feature: 令牌通知接收修改

dcuc-auth-service/pom.xml

@@ -38,6 +38,15 @@
             <artifactId>duceap-boot-starter</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>com.dragonsoft</groupId>
+            <artifactId>sm-tools-api</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.dragonsoft</groupId>
+            <artifactId>sm-tools-local</artifactId>
+        </dependency>
+
         <!--配置 duceap 结束-->
         <!--配置 dcuc 开始-->
         <dependency>

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/AuthTokenBusinessImpl.java

@@ -21,6 +21,9 @@ import com.dragoninfo.dcuc.auth.token.enums.TokenActionEnum;
 import com.dragoninfo.dcuc.auth.token.vo.*;
 import com.dragonsoft.auditlog.collection.qmtj.enums.TokenTypeEnum;
 import com.dragonsoft.duceap.commons.util.string.StringUtils;
+import com.dragonsoft.smtools.loader.SMFactory;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections4.CollectionUtils;
 import org.springframework.beans.BeanUtils;
@@ -57,6 +60,13 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
 
     private ICacheBusiness cacheBusiness;
 
+    private SMFactory smFactory;
+
+    @Autowired
+    public void setSmFactory(SMFactory smFactory) {
+        this.smFactory = smFactory;
+    }
+
     @Autowired
     public void setCacheBusiness(ICacheBusiness cacheBusiness) {
         this.cacheBusiness = cacheBusiness;
@@ -154,30 +164,60 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
         return builder.build();
     }
 
+    @SneakyThrows
     @Override
-    public ZeroTustMessageRespVO tokenReceive(TokenReceiveVO receiveVO) {
-        // 暂时发送令牌接收日志即可
-        String type = receiveVO.getType();
-        UserTokenInfoRespVO userTokenInfo;
+    public ZeroTustMessageRespVO tokenReceive(TokenReceiveVO receiveVo) {
+        String action = receiveVo.getAction();
+        String type = receiveVo.getType();
+        String token = receiveVo.getToken();
+        String generalNoticeSign = generalNoticeSign(receiveVo);
+        String requestSign = receiveVo.getSign();
+        if (!generalNoticeSign.equalsIgnoreCase(requestSign)) {
+            log.info("request Sign:{}, generalSign:{}", requestSign, generalNoticeSign);
+            return ZeroTustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.OPERATE_FAIL);
+        }
+
+        String pid;
+        ObjectMapper objectMapper = new ObjectMapper();
         if (TokenTypeEnum.USER.getValue().equals(type)) {
-            userTokenInfo = getUserTokenInfo(receiveVO.getToken());
+            UserTokenInfoRespVO tokenInfo = objectMapper.readValue(token, UserTokenInfoRespVO.class);
+            pid = tokenInfo.getPid();
+            cacheBusiness.userTokenActionHandle(tokenInfo, action);
         } else {
-            TokenDetailRespVo appTokenInfo = getByAppTokenId(receiveVO.getToken(), false, false);
-            userTokenInfo = appTokenInfo.getUserToken();
-        }
-        if (null == userTokenInfo) {
-            return ZeroTustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.TOKEN_FAIL);
+            AppTokenInfoRespVO tokenInfo = objectMapper.readValue(token, AppTokenInfoRespVO.class);
+            pid = tokenInfo.getUserToken().getPid();
+            cacheBusiness.appTokenActionHandle(tokenInfo, action);
         }
         TokenOperationDto dto = TokenOperationDto.builder()
-                .action(receiveVO.getAction())
+                .action(receiveVo.getAction())
                 .operateTime(new Date())
-                .pid(userTokenInfo.getPid())
-                .tokenType(receiveVO.getType())
+                .pid(pid)
+                .tokenType(receiveVo.getType())
                 .build();
         qmAuditPushService.pushTokenReceiveLog(dto);
         return ZeroTustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
     }
 
+    /**
+     * 生成令牌通知签名
+     *
+     * @param tokenReceiveReqVo 应用通知信息
+     * @return 签名
+     */
+    public String generalNoticeSign(TokenReceiveVO tokenReceiveReqVo) {
+        String action = tokenReceiveReqVo.getAction();
+        String type = tokenReceiveReqVo.getType();
+        String token = tokenReceiveReqVo.getToken();
+        String nonce = tokenReceiveReqVo.getNonce();
+
+        String origin = "action=" + action + "&type=" + type + "&token=" + token + "&nonce=" + nonce;
+        log.info("noticeOrigin :{}", origin);
+        return smFactory.getSM3().summary(origin).toString();
+    }
+
+
+
+
     private AuthUserVo getAuthUserVo(String pid) {
         // pid为人员身份证号
         // 查询权限中心用户信息, 填充id字段

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/config/DcucAuthConfig.java

@@ -1,5 +1,6 @@
 package com.dragoninfo.dcuc.auth.config;
 
+import com.dragonsoft.smtools.enums.SmTypeEunm;
 import lombok.Data;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.stereotype.Component;
@@ -105,16 +106,21 @@ public class DcucAuthConfig {
     /**
      * 用户令牌查询接口
      */
-    private String userTokenQueryUrl = "http://10.201.1.51:7300/mock/63f5cc949147e838d4c27f4c/token/usertokenDetail";
+    private String userTokenQueryUrl;
 
     /**
      * 应用令牌查询接口
      */
-    private String appTokenQueryUrl = "http://10.201.1.51:7300/mock/63f5cc949147e838d4c27f4c/token/apptokenDetail";
+    private String appTokenQueryUrl;
 
     /**
      * 根据pid查询人员信息接口
      */
-    private String userInfoQueryUrl = "http://10.201.1.51:7300/mock/63f5cc949147e838d4c27f4c/token/userinfo";
+    private String userInfoQueryUrl;
+
+    /**
+     * 国密类型
+     */
+    private SmTypeEunm smTypeEnum = SmTypeEunm.Local;
 
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/config/zerotrust/SMFactorConfig.java

@@ -0,0 +1,33 @@
+package com.dragoninfo.dcuc.auth.config.zerotrust;
+
+import com.dragoninfo.dcuc.auth.config.DcucAuthConfig;
+import com.dragonsoft.smtools.loader.SMFactory;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import java.lang.reflect.InvocationTargetException;
+
+/**
+ * @author mazq
+ * @date 2023/3/30
+ */
+@Slf4j
+@Configuration
+public class SMFactorConfig {
+
+    @Autowired
+    private DcucAuthConfig dcucAuthConfig;
+
+    @Bean
+    public SMFactory smFactory() {
+        try {
+            return SMFactory.init(dcucAuthConfig.getSmTypeEnum());
+        } catch (ClassNotFoundException | InvocationTargetException | InstantiationException | IllegalAccessException | NoSuchMethodException e) {
+            log.error("国密初始化错误", e);
+        }
+        return null;
+    }
+
+}

dcuc-auth-service/src/main/resources/application-auth.yml

@@ -6,6 +6,9 @@ dcuc:
       facility: LOCAL0
     security-policy:
       type: rzy
+    user-token-query-url:
+    app-token-query-url:
+    user-info-query-url:
     app-code: QXXT0000000000000001
     menu-noclear: true
     #服务变更通知

dcuc-auth-service/src/main/resources/conf/local.properties

@@ -0,0 +1,6 @@
+local.sm2.prik=e1fd3231e230c7f20bda06d0e652650a924a66642ce2313c0abd5f3ee84c411d
+local.sm2.pubk=04265e9b4c487992cbd0ef4b2d26d31f9a09cbdca788224fe324b03484fa6271d90e21f77feb8c25300cf6b785c2f24d5cba2ccf5e2a58c23d6beea296bf607cea
+local.sm4.secretKey=JeF8U9wHFOMfs2Y8
+local.sm4.iv=UISwD9fW6cFh9SNS
+local.sm4.hexString=false
+local.sm2.mode=C1C3C2

pom.xml

@@ -23,6 +23,7 @@
         <oracle.version>11.2.0.1.0</oracle.version>
         <mysql.version>5.1.49</mysql.version>
         <lombok.version>1.18.24</lombok.version>
+        <sm.tools.version>1.2.1-SNAPSHOT</sm.tools.version>
     </properties>
 
     <dependencyManagement>
@@ -98,6 +99,16 @@
             </dependency>
             <!--框架组组件接入华为kafka-->
 
+            <dependency>
+                <groupId>com.dragonsoft</groupId>
+                <artifactId>sm-tools-api</artifactId>
+                <version>${sm.tools.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>com.dragonsoft</groupId>
+                <artifactId>sm-tools-local</artifactId>
+                <version>${sm.tools.version}</version>
+            </dependency>
         </dependencies>
 
     </dependencyManagement>