package com.doumee.config.interfaceencryption; import com.alibaba.fastjson.JSONObject; import com.doumee.config.annotation.EncryptionReq; import com.doumee.config.annotation.EncryptionResp; import com.doumee.config.interfaceencryption.tool.RSAEncrypt; import com.doumee.core.utils.AESUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.core.MethodParameter; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpInputMessage; import org.springframework.http.converter.HttpMessageConverter; import org.springframework.util.StreamUtils; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.lang.reflect.Type; import java.util.Base64; /** * 【问题】群组表 * github地址 http://www.github.com/wanyushu * gitee地址 http://www.gitee.com/wanyushu * @author yushu * @email 921784721@qq.com * 对请求的参数进行解密 **/ @ControllerAdvice public class DecryptRequestBodyAdvice implements RequestBodyAdvice { private Logger log = LoggerFactory.getLogger(this.getClass()); private boolean encrypt; @Override public boolean supports(MethodParameter methodParameter, Type targetType, Class> converterType) { if (methodParameter.getMethod().isAnnotationPresent(EncryptionReq.class) || methodParameter.getClass().isAnnotationPresent(EncryptionReq.class) ) { encrypt = true; }else{ encrypt=false; } return encrypt; } @Override public Object handleEmptyBody(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class> converterType) { return body; } @Override public HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class> converterType){ if (encrypt) { try { byte[] payload = StreamUtils.copyToByteArray(inputMessage.getBody()); String content =new String(payload); JSONObject jsonObject = JSONObject.parseObject(content); if(jsonObject.get("data")!=null){ content = jsonObject.getString("data"); } // 读取完整的客户端请求体,也就是加密/编码后的数据 String key = jsonObject.getString("ivKey"); log.info("加密 key:{}", key); String decrypt = RSAEncrypt.decrypt(key, RSAEncrypt.privateKey); log.info("加密 Payload:{}",content); String decrypt1 = AESUtils.decrypt(content, decrypt); // 解码为原始数据 byte[] rawPayload = decrypt1.getBytes(); log.info("原始 Payload:{}", decrypt); // 返回 HttpInputMessage 匿名对象 return new HttpInputMessage() { @Override public HttpHeaders getHeaders() { // inputMessage.getHeaders().set("Content-Type","application/json;charset=UTF-8"); return inputMessage.getHeaders(); } @Override public InputStream getBody() throws IOException { // 使用原始数据构建为 ByteArrayInputStream return new ByteArrayInputStream(rawPayload); } }; } catch (Exception e) { log.error("Decryption failed", e); } } return inputMessage; } @Override public Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class> converterType) { return body; } }