3 سال پیش · 0035132f76
--- a/boman-web-core/src/main/java/com/boman/web/core/service/czrk/CzrkServiceImpl.java
+++ b/boman-web-core/src/main/java/com/boman/web/core/service/czrk/CzrkServiceImpl.java
@@ -1112,10 +1112,12 @@ public class CzrkServiceImpl implements ICzrkService {
 
				         paramMap.remove("sign");
			
 
				         //参数排序
			
 
				         Map<String, Object> sortedMap = RSAUtil.sort(paramMap);
			
 
				-        //拼接参数：key1Value1key2Value2
			
 
				-        String urlParams2 = RSAUtil.groupStringParam(sortedMap);
			
 
				+        //拼接参数：key1Value1key2Value2,对参数进行16进制转换
			
 
				+        String urlParams = RSAUtil.groupStringParam(sortedMap);
			
 
				+        byte[] bytes = urlParams.getBytes();
			
 
				+        String value = HexUtils.toHexString(bytes);
			
 
				         //签名验证
			
 
				-        boolean verify = RSAUtil.verify(HexUtils.fromHexString(urlParams2), publicKey, jsonRequest.getSign());
			
 
				+        boolean verify = RSAUtil.verify(HexUtils.fromHexString(value), publicKey, jsonRequest.getSign());
			
 
				         if (!verify) {
			
 
				             throw new RuntimeException("签名验证失败");
			
 
				         }
			
--- a/boman-web-core/src/main/java/com/boman/web/core/utils/AESUtil.java
+++ b/boman-web-core/src/main/java/com/boman/web/core/utils/AESUtil.java
@@ -20,9 +20,10 @@ import static com.boman.web.core.utils.RSAUtil.getUUID32;
 
				 public class AESUtil {
			
 
				     /**
			
 
				      * 加密
			
 
				+     *
			
 
				      * @param content 加密文本
			
 
				-     * @param key 加密密钥，appSecret的前16位
			
 
				-     * @param iv 初始化向量，appSecret的后16位
			
 
				+     * @param key     加密密钥，appSecret的前16位
			
 
				+     * @param iv      初始化向量，appSecret的后16位
			
 
				      * @return
			
 
				      * @throws Exception
			
 
				      */
			
@@ -50,20 +51,22 @@ public class AESUtil {
 
				     }
			
 
				 
			
 
				     public static void main(String[] args) {
			
 
				-        Map<String,Object> businessParams = new HashMap<>();
			
 
				-        String aseKey ="6717c09c65fd487bb61e6710613faa20";
			
 
				-        businessParams.put("idCard","110102196610122373");
			
 
				+        Map<String, Object> businessParams = new HashMap<>();
			
 
				+        String aseKey = "6717c09c65fd487bb61e6710613faa20";
			
 
				+        businessParams.put("idCard", "110102196610122373");
			
 
				         try {
			
 
				             //参数加密
			
 
				             String encrypt = encrypt(JacksonUtil.beanToJson(businessParams), aseKey.substring(0, 16), aseKey.substring(16));
			
 
				             System.out.println(encrypt);
			
 
				             //对ase进行公钥加密
			
 
				-            byte[] enStr = RSAUtil.encryptByPublicKey(aseKey.substring(0,16),"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5xiCI0UAPy1IZtjSTIW3atbIdtp07or7HybI8oxtgBwaSlZrpJ2daOtLhy+qndWHHD5ck1XG6K/QrZc28L5ITkJxldBclIIFZK7hi2lugbHL6hsgZl8Rs4fylfxmBNwIpOTJnifAbEBy2lSQSl2dcgofUDlWCchZMEZdi/EW1o3q+bP2pC0BEEacHfnyhpwzNjLXSJM7EDgbbgKZpVkNSaxR50nJ/Ma4BsrLUwAKCo3795MZZWX97ycceFc0DMGc3cvm04nXbvrgp57TeGLq1bjaqFOIf15dElzycVi8uwpAqJxkzU9BQb/cQsQHsrnjFo9NHXKUDayFPGVYvLljQIDAQAB");
			
 
				+            byte[] enStr = RSAUtil.encryptByPublicKey(aseKey.substring(0, 16), "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5xiCI0UAPy1IZtjSTIW3atbIdtp07or7HybI8oxtgBwaSlZrpJ2daOtLhy+qndWHHD5ck1XG6K/QrZc28L5ITkJxldBclIIFZK7hi2lugbHL6hsgZl8Rs4fylfxmBNwIpOTJnifAbEBy2lSQSl2dcgofUDlWCchZMEZdi/EW1o3q+bP2pC0BEEacHfnyhpwzNjLXSJM7EDgbbgKZpVkNSaxR50nJ/Ma4BsrLUwAKCo3795MZZWX97ycceFc0DMGc3cvm04nXbvrgp57TeGLq1bjaqFOIf15dElzycVi8uwpAqJxkzU9BQb/cQsQHsrnjFo9NHXKUDayFPGVYvLljQIDAQAB");
			
 
				             //得到RSA公钥加密后的ase秘钥
			
 
				             String aseKeyStr = HexUtils.toHexString(enStr);
			
 
				             JsonRequest jsonRequest = new JsonRequest();
			
 
				-            jsonRequest.setRequestId(getUUID32());
			
 
				-            jsonRequest.setAppId(aseKey.substring(0, 16));
			
 
				+            String uuid32 = getUUID32();
			
 
				+            jsonRequest.setRequestId(uuid32);
			
 
				+            System.out.println("uuid:" + uuid32);
			
 
				+            jsonRequest.setAppId(aseKey);
			
 
				             long l = System.currentTimeMillis();
			
 
				             System.out.println(l);
			
 
				             jsonRequest.setTimestamp(l);
			
@@ -75,8 +78,10 @@ public class AESUtil {
 
				             Map<String, Object> sortedMap = RSAUtil.sort(paramMap);
			
 
				             // 拼接参数：key1Value1key2Value2
			
 
				             String urlParams = RSAUtil.groupStringParam(sortedMap);
			
 
				+            byte[] bytes1 = urlParams.getBytes();
			
 
				+            String value = HexUtils.toHexString(bytes1);
			
 
				             //私钥签名
			
 
				-            String sign = RSAUtil.sign(HexUtils.fromHexString(urlParams), "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCDnGIIjRQA/LUhm2NJMhbdq1sh22nTuivsfJsjyjG2AHBpKVmuknZ1o60uHL6qd1YccPlyTVcbor9CtlzbwvkhOQnGV0FyUggVkruGLaW6BscvqGyBmXxGzh/KV/GYE3Aik5MmeJ8BsQHLaVJBKXZ1yCh9QOVYJyFkwRl2L8RbWjer5s/akLQEQRpwd+fKGnDM2MtdIkzsQOBtuApmlWQ1JrFHnScn8xrgGystTAAoKjfv3kxllZf3vJxx4VzQMwZzdy+bTiddu+uCnntN4YurVuNqoU4h/Xl0SXPJxWLy7CkConGTNT0FBv9xCxAeyueMWj00dcpQNrIU8ZVi8uWNAgMBAAECggEARXs/CjKo1+iSG770SMVH6xk3EIXMtfm4jK4wHVH2spZCwlIRRaePIIYbvJdyVX6RGIzQNHb+QNnHzYmHNoIVkmORdIPGSntiRzljBPB+aNqBN/jb6APG536Uq/eH1XiVn7t3WT0e/P6c6u2cfkhMgNv9/DpRmht2dsG3Fn0bVfpfPpUDIZB398Pgxn0oRcYsMM/zTp+79yL5/tf5/8dSThCo+w6tkblnTg7LE8AgGrEYmMtgY48o+L/hOXPDDGOPYiTMFyMrf9A3OkRzAUy+DfToRt5iCZ4J/0jE6KgKv6JpNWB6ASOB813uTDBF4GtImXWw+mOVBZA71FpSbgM7IQKBgQDwRYupArc8CVf7BcDrydEfcPcTq5VEUo5hGYxJr9XkkCgTT8UgHZzfPYFvE0+Z6vGaSU+S7qHs73cL0XDwxbvpcZrTxtiSfcvnDLMepp4j/IyUKCY5Obg6McBjLj/9NGK0dlDAqq9Bz0sUGHF7hzbbVyydKDNy8wdvJX/CE/ncFQKBgQCMOeh0IwjGOTJxgbYoTqOdvU+7tuKky6JI+gVgAo5xNqcX4IoS5ARvp46im5Q0+F0x0zBXOlPJCyaskCdniKMM9BjhmvlebNrPuVWnn1sHD4pm98oxbkCHhEcbtdjoWPJaVbdlSvMBeG4XU0Dqw4jxClA2aTOz8J+uCi0iWaMpmQKBgFaw4Qkj/7TbsjDSDJ+Ge7uaaKtiN0MlflWugB1+IfCLysnc+ET0Kkupx2+qSghA6tc+KEXdb/MrG4raEKPu1DQQV0qd7jo8xTsiK+adO2XEk3xJWDFBkCT/GmkuoMvdANgX8F7ztrRJ9M7VWuy1BqfxNhmmDZol8cK6hvQhfP9ZAoGADe1ObgJww6c4oFderSAqVedQfPdMCUwEQTU7xW5bkVj5PYDalce5vREqNHI5RQ2JzAIKog8z9Rq7a5Yho8HJV+cCdZ27uKodDVZ98Fj+ZHQhrdpcZY5qsErt+Q2VjnYPE/PBdDj+a533aS+mmepztmTs1IqcTPnQEiwGkYvPjbkCgYEAyYajCNkwYLYiBNFP45pb82dAPedfitNBMKX7m51/mLjSnUefXkqROwWAn3Q1twifH3brw1mOb00nja7chYGYpvN7stKGZiZ5HuILJLUNYuKKLYkaespsVs7H9bRBC+ENdgWSUpKaDZc8eF2vC2e+drzKeevwSszDlNRTFaEBP9s=");
			
 
				+            String sign = RSAUtil.sign(HexUtils.fromHexString(value), "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCDnGIIjRQA/LUhm2NJMhbdq1sh22nTuivsfJsjyjG2AHBpKVmuknZ1o60uHL6qd1YccPlyTVcbor9CtlzbwvkhOQnGV0FyUggVkruGLaW6BscvqGyBmXxGzh/KV/GYE3Aik5MmeJ8BsQHLaVJBKXZ1yCh9QOVYJyFkwRl2L8RbWjer5s/akLQEQRpwd+fKGnDM2MtdIkzsQOBtuApmlWQ1JrFHnScn8xrgGystTAAoKjfv3kxllZf3vJxx4VzQMwZzdy+bTiddu+uCnntN4YurVuNqoU4h/Xl0SXPJxWLy7CkConGTNT0FBv9xCxAeyueMWj00dcpQNrIU8ZVi8uWNAgMBAAECggEARXs/CjKo1+iSG770SMVH6xk3EIXMtfm4jK4wHVH2spZCwlIRRaePIIYbvJdyVX6RGIzQNHb+QNnHzYmHNoIVkmORdIPGSntiRzljBPB+aNqBN/jb6APG536Uq/eH1XiVn7t3WT0e/P6c6u2cfkhMgNv9/DpRmht2dsG3Fn0bVfpfPpUDIZB398Pgxn0oRcYsMM/zTp+79yL5/tf5/8dSThCo+w6tkblnTg7LE8AgGrEYmMtgY48o+L/hOXPDDGOPYiTMFyMrf9A3OkRzAUy+DfToRt5iCZ4J/0jE6KgKv6JpNWB6ASOB813uTDBF4GtImXWw+mOVBZA71FpSbgM7IQKBgQDwRYupArc8CVf7BcDrydEfcPcTq5VEUo5hGYxJr9XkkCgTT8UgHZzfPYFvE0+Z6vGaSU+S7qHs73cL0XDwxbvpcZrTxtiSfcvnDLMepp4j/IyUKCY5Obg6McBjLj/9NGK0dlDAqq9Bz0sUGHF7hzbbVyydKDNy8wdvJX/CE/ncFQKBgQCMOeh0IwjGOTJxgbYoTqOdvU+7tuKky6JI+gVgAo5xNqcX4IoS5ARvp46im5Q0+F0x0zBXOlPJCyaskCdniKMM9BjhmvlebNrPuVWnn1sHD4pm98oxbkCHhEcbtdjoWPJaVbdlSvMBeG4XU0Dqw4jxClA2aTOz8J+uCi0iWaMpmQKBgFaw4Qkj/7TbsjDSDJ+Ge7uaaKtiN0MlflWugB1+IfCLysnc+ET0Kkupx2+qSghA6tc+KEXdb/MrG4raEKPu1DQQV0qd7jo8xTsiK+adO2XEk3xJWDFBkCT/GmkuoMvdANgX8F7ztrRJ9M7VWuy1BqfxNhmmDZol8cK6hvQhfP9ZAoGADe1ObgJww6c4oFderSAqVedQfPdMCUwEQTU7xW5bkVj5PYDalce5vREqNHI5RQ2JzAIKog8z9Rq7a5Yho8HJV+cCdZ27uKodDVZ98Fj+ZHQhrdpcZY5qsErt+Q2VjnYPE/PBdDj+a533aS+mmepztmTs1IqcTPnQEiwGkYvPjbkCgYEAyYajCNkwYLYiBNFP45pb82dAPedfitNBMKX7m51/mLjSnUefXkqROwWAn3Q1twifH3brw1mOb00nja7chYGYpvN7stKGZiZ5HuILJLUNYuKKLYkaespsVs7H9bRBC+ENdgWSUpKaDZc8eF2vC2e+drzKeevwSszDlNRTFaEBP9s=");
			
 
				             System.out.println(sign);
			
 
				         } catch (Exception e) {
			
 
				             e.printStackTrace();
			
--- a/boman-web-core/src/main/java/com/boman/web/core/utils/RSAUtil.java
+++ b/boman-web-core/src/main/java/com/boman/web/core/utils/RSAUtil.java
@@ -283,11 +283,11 @@ public class RSAUtil {
 
				             for (PropertyDescriptor property : propertyDescriptors) {
			
 
				                 String key = property.getName();
			
 
				                 // 过滤class属性
			
 
				-                if (!key.equals("class")) {
			
 
				+                if (!"class".equals(key)) {
			
 
				                     // 得到property对应的getter方法
			
 
				                     Method getter = property.getReadMethod();
			
 
				                     Object value = getter.invoke(obj);
			
 
				-                    if (value != null) {
			
 
				+                    if (value == null) {
			
 
				                         continue;
			
 
				                     }
			
 
				                     map.put(key, value);
			
@@ -348,10 +348,12 @@ public class RSAUtil {
 
				         // 拼接参数：key1Value1key2Value2
			
 
				         String urlParams = RSAUtil.groupStringParam(sortedMap);
			
 
				         //私钥签名
			
 
				-        String sign = RSAUtil.sign(HexUtils.fromHexString(urlParams), privateKey);
			
 
				+        byte[] bytes1 = urlParams.getBytes();
			
 
				+        String s = HexUtils.toHexString(bytes1);
			
 
				+        String sign = RSAUtil.sign(HexUtils.fromHexString(s), privateKey);
			
 
				         jsonRequest.setSign(sign);
			
 
				         System.out.println("签名：\n\r" + sign);
			
 
				-        boolean flag = RSAUtil.verify(HexUtils.fromHexString(urlParams), publicKey, sign);
			
 
				+        boolean flag = RSAUtil.verify(HexUtils.fromHexString(s), publicKey, sign);
			
 
				         System.out.println("验签结果：\n\r" + flag);
			
 
				         System.out.println("==============解密参数============");
			
 
				         // 解密请求报文