API接口TOKEN认证完成

Signed-off-by: TanYibin <5491541@qq.com>

API接口TOKEN认证完成
Signed-off-by: TanYibin <5491541@qq.com>
谭毅彬
1 parent ca530b14
Showing 7 changed files with 339 additions and 8 deletions
huaheng-wms-core/src/main/java/org/jeecg/modules/wms/api/acs/controller/AcsController.java
huaheng-wms-core/src/main/java/org/jeecg/modules/wms/framework/aspectj/ApiAuthenticationAspect.java
huaheng-wms-core/src/main/java/org/jeecg/modules/wms/framework/aspectj/dto/ApiAuthentication.java
huaheng-wms-core/src/main/java/org/jeecg/modules/wms/framework/aspectj/dto/RSA256Key.java
huaheng-wms-core/src/main/java/org/jeecg/utils/HuahengJwtUtil.java
huaheng-wms-core/src/main/java/org/jeecg/utils/SecretKeyUtils.java
huaheng-wms-core/src/main/resources/application.yml
@@ -6,8 +6,10 @@ import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
  
 import org.jeecg.common.api.vo.Result;
+import org.jeecg.common.system.util.JwtUtil;
 import org.jeecg.modules.wms.api.acs.entity.AcsStatus;
 import org.jeecg.modules.wms.api.acs.service.IAcsService;
+import org.jeecg.modules.wms.framework.aspectj.PassApiAuthentication;
 import org.jeecg.modules.wms.framework.aspectj.lang.annotation.ApiLogger;
 import org.jeecg.modules.wms.framework.controller.HuahengBaseController;
 import org.jeecg.modules.wms.task.agvTask.service.IAgvTaskService;
@@ -36,8 +38,6 @@ public class AcsController extends HuahengBaseController {
     @ResponseBody
     @PostMapping(value = "/testTokenCheck")
     public Result<?> testTokenCheck(@RequestBody Map<String, String> paramMap, HttpServletRequest request) {
-        
-        
         return new Result<>();
     }
  
 package org.jeecg.modules.wms.framework.aspectj;
  
 import java.lang.reflect.Method;
+import java.util.Arrays;
  
 import javax.servlet.http.HttpServletRequest;
  
@@ -9,11 +10,22 @@ import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Before;
 import org.aspectj.lang.annotation.Pointcut;
 import org.aspectj.lang.reflect.MethodSignature;
+import org.jeecg.modules.wms.framework.aspectj.dto.RSA256Key;
+import org.jeecg.utils.HuahengJwtUtil;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.scheduling.annotation.EnableAsync;
 import org.springframework.stereotype.Component;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
  
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.JWTVerifier;
+import com.auth0.jwt.algorithms.Algorithm;
+import com.auth0.jwt.exceptions.JWTVerificationException;
+import com.auth0.jwt.interfaces.DecodedJWT;
+
+import cn.hutool.core.date.DatePattern;
+import cn.hutool.core.date.DateUtil;
 import lombok.extern.slf4j.Slf4j;
  
 /**
@@ -27,10 +39,11 @@ import lombok.extern.slf4j.Slf4j;
 @EnableAsync
 public class ApiAuthenticationAspect {
  
-    @Pointcut("execution(* org.jeecg.modules.wms.api..*.*(..)) " 
-        + "&& (@annotation(org.springframework.web.bind.annotation.RequestMapping) "
-        + "|| @annotation(org.springframework.web.bind.annotation.GetMapping) "
-        + "|| @annotation(org.springframework.web.bind.annotation.PostMapping))")
+    @Autowired
+    private RSA256Key rsa256Key;
+
+    @Pointcut("execution(* org.jeecg.modules.wms.api..*.*(..)) " + "&& (@annotation(org.springframework.web.bind.annotation.RequestMapping) "
+        + "|| @annotation(org.springframework.web.bind.annotation.GetMapping) " + "|| @annotation(org.springframework.web.bind.annotation.PostMapping))")
     public void executeController() {}
  
     /**
@@ -55,7 +68,14 @@ public class ApiAuthenticationAspect {
         ServletRequestAttributes attributes = (ServletRequestAttributes)RequestContextHolder.getRequestAttributes();
         HttpServletRequest request = attributes.getRequest();
         String token = request.getHeader("token");
-        log.info("开始校验Token:{}", token);
+        try {
+            Algorithm algorithm = Algorithm.RSA256(rsa256Key.getPublicKey(), rsa256Key.getPrivateKey());
+            JWTVerifier verifier = JWT.require(algorithm).withIssuer(HuahengJwtUtil.HUAHENG_SYSTEM_ID).build();
+            verifier.verify(token);
+        } catch (JWTVerificationException e) {
+            log.error("TOKEN认证失败：{}", e.getMessage());
+            throw e;
+        }
     }
  
     /**
+package org.jeecg.modules.wms.framework.aspectj.dto;
+
+import java.util.Date;
+
+import org.jeecg.utils.HuahengJwtUtil;
+
+import cn.hutool.core.date.DatePattern;
+import cn.hutool.core.date.DateUtil;
+import lombok.Data;
+
+/**
+ * 接口认证Token生成对象
+ * @author     TanYibin
+ * @createDate 2023年2月14日
+ */
+@Data
+public class ApiAuthentication {
+
+    /** Token提供方 */
+    private String operator;
+
+    /** Token使用方 */
+    private String audience; // 观众，相当于接受者
+
+    /** Token签发方（WMS） */
+    private String issuer = HuahengJwtUtil.HUAHENG_SYSTEM_ID;
+
+    /** 失效时间 */
+    private Date expireDateTime;
+
+}
+package org.jeecg.modules.wms.framework.aspectj.dto;
+
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+
+import org.jeecg.utils.SecretKeyUtils;
+import org.springframework.stereotype.Component;
+
+import lombok.Data;
+
+@Data
+@Component
+public class RSA256Key {
+
+    /** 第三方HTTP访问 公钥 */
+    private RSAPublicKey publicKey =
+        (RSAPublicKey)SecretKeyUtils.getPublicKey("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmYcmhWzpgLgWVD0j+uTyFvQW0BBktYVJmTRQvLlrKt4CHnkfQ4Dn"
+            + "SLaRXCcJK/TGgAY0BtnaKUgFBqqmTI9l82tpxEWqYRzp4KGRLnVA6/igidYib0JeBWroI6Bs0wR43fkSXA8XG+n32bVbmMTKNa9IFUJCzICVTEjQzMQrSAwIDAQAB");
+
+    /** 第三方HTTP访问 私钥 */
+    private RSAPrivateKey privateKey =
+        (RSAPrivateKey)SecretKeyUtils.getPrivateKey("MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKZhyaFbOmAuBZUPSP65PIW9BbQEGS1hUmZNFC8uWsq"
+            + "3gIeeR9DgOdItpFcJwkr9MaABjQG2dopSAUGqqZMj2Xza2nERaphHOngoZEudUDr+KCJ1iJvQl4FaugjoGzTBHjd+RJcDxcb6ffZtVuYxMo1r0gVQkLMgJVMSNDMxCtID"
+            + "AgMBAAECgYBhxluIMCVI+iKbqyTZVB/l8+PTGwl0qpmStr8iztnaASZODEzlya8Q/XNzFrAQA2TTQ7YKiKB2vqQwY8tNRab7jpR4t5WPApDVrMvjPfvqVvBsPzTYr2c08"
+            + "xMfqcj5HNzPLisb7Wvi7URSL4jIY/106lXN+9cJuMV0oDZzcAhaYQJBANdNMlSnzTDF8VQ7ETpzZQrF0UzlqKeKG0Pz/YeTXT4IjyBhzvaSOF3+hi1cWucrSU0xMUAR9F"
+            + "av+K1BlPTYW/MCQQDF1UqEAY7YGzpUZK311ECO12ysb0oMt2jTYMwmgPnfPZfctD6SlV3u/JtsgE+bN5dXwV0ktyfP/3vl395zGoWxAkEAt/bQMKGIpEoeILivyd/b0E6"
+            + "ivi/l4fIRxghu8y8plt29Xg/0xZ6+5yGaCJxHWAsWgQytZm9w9bk6pN/KpUNRnQJAbQS72oDNSdO/UhBlOOntZYnbTi7J3LYZoxpdhf5fNCFKFYqSTM7ZA8DamXEf7UY2"
+            + "NVrOTFROMTX1/dhfSojcEQJBALNxIrEP97uszxIc8oH2r7DfXzmhRMKuIvnBfmNe1TR" + "VLvh1G1SKIyCYUTStaQCFN0FcH//Fab+zPiAgDmXApWs=");
+}
 package org.jeecg.utils;
  
+import java.util.Arrays;
 import java.util.Date;
+import java.util.UUID;
  
 import javax.servlet.http.HttpServletRequest;
  
 import org.jeecg.common.exception.JeecgBootException;
 import org.jeecg.common.util.oConvertUtils;
+import org.jeecg.modules.wms.framework.aspectj.dto.ApiAuthentication;
+import org.jeecg.modules.wms.framework.aspectj.dto.RSA256Key;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.env.Environment;
  
 import com.auth0.jwt.JWT;
+import com.auth0.jwt.JWTVerifier;
 import com.auth0.jwt.algorithms.Algorithm;
 import com.auth0.jwt.exceptions.JWTDecodeException;
 import com.auth0.jwt.interfaces.DecodedJWT;
  
+import cn.hutool.core.date.DatePattern;
+import cn.hutool.core.date.DateUtil;
+import net.bytebuddy.asm.Advice.This;
+
 public class HuahengJwtUtil {
  
-    public static final long EXPIRE_TIME = -1;
+    /** token失效时间 1天 */
+    public static final long EXPIRE_TIME = 24 * 60 * 60 * 1000;
+
+    public static final String HUAHENG_SYSTEM_ID = "HUAHENG-WMS4-4.0.1";
  
     /**
      * 根据request中的token获取用户账号
@@ -87,6 +101,41 @@ public class HuahengJwtUtil {
     }
  
     /**
+     * 生成第三方系统HTTP访问TOKEN
+     * @author                       TanYibin
+     * @createDate                   2023年2月15日
+     * @param      apiAuthentication
+     * @param      algorithm
+     * @return
+     */
+    public static String sign(ApiAuthentication apiAuthentication, Algorithm algorithm) {
+        return JWT.create().withClaim("operator", apiAuthentication.getOperator()) // 创建Token 操作人
+            .withAudience(apiAuthentication.getAudience()) // Token 使用方
+            .withIssuer(apiAuthentication.getIssuer()) // Token 发布者
+            .withIssuedAt(DateUtil.date()) // 生成签名时间
+            .withExpiresAt(apiAuthentication.getExpireDateTime()) // 过期时间
+            .withJWTId(UUID.randomUUID().toString()).sign(algorithm);
+    }
+
+    /**
+     * 生成第三方系统HTTP访问TOKEN
+     * @author                       TanYibin
+     * @createDate                   2023年2月15日
+     * @param      apiAuthentication
+     * @return
+     */
+    public static String sign(ApiAuthentication apiAuthentication) {
+        RSA256Key rsa256Key = new RSA256Key(); // 获取公钥/私钥
+        Algorithm algorithm = Algorithm.RSA256(rsa256Key.getPublicKey(), rsa256Key.getPrivateKey());
+        return JWT.create().withClaim("operator", apiAuthentication.getOperator()) // 创建Token 操作人
+            .withAudience(apiAuthentication.getAudience()) // Token 使用方
+            .withIssuer(apiAuthentication.getIssuer()) // Token 发布者
+            .withIssuedAt(DateUtil.date()) // 生成签名时间
+            .withExpiresAt(apiAuthentication.getExpireDateTime()) // 过期时间
+            .withJWTId(UUID.randomUUID().toString()).sign(algorithm);
+    }
+
+    /**
      * 获得token中的信息无需secret解密也能获得
      * @return token中包含的用户名
      */
@@ -98,4 +147,35 @@ public class HuahengJwtUtil {
             return null;
         }
     }
+
+    /**
+     * 生成第三方系统HTTP访问TOKEN
+     * @author               TanYibin
+     * @createDate           2023年2月14日
+     * @param      args
+     * @throws     Exception
+     */
+    public static void main(String[] args) throws Exception {
+        ApiAuthentication apiAuthentication = new ApiAuthentication();
+        // 生成TOKEN必填参数
+        apiAuthentication.setOperator("TanYibin"); // Token提供方
+        apiAuthentication.setAudience("ACS001"); // Token使用方
+        apiAuthentication.setExpireDateTime(DateUtil.parse("2099-12-31 23:59:59", DatePattern.NORM_DATETIME_PATTERN)); // Token失效时间
+
+        String tokenString = sign(apiAuthentication);
+        System.out.println("HuahengJwtUtil.sign(apiAuthentication) Token:" + tokenString);
+
+        RSA256Key rsa256Key = new RSA256Key(); // 获取公钥/私钥
+        Algorithm algorithm = Algorithm.RSA256(rsa256Key.getPublicKey(), rsa256Key.getPrivateKey());
+        // Reusable verifier instance 可复用的验证实例
+        JWTVerifier verifier = JWT.require(algorithm).withIssuer(HuahengJwtUtil.HUAHENG_SYSTEM_ID).build();
+        DecodedJWT jwt = verifier.verify(tokenString);
+        System.out.println();
+        System.out.println("jwt.getId():" + jwt.getId());
+        System.out.println("jwt.getClaim(operator):" + jwt.getClaim("operator").asString());
+        System.out.println("jwt.getAudience():" + Arrays.toString(jwt.getAudience().toArray()));
+        System.out.println("jwt.getIssuer():" + jwt.getIssuer());
+        System.out.println("jwt.getIssuedAt():" + DateUtil.format(jwt.getIssuedAt(), DatePattern.NORM_DATETIME_PATTERN));
+        System.out.println("jwt.getExpiresAt():" + DateUtil.format(jwt.getExpiresAt(), DatePattern.NORM_DATETIME_PATTERN));
+    }
 }
+package org.jeecg.utils;
+
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.Base64;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.jeecg.modules.wms.framework.aspectj.dto.RSA256Key;
+
+import sun.misc.BASE64Decoder;
+import sun.misc.BASE64Encoder;
+
+/**
+ * KeyPairGenerator https://www.jianshu.com/p/4de1ee0e7206 key的生成使用方法
+ */
+@SuppressWarnings("restriction")
+public class SecretKeyUtils {
+
+    public static final String KEY_ALGORITHM = "RSA";
+    private static final String PUBLIC_KEY = "RSAPublicKey";
+    private static final String PRIVATE_KEY = "RSAPrivateKey";
+
+    private static RSA256Key rsa256Key;
+
+    // 获得公钥
+    public static String getPublicKey(Map<String, Object> keyMap) throws Exception {
+        // 获得map中的公钥对象 转为key对象
+        Key key = (Key)keyMap.get(PUBLIC_KEY);
+        // byte[] publicKey = key.getEncoded();
+        // 编码返回字符串
+        return encryptBASE64(key.getEncoded());
+    }
+
+    public static String getPublicKey(RSA256Key rsa256Key) throws Exception {
+        // 获得map中的公钥对象 转为key对象
+        Key key = rsa256Key.getPublicKey();
+        // byte[] publicKey = key.getEncoded();
+        // 编码返回字符串
+        return encryptBASE64(key.getEncoded());
+    }
+
+    // 获得私钥
+    public static String getPrivateKey(Map<String, Object> keyMap) throws Exception {
+        // 获得map中的私钥对象 转为key对象
+        Key key = (Key)keyMap.get(PRIVATE_KEY);
+        // byte[] privateKey = key.getEncoded();
+        // 编码返回字符串
+        return encryptBASE64(key.getEncoded());
+    }
+
+    // 获得私钥
+    public static String getPrivateKey(RSA256Key rsa256Key) throws Exception {
+        // 获得map中的私钥对象 转为key对象
+        Key key = rsa256Key.getPrivateKey();
+        // byte[] privateKey = key.getEncoded();
+        // 编码返回字符串
+        return encryptBASE64(key.getEncoded());
+    }
+
+    // 解码返回byte
+    public static byte[] decryptBASE64(String key) throws Exception {
+        return (new BASE64Decoder()).decodeBuffer(key);
+    }
+
+    // 编码返回字符串
+    public static String encryptBASE64(byte[] key) throws Exception {
+        return (new BASE64Encoder()).encodeBuffer(key);
+    }
+
+    // 使用KeyPairGenerator 生成公私钥，存放于map对象中
+    public static Map<String, Object> initKey() throws Exception {
+        /* RSA算法要求有一个可信任的随机数源 */
+        // 获得对象 KeyPairGenerator 参数 RSA 1024个字节
+        KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(KEY_ALGORITHM);
+        keyPairGen.initialize(1024);
+
+        // 通过对象 KeyPairGenerator 生成密匙对 KeyPair
+        KeyPair keyPair = keyPairGen.generateKeyPair();
+
+        // 通过对象 KeyPair 获取RSA公私钥对象RSAPublicKey RSAPrivateKey
+        RSAPublicKey publicKey = (RSAPublicKey)keyPair.getPublic();
+        RSAPrivateKey privateKey = (RSAPrivateKey)keyPair.getPrivate();
+
+        // 公私钥对象存入map中
+        Map<String, Object> keyMap = new HashMap<String, Object>(2);
+        keyMap.put(PUBLIC_KEY, publicKey);
+        keyMap.put(PRIVATE_KEY, privateKey);
+        return keyMap;
+    }
+
+    /**
+     * 获取公私钥
+     * @return
+     * @throws Exception
+     */
+    public static synchronized RSA256Key getRSA256Key() throws Exception {
+        if (rsa256Key == null) {
+            synchronized (RSA256Key.class) {
+                if (rsa256Key == null) {
+                    rsa256Key = new RSA256Key();
+                    Map<String, Object> map = initKey();
+                    rsa256Key.setPrivateKey((RSAPrivateKey)map.get(SecretKeyUtils.PRIVATE_KEY));
+                    rsa256Key.setPublicKey((RSAPublicKey)map.get(SecretKeyUtils.PUBLIC_KEY));
+                }
+            }
+        }
+        return rsa256Key;
+    }
+
+    /**
+     * 解码 PublicKey
+     * @param  key
+     * @return
+     */
+    public static PublicKey getPublicKey(String key) {
+        try {
+            byte[] byteKey = Base64.getDecoder().decode(key);
+            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(byteKey);
+            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+            return keyFactory.generatePublic(x509EncodedKeySpec);
+
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return null;
+    }
+
+    /**
+     * 解码 PrivateKey
+     * @param  key
+     * @return
+     */
+    public static PrivateKey getPrivateKey(String key) {
+        try {
+            byte[] byteKey = Base64.getDecoder().decode(key);
+            PKCS8EncodedKeySpec x509EncodedKeySpec = new PKCS8EncodedKeySpec(byteKey);
+            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+            return keyFactory.generatePrivate(x509EncodedKeySpec);
+
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return null;
+    }
+
+    public static void main(String[] args) {
+        Map<String, Object> keyMap;
+        try {
+            keyMap = initKey(); // 使用 java.security.KeyPairGenerator 生成 公/私钥
+            String publicKey = getPublicKey(keyMap);
+            System.out.println("公钥：\n" + publicKey);
+            String privateKey = getPrivateKey(keyMap);
+            System.out.println("私钥：\n" + privateKey);
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}
 \ No newline at end of file
@@ -3,3 +3,7 @@ spring:
     name: huaheng-wms-core
   profiles:
     active: test
+
+huaheng:
+  system:
+    Id: HUAHENG-WMS4-4.0.1