SafeVerify.java

/**
 * 
 */
package cn.timer.api.callback.esign.service;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;

import javax.servlet.http.HttpServletRequest;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.transaction.annotation.Transactional;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;

import cn.hutool.json.JSONObject;
import cn.timer.api.bean.dzht.DzhtSignflowFinish;
import cn.timer.api.bean.qyzx.businessService.QyzxUseRecord;

/**
 * @author chen_xi 验证签名
 */
@Transactional
public class SafeVerify {
	public static void main(String[] args) {
		String rbody = "{\"action\":\"SIGN_FLOW_FINISH\",\"flowId\":\"1e49e34bdc5f4550a8fd6d7922c68101\",\"businessScence\":\"随便\",\"flowStatus\":\"2\",\"createTime\":\"2020-05-20 10:00:06\",\"endTime\":\"2020-05-20 10:01:06\",\"statusDescription\":\"完成\",\"timestamp\":1589940066939}";
		String rbody2 = "{\"action\":\"SIGN_FLOW_UPDATE\",\"flowId\":\"1e49e34bdc5f4550a8fd6d7922c68101\",\"accountId\":\"1b6d7e255140443fa65287a6ff74149d\",\"authorizedAccountId\":\"1b6d7e255140443fa65287a6ff74149d\",\"order\":1,\"signTime\":\"2020-05-20 10:01:06\",\"signResult\":2,\"resultDescription\":\"签署完成\",\"timestamp\":1589940066702,\"thirdPartyUserId\":\"431003199610102831\"}";
		JSONObject jsonBody = new JSONObject(rbody);
		JSONObject jsonBody2 = new JSONObject(rbody2);
//		System.err.println(jsonBody.getStr("action"));
//		System.err.println(jsonBody2.getStr("action"));
	}

	public String checkPass(HttpServletRequest request, String appSecret) throws UnsupportedEncodingException {
		String signture = request.getHeader("X-Tsign-Open-SIGNATURE");
		// 1. 获取时间戳的字节流
		String timestampHeader = request.getHeader("X-Tsign-Open-TIMESTAMP");
//		String content_type  =request
		// 2. 获取query请求字符串
		String requestQuery = getRequestQueryStr(request);
		// 3. 获取body的数据
		String rbody = getRequestBody(request, "UTF-8");

		Logoutput("requestQuery:" + requestQuery);
		Logoutput("rbody:" + rbody);

		// 3.5 保存回调结果到数据库
		JSONObject jsonBody = new JSONObject(rbody);
		String action = jsonBody.getStr("action");
		String flowId = jsonBody.getStr("flowId");
		Long timestamp = jsonBody.getLong("timestamp");
		if (action.equals("SIGN_FLOW_FINISH")) { // 签署人签署完成回调通知
			String businessScence = jsonBody.getStr("businessScence");
			String flowStatus = jsonBody.getStr("flowStatus");
			String createTime = jsonBody.getStr("createTime");
			String endTime = jsonBody.getStr("endTime");
			String statusDescription = jsonBody.getStr("statusDescription");

			DzhtSignflowFinish dzhtSignflowFinish = new DzhtSignflowFinish();
			dzhtSignflowFinish.setAction(action);
			dzhtSignflowFinish.setBusinessScence(businessScence);
			dzhtSignflowFinish.setCreateTime(createTime);
			dzhtSignflowFinish.setEndTime(endTime);
			dzhtSignflowFinish.setFlowId(flowId);
			dzhtSignflowFinish.setFlowStatus(flowStatus);
			dzhtSignflowFinish.setStatusDescription(statusDescription);
			dzhtSignflowFinish.setTimestamp(timestamp);
			boolean result = dzhtSignflowFinish.insert();
			String scene = null;
			if (result) {
				if (flowStatus == "2") {
					scene = "完成";
				} else if (flowStatus == "3") {
					scene = "撤销";
				} else if (flowStatus == "5") {
					scene = "过期";
				} else if (flowStatus == "7") {
					scene = "拒签";
				}
				QyzxUseRecord.builder().scene(scene).build()
						.update(new QueryWrapper<QyzxUseRecord>().lambda().eq(QyzxUseRecord::getFlowId, flowId));
			}
		} else if (action.equals("SIGN_FLOW_UPDATE")) { // 流程结束回调通知
//			String accountId = jsonBody.getStr("accountId");
//			String authorizedAccountId = jsonBody.getStr("authorizedAccountId");
//			String order = jsonBody.getStr("order");
//			String signTime = jsonBody.getStr("signTime");
//			String signResult = jsonBody.getStr("signResult");
//			String resultDescription = jsonBody.getStr("resultDescription");
//			String thirdPartyUserId = jsonBody.getStr("thirdPartyUserId");
		} else if (action.equals("SIGN_DOC_EXPIRE_REMIND")) { // 流程文件过期前提醒通知

		} else if (action.equals("SIGN_DOC_EXPIRE")) { // 流程文件过期通知

		}
		// 4、按照规则进行加密
		String signdata = timestampHeader + requestQuery + rbody;
		String mySignature = DigestHelper.getSignature(signdata, appSecret, "HmacSHA256", "UTF-8");
		Logoutput("加密出来的签名值：----------->>>>>>" + mySignature);
		Logoutput("header里面的签名值：---------->>>>>>" + signture);
		if (mySignature.equals(signture)) {
			Logoutput("校验通过");
			return "true";

		} else {
			Logoutput("校验失败");
			return "false";
		}

	}

	/**
	 * 获取请求body
	 * 
	 * @param request
	 * @param encoding
	 * @return
	 */
	private String getRequestBody(HttpServletRequest request, String encoding) {
		// 请求内容RequestBody
		String reqBody = null;
		int contentLength = request.getContentLength();
		if (contentLength < 0) {
			return null;
		}
		byte buffer[] = new byte[contentLength];
		try {
			for (int i = 0; i < contentLength;) {
				int readlen = request.getInputStream().read(buffer, i, contentLength - i);
				if (readlen == -1) {
					break;
				}
				i += readlen;
			}
		} catch (IOException e) {
			e.printStackTrace();
		}
		try {
			reqBody = new String(buffer, encoding);
		} catch (UnsupportedEncodingException e) {
			e.printStackTrace();
		}
		return reqBody;
	}

	/**
	 * 获取query请求字符串
	 * 
	 * @param request
	 * @return
	 */
	private String getRequestQueryStr(HttpServletRequest request) {
		// 对 Query 参数按照字典对 Key 进行排序后,按照value1+value2方法拼接
		// 转换一下数据类型并排序
		List<String> req_List = new ArrayList<String>();
		Enumeration<String> reqEnu = request.getParameterNames();
		while (reqEnu.hasMoreElements()) {
			req_List.add(reqEnu.nextElement());
		}
		Collections.sort(req_List);
		String requestQuery = "";
		for (String key : req_List) {
			String value = request.getParameter(key);
			requestQuery += value == null ? "" : value;
		}
		Logoutput("获取的query请求字符串是：------》》》" + requestQuery);
		return requestQuery;
	}
	
	
	@Value("${config-8timer.environmental-science}")
	public String environmental_science;
	
	public void Logoutput(String science) {
		
		if(!("pro").equals(environmental_science)) {
			
			System.out.println(science);
		}else {
			System.out.println("");
		}
		
	}

}