From a1b880f817d6ee848428578a29025bf316f03380 Mon Sep 17 00:00:00 2001 From: sh Date: Tue, 7 Apr 2026 18:26:41 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=9C=BA=E5=AF=86=E6=80=A7?= =?UTF-8?q?=E5=92=8C=E5=AE=8C=E6=95=B4=E6=80=A7=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../cms/service/impl/CompanyServiceImpl.java | 2 + .../cms/util/encrypt/QuickValidUtils.java | 38 +++++++++---------- .../resources/mapper/app/AppUserMapper.xml | 7 +++- .../common/utils/EncryptDecryptUtil.java | 9 ++++- .../web/service/SysLoginService.java | 37 +++++++++++++----- 5 files changed, 62 insertions(+), 31 deletions(-) diff --git a/ruoyi-bussiness/src/main/java/com/ruoyi/cms/service/impl/CompanyServiceImpl.java b/ruoyi-bussiness/src/main/java/com/ruoyi/cms/service/impl/CompanyServiceImpl.java index 1a160ca..825a3a9 100644 --- a/ruoyi-bussiness/src/main/java/com/ruoyi/cms/service/impl/CompanyServiceImpl.java +++ b/ruoyi-bussiness/src/main/java/com/ruoyi/cms/service/impl/CompanyServiceImpl.java @@ -64,6 +64,8 @@ public class CompanyServiceImpl extends ServiceImpl impl public Company selectCompanyByCompanyId(Long companyId) { Company company = companyMapper.selectById(companyId); + //验证手机号和身份证 + QuickValidUtils.legalPhoneOrIdCardValid(company); Long userId=null; try { LoginUser loginUser = SecurityUtils.getLoginUser(); diff --git a/ruoyi-bussiness/src/main/java/com/ruoyi/cms/util/encrypt/QuickValidUtils.java b/ruoyi-bussiness/src/main/java/com/ruoyi/cms/util/encrypt/QuickValidUtils.java index 3b669af..4dd5d00 100644 --- a/ruoyi-bussiness/src/main/java/com/ruoyi/cms/util/encrypt/QuickValidUtils.java +++ b/ruoyi-bussiness/src/main/java/com/ruoyi/cms/util/encrypt/QuickValidUtils.java @@ -123,7 +123,7 @@ public class QuickValidUtils { try { if (!StringUtils.isBlank(company.getLegalPhone())) { phone = sm4Decrypt(company.getLegalPhoneEncrypt()); - phoneTrue = sm3Verify(phone, company.getLegalPhoneCipher()); + phoneTrue = sm3Verify(company.getLegalPhone(), company.getLegalPhoneCipher()); //company.setLegalPhone(phone); } if (!StringUtils.isBlank(company.getLegalIdCard())) { @@ -136,10 +136,10 @@ public class QuickValidUtils { } } catch (CryptoClient.CryptoException e) { log.error("企业法人手机号/身份证解密失败", e); - throw new RuntimeException("解密失败:" + e.getMessage(), e); + throw new RuntimeException("解密失败:" + "解密失败,完整性校验失败", e); } catch (Exception e1) { log.error("企业法人手机号/身份证验签失败", e1); - throw new RuntimeException("验签失败:" + e1.getMessage(), e1); + throw new RuntimeException("验签失败:" + "解密失败,完整性校验失败", e1); } } @@ -168,10 +168,10 @@ public class QuickValidUtils { } } catch (CryptoClient.CryptoException e) { log.error("企业和个人手机号/身份证解密失败", e); - throw new RuntimeException("解密失败:" + e.getMessage(), e); + throw new RuntimeException("解密失败:" + "解密失败,完整性校验失败", e); } catch (Exception e1) { log.error("企业和个人手机号/身份证验签失败", e1); - throw new RuntimeException("验签失败:" + e1.getMessage(), e1); + throw new RuntimeException("验签失败:" + "解密失败,完整性校验失败", e1); } } @@ -193,10 +193,10 @@ public class QuickValidUtils { } } catch (CryptoClient.CryptoException e) { log.error("企业联系人手机号解密失败", e); - throw new RuntimeException("用户信息解密失败:" + e.getMessage(), e); + throw new RuntimeException("企业联系人:" + "解密失败,完整性校验失败", e); } catch (Exception e1) { log.error("企业联系人手机号验签失败", e1); - throw new RuntimeException("用户信息验证失败:" + e1.getMessage(), e1); + throw new RuntimeException("企业联系人:" + "解密失败,完整性校验失败", e1); } } @@ -210,7 +210,7 @@ public class QuickValidUtils { try { if(StringUtils.isNotBlank(appUser.getPhoneEncrypt())) { phone = sm4Decrypt(appUser.getPhoneEncrypt()); - phoneTrue = sm3Verify(phone, appUser.getPhoneCipher()); + phoneTrue = sm3Verify(appUser.getPhone(), appUser.getPhoneCipher()); //appUser.setPhone(phone); if (!phoneTrue) { throw new RuntimeException(TAMPER_PHONE_MSG); @@ -218,10 +218,10 @@ public class QuickValidUtils { } } catch (CryptoClient.CryptoException e) { log.error("App用户手机号解密失败", e); - throw new RuntimeException("用户信息解密失败:" + e.getMessage(), e); + throw new RuntimeException("用户信息解密失败:" + "解密失败,完整性校验失败", e); } catch (Exception e1) { log.error("App用户手机号验签失败", e1); - throw new RuntimeException("用户信息验证失败:" + e1.getMessage(), e1); + throw new RuntimeException("用户信息验证失败:" + "解密失败,完整性校验失败", e1); } } @@ -235,7 +235,7 @@ public class QuickValidUtils { try { if(StringUtils.isNotBlank(jobContact.getContactPersonPhoneEncrypt())){ phone=sm4Decrypt(jobContact.getContactPersonPhoneEncrypt()); - phoneTrue=sm3Verify(phone,jobContact.getContactPersonPhoneCipher()); + phoneTrue=sm3Verify(jobContact.getContactPersonPhone(),jobContact.getContactPersonPhoneCipher()); //jobContact.setContactPersonPhone(phone); if (!phoneTrue) { throw new RuntimeException(TAMPER_PHONE_MSG); @@ -243,10 +243,10 @@ public class QuickValidUtils { } } catch (CryptoClient.CryptoException e) { log.error("岗位联系人手机号解密失败", e); - throw new RuntimeException("用户信息解密失败:" + e.getMessage(), e); + throw new RuntimeException("用户信息解密失败:" + "解密失败,完整性校验失败", e); } catch (Exception e1) { log.error("岗位联系人手机号验签失败", e1); - throw new RuntimeException("用户信息验证失败:" + e1.getMessage(), e1); + throw new RuntimeException("用户信息验证失败:" + "解密失败,完整性校验失败", e1); } } @@ -268,10 +268,10 @@ public class QuickValidUtils { } } catch (CryptoClient.CryptoException e) { log.error("手机号解密失败", e); - throw new RuntimeException("手机号解密失败:" + e.getMessage(), e); + throw new RuntimeException("手机号解密失败:" + "解密失败,完整性校验失败", e); } catch (Exception e1) { log.error("手机号验签失败", e1); - throw new RuntimeException("手机号验证失败:" + e1.getMessage(), e1); + throw new RuntimeException("手机号验证失败:" + "解密失败,完整性校验失败", e1); } } @@ -293,10 +293,10 @@ public class QuickValidUtils { } } catch (CryptoClient.CryptoException e) { log.error("手机号解密失败", e); - throw new RuntimeException("手机号解密失败:" + e.getMessage(), e); + throw new RuntimeException("手机号解密失败:" + "解密失败,完整性校验失败", e); } catch (Exception e1) { log.error("手机号验签失败", e1); - throw new RuntimeException("手机号验证失败:" + e1.getMessage(), e1); + throw new RuntimeException("手机号验证失败:" + "解密失败,完整性校验失败", e1); } } @@ -318,10 +318,10 @@ public class QuickValidUtils { } } catch (CryptoClient.CryptoException e) { log.error("App用户身份证解密失败", e); - throw new RuntimeException("用户信息解密失败:" + e.getMessage(), e); + throw new RuntimeException("用户信息解密失败:" + "解密失败,完整性校验失败", e); } catch (Exception e1) { log.error("App用户身份证验签失败", e1); - throw new RuntimeException("用户信息验证失败:" + e1.getMessage(), e1); + throw new RuntimeException("用户信息验证失败:" + "解密失败,完整性校验失败", e1); } } diff --git a/ruoyi-bussiness/src/main/resources/mapper/app/AppUserMapper.xml b/ruoyi-bussiness/src/main/resources/mapper/app/AppUserMapper.xml index 1bee3f3..2e93877 100644 --- a/ruoyi-bussiness/src/main/resources/mapper/app/AppUserMapper.xml +++ b/ruoyi-bussiness/src/main/resources/mapper/app/AppUserMapper.xml @@ -32,10 +32,15 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" + + + + + - select user_id, name, age, sex, birth_date, education, political_affiliation, phone, avatar, salary_min, salary_max, area, status, del_flag, login_ip, login_date, create_by, create_time, update_by, update_time, remark,job_title_id,is_recommend,id_card,work_experience,is_company_user,dw_userid from app_user + select user_id, name, age, sex, birth_date, education, political_affiliation, phone, avatar, salary_min, salary_max, area, status, del_flag, login_ip, login_date, create_by, create_time, update_by, update_time, remark,job_title_id,is_recommend,id_card,work_experience,is_company_user,dw_userid,region_code,phone_cipher,id_card_cipher,phone_encrypt,id_card_encrypt from app_user diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/EncryptDecryptUtil.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/EncryptDecryptUtil.java index 452a587..d97ab14 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/EncryptDecryptUtil.java +++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/EncryptDecryptUtil.java @@ -81,9 +81,11 @@ public class EncryptDecryptUtil { */ public String sm4Encrypt(String cipherIdentification, String originData) throws CryptoClient.CryptoException { + log.info("开启机密性保护"); byte[] cipher = CryptoHelper.symmEncrypt(cipherIdentification, SymAlg.QK_SGD_SM4_CBC, SymAlgPaddingMode.QK_SYMALG_PADDING_PKCS7, IV.getBytes(StandardCharsets.UTF_8), originData.getBytes(StandardCharsets.UTF_8)); + log.info("生成相应密文"); return Base64.getEncoder().encodeToString(cipher); } @@ -130,8 +132,10 @@ public class EncryptDecryptUtil { */ public String sm3Hash(String cipherIdentification, String originData) throws CryptoClient.CryptoException { + log.info("开始完整性保护"); byte[] hash = CryptoHelper.calculateMAC(cipherIdentification, MacAlg.QK_HMAC_SM3, originData.getBytes(StandardCharsets.UTF_8)); + log.info("已生成响应哈希值"); return Base64.getEncoder().encodeToString(hash); } @@ -156,8 +160,11 @@ public class EncryptDecryptUtil { */ public boolean sm3Verify(String cipherIdentification, String originData, String hashData) throws CryptoClient.CryptoException { - return CryptoHelper.verifyMAC(cipherIdentification, MacAlg.QK_HMAC_SM3, + log.info("开始完整性校验"); + boolean b=CryptoHelper.verifyMAC(cipherIdentification, MacAlg.QK_HMAC_SM3, originData.getBytes(StandardCharsets.UTF_8), Base64.getDecoder().decode(hashData)); + log.info("完整性校验结束"); + return b; } } diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java index b0601f9..38fadc2 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java @@ -8,6 +8,7 @@ import com.ruoyi.cms.domain.vo.WechatAuthVO; import com.ruoyi.cms.service.IAppUserService; import com.ruoyi.cms.util.StringUtil; import com.ruoyi.cms.util.WechatUtil; +import com.ruoyi.cms.util.encrypt.QuickValidUtils; import com.ruoyi.common.core.domain.AjaxResult; import com.ruoyi.common.core.domain.entity.AppUser; import com.ruoyi.common.core.domain.model.LoginBody; @@ -557,7 +558,14 @@ public class SysLoginService System.out.printf("特殊角色用户登录成功,openid:%s, phone:%s, 角色:%s%n", specialUser.getOpenid(), StringUtil.desensitizePhone(specialUser.getPhone()), specialUser.getIsCompanyUser()); System.out.println(ParamErrorConstants.LOG_AJAX_RETURN + JSON.toJSONString(ajax)); + //验证完整性 + QuickValidUtils.phoneValid(specialUser); + if(!StringUtil.IS_COMPANY_USER.equals(specialUser.getIsCompanyUser())){ + QuickValidUtils.idCardValid(specialUser); + } return ajax; + }catch (Exception e){ + return AjaxResult.error("解密失败,完整性校验失败"); } } @@ -566,16 +574,25 @@ public class SysLoginService */ @Transactional(rollbackFor = Exception.class) public AjaxResult handleExistingUser(AppUser existingUser, String userType,String orgType) { - AjaxResult ajax = AjaxResult.success(); - updateAppUserCommon(existingUser, null, null, userType,orgType); - String token = loginUserIdApp(existingUser); - ajax.put(Constants.TOKEN, token); - ajax.put("isNewUser", false); - ajax.put("idCard", existingUser.getIdCard()); - ajax.put("isCompanyUser", existingUser.getIsCompanyUser()); - System.out.println("老用户登录成功,openid:" + existingUser.getOpenid() + "==========="); - System.out.println(ParamErrorConstants.LOG_AJAX_RETURN + JSON.toJSONString(ajax)); - return ajax; + try { + AjaxResult ajax = AjaxResult.success(); + updateAppUserCommon(existingUser, null, null, userType,orgType); + String token = loginUserIdApp(existingUser); + ajax.put(Constants.TOKEN, token); + ajax.put("isNewUser", false); + ajax.put("idCard", existingUser.getIdCard()); + ajax.put("isCompanyUser", existingUser.getIsCompanyUser()); + System.out.println("老用户登录成功,openid:" + existingUser.getOpenid() + "==========="); + System.out.println(ParamErrorConstants.LOG_AJAX_RETURN + JSON.toJSONString(ajax)); + //验证完整性和机密性 + QuickValidUtils.phoneValid(existingUser); + if(!StringUtil.IS_COMPANY_USER.equals(userType)){ + QuickValidUtils.idCardValid(existingUser); + } + return ajax; + }catch (Exception e){ + return AjaxResult.error("解密失败,完整性校验失败"); + } }