Merge branches 'develop' and 'release/v2.1.0-beta' of 192.168.0.144:dcuc-tjdsj/duceap-service into develop

 Conflicts:

	dcuc-duceap-api/pom.xml

	dcuc-duceap-model/pom.xml

	dcuc-duceap-service/pom.xml

	pom.xml

README.md

@@ -1,8 +1,13 @@
 # 服务组件
 ## 注意事项
-- 使用ES组件时注意：
-    1.application.yml中es.enable配置开启为true。
-    2.nosql/config.properties中的配置driver-path= 修改改为本机驱动包硬盘路径,具体到jar包的上一级路径即可。
-    3.驱动包在 ${project.path}/src/main/esdriver/nosql-elasticsearch-6.7.1-huawei-SNAPSHOT.jar
-    4.当采用配置中心配置驱动包时,配置见nosql/config.properties注释部分
-    5.本地启动不使用配置中心需要注释掉maven es相关依赖！！！（重要）
+### 使用ES组件时注意：
+   1. **application.yml**中`es.enable`配置开启为true。
+   2. **nosql/config.properties**中的配置driver-path= 修改改为本机驱动包硬盘路径,具体到jar包的上一级路径即可。
+   3. 驱动包在 `${project.path}/src/main/esdriver/nosql-elasticsearch-6.7.1-huawei-SNAPSHOT.jar`
+   4. 当采用配置中心配置驱动包时,配置见`nosql/config.properties`注释部分
+   5. 本地启动不使用配置中心需要注释掉maven es相关依赖！！！（重要）
+---
+## 更新日志
+### 2.1.0
+   1. 新增国密校验接口
+   2. 新增表码国密完整性校验

dcuc-duceap-api/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>dcuc-duceap</artifactId>
         <groupId>com.dragoninfo</groupId>
-        <version>2.0.0-tjdsj-SNAPSHOT</version>
+        <version>2.1.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

dcuc-duceap-api/src/main/java/com/dragoninfo/dcuc/duceap/facade/IGmSignFacade.java

@@ -0,0 +1,100 @@
+package com.dragoninfo.dcuc.duceap.facade;
+
+import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+
+/**
+ * 表码数据使用国密算法加密
+ *
+ * @author mazq
+ * @date 2021/5/11
+ */
+@FeignClient(name = "${duceap.service.name:dcuc-duceap}", path = "/duceapsvr/v2/gmSignFacade")
+public interface IGmSignFacade {
+
+    /**
+     * 根据codeId校验数据是否符合国密要求
+     *
+     * @param codeId
+     * @return
+     */
+    @GetMapping(value = "codeGmCheck")
+    ResponseStatus codeGmCheck(@RequestParam("codeId") String codeId);
+
+    /**
+     * 根据codeIds校验数据是否符合国密要求
+     *
+     * @param codeIds 多个codeId  ‘,’隔开
+     * @return
+     */
+    @GetMapping(value = "codeGmCheckCodes")
+    ResponseStatus codeGmCheckCodes(@RequestParam("codeIds") String codeIds);
+
+    /**
+     * 对codeId的表码数据进行摘要和加密
+     *
+     * @param codeId
+     * @return
+     */
+    @GetMapping(value = "codeGmSign")
+    ResponseStatus codeGmSign(@RequestParam("codeId") String codeId);
+
+    /**
+     * 国密不可否认性校验
+     *
+     * @param origin 原文
+     * @param sign   签名数据
+     * @return
+     */
+    @GetMapping(value = "sm2Verify")
+    ResponseStatus gmSm2Verify(@RequestParam("origin") String origin, @RequestParam("sign") String sign);
+
+    /**
+     * 国密完整性校验
+     *
+     * @param origin 原文
+     * @param digest 摘要数据
+     * @return
+     */
+    @GetMapping(value = "gmSm3Verify")
+    ResponseStatus gmSm3Verify(@RequestParam("origin") String origin, @RequestParam("digest") String digest);
+
+    /**
+     * 国密机密性接口解密
+     *
+     * @param encode 加密数据
+     * @return
+     */
+    @GetMapping(value = "gmSm4Decode")
+    ResponseDTO<String> gmSm4Decode(@RequestParam("encode") String encode);
+
+    /**
+     * 国密机密性接口解密
+     *
+     * @param origin 原文数据
+     * @return
+     */
+    @GetMapping(value = "gmSm4Encode")
+    ResponseDTO<String> gmSm4Encode(@RequestParam("origin") String origin);
+
+    /**
+     * 生成SM2签名
+     *
+     * @param origin 原文
+     * @return 签名
+     */
+    @GetMapping(value = "gmSm2Sign")
+    ResponseDTO<String> gmSm2Sign(@RequestParam("origin") String origin);
+
+    /**
+     * 生成SM3摘要
+     *
+     * @param origin 原文
+     * @return 摘要
+     */
+    @GetMapping(value = "gmSm3Digest")
+    ResponseDTO<String> gmSm3Digest(@RequestParam("origin") String origin);
+}

dcuc-duceap-model/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>dcuc-duceap</artifactId>
         <groupId>com.dragoninfo</groupId>
-        <version>2.0.0-tjdsj-SNAPSHOT</version>
+        <version>2.1.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

dcuc-duceap-service/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>dcuc-duceap</artifactId>
         <groupId>com.dragoninfo</groupId>
-        <version>2.0.0-tjdsj-SNAPSHOT</version>
+        <version>2.1.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
@@ -118,9 +118,24 @@
             <groupId>com.dragonsoft</groupId>
             <artifactId>duceap-support-license</artifactId>
         </dependency>
-
         <!--许可依赖包 结束-->
-
+        <!-- 国密加密工具 -->
+        <dependency>
+            <groupId>com.dragonsoft</groupId>
+            <artifactId>sm-tools</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.dragoninfo</groupId>
+            <artifactId>dcuc-common</artifactId>
+        </dependency>
+        <!-- 国密加密工具 -->
+        <!-- 单元测试 -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <!-- 单元测试 -->
     </dependencies>
 
     <packaging>${project.packaging}</packaging>

dcuc-duceap-service/src/main/java/com/dragoninfo/dcuc/duceap/bpo/CodeGmBPO.java

@@ -0,0 +1,13 @@
+package com.dragoninfo.dcuc.duceap.bpo;
+
+import com.dragoninfo.dcuc.duceap.entity.CodeGmSign;
+import com.dragoninfo.duceap.core.persistent.BaseBPO;
+import org.springframework.stereotype.Repository;
+
+/**
+ * @author mazq
+ * @date 2021/5/10
+ */
+@Repository
+public class CodeGmBPO extends BaseBPO<CodeGmSign,String> {
+}

dcuc-duceap-service/src/main/java/com/dragoninfo/dcuc/duceap/config/GmConfig.java

@@ -0,0 +1,69 @@
+package com.dragoninfo.dcuc.duceap.config;
+
+
+import com.dragonsoft.smtools.enums.SM2SignStrategy;
+import com.dragonsoft.smtools.enums.SM3SignStrategy;
+import com.dragonsoft.smtools.enums.SM4DESStrategy;
+import com.dragonsoft.smtools.enums.SMTypeEnum;
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import java.util.Set;
+
+/**
+ * <p>
+ * 国密配置类
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2021/5/7
+ */
+@Data
+@ConfigurationProperties(prefix = "dcuc.duceap.gm")
+@Configuration
+public class GmConfig {
+
+    /**
+     * 需要校验的表码id集合
+     */
+    private Set<String> checkCodeIds;
+
+    /**
+     * 是否开启国密校验
+     */
+    private Boolean enable;
+
+    /**
+     * 国密类型
+     */
+    private SMTypeEnum smTypeEnum = SMTypeEnum.LOCAL;
+
+    @Bean
+    public SM3SignStrategy sm3SignStrategy() {
+        if (SMTypeEnum.WST.equals(smTypeEnum)) {
+            return SM3SignStrategy.WST;
+        } else {
+            return SM3SignStrategy.LOCAL;
+        }
+    }
+
+    @Bean
+    public SM2SignStrategy sm2SignStrategy() {
+        if (SMTypeEnum.WST.equals(smTypeEnum)) {
+            return SM2SignStrategy.WST;
+        } else {
+            return SM2SignStrategy.LOCAL;
+        }
+    }
+
+    @Bean
+    public SM4DESStrategy sm4DESStrategy() {
+        if (SMTypeEnum.WST.equals(smTypeEnum)) {
+            return SM4DESStrategy.WST;
+        } else {
+            return SM4DESStrategy.LOCAL;
+        }
+    }
+}

dcuc-duceap-service/src/main/java/com/dragoninfo/dcuc/duceap/config/GmMvcConfig.java

@@ -0,0 +1,37 @@
+package com.dragoninfo.dcuc.duceap.config;
+
+import com.dragoninfo.dcuc.duceap.interceptor.CodeGmInterceptor;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+
+/**
+ * 设置拦截器
+ * 请求表码服务的时候根据国密加密规则进行数据校验
+ * @author mazq
+ */
+@ConditionalOnProperty(name = "dcuc.duceap.gm.enable")
+@Configuration
+public class GmMvcConfig implements WebMvcConfigurer {
+
+    @Bean
+    public CodeGmInterceptor codeGmInterceptor() {
+        return new CodeGmInterceptor();
+    }
+
+    /**
+     * 拦截配置
+     * 获取表码数据前进行国密数据校验
+     * @param registry
+     */
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(codeGmInterceptor())
+                .addPathPatterns("/api/codelist/**");
+
+    }
+
+}

dcuc-duceap-service/src/main/java/com/dragoninfo/dcuc/duceap/entity/CodeGmSign.java

@@ -0,0 +1,91 @@
+package com.dragoninfo.dcuc.duceap.entity;
+
+import com.dragonsoft.duceap.base.entity.persistent.IdEntity;
+import org.hibernate.annotations.GenericGenerator;
+
+import javax.persistence.*;
+
+/**
+ * 码表国密加密数据
+ * @author mazq
+ * @date 2021/5/10
+ */
+@Entity
+@Table(name = "T_CODE_GM_SIGN")
+public class CodeGmSign implements IdEntity<String> {
+
+    /**
+     * 主键
+     */
+    @Id
+    @GeneratedValue(generator="idGenerator")
+    @GenericGenerator(name="idGenerator", strategy="uuid")
+    @Column(name = "ID")
+    private String id;
+
+    /**
+     * 表码表id
+     */
+    @Column(name = "CODE_ID")
+    private String codeId;
+
+    /**
+     * 表码码值
+     */
+    @Column(name = "CODE")
+    private String code;
+
+    /**
+     * 签名
+     */
+    @Column(name = "SIGN")
+    private String sign;
+
+    /**
+     * 摘要
+     */
+    @Column(name = "DIGEST")
+    private String digest;
+
+    @Override
+    public String getId() {
+        return id;
+    }
+
+    @Override
+    public void setId(String id) {
+        this.id = id;
+    }
+
+    public String getCodeId() {
+        return codeId;
+    }
+
+    public void setCodeId(String codeId) {
+        this.codeId = codeId;
+    }
+
+    public String getCode() {
+        return code;
+    }
+
+    public void setCode(String code) {
+        this.code = code;
+    }
+
+    public String getSign() {
+        return sign;
+    }
+
+    public void setSign(String sign) {
+        this.sign = sign;
+    }
+
+    public String getDigest() {
+        return digest;
+    }
+
+    public void setDigest(String digest) {
+        this.digest = digest;
+    }
+}

dcuc-duceap-service/src/main/java/com/dragoninfo/dcuc/duceap/facade/GmSignFacade.java

@@ -0,0 +1,72 @@
+package com.dragoninfo.dcuc.duceap.facade;
+
+import com.dragoninfo.dcuc.duceap.service.ICodeGmService;
+import com.dragoninfo.dcuc.duceap.service.IGmVerifyService;
+import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * @author mazq
+ * @date 2021/5/11
+ */
+@RestController
+@RequestMapping(value = "/duceapsvr/v2/gmSignFacade")
+public class GmSignFacade implements IGmSignFacade {
+
+    @Autowired
+    ICodeGmService codeGmService;
+
+
+    @Autowired
+    IGmVerifyService gmVerifyService;
+
+    @Override
+    public ResponseStatus codeGmCheck(String codeId) {
+        return codeGmService.codeGmCheck(codeId);
+    }
+
+    @Override
+    public ResponseStatus codeGmCheckCodes(String codeIds) {
+        return codeGmService.codeGmCheckCodes(codeIds);
+    }
+
+
+    @Override
+    public ResponseStatus codeGmSign(String codeId) {
+        return codeGmService.codeGmSign(codeId);
+    }
+
+    @Override
+    public ResponseStatus gmSm2Verify(String origin, String sign) {
+        return gmVerifyService.gmSm2Verify(origin, sign);
+    }
+
+    @Override
+    public ResponseStatus gmSm3Verify(String origin, String digest) {
+        return gmVerifyService.gmSm3Verify(origin, digest);
+    }
+
+    @Override
+    public ResponseDTO<String> gmSm4Decode(String encode) {
+        return gmVerifyService.gmSm4Decode(encode);
+    }
+
+    @Override
+    public ResponseDTO<String> gmSm4Encode(String origin) {
+        return gmVerifyService.gmSm4Encode(origin);
+    }
+
+    @Override
+    public ResponseDTO<String> gmSm2Sign(String origin) {
+        return gmVerifyService.gmSm2Sign(origin);
+    }
+
+    @Override
+    public ResponseDTO<String> gmSm3Digest(String origin) {
+        return gmVerifyService.gmSm3Digest(origin);
+    }
+
+}

dcuc-duceap-service/src/main/java/com/dragoninfo/dcuc/duceap/interceptor/CodeGmInterceptor.java

@@ -0,0 +1,49 @@
+package com.dragoninfo.dcuc.duceap.interceptor;
+
+import com.dragoninfo.dcuc.duceap.service.ICodeGmService;
+import com.dragonsoft.duceap.code.enums.CodeResourceEnum;
+import com.dragonsoft.duceap.commons.util.string.StringUtils;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.HandlerMapping;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Map;
+
+/**
+ * 调用duceap服务查询码表进行GM数据校验
+ * @author mazq
+ * @date 2021/5/10
+ */
+@Slf4j
+public class CodeGmInterceptor implements HandlerInterceptor {
+
+
+    @Autowired
+    ICodeGmService codeGmService;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+        Map<String,String> pathVariables = (Map<String,String>) request.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE);
+        String resourceType = pathVariables.get("resourceType");
+        if(CodeResourceEnum.ENUM.getValue().equals(resourceType)){
+            return true;
+        }
+        String codeId = pathVariables.get("codeName");
+        String codeIds = request.getParameter("codeNames");
+        log.info("CodeGmInterceptor >> check gm code codeId:{}, codeIds:{}",codeId,codeIds);
+        if(StringUtils.isNotBlank(codeId)){
+            codeGmService.codeGmCheck(codeId);
+        }else if(StringUtils.isNotBlank(codeIds)){
+            codeGmService.codeGmCheckCodes(codeIds);
+        }else {
+            return true;
+        }
+        return true;
+    }
+
+
+
+}

dcuc-duceap-service/src/main/java/com/dragoninfo/dcuc/duceap/service/ICodeGmService.java

@@ -0,0 +1,32 @@
+package com.dragoninfo.dcuc.duceap.service;
+
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
+
+/**
+ * 表码数据国密校验service
+ * @author mazq
+ * @date 2021/5/10
+ */
+public interface ICodeGmService {
+
+    /**
+     * 根据codeId校验数据是否符合国密要求
+     * @param codeId
+     * @return
+     */
+    ResponseStatus codeGmCheck(String codeId);
+
+    /**
+     * 根据codeIds校验数据是否符合国密要求
+     * @param codeIds 多个codeId  ‘,’隔开
+     * @return
+     */
+    ResponseStatus codeGmCheckCodes(String codeIds);
+
+    /**
+     * 对codeId的表码数据进行摘要和加密
+     * @param codeId 多个codeId  ‘,’隔开
+     * @return
+     */
+    ResponseStatus codeGmSign(String codeId);
+}

dcuc-duceap-service/src/main/java/com/dragoninfo/dcuc/duceap/service/IGmVerifyService.java

@@ -0,0 +1,61 @@
+package com.dragoninfo.dcuc.duceap.service;
+
+import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
+
+/**
+ * @author mazq
+ * @date 2021/5/11
+ */
+public interface IGmVerifyService {
+
+    /**
+     * 国密不可否认性校验
+     *
+     * @param origin 原文
+     * @param sign   签名数据
+     * @return
+     */
+    ResponseStatus gmSm2Verify(String origin, String sign);
+
+    /**
+     * 国密完整性校验
+     *
+     * @param origin 原文
+     * @param digest 摘要数据
+     * @return
+     */
+    ResponseStatus gmSm3Verify(String origin, String digest);
+
+    /**
+     * 国密机密性接口解密
+     *
+     * @param encode 加密数据
+     * @return
+     */
+    ResponseDTO<String> gmSm4Decode(String encode);
+
+    /**
+     * 国密机密性接口解密
+     *
+     * @param origin 原文数据
+     * @return
+     */
+    ResponseDTO<String> gmSm4Encode(String origin);
+
+    /**
+     * 生成SM2签名
+     *
+     * @param origin 原文
+     * @return 签名
+     */
+    ResponseDTO<String> gmSm2Sign(String origin);
+
+    /**
+     * 生成SM3摘要
+     *
+     * @param origin 原文
+     * @return 摘要
+     */
+    ResponseDTO<String> gmSm3Digest(String origin);
+}

dcuc-duceap-service/src/main/java/com/dragoninfo/dcuc/duceap/service/impl/CodeGmServiceImpl.java

@@ -0,0 +1,111 @@
+package com.dragoninfo.dcuc.duceap.service.impl;
+
+import cn.hutool.core.util.StrUtil;
+import com.dragoninfo.dcuc.common.exception.GmIntegrityException;
+import com.dragoninfo.dcuc.duceap.bpo.CodeGmBPO;
+import com.dragoninfo.dcuc.duceap.config.GmConfig;
+import com.dragoninfo.dcuc.duceap.entity.CodeGmSign;
+import com.dragoninfo.dcuc.duceap.service.ICodeGmService;
+import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
+import com.dragonsoft.duceap.base.entity.metadata.CodeRecord;
+import com.dragonsoft.duceap.code.util.CodeInfoUtils;
+import com.dragonsoft.duceap.commons.util.string.StringUtils;
+import com.dragonsoft.duceap.core.search.Searchable;
+import com.dragonsoft.duceap.core.search.enums.SearchOperator;
+import com.dragonsoft.smtools.enums.SM3SignStrategy;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.util.*;
+import java.util.stream.Collectors;
+
+/**
+ * @author mazq
+ * @date 2021/5/10
+ */
+@Service
+public class CodeGmServiceImpl implements ICodeGmService {
+
+    @Autowired
+    CodeGmBPO codeGmBPO;
+
+    @Autowired
+    private SM3SignStrategy sm3SignStrategy;
+
+    @Autowired
+    private GmConfig gmConfig;
+
+    @Override
+    public ResponseStatus codeGmCheck(String codeId) {
+        if(!gmConfig.getCheckCodeIds().contains(codeId)){
+            return ResponseStatus.success();
+        }
+        List<CodeRecord> codeRecords = CodeInfoUtils.getCodeListByCodeDicId(codeId);
+        List<CodeGmSign> signs = getCodeGmSignByCodeId(codeId);
+        Map<String, CodeGmSign> signMap = signs
+                .stream()
+                .collect(Collectors.toMap(i -> i.getCode(), i -> i, (oldOne, lastOne) -> lastOne));
+        for (CodeRecord codeRecord : codeRecords) {
+            String code = codeRecord.getValue();
+            CodeGmSign codeGmSign = signMap.get(code);
+            if(null == codeGmSign){
+                throw new GmIntegrityException();
+            }
+            String digest = codeGmSign.getDigest();
+            String origin = codeRecord.getLabel() + codeRecord.getValue();
+            boolean verify = sm3SignStrategy.verify(origin, digest);
+            if(!verify){
+                throw new GmIntegrityException();
+            }
+        }
+        return ResponseStatus.success();
+    }
+
+    @Override
+    public ResponseStatus codeGmCheckCodes(String codeIds) {
+        if(StringUtils.isBlank(codeIds)){
+            return ResponseDTO.fail(ResponseStatus.FAIL_CODE,"codeIds为空",null);
+        }
+        String[] codeIdArr = codeIds.split(StrUtil.COMMA);
+        for (String codeId : codeIdArr) {
+            ResponseStatus responseDTO = codeGmCheck(codeId);
+            if(!responseDTO.getStatusCode().equals(ResponseStatus.SUCCESS_CODE)){
+                return responseDTO;
+            }
+        }
+        return ResponseStatus.success();
+    }
+
+    @Transactional
+    @Override
+    public ResponseStatus codeGmSign(String codeId) {
+        List<CodeRecord> codeRecords = CodeInfoUtils.getCodeListByCodeDicId(codeId);
+        //去重
+        ArrayList<CodeRecord> collect = codeRecords.stream()
+                .collect(Collectors.collectingAndThen(Collectors.toCollection(() ->
+                        new TreeSet<>(Comparator.comparing(codeRecord -> codeRecord.getLabel() + StrUtil.COMMA + codeRecord.getValue()))), ArrayList::new));
+        List<CodeGmSign> signs = getCodeGmSignByCodeId(codeId);
+        Map<String, CodeGmSign> signMap = signs.stream().collect(Collectors.toMap(item -> item.getCode(), item -> item, (oldOne, lastOne) -> lastOne));
+        for (CodeRecord codeRecord : collect) {
+            CodeGmSign sign = signMap.get(codeRecord.getValue());
+            if(sign == null){
+                sign = new CodeGmSign();
+            }
+            String summary = sm3SignStrategy.summary(codeRecord.getLabel() + codeRecord.getValue());
+            sign.setCodeId(codeId);
+            sign.setCode(codeRecord.getValue());
+            sign.setDigest(summary);
+            codeGmBPO.saveOrUpdate(sign);
+        }
+        return ResponseStatus.success();
+    }
+
+
+    public List<CodeGmSign> getCodeGmSignByCodeId(String codeId) {
+        Searchable searchable = Searchable.newSearchable();
+        searchable.addSearchFilter("code_id", SearchOperator.eq,codeId);
+        return codeGmBPO.find(CodeGmSign.class, searchable);
+    }
+}

dcuc-duceap-service/src/main/java/com/dragoninfo/dcuc/duceap/service/impl/GmVerifyServiceImpl.java

@@ -0,0 +1,76 @@
+package com.dragoninfo.dcuc.duceap.service.impl;
+
+import com.dragoninfo.dcuc.common.utils.ResponseUtil;
+import com.dragoninfo.dcuc.duceap.service.IGmVerifyService;
+import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
+import com.dragonsoft.smtools.enums.SM2SignStrategy;
+import com.dragonsoft.smtools.enums.SM3SignStrategy;
+import com.dragonsoft.smtools.enums.SM4DESStrategy;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+/**
+ * 国密算法校验service
+ *
+ * @author mazq
+ * @date 2021/5/11
+ */
+@Service
+public class GmVerifyServiceImpl implements IGmVerifyService {
+
+    @Autowired
+    private SM2SignStrategy sm2SignStrategy;
+
+    @Autowired
+    private SM3SignStrategy sm3SignStrategy;
+
+    @Autowired
+    private SM4DESStrategy sm4DesStrategy;
+
+    @Override
+    public ResponseStatus gmSm2Verify(String origin, String sign) {
+        boolean verify = sm2SignStrategy.verify(origin, sign);
+        if (!verify) {
+            return ResponseStatus.fail();
+        }
+        return ResponseStatus.success();
+    }
+
+    @Override
+    public ResponseStatus gmSm3Verify(String origin, String digest) {
+        boolean verify = sm3SignStrategy.verify(origin, digest);
+        if (!verify) {
+            return ResponseStatus.fail();
+        }
+        return ResponseStatus.success();
+    }
+
+    @Override
+    public ResponseDTO<String> gmSm4Decode(String encode) {
+        String dec = sm4DesStrategy.dec(encode);
+        return ResponseUtil.newInstance(dec);
+    }
+
+    @Override
+    public ResponseDTO<String> gmSm4Encode(String origin) {
+        String enc = sm4DesStrategy.enc(origin);
+        return ResponseUtil.newInstance(enc);
+    }
+
+    @Override
+    public ResponseDTO<String> gmSm2Sign(String origin) {
+
+        String sign = sm2SignStrategy.sign(origin);
+
+        return ResponseUtil.newInstance(sign);
+    }
+
+    @Override
+    public ResponseDTO<String> gmSm3Digest(String origin) {
+
+        String summary = sm3SignStrategy.summary(origin);
+
+        return ResponseUtil.newInstance(summary);
+    }
+}

dcuc-duceap-service/src/main/resources/application-base.yml

@@ -0,0 +1,75 @@
+spring:
+  datasource:
+    username: jzpt_bu
+    password: dragon
+    driver-class-name: com.mysql.jdbc.Driver
+    url: jdbc:mysql://192.168.120.142:3306/dcuc_2.0?useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC
+    druid:
+      filters: sqlaudit
+  application:
+    name: dcuc-duceap
+  cloud:
+    nacos:
+      discovery:
+        server-addr: 127.0.0.1:8848
+  servlet:
+    multipart:
+      # 设置文件上传大小，springboot默认的最大上传大小是1MB
+      max-file-size: 150MB
+      max-request-size: 150MB
+  cache:
+    type: redis
+  redis:
+    host: 127.0.0.1
+    port: 6379
+  kafka:
+    consumer:
+      bootstrap-servers: 192.168.10.20:9093
+server:
+  port: 21899
+management:
+  endpoints:
+    web:
+      exposure:
+        include: '*'
+
+duceap:
+  #通过配置duceap.datasource.dynamic.{dataSourceName}.{dataSourceProp}，将自动启用多数据源
+  #用apollo配置数据源方式
+  #  datasource:
+  #    dynamic:
+  #      dcuc:
+  #        url: jdbc:mysql://192.168.120.142:3306/dcuc_2.0?useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC
+  #        username: dcuc
+  #        password: 123
+  #        driver-class-name: com.mysql.jdbc.Driver
+  flyway:
+    # 是否执行flyway
+    enabled: false
+    # 执行flyway路径
+    locations: classpath:/config/mysql
+  datasource:
+    dynamic:
+      enabled: false
+  auditlog:
+    login:
+      enabled: false
+    audit:
+      enabled: false
+    sqlaudit:
+      output: kafka
+      exclude-tables: T_LOG_*
+  code:
+    enums:
+      scan-package: com.dragonsoft.**.enumresources,com.dragonsoft.**.enums,com.dragoninfo.**.enums,com.dragoninfo.**.enumresources
+  license:
+    enabled: false
+    #配置用来指定license对接的后端项目地址(格式：ip:port/context，如http://10.10.10.10:8080/ctx)，
+    #默认使用HttpServletRequest.getLocalAddr()方法获取ip地址，
+    #应用在docker部署环境中无法获取机子的真实ip地址 考虑以配置参数的形式传入
+    address: http://127.0.0.1:21899
+    dataCacheMethod: apollo
+  apollo:
+    client:
+      #apollo客户端（许可）
+      host: http://10.201.3.20:8070

dcuc-duceap-service/src/main/resources/application-dcuc_duceap.yml

@@ -0,0 +1,14 @@
+dcuc:
+  duceap:
+    es:
+      enabled: false
+      datasourceId: HW_DS_ElASTICSEARCH
+    gm:
+      enable: false
+      sm-type-enum: local
+      check-code-ids:
+        - DM_ROLE_LEVEL
+gm:
+  wst:
+    # wst加密机索引,权限中心10-19
+    key-index: 11

dcuc-duceap-service/src/main/resources/application-oracle.yml

@@ -1,6 +0,0 @@
-spring:
-  datasource:
-    username: DCUC2_GD
-    password: dragon
-    driver-class-name: oracle.jdbc.OracleDriver
-    url: jdbc:oracle:thin:@192.168.6.122:1521:orcl

dcuc-duceap-service/src/main/resources/application.yml

@@ -1,42 +1,6 @@
 spring:
-  datasource:
-    #    username: jzpt_bu
-    #    password: dragon
-    #    driver-class-name: com.mysql.jdbc.Driver
-    #    url: jdbc:mysql://192.168.120.142:3306/dcuc_2.0?useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC
-
-    username: DCUC2_GD
-    password: dragon
-    driver-class-name: oracle.jdbc.driver.OracleDriver
-    url: jdbc:oracle:thin:@192.168.6.122:1521:orcl
-    druid:
-      filters: sqlaudit
-  application:
-    name: dcuc-duceap
-  cloud:
-    nacos:
-      discovery:
-        server-addr: 127.0.0.1:8848
-  servlet:
-    multipart:
-      # 设置文件上传大小，springboot默认的最大上传大小是1MB
-      max-file-size: 150MB
-      max-request-size: 150MB
-  cache:
-    type: redis
-  redis:
-    host: 127.0.0.1
-    port: 6379
-  kafka:
-    consumer:
-      bootstrap-servers: 192.168.10.20:9093
-server:
-  port: 21899
-management:
-  endpoints:
-    web:
-      exposure:
-        include: '*'
+  profiles:
+    include: base,dcuc_duceap
 apollo:
   # 配置中心地址(服务端)
   meta: http://192.168.6.132:8080
@@ -49,43 +13,3 @@ apollo:
   cluster: default
   # 取消placeholder的自动更新功能(默认true)
   autoUpdateInjectedSpringProperties: false
-duceap:
-  #通过配置duceap.datasource.dynamic.{dataSourceName}.{dataSourceProp}，将自动启用多数据源
-  #用apollo配置数据源方式
-  #  datasource:
-  #    dynamic:
-  #      dcuc:
-  #        url: jdbc:mysql://192.168.120.142:3306/dcuc_2.0?useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC
-  #        username: dcuc
-  #        password: 123
-  #        driver-class-name: com.mysql.jdbc.Driver
-  datasource:
-    dynamic:
-      enabled: false
-  auditlog:
-    login:
-      enabled: false
-    audit:
-      enabled: false
-    sqlaudit:
-      output: kafka
-      exclude-tables: T_LOG_*
-  code:
-    enums:
-      scan-package: com.dragonsoft.**.enumresources,com.dragonsoft.**.enums,com.dragoninfo.**.enums,com.dragoninfo.**.enumresources
-  license:
-    enabled: false
-    #配置用来指定license对接的后端项目地址(格式：ip:port/context，如http://10.10.10.10:8080/ctx)，
-    #默认使用HttpServletRequest.getLocalAddr()方法获取ip地址，
-    #应用在docker部署环境中无法获取机子的真实ip地址 考虑以配置参数的形式传入
-    address: http://127.0.0.1:21899
-    dataCacheMethod: apollo
-  apollo:
-    client:
-      #apollo客户端（许可）
-      host: http://10.201.3.20:8070
-dcuc:
-  duceap:
-    es:
-      enabled: false
-      datasourceId: HW_DS_ElASTICSEARCH

dcuc-duceap-service/src/main/resources/mysql/V4_8_0001__Add_GM_SIGN.sql

@@ -0,0 +1,10 @@
+CREATE TABLE T_CODE_GM_SIGN(
+    ID VARCHAR(32) NOT NULL   COMMENT 'ID 主键' ,
+    CODE_ID VARCHAR(32)    COMMENT 'CODE_ID 表码表id' ,
+    CODE VARCHAR(32)    COMMENT 'CODE 表码码值' ,
+    SIGN VARCHAR(1024)    COMMENT 'SIGN 签名' ,
+    DIGEST VARCHAR(1024)    COMMENT 'DIGEST 摘要' ,
+    PRIMARY KEY (ID)
+) COMMENT = '码表国密加密数据表 ';
+
+ALTER TABLE T_CODE_GM_SIGN ADD INDEX IDX_T_CODE_GM_CODE_ID_CODE(CODE_ID,CODE);

dcuc-duceap-service/src/main/resources/sql/V4_8_0001__Add_GM_SIGN.sql

@@ -0,0 +1,17 @@
+CREATE TABLE T_CODE_GM_SIGN(
+    ID VARCHAR2(32) NOT NULL,
+    CODE_ID VARCHAR2(32),
+    CODE VARCHAR2(32),
+    SIGN NVARCHAR2(1024),
+    DIGEST NVARCHAR2(1024),
+    PRIMARY KEY (ID)
+);
+
+COMMENT ON TABLE T_CODE_GM_SIGN IS '码表国密加密数据表';
+COMMENT ON COLUMN T_CODE_GM_SIGN.ID IS '主键';
+COMMENT ON COLUMN T_CODE_GM_SIGN.CODE_ID IS '表码表id';
+COMMENT ON COLUMN T_CODE_GM_SIGN.CODE IS '表码码值';
+COMMENT ON COLUMN T_CODE_GM_SIGN.SIGN IS '签名';
+COMMENT ON COLUMN T_CODE_GM_SIGN.DIGEST IS '摘要';
+
+CREATE INDEX IDX_T_CODE_GM_CODE_ID_CODE ON T_CODE_GM_SIGN(CODE_ID,CODE);

dcuc-duceap-service/src/test/com/dragoninfo/dcuc/duceap/facade/GMSignTest.java

@@ -0,0 +1,111 @@
+package com.dragoninfo.dcuc.duceap;
+
+import com.dragonsoft.smtools.enums.SM2SignStrategy;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.ResultActions;
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+import org.springframework.test.web.servlet.result.MockMvcResultHandlers;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+/**
+ * @author mazq
+ * @date 2021/5/11
+ */
+@RunWith(SpringRunner.class)
+@SpringBootTest(classes = DcucDceapApplication.class)
+@WebAppConfiguration
+public class GMSignTest {
+
+    private String baseUrl = "/duceapsvr/v2/gmSignFacade";
+    private String codeId = "DM_ROLE_LEVEL";
+    private String origin = "部级0";
+    private String digest = "56F1BC32905E350680226324BC27DE7F1F0C49A4A303F7810344165D58712598";
+    private String sign = "3044022058BE9306F6442C8003AABD0FA59F1B5414346384ACEFAFCE9161BB4E580BC99102202681B7E3230016793B6BB257958E398E413455070F59EC1EAD0F657420C367E9";
+    private String encode = "teeR/VVEAq4f35mnSa8pzw==";
+
+    public MockMvc mockMvc;
+
+    @Autowired
+    private WebApplicationContext webApplicationContext;
+
+    @Before
+    public void setup() {
+        mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext).build();
+    }
+
+
+    @Test
+    public void gmSm2Sign() throws Exception {
+        ResultActions perform = mockMvc.perform(MockMvcRequestBuilders.get(baseUrl + "/gmSm2Sign").param("origin", this.origin));
+        perform.andReturn().getResponse().setCharacterEncoding("UTF-8");
+        perform.andDo(MockMvcResultHandlers.print());
+    }
+
+    @Test
+    public void gmSm3Digest() throws Exception {
+        ResultActions perform = mockMvc.perform(MockMvcRequestBuilders.get(baseUrl + "/gmSm3Digest").param("origin", this.origin));
+        perform.andReturn().getResponse().setCharacterEncoding("UTF-8");
+        perform.andDo(MockMvcResultHandlers.print());
+    }
+
+    @Test
+    public void codeGmCheck() throws Exception{
+        ResultActions perform = mockMvc.perform(MockMvcRequestBuilders.get(baseUrl + "/codeGmCheck").param("codeId", this.codeId));
+        perform.andReturn().getResponse().setCharacterEncoding("UTF-8");
+        perform.andDo(MockMvcResultHandlers.print());
+    }
+
+    @Test
+    public void codeGmCheckCodes() throws Exception {
+        ResultActions perform = mockMvc.perform(MockMvcRequestBuilders.get(baseUrl + "/codeGmCheckCodes").param("codeIds", codeId));
+        perform.andReturn().getResponse().setCharacterEncoding("UTF-8");
+        perform.andDo(MockMvcResultHandlers.print());
+    }
+
+    @Test
+    public void codeGmSign() throws Exception {
+        ResultActions perform = mockMvc.perform(MockMvcRequestBuilders.get(baseUrl + "/codeGmSign").param("codeId", this.codeId));
+        perform.andReturn().getResponse().setCharacterEncoding("UTF-8");
+        perform.andDo(MockMvcResultHandlers.print());
+    }
+
+
+    @Test
+    public void gmSm2Verify() throws Exception {
+        ResultActions perform = mockMvc.perform(MockMvcRequestBuilders.get(baseUrl + "/sm2Verify").param("origin", origin).param("sign", sign));
+        perform.andReturn().getResponse().setCharacterEncoding("UTF-8");
+        perform.andDo(MockMvcResultHandlers.print());
+    }
+
+
+    @Test
+    public void gmSm3Verify() throws Exception {
+        ResultActions perform = mockMvc.perform(MockMvcRequestBuilders.get(baseUrl + "/gmSm3Verify"));
+        perform.andReturn().getResponse().setCharacterEncoding("UTF-8");
+        perform.andDo(MockMvcResultHandlers.print());
+    }
+
+    @Test
+    public void gmSm4Encode() throws Exception {
+        ResultActions perform = mockMvc.perform(MockMvcRequestBuilders.get(baseUrl + "/gmSm4Encode").param("origin", this.origin));
+        perform.andReturn().getResponse().setCharacterEncoding("UTF-8");
+        perform.andDo(MockMvcResultHandlers.print());
+    }
+
+
+    @Test
+    public void gmSm4Decode() throws Exception {
+        ResultActions perform = mockMvc.perform(MockMvcRequestBuilders.get(baseUrl + "/gmSm4Decode").param("encode", this.encode));
+        perform.andReturn().getResponse().setCharacterEncoding("UTF-8");
+        perform.andDo(MockMvcResultHandlers.print());
+    }
+
+}

pom.xml

@@ -5,7 +5,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.dragoninfo</groupId>
     <artifactId>dcuc-duceap</artifactId>
-    <version>2.0.0-tjdsj-SNAPSHOT</version>
+    <version>2.1.0-SNAPSHOT</version>
 
     <packaging>pom</packaging>
 
@@ -19,7 +19,7 @@
         <maven.compiler.source>1.8</maven.compiler.source>
         <maven.compiler.target>1.8</maven.compiler.target>
         <!--revisions需写死，用于标识打包的版本号，不可删除-->
-        <revision>2.0.0-tjdsj-SNAPSHOT</revision>
+        <revision>2.0.0-SNAPSHOT</revision>
         <duceap.version>2.1.0-SNAPSHOT</duceap.version>
         <oracle.version>11.2.0.1.0</oracle.version>
         <mysql.version>5.1.49</mysql.version>
@@ -74,8 +74,19 @@
                <version>1.0.0-SNAPSHOT</version>
            </dependency>-->
             <!--框架组Es组件结束-->
+            <!-- 国密加密工具 -->
+            <dependency>
+                <groupId>com.dragonsoft</groupId>
+                <artifactId>sm-tools</artifactId>
+                <version>1.0.0-SNAPSHOT</version>
+            </dependency>
+            <!-- 国密加密工具 -->
+            <dependency>
+                <groupId>com.dragoninfo</groupId>
+                <artifactId>dcuc-common</artifactId>
+                <version>2.0.0-SNAPSHOT</version>
+            </dependency>
         </dependencies>
-
     </dependencyManagement>
 
     <!--指定仓库地址-->