feature: 接收安全策略评分,V4应用级鉴权过滤冻结的结果

dcuc-auth-api/src/main/java/com/dragoninfo/dcuc/auth/securitypolicy/facade/IApiSecurityPolicyFacade.java

@@ -1,12 +1,11 @@
 package com.dragoninfo.dcuc.auth.securitypolicy.facade;
 
-import com.dragoninfo.dcuc.auth.api.vo.securitypolicy.req.ReqUserRiskScoreVO;
+import com.dragoninfo.dcuc.auth.api.vo.securitypolicy.req.AuthRiskOrderReqVo;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 
-import java.util.List;
-
 /**
  * @author mazq
  * @date 2023/7/12
@@ -15,9 +14,12 @@ import java.util.List;
 public interface IApiSecurityPolicyFacade {
 
     /**
-     * 接收风险指令
-     * @param userRiskScores
+     * 接收权限风险指令
+     *
+     * @param authRiskOrderReqVo 接收权限风险指令信息
+     * @return 状态
      */
-    @PostMapping("receivePolicy")
-    void receivePolicy(@RequestBody List<ReqUserRiskScoreVO> userRiskScores);
+    @PostMapping("risk-order")
+    ZeroTrustMessageRespVO riskOrder(@RequestBody AuthRiskOrderReqVo authRiskOrderReqVo);
+
 }

dcuc-auth-api/src/main/java/com/dragoninfo/dcuc/auth/token/facade/IAuthTokenFacade.java

@@ -1,6 +1,6 @@
 package com.dragoninfo.dcuc.auth.token.facade;
 
-import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTustMessageRespVO;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.token.vo.TokenReceiveVO;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -19,5 +19,5 @@ public interface IAuthTokenFacade {
      * @return
      */
     @PostMapping("tokenReceive")
-    ZeroTustMessageRespVO tokenReceive(TokenReceiveVO receiveVO);
+    ZeroTrustMessageRespVO tokenReceive(TokenReceiveVO receiveVO);
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/enums/securitypolicy/ActionEnum.java → dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/enums/securitypolicy/AuthTypeEnum.java

@@ -3,48 +3,51 @@ package com.dragoninfo.dcuc.auth.api.enums.securitypolicy;
 import com.dragonsoft.duceap.base.enums.ICodeEnum;
 
 /**
+ * <p>
+ * 权限类型
+ * </p>
+ *
  * @author huangzqa
+ * @date 2023/6/29
  */
-
-public enum ActionEnum implements ICodeEnum {
+public enum AuthTypeEnum implements ICodeEnum {
 
     /**
-     * 撤销令牌
+     * 应用
      */
-    cancel("0", "撤销令牌"),
+    APP("app", "应用"),
 
     /**
-     * 锁定用户
+     * 功能
      */
-    lockUser("1", "锁定用户"),
+    FUNCTION("function", "功能"),
 
     /**
-     * 通知
+     * 服务
      */
-    notify("2", "通知"),
+    SERVICE("service", "服务"),
 
     /**
-     * 锁定鉴权 todo 类型待沟通
+     * 数据
      */
-    lockAuthentication("3", "锁定鉴权");
+    DATA("data", "数据");
 
-    private final String value;
 
+    private final String value;
     private final String label;
 
-    ActionEnum(String value, String label) {
+    AuthTypeEnum(String value, String label) {
         this.value = value;
         this.label = label;
     }
 
-
     @Override
     public String getValue() {
-        return this.value;
+        return value;
     }
 
     @Override
     public String getLabel() {
-        return this.label;
+        return label;
     }
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/securitypolicy/req/AuthRiskOrderReqVo.java

@@ -0,0 +1,49 @@
+package com.dragoninfo.dcuc.auth.api.vo.securitypolicy.req;
+
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustSignReqVO;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+/**
+ * <p>
+ *
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2023/6/29
+ */
+@ApiModel(value = "权限风险指令请求")
+@EqualsAndHashCode(callSuper = true)
+@Data
+public class AuthRiskOrderReqVo extends ZeroTrustSignReqVO {
+
+    /**
+     * 撤销的用户唯一标识
+     */
+    @ApiModelProperty(value = "撤销的用户唯一标识", required = true)
+    private String pid;
+
+    /**
+     * 需要撤销的权限类型（app、function）
+     *
+     * @see com.dragoninfo.dcuc.auth.api.enums.securitypolicy.AuthTypeEnum
+     */
+    @ApiModelProperty(value = "需要撤销的权限类型（app、function）", required = true)
+    private String authType;
+
+    /**
+     * 需要撤销的资源标识，多个以英文逗号,分隔
+     */
+    @ApiModelProperty(value = "需要撤销的资源标识，多个以英文逗号,分隔", required = true)
+    private String resourceId;
+
+    /**
+     * 撤销权限的持续时间（单位秒）
+     */
+    @ApiModelProperty(value = "撤销权限的持续时间（单位秒）", required = true)
+    private Integer effectiveTime;
+
+
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/securitypolicy/req/ReqUserRiskScoreVO.java

@@ -1,82 +0,0 @@
-package com.dragoninfo.dcuc.auth.api.vo.securitypolicy.req;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-import lombok.Data;
-
-/**
- * <p>
- *
- * </p>
- *
- * @author huangzqa
- * @date 2023/5/12
- */
-@Data
-public class ReqUserRiskScoreVO {
-
-    /**
-     * 用户ID 身份证号
-     */
-    @JsonProperty("userID")
-    private String userId;
-
-    /**
-     * 用户姓名
-     */
-    private String userName;
-
-    /**
-     * 用户登录IP
-     */
-    @JsonProperty("userIP")
-    private String userIp;
-    /**
-     * 终端Ip
-     */
-    @JsonProperty("deviceIP")
-    private String deviceIp;
-    /**
-     * 终端唯一标识
-     */
-    @JsonProperty("deviceID")
-    private String deviceId;
-    /**
-     * 信用评分
-     */
-    private String riskScore;
-    /**
-     * 评分时间
-     */
-    private String clientTime;
-    /**
-     * 1：综合评分， 2：用户评分， 3：终端评分
-     */
-    private String riskType;
-    /**
-     * 原因， EventID 对应关系参照附录 A
-     */
-    private String reason;
-    /**
-     * 1：是 VM， 0：不是 VM
-     */
-    @JsonProperty("isVM")
-    private String isVm;
-
-    /**
-     * cancel：撤销令牌，认证中心撤销相应令牌。
-     * <p>
-     * lockUser：锁定用户，认证中心对该用户进行锁定，锁定后将拒绝登录。解锁需要在认证中心手动完成。
-     * <p>
-     * notify：通知，下发信任评估结果，认证中心应根据下发的信任评估结果，对用户进行管控。
-     * 枚举含义：0： cancel, 1:lockuser, 2:notify
-     */
-    private String action;
-    /**
-     * 用户令牌
-     */
-    private String userToken;
-    /**
-     * 应用令牌
-     */
-    private String appToken;
-}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/securitypolicy/resp/ErrorException.java

@@ -1,79 +0,0 @@
-package com.dragoninfo.dcuc.auth.api.vo.securitypolicy.resp;
-
-import java.io.PrintWriter;
-import java.io.Serializable;
-import java.io.StringWriter;
-
-/**
- * 错误异常
- *
- * @author huangzqa
- * @date 2020/7/9
- */
-public class ErrorException implements Serializable {
-
-    private static final long serialVersionUID = -3191249189923271500L;
-
-    /**
-     * 名称
-     */
-    private String name;
-
-    /**
-     * 信息
-     */
-    private String message;
-
-    /***
-     * 追踪路径
-     */
-    private String trace;
-
-    public ErrorException(String name, String message, String trace) {
-        this.name = name;
-        this.message = message;
-        this.trace = trace;
-    }
-
-    public static ErrorException errorException(Exception e) {
-        String traceString = getStackTrace(e);
-        return new ErrorException(e.getClass().getName(), e.getMessage(), traceString);
-    }
-
-    private static String getStackTrace(Throwable throwable) {
-        StringWriter stringWriter = new StringWriter();
-
-        try (PrintWriter printWriter = new PrintWriter(stringWriter)) {
-            throwable.printStackTrace(printWriter);
-            return stringWriter.toString();
-        }
-    }
-
-    public static ErrorException empty() {
-        return new ErrorException(null, null, null);
-    }
-
-    public String getName() {
-        return name;
-    }
-
-    public void setName(String name) {
-        this.name = name;
-    }
-
-    public String getMessage() {
-        return message;
-    }
-
-    public void setMessage(String message) {
-        this.message = message;
-    }
-
-    public String getTrace() {
-        return trace;
-    }
-
-    public void setTrace(String trace) {
-        this.trace = trace;
-    }
-}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/securitypolicy/resp/HwSecurityPolicyResp.java

@@ -1,144 +0,0 @@
-package com.dragoninfo.dcuc.auth.api.vo.securitypolicy.resp;
-
-import java.io.Serializable;
-
-/**
- * 华为安全策略服务返回值
- *
- * @author zq.huang
- * @date 2020/7/20
- */
-public class HwSecurityPolicyResp<T> implements Serializable {
-
-    private static final long serialVersionUID = 3962167558303736599L;
-
-    /**
-     * 是否成功
-     */
-    private Boolean success;
-
-    /**
-     * 数据
-     */
-    private T data;
-
-    /**
-     * 错误代码
-     */
-    private String errorCode;
-
-    /**
-     * 错误名称
-     */
-    private String errorName;
-
-    /**
-     * 错误消息
-     */
-
-    public HwSecurityPolicyResp() {
-
-    }
-
-
-    private String errorMessage;
-
-    public HwSecurityPolicyResp(Boolean success, T data, String errorCode, String errorName, String errorMessage, ErrorException errorException) {
-        this.success = success;
-        this.data = data;
-        this.errorCode = errorCode;
-        this.errorName = errorName;
-        this.errorMessage = errorMessage;
-        this.errorException = errorException;
-    }
-
-    /**
-     * 成功的相应结果
-     *
-     * @param <T>
-     * @return
-     */
-    public static <T> HwSecurityPolicyResp<T> success(T obj) {
-        ErrorException errorException = new ErrorException(null, null, null);
-        return new HwSecurityPolicyResp<T>(true, obj, null, null, null, errorException);
-    }
-
-    /**
-     * 成功的相应结果
-     *
-     * @param <T>
-     * @return
-     */
-    public static <T> HwSecurityPolicyResp<T> success() {
-        ErrorException errorException = new ErrorException(null, null, null);
-        return new HwSecurityPolicyResp<T>(true, null, null, null, null, errorException);
-    }
-
-    /**
-     * 失败的相应结果
-     *
-     * @param <T>
-     * @return
-     */
-    public static <T> HwSecurityPolicyResp<T> fail(String errName, String errorMessage, ErrorException e) {
-        return new HwSecurityPolicyResp<T>(false, null, "300", errName, errorMessage, e);
-    }
-
-    /**
-     * 错误异常信息
-     */
-    private ErrorException errorException;
-
-
-    public Boolean getSuccess() {
-        return success;
-    }
-
-    public void setSuccess(Boolean success) {
-        this.success = success;
-    }
-
-    public static long getSerialVersionUID() {
-        return serialVersionUID;
-    }
-
-    public T getData() {
-        return data;
-    }
-
-    public void setData(T data) {
-        this.data = data;
-    }
-
-    public String getErrorCode() {
-        return errorCode;
-    }
-
-    public void setErrorCode(String errorCode) {
-        this.errorCode = errorCode;
-    }
-
-    public String getErrorName() {
-        return errorName;
-    }
-
-    public void setErrorName(String errorName) {
-        this.errorName = errorName;
-    }
-
-    public String getErrorMessage() {
-        return errorMessage;
-    }
-
-    public void setErrorMessage(String errorMessage) {
-        this.errorMessage = errorMessage;
-    }
-
-    public ErrorException getErrorException() {
-        return errorException;
-    }
-
-    public void setErrorException(ErrorException errorException) {
-        this.errorException = errorException;
-    }
-}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/ZeroTustMessageRespVO.java → dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/ZeroTrustMessageRespVO.java

@@ -16,7 +16,7 @@ import lombok.Data;
  * @date 2022/8/1
  */
 @Data
-public class ZeroTustMessageRespVO {
+public class ZeroTrustMessageRespVO {
 
     /**
      * “0000” 表示令牌有效；
@@ -30,6 +30,15 @@ public class ZeroTustMessageRespVO {
      */
     private String message;
 
+    /**
+     * 设置请求参数异常
+     *
+     * @param message 异常信息
+     */
+    public static ZeroTrustMessageRespVO requestErrorMessage(String message) {
+        return messageEnumMessage(ZeroTrustBusinessRespEnum.OPERATE_FAIL, message);
+    }
+
     /**
      * 设置业务枚举
      *
@@ -46,8 +55,8 @@ public class ZeroTustMessageRespVO {
      *
      * @param businessRespEnum 业务枚举
      */
-    public static ZeroTustMessageRespVO messageEnumMessage(ZeroTrustBusinessRespEnum businessRespEnum) {
-        ZeroTustMessageRespVO messageRespVO = new ZeroTustMessageRespVO();
+    public static ZeroTrustMessageRespVO messageEnumMessage(ZeroTrustBusinessRespEnum businessRespEnum) {
+        ZeroTrustMessageRespVO messageRespVO = new ZeroTrustMessageRespVO();
         messageRespVO.setBusinessRespEnum(businessRespEnum);
         return messageRespVO;
     }
@@ -58,8 +67,8 @@ public class ZeroTustMessageRespVO {
      * @param businessRespEnum 枚举
      * @param message          异常信息
      */
-    public static ZeroTustMessageRespVO messageEnumMessage(ZeroTrustBusinessRespEnum businessRespEnum, String message) {
-        ZeroTustMessageRespVO messageRespVO = new ZeroTustMessageRespVO();
+    public static ZeroTrustMessageRespVO messageEnumMessage(ZeroTrustBusinessRespEnum businessRespEnum, String message) {
+        ZeroTrustMessageRespVO messageRespVO = new ZeroTrustMessageRespVO();
         messageRespVO.setStatusCode(businessRespEnum.getValue());
         messageRespVO.setMessage(message);
         return messageRespVO;

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/ZeroTrustSignReqVO.java

@@ -0,0 +1,47 @@
+package com.dragoninfo.dcuc.auth.api.vo.zerotrust;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+/**
+ * <p>
+ * 验签请求
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2022/8/3
+ */
+@ApiModel(value = "验签请求")
+@Data
+public class ZeroTrustSignReqVO {
+
+    /**
+     * 接口调用方标识
+     * 接口调用方Id，用于检查接口调用的合法性，由认证服务分配并线下告知应用厂商。
+     */
+    @ApiModelProperty(value = "接口调用方标识")
+    private String callerId;
+
+    /**
+     * 接口调用时间戳
+     * 本次请求时的时间戳（1970至今的毫秒数），精确到毫秒。
+     * 服务会对该时间戳进行检验，时间偏差超过一定限度的将拒绝服务。
+     */
+    @ApiModelProperty(value = "接口调用时间戳")
+    private String callerTimestamp;
+
+    /**
+     * 接口调用随机值
+     * 本次请求时的随机字符串，如UUId。
+     */
+    @ApiModelProperty(value = "接口调用随机值")
+    private String callerNounce;
+
+    /**
+     * 签名
+     * 需采用签名算法对接口入参进行签名，以保证接口入参不被篡改，签名算法需具备安全性和高效性。
+     */
+    @ApiModelProperty(value = "签名")
+    private String callerSign;
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/impl/zerotrust/ZeroTrustAppAuthBusiness.java

@@ -3,6 +3,7 @@ package com.dragoninfo.dcuc.auth.auth.business.impl.zerotrust;
 import cn.hutool.core.bean.BeanUtil;
 import cn.hutool.core.util.StrUtil;
 import com.alibaba.fastjson.JSON;
+import com.dragoninfo.dcuc.auth.api.enums.securitypolicy.AuthTypeEnum;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.AppAuthReqVO;
 import com.dragoninfo.dcuc.auth.api.enums.zerotrust.ZeroTrustBusinessRespEnum;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustDataRespVO;
@@ -16,11 +17,13 @@ import com.dragoninfo.dcuc.auth.auth.securitypolicy.SecurityPolicyAuthentication
 import com.dragoninfo.dcuc.auth.auth.service.IStaffAssignAuthInfoService;
 import com.dragoninfo.dcuc.auth.auth.vo.ApiAppAuthVo;
 import com.dragoninfo.dcuc.auth.business.IAuthTokenBusiness;
+import com.dragoninfo.dcuc.auth.business.IRiskOrderBusiness;
 import com.dragoninfo.dcuc.auth.sub.entity.AuthUserInfo;
 import com.dragoninfo.dcuc.auth.sub.service.IAuthUserInfoService;
 import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
 import com.dragoninfo.dcuc.auth.token.vo.UserTokenInfoRespVO;
 import com.dragonsoft.duceap.commons.util.ip.IpUtils;
+import com.dragonsoft.duceap.commons.util.json.JsonUtils;
 import com.dragonsoft.duceap.commons.util.string.StringUtils;
 import com.dragonsoft.duceap.web.utils.RequestUtils;
 import lombok.extern.slf4j.Slf4j;
@@ -29,6 +32,7 @@ import org.springframework.stereotype.Service;
 
 import java.util.Collections;
 import java.util.List;
+import java.util.Set;
 import java.util.stream.Collectors;
 
 /**
@@ -49,6 +53,13 @@ public class ZeroTrustAppAuthBusiness implements IZeroTrustAppAuthBusiness {
 
     private BusiEventPublisher busiEventPublisher;
 
+    private IRiskOrderBusiness riskOrderBusiness;
+
+    @Autowired
+    public void setRiskOrderBusiness(IRiskOrderBusiness riskOrderBusiness) {
+        this.riskOrderBusiness = riskOrderBusiness;
+    }
+
     @Autowired
     public void setBusiEventPublisher(BusiEventPublisher busiEventPublisher) {
         this.busiEventPublisher = busiEventPublisher;
@@ -83,7 +94,7 @@ public class ZeroTrustAppAuthBusiness implements IZeroTrustAppAuthBusiness {
         // 构建sysLogVo
         SecurityPolicyAuthenticationLogReqVO logReqVO = getSysLogVo(appAuthReqVO);
 
-        // todo 校验签名
+        // todo 校验令牌签名
         AuthUserInfo userInfo = authUserInfoService.findByIdcard(pId);
         if (userInfo == null) {
             log.error("查询不到用户信息");
@@ -104,6 +115,10 @@ public class ZeroTrustAppAuthBusiness implements IZeroTrustAppAuthBusiness {
                 .terminalIp(IpUtils.getIp())
                 .build();
         List<AppDataSensitiveLevelDTO> appList = staffAssignAuthInfoService.apiAppAuth(authVo);
+
+        // 过滤冻结的权限
+        appList = filterFrozenAuth(appList, userVo);
+
         String appAuth = appList.stream()
                 .map(AppDataSensitiveLevelDTO::getCode)
                 .filter(StringUtils::isNotBlank)
@@ -116,6 +131,25 @@ public class ZeroTrustAppAuthBusiness implements IZeroTrustAppAuthBusiness {
         return ZeroTrustDataRespVO.success(appAuth);
     }
 
+    /**
+     * 过滤安全策略冻结的应用级权限
+     * @param appList
+     * @param userVo
+     * @return
+     */
+    private List<AppDataSensitiveLevelDTO> filterFrozenAuth(List<AppDataSensitiveLevelDTO> appList, AuthUserVo userVo) {
+        List<String> currentAppCodeList = appList.stream().map(AppDataSensitiveLevelDTO::getCode).collect(Collectors.toList());
+
+        String idcard = userVo.getIdcard();
+        log.info("过滤安全策略冻结前的用户：{}应用级权限信息:{}", idcard, JsonUtils.toJSONString(currentAppCodeList));
+        Set<String> noFrozenAuthAppCodeList = riskOrderBusiness.removeFrozenAuth(idcard, currentAppCodeList, AuthTypeEnum.APP);
+        log.info("过滤安全策略冻结后的用户：{}应用级权限信息:{}", idcard, JsonUtils.toJSONString(noFrozenAuthAppCodeList));
+
+        appList = appList.stream().filter(item -> noFrozenAuthAppCodeList.contains(item.getCode()))
+                .collect(Collectors.toList());
+        return appList;
+    }
+
     private SecurityPolicyAuthenticationLogReqVO getSysLogVo(AppAuthReqVO appAuthReqVO) {
         SecurityPolicyAuthenticationLogReqVO logReqVO = SecurityPolicyAuthenticationLogReqVO
                 .setLog(SecurityPolicyAuthTypeEnum.APP, appAuthReqVO.getUserTokenId());

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/IApiCommonBusiness.java

@@ -0,0 +1,20 @@
+package com.dragoninfo.dcuc.auth.business;
+
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustSignReqVO;
+
+/**
+ * @author mazq
+ * @date 2023/7/12
+ */
+public interface IApiCommonBusiness {
+
+
+    /**
+     * 校验令牌签名
+     * @param signReqVO
+     * @return
+     */
+    ZeroTrustMessageRespVO checkSecret(ZeroTrustSignReqVO signReqVO);
+
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/IAuthTokenBusiness.java

@@ -1,6 +1,8 @@
 package com.dragoninfo.dcuc.auth.business;
 
-import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTustMessageRespVO;
+import com.dragoninfo.dcuc.auth.api.vo.securitypolicy.req.AuthRiskOrderReqVo;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustSignReqVO;
 import com.dragoninfo.dcuc.auth.token.vo.AppTokenInfoRespVO;
 import com.dragoninfo.dcuc.auth.token.vo.TokenDetailRespVo;
 import com.dragoninfo.dcuc.auth.token.vo.TokenReceiveVO;
@@ -44,5 +46,5 @@ public interface IAuthTokenBusiness {
      * @param receiveVO
      * @return
      */
-    ZeroTustMessageRespVO tokenReceive(TokenReceiveVO receiveVO);
+    ZeroTrustMessageRespVO tokenReceive(TokenReceiveVO receiveVO);
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/IRiskOrderBusiness.java

@@ -0,0 +1,41 @@
+package com.dragoninfo.dcuc.auth.business;
+
+import com.dragoninfo.dcuc.auth.api.enums.securitypolicy.AuthTypeEnum;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
+
+import java.util.Collection;
+import java.util.Set;
+
+/**
+ * <p>
+ *
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2023/6/29
+ */
+public interface IRiskOrderBusiness {
+
+    /**
+     * 风险指令
+     *
+     * @param pid           身份证号
+     * @param authType      权限类型
+     * @param resourceId    资源标识多个以英文逗号,分隔
+     * @param effectiveTime 冻结秒数
+     * @return 状态
+     */
+    ZeroTrustMessageRespVO riskOrder(String pid, String authType, String resourceId, Integer effectiveTime);
+
+    /**
+     * 去掉冻结的权限
+     *
+     * @param pid          用户唯一标识
+     * @param collection   权限集合
+     * @param authTypeEnum 权限类型
+     * @return 去除后的权限
+     */
+    Set<String> removeFrozenAuth(String pid, Collection<String> collection, AuthTypeEnum authTypeEnum);
+
+
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/ApiCommonBusiness.java

@@ -0,0 +1,140 @@
+package com.dragoninfo.dcuc.auth.business.impl;
+
+import cn.hutool.core.date.DateUtil;
+import cn.hutool.core.util.StrUtil;
+import com.dragoninfo.dcuc.app.entity.ApplyInfo;
+import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
+import com.dragoninfo.dcuc.auth.api.enums.zerotrust.ZeroTrustBusinessRespEnum;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustSignReqVO;
+import com.dragoninfo.dcuc.auth.business.IApiCommonBusiness;
+import com.dragoninfo.dcuc.auth.config.DcucAuthConfig;
+import com.dragoninfo.dcuc.auth.constance.AuthRedisConstant;
+import com.dragonsoft.duceap.commons.util.date.DateConst;
+import com.dragonsoft.duceap.commons.util.date.DateUtils;
+import com.dragonsoft.smtools.loader.SMFactory;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.stereotype.Service;
+
+import java.util.Date;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * @author mazq
+ * @date 2023/7/12
+ */
+@Slf4j
+@Service
+public class ApiCommonBusiness implements IApiCommonBusiness {
+
+    private DcucAuthConfig dcucAuthConfig;
+
+    private IApplyInfoFacade applyInfoFacade;
+
+    private SMFactory smFactory;
+
+    private StringRedisTemplate stringRedisTemplate;
+
+    @Autowired
+    public void setStringRedisTemplate(StringRedisTemplate stringRedisTemplate) {
+        this.stringRedisTemplate = stringRedisTemplate;
+    }
+
+    @Autowired
+    public void setDcucAuthConfig(DcucAuthConfig dcucAuthConfig) {
+        this.dcucAuthConfig = dcucAuthConfig;
+    }
+
+    @Autowired
+    public void setApplyInfoFacade(IApplyInfoFacade applyInfoFacade) {
+        this.applyInfoFacade = applyInfoFacade;
+    }
+
+    @Autowired
+    public void setSmFactory(SMFactory smFactory) {
+        this.smFactory = smFactory;
+    }
+
+    @Override
+    public ZeroTrustMessageRespVO checkSecret(ZeroTrustSignReqVO signReqVO) {
+        Boolean checkCallerSign = dcucAuthConfig.getCheckCallerSign();
+        log.info("checkCallerSign:{} ", checkCallerSign);
+        if (!checkCallerSign) {
+            return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
+        }
+
+        String callerId = signReqVO.getCallerId();
+        String callerSign = signReqVO.getCallerSign();
+        String callerNounce = signReqVO.getCallerNounce();
+        String callerTimestamp = signReqVO.getCallerTimestamp();
+
+        int minCallerLength = 32;
+        int maxCallerLength = 40;
+        if (callerNounce.length() < minCallerLength) {
+            return ZeroTrustMessageRespVO.requestErrorMessage("callerNounce 不合法");
+        }
+        if (callerNounce.length() > maxCallerLength) {
+            return ZeroTrustMessageRespVO.requestErrorMessage("callerNounce 不合法");
+        }
+
+        Date parseLocalDate;
+        try {
+            parseLocalDate = DateUtils.getDate(callerTimestamp, DateConst.HYPHEN_DISPLAY_TIME);
+        } catch (Exception e) {
+            log.debug("TimeStamp:{} pattern error.", callerTimestamp);
+            log.debug("parse error", e);
+            return ZeroTrustMessageRespVO.requestErrorMessage("callerTimestamp 不合法");
+        }
+
+        Integer timeStampCheckSeconds = dcucAuthConfig.getTimeStampCheckSeconds();
+        Date date = new Date();
+        Date minLocalDate = DateUtil.offsetSecond(date, -timeStampCheckSeconds);
+        Date maxLocalDate = DateUtil.offsetSecond(date, timeStampCheckSeconds);
+
+        if (parseLocalDate.before(minLocalDate)
+                || parseLocalDate.after(maxLocalDate)) {
+            log.error("AppCode :{},SystemTimeStamp:{} TimeStamp:{} is not in the check time range.", callerId,
+                    System.currentTimeMillis(), timeStampCheckSeconds);
+            return ZeroTrustMessageRespVO.requestErrorMessage("callerTimestamp 不合法");
+        }
+
+        ApplyInfo applyInfo = applyInfoFacade.getAppByCode(callerId);
+
+        if (applyInfo == null) {
+            log.info("AppCode:{} isn't exits", callerId);
+            return ZeroTrustMessageRespVO.requestErrorMessage("callerId不存在");
+        }
+
+        String secretKey = applyInfo.getSecretKey();
+
+        String nonceValue = stringRedisTemplate.opsForValue().get(AuthRedisConstant.REDIS_TOKEN_NONCE_NAMESPACE + callerNounce);
+        boolean exitsNonce = StrUtil.isNotBlank(nonceValue);
+
+        if (exitsNonce) {
+            log.info("nonce:{} is used", callerNounce);
+            return ZeroTrustMessageRespVO.requestErrorMessage("callerNounce已被使用");
+        }
+
+        // 应用资源标识&访问秘钥&随机&时间戳
+        String origin = "callerId=" + callerId + "&appSecret=" + secretKey + "&nonce=" + callerNounce + "&callerTimestamp=" + callerTimestamp;
+
+
+        log.info("origin:{}", origin);
+        log.info("callerSign:{}", callerSign);
+
+        String serverSign = (String) smFactory.getSM3().summary(origin);
+        log.info("serverSign:{}", serverSign);
+
+        Boolean signEquals = callerSign.equalsIgnoreCase(serverSign);
+
+        log.info("signEquals:{}", signEquals);
+
+        if (signEquals) {
+            stringRedisTemplate.opsForValue().set(AuthRedisConstant.REDIS_TOKEN_NONCE_NAMESPACE + callerNounce, "1", 30, TimeUnit.MINUTES);
+            return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
+        }
+        return ZeroTrustMessageRespVO.requestErrorMessage("验签不一致");
+    }
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/AuthTokenBusinessImpl.java

@@ -3,11 +3,11 @@ package com.dragoninfo.dcuc.auth.business.impl;
 import com.alibaba.fastjson.JSON;
 import com.dragoninfo.dcuc.app.entity.ApplyInfo;
 import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
+import com.dragoninfo.dcuc.auth.api.enums.zerotrust.ZeroTrustBusinessRespEnum;
 import com.dragoninfo.dcuc.auth.api.vo.MessageRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.ResultRespPageVo;
 import com.dragoninfo.dcuc.auth.api.vo.ResultRespVO;
-import com.dragoninfo.dcuc.auth.api.enums.zerotrust.ZeroTrustBusinessRespEnum;
-import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTustMessageRespVO;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.audit.dto.TokenOperationDto;
 import com.dragoninfo.dcuc.auth.audit.service.log.QmAuditPushService;
 import com.dragoninfo.dcuc.auth.business.IAuthTokenBusiness;
@@ -166,7 +166,7 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
 
     @SneakyThrows
     @Override
-    public ZeroTustMessageRespVO tokenReceive(TokenReceiveVO receiveVo) {
+    public ZeroTrustMessageRespVO tokenReceive(TokenReceiveVO receiveVo) {
         String action = receiveVo.getAction();
         String type = receiveVo.getType();
         String token = receiveVo.getToken();
@@ -174,7 +174,7 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
         String requestSign = receiveVo.getSign();
         if (!generalNoticeSign.equalsIgnoreCase(requestSign)) {
             log.info("request Sign:{}, generalSign:{}", requestSign, generalNoticeSign);
-            return ZeroTustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.OPERATE_FAIL);
+            return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.OPERATE_FAIL);
         }
 
         String pid;
@@ -195,7 +195,7 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
                 .tokenType(receiveVo.getType())
                 .build();
         qmAuditPushService.pushTokenReceiveLog(dto);
-        return ZeroTustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
+        return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
     }
 
     /**

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/RiskOrderBusinessImpl.java

@@ -0,0 +1,122 @@
+package com.dragoninfo.dcuc.auth.business.impl;
+
+import cn.hutool.core.collection.CollUtil;
+import cn.hutool.core.util.ObjectUtil;
+import cn.hutool.core.util.StrUtil;
+import com.dragoninfo.dcuc.auth.api.enums.securitypolicy.AuthTypeEnum;
+import com.dragoninfo.dcuc.auth.api.enums.zerotrust.ZeroTrustBusinessRespEnum;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
+import com.dragoninfo.dcuc.auth.business.IRiskOrderBusiness;
+import com.dragoninfo.dcuc.auth.constance.AuthRedisConstant;
+import com.dragoninfo.dcuc.auth.sub.entity.AuthUserInfo;
+import com.dragoninfo.dcuc.auth.sub.service.IAuthUserInfoService;
+import com.dragonsoft.duceap.commons.util.enums.EnumUtils;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.stereotype.Component;
+
+import java.util.*;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * <p>
+ *
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2023/6/29
+ */
+@Slf4j
+@Component
+public class RiskOrderBusinessImpl implements IRiskOrderBusiness {
+
+    private StringRedisTemplate stringRedisTemplate;
+
+    private IAuthUserInfoService authUserInfoService;
+
+    @Autowired
+    public void setAuthUserInfoService(IAuthUserInfoService authUserInfoService) {
+        this.authUserInfoService = authUserInfoService;
+    }
+
+    @Autowired
+    public void setStringRedisTemplate(StringRedisTemplate stringRedisTemplate) {
+        this.stringRedisTemplate = stringRedisTemplate;
+    }
+
+    @Override
+    public ZeroTrustMessageRespVO riskOrder(String pid, String authType, String resourceId, Integer effectiveTime) {
+        if (StrUtil.isBlank(pid) || StrUtil.isBlank(authType) || ObjectUtil.isNull(effectiveTime)) {
+            return ZeroTrustMessageRespVO.requestErrorMessage("请求参数需必填");
+        }
+
+        AuthUserInfo authUserInfo = authUserInfoService.findByIdcard(pid);
+        if (ObjectUtil.isNull(authUserInfo)) {
+            log.error("接收到安全策略控制服务：找不到用户唯一标识为：{}的用户", pid);
+            return ZeroTrustMessageRespVO.requestErrorMessage("用户不存在");
+        }
+
+        AuthTypeEnum authTypeEnum = EnumUtils.enumOf(AuthTypeEnum.class, authType);
+        if (ObjectUtil.isNull(authTypeEnum)) {
+            return ZeroTrustMessageRespVO.requestErrorMessage("权限类型出错");
+        }
+        log.info("接收到安全策略控制服务冻结用户{}的 {}级权限：{} 时间：{} 秒 指令", pid, authTypeEnum.getLabel(), authType, effectiveTime);
+        if (authTypeEnum == AuthTypeEnum.APP) {
+            setAppAuthFrozen(pid, resourceId, effectiveTime);
+        } else {
+            return ZeroTrustMessageRespVO.requestErrorMessage("暂无支持改类型权限冻结");
+        }
+        return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
+    }
+
+    @Override
+    public Set<String> removeFrozenAuth(String pid, Collection<String> collection, AuthTypeEnum authTypeEnum) {
+        if (CollUtil.isEmpty(collection)) {
+            return Collections.emptySet();
+        }
+        Set<String> currentHashSet = new HashSet<>(collection);
+        Set<String> currentFrozenAuth = getCurrentFrozenAuth(pid, authTypeEnum);
+        currentHashSet.removeAll(currentFrozenAuth);
+        return currentHashSet;
+    }
+
+
+    /**
+     * 获取当前冻结的权限
+     *
+     * @param pid          用完唯一吧iOS
+     * @param authTypeEnum 权限类型
+     * @return 当前冻结的权限
+     */
+    protected Set<String> getCurrentFrozenAuth(String pid, AuthTypeEnum authTypeEnum) {
+        String nameSpace = "";
+        if (authTypeEnum.equals(AuthTypeEnum.APP)) {
+            nameSpace = AuthRedisConstant.REDIS_RISK_ORDER_APP_NAMESPACE;
+        } else {
+            throw new IllegalArgumentException();
+        }
+        nameSpace = nameSpace + pid;
+
+        String s = stringRedisTemplate.opsForValue().get(nameSpace);
+        Set<String> stringSet = Collections.emptySet();
+
+        if (StrUtil.isNotBlank(s) && ObjectUtil.isNotNull(s)) {
+            String[] split = s.split(StrUtil.COMMA);
+            stringSet = new HashSet<>(Arrays.asList(split));
+        }
+        return stringSet;
+    }
+
+    /**
+     * 冻结应用级权限
+     *
+     * @param pid           用户唯一标识
+     * @param resourceId    资源标识
+     * @param effectiveTime 失效时间
+     */
+    protected void setAppAuthFrozen(String pid, String resourceId, Integer effectiveTime) {
+        String namespace = AuthRedisConstant.REDIS_RISK_ORDER_APP_NAMESPACE + pid;
+        stringRedisTemplate.opsForValue().set(namespace, resourceId, effectiveTime, TimeUnit.SECONDS);
+    }
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/config/DcucAuthConfig.java

@@ -123,4 +123,14 @@ public class DcucAuthConfig {
      */
     private SmTypeEunm smTypeEnum = SmTypeEunm.Local;
 
+    /**
+     * 调用api接口时是否校验签名
+     */
+    private Boolean checkCallerSign;
+
+    /**
+     * 调用api接口时,校验签名时间字段波动范围
+     */
+    private Integer timeStampCheckSeconds;
+
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/constance/AuthRedisConstant.java

@@ -40,4 +40,18 @@ public class AuthRedisConstant {
      */
     public static final String USER_AUTH_LOCK_NAMESPACE = REDIS_AUTH_NAMESPACE + "APP_TOKEN:";
 
+    /**
+     * 随机值命名空间
+     */
+    public static final String REDIS_TOKEN_NONCE_NAMESPACE = REDIS_AUTH_NAMESPACE + "NONCE_KEY:";
+
+    /**
+     * 风险指令命名空间
+     */
+    public static final String REDIS_RISK_ORDER_NAMESPACE = REDIS_AUTH_NAMESPACE + "RISK_ORDER:";
+
+    /**
+     * 风险指令应用级权限命名空间
+     */
+    public static final String REDIS_RISK_ORDER_APP_NAMESPACE = REDIS_RISK_ORDER_NAMESPACE + "APP:";
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/securitypolicy/ApiSecurityPolicyFacade.java

@@ -1,22 +1,17 @@
 package com.dragoninfo.dcuc.auth.securitypolicy;
 
-import com.dragoninfo.dcuc.auth.api.enums.securitypolicy.ActionEnum;
-import com.dragoninfo.dcuc.auth.api.vo.securitypolicy.req.ReqUserRiskScoreVO;
+import com.dragoninfo.dcuc.auth.api.vo.securitypolicy.req.AuthRiskOrderReqVo;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
+import com.dragoninfo.dcuc.auth.business.IApiCommonBusiness;
 import com.dragoninfo.dcuc.auth.business.IAuthTokenBusiness;
-import com.dragoninfo.dcuc.auth.business.ICacheBusiness;
+import com.dragoninfo.dcuc.auth.business.IRiskOrderBusiness;
 import com.dragoninfo.dcuc.auth.securitypolicy.facade.IApiSecurityPolicyFacade;
-import com.dragoninfo.dcuc.auth.token.enums.TokenActionEnum;
-import com.dragoninfo.dcuc.auth.token.enums.TokenTypeEnum;
-import com.dragoninfo.dcuc.auth.token.vo.TokenReceiveVO;
-import com.dragoninfo.dcuc.auth.token.vo.UserTokenInfoRespVO;
-import com.dragonsoft.duceap.commons.util.enums.EnumUtils;
+import com.dragonsoft.duceap.commons.util.json.JsonUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.util.List;
-
 /**
  * @author mazq
  * @date 2023/7/12
@@ -26,34 +21,35 @@ import java.util.List;
 @RequestMapping(value = "/dcuc/securityPolicyFacade")
 public class ApiSecurityPolicyFacade implements IApiSecurityPolicyFacade {
 
-    private ICacheBusiness cacheBusiness;
+    private IRiskOrderBusiness riskOrderBusiness;
+
+    private IApiCommonBusiness apiCommonBusiness;
 
     @Autowired
-    public void setCacheBusiness(ICacheBusiness cacheBusiness) {
-        this.cacheBusiness = cacheBusiness;
+    public void setApiCommonBusiness(IApiCommonBusiness apiCommonBusiness) {
+        this.apiCommonBusiness = apiCommonBusiness;
     }
 
-    @Override
-    public void receivePolicy(List<ReqUserRiskScoreVO> userRiskScores) {
-        for (ReqUserRiskScoreVO reqUserRiskScoreVO : userRiskScores) {
-            String userId = reqUserRiskScoreVO.getUserId();
-            String riskScore = reqUserRiskScoreVO.getRiskScore();
-            log.info("新数据userId" + userId + "评分为:" + riskScore);
-
-            String action = reqUserRiskScoreVO.getAction();
-            ActionEnum actionEnum = EnumUtils.enumOf(ActionEnum.class, action);
-            if (actionEnum.equals(ActionEnum.cancel)) {
-                String userTokenId = reqUserRiskScoreVO.getUserToken();
-                log.info("===============接收到撤销令牌指令, 删除令牌缓存:{}=============", userTokenId);
-                UserTokenInfoRespVO userToken = cacheBusiness.getUserToken(userTokenId);
-                if (null != userToken) {
-                    cacheBusiness.userTokenActionHandle(userToken, TokenActionEnum.OFFLINE.getValue());
-                }
-            } else if (actionEnum.equals(ActionEnum.lockAuthentication)) {
-                log.info("===============接收到鉴权锁定指令, 锁定人员标识：{}=============", userId);
-                cacheBusiness.lockUserAuthentication(userId);
-            }
+    @Autowired
+    public void setRiskOrderBusiness(IRiskOrderBusiness riskOrderBusiness) {
+        this.riskOrderBusiness = riskOrderBusiness;
+    }
 
+    @Override
+    public ZeroTrustMessageRespVO riskOrder(AuthRiskOrderReqVo authRiskOrderReqVo) {
+        log.info("接收到安全策略控制服务发送的权限指令信息：{}", JsonUtils.toJSONString(authRiskOrderReqVo));
+
+        String pid = authRiskOrderReqVo.getPid();
+        String authType = authRiskOrderReqVo.getAuthType();
+        String resourceId = authRiskOrderReqVo.getResourceId();
+        Integer effectiveTime = authRiskOrderReqVo.getEffectiveTime();
+        //  检查签名
+        ZeroTrustMessageRespVO zeroTrustMessageRespVO = apiCommonBusiness.checkSecret(authRiskOrderReqVo);
+        log.info("接收到安全策略控制服务发送的权限指令验证签名结果：{}", JsonUtils.toJSONString(zeroTrustMessageRespVO));
+        if (zeroTrustMessageRespVO.isRespFail()) {
+            return zeroTrustMessageRespVO;
         }
+
+        return riskOrderBusiness.riskOrder(pid, authType, resourceId, effectiveTime);
     }
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/token/facade/AuthTokenFacade.java

@@ -1,10 +1,8 @@
 package com.dragoninfo.dcuc.auth.token.facade;
 
-import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTustMessageRespVO;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.business.IAuthTokenBusiness;
-import com.dragoninfo.dcuc.auth.token.vo.TokenDetailRespVo;
 import com.dragoninfo.dcuc.auth.token.vo.TokenReceiveVO;
-import com.dragoninfo.dcuc.auth.token.vo.UserTokenInfoRespVO;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -25,7 +23,7 @@ public class AuthTokenFacade implements IAuthTokenFacade {
     }
 
     @Override
-    public ZeroTustMessageRespVO tokenReceive(TokenReceiveVO receiveVO) {
+    public ZeroTrustMessageRespVO tokenReceive(TokenReceiveVO receiveVO) {
         return tokenBusiness.tokenReceive(receiveVO);
     }
 }