package com.sf.sms.util.utils;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
/**
* <pre>
* Base64 加解密
* </pre>
* @author 730882
* @version 1.0, 2013-7-22
*/
public class Base64Coder {
private final static String CODING = "UTF-8";
private final static String KEY_MODUL = "DES";
private final static String KEY_SECRET = "DES/ECB/PKCS5Padding";
private final static String[][] REPLACE_CHAR = new String[][]{{"+","*"},{"/","-"},{"=","_"}};
//采用DES算法进行加密,返回加密结果的Base64编码字符串,密码模式为ECB
public static String encrypt(String message, String key) throws Exception {
DESKeySpec desKeySpec = new DESKeySpec(key.getBytes(CODING));
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(KEY_MODUL);
SecretKey secretKey = keyFactory.generateSecret(desKeySpec);
//IvParameterSpec iv = new IvParameterSpec("".getBytes(CODING));
Cipher cipher = Cipher.getInstance(KEY_SECRET);
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] bytes = cipher.doFinal(message.getBytes(CODING));
return encryptBase64(bytes);
}
//采用DES算法进行解密,返回加密之前的原文,密码模式为ECB
public static String decrypt(String message, String key) throws Exception {
byte[] bytesrc = decryptBase64(message);
DESKeySpec desKeySpec = new DESKeySpec(key.getBytes(CODING));
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(KEY_MODUL);
SecretKey secretKey = keyFactory.generateSecret(desKeySpec);
//IvParameterSpec iv = new IvParameterSpec(key.getBytes(CODING));
Cipher cipher = Cipher.getInstance(KEY_SECRET);
cipher.init(Cipher.DECRYPT_MODE, secretKey);
byte[] retByte = cipher.doFinal(bytesrc);
return new String(retByte, CODING);
}
//替换加解密特殊字符
private static String encryptReplace(String str,boolean type) {
if(str == null) return str;
int i=0,j=1;
if(!type){
i=1;
j=0;
}
for(String[] sArr : REPLACE_CHAR){
str = str.replace(sArr[i], sArr[j]);
}
return str.replaceAll("\\r\\n","").replaceAll("\\n", "");
}
private static String encryptBase64(byte[] b) throws Exception {
return encryptReplace(new BASE64Encoder().encodeBuffer(b), true);
}
private static byte[] decryptBase64(String s) throws Exception {
return new BASE64Decoder().decodeBuffer(encryptReplace(s, false));
}
}
package com.sf.sms.controller.schedule;
import java.util.List;
import javax.annotation.Resource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import com.sf.erui.common.exception.SfopenRuntimeException;
import com.sf.sms.ReadResourceFile;
import com.sf.sms.constant.ScheduleConstant;
import com.sf.sms.domain.config.Config;
import com.sf.sms.service.config.ConfigService;
import com.sf.sms.service.system.SysUserService;
import com.sf.sms.util.utils.Base64Coder;
@Component
public class ScheduleUtil {
private static final Logger logger = LoggerFactory.getLogger(ScheduleUtil.class);
@Resource
private SysUserService sysUserService;
@Resource
private ConfigService configService;
private static String key = ReadResourceFile.getConfigurationInfoByKey(ScheduleConstant.SMS_USER_RIGHT_KEY);
/**
* 加密对比
* @params ScheduleUtil.java
* @method isOk
* @param message
* @param userCode
* @return
* @throws Exception
*/
public static boolean isOk(String message,String userCode) throws Exception{
if(key == null){
throw new SfopenRuntimeException(" 没有配置地址: sms_user_right_key");
}
String keyValueToM = Base64Coder.decrypt(userCode,key);
return keyValueToM.equals(message);
}
/**
*
* @params ScheduleUtil.java
* @method isOk
* @param message 密文
* @param userCode 铭文 用户工号
* @param sysUserCode 系统用户工号
* @return
* @throws Exception
*/
public static boolean isOk(String message,String userCode,String sysUserCode) throws Exception{
if(key == null){
throw new SfopenRuntimeException(" 没有配置地址: sms_user_right_key");
}
String deKey = sysUserCode + key;
String keyValueToM = Base64Coder.encrypt(userCode,deKey);
return keyValueToM.equals(message);
}
/**
* 获取加密后的用户
* @params ScheduleUtil.java
* @method decryptCode
* @param message
* @return userCode 铭文 用户工号
* @throws Exception
*/
public static String decryptCode(String message) throws Exception{
if(key == null){
throw new SfopenRuntimeException(" 没有配置地址: sms_user_right_key");
}
String userCode = Base64Coder.decrypt(message,key);
logger.info("decryptCode userCode:"+userCode);
return userCode;
}
/**
* 加密用户工号
* @params ScheduleUtil.java
* @method encryptCode
* @param userCode 铭文用户名
* @param key
* @return 返回密文
* @throws Exception
*/
public static String encryptCode(String userCode) throws Exception{
if(key == null){
throw new SfopenRuntimeException(" 没有配置地址: sms_user_right_key");
}
String message = Base64Coder.encrypt(userCode,key);
logger.info("encryptCode message:"+message);
return message;
}
/**
* 获取加密后的用户 登陆用户加密动态
* @params ScheduleUtil.java
* @method decryptCodes
* @param message
* @param sysUserCode
* @return userCode 铭文 用户工号
* @throws Exception
*/
public static String decryptCodes(String message,String sysUserCode) throws Exception{
if(key == null){
throw new SfopenRuntimeException(" 没有配置地址: sms_user_right_key");
}
String deKey = sysUserCode + key;
String userCode = Base64Coder.decrypt(message,deKey);
logger.info("decryptCode userCode:"+userCode);
return userCode;
}
/**
* 加密用户工号
* @params ScheduleUtil.java
* @method encryptCode
* @param userCode 铭文用户名
* @param sysUserCode 动态用户加密
* @param key
* @return message 返回密文
* @throws Exception
*/
public static String encryptCodeBySysCode(String userCode,String sysUserCode) throws Exception{
if(key == null){
throw new SfopenRuntimeException(" 没有配置地址: sms_user_right_key");
}
String deKey = sysUserCode + key;
String message = Base64Coder.encrypt(userCode,deKey);
logger.info("encryptCode message:"+message);
return message;
}
}
@RequestMapping("/getUserData")
@ResponseBody
public Response getScheduleRigthDate(@RequestBody ScheduleRightUser command) throws Exception {
boolean isUser = false;
String rightUser = command.getUserCode();// 权限下属用户
String loginUser = UserContext.getCurrentUserName();// 当前登录用户
String userMessage = command.getUserMessage();
isUser = ScheduleUtil.isOk(userMessage, rightUser, loginUser);
// 判断传入进来的当前登录工号是否为当前登录工号
if (!isUser) {
return ResponseUtil.buildFail("传入的登录工号参数与当前登录系统中的工号不匹配");
}
Date sdate = new Date(command.getStartDate());
Date edate = new Date(command.getEndDate());
Map<String, Object> dataMap = new HashMap<>();
List<ScheduleTaskDTO> scheduleTaskDTOs = new ArrayList<>();
List<MeetingDto> meetingDtos = new ArrayList<>();
if ("M".equals(command.getType()) || "A".equals(command.getType())) {
List<Meeting> meetings = meetingService.getMeeting(rightUser, sdate, edate, Optional.ofNullable(null), null);
meetingDtos = meetings.stream().filter(it -> {
if ("Y".endsWith(it.getDraftFlag()) && !loginUser.equals(it.getCreatorWorknumber())) {
return false;
}
return true;
}).map(meetingTransform).map(it -> {
if ("Y".equals(it.getCycleSign())) {
CycleInfo cycleInfo = cycleInfoService.getCycleInfoByMeetingId(Long.valueOf(it.getMeetingId()));
CycleInfoDto cycleInfoDto = new CycleInfoDto();
cycleInfoDto.setCycleId(cycleInfo.getId());
cycleInfoDto.setCycleLength(Long.parseLong(cycleInfo.getCycleLength()));
cycleInfoDto.setCycleType(cycleInfo.getCycleType());
cycleInfoDto.setCreatorWorkernumber(cycleInfo.getCreatorAccount());
it.setCycleInfo(cycleInfoDto);
}
return it;
}).map(it -> {
if ("Y".equals(it.getDraftFlag())) {
it.setMeetingName("[草稿]" + it.getMeetingName());
} else {
if ("Y".equals(it.getCycleSign())) {
it.setMeetingName("[周期]" + it.getMeetingName());
}
}
return it;
}).collect(toList());
}
if ("T".equals(command.getType()) || "A".equals(command.getType())) {
scheduleTaskDTOs = taskService.getAllTasksByStartDateAndEndDate(rightUser, sdate, edate).stream().map(ScheduleTaskDTO::buildByTaskDetail).collect(toList());
}
dataMap.put(MEETING_DATAS, meetingDtos);
dataMap.put(TASK_DATAS, scheduleTaskDTOs);
dataMap.put(UPDATE_TIME, (new Date().getTime()));
return ResponseUtil.buildOK(dataMap);
}
通过加密判断越权
猜你喜欢
转载自javayuanliwang.iteye.com/blog/2415034
周排行