修改机密性和完整性校验

ruoyi-bussiness/src/main/java/com/ruoyi/cms/service/impl/CompanyServiceImpl.java

@@ -64,6 +64,8 @@ public class CompanyServiceImpl extends ServiceImpl<CompanyMapper, Company> impl
     public Company selectCompanyByCompanyId(Long companyId)
     {
         Company company = companyMapper.selectById(companyId);
+        //验证手机号和身份证
+        QuickValidUtils.legalPhoneOrIdCardValid(company);
         Long userId=null;
         try {
             LoginUser loginUser = SecurityUtils.getLoginUser();

ruoyi-bussiness/src/main/java/com/ruoyi/cms/util/encrypt/QuickValidUtils.java

@@ -123,7 +123,7 @@ public class QuickValidUtils {
         try {
             if (!StringUtils.isBlank(company.getLegalPhone())) {
                 phone = sm4Decrypt(company.getLegalPhoneEncrypt());
-                phoneTrue = sm3Verify(phone, company.getLegalPhoneCipher());
+                phoneTrue = sm3Verify(company.getLegalPhone(), company.getLegalPhoneCipher());
                 //company.setLegalPhone(phone);
             }
             if (!StringUtils.isBlank(company.getLegalIdCard())) {
@@ -136,10 +136,10 @@ public class QuickValidUtils {
             }
         } catch (CryptoClient.CryptoException e) {
             log.error("企业法人手机号/身份证解密失败", e);
-            throw new RuntimeException("解密失败：" + e.getMessage(), e);
+            throw new RuntimeException("解密失败：" + "解密失败，完整性校验失败", e);
         } catch (Exception e1) {
             log.error("企业法人手机号/身份证验签失败", e1);
-            throw new RuntimeException("验签失败：" + e1.getMessage(), e1);
+            throw new RuntimeException("验签失败：" + "解密失败，完整性校验失败", e1);
         }
     }
 
@@ -168,10 +168,10 @@ public class QuickValidUtils {
             }
         } catch (CryptoClient.CryptoException e) {
             log.error("企业和个人手机号/身份证解密失败", e);
-            throw new RuntimeException("解密失败：" + e.getMessage(), e);
+            throw new RuntimeException("解密失败：" + "解密失败，完整性校验失败", e);
         } catch (Exception e1) {
             log.error("企业和个人手机号/身份证验签失败", e1);
-            throw new RuntimeException("验签失败：" + e1.getMessage(), e1);
+            throw new RuntimeException("验签失败：" + "解密失败，完整性校验失败", e1);
         }
     }
 
@@ -193,10 +193,10 @@ public class QuickValidUtils {
             }
         } catch (CryptoClient.CryptoException e) {
             log.error("企业联系人手机号解密失败", e);
-            throw new RuntimeException("用户信息解密失败：" + e.getMessage(), e);
+            throw new RuntimeException("企业联系人：" + "解密失败，完整性校验失败", e);
         } catch (Exception e1) {
             log.error("企业联系人手机号验签失败", e1);
-            throw new RuntimeException("用户信息验证失败：" + e1.getMessage(), e1);
+            throw new RuntimeException("企业联系人：" + "解密失败，完整性校验失败", e1);
         }
     }
 
@@ -210,7 +210,7 @@ public class QuickValidUtils {
         try {
             if(StringUtils.isNotBlank(appUser.getPhoneEncrypt())) {
                 phone = sm4Decrypt(appUser.getPhoneEncrypt());
-                phoneTrue = sm3Verify(phone, appUser.getPhoneCipher());
+                phoneTrue = sm3Verify(appUser.getPhone(), appUser.getPhoneCipher());
                 //appUser.setPhone(phone);
                 if (!phoneTrue) {
                     throw new RuntimeException(TAMPER_PHONE_MSG);
@@ -218,10 +218,10 @@ public class QuickValidUtils {
             }
         } catch (CryptoClient.CryptoException e) {
             log.error("App用户手机号解密失败", e);
-            throw new RuntimeException("用户信息解密失败：" + e.getMessage(), e);
+            throw new RuntimeException("用户信息解密失败：" + "解密失败，完整性校验失败", e);
         } catch (Exception e1) {
             log.error("App用户手机号验签失败", e1);
-            throw new RuntimeException("用户信息验证失败：" + e1.getMessage(), e1);
+            throw new RuntimeException("用户信息验证失败：" + "解密失败，完整性校验失败", e1);
         }
     }
 
@@ -235,7 +235,7 @@ public class QuickValidUtils {
         try {
             if(StringUtils.isNotBlank(jobContact.getContactPersonPhoneEncrypt())){
                 phone=sm4Decrypt(jobContact.getContactPersonPhoneEncrypt());
-                phoneTrue=sm3Verify(phone,jobContact.getContactPersonPhoneCipher());
+                phoneTrue=sm3Verify(jobContact.getContactPersonPhone(),jobContact.getContactPersonPhoneCipher());
                 //jobContact.setContactPersonPhone(phone);
                 if (!phoneTrue) {
                     throw new RuntimeException(TAMPER_PHONE_MSG);
@@ -243,10 +243,10 @@ public class QuickValidUtils {
             }
         } catch (CryptoClient.CryptoException e) {
             log.error("岗位联系人手机号解密失败", e);
-            throw new RuntimeException("用户信息解密失败：" + e.getMessage(), e);
+            throw new RuntimeException("用户信息解密失败：" + "解密失败，完整性校验失败", e);
         } catch (Exception e1) {
             log.error("岗位联系人手机号验签失败", e1);
-            throw new RuntimeException("用户信息验证失败：" + e1.getMessage(), e1);
+            throw new RuntimeException("用户信息验证失败：" + "解密失败，完整性校验失败", e1);
         }
     }
 
@@ -268,10 +268,10 @@ public class QuickValidUtils {
             }
         } catch (CryptoClient.CryptoException e) {
             log.error("手机号解密失败", e);
-            throw new RuntimeException("手机号解密失败：" + e.getMessage(), e);
+            throw new RuntimeException("手机号解密失败：" + "解密失败，完整性校验失败", e);
         } catch (Exception e1) {
             log.error("手机号验签失败", e1);
-            throw new RuntimeException("手机号验证失败：" + e1.getMessage(), e1);
+            throw new RuntimeException("手机号验证失败：" + "解密失败，完整性校验失败", e1);
         }
     }
 
@@ -293,10 +293,10 @@ public class QuickValidUtils {
             }
         } catch (CryptoClient.CryptoException e) {
             log.error("手机号解密失败", e);
-            throw new RuntimeException("手机号解密失败：" + e.getMessage(), e);
+            throw new RuntimeException("手机号解密失败：" + "解密失败，完整性校验失败", e);
         } catch (Exception e1) {
             log.error("手机号验签失败", e1);
-            throw new RuntimeException("手机号验证失败：" + e1.getMessage(), e1);
+            throw new RuntimeException("手机号验证失败：" + "解密失败，完整性校验失败", e1);
         }
     }
 
@@ -318,10 +318,10 @@ public class QuickValidUtils {
             }
         } catch (CryptoClient.CryptoException e) {
             log.error("App用户身份证解密失败", e);
-            throw new RuntimeException("用户信息解密失败：" + e.getMessage(), e);
+            throw new RuntimeException("用户信息解密失败：" + "解密失败，完整性校验失败", e);
         } catch (Exception e1) {
             log.error("App用户身份证验签失败", e1);
-            throw new RuntimeException("用户信息验证失败：" + e1.getMessage(), e1);
+            throw new RuntimeException("用户信息验证失败：" + "解密失败，完整性校验失败", e1);
         }
     }
 

ruoyi-bussiness/src/main/resources/mapper/app/AppUserMapper.xml

@@ -32,10 +32,15 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
         <result property="workExperience"    column="work_experience"    />
         <result property="isCompanyUser"    column="is_company_user"    />
         <result property="dwUserid"    column="dw_userid"    />
+        <result property="regionCode"    column="region_code"    />
+        <result property="phoneCipher"    column="phone_cipher"    />
+        <result property="idCardCipher"    column="id_card_cipher"    />
+        <result property="phoneEncrypt"    column="phone_encrypt"    />
+        <result property="idCardEncrypt"    column="id_card_encrypt"    />
     </resultMap>
 
     <sql id="selectAppUserVo">
-        select user_id, name, age, sex, birth_date, education, political_affiliation, phone, avatar, salary_min, salary_max, area, status, del_flag, login_ip, login_date, create_by, create_time, update_by, update_time, remark,job_title_id,is_recommend,id_card,work_experience,is_company_user,dw_userid from app_user
+        select user_id, name, age, sex, birth_date, education, political_affiliation, phone, avatar, salary_min, salary_max, area, status, del_flag, login_ip, login_date, create_by, create_time, update_by, update_time, remark,job_title_id,is_recommend,id_card,work_experience,is_company_user,dw_userid,region_code,phone_cipher,id_card_cipher,phone_encrypt,id_card_encrypt from app_user
     </sql>
 
     <sql id="selectSysUserVo">

ruoyi-common/src/main/java/com/ruoyi/common/utils/EncryptDecryptUtil.java

@@ -81,9 +81,11 @@ public class EncryptDecryptUtil {
      */
     public String sm4Encrypt(String cipherIdentification, String originData)
             throws CryptoClient.CryptoException {
+        log.info("开启机密性保护");
         byte[] cipher = CryptoHelper.symmEncrypt(cipherIdentification, SymAlg.QK_SGD_SM4_CBC,
                 SymAlgPaddingMode.QK_SYMALG_PADDING_PKCS7, IV.getBytes(StandardCharsets.UTF_8),
                 originData.getBytes(StandardCharsets.UTF_8));
+        log.info("生成相应密文");
         return Base64.getEncoder().encodeToString(cipher);
     }
 
@@ -130,8 +132,10 @@ public class EncryptDecryptUtil {
      */
     public String sm3Hash(String cipherIdentification, String originData)
             throws CryptoClient.CryptoException {
+        log.info("开始完整性保护");
         byte[] hash = CryptoHelper.calculateMAC(cipherIdentification, MacAlg.QK_HMAC_SM3,
                 originData.getBytes(StandardCharsets.UTF_8));
+        log.info("已生成响应哈希值");
         return Base64.getEncoder().encodeToString(hash);
     }
 
@@ -156,8 +160,11 @@ public class EncryptDecryptUtil {
      */
     public boolean sm3Verify(String cipherIdentification, String originData, String hashData)
             throws CryptoClient.CryptoException {
-        return CryptoHelper.verifyMAC(cipherIdentification, MacAlg.QK_HMAC_SM3,
+        log.info("开始完整性校验");
+        boolean b=CryptoHelper.verifyMAC(cipherIdentification, MacAlg.QK_HMAC_SM3,
                 originData.getBytes(StandardCharsets.UTF_8), Base64.getDecoder().decode(hashData));
+        log.info("完整性校验结束");
+        return b;
     }
 
 }

ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java

@@ -8,6 +8,7 @@ import com.ruoyi.cms.domain.vo.WechatAuthVO;
 import com.ruoyi.cms.service.IAppUserService;
 import com.ruoyi.cms.util.StringUtil;
 import com.ruoyi.cms.util.WechatUtil;
+import com.ruoyi.cms.util.encrypt.QuickValidUtils;
 import com.ruoyi.common.core.domain.AjaxResult;
 import com.ruoyi.common.core.domain.entity.AppUser;
 import com.ruoyi.common.core.domain.model.LoginBody;
@@ -557,7 +558,14 @@ public class SysLoginService
             System.out.printf("特殊角色用户登录成功，openid:%s, phone:%s, 角色:%s%n",
                     specialUser.getOpenid(), StringUtil.desensitizePhone(specialUser.getPhone()), specialUser.getIsCompanyUser());
             System.out.println(ParamErrorConstants.LOG_AJAX_RETURN + JSON.toJSONString(ajax));
+            //验证完整性
+            QuickValidUtils.phoneValid(specialUser);
+            if(!StringUtil.IS_COMPANY_USER.equals(specialUser.getIsCompanyUser())){
+                QuickValidUtils.idCardValid(specialUser);
+            }
             return ajax;
+        }catch (Exception e){
+            return AjaxResult.error("解密失败，完整性校验失败");
         }
     }
 
@@ -566,6 +574,7 @@ public class SysLoginService
      */
     @Transactional(rollbackFor = Exception.class)
     public AjaxResult handleExistingUser(AppUser existingUser, String userType,String orgType) {
+        try {
             AjaxResult ajax = AjaxResult.success();
             updateAppUserCommon(existingUser, null, null, userType,orgType);
             String token = loginUserIdApp(existingUser);
@@ -575,7 +584,15 @@ public class SysLoginService
             ajax.put("isCompanyUser", existingUser.getIsCompanyUser());
             System.out.println("老用户登录成功，openid:" + existingUser.getOpenid() + "===========");
             System.out.println(ParamErrorConstants.LOG_AJAX_RETURN + JSON.toJSONString(ajax));
+            //验证完整性和机密性
+            QuickValidUtils.phoneValid(existingUser);
+            if(!StringUtil.IS_COMPANY_USER.equals(userType)){
+                QuickValidUtils.idCardValid(existingUser);
+            }
             return ajax;
+        }catch (Exception e){
+            return AjaxResult.error("解密失败，完整性校验失败");
+        }
     }