package com.lll.serviceingateway.sso; import com.alibaba.fastjson.JSONObject; import com.lll.serviceingateway.sso.util.AESUtil; import com.lll.serviceingateway.sso.util.Sm4Util; import io.netty.buffer.ByteBufAllocator; import lombok.SneakyThrows; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.cloud.gateway.filter.GatewayFilterChain; import org.springframework.cloud.gateway.filter.GlobalFilter; import org.springframework.core.Ordered; import org.springframework.core.io.buffer.DataBuffer; import org.springframework.core.io.buffer.DataBufferUtils; import org.springframework.core.io.buffer.NettyDataBufferFactory; import org.springframework.http.HttpMethod; import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.http.server.reactive.ServerHttpRequestDecorator; import org.springframework.stereotype.Component; import org.springframework.util.MultiValueMap; import org.springframework.web.server.ServerWebExchange; import reactor.core.publisher.Flux; import reactor.core.publisher.Mono; import java.net.URI; import java.nio.CharBuffer; import java.nio.charset.StandardCharsets; import java.util.Base64; import java.util.HashMap; import java.util.Map; import java.util.concurrent.atomic.AtomicReference; /** * 參數加密傳輸 * * @author: lll * @date: 2021年08月27日 14:08:20 */ @Component public class ParamsEncryptionFilter implements GlobalFilter, Ordered { static Logger logger = LoggerFactory.getLogger(ParamsEncryptionFilter.class); @SneakyThrows @Override public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) { ServerHttpRequest serverHttpRequest = exchange.getRequest(); HttpMethod method = serverHttpRequest.getMethod(); String encryptionType = serverHttpRequest.getHeaders().getFirst("encryptionType"); URI uri = serverHttpRequest.getURI(); if (encryptionType != null) { if (method == HttpMethod.POST || method == HttpMethod.PUT) { //從請求里獲取Post請求體 String bodyStr = resolveBodyFromRequest(serverHttpRequest); logger.info("PUT OR POST bodyStr: " + bodyStr); if (bodyStr != null) { JSONObject bodyJson = JSONObject.parseObject(bodyStr); String paramsStr = bodyJson.getString("params"); //解密 logger.info("PUT OR POST ciphertext parameters: " + paramsStr); paramsStr = decodeParamsBytype(encryptionType, paramsStr); //非法非法加密處理,不進行解密操作 if ("-1".equals(paramsStr)) { return chain.filter(exchange); } logger.info("PUT OR POST plaintext parameters: " + paramsStr); //封裝request,傳給下一級 ServerHttpRequest request = serverHttpRequest.mutate().uri(uri).build(); DataBuffer bodyDataBuffer = stringBuffer(paramsStr); Flux<DataBuffer> bodyFlux = Flux.just(bodyDataBuffer); request = new ServerHttpRequestDecorator(request) { @Override public Flux<DataBuffer> getBody() { return bodyFlux; } }; return chain.filter(exchange.mutate().request(request).build()); } } else if (method == HttpMethod.GET || method == HttpMethod.DELETE) { try { MultiValueMap<String, String> requestQueryParams = serverHttpRequest.getQueryParams(); logger.info("GET OR DELETE ciphertext parameters: " + requestQueryParams.get("params").get(0)); String params = requestQueryParams.get("params").get(0); //解密 params = decodeParamsBytype(encryptionType, params); //非法非法加密處理,不進行解密操作 if ("-1".equals(params)) { return chain.filter(exchange); } logger.info("GET OR DELETE plaintext parameters: " + params); // 封裝URL URI plaintUrl = new URI(uri.getScheme(), uri.getAuthority(), uri.getPath(), params, uri.getFragment()); //封裝request,傳給下一級 ServerHttpRequest request = serverHttpRequest.mutate().uri(plaintUrl).build(); logger.info("get OR delete plaintext request.getQueryParams(): " + request.getQueryParams()); return chain.filter(exchange.mutate().request(request).build()); } catch (Exception e) { return chain.filter(exchange); } } } return chain.filter(exchange); } /** * 解密過濾器必須在所有過濾器之前,否后后續過濾器獲取參數會報錯 * 如果有的其他的過濾器添加請調整過濾器順序 */ @Override public int getOrder() {
// 這個排序只能給否則get請求修改的參數不生效 return -2; } //根據類型進行解密 private String decodeParamsBytype(String type, String params) throws Exception { if ("BA".equals(type)) { //BASE64解密 return new String(Base64.getDecoder().decode(params)); } else if ("AE".equals(type)) { //AES128解密 return AESUtil.aesDecrypt(params); } else if ("SM".equals(type)) { //SM4解密 return Sm4Util.decryptEcb(params); } else { //非法解密 return "-1"; } } private String resolveBodyFromRequest(ServerHttpRequest serverHttpRequest) { //獲取請求體 Flux<DataBuffer> body = serverHttpRequest.getBody(); AtomicReference<String> bodyRef = new AtomicReference<>(); body.subscribe(buffer -> { CharBuffer charBuffer = StandardCharsets.UTF_8.decode(buffer.asByteBuffer()); DataBufferUtils.release(buffer); bodyRef.set(charBuffer.toString()); }); //獲取request body return bodyRef.get(); } private DataBuffer stringBuffer(String value) { byte[] bytes = value.getBytes(StandardCharsets.UTF_8); NettyDataBufferFactory nettyDataBufferFactory = new NettyDataBufferFactory(ByteBufAllocator.DEFAULT); DataBuffer buffer = nettyDataBufferFactory.allocateBuffer(bytes.length); buffer.write(bytes); return buffer; } /** * 解析出url參數中的鍵值對 * 如 "Action=del&id=123",解析出Action:del,id:123存入map中 * * @param params url地址 * @return url請求參數部分 */ private static Map<String, String> urlSplit(String params) { Map<String, String> mapRequest = new HashMap<>(); String[] arrSplit = null; if (params == null) { return mapRequest; } arrSplit = params.split("[&]"); for (String strSplit : arrSplit) { String[] arrSplitEqual = null; arrSplitEqual = strSplit.split("[=]"); //解析出鍵值 if (arrSplitEqual.length > 1) { //正確解析 mapRequest.put(arrSplitEqual[0], arrSplitEqual[1]); } else if (arrSplitEqual[0] != "") { //只有參數沒有值,不加入 mapRequest.put(arrSplitEqual[0], ""); } } return mapRequest; } public static void main(String[] args) throws Exception { String params = "{\"pageSize\":10,\"pageNo\":1,\"mlmc\":\"\",\"lmId\":\"02020072909122290800000101001101\",\"gxzq\":[],\"mlzt\":[],\"kflx\":[],\"zylx\":[]}"; //base64 String encodeParams = Base64.getEncoder().encodeToString(params.getBytes()); logger.info("BASE64 encodeParams: " + encodeParams); String decoderParams = new String(Base64.getDecoder().decode(encodeParams)); logger.info("BASE64 decoderParams: " + decoderParams); //aes128 String aesEncodeParams = AESUtil.aesEncrypt(params); logger.info("aesEncodeParams: " + aesEncodeParams); String aesdecodeParams = AESUtil.aesDecrypt(aesEncodeParams); logger.info("aesdecodeParams: " + aesdecodeParams); //國密sm4,注意國密sm4的key是需要32位16進制字符 String sm4EncodeParams = Sm4Util.encryptEcb(params); logger.info("sm4EncodeParams: " + sm4EncodeParams); String sm4DecodeParams = Sm4Util.decryptEcb(sm4EncodeParams); logger.info("sm4DecodeParams: " + sm4DecodeParams); } }