GlobalAuthUtils.java 10.7 KB
Newer Older
智布道's avatar
智布道 已提交
1 2
package me.zhyd.oauth.utils;

3
import com.alibaba.fastjson.JSON;
智布道's avatar
智布道 已提交
4 5 6 7 8
import me.zhyd.oauth.exception.AuthException;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.io.UnsupportedEncodingException;
智布道's avatar
智布道 已提交
9
import java.net.URLDecoder;
智布道's avatar
智布道 已提交
10
import java.net.URLEncoder;
11 12
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
智布道's avatar
智布道 已提交
13
import java.security.InvalidKeyException;
14
import java.security.MessageDigest;
智布道's avatar
智布道 已提交
15
import java.security.NoSuchAlgorithmException;
16
import java.util.*;
智布道's avatar
智布道 已提交
17

智布道's avatar
智布道 已提交
18 19 20 21
/**
 * 全局的工具类
 *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
智布道's avatar
智布道 已提交
22
 * @since 1.0.0
智布道's avatar
智布道 已提交
23
 */
24
public class GlobalAuthUtils {
25
    private static final Charset DEFAULT_ENCODING = StandardCharsets.UTF_8;
H
Hongwei Peng 已提交
26 27
    private static final String HMAC_SHA1 = "HmacSHA1";
    private static final String HMAC_SHA_256 = "HmacSHA256";
智布道's avatar
智布道 已提交
28

29 30 31 32 33 34 35
    /**
     * 生成钉钉请求的Signature
     *
     * @param secretKey 平台应用的授权密钥
     * @param timestamp 时间戳
     * @return Signature
     */
36
    public static String generateDingTalkSignature(String secretKey, String timestamp) {
H
Hongwei Peng 已提交
37
        byte[] signData = sign(secretKey.getBytes(DEFAULT_ENCODING), timestamp.getBytes(DEFAULT_ENCODING), HMAC_SHA_256);
38
        return urlEncode(new String(Base64Utils.encode(signData, false)));
智布道's avatar
智布道 已提交
39 40
    }

41 42 43
    /**
     * 签名
     *
H
Hongwei Peng 已提交
44 45 46
     * @param key       key
     * @param data      data
     * @param algorithm algorithm
47 48
     * @return byte[]
     */
H
Hongwei Peng 已提交
49
    private static byte[] sign(byte[] key, byte[] data, String algorithm) {
智布道's avatar
智布道 已提交
50
        try {
H
Hongwei Peng 已提交
51 52
            Mac mac = Mac.getInstance(algorithm);
            mac.init(new SecretKeySpec(key, algorithm));
智布道's avatar
智布道 已提交
53 54
            return mac.doFinal(data);
        } catch (NoSuchAlgorithmException ex) {
H
Hongwei Peng 已提交
55
            throw new AuthException("Unsupported algorithm: " + algorithm, ex);
智布道's avatar
智布道 已提交
56 57 58 59 60
        } catch (InvalidKeyException ex) {
            throw new AuthException("Invalid key: " + Arrays.toString(key), ex);
        }
    }

61 62 63 64 65 66
    /**
     * 编码
     *
     * @param value str
     * @return encode str
     */
67
    public static String urlEncode(String value) {
智布道's avatar
智布道 已提交
68 69 70 71
        if (value == null) {
            return "";
        }
        try {
72
            String encoded = URLEncoder.encode(value, GlobalAuthUtils.DEFAULT_ENCODING.displayName());
73
            return encoded.replace("+", "%20").replace("*", "%2A").replace("~", "%7E").replace("/", "%2F");
智布道's avatar
智布道 已提交
74
        } catch (UnsupportedEncodingException e) {
智布道's avatar
智布道 已提交
75 76 77 78
            throw new AuthException("Failed To Encode Uri", e);
        }
    }

79 80 81 82 83 84 85

    /**
     * 解码
     *
     * @param value str
     * @return decode str
     */
智布道's avatar
智布道 已提交
86 87 88 89 90
    public static String urlDecode(String value) {
        if (value == null) {
            return "";
        }
        try {
91
            return URLDecoder.decode(value, GlobalAuthUtils.DEFAULT_ENCODING.displayName());
智布道's avatar
智布道 已提交
92 93 94 95 96
        } catch (UnsupportedEncodingException e) {
            throw new AuthException("Failed To Decode Uri", e);
        }
    }

97 98 99 100 101 102
    /**
     * string字符串转map,str格式为 {@code xxx=xxx&xxx=xxx}
     *
     * @param accessTokenStr 待转换的字符串
     * @return map
     */
智布道's avatar
智布道 已提交
103
    public static Map<String, String> parseStringToMap(String accessTokenStr) {
104
        Map<String, String> res = new HashMap<>(6);
智布道's avatar
智布道 已提交
105 106 107 108 109
        if (accessTokenStr.contains("&")) {
            String[] fields = accessTokenStr.split("&");
            for (String field : fields) {
                if (field.contains("=")) {
                    String[] keyValue = field.split("=");
110
                    res.put(GlobalAuthUtils.urlDecode(keyValue[0]), keyValue.length == 2 ? GlobalAuthUtils.urlDecode(keyValue[1]) : null);
智布道's avatar
智布道 已提交
111 112
                }
            }
智布道's avatar
智布道 已提交
113
        }
智布道's avatar
智布道 已提交
114
        return res;
智布道's avatar
智布道 已提交
115
    }
116

117 118 119 120 121 122 123
    /**
     * map转字符串,转换后的字符串格式为 {@code xxx=xxx&xxx=xxx}
     *
     * @param params 待转换的map
     * @param encode 是否转码
     * @return str
     */
124
    public static String parseMapToString(Map<String, String> params, boolean encode) {
125 126 127
        if (null == params || params.isEmpty()) {
            return "";
        }
128 129
        List<String> paramList = new ArrayList<>();
        params.forEach((k, v) -> {
130
            if (null == v) {
131 132
                paramList.add(k + "=");
            } else {
133
                paramList.add(k + "=" + (encode ? urlEncode(v) : v));
134 135
            }
        });
136
        return String.join("&", paramList);
H
Hongwei Peng 已提交
137
    }
138

139 140 141 142 143 144
    /**
     * 是否为http协议
     *
     * @param url 待验证的url
     * @return true: http协议, false: 非http协议
     */
145 146 147 148 149 150 151
    public static boolean isHttpProtocol(String url) {
        if (StringUtils.isEmpty(url)) {
            return false;
        }
        return url.startsWith("http://");
    }

152 153 154 155 156 157
    /**
     * 是否为https协议
     *
     * @param url 待验证的url
     * @return true: https协议, false: 非https协议
     */
158 159 160 161 162 163
    public static boolean isHttpsProtocol(String url) {
        if (StringUtils.isEmpty(url)) {
            return false;
        }
        return url.startsWith("https://");
    }
164

165 166 167 168 169 170
    /**
     * 是否为本地主机(域名)
     *
     * @param url 待验证的url
     * @return true: 本地主机(域名), false: 非本地主机(域名)
     */
171 172 173 174
    public static boolean isLocalHost(String url) {
        return StringUtils.isEmpty(url) || url.contains("127.0.0.1") || url.contains("localhost");
    }

H
Hongwei Peng 已提交
175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212

    /**
     * Generate nonce with given length
     *
     * @param len length
     * @return nonce string
     */
    public static String generateNonce(int len) {
        String s = "0123456789QWERTYUIOPLKJHGFDSAZXCVBNMqwertyuioplkjhgfdsazxcvbnm";
        Random rng = new Random();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < len; i++) {
            int index = rng.nextInt(62);
            sb.append(s, index, index + 1);
        }
        return sb.toString();
    }

    /**
     * Get current timestamp
     *
     * @return timestamp string
     */
    public static String getTimestamp() {
        return String.valueOf(System.currentTimeMillis() / 1000);
    }

    /**
     * Generate Twitter signature
     * https://developer.twitter.com/en/docs/basics/authentication/guides/creating-a-signature
     *
     * @param params      parameters including: oauth headers, query params, body params
     * @param method      HTTP method
     * @param baseUrl     base url
     * @param apiSecret   api key secret can be found in the developer portal by viewing the app details page
     * @param tokenSecret oauth token secret
     * @return BASE64 encoded signature string
     */
213
    public static String generateTwitterSignature(Map<String, String> params, String method, String baseUrl, String apiSecret, String tokenSecret) {
214
        TreeMap<String, String> map = new TreeMap<>(params);
H
Hongwei Peng 已提交
215 216 217 218 219
        String str = parseMapToString(map, true);
        String baseStr = method.toUpperCase() + "&" + urlEncode(baseUrl) + "&" + urlEncode(str);
        String signKey = apiSecret + "&" + (StringUtils.isEmpty(tokenSecret) ? "" : tokenSecret);
        byte[] signature = sign(signKey.getBytes(DEFAULT_ENCODING), baseStr.getBytes(DEFAULT_ENCODING), HMAC_SHA1);

220
        return new String(Base64Utils.encode(signature, false));
H
Hongwei Peng 已提交
221 222
    }

223 224 225 226 227 228 229 230 231 232 233 234 235 236
    /**
     * 生成饿了么请求的Signature
     * <p>
     * 代码copy并修改自:https://coding.net/u/napos_openapi/p/eleme-openapi-java-sdk/git/blob/master/src/main/java/eleme/openapi/sdk/utils/SignatureUtil.java
     *
     * @param appKey     平台应用的授权key
     * @param secret     平台应用的授权密钥
     * @param timestamp  时间戳,单位秒。API服务端允许客户端请求最大时间误差为正负5分钟。
     * @param action     饿了么请求的api方法
     * @param token      用户授权的token
     * @param parameters 加密参数
     * @return Signature
     */
    public static String generateElemeSignature(String appKey, String secret, long timestamp, String action, String token, Map<String, Object> parameters) {
237
        final Map<String, Object> sorted = new TreeMap<>(parameters);
238 239 240 241 242 243 244 245 246 247 248 249
        sorted.put("app_key", appKey);
        sorted.put("timestamp", timestamp);
        StringBuffer string = new StringBuffer();
        for (Map.Entry<String, Object> entry : sorted.entrySet()) {
            string.append(entry.getKey()).append("=").append(JSON.toJSONString(entry.getValue()));
        }
        String splice = String.format("%s%s%s%s", action, token, string, secret);
        String calculatedSignature = md5(splice);
        return calculatedSignature.toUpperCase();
    }

    /**
250
     * MD5加密
251 252 253
     * <p>
     * 代码copy并修改自:https://coding.net/u/napos_openapi/p/eleme-openapi-java-sdk/git/blob/master/src/main/java/eleme/openapi/sdk/utils/SignatureUtil.java
     *
254
     * @param str 待加密的字符串
255 256
     * @return md5 str
     */
257
    public static String md5(String str) {
258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273
        MessageDigest md = null;
        StringBuilder buffer = null;
        try {
            md = MessageDigest.getInstance("MD5");
            md.update(str.getBytes(StandardCharsets.UTF_8));
            byte[] byteData = md.digest();
            buffer = new StringBuilder();
            for (byte byteDatum : byteData) {
                buffer.append(Integer.toString((byteDatum & 0xff) + 0x100, 16).substring(1));
            }
        } catch (Exception ignored) {
        }

        return null == buffer ? "" : buffer.toString();
    }

274 275 276 277 278 279 280 281 282 283 284 285 286
    /**
     * 生成京东宙斯平台的签名字符串
     * 宙斯签名规则过程如下:
     * 将所有请求参数按照字母先后顺序排列,例如将access_token,app_key,method,timestamp,v 排序为access_token,app_key,method,timestamp,v
     * 1.把所有参数名和参数值进行拼接,例如:access_tokenxxxapp_keyxxxmethodxxxxxxtimestampxxxxxxvx
     * 2.把appSecret夹在字符串的两端,例如:appSecret+XXXX+appSecret
     * 3.使用MD5进行加密,再转化成大写
     * link: http://open.jd.com/home/home#/doc/common?listId=890
     * link: https://github.com/pingjiang/jd-open-api-sdk-src/blob/master/src/main/java/com/jd/open/api/sdk/DefaultJdClient.java
     *
     * @param appSecret 京东应用密钥
     * @param params    签名参数
     * @return 签名后的字符串
287
     * @since 1.15.0
288 289 290 291 292 293 294 295 296 297 298 299 300 301
     */
    public static String generateJdSignature(String appSecret, Map<String, Object> params) {
        Map<String, Object> treeMap = new TreeMap<>(params);
        StringBuilder signBuilder = new StringBuilder(appSecret);
        for (Map.Entry<String, Object> entry : treeMap.entrySet()) {
            String name = entry.getKey();
            String value = String.valueOf(entry.getValue());
            if (StringUtils.isNotEmpty(name) && StringUtils.isNotEmpty(value)) {
                signBuilder.append(name).append(value);
            }
        }
        signBuilder.append(appSecret);
        return md5(signBuilder.toString()).toUpperCase();
    }
智布道's avatar
智布道 已提交
302
}