去除验签

2024-11-29 17:29:46 +08:00 · 2024-11-29 17:29:46 +08:00 · b2c23342d8
commit b2c23342d8
parent 54351d164a
5 changed files with 48 additions and 67 deletions
--- a/smart-switch-ruoyi/smart-switch-common/pom.xml
+++ b/smart-switch-ruoyi/smart-switch-common/pom.xml
@ -16,6 +16,12 @@
    </description>
    <dependencies>
        <!--hutool-->
        <dependency>
            <groupId>cn.hutool</groupId>
            <artifactId>hutool-all</artifactId>
            <version>4.5.7</version>
        </dependency>
        <!--支付宝SDK-->
        <dependency>
--- a/smart-switch-service/src/main/java/com/ruoyi/iot/domain/ReceiveBody.java
+++ b/smart-switch-service/src/main/java/com/ruoyi/iot/domain/ReceiveBody.java
@ -9,7 +9,7 @@ import lombok.Data;
 */
@Data
-public class ReceiveBody {
+public class ObjBody {
    /** 设备推送数据，包括设备的生命周期，数据点，物模型属性、事件、服务等 */
    private Object msg;
--- a/smart-switch-service/src/main/java/com/ruoyi/iot/receive/ReceiveController.java
+++ b/smart-switch-service/src/main/java/com/ruoyi/iot/receive/ReceiveController.java
@ -2,7 +2,8 @@ package com.ruoyi.iot.receive;
 import com.alibaba.fastjson2.JSON;
 import com.ruoyi.common.annotation.Anonymous;
-import com.ruoyi.iot.domain.ReceiveBody;
+import com.ruoyi.common.utils.http.HttpUtils;
 import com.ruoyi.iot.domain.ObjBody;
 import com.ruoyi.iot.domain.ReceiveMsg;
 import com.ruoyi.iot.service.IotReceiveService;
 import com.ruoyi.iot.service.IotService;
@ -15,6 +16,7 @@ import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 import javax.servlet.http.HttpServletRequest;
 import java.io.UnsupportedEncodingException;
 /**
@ -49,10 +51,12 @@ public class ReceiveController {
     */
    @PostMapping(value = "/receive")
    @Anonymous
-    public ResponseEntity<String> receive(@RequestBody String body){
+    public ResponseEntity<String> receive(HttpServletRequest request){
-        ReceiveBody obj = IotUtil.resolveBody(body, false);
+        String body = HttpUtils.getBody(request);
        ObjBody obj = IotUtil.resolveBody(body, false);
        if (obj != null){
-            if (IotUtil.checkSignature(obj, token)){
+//            if (IotUtil.checkSignature(obj, token)){
 //                log.info("receive成功参数:" + body);
                Object msg = obj.getMsg();
                // 接收到msg
                if (msg instanceof String) {
@ -60,9 +64,9 @@ public class ReceiveController {
                } else {
                    iotReceiveService.handleReceive(JSON.parseObject(JSON.toJSONString(msg), ReceiveMsg.class));
                }
-            }else {
+//            }else {
-                log.error("receive方法验证签名错误:" + body);
+//                log.error("receive签名错误:" + body);
-            }
+//            }
        }else {
            log.error("receive方法参数为空: body empty error");
        }
--- a/smart-switch-service/src/main/java/com/ruoyi/iot/service/impl/IotReceiveServiceImpl.java
+++ b/smart-switch-service/src/main/java/com/ruoyi/iot/service/impl/IotReceiveServiceImpl.java
@ -59,7 +59,7 @@ public class IotReceiveServiceImpl implements IotReceiveService {
        }
        // 数据点推送
        if (ReceiveType.DATA_POINT.getType().equals(msg.getType())) {
-            log.info("收到推送数据点：{},{},{}", msg.getAt(), msg.getDsId(), msg.getValue());
+//            log.info("收到推送数据点：{},{},{}", msg.getAt(), msg.getDsId(), msg.getValue());
            // 若推送数据点:CSQ
            if (ReceiveConstants.DS_CSQ.equals(msg.getDsId())) {
                // 恢复余额
--- a/smart-switch-service/src/main/java/com/ruoyi/iot/util/IotUtil.java
+++ b/smart-switch-service/src/main/java/com/ruoyi/iot/util/IotUtil.java
@ -1,9 +1,10 @@
 package com.ruoyi.iot.util;
-import com.ruoyi.iot.domain.ReceiveBody;
+import cn.hutool.json.JSONObject;
 import com.ruoyi.common.exception.ServiceException;
 import com.ruoyi.iot.domain.ObjBody;
 import org.apache.commons.codec.binary.Base64;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.json.JSONObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@ -11,12 +12,8 @@ import javax.crypto.*;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 import java.io.UnsupportedEncodingException;
-import java.math.BigDecimal;
+import java.nio.charset.StandardCharsets;
 import java.security.*;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 /**
@ -57,7 +54,7 @@ public class IotUtil {
        System.arraycopy(nonce.getBytes(), 0, paramB, token.length(), 8);
        System.arraycopy(msg.getBytes(), 0, paramB, token.length() + 8, msg.length());
        String sig =  com.sun.org.apache.xerces.internal.impl.dv.util.Base64.encode(mdInst.digest(paramB));
-        logger.info("url&token validation: result {},  detail receive:{} calculate:{}", sig.equals(signature.replace(' ','+')),signature,sig);
+//        logger.info("url&token validation: result {},  detail receive:{} calculate:{}", sig.equals(signature.replace(' ','+')),signature,sig);
        return sig.equals(signature.replace(' ','+'));
    }
@ -68,16 +65,20 @@ public class IotUtil {
     * @param token OneNet平台配置页面token的值
     * @return
     */
-    public static boolean checkSignature(ReceiveBody obj, String token)  {
+    public static boolean checkSignature(ObjBody obj, String token)  {
        try {
            //计算接受到的消息的摘要
            //token长度 + 8B随机字符串长度 + 消息长度
            byte[] signature = new byte[token.length() + 8 + obj.getMsg().toString().length()];
-        System.arraycopy(token.getBytes(), 0, signature, 0, token.length());
+            System.arraycopy(token.getBytes(StandardCharsets.UTF_8), 0, signature, 0, token.length());
-        System.arraycopy(obj.getNonce().getBytes(), 0, signature, token.length(), 8);
+            System.arraycopy(obj.getNonce().getBytes(StandardCharsets.UTF_8), 0, signature, token.length(), 8);
-        System.arraycopy(obj.getMsg().toString().getBytes(), 0, signature, token.length() + 8, obj.getMsg().toString().length());
+            System.arraycopy(obj.getMsg().toString().getBytes(StandardCharsets.UTF_8), 0, signature, token.length() + 8, obj.getMsg().toString().length());
            String calSig = Base64.encodeBase64String(mdInst.digest(signature));
-        logger.info("check signature: result:{}  receive sig:{},calculate sig: {}",calSig.equals(obj.getSignature()),obj.getSignature(),calSig);
+//        logger.info("check signature: result:{}  receive sig:{},calculate sig: {}",calSig.equals(obj.getSignature()),obj.getSignature(),calSig);
            return calSig.equals(obj.getSignature());
        } catch (Exception e) {
            throw new ServiceException(e.getMessage());
        }
    }
    /**
@ -92,7 +93,7 @@ public class IotUtil {
     * @throws BadPaddingException
     * @throws IllegalBlockSizeException
     */
-    public static String decryptMsg(ReceiveBody obj, String encodeKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
+    public static String decryptMsg(ObjBody obj, String encodeKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        byte[] encMsg = Base64.decodeBase64(obj.getMsg().toString());
        byte[] aeskey = Base64.decodeBase64(encodeKey + "=");
        SecretKey secretKey = new SecretKeySpec(aeskey, 0, 32, "AES");
@ -109,23 +110,23 @@ public class IotUtil {
    }
    /**
-     * 功能描述 解析数据推送请求，生成code>ReceiveBody</code>消息对象
+     * 功能描述 解析数据推送请求，生成code>BodyObj</code>消息对象
     * @param body 数据推送请求body部分
     * @param encrypted 表征是否为加密消息
-     * @return  生成的<code>ReceiveBody</code>消息对象
+     * @return  生成的<code>BodyObj</code>消息对象
     */
-    public static ReceiveBody resolveBody(String body, boolean encrypted) {
+    public static ObjBody resolveBody(String body, boolean encrypted) {
        JSONObject jsonMsg = new JSONObject(body);
-        ReceiveBody obj = new ReceiveBody();
+        ObjBody obj = new ObjBody();
-        obj.setNonce(jsonMsg.getString("nonce"));
+        obj.setNonce(jsonMsg.getStr("nonce"));
-        obj.setSignature(jsonMsg.getString("signature"));
+        obj.setSignature(jsonMsg.getStr("signature"));
        if (encrypted) {
-            if (!jsonMsg.has("enc_msg")) {
+            if (!jsonMsg.containsKey("enc_msg")) {
                return null;
            }
-            obj.setMsg(jsonMsg.getString("enc_msg"));
+            obj.setMsg(jsonMsg.getStr("enc_msg"));
        } else {
-            if (!jsonMsg.has("msg")) {
+            if (!jsonMsg.containsKey("msg")) {
                return null;
            }
            obj.setMsg(jsonMsg.get("msg"));
@ -141,34 +142,4 @@ public class IotUtil {
        len += (arrays[3] & 0xFF);
        return len;
    }
    /**
     * 解析设备字符串
     */
    public static Map<String, BigDecimal> parseDeviceStr(String str) {
        // 使用 @ 符号分割字符串
        String[] parts = str.split("@");
        // 创建一个 Map 来存储结果
        Map<String, BigDecimal> resultMap = new HashMap<>();
        // 正则表达式，用于匹配数字
        Pattern pattern = Pattern.compile("[-+]?\\d*\\.\\d+|\\d+");
        for (String part : parts) {
            Matcher matcher = pattern.matcher(part);
            if (matcher.find()) {
                // 提取第一个匹配到的数字
                BigDecimal number = new BigDecimal(matcher.group());
                // 从子字符串中提取键
                String key = part.substring(0, 1); // 假设键是子字符串的第一个字符
                // 存储到 Map 中
                resultMap.put(key, number);
            }
        }
        return resultMap;
    }
 }