MrShi
2025-04-23 c8b32b8bca79a116cfab70eb8c389907b664c9ca
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package com.doumee.config.interfaceencryption;
 
import com.alibaba.fastjson.JSONObject;
import com.doumee.config.annotation.EncryptionReq;
import com.doumee.config.annotation.EncryptionResp;
import com.doumee.config.interfaceencryption.tool.RSAEncrypt;
import com.doumee.core.utils.AESUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.MethodParameter;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpInputMessage;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.util.StreamUtils;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice;
 
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Type;
import java.util.Base64;
 
/**
 * 【问题】群组表
 * github地址 http://www.github.com/wanyushu
 * gitee地址 http://www.gitee.com/wanyushu
 * @author yushu
 * @email 921784721@qq.com
 * 对请求的参数进行解密
 **/
@ControllerAdvice
public class DecryptRequestBodyAdvice implements RequestBodyAdvice {
 
    private Logger log = LoggerFactory.getLogger(this.getClass());
 
    private boolean encrypt;
 
    @Override
    public boolean supports(MethodParameter methodParameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
        if (methodParameter.getMethod().isAnnotationPresent(EncryptionReq.class) || methodParameter.getClass().isAnnotationPresent(EncryptionReq.class)  ) {
            encrypt = true;
        }else{
            encrypt=false;
        }
        return encrypt;
    }
 
    @Override
    public Object handleEmptyBody(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
        return body;
    }
 
    @Override
    public HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter, Type targetType,
                                           Class<? extends HttpMessageConverter<?>> converterType){
        if (encrypt) {
            try {
                byte[] payload = StreamUtils.copyToByteArray(inputMessage.getBody());
                String content =new String(payload);
                JSONObject jsonObject = JSONObject.parseObject(content);
                if(jsonObject.get("data")!=null){
                    content = jsonObject.getString("data");
                }
                // 读取完整的客户端请求体,也就是加密/编码后的数据
                String key  = jsonObject.getString("ivKey");
                log.info("加密 key:{}", key);
                String decrypt = RSAEncrypt.decrypt(key, RSAEncrypt.privateKey);
 
                log.info("加密 Payload:{}",content);
                String decrypt1 = AESUtils.decrypt(content, decrypt);
                // 解码为原始数据
                byte[] rawPayload =  decrypt1.getBytes();
                log.info("原始 Payload:{}", decrypt);
                // 返回 HttpInputMessage 匿名对象
                return new HttpInputMessage() {
                    @Override
                    public HttpHeaders getHeaders() {
//                        inputMessage.getHeaders().set("Content-Type","application/json;charset=UTF-8");
                        return inputMessage.getHeaders();
                    }
                    @Override
                    public InputStream getBody() throws IOException {
                        // 使用原始数据构建为 ByteArrayInputStream
                        return new ByteArrayInputStream(rawPayload);
                    }
                };
            } catch (Exception e) {
                log.error("Decryption failed", e);
            }
        }
        return inputMessage;
    }
 
    @Override
    public Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType,
                                Class<? extends HttpMessageConverter<?>> converterType) {
        return body;
    }
}