From c28f8ebdbd422e2e3515d6ec6df8495e779e6f41 Mon Sep 17 00:00:00 2001 From: mythxb Date: Thu, 14 Dec 2023 17:51:58 +0800 Subject: [PATCH] =?UTF-8?q?=E7=BB=9F=E4=B8=80=E8=AE=A4=E8=AF=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/rzyc/bean/user/auth/GetCode.java | 36 +++ .../com/rzyc/mapper/user/SysUserMapper.java | 4 + .../resources/mapper/user/SysUserMapper.xml | 9 + inventory-gov/pom.xml | 7 + .../com/rzyc/controller/AuthController.java | 210 ++++++++++++++++++ .../rzyc/controller/PcPersonalController.java | 4 + .../main/java/com/rzyc/utils/InstallCert.java | 163 ++++++++++++++ .../resources/templates/auth/get_code.html | 29 +++ 8 files changed, 462 insertions(+) create mode 100644 inventory-dao/src/main/java/com/rzyc/bean/user/auth/GetCode.java create mode 100644 inventory-gov/src/main/java/com/rzyc/controller/AuthController.java create mode 100644 inventory-gov/src/main/java/com/rzyc/utils/InstallCert.java create mode 100644 inventory-gov/src/main/resources/templates/auth/get_code.html diff --git a/inventory-dao/src/main/java/com/rzyc/bean/user/auth/GetCode.java b/inventory-dao/src/main/java/com/rzyc/bean/user/auth/GetCode.java new file mode 100644 index 0000000..ea51251 --- /dev/null +++ b/inventory-dao/src/main/java/com/rzyc/bean/user/auth/GetCode.java @@ -0,0 +1,36 @@ +package com.rzyc.bean.user.auth; + +import io.swagger.annotations.ApiModel; +import io.swagger.annotations.ApiModelProperty; + +/** + * @author dong + * @date 2023-12-14 14:38 + * @Version V1.0 + */ +@ApiModel("获取认证code") +public class GetCode { + + + @ApiModelProperty("认证code") + private String code; + + @ApiModelProperty("自定义字符串") + private String state; + + public String getCode() { + return code; + } + + public void setCode(String code) { + this.code = code; + } + + public String getState() { + return state; + } + + public void setState(String state) { + this.state = state; + } +} diff --git a/inventory-dao/src/main/java/com/rzyc/mapper/user/SysUserMapper.java b/inventory-dao/src/main/java/com/rzyc/mapper/user/SysUserMapper.java index 5a0bb7e..7075561 100644 --- a/inventory-dao/src/main/java/com/rzyc/mapper/user/SysUserMapper.java +++ b/inventory-dao/src/main/java/com/rzyc/mapper/user/SysUserMapper.java @@ -199,4 +199,8 @@ public interface SysUserMapper { /*行业监管部门用户列表*/ List inClassUser(@Param("inClassId") String inClassId); + /*用户信息*/ + SysUser authUser(@Param("unitId") String unitId, + @Param("chinaName") String chinaName); + } diff --git a/inventory-dao/src/main/resources/mapper/user/SysUserMapper.xml b/inventory-dao/src/main/resources/mapper/user/SysUserMapper.xml index 73720a8..c49b4c2 100644 --- a/inventory-dao/src/main/resources/mapper/user/SysUserMapper.xml +++ b/inventory-dao/src/main/resources/mapper/user/SysUserMapper.xml @@ -1445,4 +1445,13 @@ LEFT JOIN `sys_unit_trade` ut ON ut.`unit_id` = st.`SysUnitId` WHERE ut.`in_class_id` = #{inClassId} + + + diff --git a/inventory-gov/pom.xml b/inventory-gov/pom.xml index 69b5306..940b933 100644 --- a/inventory-gov/pom.xml +++ b/inventory-gov/pom.xml @@ -236,6 +236,13 @@ + + com.squareup.okhttp3 + okhttp + 3.3.1 + compile + + diff --git a/inventory-gov/src/main/java/com/rzyc/controller/AuthController.java b/inventory-gov/src/main/java/com/rzyc/controller/AuthController.java new file mode 100644 index 0000000..2d5fcec --- /dev/null +++ b/inventory-gov/src/main/java/com/rzyc/controller/AuthController.java @@ -0,0 +1,210 @@ +package com.rzyc.controller; + +import com.alibaba.fastjson.JSONArray; +import com.alibaba.fastjson.JSONObject; +import com.common.utils.DateUtils; +import com.common.utils.RandomNumber; +import com.common.utils.encryption.PasswdFactory; +import com.common.utils.httpClient.WebUtils; +import com.rzyc.bean.user.auth.GetCode; +import com.rzyc.enums.UserType; +import com.rzyc.model.Dynamic; +import com.rzyc.model.user.ListPerform; +import com.rzyc.model.user.SysUser; +import io.swagger.annotations.Api; +import okhttp3.OkHttpClient; +import okhttp3.Request; +import okhttp3.Response; +import org.springframework.stereotype.Controller; +import org.springframework.transaction.annotation.Transactional; +import org.springframework.ui.Model; +import org.springframework.web.bind.annotation.CrossOrigin; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; + +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Date; +import java.util.HashMap; +import java.util.Map; +import java.util.concurrent.TimeUnit; + +/** + * @author dong + * @date 2023-12-14 14:22 + * @Version V1.0 + */ +@Api(tags = "其他") +@Controller +@RequestMapping("/auth") +@CrossOrigin("*") +public class AuthController extends BaseController{ + + + //应用标识 + private static final String clientId = "gzaqscqdzxt"; + + //应用安全口令 + private static final String clientSecret = "082bbd818893d2fa443da6fdaf2aad97"; + + //回调地址 + private static final String redirectUri = "http://42.193.40.239:7010/auth/getCode"; + + //部门id + private static final String unitId = "06623f79-19bb-48d7-8257-3f1d9545a827"; + + //岗位id + private static final String postId = "eca772e5-516e-45ee-afc6-0e5da78895be"; + + //默认密码 + private static final String passwd = "gz123456@"; + + //用户角色 + private static final String userRole = "295EF8C3-902F-41F0-95C8-D3AB9C6DA145"; + + + /*动态详情*/ + @GetMapping(value = "/getCode") + @Transactional + public String getCode(GetCode getCode, Model model){ + try { + System.out.println("getCode ----> "+JSONArray.toJSONString(getCode)); + + String accessToken = getAccessToken(getCode.getCode()); + String userName = getUserName(accessToken); + System.out.println("userName --> "+userName); + SysUser sysUser = sysUserMapper.authUser(unitId,userName); + if(null == sysUser){ + sysUser = new SysUser(); + sysUser.setSysuserid(RandomNumber.getUUid()); + sysUser.setSysusername(userName); + + ListPerform listPerform = listPerformMapper.selectByPrimaryKey(postId); + if(null != listPerform){ + sysUser.setSystitle(listPerform.getListperformid()); + sysUser.setPostPath(listPerform.getParentPath()); + sysUser.setPostName(listPerform.getParentName()); + sysUser.setAreaCode(listPerform.getAreaCode()); + sysUser.setAreaPath(listPerform.getAreaPath()); + sysUser.setAreaName(listPerform.getAreaPathName()); + } + String passwdStr = PasswdFactory.encryptPasswd(sysUser.getSysuserid(), sysUser.getSysusername(), passwd); + sysUser.setSyspassword(passwdStr); + sysUser.setModifiedby("用户认证"); + sysUser.setCreatedby("用户认证"); + sysUser.setChinaname(userName); + sysUser.setModifiedon(new Date()); + sysUser.setCreatedon(new Date()); + sysUser.setUsertype(UserType.GOV.getType()); + sysUser.setState("启用"); + sysUser.setUserroles(userRole); + + sysUserMapper.insert(sysUser); + } + + model.addAttribute("userId",sysUser.getSysuserid()); + }catch (Exception e){ + e.printStackTrace(); + } + return "auth/get_code"; + } + + + + public void geta()throws Exception{ + String url = "https://222.209.85.39:1443/authcenter/getOauth2Token"; + Map params = new HashMap(); + params.put("grant_type","authorization_code"); + params.put("client_id",clientId); + params.put("client_secret",clientSecret); + params.put("code","1231"); + params.put("redirect_uri",redirectUri); + Map headers = new HashMap(); + String tokenResult = WebUtils.doPost(url,params,headers); + System.out.println("tokenResult ---> "+tokenResult); + JSONObject jsonObject = JSONObject.parseObject(tokenResult); + String accessToken = jsonObject.get("access_token")+""; + System.out.println("accessToken ---> "+accessToken); + } + + + /** + * 获取accessToken + * @version v1.0 + * @author dong + * @date 2023/12/14 16:32 + */ + public static String getAccessToken(String code)throws Exception{ + // 发送请求 + Request request = new Request.Builder() + .url("https://222.209.85.39:1443/authcenter/getOauth2Token?grant_type=authorization_code&client_id="+clientId+"&client_secret="+clientSecret+"&code="+code+"&redirect_uri="+redirectUri) + .build(); + Response response = getUnsafeOkHttpClient().newCall(request).execute(); + String responseStr = response.body().string(); + System.out.println("responseStr --> "+responseStr); + JSONObject jsonObject = JSONObject.parseObject(responseStr); + return jsonObject.get("access_token")+""; + } + + /** + * 获取用户姓名 + * @version v1.0 + * @author dong + * @date 2023/12/14 16:30 + */ + public static String getUserName(String accessToken)throws Exception{ + Request request = new Request.Builder() + .url("https://222.209.85.39:1443/authcenter/getOauth2UserInfo?access_token="+accessToken+"&client_id="+clientId) + .build(); + Response response = getUnsafeOkHttpClient().newCall(request).execute(); + String responseStr = response.body().string(); + System.out.println("responseStr --> "+responseStr); + JSONObject jsonObject = JSONObject.parseObject(responseStr); + return jsonObject.get("username")+""; + } + + + public static OkHttpClient getUnsafeOkHttpClient() { + try { + // 创建一个信任所有证书的TrustManager + final TrustManager[] trustAllCerts = new TrustManager[]{ + new X509TrustManager() { + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { + } + + @Override + public X509Certificate[] getAcceptedIssuers() { + return new X509Certificate[0]; + } + } + }; + + // 创建一个不验证证书的 SSLContext,并使用上面的TrustManager初始化 + SSLContext sslContext = SSLContext.getInstance("SSL"); + sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); + + // 使用上面创建的SSLContext创建一个SSLSocketFactory + javax.net.ssl.SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); + + OkHttpClient.Builder builder = new OkHttpClient.Builder(); + builder.sslSocketFactory(sslSocketFactory, (X509TrustManager) trustAllCerts[0]); + builder.hostnameVerifier((hostname, session) -> true); + builder.readTimeout(1, TimeUnit.MINUTES); + + return builder.build(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + + +} diff --git a/inventory-gov/src/main/java/com/rzyc/controller/PcPersonalController.java b/inventory-gov/src/main/java/com/rzyc/controller/PcPersonalController.java index 1c388b1..72507fa 100644 --- a/inventory-gov/src/main/java/com/rzyc/controller/PcPersonalController.java +++ b/inventory-gov/src/main/java/com/rzyc/controller/PcPersonalController.java @@ -383,6 +383,10 @@ public class PcPersonalController extends com.rzyc.controller.BaseController { //用户权限 userAuth(sysUser); + //获取用户令牌 + String userToken = JwtUtil.createToken(sysUser.getSysuserid()); + sysUser.setUserToken(userToken); + //数量信息 IndexNum indexNum = indexNum(sysUser.getSystitle(),sysUser.getSysuserid()); sysUser.setIndexNum(indexNum); diff --git a/inventory-gov/src/main/java/com/rzyc/utils/InstallCert.java b/inventory-gov/src/main/java/com/rzyc/utils/InstallCert.java new file mode 100644 index 0000000..72f73da --- /dev/null +++ b/inventory-gov/src/main/java/com/rzyc/utils/InstallCert.java @@ -0,0 +1,163 @@ +package com.rzyc.utils; + + +import java.io.*; +import java.net.URL; + +import java.security.*; +import java.security.cert.*; + +import javax.net.ssl.*; + +/** + * @author dong + * @date 2023-12-14 15:55 + * @Version V1.0 + */ +public class InstallCert { + + public static void main(String[] args) throws Exception { + String host = "222.209.85.39"; + int port = 1443; + char[] passphrase; + if ((args.length == 1) || (args.length == 2)) { + String[] c = args[0].split(":"); + host = c[0]; + port = (c.length == 1) ? 443 : Integer.parseInt(c[1]); + String p = (args.length == 1) ? "changeit" : args[1]; + passphrase = p.toCharArray(); + } else { + System.out.println("Usage: java InstallCert [:port] [passphrase]"); + return; + } + + File file = new File("jssecacerts"); + if (file.isFile() == false) { + char SEP = File.separatorChar; + File dir = new File(System.getProperty("java.home") + SEP + + "lib" + SEP + "security"); + file = new File(dir, "jssecacerts"); + if (file.isFile() == false) { + file = new File(dir, "cacerts"); + } + } + System.out.println("Loading KeyStore " + file + "..."); + InputStream in = new FileInputStream(file); + KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); + ks.load(in, passphrase); + in.close(); + + SSLContext context = SSLContext.getInstance("TLS"); + TrustManagerFactory tmf = + TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + tmf.init(ks); + X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0]; + SavingTrustManager tm = new SavingTrustManager(defaultTrustManager); + context.init(null, new TrustManager[] {tm}, null); + SSLSocketFactory factory = context.getSocketFactory(); + + System.out.println("Opening connection to " + host + ":" + port + "..."); + SSLSocket socket = (SSLSocket)factory.createSocket(host, port); + socket.setSoTimeout(10000); + try { + System.out.println("Starting SSL handshake..."); + socket.startHandshake(); + socket.close(); + System.out.println(); + System.out.println("No errors, certificate is already trusted"); + } catch (SSLException e) { + System.out.println(); + e.printStackTrace(System.out); + } + + X509Certificate[] chain = tm.chain; + if (chain == null) { + System.out.println("Could not obtain server certificate chain"); + return; + } + + BufferedReader reader = + new BufferedReader(new InputStreamReader(System.in)); + + System.out.println(); + System.out.println("Server sent " + chain.length + " certificate(s):"); + System.out.println(); + MessageDigest sha1 = MessageDigest.getInstance("SHA1"); + MessageDigest md5 = MessageDigest.getInstance("MD5"); + for (int i = 0; i < chain.length; i++) { + X509Certificate cert = chain[i]; + System.out.println + (" " + (i + 1) + " Subject " + cert.getSubjectDN()); + System.out.println(" Issuer " + cert.getIssuerDN()); + sha1.update(cert.getEncoded()); + System.out.println(" sha1 " + toHexString(sha1.digest())); + md5.update(cert.getEncoded()); + System.out.println(" md5 " + toHexString(md5.digest())); + System.out.println(); + } + + System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]"); + String line = reader.readLine().trim(); + int k; + try { + k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1; + } catch (NumberFormatException e) { + System.out.println("KeyStore not changed"); + return; + } + + X509Certificate cert = chain[k]; + String alias = host + "-" + (k + 1); + ks.setCertificateEntry(alias, cert); + + OutputStream out = new FileOutputStream("jssecacerts"); + ks.store(out, passphrase); + out.close(); + + System.out.println(); + System.out.println(cert); + System.out.println(); + System.out.println + ("Added certificate to keystore 'jssecacerts' using alias '" + + alias + "'"); + } + + private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray(); + + private static String toHexString(byte[] bytes) { + StringBuilder sb = new StringBuilder(bytes.length * 3); + for (int b : bytes) { + b &= 0xff; + sb.append(HEXDIGITS[b >> 4]); + sb.append(HEXDIGITS[b & 15]); + sb.append(' '); + } + return sb.toString(); + } + + private static class SavingTrustManager implements X509TrustManager { + + private final X509TrustManager tm; + private X509Certificate[] chain; + + SavingTrustManager(X509TrustManager tm) { + this.tm = tm; + } + + public X509Certificate[] getAcceptedIssuers() { + throw new UnsupportedOperationException(); + } + + public void checkClientTrusted(X509Certificate[] chain, String authType) + throws CertificateException { + throw new UnsupportedOperationException(); + } + + public void checkServerTrusted(X509Certificate[] chain, String authType) + throws CertificateException { + this.chain = chain; + tm.checkServerTrusted(chain, authType); + } + } + +} diff --git a/inventory-gov/src/main/resources/templates/auth/get_code.html b/inventory-gov/src/main/resources/templates/auth/get_code.html new file mode 100644 index 0000000..f19a3a1 --- /dev/null +++ b/inventory-gov/src/main/resources/templates/auth/get_code.html @@ -0,0 +1,29 @@ + + + + + 安全生产清单制管理系统 + + + +
+安全生产清单制管理系统授权页面 + +
+ + + + + + + +