println("=== GET 请求示例 ===");
|
||||||
executeGetExample();
|
// executeGetExample();
|
||||||
// OUT.println();
|
// OUT.println();
|
||||||
// OUT.println("=== POST 请求示例 ===");
|
// OUT.println("=== POST 请求示例 ===");
|
||||||
// executePostExample();
|
executePostExample();
|
||||||
}
|
}
|
||||||
|
|
||||||
private static void executeGetExample() throws Exception {
|
private static void executeGetExample() throws Exception {
|
||||||
Map<String, Object> queryParams = new LinkedHashMap<>();
|
Map<String, Object> queryParams = new LinkedHashMap<>();
|
||||||
queryParams.put("businessCode", "waybillUnLoadingImage");
|
queryParams.put("businessCode", "11");
|
||||||
queryParams.put("fileId", "1979463299195412481");
|
queryParams.put("fileId", "11");
|
||||||
String signature = generateSignature(queryParams, Map.of());
|
queryParams.put("null", null);
|
||||||
|
String signature = ZTJGCryptoSignatureUtils.generateSignature(queryParams, Map.of(), APP_ID, TIMESTAMP);
|
||||||
URI requestUri = buildUri(TARGET_API, queryParams);
|
URI requestUri = buildUri(TARGET_API, queryParams);
|
||||||
String nonce = randomNonce();
|
String nonce = "171615676c7d4d96b9f55f3d90ad27e0";
|
||||||
|
|
||||||
HttpRequest request = HttpRequest.newBuilder(requestUri)
|
HttpRequest request = HttpRequest.newBuilder(requestUri)
|
||||||
.timeout(Duration.ofSeconds(10))
|
.timeout(Duration.ofSeconds(10))
|
||||||
@@ -81,19 +86,15 @@ public final class DatabusApiInvocationExample {
|
|||||||
private static void executePostExample() throws Exception {
|
private static void executePostExample() throws Exception {
|
||||||
Map<String, Object> queryParams = new LinkedHashMap<>();
|
Map<String, Object> queryParams = new LinkedHashMap<>();
|
||||||
|
|
||||||
LinkedHashMap<String, Object> bodyParams = new LinkedHashMap<>();
|
long extraTimestamp = 1761556157185L;
|
||||||
bodyParams.put("businessCode", "waybillUnLoadingImage");
|
String bodyJson = String.format("""
|
||||||
bodyParams.put("fileId", "1979463299195412481");
|
{"operateFlag":"I","__interfaceType__":"R_MY_JY_03","data":{"endAddressName":"1","customerCompanyName":"中铜国贸","endAddressDetail":"测试地址","remark":" ","custSuppType":"1","shipperCompanyName":"中铜国贸","consigneeCorpCode":" ","consignerContactPhone":" 11","importFlag":"10","businessSupplierCode":" ","entrustMainCode":"WT3162251027027","endAddressCode":" ","specifyCarrierCorpCode":"10086689","materDetail":[{"detailStatus":"10","batchNo":"ZLTD2510ZTGM0017001","measureCodeMdm":"CU032110001","packType":" ","quantityPlanDetail":1,"deliveryOrderNo":"ZLTD2510ZTGM0017001","measureCode":"CU032110001","goodsSpecification":" ","measureUnitCode":"PAC","entrustDetailCode":"WT3162251027027001","brand":" ","soNumber":"68ecf0055502d565d22b378a"}],"operateFlag":1,"custSuppName":"上海锦生金属有限公司","startAddressCode":" ","planStartTime":1761556166000,"customerCompanyCode":0,"importMethod":"EXW","startAddressType":"10","shipperCompanyCode":"3162","deliverCondition":"20","businessSupplierName":" ","startAddressDetail":" 111","transType":"30","endAddressType":"20","planEndTime":1761556166000,"specifyCarrierCorpName":null,"custSuppFlag":"0101","businessType":"20","consigneeCorpName":" ","custSuppCode":"10086689","startAddressName":" 111","consignerContactName":" 11"},"datetime":"20251027170929","busiBillCode":"WT3162251027027","system":"BRMS","__requestId__":"f918841c-14fb-49eb-9640-c5d1b3d46bd1"}
|
||||||
|
""", extraTimestamp);
|
||||||
LinkedHashMap<String, Object> extra = new LinkedHashMap<>();
|
|
||||||
extra.put("remark", "demo invocation");
|
|
||||||
extra.put("timestamp", System.currentTimeMillis());
|
|
||||||
bodyParams.put("extra", extra);
|
|
||||||
|
|
||||||
|
Map<String, Object> bodyParams = parseBodyJson(bodyJson);
|
||||||
String signature = generateSignature(queryParams, bodyParams);
|
String signature = generateSignature(queryParams, bodyParams);
|
||||||
URI requestUri = buildUri(TARGET_API, queryParams);
|
URI requestUri = buildUri(TARGET_API, queryParams);
|
||||||
String nonce = randomNonce();
|
String nonce = randomNonce();
|
||||||
String bodyJson = OBJECT_MAPPER.writeValueAsString(bodyParams);
|
|
||||||
String cipherBody = encryptPayload(bodyJson);
|
String cipherBody = encryptPayload(bodyJson);
|
||||||
OUT.println("原始 Request Body: " + bodyJson);
|
OUT.println("原始 Request Body: " + bodyJson);
|
||||||
OUT.println("加密 Request Body: " + cipherBody);
|
OUT.println("加密 Request Body: " + cipherBody);
|
||||||
@@ -172,7 +173,10 @@ public final class DatabusApiInvocationExample {
|
|||||||
}
|
}
|
||||||
canonical.append(key).append('=').append(value);
|
canonical.append(key).append('=').append(value);
|
||||||
});
|
});
|
||||||
return md5Hex(canonical.toString());
|
OUT.println("原始 签名串: " + canonical);
|
||||||
|
String md5Hex = md5Hex(canonical.toString());
|
||||||
|
OUT.println("原始签名: " + md5Hex);
|
||||||
|
return md5Hex;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static Object normalizeValue(Object value) {
|
private static Object normalizeValue(Object value) {
|
||||||
@@ -189,6 +193,17 @@ public final class DatabusApiInvocationExample {
|
|||||||
return value;
|
return value;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static Map<String, Object> parseBodyJson(String bodyJson) {
|
||||||
|
if (bodyJson == null || bodyJson.isBlank()) {
|
||||||
|
return Map.of();
|
||||||
|
}
|
||||||
|
try {
|
||||||
|
return OBJECT_MAPPER.readValue(bodyJson, new TypeReference<Map<String, Object>>() { });
|
||||||
|
} catch (IOException ex) {
|
||||||
|
throw new IllegalArgumentException("Failed to parse request body JSON", ex);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
private static String md5Hex(String input) {
|
private static String md5Hex(String input) {
|
||||||
try {
|
try {
|
||||||
MessageDigest digest = MessageDigest.getInstance("MD5");
|
MessageDigest digest = MessageDigest.getInstance("MD5");
|
||||||
|
|||||||
Reference in New Issue
Block a user