ouyang
- 浏览: 18072 次
- 性别:
-
文章分类
最新评论
adsf
package com.paic.vass.mixedPayment.filter;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.TypeReference;
import com.paic.vass.common.newentity.Invoice;
import com.paic.vass.common.newentity.PayOrderSp;
import com.paic.vass.mixedPayment.dto.newdto.InvoiceDTO;
import com.paic.vass.mixedPayment.utils.AESUtils;
import lombok.extern.slf4j.Slf4j;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.TreeMap;
@Slf4j
public class DecodeContentHttpServletRequestWrapper extends HttpServletRequestWrapper {
private static final String CHARSET_UTF8 = "UTF-8";
private byte[] body;
public DecodeContentHttpServletRequestWrapper(HttpServletRequest request, String reqAesData, PayOrderSp spInfo) throws IOException {
super(request);
String reqData = null;
if("AES128".equals(spInfo.getEncryptType())) {
reqData = AESUtils.dncode(spInfo.getPublicKey(), reqAesData);
}
TreeMap<String, Object> reqDataTreeMap = JSONObject.parseObject(reqData,
new TypeReference<TreeMap<String, Object>>() {
});
//String temp =AESUtils.encode(spInfo.getPublicKey(),"{\"currency_infos\":[{\"currency_count\":8,\"currency_no\":\"CNY\",\"currency_code\":\"KJHSIFUHEKJFH\",\"currency_unit\":\"元\"}],\"goods_infos\":[{\"product_code\":\"SDFSF\",\"child_trade_no\":\"Z19010210092383\",\"goods_type\":\"any\",\"number_type\":\"any\",\"depertment_code\":\"234234\",\"product_type\":\"any\",\"good_name\":\"现金_座椅清洁_积分6元_现金10\",\"good_no\":\"Z19010210092383\",\"product_big_type\":\"any\",\"price\":8,\"subsys_source\":\"PS19011\"}],\"merchant_id\":\"900000112139\",\"trade_no\":\"D19010210089270\",\"sp_uid\":\"123123123\",\"order_amount\":300,\"pay_type\":\"01\",\"front_url\":\"http://icore-vass-client-stg1.pingan.com/router/orderDetail/#id#D19010210089269\",\"cancel_url\":\"http://icore-vass-client-stg1.pingan.com/router/orderDetail?id=D19010210089269\",\"sp_notify_url\":\"http://icore-vass-client-stg1.pingan.com/router/orderDetail?id=D19010210089269\",\"extend_one\":\"wefsadfe\",\"extend_sec\":\"asdfasdf\",\"sp_ospf\":\"45345345\",\"version_no\":\"1.0\",\"order_desc\":\"实物/服务\",\"tellphone\":\"13122091760\"}");
// log.info("test aes str:={}",temp);
//String temp1 =AESUtils.encode(spInfo.getPublicKey(),"{\"merchant_id\": \"900000112139\",\"trade_no\": \"D19010210089269\"}");
//log.info("test1 aes str:={}",temp1);
// String invo = JSON.toJSONString(new InvoiceDTO().couBean());
String invo = "{\"type\":\"01\",\"commodity_merger_code\": \"923847234988\",\"ext1\": \"ext1\",\"ext2\": \"ext2\",\"free_shipping\": \"Y\",\"invoice_biz_type\": \"01\",\"invo_content\": \"测试发票内容\",\"invo_memo\": \"测试发票备注\",\"invo_type\": \"D\",\"mer_resrved\": \"\",\"opposite_addr\": \"测试\",\"opposite_acct\": \"ceshi\",\"opposite_bank_name\": \"china bank\",\"opposite_email\": \"ouyang@126.com\",\"opposite_name\": \"ceshi\",\"opposite_code\": \"234234234234\",\"opposite_tel\": \"13122091760\",\"product_name\": \"ceshio\",\"invo_ppf\": \"P\",\"quantity\": \"12\",\"receive_addr\": \"china shanghai\",\"receive_name\": \"ceshi1\",\"receive_tel\": \"18670475003\",\"sp_id\": \"100001\",\"speci_model\": \"123\",\"taxation_mode\": \"01\",\"taxpayer_id\": \"234234\",\"trade_no\": \"D19030510210296\",\"unit\": \"千克\",\"unit_price\": 100,\"merchant_id\":\"900000112139\"}";
log.info("InvoiceDTO:={}",AESUtils.encode(spInfo.getPublicKey(),invo));
reqDataTreeMap.put("sp_id", spInfo.getSpId());
body = JSON.toJSONString(reqDataTreeMap).getBytes(CHARSET_UTF8);
}
@Override
public BufferedReader getReader() throws IOException {
return new BufferedReader(new InputStreamReader(getInputStream()));
}
@Override
public ServletInputStream getInputStream() throws IOException {
final ByteArrayInputStream bais = new ByteArrayInputStream(body);
return new ServletInputStream() {
@Override
public int read() throws IOException {
return bais.read();
}
@Override
public boolean isFinished() {
return false;
}
@Override
public boolean isReady() {
return false;
}
@Override
public void setReadListener(ReadListener readListener) {
}
};
}
public void setRequestBody(String requestBody) throws Exception {
this.body = requestBody.getBytes(CHARSET_UTF8);
}
}
package com.paic.vass.mixedPayment.filter;
import com.paic.vass.mixedPayment.common.consts.ResultCode;
import com.paic.vass.mixedPayment.config.Authentication;
import com.paic.vass.mixedPayment.exception.LogicException;
import net.sf.json.JSONObject;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
/**
* 接口权限校验过滤器
* @author EX-LIUQING006
*
*/
public class AuthenticationInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
// 如果不是映射到方法直接通过
if (!(handler instanceof HandlerMethod)) {
return true;
}
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
// 判断接口是否有访问权限
/* Authentication methodAnnotation = method.getAnnotation(Authentication.class);
// 有 @Authentication 注解,需要认证 拦截器暂无业务处理,注释
if (methodAnnotation != null) {
String[] values = methodAnnotation.value();
String bodyStr = this.getBodyString(request);
JSONObject bodyObj = JSONObject.fromObject(bodyStr);
if(!bodyObj.containsKey("sourceCode") || !bodyObj.containsKey("sp_id")){
throw new LogicException(ResultCode.PERMISSION_DENIED);
}
//不能用PAP1990来验证了。支付来源码不固定,根据商家配置
*//*String sourceCode = bodyObj.getString("sourceCode");
for(String value:values){
if(StringUtils.equals(sourceCode, value)){
return true;
}
}
throw new LogicException(ResultCode.PERMISSION_DENIED);*//*
}*/
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
// TODO Auto-generated method stub
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
// TODO Auto-generated method stub
}
/**
* 获取请求Body
*
* @param request
* @return
*/
public String getBodyString(ServletRequest request) {
String bodyStr = "";
try {
byte[] bodyByties = IOUtils.toByteArray(request.getInputStream());
bodyStr = new String(bodyByties, "UTF-8");
} catch (Exception e) {
e.printStackTrace();
}
return bodyStr;
}
}
/**
*
*/
package com.paic.vass.mixedPayment.filter;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.TypeReference;
import com.paic.vass.common.newentity.PayOrderSp;
import com.paic.vass.mixedPayment.common.consts.CheckSignResultCode;
import com.paic.vass.mixedPayment.common.consts.GatewayConstants;
import com.paic.vass.mixedPayment.common.consts.ResultCode;
import com.paic.vass.mixedPayment.exception.LogicException;
import com.paic.vass.mixedPayment.service.CheckSignService;
import com.paic.vass.mixedPayment.utils.KeyUtils;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.*;
/**
* 支付过滤器
* @author WEIFEI948
*
*/
@Component("payGatewayAuthFilter")
@Slf4j
public class PayGatewayAuthFilter implements Filter, InitializingBean {
private List<String> ignoreParamNames = new ArrayList<>();
private List<String> appKeyList = new ArrayList<>();
private Map<String, String> secretKeyMap = new HashMap<>();
private Map<String, String> aesSecretKeyMap = new HashMap<>();
@Autowired
private CheckSignService checkSignService;
@Value(value = "${pay.auth.do}")
private boolean doAuth;
//增值的
@Value(value = "${pay.secretKey.icoreVass}")
private String secretKeyIcoreVass;
@Value(value = "${pay.secretKey.icorePapProfit}")
private String secretKeyIcorePapProfit;
//权益的
@Value(value = "${pay.aesSecretKey.icoreVass}")
private String aesSecretKeyIcoreVass;
@Value(value = "${pay.aesSecretKey.icorePapProfit}")
private String aesSecretKeyIcorePapProfit;
/*
* (non-Javadoc)
*
* @see org.springframework.beans.factory.InitializingBean#afterPropertiesSet()
*/
@Override
public void afterPropertiesSet() throws Exception {
appKeyList.add(GatewayConstants.APP_KEY_ICORE_VASS);
appKeyList.add(GatewayConstants.APP_KEY_ICORE_PAP_PROFIT);
for(String appKey:appKeyList){
if(StringUtils.equals(GatewayConstants.APP_KEY_ICORE_VASS, appKey)){
secretKeyMap.put(appKey, secretKeyIcoreVass);
aesSecretKeyMap.put(appKey, aesSecretKeyIcoreVass);
}
if(StringUtils.equals(GatewayConstants.APP_KEY_ICORE_PAP_PROFIT, appKey)){
secretKeyMap.put(appKey, secretKeyIcorePapProfit);
aesSecretKeyMap.put(appKey, aesSecretKeyIcorePapProfit);
}
}
KeyUtils.getInstance().put("secretKeyIcoreVass", secretKeyIcoreVass);
KeyUtils.getInstance().put("secretKeyIcorePapProfit", secretKeyIcorePapProfit);
KeyUtils.getInstance().put("aesSecretKeyIcoreVass", aesSecretKeyIcoreVass);
KeyUtils.getInstance().put("aesSecretKeyIcorePapProfit", aesSecretKeyIcorePapProfit);
ignoreParamNames.add("sign");
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
ignoreParamNames.add("sign");
//回调相关接口不用经过过滤器
String uri = request.getRequestURI();
log.info("payGatewayAuthFilter 访问 uri = {}", uri);
response.setContentType("application/json;charset=utf-8");
ServletRequest bodyRequest =
new BodyReaderHttpServletRequestWrapper((HttpServletRequest) req);
//doAuth = false 则直接跳过拦截器,不用做验签和解密
if (!doAuth) {
chain.doFilter(bodyRequest, res);
return;
}
String reqStr = this.getBodyString(bodyRequest);
TreeMap<String, String> paramTreeMap = JSONObject.parseObject(reqStr,
new TypeReference<TreeMap<String, String>>() {
});
String spId = paramTreeMap.get("sp_id");
if(StringUtils.isBlank(spId)){
spId = paramTreeMap.get("app_key");
}
if(StringUtils.isBlank(spId)){
log.info("payGatewayAuthFilter lost must param");
checkSignService.tellCheckFail(request, response, CheckSignResultCode.CODE_PARAMS_ERROR);
return;
}
String reqAesData = paramTreeMap.get("data");
ServletRequest decodeContentRequest =null;
if(StringUtils.isNotBlank(paramTreeMap.get("sp_id"))) {
PayOrderSp spInfo = KeyUtils.spInfoMap.get(spId);
if(spInfo ==null || StringUtils.isBlank(spInfo.getSpId())){
log.info("payGatewayAuthFilter sp_id is validate fail:={}",spId);
checkSignService.tellCheckFail(request, response, CheckSignResultCode.CODE_PARAMS_SPID_ERROR);
return;
}
int checkRlt = checkSignService.checkSign(paramTreeMap, ignoreParamNames, spInfo);
if (CheckSignResultCode.CODE_SUCCESS != checkRlt) {
log.info("payGatewayAuthFilter checkSign not passed");
checkSignService.tellCheckFail(request, response, checkRlt);
return;
}
decodeContentRequest = new DecodeContentHttpServletRequestWrapper(
(HttpServletRequest) bodyRequest, reqAesData, spInfo);
}else{
String appKey = paramTreeMap.get("app_key");
reqAesData = paramTreeMap.get("data");
String secretKey = secretKeyMap.get(appKey);
String aesSecretKey = aesSecretKeyMap.get(appKey);
int checkRlt = checkSignService.checkSign(paramTreeMap, ignoreParamNames, secretKey,
aesSecretKey,appKey);
if (CheckSignResultCode.CODE_SUCCESS != checkRlt) {
log.info("payGatewayAuthFilter checkSign not passed");
checkSignService.tellCheckFail(request, response, checkRlt);
return;
}
log.info("payGatewayAuthFilter checkSign passed");
decodeContentRequest = new OldDecodeContentHttpServletRequestWrapper(
(HttpServletRequest) bodyRequest, reqAesData, aesSecretKey, appKey);
}
chain.doFilter(decodeContentRequest, response);
//log.info("过滤器执行结束");
}
/*
* (non-Javadoc)
*
* @see javax.servlet.Filter#destroy()
*/
@Override
public void destroy() {
}
/**
* 获取请求Body
*
* @param request
* @return
*/
private String getBodyString(ServletRequest request) {
String bodyStr = "";
try {
byte[] bodyByties = IOUtils.toByteArray(request.getInputStream());
bodyStr = new String(bodyByties, GatewayConstants.CHARSET);
} catch (Exception e) {
e.printStackTrace();
}
return bodyStr;
}
}
package com.paic.vass.mixedPayment.filter;
import org.apache.commons.io.IOUtils;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
/**
* @author
*/
public class BodyReaderHttpServletRequestWrapper extends HttpServletRequestWrapper {
private static final String CHARSET_UTF8 = "UTF-8";
private byte[] body;
public BodyReaderHttpServletRequestWrapper(HttpServletRequest request) throws IOException {
super(request);
body = IOUtils.toByteArray(request.getInputStream());
}
@Override
public BufferedReader getReader() throws IOException {
return new BufferedReader(new InputStreamReader(getInputStream()));
}
@Override
public ServletInputStream getInputStream() throws IOException {
final ByteArrayInputStream bais = new ByteArrayInputStream(body);
return new ServletInputStream() {
@Override
public int read() throws IOException {
return bais.read();
}
@Override
public boolean isFinished() {
return false;
}
@Override
public boolean isReady() {
return false;
}
@Override
public void setReadListener(ReadListener readListener) {
}
};
}
public void setRequestBody(String requestBody) throws Exception {
this.body = requestBody.getBytes(CHARSET_UTF8);
}
}
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.TypeReference;
import com.paic.vass.common.newentity.Invoice;
import com.paic.vass.common.newentity.PayOrderSp;
import com.paic.vass.mixedPayment.dto.newdto.InvoiceDTO;
import com.paic.vass.mixedPayment.utils.AESUtils;
import lombok.extern.slf4j.Slf4j;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.TreeMap;
@Slf4j
public class DecodeContentHttpServletRequestWrapper extends HttpServletRequestWrapper {
private static final String CHARSET_UTF8 = "UTF-8";
private byte[] body;
public DecodeContentHttpServletRequestWrapper(HttpServletRequest request, String reqAesData, PayOrderSp spInfo) throws IOException {
super(request);
String reqData = null;
if("AES128".equals(spInfo.getEncryptType())) {
reqData = AESUtils.dncode(spInfo.getPublicKey(), reqAesData);
}
TreeMap<String, Object> reqDataTreeMap = JSONObject.parseObject(reqData,
new TypeReference<TreeMap<String, Object>>() {
});
//String temp =AESUtils.encode(spInfo.getPublicKey(),"{\"currency_infos\":[{\"currency_count\":8,\"currency_no\":\"CNY\",\"currency_code\":\"KJHSIFUHEKJFH\",\"currency_unit\":\"元\"}],\"goods_infos\":[{\"product_code\":\"SDFSF\",\"child_trade_no\":\"Z19010210092383\",\"goods_type\":\"any\",\"number_type\":\"any\",\"depertment_code\":\"234234\",\"product_type\":\"any\",\"good_name\":\"现金_座椅清洁_积分6元_现金10\",\"good_no\":\"Z19010210092383\",\"product_big_type\":\"any\",\"price\":8,\"subsys_source\":\"PS19011\"}],\"merchant_id\":\"900000112139\",\"trade_no\":\"D19010210089270\",\"sp_uid\":\"123123123\",\"order_amount\":300,\"pay_type\":\"01\",\"front_url\":\"http://icore-vass-client-stg1.pingan.com/router/orderDetail/#id#D19010210089269\",\"cancel_url\":\"http://icore-vass-client-stg1.pingan.com/router/orderDetail?id=D19010210089269\",\"sp_notify_url\":\"http://icore-vass-client-stg1.pingan.com/router/orderDetail?id=D19010210089269\",\"extend_one\":\"wefsadfe\",\"extend_sec\":\"asdfasdf\",\"sp_ospf\":\"45345345\",\"version_no\":\"1.0\",\"order_desc\":\"实物/服务\",\"tellphone\":\"13122091760\"}");
// log.info("test aes str:={}",temp);
//String temp1 =AESUtils.encode(spInfo.getPublicKey(),"{\"merchant_id\": \"900000112139\",\"trade_no\": \"D19010210089269\"}");
//log.info("test1 aes str:={}",temp1);
// String invo = JSON.toJSONString(new InvoiceDTO().couBean());
String invo = "{\"type\":\"01\",\"commodity_merger_code\": \"923847234988\",\"ext1\": \"ext1\",\"ext2\": \"ext2\",\"free_shipping\": \"Y\",\"invoice_biz_type\": \"01\",\"invo_content\": \"测试发票内容\",\"invo_memo\": \"测试发票备注\",\"invo_type\": \"D\",\"mer_resrved\": \"\",\"opposite_addr\": \"测试\",\"opposite_acct\": \"ceshi\",\"opposite_bank_name\": \"china bank\",\"opposite_email\": \"ouyang@126.com\",\"opposite_name\": \"ceshi\",\"opposite_code\": \"234234234234\",\"opposite_tel\": \"13122091760\",\"product_name\": \"ceshio\",\"invo_ppf\": \"P\",\"quantity\": \"12\",\"receive_addr\": \"china shanghai\",\"receive_name\": \"ceshi1\",\"receive_tel\": \"18670475003\",\"sp_id\": \"100001\",\"speci_model\": \"123\",\"taxation_mode\": \"01\",\"taxpayer_id\": \"234234\",\"trade_no\": \"D19030510210296\",\"unit\": \"千克\",\"unit_price\": 100,\"merchant_id\":\"900000112139\"}";
log.info("InvoiceDTO:={}",AESUtils.encode(spInfo.getPublicKey(),invo));
reqDataTreeMap.put("sp_id", spInfo.getSpId());
body = JSON.toJSONString(reqDataTreeMap).getBytes(CHARSET_UTF8);
}
@Override
public BufferedReader getReader() throws IOException {
return new BufferedReader(new InputStreamReader(getInputStream()));
}
@Override
public ServletInputStream getInputStream() throws IOException {
final ByteArrayInputStream bais = new ByteArrayInputStream(body);
return new ServletInputStream() {
@Override
public int read() throws IOException {
return bais.read();
}
@Override
public boolean isFinished() {
return false;
}
@Override
public boolean isReady() {
return false;
}
@Override
public void setReadListener(ReadListener readListener) {
}
};
}
public void setRequestBody(String requestBody) throws Exception {
this.body = requestBody.getBytes(CHARSET_UTF8);
}
}
package com.paic.vass.mixedPayment.filter;
import com.paic.vass.mixedPayment.common.consts.ResultCode;
import com.paic.vass.mixedPayment.config.Authentication;
import com.paic.vass.mixedPayment.exception.LogicException;
import net.sf.json.JSONObject;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
/**
* 接口权限校验过滤器
* @author EX-LIUQING006
*
*/
public class AuthenticationInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
// 如果不是映射到方法直接通过
if (!(handler instanceof HandlerMethod)) {
return true;
}
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
// 判断接口是否有访问权限
/* Authentication methodAnnotation = method.getAnnotation(Authentication.class);
// 有 @Authentication 注解,需要认证 拦截器暂无业务处理,注释
if (methodAnnotation != null) {
String[] values = methodAnnotation.value();
String bodyStr = this.getBodyString(request);
JSONObject bodyObj = JSONObject.fromObject(bodyStr);
if(!bodyObj.containsKey("sourceCode") || !bodyObj.containsKey("sp_id")){
throw new LogicException(ResultCode.PERMISSION_DENIED);
}
//不能用PAP1990来验证了。支付来源码不固定,根据商家配置
*//*String sourceCode = bodyObj.getString("sourceCode");
for(String value:values){
if(StringUtils.equals(sourceCode, value)){
return true;
}
}
throw new LogicException(ResultCode.PERMISSION_DENIED);*//*
}*/
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
// TODO Auto-generated method stub
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
// TODO Auto-generated method stub
}
/**
* 获取请求Body
*
* @param request
* @return
*/
public String getBodyString(ServletRequest request) {
String bodyStr = "";
try {
byte[] bodyByties = IOUtils.toByteArray(request.getInputStream());
bodyStr = new String(bodyByties, "UTF-8");
} catch (Exception e) {
e.printStackTrace();
}
return bodyStr;
}
}
/**
*
*/
package com.paic.vass.mixedPayment.filter;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.TypeReference;
import com.paic.vass.common.newentity.PayOrderSp;
import com.paic.vass.mixedPayment.common.consts.CheckSignResultCode;
import com.paic.vass.mixedPayment.common.consts.GatewayConstants;
import com.paic.vass.mixedPayment.common.consts.ResultCode;
import com.paic.vass.mixedPayment.exception.LogicException;
import com.paic.vass.mixedPayment.service.CheckSignService;
import com.paic.vass.mixedPayment.utils.KeyUtils;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.*;
/**
* 支付过滤器
* @author WEIFEI948
*
*/
@Component("payGatewayAuthFilter")
@Slf4j
public class PayGatewayAuthFilter implements Filter, InitializingBean {
private List<String> ignoreParamNames = new ArrayList<>();
private List<String> appKeyList = new ArrayList<>();
private Map<String, String> secretKeyMap = new HashMap<>();
private Map<String, String> aesSecretKeyMap = new HashMap<>();
@Autowired
private CheckSignService checkSignService;
@Value(value = "${pay.auth.do}")
private boolean doAuth;
//增值的
@Value(value = "${pay.secretKey.icoreVass}")
private String secretKeyIcoreVass;
@Value(value = "${pay.secretKey.icorePapProfit}")
private String secretKeyIcorePapProfit;
//权益的
@Value(value = "${pay.aesSecretKey.icoreVass}")
private String aesSecretKeyIcoreVass;
@Value(value = "${pay.aesSecretKey.icorePapProfit}")
private String aesSecretKeyIcorePapProfit;
/*
* (non-Javadoc)
*
* @see org.springframework.beans.factory.InitializingBean#afterPropertiesSet()
*/
@Override
public void afterPropertiesSet() throws Exception {
appKeyList.add(GatewayConstants.APP_KEY_ICORE_VASS);
appKeyList.add(GatewayConstants.APP_KEY_ICORE_PAP_PROFIT);
for(String appKey:appKeyList){
if(StringUtils.equals(GatewayConstants.APP_KEY_ICORE_VASS, appKey)){
secretKeyMap.put(appKey, secretKeyIcoreVass);
aesSecretKeyMap.put(appKey, aesSecretKeyIcoreVass);
}
if(StringUtils.equals(GatewayConstants.APP_KEY_ICORE_PAP_PROFIT, appKey)){
secretKeyMap.put(appKey, secretKeyIcorePapProfit);
aesSecretKeyMap.put(appKey, aesSecretKeyIcorePapProfit);
}
}
KeyUtils.getInstance().put("secretKeyIcoreVass", secretKeyIcoreVass);
KeyUtils.getInstance().put("secretKeyIcorePapProfit", secretKeyIcorePapProfit);
KeyUtils.getInstance().put("aesSecretKeyIcoreVass", aesSecretKeyIcoreVass);
KeyUtils.getInstance().put("aesSecretKeyIcorePapProfit", aesSecretKeyIcorePapProfit);
ignoreParamNames.add("sign");
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
ignoreParamNames.add("sign");
//回调相关接口不用经过过滤器
String uri = request.getRequestURI();
log.info("payGatewayAuthFilter 访问 uri = {}", uri);
response.setContentType("application/json;charset=utf-8");
ServletRequest bodyRequest =
new BodyReaderHttpServletRequestWrapper((HttpServletRequest) req);
//doAuth = false 则直接跳过拦截器,不用做验签和解密
if (!doAuth) {
chain.doFilter(bodyRequest, res);
return;
}
String reqStr = this.getBodyString(bodyRequest);
TreeMap<String, String> paramTreeMap = JSONObject.parseObject(reqStr,
new TypeReference<TreeMap<String, String>>() {
});
String spId = paramTreeMap.get("sp_id");
if(StringUtils.isBlank(spId)){
spId = paramTreeMap.get("app_key");
}
if(StringUtils.isBlank(spId)){
log.info("payGatewayAuthFilter lost must param");
checkSignService.tellCheckFail(request, response, CheckSignResultCode.CODE_PARAMS_ERROR);
return;
}
String reqAesData = paramTreeMap.get("data");
ServletRequest decodeContentRequest =null;
if(StringUtils.isNotBlank(paramTreeMap.get("sp_id"))) {
PayOrderSp spInfo = KeyUtils.spInfoMap.get(spId);
if(spInfo ==null || StringUtils.isBlank(spInfo.getSpId())){
log.info("payGatewayAuthFilter sp_id is validate fail:={}",spId);
checkSignService.tellCheckFail(request, response, CheckSignResultCode.CODE_PARAMS_SPID_ERROR);
return;
}
int checkRlt = checkSignService.checkSign(paramTreeMap, ignoreParamNames, spInfo);
if (CheckSignResultCode.CODE_SUCCESS != checkRlt) {
log.info("payGatewayAuthFilter checkSign not passed");
checkSignService.tellCheckFail(request, response, checkRlt);
return;
}
decodeContentRequest = new DecodeContentHttpServletRequestWrapper(
(HttpServletRequest) bodyRequest, reqAesData, spInfo);
}else{
String appKey = paramTreeMap.get("app_key");
reqAesData = paramTreeMap.get("data");
String secretKey = secretKeyMap.get(appKey);
String aesSecretKey = aesSecretKeyMap.get(appKey);
int checkRlt = checkSignService.checkSign(paramTreeMap, ignoreParamNames, secretKey,
aesSecretKey,appKey);
if (CheckSignResultCode.CODE_SUCCESS != checkRlt) {
log.info("payGatewayAuthFilter checkSign not passed");
checkSignService.tellCheckFail(request, response, checkRlt);
return;
}
log.info("payGatewayAuthFilter checkSign passed");
decodeContentRequest = new OldDecodeContentHttpServletRequestWrapper(
(HttpServletRequest) bodyRequest, reqAesData, aesSecretKey, appKey);
}
chain.doFilter(decodeContentRequest, response);
//log.info("过滤器执行结束");
}
/*
* (non-Javadoc)
*
* @see javax.servlet.Filter#destroy()
*/
@Override
public void destroy() {
}
/**
* 获取请求Body
*
* @param request
* @return
*/
private String getBodyString(ServletRequest request) {
String bodyStr = "";
try {
byte[] bodyByties = IOUtils.toByteArray(request.getInputStream());
bodyStr = new String(bodyByties, GatewayConstants.CHARSET);
} catch (Exception e) {
e.printStackTrace();
}
return bodyStr;
}
}
package com.paic.vass.mixedPayment.filter;
import org.apache.commons.io.IOUtils;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
/**
* @author
*/
public class BodyReaderHttpServletRequestWrapper extends HttpServletRequestWrapper {
private static final String CHARSET_UTF8 = "UTF-8";
private byte[] body;
public BodyReaderHttpServletRequestWrapper(HttpServletRequest request) throws IOException {
super(request);
body = IOUtils.toByteArray(request.getInputStream());
}
@Override
public BufferedReader getReader() throws IOException {
return new BufferedReader(new InputStreamReader(getInputStream()));
}
@Override
public ServletInputStream getInputStream() throws IOException {
final ByteArrayInputStream bais = new ByteArrayInputStream(body);
return new ServletInputStream() {
@Override
public int read() throws IOException {
return bais.read();
}
@Override
public boolean isFinished() {
return false;
}
@Override
public boolean isReady() {
return false;
}
@Override
public void setReadListener(ReadListener readListener) {
}
};
}
public void setRequestBody(String requestBody) throws Exception {
this.body = requestBody.getBytes(CHARSET_UTF8);
}
}
分享到:
发表评论
相关推荐
单例模式是软件设计模式中的一种,用于控制类的实例化过程,确保一个类在整个程序运行过程中只有一个实例存在。在C#中,单例模式的应用非常广泛,特别是在需要全局访问点或者资源管理的情况下,比如数据库连接、...
标题中的"mi_repo2"很可能是一个个人或团队维护的代码仓库名称,"asdfg wefaef asdasdf sadsad asdasf ddf adsfa sd awdfasdf sadfa sdfwd adsf asdf"这部分看起来像是随机字符或无意义的字符串,可能是为了保密或者...
包括普通POST\GET\FILE... http.AddText("api_secret", "adsf*/12365454a6123(&*^@#%YGJK"); http.AddText("uuid", "asd8f6a51sd312323")); var bytes=new bytes[]; //文件转换成字节 http.AddFile("file1", bytes);
一、字符长度排序:-----------按文本每行字符的长度,从长到短,或从短到长进行排序。 处理前: 处理后: adgadsf[7] agaf[4] agaf[4] adgadsf[7] ...adg adsf adg@adsf ag af ag@af ahga sdha ahga@sdha
在这个设计中,我们使用了 ADI 公司的高性能 DSP 芯片 ADSF—21160 来实现液晶显示器的驱动电路的主要功能。 液晶显示器的驱动电路设计是一个关键的步骤,因为它直接影响着液晶显示器的显示质量和驱动电路的可靠性...
在医疗数据存储方面,联想的方案可能包含了高速缓存技术和分布式存储,如Nutanix的Acropolis Distributed Storage Fabric (ADSF)。这种存储解决方案能够实现数据的快速访问,同时保证数据冗余和灾难恢复能力,符合...
- 在“工具”->“环境选项”->“库”中添加路径“$(BCB)\Vcl\SmartFlash3.11\ADSF311FS”。 ##### 8. VCLSKIN控件 - **功能**:一组皮肤控件,用于显示不同风格的页面。 - **安装步骤**: - 选择“Vcl\VCLSKIN\...
33. echo ADSF | iconv -f UTF8 -t GBK:把字符由 utf8 转成 gbk。 用户管理 34. cat /etc/passwd |awk -F: {print $1}:查看系统中所有用户。 35. cat /etc/group:查看系统中所有的组。 36. groups:查前当前...
30. `echo "ADSF" | iconv -f UTF8 -t GBK`:将UTF8编码的文本转换为GBK编码。 31. `cat -n file`:在输出的文件内容前加上行号。 32. `chattr +i file`:设置文件为只读,使得连root用户也无法修改。 33. `...
1. **妙用宝宝起名大全**:建议开发者使用一些看似随意的名字,如“Fred”或“adsf”。这类名字简单易记,但缺乏意义,使得其他开发者难以理解其用途。 2. **单字母变量名**:使用单字母变量名(如`a`、`b`、`c`等)...
A adsf = new A(); } else if (e.getSource() == tianjia) { // 添加操作逻辑 } else if (e.getSource() == xiugai) { // 修改操作逻辑 } else if (e.getSource() == shanchu) { // 删除操作逻辑 } } } ```...
jsp图片验证码adsf
本文实例分析了c#格式化数字的方法。分享给大家供大家参考。具体如下: int a = 12345678; //格式为sring输出 Label1.Text = string.Format("asdfadsf{0}adsfasdf",...Label2.Text = "asdfadsf"+a.ToString("C")+"adsf
string[] str = { "3","y","34","QQ","41","adsf4","7","52"}; 实现这个要求的方法也许会很多。下面Insus.NET使用一个通用的方法来实现: 面向对象,创建一个类别Class Digit: class Digit { private int _D; ...
要构建该站点并查看其输出,您需要Ruby-1.9和一些Ruby gem: nanoc , adsf , fssm , kramdown , coderay和nokogiri 。 使用命令nanoc构建页面,并使用nanoc view在处启动临时Web服务器。 访问该地址将为您提供...
ADSF!??”,瘫痪,一个世界的幻觉,完全由甜甜圈居住着,以供食用,当然还有死亡。 因此,就像我说的那样,成为甜甜圈派对的主持人可能会感到压力很大。 您需要创建一台计算机来计算甜甜圈是否少于客人,这会让...
string[] elements = { "adsf", "etwert", "asdfasd", "gs" }; Class7 class7 = new Class7(); foreach (string element in elements) { class7.Add(new Class6(element)); } int maxLength = class7....
其中,DSP选用的是ADSF-BF531型数字信号处理器。它是由ADI和Intel公司合作,针对音频和视频信号的编解码、手持设备和移动通信设备而研发的16位定点处理器。 4. 硬件设计 指纹识别模块是由DSP、FPC1011C、16MB的...