修改机密性和完整性校验

2026-04-07 18:26:41 +08:00
parent 5cfa574f0b
commit a1b880f817
5 changed files with 62 additions and 31 deletions
--- a/ruoyi-bussiness/src/main/java/com/ruoyi/cms/service/impl/CompanyServiceImpl.java
+++ b/ruoyi-bussiness/src/main/java/com/ruoyi/cms/service/impl/CompanyServiceImpl.java
@@ -64,6 +64,8 @@ public class CompanyServiceImpl extends ServiceImpl<CompanyMapper, Company> impl
    public Company selectCompanyByCompanyId(Long companyId)
    {
        Company company = companyMapper.selectById(companyId);
        //验证手机号和身份证
        QuickValidUtils.legalPhoneOrIdCardValid(company);
        Long userId=null;
        try {
            LoginUser loginUser = SecurityUtils.getLoginUser();
--- a/ruoyi-bussiness/src/main/java/com/ruoyi/cms/util/encrypt/QuickValidUtils.java
+++ b/ruoyi-bussiness/src/main/java/com/ruoyi/cms/util/encrypt/QuickValidUtils.java
@@ -123,7 +123,7 @@ public class QuickValidUtils {
        try {
            if (!StringUtils.isBlank(company.getLegalPhone())) {
                phone = sm4Decrypt(company.getLegalPhoneEncrypt());
-                phoneTrue = sm3Verify(phone, company.getLegalPhoneCipher());
+                phoneTrue = sm3Verify(company.getLegalPhone(), company.getLegalPhoneCipher());
                //company.setLegalPhone(phone);
            }
            if (!StringUtils.isBlank(company.getLegalIdCard())) {
@@ -136,10 +136,10 @@ public class QuickValidUtils {
            }
        } catch (CryptoClient.CryptoException e) {
            log.error("企业法人手机号/身份证解密失败", e);
-            throw new RuntimeException("解密失败：" + e.getMessage(), e);
+            throw new RuntimeException("解密失败：" + "解密失败，完整性校验失败", e);
        } catch (Exception e1) {
            log.error("企业法人手机号/身份证验签失败", e1);
-            throw new RuntimeException("验签失败：" + e1.getMessage(), e1);
+            throw new RuntimeException("验签失败：" + "解密失败，完整性校验失败", e1);
        }
    }
@@ -168,10 +168,10 @@ public class QuickValidUtils {
            }
        } catch (CryptoClient.CryptoException e) {
            log.error("企业和个人手机号/身份证解密失败", e);
-            throw new RuntimeException("解密失败：" + e.getMessage(), e);
+            throw new RuntimeException("解密失败：" + "解密失败，完整性校验失败", e);
        } catch (Exception e1) {
            log.error("企业和个人手机号/身份证验签失败", e1);
-            throw new RuntimeException("验签失败：" + e1.getMessage(), e1);
+            throw new RuntimeException("验签失败：" + "解密失败，完整性校验失败", e1);
        }
    }
@@ -193,10 +193,10 @@ public class QuickValidUtils {
            }
        } catch (CryptoClient.CryptoException e) {
            log.error("企业联系人手机号解密失败", e);
-            throw new RuntimeException("用户信息解密失败：" + e.getMessage(), e);
+            throw new RuntimeException("企业联系人：" + "解密失败，完整性校验失败", e);
        } catch (Exception e1) {
            log.error("企业联系人手机号验签失败", e1);
-            throw new RuntimeException("用户信息验证失败：" + e1.getMessage(), e1);
+            throw new RuntimeException("企业联系人：" + "解密失败，完整性校验失败", e1);
        }
    }
@@ -210,7 +210,7 @@ public class QuickValidUtils {
        try {
            if(StringUtils.isNotBlank(appUser.getPhoneEncrypt())) {
                phone = sm4Decrypt(appUser.getPhoneEncrypt());
-                phoneTrue = sm3Verify(phone, appUser.getPhoneCipher());
+                phoneTrue = sm3Verify(appUser.getPhone(), appUser.getPhoneCipher());
                //appUser.setPhone(phone);
                if (!phoneTrue) {
                    throw new RuntimeException(TAMPER_PHONE_MSG);
@@ -218,10 +218,10 @@ public class QuickValidUtils {
            }
        } catch (CryptoClient.CryptoException e) {
            log.error("App用户手机号解密失败", e);
-            throw new RuntimeException("用户信息解密失败：" + e.getMessage(), e);
+            throw new RuntimeException("用户信息解密失败：" + "解密失败，完整性校验失败", e);
        } catch (Exception e1) {
            log.error("App用户手机号验签失败", e1);
-            throw new RuntimeException("用户信息验证失败：" + e1.getMessage(), e1);
+            throw new RuntimeException("用户信息验证失败：" + "解密失败，完整性校验失败", e1);
        }
    }
@@ -235,7 +235,7 @@ public class QuickValidUtils {
        try {
            if(StringUtils.isNotBlank(jobContact.getContactPersonPhoneEncrypt())){
                phone=sm4Decrypt(jobContact.getContactPersonPhoneEncrypt());
-                phoneTrue=sm3Verify(phone,jobContact.getContactPersonPhoneCipher());
+                phoneTrue=sm3Verify(jobContact.getContactPersonPhone(),jobContact.getContactPersonPhoneCipher());
                //jobContact.setContactPersonPhone(phone);
                if (!phoneTrue) {
                    throw new RuntimeException(TAMPER_PHONE_MSG);
@@ -243,10 +243,10 @@ public class QuickValidUtils {
            }
        } catch (CryptoClient.CryptoException e) {
            log.error("岗位联系人手机号解密失败", e);
-            throw new RuntimeException("用户信息解密失败：" + e.getMessage(), e);
+            throw new RuntimeException("用户信息解密失败：" + "解密失败，完整性校验失败", e);
        } catch (Exception e1) {
            log.error("岗位联系人手机号验签失败", e1);
-            throw new RuntimeException("用户信息验证失败：" + e1.getMessage(), e1);
+            throw new RuntimeException("用户信息验证失败：" + "解密失败，完整性校验失败", e1);
        }
    }
@@ -268,10 +268,10 @@ public class QuickValidUtils {
            }
        } catch (CryptoClient.CryptoException e) {
            log.error("手机号解密失败", e);
-            throw new RuntimeException("手机号解密失败：" + e.getMessage(), e);
+            throw new RuntimeException("手机号解密失败：" + "解密失败，完整性校验失败", e);
        } catch (Exception e1) {
            log.error("手机号验签失败", e1);
-            throw new RuntimeException("手机号验证失败：" + e1.getMessage(), e1);
+            throw new RuntimeException("手机号验证失败：" + "解密失败，完整性校验失败", e1);
        }
    }
@@ -293,10 +293,10 @@ public class QuickValidUtils {
            }
        } catch (CryptoClient.CryptoException e) {
            log.error("手机号解密失败", e);
-            throw new RuntimeException("手机号解密失败：" + e.getMessage(), e);
+            throw new RuntimeException("手机号解密失败：" + "解密失败，完整性校验失败", e);
        } catch (Exception e1) {
            log.error("手机号验签失败", e1);
-            throw new RuntimeException("手机号验证失败：" + e1.getMessage(), e1);
+            throw new RuntimeException("手机号验证失败：" + "解密失败，完整性校验失败", e1);
        }
    }
@@ -318,10 +318,10 @@ public class QuickValidUtils {
            }
        } catch (CryptoClient.CryptoException e) {
            log.error("App用户身份证解密失败", e);
-            throw new RuntimeException("用户信息解密失败：" + e.getMessage(), e);
+            throw new RuntimeException("用户信息解密失败：" + "解密失败，完整性校验失败", e);
        } catch (Exception e1) {
            log.error("App用户身份证验签失败", e1);
-            throw new RuntimeException("用户信息验证失败：" + e1.getMessage(), e1);
+            throw new RuntimeException("用户信息验证失败：" + "解密失败，完整性校验失败", e1);
        }
    }
--- a/ruoyi-bussiness/src/main/resources/mapper/app/AppUserMapper.xml
+++ b/ruoyi-bussiness/src/main/resources/mapper/app/AppUserMapper.xml
@@ -32,10 +32,15 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
        <result property="workExperience"    column="work_experience"    />
        <result property="isCompanyUser"    column="is_company_user"    />
        <result property="dwUserid"    column="dw_userid"    />
        <result property="regionCode"    column="region_code"    />
        <result property="phoneCipher"    column="phone_cipher"    />
        <result property="idCardCipher"    column="id_card_cipher"    />
        <result property="phoneEncrypt"    column="phone_encrypt"    />
        <result property="idCardEncrypt"    column="id_card_encrypt"    />
    </resultMap>
    <sql id="selectAppUserVo">
-        select user_id, name, age, sex, birth_date, education, political_affiliation, phone, avatar, salary_min, salary_max, area, status, del_flag, login_ip, login_date, create_by, create_time, update_by, update_time, remark,job_title_id,is_recommend,id_card,work_experience,is_company_user,dw_userid from app_user
+        select user_id, name, age, sex, birth_date, education, political_affiliation, phone, avatar, salary_min, salary_max, area, status, del_flag, login_ip, login_date, create_by, create_time, update_by, update_time, remark,job_title_id,is_recommend,id_card,work_experience,is_company_user,dw_userid,region_code,phone_cipher,id_card_cipher,phone_encrypt,id_card_encrypt from app_user
    </sql>
    <sql id="selectSysUserVo">
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/EncryptDecryptUtil.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/EncryptDecryptUtil.java
@@ -81,9 +81,11 @@ public class EncryptDecryptUtil {
     */
    public String sm4Encrypt(String cipherIdentification, String originData)
            throws CryptoClient.CryptoException {
        log.info("开启机密性保护");
        byte[] cipher = CryptoHelper.symmEncrypt(cipherIdentification, SymAlg.QK_SGD_SM4_CBC,
                SymAlgPaddingMode.QK_SYMALG_PADDING_PKCS7, IV.getBytes(StandardCharsets.UTF_8),
                originData.getBytes(StandardCharsets.UTF_8));
        log.info("生成相应密文");
        return Base64.getEncoder().encodeToString(cipher);
    }
@@ -130,8 +132,10 @@ public class EncryptDecryptUtil {
     */
    public String sm3Hash(String cipherIdentification, String originData)
            throws CryptoClient.CryptoException {
        log.info("开始完整性保护");
        byte[] hash = CryptoHelper.calculateMAC(cipherIdentification, MacAlg.QK_HMAC_SM3,
                originData.getBytes(StandardCharsets.UTF_8));
        log.info("已生成响应哈希值");
        return Base64.getEncoder().encodeToString(hash);
    }
@@ -156,8 +160,11 @@ public class EncryptDecryptUtil {
     */
    public boolean sm3Verify(String cipherIdentification, String originData, String hashData)
            throws CryptoClient.CryptoException {
-        return CryptoHelper.verifyMAC(cipherIdentification, MacAlg.QK_HMAC_SM3,
+        log.info("开始完整性校验");
        boolean b=CryptoHelper.verifyMAC(cipherIdentification, MacAlg.QK_HMAC_SM3,
                originData.getBytes(StandardCharsets.UTF_8), Base64.getDecoder().decode(hashData));
        log.info("完整性校验结束");
        return b;
    }
 }
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java
@@ -8,6 +8,7 @@ import com.ruoyi.cms.domain.vo.WechatAuthVO;
 import com.ruoyi.cms.service.IAppUserService;
 import com.ruoyi.cms.util.StringUtil;
 import com.ruoyi.cms.util.WechatUtil;
 import com.ruoyi.cms.util.encrypt.QuickValidUtils;
 import com.ruoyi.common.core.domain.AjaxResult;
 import com.ruoyi.common.core.domain.entity.AppUser;
 import com.ruoyi.common.core.domain.model.LoginBody;
@@ -557,7 +558,14 @@ public class SysLoginService
            System.out.printf("特殊角色用户登录成功，openid:%s, phone:%s, 角色:%s%n",
                    specialUser.getOpenid(), StringUtil.desensitizePhone(specialUser.getPhone()), specialUser.getIsCompanyUser());
            System.out.println(ParamErrorConstants.LOG_AJAX_RETURN + JSON.toJSONString(ajax));
            //验证完整性
            QuickValidUtils.phoneValid(specialUser);
            if(!StringUtil.IS_COMPANY_USER.equals(specialUser.getIsCompanyUser())){
                QuickValidUtils.idCardValid(specialUser);
            }
            return ajax;
        }catch (Exception e){
            return AjaxResult.error("解密失败，完整性校验失败");
        }
    }
@@ -566,16 +574,25 @@ public class SysLoginService
     */
    @Transactional(rollbackFor = Exception.class)
    public AjaxResult handleExistingUser(AppUser existingUser, String userType,String orgType) {
-        AjaxResult ajax = AjaxResult.success();
+        try {
-        updateAppUserCommon(existingUser, null, null, userType,orgType);
+            AjaxResult ajax = AjaxResult.success();
-        String token = loginUserIdApp(existingUser);
+            updateAppUserCommon(existingUser, null, null, userType,orgType);
-        ajax.put(Constants.TOKEN, token);
+            String token = loginUserIdApp(existingUser);
-        ajax.put("isNewUser", false);
+            ajax.put(Constants.TOKEN, token);
-        ajax.put("idCard", existingUser.getIdCard());
+            ajax.put("isNewUser", false);
-        ajax.put("isCompanyUser", existingUser.getIsCompanyUser());
+            ajax.put("idCard", existingUser.getIdCard());
-        System.out.println("老用户登录成功，openid:" + existingUser.getOpenid() + "===========");
+            ajax.put("isCompanyUser", existingUser.getIsCompanyUser());
-        System.out.println(ParamErrorConstants.LOG_AJAX_RETURN + JSON.toJSONString(ajax));
+            System.out.println("老用户登录成功，openid:" + existingUser.getOpenid() + "===========");
-        return ajax;
+            System.out.println(ParamErrorConstants.LOG_AJAX_RETURN + JSON.toJSONString(ajax));
            //验证完整性和机密性
            QuickValidUtils.phoneValid(existingUser);
            if(!StringUtil.IS_COMPANY_USER.equals(userType)){
                QuickValidUtils.idCardValid(existingUser);
            }
            return ajax;
        }catch (Exception e){
            return AjaxResult.error("解密失败，完整性校验失败");
        }
    }