update

jsowell-thirdparty/src/main/java/com/jsowell/thirdparty/platform/AbsInterfaceWithPlatformService.java

@@ -1,13 +1,25 @@
 package com.jsowell.thirdparty.platform;
 
+import com.alibaba.fastjson2.JSON;
+import com.alibaba.fastjson2.JSONObject;
+import com.google.common.collect.Maps;
+import com.jsowell.common.util.JWTUtils;
+import com.jsowell.common.util.StringUtils;
+import com.jsowell.pile.domain.ThirdPartyPlatformConfig;
 import com.jsowell.pile.dto.QueryStationInfoDTO;
 import com.jsowell.pile.service.PileBillingTemplateService;
 import com.jsowell.pile.service.PileStationInfoService;
 import com.jsowell.pile.service.ThirdPartyPlatformConfigService;
 import com.jsowell.thirdparty.lianlian.dto.CommonParamsDTO;
+import com.jsowell.thirdparty.lianlian.util.Cryptos;
+import com.jsowell.thirdparty.lianlian.util.Encodes;
+import com.jsowell.thirdparty.lianlian.util.GBSignUtils;
+import com.jsowell.thirdparty.lianlian.vo.AccessTokenVO;
 import com.jsowell.thirdparty.zhongdianlian.service.ZDLService;
 import org.springframework.beans.factory.annotation.Autowired;
 
+import java.nio.charset.StandardCharsets;
+import java.util.LinkedHashMap;
 import java.util.Map;
 
 /**
@@ -54,5 +66,99 @@ public abstract class AbsInterfaceWithPlatformService {
     /**
      * 身份认证
      */
-    public abstract Map<String, String> generateToken(CommonParamsDTO dto);
+    public Map<String, String> generateToken(CommonParamsDTO dto) {
+        String operatorID = dto.getOperatorID();
+        // 通过operatorID 查出 operatorSecret
+        ThirdPartyPlatformConfig platformConfig = thirdPartyPlatformConfigService.getInfoByOperatorId(operatorID);
+        if (platformConfig == null) {
+            return null;
+        }
+        String operatorSecret = platformConfig.getOperatorSecret();
+        String dataSecret = platformConfig.getDataSecret();
+        String dataSecretIv = platformConfig.getDataSecretIv();
+        String signSecret = platformConfig.getSignSecret();
+        // 校验签名
+        Map<String, String> checkResultMap = checkoutSign(dto);
+        if (checkResultMap == null) {
+            // 校验失败
+            return null;
+        }
+        String dataString = checkResultMap.get("Data");
+        // 解密data
+        byte[] plainText = Cryptos.aesDecrypt(Encodes.decodeBase64(dataString), dataSecret.getBytes(), dataSecretIv.getBytes());
+        String dataStr = new String(plainText, StandardCharsets.UTF_8);
+        Map<String, String> resMap = (Map<String, String>) JSON.parse(dataStr);
+        String secret = resMap.get("OperatorSecret");
+
+        // 对比解出来的密钥是否和数据库中保存的一致
+        if (!StringUtils.equals(operatorSecret, secret)) {
+            System.out.println("密钥不一致");
+            return null;
+        }
+        System.out.println("密钥校验通过!!  密钥为: " + operatorSecret);
+
+        // 生成token返回 eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiI0MjUwMTA3NjUiLCJpYXQiOjE2ODUwOTcxMTYsInN1YiI6IjEyMzEyMzEyMzEyM2FhYWEiLCJleHAiOjY4NjkwOTcxMTZ9.NyxOUIZmgsqtfex7oiMRR2LaWePTA56WHVMXIkWWt2w
+        long ttlMillis = 60 * 60 * 24 * 1000;
+        String token = JWTUtils.createToken(operatorID, operatorSecret, ttlMillis);
+        System.out.println("生成的token：" + token);
+
+        // 组装返回参数
+        AccessTokenVO vo = new AccessTokenVO();
+        vo.setAccessToken(token);
+        vo.setOperatorID(operatorID);
+        vo.setTokenAvailableTime((int) (ttlMillis / 1000));
+        vo.setFailReason(0);
+        vo.setSuccStat(0);
+
+        Map<String, String> resultMap = Maps.newLinkedHashMap();
+        // 加密数据
+        byte[] encryptText = Cryptos.aesEncrypt(JSONObject.toJSONString(vo).getBytes(),
+                dataSecret.getBytes(), dataSecretIv.getBytes());
+        String encryptData = Encodes.encodeBase64(encryptText);
+
+        resultMap.put("Data", encryptData);
+        // 生成sig
+        String resultSign = GBSignUtils.sign(resultMap, signSecret);
+        resultMap.put("Sig", resultSign);
+
+        return resultMap;
+    }
+
+    public Map<String, String> checkoutSign(CommonParamsDTO dto){
+        String operatorID = dto.getOperatorID();
+        // 通过operatorID 查出 operatorSecret
+        ThirdPartyPlatformConfig platformConfig = thirdPartyPlatformConfigService.getInfoByOperatorId(operatorID);
+        if (platformConfig == null) {
+            return null;
+        }
+        String operatorSecret = platformConfig.getOperatorSecret();
+        String signSecret = platformConfig.getSignSecret();
+
+        Map<String, String> map = Maps.newLinkedHashMap();
+        map.put("OperatorID", dto.getOperatorID());
+        map.put("Data", dto.getData());
+        map.put("TimeStamp", dto.getTimeStamp());
+        map.put("Seq", dto.getSeq());
+        String sign = GBSignUtils.sign(map, signSecret);
+        System.out.println(sign);
+
+        // 验证签名 得到请求方传过来的签名sig->自己拿到请求体后，再按双方约定的协议生成一个sig->对比两个sig是否一致
+        if (!StringUtils.equals(dto.getSig(), sign)) {
+            System.out.println("签名校验==失败");
+            return null;
+        }
+        System.out.println("签名校验通过！！！");
+
+        // 解密data
+        // byte[] plainText = Cryptos.aesDecrypt(Encodes.decodeBase64(dto.getData()), operatorSecret.getBytes(), operatorSecret.getBytes());
+        // String dataStr = new String(plainText, "UTF-8");
+        // Map<String, String> resMap = (Map<String, String>) JSON.parse(dataStr);
+        // return resMap;
+        Map<String, String> resultMap = new LinkedHashMap<>();
+        resultMap.put("Data", dto.getData());
+        resultMap.put("OperatorSecret", operatorSecret);
+        resultMap.put("DataSecret", platformConfig.getDataSecret());
+        resultMap.put("DataSecretIV", platformConfig.getDataSecretIv());
+        return resultMap;
+    }
 }