fix 处理对外接口

boman-web-core/pom.xml

@@ -13,6 +13,15 @@
 
     <dependencies>
 
+        <!-- RSA+AES实现接口验签和参数加密   -->
+        <!--RSA依赖-->
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcpkix-jdk15on</artifactId>
+            <version>1.56</version>
+        </dependency>
+        <!-- RSA+AES实现接口验签和参数加密   -->
+
         <!-- JSOUP 解析爬取-->
         <dependency>
             <groupId>org.jsoup</groupId>

boman-web-core/src/main/java/com/boman/web/core/controller/CzrkController.java

@@ -1,6 +1,7 @@
 package com.boman.web.core.controller;
 
 import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONObject;
 import com.boman.common.core.utils.DateUtils;
 import com.boman.common.core.web.controller.BaseController;
 import com.boman.common.log.annotation.Log;
@@ -8,6 +9,7 @@ import com.boman.common.log.enums.BusinessType;
 import com.boman.domain.Czrk;
 import com.boman.domain.TableDataInfo;
 import com.boman.domain.dto.AjaxResult;
+import com.boman.web.core.domain.JsonRequest;
 import com.boman.web.core.service.czrk.ICzrkService;
 import com.boman.web.core.utils.AuthUtils;
 import lombok.extern.slf4j.Slf4j;
@@ -168,4 +170,13 @@ public class CzrkController extends BaseController {
         return czrkService.getInfo(appKey, appSecret, idCard);
     }
 
+    /**
+     * 外部访问czrk的字段
+     * RSE加密请求
+     */
+    @PostMapping("/open/getInfoJson")
+    public AjaxResult getInfoJson(@RequestBody  JsonRequest jsonRequest) {
+        return czrkService.getInfoJson(jsonRequest);
+    }
+
 }

boman-web-core/src/main/java/com/boman/web/core/controller/IpTimesColumnsController.java

@@ -17,7 +17,11 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
+
+import static com.boman.web.core.utils.RSAUtil.*;
 
 /**
  * @author shiqian
@@ -68,8 +72,7 @@ public class IpTimesColumnsController extends BaseController {
 
     @PostMapping("/ipTimes/saveOrUpdate")
     public AjaxResult saveOrUpdate(@RequestBody JSONObject jsonObject) {
-        int rows = ipTimesService.saveOrUpdate(jsonObject);
-        return toAjax(rows);
+        return ipTimesService.saveOrUpdate(jsonObject);
     }
 
     @PostMapping("/ipTimes/delete")
@@ -78,4 +81,20 @@ public class IpTimesColumnsController extends BaseController {
         return toAjax(rows);
     }
 
+
+    /**
+     * 初始化生成公钥私钥
+     */
+    @PostMapping("/ipTimes/getKey")
+    public AjaxResult getKey() {
+        String appId = getUUID32();
+        Map<String, Object> init = init();
+        String privateKey = getPrivateKey(init);
+        String publicKey = getPublicKey(init);
+        Map<String, Object> map = new HashMap<>();
+        map.put("appId",appId);
+        map.put("appKey",publicKey);
+        map.put("appSecret",privateKey);
+        return AjaxResult.success(map);
+    }
 }

boman-web-core/src/main/java/com/boman/web/core/domain/JsonRequest.java

@@ -0,0 +1,78 @@
+package com.boman.web.core.domain;
+
+/**
+ * @author tjf
+ * @Date: 2022/03/15/12:12
+ */
+public class JsonRequest {
+    //接口id 可空
+    private String serviceId;
+    //请求唯一id 非空
+    private String requestId;
+    //商户id 非空
+    private String appId;
+    //参数签名 非空
+    private String sign;
+    //对称加密key 非空
+    private String aseKey;
+    //时间戳，精确到毫秒 非空
+    private long timestamp;
+    //请求的业务参数(AES加密后传入) 可空
+    private String body;
+
+    public String getServiceId() {
+        return serviceId;
+    }
+
+    public void setServiceId(String serviceId) {
+        this.serviceId = serviceId;
+    }
+
+    public String getRequestId() {
+        return requestId;
+    }
+
+    public void setRequestId(String requestId) {
+        this.requestId = requestId;
+    }
+
+    public String getAppId() {
+        return appId;
+    }
+
+    public void setAppId(String appId) {
+        this.appId = appId;
+    }
+
+    public String getSign() {
+        return sign;
+    }
+
+    public void setSign(String sign) {
+        this.sign = sign;
+    }
+
+    public String getAseKey() {
+        return aseKey;
+    }
+
+    public void setAseKey(String aseKey) {
+        this.aseKey = aseKey;
+    }
+
+    public long getTimestamp() {
+        return timestamp;
+    }
+
+    public void setTimestamp(long timestamp) {
+        this.timestamp = timestamp;
+    }
+
+    public String getBody() {
+        return body;
+    }
+
+    public void setBody(String body) {
+        this.body = body;
+    }
+}

boman-web-core/src/main/java/com/boman/web/core/mapper/CzrkMapper.java

@@ -1,5 +1,6 @@
 package com.boman.web.core.mapper;
 
+import com.alibaba.fastjson.JSONObject;
 import com.boman.domain.Czrk;
 import com.boman.domain.SysDept;
 import com.boman.domain.VaccineInfoOperation;
@@ -134,5 +135,5 @@ public interface CzrkMapper {
 
     Czrk getHzByCode(String code);
 
-    Czrk getColumnNamesByIdCard(@Param("columnNames") String columnNames, @Param("idCard") String idCard);
+    JSONObject getColumnNamesByIdCard(@Param("columnNames") String columnNames, @Param("idCard") String idCard);
 }

boman-web-core/src/main/java/com/boman/web/core/mapper/IpTimesMapper.java

@@ -24,6 +24,8 @@ public interface IpTimesMapper {
 
     JSONObject getByIp(String ip);
 
+    JSONObject getByAppId(String appId);
+
     List<JSONObject> getAllColumns(String tableName);
 
     JSONObject countByUsername(@Param("username") String username, @Param("pwd") String pwd);

boman-web-core/src/main/java/com/boman/web/core/service/czrk/CzrkServiceImpl.java

@@ -17,15 +17,19 @@ import com.boman.domain.dto.AjaxResult;
 import com.boman.domain.utils.ThreadPoolService;
 import com.boman.system.api.RemoteDeptService;
 import com.boman.web.core.domain.GridInfo;
+import com.boman.web.core.domain.JsonRequest;
 import com.boman.web.core.mapper.CzrkMapper;
 import com.boman.web.core.mapper.GridInfoMapper;
 import com.boman.web.core.service.ip.IpTimesService;
 import com.boman.web.core.service.ip.IpTimesServiceImpl;
+import com.boman.web.core.utils.AESUtil;
 import com.boman.web.core.utils.AuthUtils;
 import com.boman.web.core.utils.IdCardUtils;
+import com.boman.web.core.utils.RSAUtil;
 import com.github.pagehelper.PageHelper;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.BooleanUtils;
+import org.apache.tomcat.util.buf.HexUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Isolation;
@@ -192,11 +196,23 @@ public class CzrkServiceImpl implements ICzrkService {
         }
     }
 
+    private void packAddr(JSONObject czrks) {
+        if (isEmpty(czrks)) return;
+        // 户籍地
+        String province = nullToEmpty(czrks.getString("province")), city = nullToEmpty(czrks.getString("city")), region = nullToEmpty(czrks.getString("region")), villageTowns = nullToEmpty(czrks.getString("villageTowns")), village = nullToEmpty(czrks.getString("village")), villageGroup = nullToEmpty(czrks.getString("villageGroup")), nowIn = nullToEmpty(czrks.getString("nowIn"));
+        czrks.put("domicileSelect", province + city + region + villageTowns + village + villageGroup + nowIn);
+
+        // 现居住地
+        String provinceCz = nullToEmpty(czrks.getString("provinceIdXjd")), cityCz = nullToEmpty(czrks.getString("cityIdXjd")), regionCz = nullToEmpty(czrks.getString("regionXjd")), villageTownsCz = nullToEmpty(czrks.getString("villageTownsXjd")), villageCz = nullToEmpty(czrks.getString("villageXjd")), nowInCz = nullToEmpty(czrks.getString("nowIn"));
+        czrks.put("nowInSelect",provinceCz + cityCz + regionCz + villageTownsCz + villageCz + nowInCz);
+
+    }
+
     private void packCzrkJzdzAddr(List<CzrkJzdz> czrkJzdzList) {
         if (isEmpty(czrkJzdzList)) return;
         for (CzrkJzdz czrkJzdz : czrkJzdzList) {
             // 户籍地
-            String province = nullToEmpty(czrkJzdz.getProvince()), city = nullToEmpty(czrkJzdz.getCity()), region = nullToEmpty(czrkJzdz.getRegion()), villageTowns = nullToEmpty(czrkJzdz.getTown()), village = nullToEmpty(czrkJzdz.getVillage()),  nowIn = nullToEmpty(czrkJzdz.getNowIn());
+            String province = nullToEmpty(czrkJzdz.getProvince()), city = nullToEmpty(czrkJzdz.getCity()), region = nullToEmpty(czrkJzdz.getRegion()), villageTowns = nullToEmpty(czrkJzdz.getTown()), village = nullToEmpty(czrkJzdz.getVillage()), nowIn = nullToEmpty(czrkJzdz.getNowIn());
             czrkJzdz.setNowIn(province + city + region + villageTowns + village + nowIn);
         }
     }
@@ -284,11 +300,11 @@ public class CzrkServiceImpl implements ICzrkService {
         log.info("{}于{}根据id：{}，获取信息"
                 , AuthUtils.getLoginUser().getSysUser().getUserName(), DateUtils.dateTimeNow(), id);
         Czrk czrk = czrkMapper.selectCzrkById(id);
-        if (czrk != null){
+        if (czrk != null) {
             Long gridId = czrk.getGridId();
-            if (gridId != null){
+            if (gridId != null) {
                 GridInfo gridInfo = gridInfoMapper.selectGridInfoById(gridId);
-                if (gridInfo != null){
+                if (gridInfo != null) {
                     String areaName = gridInfo.getAreaName();
                     czrk.setGridName(areaName);
                 }
@@ -750,7 +766,7 @@ public class CzrkServiceImpl implements ICzrkService {
             });
 
             return ZHEN;
-        }else if (roleKeySets.contains("village")) {
+        } else if (roleKeySets.contains("village")) {
             JSONObject jsonObject = redisService.getCacheObject(packRedisKey("village:" + deptId));
             if (isNotEmpty(jsonObject)) {
                 CUN = jsonObject;
@@ -893,7 +909,7 @@ public class CzrkServiceImpl implements ICzrkService {
             return jsonObject;
         }
 
-        ThreadPoolService.execute(()->{
+        ThreadPoolService.execute(() -> {
             List<Long> deptIdList = null;
             // 市领导 todo 此处不应该写死
             List<String> roleKeySets = map(sysUser.getRoles(), SysRole::getRoleKey);
@@ -986,6 +1002,7 @@ public class CzrkServiceImpl implements ICzrkService {
 
     /**
      * 根据身份证号查询用户信息
+     *
      * @param czrk
      * @return
      */
@@ -1013,7 +1030,8 @@ public class CzrkServiceImpl implements ICzrkService {
         checkAuth(appKey, appSecret);
         checkIdCard(idCard);
 
-//        String ip = IpUtils.getIpAddr(((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest());
+
+        String ipAddr = IpUtils.getIpAddr(((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest());
 //        log.info("调用ip:{}", ip);
 //        JSONObject jsonObject = ipTimesService.getByIp(ip);
         JSONObject jsonObject = ipTimesService.countByUsername(appKey, appSecret);
@@ -1022,7 +1040,16 @@ public class CzrkServiceImpl implements ICzrkService {
             return AjaxResult.error("appKey or appSecret is error");
         }
 
+        String isStrong = jsonObject.getString("is_strong");
         String ip = jsonObject.getString("ip");
+
+        //是否是强校验
+        if ("Y".equals(isStrong)) {
+            if (!ipAddr.equals(ip)) {
+                log.error("appKey:{}, appSecret:{}, ip:{}, idCard:{}", appKey, appSecret, ipAddr, idCard);
+                return AjaxResult.error("appKey or appSecret or ip is error");
+            }
+        }
         String today = DateUtils.getDate();
         String redisKey = IP_TIMES + jsonObject.getString("ip") + ":" + today;
         Integer cacheTimes = redisService.getCacheObject(redisKey);
@@ -1033,22 +1060,113 @@ public class CzrkServiceImpl implements ICzrkService {
             return AjaxResult.error("今日访问次数已用尽，请明日再试");
         }
 
-        Czrk czrk = czrkMapper.getColumnNamesByIdCard(jsonObject.getString("column_names"), idCard);
+        JSONObject czrk = czrkMapper.getColumnNamesByIdCard(jsonObject.getString("column_names"), idCard);
         if (czrk == null) {
             log.error("ip:{}, 时间:{}, 根据idCard:{}, 未查询到信息, 已经查询了 {} 次", ip, today, idCard, cacheTimes);
             return AjaxResult.error("根据身份证号码未查询到信息");
         }
 
-        long time = DateUtils.getTodayEnd().getTime(),time1 = DateUtils.getNowDate().getTime();
+        long time = DateUtils.getTodayEnd().getTime(), time1 = DateUtils.getNowDate().getTime();
         redisService.setCacheObject(redisKey, cacheTimes, ((time - time1) / 1000), TimeUnit.SECONDS);
-        packAddr(Collections.singletonList(czrk));
+/*        packAddr(Collections.singletonList(czrk));
 
         CzrkJzdz czrkJzdz = new CzrkJzdz();
         czrkJzdz.setCzrkId(czrk.getId());
         List<CzrkJzdz> czrkJzdzList = czrkJzdzService.selectCzrkJzdzList(czrkJzdz);
         packCzrkJzdzAddr(czrkJzdzList);
         czrk.setCzrkJzdzList(czrkJzdzList);
-        log.info("appKey:{}, appSecret:{}, idCard:{}， 查询到信息，czrk：{}", appKey, appSecret, idCard, JSON.toJSONString(czrk));
+        log.info("appKey:{}, appSecret:{}, idCard:{}， 查询到信息，czrk：{}", appKey, appSecret, idCard, JSON.toJSONString(czrk));*/
+        return AjaxResult.success(czrk);
+    }
+
+    /**
+     * RSE加密请求
+     * 用RSE加密 ase的key(因为res加密有长度限制,ase没有,ase只有一个秘钥,所以使用rse来加密ase)
+     * 公钥对ase进行加密
+     * 私钥对签名进行加密
+     * 加密前的ase对请求参数进行加密
+     * ase用appid的前16位
+     * appid = uuid32
+     *
+     * @param jsonRequest
+     * @return
+     */
+    @Override
+    public AjaxResult getInfoJson(JsonRequest jsonRequest) {
+        //获取这个用户的appId
+        String appId = jsonRequest.getAppId();
+        if (StringUtils.isBlank(appId)) {
+            return AjaxResult.error("缺少appId参数");
+        }
+        //拿着appid去查询对应的密钥对
+        JSONObject ipTimes = ipTimesService.selectByAppId(appId);
+        if (ipTimes == null || ipTimes.size() == 0) {
+            return AjaxResult.error("该appId不存在");
+        }
+        String publicKey = ipTimes.getString("app_key");
+        String privateKey = ipTimes.getString("app_secret");
+        Map<String, Object> paramMap = RSAUtil.bean2Map(jsonRequest);
+        paramMap.remove("sign");
+        //参数排序
+        Map<String, Object> sortedMap = RSAUtil.sort(paramMap);
+        //拼接参数：key1Value1key2Value2
+        String urlParams2 = RSAUtil.groupStringParam(sortedMap);
+        //签名验证
+        boolean verify = RSAUtil.verify(HexUtils.fromHexString(urlParams2), publicKey, jsonRequest.getSign());
+        if (!verify) {
+            throw new RuntimeException("签名验证失败");
+        }
+        //私钥解密，获取aseKey
+        String aseKey = RSAUtil.decryptByPrivateKey(HexUtils.fromHexString(jsonRequest.getAseKey()), privateKey);
+        String requestBody = "";
+        if (!StringUtils.isEmpty(jsonRequest.getBody())) {
+            // 解密请求报文
+            try {
+                //vi值为18
+                requestBody = AESUtil.decrypt(jsonRequest.getBody(), aseKey, appId.substring(16));
+            } catch (Exception e) {
+                throw new RuntimeException("请求参数解密异常");
+            }
+            System.out.println("业务参数解密结果：" + requestBody);
+        }
+        //获取请求的id
+        String ipAddr = IpUtils.getIpAddr(((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest());
+        String isStrong = ipTimes.getString("is_strong");
+        String ip = ipTimes.getString("ip");
+        //是否是强校验
+        if ("Y".equals(isStrong)) {
+            if (!ipAddr.equals(ip)) {
+                return AjaxResult.error("ip不正确");
+            }
+        }
+        String today = DateUtils.getDate();
+        String redisKey = IP_TIMES + ip + ":" + today;
+        Integer cacheTimes = redisService.getCacheObject(redisKey);
+        if (cacheTimes == null) cacheTimes = 0;
+        int times = ipTimes.getIntValue("times");
+        if (++cacheTimes > times) {
+            log.error("ip:{}, 时间:{}, 访问超次数, 已经查询了 {} 次", ip, today, cacheTimes);
+            return AjaxResult.error("今日访问次数已用尽，请明日再试");
+        }
+
+        JSONObject jsonObject = JSONObject.parseObject(requestBody);
+        String idCard = jsonObject.getString("idCard");
+        JSONObject czrk = czrkMapper.getColumnNamesByIdCard(ipTimes.getString("column_names"), idCard);
+        if (czrk == null) {
+            log.error("ip:{}, 时间:{}, 根据idCard:{}, 未查询到信息, 已经查询了 {} 次", ip, today, idCard, cacheTimes);
+            return AjaxResult.error("根据身份证号码未查询到信息");
+        }
+
+        long time = DateUtils.getTodayEnd().getTime(), time1 = DateUtils.getNowDate().getTime();
+        redisService.setCacheObject(redisKey, cacheTimes, ((time - time1) / 1000), TimeUnit.SECONDS);
+        packAddr(czrk);
+
+        CzrkJzdz czrkJzdz = new CzrkJzdz();
+        czrkJzdz.setCzrkId(czrk.getLong("id"));
+        List<CzrkJzdz> czrkJzdzList = czrkJzdzService.selectCzrkJzdzList(czrkJzdz);
+        packCzrkJzdzAddr(czrkJzdzList);
+        czrk.put("czrkJzdzList", czrkJzdzList);
+        log.info("appKey:{}, appSecret:{}, idCard:{}， 查询到信息，czrk：{}", publicKey, privateKey, idCard, JSON.toJSONString(czrk));
         return AjaxResult.success(czrk);
     }
 
@@ -1061,12 +1179,13 @@ public class CzrkServiceImpl implements ICzrkService {
     }
 
     private void checkAuth(String appKey, String appSecret) {
-        if (isEmpty(appKey) || isEmpty(appSecret) ) {
+        if (isEmpty(appKey) || isEmpty(appSecret)) {
             throw new RuntimeException("appKey or appSecret must not be empty");
         }
     }
+
     private void checkIdCard(String idCard) {
-        if (isEmpty(idCard) ) {
+        if (isEmpty(idCard)) {
             throw new RuntimeException("idCard must not be empty");
         }
     }

boman-web-core/src/main/java/com/boman/web/core/service/czrk/ICzrkService.java

@@ -3,6 +3,7 @@ package com.boman.web.core.service.czrk;
 import com.alibaba.fastjson.JSONObject;
 import com.boman.domain.Czrk;
 import com.boman.domain.dto.AjaxResult;
+import com.boman.web.core.domain.JsonRequest;
 
 import java.util.List;
 
@@ -90,4 +91,5 @@ public interface ICzrkService {
     JSONObject hjczLine();
 
     AjaxResult getInfo(String appKey, String appSecret, String idCard);
+    AjaxResult getInfoJson(JsonRequest jsonRequest);
 }

boman-web-core/src/main/java/com/boman/web/core/service/ip/IpTimesService.java

@@ -2,6 +2,7 @@ package com.boman.web.core.service.ip;
 
 import com.alibaba.fastjson.JSONObject;
 import com.boman.domain.IpTimes;
+import com.boman.domain.dto.AjaxResult;
 
 import java.util.List;
 
@@ -16,8 +17,11 @@ public interface IpTimesService {
     JSONObject countByUsername(String username, String pwd);
     JSONObject getByIp(String ip);
 
-    int saveOrUpdate(JSONObject jsonObject);
+    AjaxResult saveOrUpdate(JSONObject jsonObject);
     int delete(Long[] idArr);
 
     List<JSONObject> getAllColumns(String tableName);
+
+    JSONObject selectByAppId(String appId);
+
 }

boman-web-core/src/main/java/com/boman/web/core/service/ip/IpTimesServiceImpl.java

@@ -4,6 +4,7 @@ import com.alibaba.fastjson.JSONObject;
 import com.boman.common.core.utils.obj.ObjectUtils;
 import com.boman.domain.IpTimes;
 import com.boman.domain.SysUser;
+import com.boman.domain.dto.AjaxResult;
 import com.boman.web.core.mapper.IpTimesMapper;
 import com.boman.web.core.utils.AuthUtils;
 import org.springframework.stereotype.Service;
@@ -43,19 +44,30 @@ public class IpTimesServiceImpl implements IpTimesService {
     }
 
     @Override
-    public int saveOrUpdate(JSONObject jsonObject) {
+    public AjaxResult saveOrUpdate(JSONObject jsonObject) {
         String userName = AuthUtils.getLoginUser().getSysUser().getUserName();
         Long id = jsonObject.getLong("id");
 //        ipTimes.setUpdateBy(userName);
-        jsonObject.put("update_by", userName);
-
         if (null == id) {
-//            ipTimes.setCreateBy(userName);
-            jsonObject.put("create_by", userName);
-            return mapper.save(jsonObject);
+            //判断ip地址是否存在
+            String ip = jsonObject.getString("ip");
+            JSONObject byIp = mapper.getByIp(ip);
+            if (byIp != null){
+                return AjaxResult.error("当前ip已存在");
+            }
+            jsonObject.put("createBy", userName);
+            mapper.save(jsonObject);
+            return AjaxResult.success();
         }
-
-        return mapper.update(jsonObject);
+        //判断ip地址是否重复
+        String ip = jsonObject.getString("ip");
+        JSONObject byIp = mapper.getByIp(ip);
+        if (byIp != null && !byIp.getString("ip").equals(ip)){
+            return AjaxResult.error("当前ip已存在");
+        }
+        jsonObject.put("updateBy", userName);
+        mapper.update(jsonObject);
+        return AjaxResult.success();
     }
 
     @Override
@@ -81,4 +93,9 @@ public class IpTimesServiceImpl implements IpTimesService {
 
         return result;
     }
+
+    @Override
+    public JSONObject selectByAppId(String appId) {
+        return mapper.getByAppId(appId);
+    }
 }

boman-web-core/src/main/java/com/boman/web/core/utils/AESUtil.java

@@ -0,0 +1,84 @@
+package com.boman.web.core.utils;
+
+import com.boman.web.core.domain.JsonRequest;
+import org.apache.tomcat.util.buf.HexUtils;
+import sun.misc.BASE64Decoder;
+import sun.misc.BASE64Encoder;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.util.HashMap;
+import java.util.Map;
+
+import static com.boman.web.core.utils.RSAUtil.getUUID32;
+
+/**
+ * @author tjf
+ * @Date: 2022/03/15/11:04
+ */
+public class AESUtil {
+    /**
+     * 加密
+     * @param content 加密文本
+     * @param key 加密密钥，appSecret的前16位
+     * @param iv 初始化向量，appSecret的后16位
+     * @return
+     * @throws Exception
+     */
+    public static String encrypt(String content, String key, String iv) throws Exception {
+        byte[] raw = key.getBytes();
+        SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
+        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); //"算法/模式/补码方式"
+        IvParameterSpec ivParam = new IvParameterSpec(iv.getBytes()); //使用CBC模式，需要一个向量iv，可增加加密算法的强度
+        cipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivParam);
+        byte[] encrypted = cipher.doFinal(content.getBytes());
+
+        return new BASE64Encoder().encode(encrypted);
+    }
+
+    //解密
+    public static String decrypt(String content, String key, String iv) throws Exception {
+        byte[] raw = key.getBytes();
+        SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
+        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding "); //"算法/模式/补码方式"
+        IvParameterSpec ivParam = new IvParameterSpec(iv.getBytes()); //使用CBC模式，需要一个向量iv，可增加加密算法的强度
+        cipher.init(Cipher.DECRYPT_MODE, skeySpec, ivParam);
+        byte[] encrypted = new BASE64Decoder().decodeBuffer(content); //先用base64解密
+        byte[] original = cipher.doFinal(encrypted);
+        return new String(original);
+    }
+
+    public static void main(String[] args) {
+        Map<String,Object> businessParams = new HashMap<>();
+        String aseKey ="6717c09c65fd487bb61e6710613faa20";
+        businessParams.put("idCard","110102196610122373");
+        try {
+            //参数加密
+            String encrypt = encrypt(JacksonUtil.beanToJson(businessParams), aseKey.substring(0, 16), aseKey.substring(16));
+            System.out.println(encrypt);
+            //对ase进行公钥加密
+            byte[] enStr = RSAUtil.encryptByPublicKey(aseKey.substring(0,16),"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5xiCI0UAPy1IZtjSTIW3atbIdtp07or7HybI8oxtgBwaSlZrpJ2daOtLhy+qndWHHD5ck1XG6K/QrZc28L5ITkJxldBclIIFZK7hi2lugbHL6hsgZl8Rs4fylfxmBNwIpOTJnifAbEBy2lSQSl2dcgofUDlWCchZMEZdi/EW1o3q+bP2pC0BEEacHfnyhpwzNjLXSJM7EDgbbgKZpVkNSaxR50nJ/Ma4BsrLUwAKCo3795MZZWX97ycceFc0DMGc3cvm04nXbvrgp57TeGLq1bjaqFOIf15dElzycVi8uwpAqJxkzU9BQb/cQsQHsrnjFo9NHXKUDayFPGVYvLljQIDAQAB");
+            //得到RSA公钥加密后的ase秘钥
+            String aseKeyStr = HexUtils.toHexString(enStr);
+            JsonRequest jsonRequest = new JsonRequest();
+            jsonRequest.setRequestId(getUUID32());
+            jsonRequest.setAppId(aseKey.substring(0, 16));
+            long l = System.currentTimeMillis();
+            System.out.println(l);
+            jsonRequest.setTimestamp(l);
+            jsonRequest.setAseKey(aseKeyStr);
+            System.out.println(aseKeyStr);
+            Map<String, Object> paramMap = RSAUtil.bean2Map(businessParams);
+            // 参数排序
+            Map<String, Object> sortedMap = RSAUtil.sort(paramMap);
+            // 拼接参数：key1Value1key2Value2
+            String urlParams = RSAUtil.groupStringParam(sortedMap);
+            //私钥签名
+            String sign = RSAUtil.sign(HexUtils.fromHexString(urlParams), "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCDnGIIjRQA/LUhm2NJMhbdq1sh22nTuivsfJsjyjG2AHBpKVmuknZ1o60uHL6qd1YccPlyTVcbor9CtlzbwvkhOQnGV0FyUggVkruGLaW6BscvqGyBmXxGzh/KV/GYE3Aik5MmeJ8BsQHLaVJBKXZ1yCh9QOVYJyFkwRl2L8RbWjer5s/akLQEQRpwd+fKGnDM2MtdIkzsQOBtuApmlWQ1JrFHnScn8xrgGystTAAoKjfv3kxllZf3vJxx4VzQMwZzdy+bTiddu+uCnntN4YurVuNqoU4h/Xl0SXPJxWLy7CkConGTNT0FBv9xCxAeyueMWj00dcpQNrIU8ZVi8uWNAgMBAAECggEARXs/CjKo1+iSG770SMVH6xk3EIXMtfm4jK4wHVH2spZCwlIRRaePIIYbvJdyVX6RGIzQNHb+QNnHzYmHNoIVkmORdIPGSntiRzljBPB+aNqBN/jb6APG536Uq/eH1XiVn7t3WT0e/P6c6u2cfkhMgNv9/DpRmht2dsG3Fn0bVfpfPpUDIZB398Pgxn0oRcYsMM/zTp+79yL5/tf5/8dSThCo+w6tkblnTg7LE8AgGrEYmMtgY48o+L/hOXPDDGOPYiTMFyMrf9A3OkRzAUy+DfToRt5iCZ4J/0jE6KgKv6JpNWB6ASOB813uTDBF4GtImXWw+mOVBZA71FpSbgM7IQKBgQDwRYupArc8CVf7BcDrydEfcPcTq5VEUo5hGYxJr9XkkCgTT8UgHZzfPYFvE0+Z6vGaSU+S7qHs73cL0XDwxbvpcZrTxtiSfcvnDLMepp4j/IyUKCY5Obg6McBjLj/9NGK0dlDAqq9Bz0sUGHF7hzbbVyydKDNy8wdvJX/CE/ncFQKBgQCMOeh0IwjGOTJxgbYoTqOdvU+7tuKky6JI+gVgAo5xNqcX4IoS5ARvp46im5Q0+F0x0zBXOlPJCyaskCdniKMM9BjhmvlebNrPuVWnn1sHD4pm98oxbkCHhEcbtdjoWPJaVbdlSvMBeG4XU0Dqw4jxClA2aTOz8J+uCi0iWaMpmQKBgFaw4Qkj/7TbsjDSDJ+Ge7uaaKtiN0MlflWugB1+IfCLysnc+ET0Kkupx2+qSghA6tc+KEXdb/MrG4raEKPu1DQQV0qd7jo8xTsiK+adO2XEk3xJWDFBkCT/GmkuoMvdANgX8F7ztrRJ9M7VWuy1BqfxNhmmDZol8cK6hvQhfP9ZAoGADe1ObgJww6c4oFderSAqVedQfPdMCUwEQTU7xW5bkVj5PYDalce5vREqNHI5RQ2JzAIKog8z9Rq7a5Yho8HJV+cCdZ27uKodDVZ98Fj+ZHQhrdpcZY5qsErt+Q2VjnYPE/PBdDj+a533aS+mmepztmTs1IqcTPnQEiwGkYvPjbkCgYEAyYajCNkwYLYiBNFP45pb82dAPedfitNBMKX7m51/mLjSnUefXkqROwWAn3Q1twifH3brw1mOb00nja7chYGYpvN7stKGZiZ5HuILJLUNYuKKLYkaespsVs7H9bRBC+ENdgWSUpKaDZc8eF2vC2e+drzKeevwSszDlNRTFaEBP9s=");
+            System.out.println(sign);
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

boman-web-core/src/main/java/com/boman/web/core/utils/JacksonUtil.java

@@ -0,0 +1,155 @@
+package com.boman.web.core.utils;
+
+import com.alibaba.fastjson.TypeReference;
+import com.boman.common.core.utils.StringUtils;
+import com.fasterxml.jackson.databind.JavaType;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import lombok.extern.slf4j.Slf4j;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @author tjf
+ * @Date: 2022/03/15/11:07
+ */
+@Slf4j
+public class JacksonUtil {
+    private static ObjectMapper objectMapper = new ObjectMapper();
+
+    /**
+     * 对象转换成json
+     *
+     * @param obj
+     * @param <T>
+     * @return
+     */
+    public static <T> String beanToJson(T obj) {
+        if (obj == null) {
+            return null;
+        }
+        try {
+            return obj instanceof String ? (String) obj : objectMapper.writeValueAsString(obj);
+        } catch (Exception e) {
+            log.error("beanToJson error", e);
+            e.printStackTrace();
+            return null;
+        }
+    }
+
+    /**
+     * 将JSON字符串根据指定的Class反序列化成Java对象。
+     *
+     * @param json      JSON字符串
+     * @param pojoClass Java对象Class
+     * @return 反序列化生成的Java对象
+     * @throws Exception 如果反序列化过程中发生错误，将抛出异常
+     */
+    public static Object decode(String json, Class<?> pojoClass)
+            throws Exception {
+        try {
+            return objectMapper.readValue(json, pojoClass);
+        } catch (Exception e) {
+            throw e;
+        }
+    }
+
+    /**
+     * 将JSON字符串根据指定的Class反序列化成Java对象。
+     *
+     * @param json      JSON字符串
+     * @param reference 类型引用
+     * @return 反序列化生成的Java对象
+     * @throws Exception 如果反序列化过程中发生错误，将抛出异常
+     */
+    public static Object decode(String json, TypeReference<?> reference) throws Exception {
+        try {
+            return objectMapper.readValue(json, reference.getClass());
+        } catch (Exception e) {
+            throw e;
+        }
+    }
+
+    /**
+     * 将Java对象序列化成JSON字符串。
+     *
+     * @param obj 待序列化生成JSON字符串的Java对象
+     * @return JSON字符串
+     * @throws Exception 如果序列化过程中发生错误，将抛出异常
+     */
+    public static String encode(Object obj) throws Exception {
+        try {
+            return objectMapper.writeValueAsString(obj);
+        } catch (Exception e) {
+            throw e;
+        }
+    }
+
+    /**
+     * 对象转换成格式化的json
+     *
+     * @param obj
+     * @param <T>
+     * @return
+     */
+    public static <T> String beanToJsonPretty(T obj) {
+        if (obj == null) {
+            return null;
+        }
+        try {
+            return obj instanceof String ? (String) obj : objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(obj);
+        } catch (Exception e) {
+            log.error("beanToJsonPretty error", e);
+            e.printStackTrace();
+            return null;
+        }
+    }
+
+
+    /**
+     * 将json转换成对象Class
+     *
+     * @param str
+     * @param clazz
+     * @param <T>
+     * @return
+     */
+    public static <T> T jsonToBean(String str, Class<T> clazz) {
+        if (StringUtils.isEmpty(str) || clazz == null) {
+            return null;
+        }
+        try {
+            return clazz.equals(String.class) ? (T) str : objectMapper.readValue(str, clazz);
+        } catch (Exception e) {
+            log.error("jsonToBean error", e);
+            e.printStackTrace();
+            return null;
+        }
+    }
+
+    /**
+     * 将json转换为对象集合
+     *
+     * @param str
+     * @param clazz
+     * @param <T>
+     * @return
+     */
+    public static <T> List<T> jsonToBeanList(String str, Class<T> clazz) {
+        if (StringUtils.isEmpty(str) || clazz == null) {
+            return null;
+        }
+        JavaType javaType = getCollectionType(ArrayList.class, clazz);
+        try {
+            return objectMapper.readValue(str, javaType);
+        } catch (IOException e) {
+            log.error("jsonToBeanList error", e);
+            e.printStackTrace();
+            return null;
+        }
+    }
+    public static JavaType getCollectionType(Class<?> collectionClass, Class<?>... elementClasses) {
+        return objectMapper.getTypeFactory().constructParametricType(collectionClass, elementClasses);
+    }
+}

boman-web-core/src/main/java/com/boman/web/core/utils/RSAUtil.java

@@ -0,0 +1,366 @@
+package com.boman.web.core.utils;
+
+import com.alibaba.fastjson.JSON;
+import com.boman.web.core.domain.JsonRequest;
+import org.apache.tomcat.util.buf.HexUtils;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import javax.crypto.Cipher;
+import java.beans.BeanInfo;
+import java.beans.Introspector;
+import java.beans.PropertyDescriptor;
+import java.lang.reflect.Method;
+import java.security.*;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.*;
+
+/**
+ * @author tjf
+ * @Date: 2022/03/15/11:05
+ */
+
+public class RSAUtil {
+    /**
+     * 定义加密方式
+     */
+    private final static String KEY_RSA = "RSA";
+    /**
+     * 定义签名算法
+     */
+    private final static String KEY_RSA_SIGNATURE = "MD5withRSA";
+    /**
+     * 定义公钥算法
+     */
+    private final static String KEY_RSA_PUBLICKEY = "RSAPublicKey";
+    /**
+     * 定义私钥算法
+     */
+    private final static String KEY_RSA_PRIVATEKEY = "RSAPrivateKey";
+
+    static {
+        Security.addProvider(new BouncyCastleProvider());
+    }
+
+    /**
+     * 初始化密钥
+     */
+    public static Map<String, Object> init() {
+        Map<String, Object> map = null;
+        try {
+            KeyPairGenerator generator = KeyPairGenerator.getInstance(KEY_RSA);
+            generator.initialize(2048);
+            KeyPair keyPair = generator.generateKeyPair();
+            // 公钥
+            RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
+            // 私钥
+            RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
+            // 将密钥封装为map
+            map = new HashMap<>();
+            map.put(KEY_RSA_PUBLICKEY, publicKey);
+            map.put(KEY_RSA_PRIVATEKEY, privateKey);
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+        }
+        return map;
+    }
+
+    /**
+     * 公钥加密
+     *
+     * @param data 待加密数据
+     * @param key  公钥
+     */
+    public static byte[] encryptByPublicKey(String data, String key) {
+        byte[] result = null;
+        try {
+            byte[] bytes = decryptBase64(key);
+            // 取得公钥
+            X509EncodedKeySpec keySpec = new X509EncodedKeySpec(bytes);
+            KeyFactory factory = KeyFactory.getInstance(KEY_RSA);
+            PublicKey publicKey = factory.generatePublic(keySpec);
+            // 对数据加密
+            Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
+
+            cipher.init(Cipher.ENCRYPT_MODE, publicKey);
+            byte[] encode = cipher.doFinal(data.getBytes());
+            // 再进行Base64加密
+            result = Base64.getEncoder().encode(encode);
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return result;
+    }
+
+    /**
+     * 私钥解密
+     *
+     * @param data 加密数据
+     * @param key  私钥
+     */
+    public static String decryptByPrivateKey(byte[] data, String key) {
+        String result = null;
+        try {
+            // 对私钥解密
+            byte[] bytes = decryptBase64(key);
+            // 取得私钥
+            PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(bytes);
+            KeyFactory factory = KeyFactory.getInstance(KEY_RSA);
+            PrivateKey privateKey = factory.generatePrivate(keySpec);
+            // 对数据解密
+            Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
+            cipher.init(Cipher.DECRYPT_MODE, privateKey);
+            // 先Base64解密
+            byte[] decoded = Base64.getDecoder().decode(data);
+            result = new String(cipher.doFinal(decoded));
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return result;
+    }
+
+
+    /**
+     * 获取公钥
+     */
+    public static String getPublicKey(Map<String, Object> map) {
+        String str = "";
+        try {
+            Key key = (Key) map.get(KEY_RSA_PUBLICKEY);
+            str = encryptBase64(key.getEncoded());
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return str;
+    }
+
+    /**
+     * 获取私钥
+     */
+    public static String getPrivateKey(Map<String, Object> map) {
+        String str = "";
+        try {
+            Key key = (Key) map.get(KEY_RSA_PRIVATEKEY);
+            str = encryptBase64(key.getEncoded());
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return str;
+    }
+
+    /**
+     * 用私钥对信息生成数字签名
+     *
+     * @param data       加密数据
+     * @param privateKey 私钥
+     */
+    public static String sign(byte[] data, String privateKey) {
+        String str = "";
+        try {
+            // 解密由base64编码的私钥
+            byte[] bytes = decryptBase64(privateKey);
+            // 构造PKCS8EncodedKeySpec对象
+            PKCS8EncodedKeySpec pkcs = new PKCS8EncodedKeySpec(bytes);
+            // 指定的加密算法
+            KeyFactory factory = KeyFactory.getInstance(KEY_RSA);
+            // 取私钥对象
+            PrivateKey key = factory.generatePrivate(pkcs);
+            // 用私钥对信息生成数字签名
+            Signature signature = Signature.getInstance(KEY_RSA_SIGNATURE);
+            signature.initSign(key);
+            signature.update(data);
+            str = encryptBase64(signature.sign());
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return str;
+    }
+
+    /**
+     * 校验数字签名
+     *
+     * @param data      加密数据
+     * @param publicKey 公钥
+     * @param sign      数字签名
+     * @return 校验成功返回true，失败返回false
+     */
+    public static boolean verify(byte[] data, String publicKey, String sign) {
+        boolean flag = false;
+        try {
+            // 解密由base64编码的公钥
+            byte[] bytes = decryptBase64(publicKey);
+            // 构造X509EncodedKeySpec对象
+            X509EncodedKeySpec keySpec = new X509EncodedKeySpec(bytes);
+            // 指定的加密算法
+            KeyFactory factory = KeyFactory.getInstance(KEY_RSA);
+            // 取公钥对象
+            PublicKey key = factory.generatePublic(keySpec);
+            // 用公钥验证数字签名
+            Signature signature = Signature.getInstance(KEY_RSA_SIGNATURE);
+            signature.initVerify(key);
+            signature.update(data);
+            flag = signature.verify(decryptBase64(sign));
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return flag;
+    }
+
+
+    /**
+     * BASE64 解密
+     *
+     * @param key 需要解密的字符串
+     * @return 字节数组
+     */
+    public static byte[] decryptBase64(String key) throws Exception {
+        return Base64.getDecoder().decode(key);
+    }
+
+    /**
+     * BASE64 加密
+     *
+     * @param key 需要加密的字节数组
+     * @return 字符串
+     */
+    public static String encryptBase64(byte[] key) throws Exception {
+        return new String(Base64.getEncoder().encode(key));
+    }
+
+    /**
+     * 按照红黑树（Red-Black tree）的 NavigableMap 实现
+     * 按照字母大小排序
+     */
+    public static Map<String, Object> sort(Map<String, Object> map) {
+        if (map == null) {
+            return null;
+        }
+        Map<String, Object> result = new TreeMap<>((Comparator<String>) (o1, o2) -> {
+            return o1.compareTo(o2);
+        });
+        result.putAll(map);
+        return result;
+    }
+
+    /**
+     * 组合参数
+     *
+     * @param map
+     * @return 如：key1Value1Key2Value2....
+     */
+    public static String groupStringParam(Map<String, Object> map) {
+        if (map == null) {
+            return null;
+        }
+        StringBuffer sb = new StringBuffer();
+        for (Map.Entry<String, Object> item : map.entrySet()) {
+            if (item.getValue() != null) {
+                sb.append(item.getKey());
+                if (item.getValue() instanceof List) {
+                    sb.append(JSON.toJSONString(item.getValue()));
+                } else {
+                    sb.append(item.getValue());
+                }
+            }
+        }
+        return sb.toString();
+    }
+
+    /**
+     * bean转map
+     * @param obj
+     * @return
+     */
+    public static Map<String, Object> bean2Map(Object obj) {
+        if (obj == null) {
+            return null;
+        }
+        Map<String, Object> map = new HashMap<>();
+        try {
+            BeanInfo beanInfo = Introspector.getBeanInfo(obj.getClass());
+            PropertyDescriptor[] propertyDescriptors = beanInfo.getPropertyDescriptors();
+            for (PropertyDescriptor property : propertyDescriptors) {
+                String key = property.getName();
+                // 过滤class属性
+                if (!key.equals("class")) {
+                    // 得到property对应的getter方法
+                    Method getter = property.getReadMethod();
+                    Object value = getter.invoke(obj);
+                    if (value != null) {
+                        continue;
+                    }
+                    map.put(key, value);
+                }
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return map;
+    }
+
+    public static String getUUID32() {
+        String uuid = UUID.randomUUID().toString();
+        uuid = uuid.replace("-", "");
+        return uuid;
+    }
+    public static void main(String[] args) throws Exception {
+        //业务参数
+        Map<String,Object>  businessParams = new HashMap<>();
+        businessParams.put("id_card","340104");
+        String appId = getUUID32();
+        //使用appId的前16位作为AES密钥，并对密钥进行rsa公钥加密
+        String aseKey = appId.substring(0, 16);
+        Map<String, Object> init = init();
+        String privateKey = getPrivateKey(init);
+        String publicKey = getPublicKey(init);
+        System.out.println("公钥:"+publicKey);
+        System.out.println("私钥:"+privateKey);
+        System.out.println("ase秘钥:"+aseKey);
+        System.out.println("公钥加密======私钥解密");
+        //对ase进行公钥加密
+        byte[] enStr = RSAUtil.encryptByPublicKey(aseKey, publicKey);
+        //得到RSA公钥加密后的ase秘钥
+        String aseKeyStr = HexUtils.toHexString(enStr);
+        System.out.println("RSA公钥加密后的ase秘钥:"+aseKeyStr);
+        byte[] bytes = HexUtils.fromHexString(aseKeyStr);
+        String decStr = RSAUtil.decryptByPrivateKey(bytes, privateKey);
+        System.out.println("RSA私钥解密密后的ase秘钥:"+decStr);
+        System.out.println("\n\r");
+        System.out.println("私钥签名======公钥验证");
+        JsonRequest jsonRequest = new JsonRequest();
+        jsonRequest.setRequestId(getUUID32());
+        jsonRequest.setAppId(appId);
+        jsonRequest.setTimestamp(System.currentTimeMillis());
+        jsonRequest.setAseKey(aseKeyStr);
+        //请求的业务参数进行加密
+        String body = "";
+        try {
+            body = AESUtil.encrypt(JacksonUtil.beanToJson(businessParams), aseKey, appId.substring(16));
+        } catch (Exception e) {
+            throw new RuntimeException("报文加密异常", e);
+        }
+        jsonRequest.setBody(body);
+        //签名
+        Map<String, Object> paramMap = RSAUtil.bean2Map(jsonRequest);
+        // 参数排序
+        Map<String, Object> sortedMap = RSAUtil.sort(paramMap);
+        // 拼接参数：key1Value1key2Value2
+        String urlParams = RSAUtil.groupStringParam(sortedMap);
+        //私钥签名
+        String sign = RSAUtil.sign(HexUtils.fromHexString(urlParams), privateKey);
+        jsonRequest.setSign(sign);
+        System.out.println("签名：\n\r" + sign);
+        boolean flag = RSAUtil.verify(HexUtils.fromHexString(urlParams), publicKey, sign);
+        System.out.println("验签结果：\n\r" + flag);
+        System.out.println("==============解密参数============");
+        // 解密请求报文
+        String requestBody = "";
+        try {
+            requestBody = AESUtil.decrypt(jsonRequest.getBody(), decStr, jsonRequest.getAppId().substring(16));
+            System.out.println("参数:"+requestBody);
+        } catch (Exception e) {
+            throw new RuntimeException("请求参数解密异常");
+        }
+    }
+}

boman-web-core/src/main/resources/mapper/CzrkMapper.xml

@@ -545,7 +545,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
         where house_type = '是' and code = #{code} limit 1;
     </select>
 
-    <select id="getColumnNamesByIdCard" resultMap="CzrkResult">
+    <select id="getColumnNamesByIdCard" resultType="object">
         SELECT id, ${columnNames}
         from czrk
         where id_card = #{idCard} limit 1;

boman-web-core/src/main/resources/mapper/IpTimesMapper.xml

@@ -9,48 +9,62 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
     </delete>
 
     <select id="list" resultType="com.alibaba.fastjson.JSONObject">
-        select * from ip_times
-        where 1 = 1
+         select id,app_id as appId,ip, table_name as tableName,times ,column_names as columnNames,app_key as appKey,app_secret as appSecret,is_strong as isStrong from ip_times
+        <where>
         <if test="ip != null and ip != ''">
             and ip like concat('%', #{ip},'%')
         </if>
         <if test="times != null">
             and times = #{times}
         </if>
+        </where>
     </select>
 
     <select id="getById" resultType="com.alibaba.fastjson.JSONObject">
-        select * from ip_times where id = #{id}
+        select id,app_id as appId,ip, table_name as tableName,times ,column_names as columnNames,app_key as appKey,app_secret as appSecret,is_strong as isStrong from ip_times where id = #{id}
     </select>
     <select id="getByIp" resultType="com.alibaba.fastjson.JSONObject">
-        select * from ip_times where ip = #{ip} limit 1;
+        select id,app_id as appId,ip, table_name as tableName,times ,column_names as columnNames,app_key as appKey,app_secret as appSecret,is_strong as isStrong from ip_times where ip = #{ip} limit 1;
     </select>
 
+    <select id="getByAppId" resultType="com.alibaba.fastjson.JSONObject">
+        select app_key,app_secret,is_strong,ip,times,column_names from ip_times where app_id = #{appId} limit 1;
+    </select>
     <select id="getAllColumns" resultType="com.alibaba.fastjson.JSONObject">
         show full columns from czrk;
     </select>
 
     <select id="countByUsername" resultType="com.alibaba.fastjson.JSONObject">
-        select * from ip_times where username = #{username} and pwd = #{pwd};
+        select id,app_id as appId,ip, table_name as tableName,times ,column_names as columnNames,app_key as appKey,app_secret as appSecret,is_strong as isStrong from ip_times where app_key = #{app_key} and app_secret = #{app_secret};
     </select>
 
     <insert id="save">
         insert into ip_times
         <trim prefix="(" suffix=")" suffixOverrides=",">
             <if test="ip != null">ip,</if>
+            <if test="appId != null">app_id,</if>
+            <if test="tableName != null">table_name,</if>
             <if test="times != null">times,</if>
-            <if test="column_names != null">column_names,</if>
-            <if test="create_by != null">create_by,</if>
-            <if test="update_by != null">update_by,</if>
-            create_time, update_time
+            <if test="columnNames != null">column_names,</if>
+            <if test="appKey != null">app_key,</if>
+            <if test="appSecret != null">app_secret,</if>
+            <if test="isStrong != null">is_strong,</if>
+            <if test="createBy != null">create_by,</if>
+            <if test="updateBy != null">update_by,</if>
+            create_time
         </trim>
         <trim prefix="values (" suffix=")" suffixOverrides=",">
             <if test="ip != null">#{ip},</if>
+            <if test="appId != null">#{appId},</if>
+            <if test="tableName != null">#{tableName},</if>
             <if test="times != null">#{times},</if>
-            <if test="column_names != null">#{column_names},</if>
-            <if test="create_by != null">#{create_by},</if>
-            <if test="update_by != null">#{update_by},</if>
-            sysdate(), sysdate()
+            <if test="columnNames != null">#{columnNames},</if>
+            <if test="appKey != null">#{appKey},</if>
+            <if test="appSecret != null">#{appSecret},</if>
+            <if test="isStrong != null">#{isStrong},</if>
+            <if test="createBy != null">#{createBy},</if>
+            <if test="updateBy != null">#{updateBy},</if>
+            sysdate()
         </trim>
     </insert>
 
@@ -58,10 +72,16 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
         update ip_times
         <trim prefix="SET" suffixOverrides=",">
             <if test="ip != null">ip = #{ip},</if>
+            <if test="appId != null">app_id = #{appId},</if>
             <if test="times != null">times = #{times},</if>
-            <if test="column_names != null">column_names = #{column_names},</if>
-            <if test="create_by != null">create_by = #{create_by},</if>
-            <if test="update_by != null">update_by = #{update_by},</if>
+            <if test="tableName != null">table_name = #{tableName},</if>
+            <if test="columnNames != null">column_names = #{columnNames},</if>
+            <if test="appKey != null and appKey != ''">app_key = #{appKey},</if>
+            <if test="appSecret != null and appSecret != ''">app_secret = #{appSecret},</if>
+            <if test="isStrong != null and isStrong !=''">is_strong = #{isStrong},</if>
+            <if test="createBy != null">create_by = #{createBy},</if>
+            <if test="updateBy != null">update_by = #{updateBy},</if>
+            <if test="updateTime != null and updateTime != ''">update_time = SYSDATE()</if>
         </trim>
         where id = #{id}
     </update>