Merge branch 'mazq-jiekouyouhua-230523' into 'release/v1.2.0'

Mazq jiekouyouhua 230523

See merge request dcuc-tjdsj/auth-service!221

dcuc-auth-api/src/main/java/com/dragoninfo/dcuc/auth/token/facade/IAuthTokenFacade.java

@@ -8,6 +8,8 @@ import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 
+import java.util.List;
+
 /**
  * @author mazq
  * @date 2023/2/22
@@ -18,11 +20,11 @@ public interface IAuthTokenFacade {
     /**
      * 接收令牌
      *
-     * @param receiveVO
+     * @param tokenReceiveReqVoList
      * @return
      */
     @PostMapping("tokenReceive")
-    ZeroTrustMessageRespVO tokenReceive(TokenReceiveVO receiveVO);
+    ZeroTrustMessageRespVO tokenReceive(@RequestBody List<TokenReceiveVO> tokenReceiveReqVoList);
 
     /**
      * 令牌在线查询

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/ZeroTrustDataRespVO.java

@@ -2,6 +2,7 @@ package com.dragoninfo.dcuc.auth.api.vo.zerotrust;
 
 import com.dragoninfo.dcuc.auth.api.enums.zerotrust.ZeroTrustBusinessRespEnum;
 import com.dragoninfo.dcuc.auth.api.vo.DataItemRespVO;
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import lombok.Data;
 
@@ -60,4 +61,28 @@ public class ZeroTrustDataRespVO<T> {
         dataItemRespVO.setResult(result);
         return dataRespVO;
     }
+
+
+    /**
+     * 是否成功
+     *
+     * @return 是否成功
+     */
+    @JsonIgnore
+    public boolean isRespSuccess() {
+        return this.statusCode.equalsIgnoreCase(ZeroTrustBusinessRespEnum.SUCCESS.getValue());
+    }
+
+    /**
+     * 转换为ZeroTrustDataRespVO返回
+     *
+     * @param <T> 泛型
+     * @return Result返回
+     */
+    public <T> ZeroTrustDataRespVO<T> toDataRespVO() {
+        ZeroTrustDataRespVO<T> objectZeroTrustResultRespVO = new ZeroTrustDataRespVO<>();
+        objectZeroTrustResultRespVO.setStatusCode(statusCode);
+        objectZeroTrustResultRespVO.setMessage(message);
+        return objectZeroTrustResultRespVO;
+    }
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/ZeroTrustMessageRespVO.java

@@ -106,4 +106,18 @@ public class ZeroTrustMessageRespVO {
         objectResultRespVO.setMessage(message);
         return objectResultRespVO;
     }
+
+
+    /**
+     * 转换为ZeroTrustDataRespVO返回
+     *
+     * @param <T> 泛型
+     * @return Result返回
+     */
+    public <T> ZeroTrustDataRespVO<T> toDataRespVO() {
+        ZeroTrustDataRespVO<T> objectZeroTrustResultRespVO = new ZeroTrustDataRespVO<>();
+        objectZeroTrustResultRespVO.setStatusCode(statusCode);
+        objectZeroTrustResultRespVO.setMessage(message);
+        return objectZeroTrustResultRespVO;
+    }
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/token/vo/AppTokenInfoRespVO.java

@@ -17,9 +17,9 @@ import java.util.Date;
 public class AppTokenInfoRespVO {
 
     /**
-     * 应用标识
+     * 应用令牌ID
      */
-    private String appId;
+    private String appTokenId;
 
     /**
      * 用户令牌创建时间
@@ -34,12 +34,17 @@ public class AppTokenInfoRespVO {
     private Date expireAt;
 
     /**
-     * 应用令牌ID
+     * 应用标识
      */
-    private String appTokenId;
+    private String appId;
 
     /**
      * 用户令牌详细信息
      */
     private UserTokenInfoRespVO userToken;
+
+    /**
+     * 应用令牌签名值
+     */
+    private String sign;
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/token/vo/UserTokenInfoRespVO.java

@@ -1,7 +1,6 @@
 package com.dragoninfo.dcuc.auth.token.vo;
 
 import com.fasterxml.jackson.annotation.JsonFormat;
-import com.fasterxml.jackson.annotation.JsonProperty;
 import lombok.Data;
 
 import java.util.Date;
@@ -18,14 +17,26 @@ import java.util.Date;
 public class UserTokenInfoRespVO {
 
     /**
-     * 用户标识
+     * 用户令牌id
      */
-    private String pid;
+    private String userTokenId;
 
     /**
-     * 用户名称
+     * 用户令牌创建时间
      */
-    private String name;
+    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8")
+    private Date createTime;
+
+    /**
+     * 用户令牌到期时间
+     */
+    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8")
+    private Date expireAt;
+
+    /**
+     * 用户标识
+     */
+    private String pid;
 
     /**
      * 组织机构编码
@@ -33,31 +44,28 @@ public class UserTokenInfoRespVO {
     private String orgCode;
 
     /**
-     * 终端设备标识
+     * 终端 IP 地址
      */
-    @JsonProperty("mId")
-    private String mId;
+    private String ip;
 
     /**
-     * 终端环境类型
+     * 终端设备标识
      */
-    private String env;
+    private String mid;
 
     /**
-     * 用户令牌创建时间
+     * 终端环境类型
      */
-    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8")
-    private Date createTime;
+    private String env;
 
     /**
-     * 用户令牌到期时间
+     * 用户名称
      */
-    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8")
-    private Date expireAt;
+    private String name;
 
     /**
-     * 用户令牌
+     * 令牌内容签名
      */
-    private String userTokenId;
+    private String sign;
 
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/token/vo/ZeroTrustAppTokenInfoReqVO.java

@@ -0,0 +1,14 @@
+package com.dragoninfo.dcuc.auth.token.vo;
+
+import lombok.Data;
+
+/**
+ * @author mazq
+ * @date 2023/7/14
+ */
+@Data
+public class ZeroTrustAppTokenInfoReqVO {
+
+    private String appTokenId;
+
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/token/vo/ZeroTrustUserTokenInfoReqVO.java

@@ -0,0 +1,15 @@
+package com.dragoninfo.dcuc.auth.token.vo;
+
+import lombok.Data;
+
+/**
+ * @author mazq
+ * @date 2023/7/14
+ */
+@Data
+public class ZeroTrustUserTokenInfoReqVO {
+    /**
+     * 用户令牌id
+     */
+    String userTokenId;
+}

dcuc-auth-service/pom.xml

@@ -70,7 +70,7 @@
         <dependency>
             <groupId>com.dragoninfo</groupId>
             <artifactId>dcuc-duceap-api</artifactId>
-            <version>2.1.2-SNAPSHOT</version>
+            <version>2.2.0-tjdsj-SNAPSHOT</version>
         </dependency>
         <!--配置 dcuc 结束-->
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/common/SkipSslRestTemplateProvider.java

@@ -0,0 +1,23 @@
+package com.dragoninfo.dcuc.auth.audit.common;
+
+import com.dragoninfo.dcuc.common.http.SkipSslVerificationHttpRequestFactory;
+import com.dragonsoft.auditlog.collection.qmtj.provider.IRestTemplateProvider;
+import org.springframework.web.client.RestTemplate;
+
+/**
+ * <p>
+ * 忽略https请求客户端
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2021/6/30
+ */
+public class SkipSslRestTemplateProvider implements IRestTemplateProvider {
+    @Override
+    public RestTemplate getRestTemplate() {
+        SkipSslVerificationHttpRequestFactory skipSslVerificationHttpRequestFactory
+                = new SkipSslVerificationHttpRequestFactory();
+
+        return new RestTemplate(skipSslVerificationHttpRequestFactory);
+    }
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/config/AuditRestTemplateConfig.java

@@ -0,0 +1,23 @@
+package com.dragoninfo.dcuc.auth.audit.config;
+
+import com.dragoninfo.dcuc.auth.audit.common.SkipSslRestTemplateProvider;
+import com.dragonsoft.auditlog.collection.qmtj.provider.IRestTemplateProvider;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * <p>
+ * 用户配置
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2021/8/9
+ */
+@Configuration
+public class AuditRestTemplateConfig {
+
+    @Bean
+    public IRestTemplateProvider restTemplateProvider() {
+        return new SkipSslRestTemplateProvider();
+    }
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/QmAuditPushService.java

@@ -64,33 +64,38 @@ public class QmAuditPushService {
     /**
      * 推送令牌操作日志
      *
-     * @param dto
+     * @param dtos
      */
-    public void pushTokenReceiveLog(TokenOperationDto dto) {
+    public void pushTokenReceiveLog(List<TokenOperationDto> dtos) {
         Boolean qmEnabled = config.getQmEnabled();
         if(null == qmEnabled || !qmEnabled) {
             return;
         }
-        executor.execute(()-> pushTokenLogToAudit(dto));
+        executor.execute(()-> pushTokenLogToAudit(dtos));
     }
 
-    private void pushTokenLogToAudit(TokenOperationDto dto) {
+    private void pushTokenLogToAudit(List<TokenOperationDto> dtos) {
+        if (CollectionUtils.isEmpty(dtos)) {
+            return;
+        }
         String sysId = config.getSysId();
         String logType = AuditConstance.AUDIT_LOG_TYPE_LPCZ;
-        List<TokenOperationLog> operateLogs = getTokenOperateLog(dto);
+        List<TokenOperationLog> operateLogs = getTokenOperateLog(dtos);
         if(CollectionUtils.isNotEmpty(operateLogs)) {
             log.info("=========推送令牌操作日志=======");
             logSendComponent.sendTokenOperateLog(sysId, logType, operateLogs);
         }
     }
 
-    private List<TokenOperationLog> getTokenOperateLog(TokenOperationDto dto) {
-        TokenOperationLog tokenOperationLog = new TokenOperationLog();
-        tokenOperationLog.setAction(dto.getAction());
-        tokenOperationLog.setPid(dto.getPid());
-        tokenOperationLog.setType(dto.getTokenType());
-        tokenOperationLog.setOperateTime(getTimeStr(dto.getOperateTime()));
-        return Collections.singletonList(tokenOperationLog);
+    private List<TokenOperationLog> getTokenOperateLog(List<TokenOperationDto> dtos) {
+        return dtos.stream().map(e-> {
+            TokenOperationLog tokenOperationLog = new TokenOperationLog();
+            tokenOperationLog.setAction(e.getAction());
+            tokenOperationLog.setPid(e.getPid());
+            tokenOperationLog.setType(e.getTokenType());
+            tokenOperationLog.setOperateTime(getTimeStr(e.getOperateTime()));
+            return tokenOperationLog;
+        }).collect(Collectors.toList());
     }
 
     /**

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/async/subscribe/PermissionServiceUpdateMessage.java

@@ -38,8 +38,6 @@ public class PermissionServiceUpdateMessage {
 
     @Autowired
     private DcucAuthConfig dcucAuthConfig;
-    @Autowired
-    private IServiceAuthResultService serviceAuthResultService;
 
     /**
      * 服务变更通知
@@ -57,18 +55,6 @@ public class PermissionServiceUpdateMessage {
         serviceChangeNoticeDto.setContents(dtoList);
         //服务变更通知
         sendMessage(serviceChangeNoticeDto);
-        for (AppServiceCodeDto appServiceCodeDto : dtoList) {
-            List<ServiceAuthResult> results = serviceAuthResultService.serviceAuthResultList(appServiceCodeDto.getAppCode());
-            if (StringUtils.isNotEmpty(appServiceCodeDto.getAppCode())) {
-                /*服务鉴权  */
-                List<ServiceAuthenticationResVO> serviceAuthenticationResVOS = new ArrayList<>();
-                results.forEach(item -> {
-                    ServiceAuthenticationResVO vo = new ServiceAuthenticationResVO();
-                    vo.setServiceCode(item.getServiceCode());
-                    serviceAuthenticationResVOS.add(vo);
-                });
-            }
-        }
     }
 
 
@@ -91,14 +77,14 @@ public class PermissionServiceUpdateMessage {
         //参数
         HttpEntity<ServiceChangeNoticeDto> httpEntity = new HttpEntity<>(dto, headers);
 
-        logger.info("Service permission update request body : {}", JSONUtil.toJsonStr(httpEntity));
+        logger.info("发送服务级权限变更通知, 通知内容 : {}", JSONUtil.toJsonStr(dto));
         try {
             ResponseMessage result = restTemplate.postForObject(dcucAuthConfig.getServicePermissionUrl(),
                     httpEntity, ResponseMessage.class);
-            //todo 是否要处理返回结果,增加重试次数
-            logger.info("Service permission update response: {} ", JsonUtils.toJSONString(result));
+
+            logger.info("服务级权限变更通知,返回结果: {} ", JsonUtils.toJSONString(result));
         } catch (Exception e) {
-            logger.error("PermissionUpdateService.sendMessage()请求失败:", e);
+            logger.error("服务级权限变更通知请求失败", e);
         }
     }
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/impl/zerotrust/ZeroTrustAppAuthBusiness.java

@@ -89,12 +89,15 @@ public class ZeroTrustAppAuthBusiness implements IZeroTrustAppAuthBusiness {
     public ZeroTrustDataRespVO<String> appAuth(AppAuthReqVO appAuthReqVO) {
         String userTokenId = appAuthReqVO.getUserTokenId();
         UserTokenInfoRespVO userToken = authTokenBusiness.getUserTokenInfo(userTokenId);
+        if (null == userToken) {
+            log.error("查询不到用户令牌信息");
+            return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.TOKEN_FAIL);
+        }
         String pId = userToken.getPid();
         log.info("传入的用户令牌为:{}, 应用鉴权查寻到的令牌结果:{}, pid:{}", userTokenId, JSON.toJSONString(userToken), pId);
         // 构建sysLogVo
         SecurityPolicyAuthenticationLogReqVO logReqVO = getSysLogVo(appAuthReqVO);
 
-        // todo 校验令牌签名
         AuthUserInfo userInfo = authUserInfoService.findByIdcard(pId);
         if (userInfo == null) {
             log.error("查询不到用户信息");

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/impl/zerotrust/ZeroTrustDataAuthBusiness.java

@@ -12,12 +12,14 @@ import com.dragoninfo.dcuc.auth.auth.business.zerotrust.IZeroTrustDataAuthBusine
 import com.dragoninfo.dcuc.auth.auth.dto.DataItemsCheckDto;
 import com.dragoninfo.dcuc.auth.auth.dto.DataItemsDto;
 import com.dragoninfo.dcuc.auth.auth.dto.data.DataAuthV2ReqDTO;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IApiCommonBusiness;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IAuthTokenBusiness;
 import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
 import com.dragoninfo.dcuc.auth.token.vo.TokenDetailRespVo;
 import com.dragoninfo.dcuc.common.utils.ResponseUtil;
 import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
 import com.dragonsoft.duceap.commons.util.ip.IpUtils;
+import com.dragonsoft.duceap.web.utils.RequestUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@@ -42,6 +44,13 @@ public class ZeroTrustDataAuthBusiness implements IZeroTrustDataAuthBusiness {
 
     private IDataAuthBusiness dataAuthBusiness;
 
+    private IApiCommonBusiness apiCommonBusiness;
+
+    @Autowired
+    public void setApiCommonBusiness(IApiCommonBusiness apiCommonBusiness) {
+        this.apiCommonBusiness = apiCommonBusiness;
+    }
+
     @Autowired
     public void setDataAuthBusiness(IDataAuthBusiness dataAuthBusiness) {
         this.dataAuthBusiness = dataAuthBusiness;
@@ -62,15 +71,27 @@ public class ZeroTrustDataAuthBusiness implements IZeroTrustDataAuthBusiness {
         String appTokenId = dataAuthReqVO.getAppTokenId();
         TokenDetailRespVo tokenInfo = authTokenBusiness.getByAppTokenId(appTokenId, true, false);
         if (null == tokenInfo) {
+            log.error("令牌查询结果为空");
             return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.TOKEN_FAIL);
         }
-
         DataItemsCheckDto dto = new DataItemsCheckDto();
         dto.setCurrentAppCode(tokenInfo.getAppToken().getAppId());
         dto.setCurrentIdcard(tokenInfo.getUserToken().getPid());
         dto.setIdcard(tokenInfo.getUserToken().getPid());
         dto.setDataItemsDtoList(Collections.emptyList());
 
+        // 任务信息校验
+        String taskId = dataAuthReqVO.getTaskId();
+        ZeroTrustDataRespVO<String> checkTaskIdMessage = apiCommonBusiness.taskIdCheck(appTokenId, taskId);
+        if (!checkTaskIdMessage.isRespSuccess()) {
+            log.info("==============任务信息校验失败===========");
+
+            // 发送鉴权失败日志
+            logInfoFillService.sendDataAuthenticationLog(AuthResultEnum.FAIL, dto, IpUtils.getIp(), appTokenId, tokenInfo.getUserToken().getUserTokenId());
+
+            return checkTaskIdMessage.toDataRespVO();
+        }
+
         AuthUserVo userInfo = tokenInfo.getUserInfo();
         if (null == userInfo) {
             log.error("查询不到用户信息");

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/impl/zerotrust/ZeroTrustFunAuthBusiness.java

@@ -9,7 +9,10 @@ import com.dragoninfo.dcuc.auth.audit.service.log.LogInfoFillService;
 import com.dragoninfo.dcuc.auth.auth.business.zerotrust.IZeroTrustFunAuthBusiness;
 import com.dragoninfo.dcuc.auth.auth.dto.AppFunInfoDTO;
 import com.dragoninfo.dcuc.auth.auth.dto.RoleApiDto;
+import com.dragoninfo.dcuc.auth.auth.service.IApprovalService;
 import com.dragoninfo.dcuc.auth.auth.service.IRoleService;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IApiCommonBusiness;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IApproveRemoteCallBusiness;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IAuthTokenBusiness;
 import com.dragoninfo.dcuc.auth.sub.vo.ApplyInfoVo;
 import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
@@ -42,6 +45,13 @@ public class ZeroTrustFunAuthBusiness implements IZeroTrustFunAuthBusiness {
 
     private LogInfoFillService logInfoFillService;
 
+    private IApiCommonBusiness apiCommonBusiness;
+
+    @Autowired
+    public void setApiCommonBusiness(IApiCommonBusiness apiCommonBusiness) {
+        this.apiCommonBusiness = apiCommonBusiness;
+    }
+
     @Autowired
     public void setLogInfoFillService(LogInfoFillService logInfoFillService) {
         this.logInfoFillService = logInfoFillService;
@@ -62,7 +72,7 @@ public class ZeroTrustFunAuthBusiness implements IZeroTrustFunAuthBusiness {
         String appTokenId = functionAuthReqVO.getAppTokenId();
         TokenDetailRespVo tokenInfo = authTokenBusiness.getByAppTokenId(appTokenId, true, true);
         if (null == tokenInfo) {
-            log.error("令牌查询结果为空");
+            log.error("查询不到令牌信息");
             return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.TOKEN_FAIL);
         }
 
@@ -70,6 +80,20 @@ public class ZeroTrustFunAuthBusiness implements IZeroTrustFunAuthBusiness {
         RoleApiDto roleApiDto = new RoleApiDto();
         roleApiDto.setAppCode(appCode);
         AuthUserVo userInfo = tokenInfo.getUserInfo();
+
+        // 任务信息校验
+        String taskId = functionAuthReqVO.getTaskId();
+        ZeroTrustDataRespVO<String> checkTaskIdMessage = apiCommonBusiness.taskIdCheck(appTokenId, taskId);
+        if (!checkTaskIdMessage.isRespSuccess()) {
+            log.info("==============任务信息校验失败===========");
+
+            // 发送鉴权失败日志
+            logInfoFillService.sendFunAuthenticationLog(AuthResultEnum.FAIL, roleApiDto, Collections.emptyList(),
+                    IpUtils.getRealIpAdrress(RequestUtils.getRequest()),
+                    tokenInfo.getUserToken().getUserTokenId(), appTokenId);
+            return checkTaskIdMessage.toDataRespVO();
+        }
+
         if (userInfo == null) {
             log.error("查询不到用户信息");
             // 发送鉴权失败日志

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/impl/zerotrust/ZeroTrustServiceAuthBusiness.java

@@ -9,6 +9,7 @@ import com.dragoninfo.dcuc.auth.audit.service.log.LogInfoFillService;
 import com.dragoninfo.dcuc.auth.auth.business.zerotrust.IZeroTrustServiceAuthBusiness;
 import com.dragoninfo.dcuc.auth.auth.service.IServiceAuthResultService;
 import com.dragoninfo.dcuc.auth.auth.vo.ServiceAuthenticationResVO;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IApiCommonBusiness;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IAuthTokenBusiness;
 import com.dragoninfo.dcuc.auth.sub.vo.ApplyInfoVo;
 import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
@@ -39,6 +40,13 @@ public class ZeroTrustServiceAuthBusiness implements IZeroTrustServiceAuthBusine
 
     private IServiceAuthResultService serviceAuthResultService;
 
+    private IApiCommonBusiness apiCommonBusiness;
+
+    @Autowired
+    public void setApiCommonBusiness(IApiCommonBusiness apiCommonBusiness) {
+        this.apiCommonBusiness = apiCommonBusiness;
+    }
+
     @Autowired
     public void setServiceAuthResultService(IServiceAuthResultService serviceAuthResultService) {
         this.serviceAuthResultService = serviceAuthResultService;
@@ -59,10 +67,24 @@ public class ZeroTrustServiceAuthBusiness implements IZeroTrustServiceAuthBusine
         String appTokenId = serviceAuthReqVO.getAppTokenId();
         TokenDetailRespVo tokenInfo = authTokenBusiness.getByAppTokenId(appTokenId, true, false);
         if (null == tokenInfo) {
-            log.error("令牌查询结果为空");
+            log.error("查询不到令牌信息");
             return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.TOKEN_FAIL);
         }
 
+        // 任务信息校验
+        String taskId = serviceAuthReqVO.getTaskId();
+        ZeroTrustDataRespVO<String> checkTaskIdMessage = apiCommonBusiness.taskIdCheck(appTokenId, taskId);
+        if (!checkTaskIdMessage.isRespSuccess()) {
+            log.info("==============任务信息校验失败===========");
+
+            // 发送鉴权失败日志
+            logInfoFillService.sendServiceAuthenticationLog(AuthResultEnum.FAIL, null, tokenInfo.getAppToken().getAppId(),
+                    tokenInfo.getUserToken().getUserTokenId(), appTokenId, Collections.emptyList(),
+                    IpUtils.getRealIpAdrress(RequestUtils.getRequest()));
+
+            return checkTaskIdMessage.toDataRespVO();
+        }
+
         AuthUserVo userInfo = tokenInfo.getUserInfo();
         if (userInfo == null) {
             log.error("查询不到用户信息");

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/ApiCommonBusiness.java

@@ -5,13 +5,19 @@ import cn.hutool.core.util.StrUtil;
 import com.dragoninfo.dcuc.app.entity.ApplyInfo;
 import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
 import com.dragoninfo.dcuc.auth.api.enums.zerotrust.ZeroTrustBusinessRespEnum;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustDataRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustSignReqVO;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IApiCommonBusiness;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IApproveRemoteCallBusiness;
 import com.dragoninfo.dcuc.auth.config.zerotrust.DcucAuthZerotrustConfig;
 import com.dragoninfo.dcuc.auth.constance.ZerotrustAuthRedisConstant;
+import com.dragoninfo.dcuc.auth.sub.dto.zerotrust.tasktype.TaskInfoDetailResp;
+import com.dragoninfo.dcuc.common.utils.ResponseUtil;
+import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
 import com.dragonsoft.duceap.commons.util.date.DateConst;
 import com.dragonsoft.duceap.commons.util.date.DateUtils;
+import com.dragonsoft.duceap.commons.util.json.JsonUtils;
 import com.dragonsoft.smtools.loader.SMFactory;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -37,6 +43,13 @@ public class ApiCommonBusiness implements IApiCommonBusiness {
 
     private StringRedisTemplate stringRedisTemplate;
 
+    private IApproveRemoteCallBusiness approveRemoteCallBusiness;
+
+    @Autowired
+    public void setApproveRemoteCallBusiness(IApproveRemoteCallBusiness approveRemoteCallBusiness) {
+        this.approveRemoteCallBusiness = approveRemoteCallBusiness;
+    }
+
     @Autowired
     public void setStringRedisTemplate(StringRedisTemplate stringRedisTemplate) {
         this.stringRedisTemplate = stringRedisTemplate;
@@ -59,7 +72,7 @@ public class ApiCommonBusiness implements IApiCommonBusiness {
 
     @Override
     public ZeroTrustMessageRespVO checkSecret(ZeroTrustSignReqVO signReqVO) {
-        Boolean checkCallerSign = zerotrustConfig.getCheckCallerSign();
+        Boolean checkCallerSign = zerotrustConfig.getCheckTokenSign();
         log.info("checkCallerSign:{} ", checkCallerSign);
         if (!checkCallerSign) {
             return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
@@ -137,4 +150,28 @@ public class ApiCommonBusiness implements IApiCommonBusiness {
         }
         return ZeroTrustMessageRespVO.requestErrorMessage("验签不一致");
     }
+
+    @Override
+    public ZeroTrustDataRespVO<String> taskIdCheck(String appTokenId, String taskId) {
+        if (StrUtil.isBlank(taskId)) {
+            log.info("任务id为空");
+            return ZeroTrustMessageRespVO.requestErrorMessage("任务ID必填").toDataRespVO();
+        }
+
+        Boolean checkAuthApiRealTaskId = zerotrustConfig.getCheckAuthApiRealTaskId();
+        String taskClass = "";
+        log.info("校验任务ID开关：{}", checkAuthApiRealTaskId);
+        if (checkAuthApiRealTaskId) {
+            log.info("开始校验任务ID参数应用令牌:{}, 任务ID:{}", appTokenId, taskId);
+            ResponseDTO<TaskInfoDetailResp> taskInfoDetail = approveRemoteCallBusiness.getTaskInfoDetail(appTokenId, taskId);
+
+            log.info("开始校验任务ID参数应用令牌:{}, 任务ID:{} ,结果:{}", appTokenId, taskId, JsonUtils.toJSONString(taskInfoDetail));
+            if (ResponseUtil.isFail(taskInfoDetail)) {
+                return ZeroTrustMessageRespVO.requestErrorMessage(taskInfoDetail.getMessage()).toDataRespVO();
+            }
+            TaskInfoDetailResp taskInfoDetailResp = ResponseUtil.getResult(taskInfoDetail);
+            taskClass = taskInfoDetailResp.getTaskClassCode();
+        }
+        return ZeroTrustDataRespVO.success(taskClass);
+    }
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/ApproveRemoteCallBusinessImpl.java

@@ -120,7 +120,7 @@ public class ApproveRemoteCallBusinessImpl implements IApproveRemoteCallBusiness
         TypeReference<ResponseDTO<TaskInfoDetailResp>> typeReference = new TypeReference<ResponseDTO<TaskInfoDetailResp>>() {
         };
         log.info("获取审批任务详情地址:{}", taskIdCheckUrl);
-        return baseGet("获取审批任务详情", "获取审批任务详情失败", taskIdCheckUrl, typeReference);
+        return baseGet("获取审批任务详情", "获取审批任务详情失败", taskIdCheckUrl, typeReference, taskId);
     }
 
     @Override

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/AuthTokenBusinessImpl.java

@@ -1,45 +1,36 @@
 package com.dragoninfo.dcuc.auth.business.impl.zerotrust;
 
 import com.alibaba.fastjson.JSON;
-import com.alibaba.fastjson.JSONObject;
 import com.dragoninfo.dcuc.app.entity.ApplyInfo;
 import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
 import com.dragoninfo.dcuc.auth.api.enums.zerotrust.ZeroTrustBusinessRespEnum;
-import com.dragoninfo.dcuc.auth.api.vo.MessageRespVO;
-import com.dragoninfo.dcuc.auth.api.vo.ResultRespPageVo;
-import com.dragoninfo.dcuc.auth.api.vo.ResultRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.audit.dto.TokenOperationDto;
 import com.dragoninfo.dcuc.auth.audit.service.log.QmAuditPushService;
-import com.dragoninfo.dcuc.auth.business.zerotrust.IAuthTokenBusiness;
 import com.dragoninfo.dcuc.auth.business.ICacheBusiness;
-import com.dragoninfo.dcuc.auth.config.DcucAuthConfig;
-import com.dragoninfo.dcuc.auth.config.zerotrust.DcucAuthZerotrustConfig;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IAuthTokenBusiness;
+import com.dragoninfo.dcuc.auth.business.zerotrust.ITokenRemoteCallBusiness;
 import com.dragoninfo.dcuc.auth.sub.entity.AuthUserInfo;
 import com.dragoninfo.dcuc.auth.sub.service.IAuthUserInfoService;
 import com.dragoninfo.dcuc.auth.sub.vo.ApplyInfoVo;
 import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
 import com.dragoninfo.dcuc.auth.token.enums.TokenActionEnum;
 import com.dragoninfo.dcuc.auth.token.vo.*;
-import com.dragoninfo.duceap.core.response.Result;
 import com.dragonsoft.auditlog.collection.qmtj.enums.TokenTypeEnum;
 import com.dragonsoft.duceap.commons.util.string.StringUtils;
 import com.dragonsoft.smtools.loader.SMFactory;
+import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections4.CollectionUtils;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.ParameterizedTypeReference;
-import org.springframework.http.HttpEntity;
-import org.springframework.http.HttpMethod;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Service;
-import org.springframework.web.client.RestTemplate;
 
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
 
 /**
  * token业务类
@@ -51,10 +42,6 @@ import java.util.*;
 @Service
 public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
 
-    private RestTemplate restTemplate;
-
-    private DcucAuthZerotrustConfig zerotrustConfig;
-
     private IApplyInfoFacade applyInfoFacade;
 
     private IAuthUserInfoService userInfoService;
@@ -65,7 +52,12 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
 
     private SMFactory smFactory;
 
-    private IAuthTokenBusiness tokenBusiness;
+    private ITokenRemoteCallBusiness tokenRemoteCallBusiness;
+
+    @Autowired
+    public void setTokenRemoteCallBusiness(ITokenRemoteCallBusiness tokenRemoteCallBusiness) {
+        this.tokenRemoteCallBusiness = tokenRemoteCallBusiness;
+    }
 
     @Autowired
     public void setSmFactory(SMFactory smFactory) {
@@ -82,16 +74,6 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
         this.qmAuditPushService = qmAuditPushService;
     }
 
-    @Autowired
-    public void setZerotrustConfig(DcucAuthZerotrustConfig zerotrustConfig) {
-        this.zerotrustConfig = zerotrustConfig;
-    }
-
-    @Autowired
-    public void setRestTemplate(RestTemplate restTemplate) {
-        this.restTemplate = restTemplate;
-    }
-
     @Autowired
     public void setApplyInfoFacade(IApplyInfoFacade applyInfoFacade) {
         this.applyInfoFacade = applyInfoFacade;
@@ -102,30 +84,19 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
         this.userInfoService = userInfoService;
     }
 
-    @Autowired
-    public void setTokenBusiness(IAuthTokenBusiness tokenBusiness) {
-        this.tokenBusiness = tokenBusiness;
-    }
-
     @Override
     public UserTokenInfoRespVO getUserTokenInfo(String userTokenId) {
+        // 从缓存获取的都是经过令牌签名校验的
         UserTokenInfoRespVO userToken = cacheBusiness.getUserToken(userTokenId);
         if (null != userToken) {
             return userToken;
         }
 
         // 查询用户令牌
-        String tokenQueryUrl = zerotrustConfig.getUserTokenQueryUrl();
-        Map<String, String> param = new HashMap<>();
-        param.put("userTokenId", userTokenId);
-
-        log.info("getUserTokenInfo url:{}, tokenId:{}", tokenQueryUrl, userTokenId);
-
-        UserTokenInfoRespVO tokenInfo = getTokenInfo(tokenQueryUrl, new ParameterizedTypeReference<ResultRespVO<UserTokenInfoRespVO>>() {
-        }, param);
+        UserTokenInfoRespVO userTokenInfo = tokenRemoteCallBusiness.getUserTokenInfo(userTokenId);
         // 添加缓存
-        cacheBusiness.userTokenActionHandle(tokenInfo, TokenActionEnum.ONLINE.getValue());
-        return tokenInfo;
+        cacheBusiness.userTokenActionHandle(userTokenInfo, TokenActionEnum.ONLINE.getValue());
+        return userTokenInfo;
     }
 
     @Override
@@ -134,18 +105,11 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
         if (null != appToken) {
             return appToken;
         }
-        // 获取应用令牌
-        String tokenQueryUrl = zerotrustConfig.getAppTokenQueryUrl();
-        Map<String, String> param = new HashMap<>();
-        param.put("appTokenId", appTokenId);
-
-        log.info("getAppTokenInfo url:{}, tokenId:{}", tokenQueryUrl, appTokenId);
-
-        AppTokenInfoRespVO tokenInfo = getTokenInfo(tokenQueryUrl, new ParameterizedTypeReference<ResultRespVO<AppTokenInfoRespVO>>() {
-        }, param);
+        // 查询应用令牌
+        AppTokenInfoRespVO appTokenInfo = tokenRemoteCallBusiness.getAppTokenInfo(appTokenId);
         // 添加缓存
-        cacheBusiness.appTokenActionHandle(tokenInfo, TokenActionEnum.ONLINE.getValue());
-        return tokenInfo;
+        cacheBusiness.appTokenActionHandle(appTokenInfo, TokenActionEnum.ONLINE.getValue());
+        return appTokenInfo;
     }
 
     @Override
@@ -176,17 +140,37 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
 
     @SneakyThrows
     @Override
-    public ZeroTrustMessageRespVO tokenReceive(TokenReceiveVO receiveVo) {
+    public ZeroTrustMessageRespVO tokenReceive(List<TokenReceiveVO> tokenReceiveReqVoList) {
+        if (CollectionUtils.isEmpty(tokenReceiveReqVoList)) {
+            return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
+        }
+        List<TokenOperationDto> logList = new ArrayList<>();
+        for (TokenReceiveVO receiveVo : tokenReceiveReqVoList) {
+            // 校验请求签名
+            ZeroTrustMessageRespVO check = tokenReceiveSignCheck(receiveVo);
+            if (check.isRespFail()) {
+                return check;
+            }
+            // 令牌缓存处理
+            String pid = tokenReceiveCache(receiveVo);
+            TokenOperationDto dto = TokenOperationDto.builder()
+                    .action(receiveVo.getAction())
+                    .operateTime(new Date())
+                    .pid(pid)
+                    .tokenType(receiveVo.getType())
+                    .build();
+            // 添加日志
+            logList.add(dto);
+        }
+        // 发送令牌处理日志
+        qmAuditPushService.pushTokenReceiveLog(logList);
+        return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
+    }
+
+    private String tokenReceiveCache(TokenReceiveVO receiveVo) throws JsonProcessingException {
         String action = receiveVo.getAction();
         String type = receiveVo.getType();
         String token = receiveVo.getToken();
-        String generalNoticeSign = generalNoticeSign(receiveVo);
-        String requestSign = receiveVo.getSign();
-        if (!generalNoticeSign.equalsIgnoreCase(requestSign)) {
-            log.info("request Sign:{}, generalSign:{}", requestSign, generalNoticeSign);
-            return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.OPERATE_FAIL);
-        }
-
         String pid;
         ObjectMapper objectMapper = new ObjectMapper();
         if (TokenTypeEnum.USER.getValue().equals(type)) {
@@ -198,14 +182,18 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
             pid = tokenInfo.getUserToken().getPid();
             cacheBusiness.appTokenActionHandle(tokenInfo, action);
         }
-        TokenOperationDto dto = TokenOperationDto.builder()
-                .action(receiveVo.getAction())
-                .operateTime(new Date())
-                .pid(pid)
-                .tokenType(receiveVo.getType())
-                .build();
-        qmAuditPushService.pushTokenReceiveLog(dto);
-        return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
+        return pid;
+    }
+
+    private ZeroTrustMessageRespVO tokenReceiveSignCheck(TokenReceiveVO receiveVo) {
+        String generalNoticeSign = generalNoticeSign(receiveVo);
+        String requestSign = receiveVo.getSign();
+        if (!generalNoticeSign.equalsIgnoreCase(requestSign)) {
+            log.info("令牌接收签名校验不通过, 请求中的签名:{}, 原文生成的签名:{}", requestSign, generalNoticeSign);
+            return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.OPERATE_FAIL);
+        } else {
+            return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
+        }
     }
 
 
@@ -215,7 +203,7 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
         String userTokenId = reqVo.getUserTokenId();
         String appTokenId = reqVo.getAppTokenId();
         if (StringUtils.isNotBlank(userTokenId)) {
-            UserTokenInfoRespVO userToken = tokenBusiness.getUserTokenInfo(userTokenId);
+            UserTokenInfoRespVO userToken = getUserTokenInfo(userTokenId);
             if (null != userToken) {
                 respVo.setUserTokenOnline(TokenActionEnum.ONLINE.getLabel());
             } else {
@@ -223,7 +211,7 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
             }
         }
         if (StringUtils.isNotBlank(appTokenId)) {
-            AppTokenInfoRespVO appToken = tokenBusiness.getAppTokenInfo(appTokenId);
+            AppTokenInfoRespVO appToken = getAppTokenInfo(appTokenId);
             if (null != appToken) {
                 respVo.setAppTokenOnline(TokenActionEnum.ONLINE.getLabel());
             } else {
@@ -233,7 +221,6 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
         return respVo;
     }
 
-
     /**
      * 生成令牌通知签名
      *
@@ -252,9 +239,6 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
     }
 
 
-
-
-
     private AuthUserVo getAuthUserVo(String pid) {
         // pid为人员身份证号
         // 查询权限中心用户信息, 填充id字段
@@ -267,55 +251,4 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
         return userVo;
     }
 
-    private TokenUserInfoRespVo getTokenUserByPidRemote(String pid) {
-        if (StringUtils.isBlank(pid)) {
-            return null;
-        }
-        String url = zerotrustConfig.getUserInfoQueryUrl();
-        TokenUserInfoReqVo userReqVo = new TokenUserInfoReqVo();
-        userReqVo.setIdcard(pid);
-        HttpEntity<TokenUserInfoReqVo> entity = new HttpEntity<>(userReqVo);
-
-        log.info("getTokenUserByPid url:{}, pid:{}", url, pid);
-
-        ResponseEntity<ResultRespPageVo<TokenUserInfoRespVo>> response = restTemplate.exchange(url, HttpMethod.POST, entity, new ParameterizedTypeReference<ResultRespPageVo<TokenUserInfoRespVo>>() {
-        });
-        ResultRespPageVo<TokenUserInfoRespVo> respBody = getRespBody(response);
-        if (null == respBody) {
-            return null;
-        }
-        ResultRespPageVo.ResultPageContent<TokenUserInfoRespVo> pageContent = respBody.getResult();
-        if (null == pageContent) {
-            return null;
-        }
-        List<TokenUserInfoRespVo> rows = pageContent.getRows();
-        return CollectionUtils.isEmpty(rows) ? null : rows.get(0);
-
-    }
-
-    private <T> T getTokenInfo(String tokenQueryUrl, ParameterizedTypeReference<ResultRespVO<T>> responseType, Map<String, String> param) {
-        HttpEntity<Object> entity = new HttpEntity<>(param);
-        ResponseEntity<ResultRespVO<T>> response = restTemplate.exchange(tokenQueryUrl, HttpMethod.POST, entity,
-                responseType);
-        ResultRespVO<T> respBody = getRespBody(response);
-        if (null == respBody) {
-            return null;
-        }
-        return respBody.getResult();
-    }
-
-    private <T extends MessageRespVO> T getRespBody(ResponseEntity<T> response) {
-        HttpStatus statusCode = response.getStatusCode();
-        if (!statusCode.is2xxSuccessful()) {
-            log.info("request failed, resp:{}", response);
-            return null;
-        }
-        T body = response.getBody();
-        log.info("response body:{}", JSON.toJSONString(body));
-
-        if (body == null || !body.isRespSuccess()) {
-            return null;
-        }
-        return body;
-    }
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/TokenRemoteCallBusinessImpl.java

@@ -0,0 +1,305 @@
+package com.dragoninfo.dcuc.auth.business.impl.zerotrust;
+
+import cn.hutool.core.collection.CollUtil;
+import cn.hutool.core.lang.Assert;
+import cn.hutool.core.util.StrUtil;
+import com.dragoninfo.dcuc.auth.api.enums.zerotrust.ZeroTrustBusinessRespEnum;
+import com.dragoninfo.dcuc.auth.api.vo.ResultRespVO;
+import com.dragoninfo.dcuc.auth.business.zerotrust.ITokenRemoteCallBusiness;
+import com.dragoninfo.dcuc.auth.config.zerotrust.DcucAuthZerotrustConfig;
+import com.dragoninfo.dcuc.auth.token.vo.AppTokenInfoRespVO;
+import com.dragoninfo.dcuc.auth.token.vo.UserTokenInfoRespVO;
+import com.dragoninfo.dcuc.auth.token.vo.ZeroTrustAppTokenInfoReqVO;
+import com.dragoninfo.dcuc.auth.token.vo.ZeroTrustUserTokenInfoReqVO;
+import com.dragoninfo.dcuc.common.utils.LangUtil;
+import com.dragonsoft.duceap.commons.util.json.JsonUtils;
+import com.dragonsoft.smtools.loader.SMFactory;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.RequestEntity;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Component;
+import org.springframework.web.client.RestTemplate;
+
+import java.net.URI;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.Locale;
+import java.util.Map;
+
+/**
+ * <p>
+ *
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2023/6/7
+ */
+@Slf4j
+@Component
+public class TokenRemoteCallBusinessImpl implements ITokenRemoteCallBusiness {
+
+    private RestTemplate restTemplate;
+
+    private ObjectMapper objectMapper;
+
+    private SMFactory smFactory;
+
+    private DcucAuthZerotrustConfig zerotrustConfig;
+
+    @Autowired
+    public void setObjectMapper(ObjectMapper objectMapper) {
+        this.objectMapper = objectMapper;
+    }
+
+    @Autowired
+    public void setZerotrustConfig(DcucAuthZerotrustConfig zerotrustConfig) {
+        this.zerotrustConfig = zerotrustConfig;
+    }
+
+    @Autowired
+    public void setSmFactory(SMFactory smFactory) {
+        this.smFactory = smFactory;
+    }
+
+    @Autowired
+    public void setRestTemplate(RestTemplate restTemplate) {
+        this.restTemplate = restTemplate;
+    }
+
+    @Override
+    public UserTokenInfoRespVO getUserTokenInfo(String useTokenId) {
+        Assert.notBlank(useTokenId);
+        String requestName = "获取用户令牌信息";
+
+        ZeroTrustUserTokenInfoReqVO zeroTrustUserTokenInfoReqVO = new ZeroTrustUserTokenInfoReqVO();
+        zeroTrustUserTokenInfoReqVO.setUserTokenId(useTokenId);
+
+        log.info("{} 请求 :{}", requestName, JsonUtils.toJSONString(zeroTrustUserTokenInfoReqVO));
+
+        String reqUrl = zerotrustConfig.getUserTokenQueryUrl();
+        RequestEntity<ZeroTrustUserTokenInfoReqVO> httpEntity = new RequestEntity<>(zeroTrustUserTokenInfoReqVO, HttpMethod.POST, URI.create(reqUrl));
+
+        TypeReference<ResultRespVO<UserTokenInfoRespVO>> parameterizedTypeReference =
+                new TypeReference<ResultRespVO<UserTokenInfoRespVO>>() {
+                };
+
+        ResponseEntity<String> responseEntity = restTemplate.exchange(httpEntity, String.class);
+        log.info("{}返回参数 :{}", requestName, JsonUtils.toJSONString(responseEntity));
+
+        if (responseEntity.getStatusCode().is2xxSuccessful()) {
+            String responseEntityJsonBody = responseEntity.getBody();
+
+            ResultRespVO<UserTokenInfoRespVO> responseEntityBody = null;
+            try {
+                responseEntityBody = objectMapper.readValue(responseEntityJsonBody, parameterizedTypeReference);
+            } catch (JsonProcessingException e) {
+                log.error("解析JSON异常", e);
+            }
+            if (responseEntityBody != null) {
+                if (responseEntityBody.getStatusCode().equalsIgnoreCase(ZeroTrustBusinessRespEnum.SUCCESS.getValue())) {
+
+                    // 校验令牌签名
+                    if (zerotrustConfig.getCheckTokenSign()) {
+                        boolean b = checkUserTokenSign(responseEntityJsonBody);
+                        if (!b) {
+                            return null;
+                        }
+                    }
+
+                    return responseEntityBody.getResult();
+                } else {
+                    log.error("{} statusCode:{} , message:{}", requestName, responseEntityBody.getStatusCode(), responseEntityBody.getMessage());
+                }
+            } else {
+                log.error("{} 返回 isnull:{}", requestName, JsonUtils.toJSONString(responseEntity));
+            }
+
+        } else {
+            log.error("{} 请求 error :{}", requestName, JsonUtils.toJSONString(responseEntity));
+        }
+        return null;
+    }
+
+    @Override
+    public AppTokenInfoRespVO getAppTokenInfo(String appTokenId) {
+        Assert.notBlank(appTokenId);
+        String requestName = "获取应用令牌信息";
+
+        ZeroTrustAppTokenInfoReqVO zeroTrustAppTokenInfoReqVO = new ZeroTrustAppTokenInfoReqVO();
+        zeroTrustAppTokenInfoReqVO.setAppTokenId(appTokenId);
+
+        String reqUrl = zerotrustConfig.getAppTokenQueryUrl();
+        log.info("{} 请求 :{}", requestName, JsonUtils.toJSONString(zeroTrustAppTokenInfoReqVO));
+        RequestEntity<ZeroTrustAppTokenInfoReqVO> httpEntity = new RequestEntity<>(zeroTrustAppTokenInfoReqVO, HttpMethod.POST, URI.create(reqUrl));
+
+        TypeReference<ResultRespVO<AppTokenInfoRespVO>> parameterizedTypeReference =
+                new TypeReference<ResultRespVO<AppTokenInfoRespVO>>() {
+                };
+
+        ResponseEntity<String> responseEntity = restTemplate.exchange(httpEntity, String.class);
+        log.info("{}返回参数 :{}", requestName, JsonUtils.toJSONString(responseEntity));
+
+        if (responseEntity.getStatusCode().is2xxSuccessful()) {
+            String responseEntityJsonBody = responseEntity.getBody();
+
+            ResultRespVO<AppTokenInfoRespVO> responseEntityBody = null;
+            try {
+                responseEntityBody = objectMapper.readValue(responseEntityJsonBody, parameterizedTypeReference);
+            } catch (JsonProcessingException e) {
+                log.error("解析JSON异常", e);
+            }
+            if (responseEntityBody != null) {
+                if (responseEntityBody.getStatusCode().equalsIgnoreCase(ZeroTrustBusinessRespEnum.SUCCESS.getValue())) {
+
+                    // 校验令牌签名
+                    if (zerotrustConfig.getCheckTokenSign()) {
+                        boolean b = checkAppTokenSign(responseEntityJsonBody);
+                        if (!b) {
+                            return null;
+                        }
+                    }
+
+                    return responseEntityBody.getResult();
+                } else {
+                    log.error("{} statusCode:{} , message:{}", requestName, responseEntityBody.getStatusCode(), responseEntityBody.getMessage());
+                }
+            } else {
+                log.error("{} 返回 isnull:{}", requestName, JsonUtils.toJSONString(responseEntity));
+            }
+
+        } else {
+            log.error("{} 请求 error :{}", requestName, JsonUtils.toJSONString(responseEntity));
+        }
+        return null;
+    }
+
+    /**
+     * 校验应用令牌签名
+     *
+     * @param appTokenJson 应用令牌信息
+     * @return 是否成功
+     */
+    @SuppressWarnings("unchecked")
+    @SneakyThrows(JsonProcessingException.class)
+    public boolean checkAppTokenSign(String appTokenJson) {
+
+        TypeReference<LinkedHashMap<String, Object>> objectTypeReference = new TypeReference<LinkedHashMap<String, Object>>() {
+        };
+        LinkedHashMap<String, Object> body = objectMapper.readValue(appTokenJson, objectTypeReference);
+        LinkedHashMap<String, Object> userTokenInfo = (LinkedHashMap<String, Object>) body.getOrDefault("result", Collections.emptyMap());
+        LinkedHashMap<String, Object> userToken = (LinkedHashMap<String, Object>) userTokenInfo.getOrDefault("userToken", Collections.emptyMap());
+        String userTokenString = generalAppTokenCheckUserTokenString(userToken);
+        log.info("生成后的用户令牌信息：{}", userTokenString);
+        userTokenInfo.put("userToken", userTokenString);
+        return checkAppTokenSign(userTokenInfo);
+    }
+
+    /**
+     * 校验用户令牌签名
+     *
+     * @param userTokenJson 用户令牌JSON
+     * @return 状态
+     */
+    @SuppressWarnings("unchecked")
+    @SneakyThrows(JsonProcessingException.class)
+    public boolean checkUserTokenSign(String userTokenJson) {
+
+        TypeReference<LinkedHashMap<String, Object>> objectTypeReference = new TypeReference<LinkedHashMap<String, Object>>() {
+        };
+        LinkedHashMap<String, Object> body = objectMapper.readValue(userTokenJson, objectTypeReference);
+        LinkedHashMap<String, Object> userTokenInfo = (LinkedHashMap<String, Object>) body.getOrDefault("result", Collections.emptyMap());
+        return checkUserTokenSign(userTokenInfo);
+    }
+
+    /**
+     * 生成应用令牌校验签名的用户令牌字符串
+     *
+     * @param userTokenMap 用户令牌信息
+     * @return 用户令牌字符串
+     */
+    protected String generalAppTokenCheckUserTokenString(LinkedHashMap<String, Object> userTokenMap) {
+        if (CollUtil.isEmpty(userTokenMap)) {
+            throw new IllegalArgumentException();
+        }
+        String symbol = StrUtil.COMMA + " ";
+
+        StringBuilder userTokenStringBuilder = new StringBuilder("{");
+
+        for (String key : userTokenMap.keySet()) {
+            userTokenStringBuilder.append(key).append("=");
+            String value = userTokenMap.getOrDefault(key, "").toString();
+            userTokenStringBuilder.append(value).append(symbol);
+        }
+
+        String string = userTokenStringBuilder.toString();
+        String subLastSymbol = LangUtil.subLastSymbol(string, symbol);
+        return subLastSymbol + "}";
+    }
+
+
+    /**
+     * 校验用户令牌签名
+     *
+     * @param useTokenInfoMap 用户令牌信息
+     * @return 签名结果
+     */
+    protected boolean checkUserTokenSign(Map<String, Object> useTokenInfoMap) {
+        String userTokenId = useTokenInfoMap.getOrDefault("userTokenId", "").toString();
+        String createTime = useTokenInfoMap.getOrDefault("createTime", "").toString();
+        String expireAt = useTokenInfoMap.getOrDefault("expireAt", "").toString();
+        String pid = useTokenInfoMap.getOrDefault("pid", "").toString();
+        String orgCode = useTokenInfoMap.getOrDefault("orgCode", "").toString();
+        String ip = useTokenInfoMap.getOrDefault("ip", "").toString();
+        String mid = useTokenInfoMap.getOrDefault("mid", "").toString();
+        String env = useTokenInfoMap.getOrDefault("env", "").toString();
+        String sign = useTokenInfoMap.getOrDefault("sign", "").toString();
+
+        String origin = "userTokenId=" + userTokenId +
+                "&createTime=" + createTime + "&expireAt=" + expireAt + "&pid=" + pid + "&orgCode=" + orgCode
+                + "&ip=" + ip + "&mid=" + mid + "&env=" + env;
+        log.info("用户令牌校验签名签名原文：{}", origin);
+
+        String generalSign = smFactory.getSM3().summary(origin).toString().toLowerCase(Locale.ROOT);
+        log.info("用户令牌校验签名签名后的值：{}", generalSign);
+        log.info("用户令牌校验签名令牌信息中的签名值：{}", sign);
+
+        boolean ignoreCase = generalSign.equalsIgnoreCase(sign);
+        log.info("用户令牌：{} 校验签名签名结果：{}", userTokenId, ignoreCase);
+
+        return ignoreCase;
+    }
+
+    /**
+     * 校验应用令牌签名
+     *
+     * @param apTokenInfoMap 应用令牌信息
+     * @return 签名结果
+     */
+    protected boolean checkAppTokenSign(Map<String, Object> apTokenInfoMap) {
+        String appTokenId = apTokenInfoMap.getOrDefault("appTokenId", "").toString();
+        String createTime = apTokenInfoMap.getOrDefault("createTime", "").toString();
+        String expireAt = apTokenInfoMap.getOrDefault("expireAt", "").toString();
+        String appId = apTokenInfoMap.getOrDefault("appId", "").toString();
+        String userToken = apTokenInfoMap.getOrDefault("userToken", "").toString();
+        String sign = apTokenInfoMap.getOrDefault("sign", "").toString();
+
+        String origin = "appTokenId=" + appTokenId + "&createTime=" + createTime + "&expireAt=" +
+                expireAt + "&appId=" + appId + "&userToken=" + userToken;
+        log.info("应用令牌校验签名签名原文：{}", origin);
+
+        String generalSign = smFactory.getSM3().summary(origin).toString().toLowerCase(Locale.ROOT);
+        log.info("应用令牌校验签名签名后的值：{}", generalSign);
+        log.info("应用令牌校验签名令牌信息中的签名值：{}", sign);
+
+        boolean ignoreCase = generalSign.equalsIgnoreCase(sign);
+        log.info("应用令牌：{} 校验签名签名结果：{}", appTokenId, ignoreCase);
+
+        return ignoreCase;
+    }
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/zerotrust/IApiCommonBusiness.java

@@ -1,5 +1,6 @@
 package com.dragoninfo.dcuc.auth.business.zerotrust;
 
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustDataRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustSignReqVO;
 
@@ -11,10 +12,17 @@ public interface IApiCommonBusiness {
 
 
     /**
-     * 校验令牌签名
+     * 校验接口调用签名
      * @param signReqVO
      * @return
      */
     ZeroTrustMessageRespVO checkSecret(ZeroTrustSignReqVO signReqVO);
 
+    /**
+     * 任务信息校验
+     * @param appTokenId
+     * @param taskId
+     * @return
+     */
+    ZeroTrustDataRespVO<String> taskIdCheck(String appTokenId, String taskId);
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/zerotrust/IAuthTokenBusiness.java

@@ -4,6 +4,8 @@ import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.token.vo.*;
 import com.dragoninfo.duceap.core.response.Result;
 
+import java.util.List;
+
 /**
  * @author mazq
  * @date 2023/2/14
@@ -39,10 +41,10 @@ public interface IAuthTokenBusiness {
     /**
      * 接收令牌
      *
-     * @param receiveVO
+     * @param tokenReceiveReqVoList
      * @return
      */
-    ZeroTrustMessageRespVO tokenReceive(TokenReceiveVO receiveVO);
+    ZeroTrustMessageRespVO tokenReceive(List<TokenReceiveVO> tokenReceiveReqVoList);
 
     /**
      * 令牌在线查询

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/zerotrust/ITokenRemoteCallBusiness.java

@@ -0,0 +1,31 @@
+package com.dragoninfo.dcuc.auth.business.zerotrust;
+
+import com.dragoninfo.dcuc.auth.token.vo.AppTokenInfoRespVO;
+import com.dragoninfo.dcuc.auth.token.vo.UserTokenInfoRespVO;
+
+/**
+ * <p>
+ * 竹云相关
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2023/6/7
+ */
+public interface ITokenRemoteCallBusiness {
+
+    /**
+     * 获取用户令牌信息
+     *
+     * @param useTokenId 用户令牌标识
+     * @return 用户令牌信息
+     */
+    UserTokenInfoRespVO getUserTokenInfo(String useTokenId);
+
+    /**
+     * 获取应用令牌信息
+     *
+     * @param appTokenId 应用令牌标识
+     * @return 应用令牌信息
+     */
+    AppTokenInfoRespVO getAppTokenInfo(String appTokenId);
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/config/zerotrust/DcucAuthZerotrustConfig.java

@@ -39,7 +39,7 @@ public class DcucAuthZerotrustConfig {
     /**
      * 鉴权接口是否检查taskId的正确性
      */
-    private Boolean checkAuthApiRealTaskId = false;
+    private Boolean checkAuthApiRealTaskId = true;
 
     /**
      * 接口签名校验，时间误差范围，单位秒，默认30分钟
@@ -47,10 +47,15 @@ public class DcucAuthZerotrustConfig {
     private Integer timeStampCheckSeconds = 30 * 60;
 
     /**
-     * 是否检查调用令牌签名值
+     * 是否检查接口调用签名值
      */
     private Boolean checkCallerSign = true;
 
+    /**
+     * 是否校验令牌内容签名值
+     */
+    private Boolean checkTokenSign = true;
+
     /**
      * 应用权限变更通知地址
      */

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/token/facade/AuthTokenFacade.java

@@ -5,11 +5,12 @@ import com.dragoninfo.dcuc.auth.business.zerotrust.IAuthTokenBusiness;
 import com.dragoninfo.dcuc.auth.token.vo.TokenOnlineReqVo;
 import com.dragoninfo.dcuc.auth.token.vo.TokenOnlineRespVo;
 import com.dragoninfo.dcuc.auth.token.vo.TokenReceiveVO;
-import com.dragoninfo.duceap.core.response.Result;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import java.util.List;
+
 /**
  * @author mazq
  * @date 2023/2/22
@@ -26,8 +27,8 @@ public class AuthTokenFacade implements IAuthTokenFacade {
     }
 
     @Override
-    public ZeroTrustMessageRespVO tokenReceive(TokenReceiveVO receiveVO) {
-        return tokenBusiness.tokenReceive(receiveVO);
+    public ZeroTrustMessageRespVO tokenReceive(List<TokenReceiveVO> tokenReceiveReqVoList) {
+        return tokenBusiness.tokenReceive(tokenReceiveReqVoList);
     }
 
     @Override

dcuc-auth-service/src/main/resources/application-auth.yml

@@ -69,6 +69,6 @@ dcuc:
       address: redis://127.0.0.1:6379
       password:
 app:
-  audit:
+  auditlog:
     qmtj:
-      host-address: https://127.0.0.1:8843
+      host-address: https://10.11.0.168:8843

dcuc-auth-service/src/test/java/com/dragoninfo/dcuc/auth/auth/service/LogSendComponentTest.java

@@ -0,0 +1,40 @@
+package com.dragoninfo.dcuc.auth.auth.service;
+
+import com.dragoninfo.dcuc.auth.DcucAuthApplication;
+import com.dragoninfo.dcuc.auth.audit.config.AuditConfig;
+import com.dragoninfo.dcuc.auth.audit.constance.AuditConstance;
+import com.dragoninfo.dcuc.auth.config.DcucAuthConfig;
+import com.dragonsoft.auditlog.collection.qmtj.LogSendComponent;
+import com.dragonsoft.auditlog.collection.qmtj.pojo.req.AuthenticationBusLog;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @author mazq
+ * @date 2023/4/3
+ */
+@RunWith(SpringRunner.class)
+@SpringBootTest(classes = DcucAuthApplication.class)
+public class LogSendComponentTest {
+
+    @Autowired
+    private LogSendComponent logSendComponent;
+
+    @Test
+    public void httpsLogSend() {
+        List<AuthenticationBusLog> busLogs = new ArrayList<>();
+        AuthenticationBusLog busLog = new AuthenticationBusLog();
+        busLog.setAppToken("appToken");
+        busLog.setAuthId("authId");
+        busLog.setAuthIdcard("0000000000000000001");
+        busLogs.add(busLog);
+        logSendComponent.sendAuthenticationBusLog("sysId", AuditConstance.AUDIT_LOG_TYPE_JQ, busLogs);
+    }
+
+}

dcuc-auth-service/src/test/java/com/dragoninfo/dcuc/auth/auth/service/QmAuditPushServiceTest.java

@@ -43,6 +43,7 @@ public class QmAuditPushServiceTest {
 
         LogSendComponent logSendComponent = new LogSendComponent();
         QmTjProperties qmTjProperties = Mockito.spy(QmTjProperties.class);
+        qmTjProperties.setHostAddress("https://10.11.0.168:8843");
         logSendComponent.setQmTjProperties(qmTjProperties);
 
         qmAuditPushService.setConfig(auditConfig);
@@ -183,7 +184,7 @@ public class QmAuditPushServiceTest {
                 .tokenType("user")
                 .build();
 
-        qmAuditPushService.pushTokenReceiveLog(dto);
+        qmAuditPushService.pushTokenReceiveLog(Collections.singletonList(dto));
     }
 
 }