From 44aef5d3585f2112bf934084643c6c4355ed4bfe Mon Sep 17 00:00:00 2001
From: 648540858 <648540858@qq.com>
Date: 星期五, 01 九月 2023 09:19:25 +0800
Subject: [PATCH] Merge pull request #1043 from xu-bin-bin/wvp-28181-2.0

---
 src/main/java/com/genersoft/iot/vmp/conf/security/JwtUtils.java |   85 ++++++++++++++++++++++++++----------------
 1 files changed, 53 insertions(+), 32 deletions(-)

diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/JwtUtils.java b/src/main/java/com/genersoft/iot/vmp/conf/security/JwtUtils.java
index 05faba5..65e9de3 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/JwtUtils.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/JwtUtils.java
@@ -1,8 +1,10 @@
 package com.genersoft.iot.vmp.conf.security;
 
 import com.genersoft.iot.vmp.conf.security.dto.JwtUser;
-import org.jose4j.json.JsonUtil;
+import com.genersoft.iot.vmp.service.IUserService;
+import com.genersoft.iot.vmp.storager.dao.dto.User;
 import org.jose4j.jwk.RsaJsonWebKey;
+import org.jose4j.jwk.RsaJwkGenerator;
 import org.jose4j.jws.AlgorithmIdentifiers;
 import org.jose4j.jws.JsonWebSignature;
 import org.jose4j.jwt.JwtClaims;
@@ -14,45 +16,69 @@
 import org.jose4j.lang.JoseException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.stereotype.Component;
 
-import java.security.PrivateKey;
+import javax.annotation.Resource;
 import java.time.LocalDateTime;
 import java.time.ZoneOffset;
 
-public class JwtUtils {
+@Component
+public class JwtUtils implements InitializingBean {
 
     private static final Logger logger = LoggerFactory.getLogger(JwtUtils.class);
 
     private static final String HEADER = "access-token";
+
     private static final String AUDIENCE = "Audience";
 
-    private static final long EXPIRED_THRESHOLD = 10 * 60;
-
     private static final String keyId = "3e79646c4dbc408383a9eed09f2b85ae";
-    private static final String privateKeyStr = "{\"kty\":\"RSA\",\"kid\":\"3e79646c4dbc408383a9eed09f2b85ae\",\"alg\":\"RS256\",\"n\":\"gndmVdiOTSJ5et2HIeTM5f1m61x5ojLUi5HDfvr-jRrESQ5kbKuySGHVwR4QhwinpY1wQqBnwc80tx7cb_6SSqsTOoGln6T_l3k2Pb54ClVnGWiW_u1kmX78V2TZOsVmZmwtdZCMi-2zWIyAdIEXE-gncIehoAgEoq2VAhaCURbJWro_EwzzQwNmCTkDodLAx4npXRd_qSu0Ayp0txym9OFovBXBULRvk4DPiy3i_bPUmCDxzC46pTtFOe9p82uybTehZfULZtXXqRm85FL9n5zkrsTllPNAyEGhgb0RK9sE5nK1m_wNNysDyfLC4EFf1VXTrKm14XNVjc2vqLb7Mw\",\"e\":\"AQAB\",\"d\":\"ed7U_k3rJ4yTk70JtRSIfjKGiEb67BO1TabcymnljKO7RU8nage84zZYuSu_XpQsHk6P1f0Gzxkicghm_Er-FrfVn2pp70Xu52z3yRd6BJUgWLDFk97ngScIyw5OiULKU9SrZk2frDpftNCSUcIgb50F8m0QAnBa_CdPsQKbuuhLv8V8tBAV7F_lAwvSBgu56wRo3hPz5dWH8YeXM7XBfQ9viFMNEKd21sP_j5C7ueUnXT66nBxe3ZJEU3iuMYM6D6dB_KW2GfZC6WmTgvGhhxJD0h7aYmfjkD99MDleB7SkpbvoODOqiQ5Epb7Nyh6kv5u4KUv2CJYtATLZkUeMkQ\",\"p\":\"uBUjWPWtlGksmOqsqCNWksfqJvMcnP_8TDYN7e4-WnHL4N-9HjRuPDnp6kHvCIEi9SEfxm7gNxlRcWegvNQr3IZCz7TnCTexXc5NOklB9OavWFla6u-s3Thn6Tz45-EUjpJr0VJMxhO-KxGmuTwUXBBp4vN6K2qV6rQNFmgkWzk\",\"q\":\"tW_i7cCec56bHkhITL_79dXHz_PLC_f7xlynmlZJGU_d6mqOKmLBNBbTMLnYW8uAFiFzWxDeDHh1o5uF0mSQR-Z1Fg35OftnpbWpy0Cbc2la5WgXQjOwtG1eLYIY2BD3-wQ1VYDBCvowr4FDi-sngxwLqvwmrJ0xjhi99O-Gzcs\",\"dp\":\"q1d5jE85Hz_6M-eTh_lEluEf0NtPEc-vvhw-QO4V-cecNpbrCBdTWBmr4dE3NdpFeJc5ZVFEv-SACyei1MBEh0ItI_pFZi4BmMfy2ELh8ptaMMkTOESYyVy8U7veDq9RnBcr5i1Nqr0rsBkA77-9T6gzdvycBZdzLYAkAmwzEvk\",\"dq\":\"q29A2K08Crs-jmp2Bi8Q_8QzvIX6wSBbwZ4ir24AO-5_HNP56IrPS0yV2GCB0pqCOGb6_Hz_koDvhtuYoqdqvMVAtMoXR3YJBUaVXPt65p4RyNmFwIPe31zHs_BNUTsXVRMw4c16mci03-Af1sEm4HdLfxAp6sfM3xr5wcnhcek\",\"qi\":\"rHPgVTyHUHuYzcxfouyBfb1XAY8nshwn0ddo81o1BccD4Z7zo5It6SefDHjxCAbcmbiCcXBSooLcY-NF5FMv3fg19UE21VyLQltHcVjRRp2tRs4OHcM8yaXIU2x6N6Z6BP2tOksHb9MOBY1wAQzFOAKg_G4Sxev6-_6ud6RISuc\"}";
-    private static final String publicKeyStr = "{\"kty\":\"RSA\",\"kid\":\"3e79646c4dbc408383a9eed09f2b85ae\",\"alg\":\"RS256\",\"n\":\"gndmVdiOTSJ5et2HIeTM5f1m61x5ojLUi5HDfvr-jRrESQ5kbKuySGHVwR4QhwinpY1wQqBnwc80tx7cb_6SSqsTOoGln6T_l3k2Pb54ClVnGWiW_u1kmX78V2TZOsVmZmwtdZCMi-2zWIyAdIEXE-gncIehoAgEoq2VAhaCURbJWro_EwzzQwNmCTkDodLAx4npXRd_qSu0Ayp0txym9OFovBXBULRvk4DPiy3i_bPUmCDxzC46pTtFOe9p82uybTehZfULZtXXqRm85FL9n5zkrsTllPNAyEGhgb0RK9sE5nK1m_wNNysDyfLC4EFf1VXTrKm14XNVjc2vqLb7Mw\",\"e\":\"AQAB\"}";
 
     /**
      * token杩囨湡鏃堕棿(鍒嗛挓)
      */
     public static final long expirationTime = 30 * 24 * 60;
 
-    public static String createToken(String username, String password, Integer roleId) {
+    private static RsaJsonWebKey rsaJsonWebKey;
+
+    private static IUserService userService;
+
+    @Resource
+    public void setUserService(IUserService userService) {
+        JwtUtils.userService = userService;
+    }
+
+    @Override
+    public void afterPropertiesSet() {
         try {
-            /**
+            rsaJsonWebKey = generateRsaJsonWebKey();
+        } catch (JoseException e) {
+            logger.error("鐢熸垚RsaJsonWebKey鎶ラ敊銆�", e);
+        }
+    }
+
+    /**
+     * 鍒涘缓瀵嗛挜瀵�
+     * @throws JoseException JoseException
+     */
+    private RsaJsonWebKey generateRsaJsonWebKey() throws JoseException {
+        // 鐢熸垚涓�涓猂SA瀵嗛挜瀵癸紝璇ュ瘑閽ュ灏嗙敤浜嶫WT鐨勭鍚嶅拰楠岃瘉锛屽寘瑁呭湪JWK涓�
+        RsaJsonWebKey rsaJsonWebKey = RsaJwkGenerator.generateJwk(2048);
+        // 缁橨WK涓�涓瘑閽D
+        rsaJsonWebKey.setKeyId(keyId);
+        return rsaJsonWebKey;
+    }
+
+    public static String createToken(String username) {
+        try {
+            /*
              * 鈥渋ss鈥� (issuer)  鍙戣浜�
-             *
              * 鈥渟ub鈥� (subject)  涓婚
-             *
              * 鈥渁ud鈥� (audience) 鎺ユ敹鏂� 鐢ㄦ埛
-             *
              * 鈥渆xp鈥� (expiration time) 鍒版湡鏃堕棿
-             *
              * 鈥渘bf鈥� (not before)  鍦ㄦ涔嬪墠涓嶅彲鐢�
-             *
              * 鈥渋at鈥� (issued at)  jwt鐨勭鍙戞椂闂�
              */
-            //Payload
             JwtClaims claims = new JwtClaims();
             claims.setGeneratedJwtId();
             claims.setIssuedAtToNow();
@@ -62,9 +88,7 @@
             claims.setSubject("login");
             claims.setAudience(AUDIENCE);
             //娣诲姞鑷畾涔夊弬鏁�,蹇呴』鏄瓧绗︿覆绫诲瀷
-            claims.setClaim("username", username);
-            claims.setClaim("password", password);
-            claims.setClaim("roleId", roleId);
+            claims.setClaim("userName", username);
 
             //jws
             JsonWebSignature jws = new JsonWebSignature();
@@ -73,12 +97,10 @@
             jws.setKeyIdHeaderValue(keyId);
             jws.setPayload(claims.toJson());
 
-            PrivateKey privateKey = new RsaJsonWebKey(JsonUtil.parseJson(privateKeyStr)).getPrivateKey();
-            jws.setKey(privateKey);
+            jws.setKey(rsaJsonWebKey.getPrivateKey());
 
             //get token
-            String idToken = jws.getCompactSerialization();
-            return idToken;
+            return jws.getCompactSerialization();
         } catch (JoseException e) {
             logger.error("[Token鐢熸垚澶辫触]锛� {}", e.getMessage());
         }
@@ -89,7 +111,6 @@
     public static String getHeader() {
         return HEADER;
     }
-
 
     public static JwtUser verifyToken(String token) {
 
@@ -103,7 +124,7 @@
                     .setRequireSubject()
                     //.setExpectedIssuer("")
                     .setExpectedAudience(AUDIENCE)
-                    .setVerificationKey(new RsaJsonWebKey(JsonUtil.parseJson(publicKeyStr)).getPublicKey())
+                    .setVerificationKey(rsaJsonWebKey.getPublicKey())
                     .build();
 
             JwtClaims claims = consumer.processToClaims(token);
@@ -113,26 +134,26 @@
             long timeRemaining = LocalDateTime.now().toEpochSecond(ZoneOffset.ofHours(8)) - expirationTime.getValue();
             if (timeRemaining < 5 * 60) {
                 jwtUser.setStatus(JwtUser.TokenStatus.EXPIRING_SOON);
-            }else {
+            } else {
                 jwtUser.setStatus(JwtUser.TokenStatus.NORMAL);
             }
 
-            String username = (String) claims.getClaimValue("username");
-            String password = (String) claims.getClaimValue("password");
-            Long roleId = (Long) claims.getClaimValue("roleId");
+            String username = (String) claims.getClaimValue("userName");
+            User user = userService.getUserByUsername(username);
+
             jwtUser.setUserName(username);
-            jwtUser.setPassword(password);
-            jwtUser.setRoleId(roleId.intValue());
+            jwtUser.setPassword(user.getPassword());
+            jwtUser.setRoleId(user.getRole().getId());
 
             return jwtUser;
         } catch (InvalidJwtException e) {
             if (e.hasErrorCode(ErrorCodes.EXPIRED)) {
                 jwtUser.setStatus(JwtUser.TokenStatus.EXPIRED);
-            }else {
+            } else {
                 jwtUser.setStatus(JwtUser.TokenStatus.EXCEPTION);
             }
             return jwtUser;
-        }catch (Exception e) {
+        } catch (Exception e) {
             logger.error("[Token瑙f瀽澶辫触]锛� {}", e.getMessage());
             jwtUser.setStatus(JwtUser.TokenStatus.EXPIRED);
             return jwtUser;

--
Gitblit v1.8.0