📄 .#fetionssomanager.java.1.6
字号:
package com.cmcc.server;
import java.text.MessageFormat;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.List;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.cmcc.bean.CredenResult;
import com.cmcc.bean.EncryptedByte;
import com.cmcc.bean.EncryptedByteV2;
import com.cmcc.bean.EncryptedData;
import com.cmcc.bean.EncryptedDataV2;
import com.cmcc.common.util.AES;
import com.cmcc.common.util.BASE64;
import com.cmcc.common.util.ByteConvert;
import com.cmcc.common.util.CommConstant;
import com.cmcc.common.util.DES;
import com.cmcc.common.util.IpUtil;
import com.cmcc.common.util.LogUtil;
import com.cmcc.common.util.MobileUtil;
import com.cmcc.common.util.StringUtil;
import com.cmcc.hibernate.GcfgSsikeys;
import com.cmcc.util.Constant;
import com.cmcc.util.CookieUtils;
import com.cmcc.util.SpringHelper;
import com.cmcc.ws.info.UserInfo;
public class FetionSsoManager {
private HttpServletRequest request;
private HttpServletResponse response;
public FetionSsoManager(){
}
public FetionSsoManager(HttpServletRequest request,
HttpServletResponse response) {
this.request = request;
this.response = response;
}
/**
* 直接从本域中查找 SsoId
* @return
*/
public String getSsoIdByDomain() {
String ssoidkey = getSsoidKey();
Cookie cookie = CookieUtils.findCookie(ssoidkey, request);
if (cookie != null) {
String cookievalue = cookie.getValue();
if (cookievalue.length() >= 2) {
char beginch = cookievalue.charAt(0);
char endch = cookievalue.charAt(cookievalue.length() - 1);
if (beginch == '"' && endch == '"') {
cookievalue = cookievalue.substring(1, cookievalue.length() - 1);
}
}
return cookievalue;
}
return null;
}
public void logout() {
response.addCookie(createSSOCookie(null, 0));
}
private Cookie createSSOCookie(String ssoid, int maxAge) {
String ssoidkey = Constant.SSO_ID_KEY;
Cookie cookie = new Cookie(ssoidkey, ssoid);
cookie.setMaxAge(maxAge);
cookie.setDomain(Constant.SSO_SERVER_DOMAIN);
cookie.setPath("/");
return cookie;
}
private String getSsoidKey() {
MessageFormat mf = new MessageFormat(Constant.SSO_ID_KEY);
String domain = StringUtil.getValue(request.getParameter(Constant.P_DOMAIN));
String ssoidkey = mf.format(new String[]{domain});
return ssoidkey;
}
/**
* return 返回解密后的串
*/
public String getDecryptSsoId() {
/* 查找核心域cookie */
String coredomain = Constant.SSO_SERVER_DOMAIN;
GcfgSsikeys coressikey = Constant.ssikeyMap.get(coredomain);
if(coressikey==null) {
List<GcfgSsikeys> list = SpringHelper.getFetionSsoService().getSsikeysList();
for (int i = 0; i<list.size(); i++) {
coressikey = (GcfgSsikeys)list.get(i);
if(coressikey.getDomain().equals(coredomain)) {
break;
}
}
}
if (coressikey == null) {
return null;
}
String ssoidkey = Constant.SSO_ID_KEY;
Cookie cookie = CookieUtils.findCookie(ssoidkey, request);
if (cookie != null) {
/* 解析获取飞信号 */
String cookievalue = cookie.getValue();
if (cookievalue.length() >= 2) {
char beginch = cookievalue.charAt(0);
char endch = cookievalue.charAt(cookievalue.length() - 1);
if (beginch == '"' && endch == '"') {
cookievalue = cookievalue.substring(1, cookievalue.length() - 1);
}
}
}
return null;
}
public String getSsoidKey(String domain) {
MessageFormat mf = new MessageFormat(Constant.SSO_ID_KEY);
String ssoidkey = mf.format(new String[]{domain});
return ssoidkey;
}
/**
* 根据c来取核心域的信息
* @param c
* @return
*/
private CredenResult getCoreEncryptedData(String c) {
CredenResult result = new CredenResult();
result.setType("0");
try {
String coredomain = Constant.SSO_SERVER_DOMAIN;
GcfgSsikeys coressikey = Constant.ssikeyMap.get(coredomain);
if(coressikey==null) {
List<GcfgSsikeys> list = SpringHelper.getFetionSsoService().getSsikeysList();
for (int i = 0; i<list.size(); i++) {
coressikey = (GcfgSsikeys)list.get(i);
if(coressikey.getDomain().equals(coredomain)) {
break;
}
}
}
if (coressikey == null) {
return result;
}
/* 解析核心域的Credentail */
String corecreden = c.replaceAll(" ", "+");
byte[] bcorecreden = BASE64.getFromBASE64(corecreden);
/* Flag = bCoreCredentail[0]
* bit3:1为第二类凭证,0为第一类凭证(bit "1000" = 8);
* bit0-bit1 key "11" = 3 */
int flag = bcorecreden[0] & 8;
int keyid = bcorecreden[0] & 3;
String key = "";
int credenLevel = 0;
if (flag == 0) {
credenLevel = 1;
} else {
credenLevel = 2;
}
if (keyid == 0) {
key = coressikey.getKey0();
} else if (keyid == 1) {
key = coressikey.getKey1();
} else if (keyid == 2) {
key = coressikey.getKey2();
}
if (key == null || "".equals(key) || bcorecreden.length <= 5) {
return result;
}
byte[] bencrypted = new byte[bcorecreden.length - 5];
System.arraycopy(bcorecreden, 5, bencrypted, 0, bcorecreden.length - 5);
/* 解析一类凭证,以及二类凭证 */
if (credenLevel == 1) {
DES des = new DES();
byte[] outBuff = des.decryptByDES(bencrypted, ByteConvert.getKeyByStr(key));
EncryptedData data = des.byte2date(outBuff);
if (data != null) {
result.setType("1");
result.setData(data);
}
} else if (credenLevel == 2) {
AES aes = new AES();
byte[] outBuff;
outBuff = AES.decrypt(bencrypted, key);
EncryptedDataV2 data = aes.byte2date(outBuff);
if (data != null) {
result.setType("2");
result.setData(data);
}
}
if (!"0".equals(result.getType())) {
this.updCoreEncryptedData(result, coressikey);
}
} catch (Exception ex) {
ex.printStackTrace();
}
return result;
}
/**
* 更新核心域的认证串
* @param data
*/
private void updCoreEncryptedData(CredenResult credendata, GcfgSsikeys ssikey) {
byte[] outBuff, inBuff, credenBuff, etimeBuff;
int keyid = ssikey.getFlag() & 3;
String key = "";
if (keyid == 0) {
key = ssikey.getKey0();
} else if (keyid == 1) {
key = ssikey.getKey1();
} else if (keyid == 2) {
key = ssikey.getKey2();
}
Date now = new Date();
String clientip = request.getRemoteAddr();
try {
if ("1".equals(credendata.getType())) {
DES des = new DES();
EncryptedData data = (EncryptedData)credendata.getData();
/* 更新核心库的认证串 */
EncryptedByte encryptedbyte = new EncryptedByte();
encryptedbyte.setUserType(data.getUserType());
encryptedbyte.setUserUri(data.getUserUri());
encryptedbyte.setDomain(data.getDomain());
encryptedbyte.setUserIp(data.getUserIp());
encryptedbyte.setUserMobileNo(data.getUserMobileNo());
encryptedbyte.setSignInTime(now.getTime());
encryptedbyte.setSignInTimeOut(now.getTime() + Constant.SSO_COOKIE_MAXAGE);
encryptedbyte.setUserSid(data.getUserSid());
encryptedbyte.setUserStatus(data.getUserStatus());
/* 加密的byte[] */
inBuff = des.data2Byte(encryptedbyte);
outBuff = des.encryptByDES(inBuff, ByteConvert.getKeyByStr(key));
/* Flag,ExpireTime 加入字节 */
credenBuff = new byte[outBuff.length + 5];
credenBuff[0] = (byte)ssikey.getFlag().intValue();
etimeBuff = ByteConvert.int2byte(Constant.SSO_COOKIE_MAXAGE);
System.arraycopy(etimeBuff, 0, credenBuff, 1, etimeBuff.length);
System.arraycopy(outBuff, 0, credenBuff, 5, outBuff.length);
/* 存入cookie */
this.createSSOCookie(BASE64.getBASE64(credenBuff), Constant.SSO_COOKIE_MAXAGE);
} else if ("2".equals(credendata.getType())) {
EncryptedDataV2 encryptedDataV2 = (EncryptedDataV2)credendata.getData();
EncryptedByteV2 datav2 = new EncryptedByteV2();
datav2.setUserTypeV2(Constant.USER_TYPE_V2);
datav2.setCreateTime(now.getTime());
// datav2.setExpireTime(now.getTime() + Constant.SSO_COOKIE_MAXAGE);
datav2.setExpireTime(ssikey.getExpiretime().getTime());
datav2.setSid(encryptedDataV2.getSid());
datav2.setMobile(encryptedDataV2.getMobile());
datav2.setLogicalPoolId(encryptedDataV2.getLogicalPoolId());
long lip = IpUtil.ipToLongValue(clientip);
datav2.setUserIp(lip);
datav2.setUserStatusV2(encryptedDataV2.getUserStatusV2());
datav2.setUserTypeV2((byte)0);
inBuff = AES.encrypt(datav2.getByteV2(), key);
outBuff = AES.decrypt(inBuff, key);
/* Flag,ExpireTime 加入字节 */
credenBuff = new byte[outBuff.length + 5];
credenBuff[0] = (byte)ssikey.getFlag().intValue();
etimeBuff = ByteConvert.int2byte(Constant.SSO_COOKIE_MAXAGE);
System.arraycopy(etimeBuff, 0, credenBuff, 1, etimeBuff.length);
System.arraycopy(outBuff, 0, credenBuff, 5, outBuff.length);
/* 存入cookie */
this.createSSOCookie(BASE64.getBASE64(credenBuff), Constant.SSO_COOKIE_MAXAGE);
}
} catch (Exception ex) {
ex.printStackTrace();
}
}
/**
* 生成核心域的认证串存入cookie
* @param users
*/
public String createCoreCreden(UserInfo user, String usertype) {
String result = "";
String coredomain = Constant.SSO_SERVER_DOMAIN;
GcfgSsikeys coressikey = Constant.ssikeyMap.get(coredomain);
if(coressikey==null) {
List<GcfgSsikeys> list = SpringHelper.getFetionSsoService().getSsikeysList();
for (int i = 0; i<list.size(); i++) {
coressikey = (GcfgSsikeys)list.get(i);
if(coressikey.getDomain().equals(coredomain)) {
break;
}
}
}
if (coressikey == null) {
return result;
}
int flag = coressikey.getFlag() & 8;
int keyid = coressikey.getFlag() & 3;
String key = "";
int credenLevel = 0;
if (flag == 0) {
credenLevel = 1;
} else {
credenLevel = 2;
}
if (keyid == 0) {
key = coressikey.getKey0();
} else if (keyid == 1) {
key = coressikey.getKey1();
} else if (keyid == 2) {
key = coressikey.getKey2();
}
Date now = new Date();
String uri = request.getRequestURI();
String domain = StringUtil.getValue(request.getParameter("domain"));
String clientip = request.getRemoteAddr();
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -