feature(国密校验接口提供): 国密校验接口提供

国密校验接口提供

dcuc-duceap-api/src/main/java/com/dragoninfo/dcuc/duceap/facade/ICodeGmSignFacade.java

@@ -1,41 +0,0 @@
-package com.dragoninfo.dcuc.duceap.facade;
-
-import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
-import org.springframework.cloud.openfeign.FeignClient;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestParam;
-
-/**
- * 表码数据使用国密算法加密
- * @author mazq
- * @date 2021/5/11
- */
-@FeignClient(name = "${duceap.service.name:dcuc-duceap}", path = "/duceapsvr/v2/signFacade")
-public interface ICodeGmSignFacade {
-
-    /**
-     * 根据codeId校验数据是否符合国密要求
-     * @param codeId
-     * @return
-     */
-    @GetMapping(value = "codeGmCheck")
-    ResponseDTO codeGmCheck(@RequestParam("codeId") String codeId);
-
-    /**
-     * 根据codeIds校验数据是否符合国密要求
-     * @param codeIds 多个codeId  ‘,’隔开
-     * @return
-     */
-    @GetMapping(value = "codeGmCheckCodes")
-    ResponseDTO codeGmCheckCodes(@RequestParam("codeIds") String codeIds);
-
-    /**
-     * 对codeId的表码数据进行摘要和加密
-     * @param codeId 多个codeId  ‘,’隔开
-     * @return
-     */
-    @GetMapping(value = "codeGmSign")
-    ResponseDTO codeGmSign(@RequestParam("codeId") String codeId);
-
-
-}

dcuc-duceap-api/src/main/java/com/dragoninfo/dcuc/duceap/facade/IGmSignFacade.java

@@ -0,0 +1,71 @@
+package com.dragoninfo.dcuc.duceap.facade;
+
+import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+
+/**
+ * 表码数据使用国密算法加密
+ * @author mazq
+ * @date 2021/5/11
+ */
+@FeignClient(name = "${duceap.service.name:dcuc-duceap}", path = "/duceapsvr/v2/gmSignFacade")
+public interface IGmSignFacade {
+
+    /**
+     * 根据codeId校验数据是否符合国密要求
+     * @param codeId
+     * @return
+     */
+    @GetMapping(value = "codeGmCheck")
+    ResponseStatus codeGmCheck(@RequestParam("codeId") String codeId);
+
+    /**
+     * 根据codeIds校验数据是否符合国密要求
+     * @param codeIds 多个codeId  ‘,’隔开
+     * @return
+     */
+    @GetMapping(value = "codeGmCheckCodes")
+    ResponseStatus codeGmCheckCodes(@RequestParam("codeIds") String codeIds);
+
+    /**
+     * 对codeId的表码数据进行摘要和加密
+     * @param codeId
+     * @return
+     */
+    @GetMapping(value = "codeGmSign")
+    ResponseStatus codeGmSign(@RequestParam("codeId") String codeId);
+
+    /**
+     * 国密不可否认性校验
+     * @param origin 原文
+     * @param digest 摘要数据
+     * @return
+     */
+    @GetMapping(value = "sm2Verify")
+    ResponseStatus gmSm2Verify(@RequestParam("origin") String origin, @RequestParam("digest") String digest);
+
+    /**
+     * 国密完整性校验
+     * @param origin 原文
+     * @param sign   签名数据
+     * @return
+     */
+    ResponseStatus gmSm3Verify(@RequestParam("origin") String origin, @RequestParam("sign") String sign);
+
+    /**
+     * 国密机密性接口解密
+     * @param encode 加密数据
+     * @return
+     */
+    ResponseDTO gmSm4Decode(@RequestParam("encode") String encode);
+
+    /**
+     * 国密机密性接口解密
+     * @param origin 原文数据
+     * @return
+     */
+    ResponseDTO gmSm4Encode(@RequestParam("origin") String origin);
+}

dcuc-duceap-service/src/main/java/com/dragoninfo/dcuc/duceap/bpo/CodeGmBPO.java

@@ -2,14 +2,12 @@ package com.dragoninfo.dcuc.duceap.bpo;
 
 import com.dragoninfo.dcuc.duceap.entity.CodeGmSign;
 import com.dragoninfo.duceap.core.persistent.BaseBPO;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.stereotype.Repository;
 
 /**
  * @author mazq
  * @date 2021/5/10
  */
-@ConditionalOnProperty(name = "dcuc.code.gm-enable")
 @Repository
 public class CodeGmBPO extends BaseBPO<CodeGmSign,String> {
 }

dcuc-duceap-service/src/main/java/com/dragoninfo/dcuc/duceap/config/CodeGmConfig.java → dcuc-duceap-service/src/main/java/com/dragoninfo/dcuc/duceap/config/GmConfig.java

@@ -5,6 +5,7 @@ import com.dragonsoft.smtools.enums.SM2SignStrategy;
 import com.dragonsoft.smtools.enums.SM3SignStrategy;
 import com.dragonsoft.smtools.enums.SM4DESStrategy;
 import com.dragonsoft.smtools.enums.SMTypeEnum;
+import lombok.Data;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -19,15 +20,21 @@ import java.util.Set;
  * @author huangzqa
  * @date 2021/5/7
  */
+@Data
 @ConfigurationProperties(prefix = "dcuc.duceap.gm")
 @Configuration
-public class CodeGmConfig {
+public class GmConfig {
 
     /**
      * 需要校验的表码id集合
      */
     private Set<String> checkCodeIds;
 
+    /**
+     * 是否开启国密校验
+     */
+    private Boolean enable;
+
     /**
      * 国密类型
      */
@@ -59,20 +66,4 @@ public class CodeGmConfig {
             return SM4DESStrategy.LOCAL;
         }
     }
-
-    public Set<String> getCheckCodeIds() {
-        return checkCodeIds;
-    }
-
-    public void setCheckCodeIds(Set<String> checkCodeIds) {
-        this.checkCodeIds = checkCodeIds;
-    }
-
-    public SMTypeEnum getSmTypeEnum() {
-        return smTypeEnum;
-    }
-
-    public void setSmTypeEnum(SMTypeEnum smTypeEnum) {
-        this.smTypeEnum = smTypeEnum;
-    }
 }

dcuc-duceap-service/src/main/java/com/dragoninfo/dcuc/duceap/config/GmMvcConfig.java

@@ -30,7 +30,7 @@ public class GmMvcConfig implements WebMvcConfigurer {
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
         registry.addInterceptor(codeGmInterceptor())
-                .addPathPatterns("/duceap/v2/resource/codelist/**");
+                .addPathPatterns("/api/codelist/**");
 
     }
 

dcuc-duceap-service/src/main/java/com/dragoninfo/dcuc/duceap/facade/CodeGmSignFacade.java

@@ -1,38 +0,0 @@
-package com.dragoninfo.dcuc.duceap.facade;
-
-import com.dragoninfo.dcuc.duceap.service.ICodeGmService;
-import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
-
-/**
- * @author mazq
- * @date 2021/5/11
- */
-@RestController
-@RequestMapping(value = "/duceapsvr/v2/signFacade")
-public class CodeGmSignFacade implements ICodeGmSignFacade{
-
-    @Autowired
-    ICodeGmService codeGmService;
-
-
-    @Override
-    public ResponseDTO codeGmCheck(String codeId) {
-        return codeGmService.codeGmCheck(codeId);
-    }
-
-    @Override
-    public ResponseDTO codeGmCheckCodes(String codeIds) {
-        return codeGmService.codeGmCheckCodes(codeIds);
-    }
-
-
-    @Override
-    public ResponseDTO codeGmSign(String codeId) {
-        return codeGmService.codeGmSign(codeId);
-    }
-
-
-}

dcuc-duceap-service/src/main/java/com/dragoninfo/dcuc/duceap/facade/GmSignFacade.java

@@ -0,0 +1,62 @@
+package com.dragoninfo.dcuc.duceap.facade;
+
+import com.dragoninfo.dcuc.duceap.service.ICodeGmService;
+import com.dragoninfo.dcuc.duceap.service.IGmVerifyService;
+import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * @author mazq
+ * @date 2021/5/11
+ */
+@RestController
+@RequestMapping(value = "/duceapsvr/v2/gmSignFacade")
+public class GmSignFacade implements IGmSignFacade {
+
+    @Autowired
+    ICodeGmService codeGmService;
+
+
+    @Autowired
+    IGmVerifyService gmVerifyService;
+
+    @Override
+    public ResponseStatus codeGmCheck(String codeId) {
+        return codeGmService.codeGmCheck(codeId);
+    }
+
+    @Override
+    public ResponseStatus codeGmCheckCodes(String codeIds) {
+        return codeGmService.codeGmCheckCodes(codeIds);
+    }
+
+
+    @Override
+    public ResponseStatus codeGmSign(String codeId) {
+        return codeGmService.codeGmSign(codeId);
+    }
+
+    @Override
+    public ResponseStatus gmSm2Verify(String origin, String digest) {
+        return gmVerifyService.gmSm2Verify(origin,digest);
+    }
+
+    @Override
+    public ResponseStatus gmSm3Verify(String origin, String sign) {
+        return gmVerifyService.gmSm3Verify(origin,sign);
+    }
+
+    @Override
+    public ResponseDTO gmSm4Decode(String encode) {
+        return gmVerifyService.gmSm4Decode(encode);
+    }
+
+    @Override
+    public ResponseDTO gmSm4Encode(String origin) {
+        return gmVerifyService.gmSm4Encode(origin);
+    }
+
+}

dcuc-duceap-service/src/main/java/com/dragoninfo/dcuc/duceap/interceptor/CodeGmInterceptor.java

@@ -1,9 +1,6 @@
 package com.dragoninfo.dcuc.duceap.interceptor;
 
-import com.alibaba.fastjson.JSON;
 import com.dragoninfo.dcuc.duceap.service.ICodeGmService;
-import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
-import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
 import com.dragonsoft.duceap.code.enums.CodeResourceEnum;
 import com.dragonsoft.duceap.commons.util.string.StringUtils;
 import lombok.extern.slf4j.Slf4j;
@@ -13,7 +10,6 @@ import org.springframework.web.servlet.HandlerMapping;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
 import java.util.Map;
 
 /**
@@ -29,7 +25,7 @@ public class CodeGmInterceptor implements HandlerInterceptor {
     ICodeGmService codeGmService;
 
     @Override
-    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws IOException {
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
         Map<String,String> pathVariables = (Map<String,String>) request.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE);
         String resourceType = pathVariables.get("resourceType");
         if(CodeResourceEnum.ENUM.getValue().equals(resourceType)){
@@ -38,21 +34,13 @@ public class CodeGmInterceptor implements HandlerInterceptor {
         String codeId = pathVariables.get("codeName");
         String codeIds = request.getParameter("codeNames");
         log.info("CodeGmInterceptor >> check gm code codeId:{}, codeIds:{}",codeId,codeIds);
-        ResponseDTO responseDTO;
         if(StringUtils.isNotBlank(codeId)){
-             responseDTO = codeGmService.codeGmCheck(codeId);
+            codeGmService.codeGmCheck(codeId);
         }else if(StringUtils.isNotBlank(codeIds)){
-             responseDTO = codeGmService.codeGmCheckCodes(codeIds);
+            codeGmService.codeGmCheckCodes(codeIds);
         }else {
             return true;
         }
-        //数据校验不通过直接返回错误信息
-        if(!ResponseStatus.SUCCESS_CODE.equals(responseDTO.getStatusCode())){
-            response.setContentType("application/json;charset=UTF-8");
-            response.setStatus(500);
-            response.getWriter().write(JSON.toJSONString(responseDTO));
-            return false;
-        }
         return true;
     }
 

dcuc-duceap-service/src/main/java/com/dragoninfo/dcuc/duceap/service/ICodeGmService.java

@@ -1,6 +1,6 @@
 package com.dragoninfo.dcuc.duceap.service;
 
-import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
 
 /**
  * 表码数据国密校验service
@@ -14,19 +14,19 @@ public interface ICodeGmService {
      * @param codeId
      * @return
      */
-    ResponseDTO codeGmCheck(String codeId);
+    ResponseStatus codeGmCheck(String codeId);
 
     /**
      * 根据codeIds校验数据是否符合国密要求
      * @param codeIds 多个codeId  ‘,’隔开
      * @return
      */
-    ResponseDTO codeGmCheckCodes(String codeIds);
+    ResponseStatus codeGmCheckCodes(String codeIds);
 
     /**
      * 对codeId的表码数据进行摘要和加密
      * @param codeId 多个codeId  ‘,’隔开
      * @return
      */
-    ResponseDTO codeGmSign(String codeId);
+    ResponseStatus codeGmSign(String codeId);
 }

dcuc-duceap-service/src/main/java/com/dragoninfo/dcuc/duceap/service/IGmVerifyService.java

@@ -0,0 +1,41 @@
+package com.dragoninfo.dcuc.duceap.service;
+
+import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
+
+/**
+ * @author mazq
+ * @date 2021/5/11
+ */
+public interface IGmVerifyService {
+
+    /**
+     * 国密不可否认性校验
+     * @param origin 原文
+     * @param digest 摘要数据
+     * @return
+     */
+    ResponseStatus gmSm2Verify(String origin, String digest);
+
+    /**
+     * 国密完整性校验
+     * @param origin 原文
+     * @param sign   签名数据
+     * @return
+     */
+    ResponseStatus gmSm3Verify(String origin, String sign);
+
+    /**
+     * 国密机密性接口解密
+     * @param encode 加密数据
+     * @return
+     */
+    ResponseDTO gmSm4Decode(String encode);
+
+    /**
+     * 国密机密性接口解密
+     * @param origin 原文数据
+     * @return
+     */
+    ResponseDTO gmSm4Encode(String origin);
+}

dcuc-duceap-service/src/main/java/com/dragoninfo/dcuc/duceap/service/impl/CodeGmServiceImpl.java

@@ -1,8 +1,9 @@
 package com.dragoninfo.dcuc.duceap.service.impl;
 
 import cn.hutool.core.util.StrUtil;
+import com.dragoninfo.dcuc.common.exception.GmIntegrityException;
 import com.dragoninfo.dcuc.duceap.bpo.CodeGmBPO;
-import com.dragoninfo.dcuc.duceap.config.CodeGmConfig;
+import com.dragoninfo.dcuc.duceap.config.GmConfig;
 import com.dragoninfo.dcuc.duceap.entity.CodeGmSign;
 import com.dragoninfo.dcuc.duceap.service.ICodeGmService;
 import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
@@ -33,12 +34,12 @@ public class CodeGmServiceImpl implements ICodeGmService {
     private SM3SignStrategy sm3SignStrategy;
 
     @Autowired
-    private CodeGmConfig gmConfig;
+    private GmConfig gmConfig;
 
     @Override
-    public ResponseDTO codeGmCheck(String codeId) {
+    public ResponseStatus codeGmCheck(String codeId) {
         if(!gmConfig.getCheckCodeIds().contains(codeId)){
-            return ResponseDTO.success(ResponseStatus.SUCCESS_CODE,"无需校验");
+            return ResponseStatus.success();
         }
         List<CodeRecord> codeRecords = CodeInfoUtils.getCodeListByCodeDicId(codeId);
         List<CodeGmSign> signs = getCodeGmSignByCodeId(codeId);
@@ -49,35 +50,35 @@ public class CodeGmServiceImpl implements ICodeGmService {
             String code = codeRecord.getValue();
             CodeGmSign codeGmSign = signMap.get(code);
             if(null == codeGmSign){
-                return ResponseDTO.fail(ResponseStatus.FAIL_CODE,"缺少国密签名数据",null);
+                throw new GmIntegrityException();
             }
             String digest = codeGmSign.getDigest();
             String origin = codeRecord.getLabel() + codeRecord.getValue();
             String summary = sm3SignStrategy.summary(origin);
             if(!summary.equals(digest)){
-                return ResponseDTO.fail(ResponseStatus.FAIL_CODE,"国密完整性异常",null);
+                throw new GmIntegrityException();
             }
         }
-        return ResponseDTO.success(ResponseStatus.SUCCESS_CODE,"国密数据校验成功");
+        return ResponseStatus.success();
     }
 
     @Override
-    public ResponseDTO codeGmCheckCodes(String codeIds) {
+    public ResponseStatus codeGmCheckCodes(String codeIds) {
         if(StringUtils.isBlank(codeIds)){
             return ResponseDTO.fail(ResponseStatus.FAIL_CODE,"codeIds为空",null);
         }
         String[] codeIdArr = codeIds.split(StrUtil.COMMA);
         for (String codeId : codeIdArr) {
-            ResponseDTO responseDTO = codeGmCheck(codeId);
+            ResponseStatus responseDTO = codeGmCheck(codeId);
             if(!responseDTO.getStatusCode().equals(ResponseStatus.SUCCESS_CODE)){
                 return responseDTO;
             }
         }
-        return ResponseDTO.success(ResponseStatus.SUCCESS_CODE,"国密数据校验成功");
+        return ResponseStatus.success();
     }
 
     @Override
-    public ResponseDTO codeGmSign(String codeId) {
+    public ResponseStatus codeGmSign(String codeId) {
         List<CodeRecord> codeRecords = CodeInfoUtils.getCodeListByCodeDicId(codeId);
         //去重
         ArrayList<CodeRecord> collect = codeRecords.stream()
@@ -91,7 +92,7 @@ public class CodeGmServiceImpl implements ICodeGmService {
             codeGmSign.setDigest(summary);
             codeGmBPO.save(codeGmSign);
         }
-        return ResponseDTO.success(ResponseStatus.SUCCESS_CODE,"保存成功");
+        return ResponseStatus.success();
     }
 
 

dcuc-duceap-service/src/main/java/com/dragoninfo/dcuc/duceap/service/impl/GmVerifyServiceImpl.java

@@ -0,0 +1,60 @@
+package com.dragoninfo.dcuc.duceap.service.impl;
+
+import com.dragoninfo.dcuc.common.exception.GmIntegrityException;
+import com.dragoninfo.dcuc.common.exception.GmNonRepudiationException;
+import com.dragoninfo.dcuc.duceap.service.IGmVerifyService;
+import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
+import com.dragonsoft.smtools.enums.SM2SignStrategy;
+import com.dragonsoft.smtools.enums.SM3SignStrategy;
+import com.dragonsoft.smtools.enums.SM4DESStrategy;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+/**
+ * 国密算法校验service
+ * @author mazq
+ * @date 2021/5/11
+ */
+@Service
+public class GmVerifyServiceImpl implements IGmVerifyService {
+
+    @Autowired
+    SM2SignStrategy sm2SignStrategy;
+
+    @Autowired
+    SM3SignStrategy sm3SignStrategy;
+
+    @Autowired
+    SM4DESStrategy sm4DesStrategy;
+
+    @Override
+    public ResponseStatus gmSm2Verify(String origin, String digest) {
+        boolean verify = sm2SignStrategy.verify(origin, digest);
+        if(!verify){
+            throw  new GmNonRepudiationException();
+        }
+        return ResponseStatus.success();
+    }
+
+    @Override
+    public ResponseStatus gmSm3Verify(String origin, String sign) {
+        boolean verify = sm3SignStrategy.verify(origin, sign);
+        if(!verify){
+            throw new GmIntegrityException();
+        }
+        return ResponseStatus.success();
+    }
+
+    @Override
+    public ResponseDTO gmSm4Decode(String encode) {
+        String dec = sm4DesStrategy.dec(encode);
+        return ResponseDTO.success(ResponseStatus.SUCCESS_CODE,dec);
+    }
+
+    @Override
+    public ResponseDTO gmSm4Encode(String origin) {
+        String enc = sm4DesStrategy.enc(origin);
+        return ResponseDTO.success(ResponseStatus.SUCCESS_CODE,enc);
+    }
+}

dcuc-duceap-service/src/main/resources/application.yml

@@ -1,6 +1,6 @@
 spring:
   profiles:
-    include: base,duceap_service
+    include: base,dcuc_duceap
 apollo:
   # 配置中心地址(服务端)
   meta: http://192.168.6.132:8080