Skip to content

X
xyqb-user2
Commit c78d2e93 authored by 技术部-任文超's avatar 技术部-任文超
Browse files
Options

漏洞修复一波

parent 9671a3b6
Hide whitespace changes
Inline Side-by-side
Showing with 90 additions and 278 deletions
src/main/java/cn/quantgroup/user/enums/MaritalStatus.java
View file @ c78d2e93
......@@ -6,26 +6,26 @@ package cn.quantgroup.user.enums;
public enum MaritalStatus {
UNKNOWN("未知"),
SINGLE("未婚"), // 1
MARRIED("已婚"), // 2
DIVORCED("离异"), // 3
WINDOWED("丧偶"), // 4
SINGLE("未婚"),
MARRIED("已婚"),
DIVORCED("离异"),
WINDOWED("丧偶"),
OTHER("其他");
String description;
private String desc;
MaritalStatus(String desc) {
description = desc;
this.desc = desc;
}
public String getDescription() {
return description;
public String getDesc() {
return desc;
}
@Override
public String toString() {
String sb = "MaritalStatus{" + "description='" + description + '\'' +
String sb = "MaritalStatus{" + "desc='" + desc + '\'' +
'}';
return sb;
}
......
src/main/java/cn/quantgroup/user/enums/Relation.java
View file @ c78d2e93
......@@ -15,19 +15,19 @@ public enum Relation {
SELF("本人"),
OTHER("其他");
String description;
private String desc;
Relation(String desc) {
description = desc;
this.desc = desc;
}
public String getDescription() {
return description;
public String getDesc() {
return desc;
}
@Override
public String toString() {
String sb = "Relation{" + "description='" + description + '\'' +
String sb = "Relation{" + "desc='" + desc + '\'' +
'}';
return sb;
}
......
src/main/java/cn/quantgroup/xyqb/controller/external/WeChatController.java
View file @ c78d2e93
......@@ -20,8 +20,6 @@ import com.google.common.collect.ImmutableList;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.PathVariable;
......@@ -48,10 +46,8 @@ import java.util.*;
@RequestMapping("/wechat")
public class WeChatController implements IBaseController {
private static final Logger LOGGER = LoggerFactory.getLogger(WeChatController.class);
// todo: 配置文件
private static final String TOKEN = "5YihkluEo5QuWAWpFwzvA";
private static final String WECHAT_DEVELOPOR_TOKEN = "5YihkluEo5QuWAWpFwzvA";
@Autowired
private IWechatService wechatService;
......@@ -111,7 +107,7 @@ public class WeChatController implements IBaseController {
String signature = request.getParameter("signature");
String timestamp = request.getParameter("timestamp");
String nonce = request.getParameter("nonce");
String[] arrs = new String[]{TOKEN, timestamp, nonce};
String[] arrs = new String[]{WECHAT_DEVELOPOR_TOKEN, timestamp, nonce};
Arrays.sort(arrs);
String joinStr = joinArray(arrs);
joinStr = sha1(joinStr);
......@@ -182,21 +178,21 @@ public class WeChatController implements IBaseController {
receiveCodeWithDefault(code, systemKey, schema, registerFrom, redirect, response);
return;
}
LOGGER.info("从微信extdata版本接口进入:{}, extData:{}", schema, extData);
log.info("从微信extdata版本接口进入:{}, extData:{}", schema, extData);
HashMap<String, Object> extDataObj;
try {
extDataObj = JSON.parseObject(extData, new TypeReference<HashMap<String, Object>>() {
});
} catch (Exception ex) {
LOGGER.error("解析extData发生错误", ex);
log.error("解析extData发生错误", ex);
receiveCodeWithDefault(code, systemKey, schema, registerFrom, redirect, response);
return;
}
schema = extDataObj.getOrDefault("protocol", Constants.PROTOCOL_HEAD_HTTP).toString();
LOGGER.info("从微信登录extData中获得协议信息,protocol:{}", schema);
log.info("从微信登录extData中获得协议信息,protocol:{}", schema);
registerFrom = Long.valueOf(extDataObj.getOrDefault("registerFrom", "1").toString());
redirect = (String) extDataObj.getOrDefault("redirect", "redirect");
LOGGER.info("从微信登录,registerFrom:{}, redirect:{}", registerFrom, redirect);
log.info("从微信登录,registerFrom:{}, redirect:{}", registerFrom, redirect);
receiveCodeWithDefault(code, systemKey, schema, registerFrom, redirect, response);
}
......@@ -213,7 +209,7 @@ public class WeChatController implements IBaseController {
private void receiveCodeWithDefault(String code, String systemKey, String schema, Long registerFrom, String redirect, HttpServletResponse response) {
// 微信跳转请求入参监控
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
LOGGER.info("[WeChatController][receiveCodeWithDefault]微信授权及跳转:code:{},systemKey:{},schema:{},registerFrom:{},redirect:{},request:{}", code, systemKey, schema, registerFrom, redirect, JSON.toJSONString(getRequestHeaderMap(request)));
log.info("[WeChatController][receiveCodeWithDefault]微信授权及跳转:code:{},systemKey:{},schema:{},registerFrom:{},redirect:{},request:{}", code, systemKey, schema, registerFrom, redirect, JSON.toJSONString(getRequestHeaderMap(request)));
/*
* 预处理(容错)
*/
......@@ -227,7 +223,7 @@ public class WeChatController implements IBaseController {
// 从code获取token
Merchant merchant = merchantService.findMerchantByName(systemKey);
AccessTokenResponse token = wechatService.getToken(code);
LOGGER.info("[WeChatController][receiveCodeWithDefault]微信授权及跳转:merchant:{},token:{}", merchant, token);
log.info("[WeChatController][receiveCodeWithDefault]微信授权及跳转:merchant:{},token:{}", merchant, token);
if (Objects.isNull(token) || StringUtils.isBlank(token.getOpenId())) {
// 让用户登录,不关联微信, 构造不关联微信的url
redirectNormalUrl(response, merchant, registerFrom, domain);
......@@ -235,11 +231,11 @@ public class WeChatController implements IBaseController {
}
// 获取已授权信息 - db
WechatUserInfo userInfoInDb = wechatService.findWechatUserInfoFromDb(token.getOpenId());
LOGGER.info("[WeChatController][receiveCodeWithDefault]微信授权及跳转:WechatUserInfo - from DB:{}", userInfoInDb);
log.info("[WeChatController][receiveCodeWithDefault]微信授权及跳转:WechatUserInfo - from DB:{}", userInfoInDb);
// welcome 首次登录
if (Objects.isNull(userInfoInDb)) {
WechatUserInfo userInfo = wechatService.getWechatUserInfoFromWechatServer(token.getAccessToken(), token.getOpenId());
LOGGER.info("[WeChatController][receiveCodeWithDefault]微信授权及跳转:WechatUserInfo - from wechat api:{}", userInfo);
log.info("[WeChatController][receiveCodeWithDefault]微信授权及跳转:WechatUserInfo - from wechat api:{}", userInfo);
if (Objects.isNull(userInfo) || StringUtils.isBlank(userInfo.getOpenId())) {
// 让用户登录,不关联微信, 构造不关联微信的url
redirectNormalUrl(response, merchant, registerFrom, domain);
......@@ -248,7 +244,7 @@ public class WeChatController implements IBaseController {
try {
userInfo = wechatService.saveWechatUserInfo(userInfo);
} catch (Exception e) {
LOGGER.warn("微信用户首次登陆,保存userInfo异常,执行操作:Nick置为*并重新保存.", e);
log.warn("微信用户首次登陆,保存userInfo异常,执行操作:Nick置为*并重新保存.", e);
userInfo.setNickName(EmojiUtil.BYTE_4_REPLACE_TEMPLATE);
userInfo = wechatService.saveWechatUserInfo(userInfo);
}
......@@ -322,10 +318,10 @@ public class WeChatController implements IBaseController {
}
private String createUserSession(User user, Merchant merchant, String redirect, String domain, Long registerFrom) {
LOGGER.info("[WeChatController][createUserSession]微信授权及跳转:user:{},merchant:{},redirect:{},domain:{},registerFrom:{}", user, merchant, redirect, domain, registerFrom);
log.info("[WeChatController][createUserSession]微信授权及跳转:user:{},merchant:{},redirect:{},domain:{},registerFrom:{}", user, merchant, redirect, domain, registerFrom);
LoginProperties loginProperties = new LoginProperties("", 4, Constants.Channel.WECHAT, registerFrom, String.valueOf(Constants.Channel.WECHAT), merchant.getId(), merchant.getName());
if (StringUtils.isEmpty(redirect) || "redirect".equals(redirect)) {
LOGGER.info("微信登录:redirect为null,走正常流程.");
log.info("微信登录:redirect为null,走正常流程.");
if ("baitiao".equals(merchant.getName())) {
return loginInWechatWithSessionCreated(user, merchant, "cashTarget5", Constants.Channel.BAITIAO, domain, Constants.Channel.WECHAT);
} else if ("wechat-pay".equals(merchant.getName())) {
......@@ -335,9 +331,9 @@ public class WeChatController implements IBaseController {
return loginInWechatWithSessionCreated(user, merchant, "cashTarget4", 1L, domain, registerFrom);
}
} else if ("local".equals(redirect)) {
LOGGER.info("微信登录:redirect不为null,创建session跳到指定前端页面.");
log.info("微信登录:redirect不为null,创建session跳到指定前端页面.");
AuthBean authBean = sessionService.createSession(user, loginProperties);
LOGGER.info("微信登录:跳转地址{}", domain + "/weixin/callback?phoneNo=" + user.getPhoneNo() + "&token=" + authBean.getToken());
log.info("微信登录:跳转地址{}", domain + "/weixin/callback?phoneNo=" + user.getPhoneNo() + "&token=" + authBean.getToken());
Long channelId = "baitiao".equals(merchant.getName()) ? Constants.Channel.BAITIAO : 1L;
String target = "baitiao".equals(merchant.getName()) ? "cashTarget5" : "cashTarget4";
return domain + "/landing?token=" + authBean.getToken() + "&registerFrom=" + registerFrom +
......@@ -349,20 +345,20 @@ public class WeChatController implements IBaseController {
private String loginInWechatWithSessionCreated(User user, Merchant merchant, String target, Long channelId, String domain, Long registerFrom) {
LoginProperties loginProperties = new LoginProperties("", 4, channelId, registerFrom, String.valueOf(Constants.Channel.WECHAT), merchant.getId(), merchant.getName());
AuthBean authBean = sessionService.createSession(user, loginProperties);
LOGGER.info("[WeChatController][loginInWechatWithSessionCreated]微信授权及跳转:user:{},merchant:{},target:{},channelId:{},domain:{},registerFrom:{}", user, merchant, target, channelId, domain, registerFrom);
log.info("[WeChatController][loginInWechatWithSessionCreated]微信授权及跳转:user:{},merchant:{},target:{},channelId:{},domain:{},registerFrom:{}", user, merchant, target, channelId, domain, registerFrom);
return domain + "/landing?token=" + authBean.getToken() + "&registerFrom=" + registerFrom + "&channelId=" + channelId + "&key=" + merchant.getName() + "&target=" + target;
}
private void redirectWechatLoginUrlWithoutLogin(HttpServletResponse response, Merchant merchant, WechatUserInfo userInfo, Long registerFrom, String domain) {
String redirectUrl = assembleWechatRedirectUrl(merchant, userInfo, registerFrom, domain);
LOGGER.info("[WeChatController][redirectWechatLoginUrlWithoutLogin]微信授权及跳转:redirectUrl:[{}]", redirectUrl);
log.info("[WeChatController][redirectWechatLoginUrlWithoutLogin]微信授权及跳转:redirectUrl:[{}]", redirectUrl);
response.setHeader("Location", redirectUrl);
response.setStatus(301);
}
private void redirectNormalUrl(HttpServletResponse response, Merchant merchant, Long registerFrom, String domain) {
String redirectUrl = assembleNormalRedirectUrl(merchant, registerFrom, domain);
LOGGER.info("[WeChatController][redirectNormalUrl]微信授权及跳转: redirectUrl:[{}]", redirectUrl);
log.info("[WeChatController][redirectNormalUrl]微信授权及跳转: redirectUrl:[{}]", redirectUrl);
response.setHeader("Location", redirectUrl);
response.setStatus(301);
}
......
src/main/java/cn/quantgroup/xyqb/controller/external/captcha/ImageCaptchaController.java
View file @ c78d2e93
......@@ -6,6 +6,7 @@ import cn.quantgroup.xyqb.model.JsonResult;
import cn.quantgroup.xyqb.thirdparty.jcaptcha.AbstractManageableImageCaptchaService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.codec.binary.Base64;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
......@@ -28,9 +29,10 @@ import java.util.UUID;
* @author 李宁
* @version 1.0.0 创建时间:15/11/17 11:49 修改人: 修改时间:15/11/17 11:49 修改备注:
*/
@Api(value = "/api", description = "叫Api, 实际上是图形验证码. 你说神奇不神奇...")
@Slf4j
@RestController
@RequestMapping("/api")
@Api(value = "/api", description = "叫Api, 实际上是图形验证码. 你说神奇不神奇...")
public class ImageCaptchaController {
private static final String IMAGE_FORMAT_PNG = "png";
......@@ -51,14 +53,12 @@ public class ImageCaptchaController {
BufferedImage challenge = imageCaptchaService.getImageChallengeForID(Constants.IMAGE_CAPTCHA_KEY + imageId, request.getLocale());
ByteArrayOutputStream jpegOutputStream = new ByteArrayOutputStream();
try {
boolean write = ImageIO.write(challenge, IMAGE_FORMAT_PNG, jpegOutputStream);
ImageIO.write(challenge, IMAGE_FORMAT_PNG, jpegOutputStream);
} catch (IOException e) {
e.printStackTrace();
log.error("图形验证码图片流返回失败", e);
return JsonResult.buildErrorStateResult("", Constants.CHECK_FAIL);
}
String imageBase64 = Base64.encodeBase64String(jpegOutputStream.toByteArray());
Map<String, String> data = new HashMap<>();
data.put("imageId", imageId);
data.put("image", String.format(IMG_BASE64_PATTREN, imageBase64));
......
src/main/java/cn/quantgroup/xyqb/controller/internal/user/InnerController.java
View file @ c78d2e93
......@@ -2,14 +2,15 @@ package cn.quantgroup.xyqb.controller.internal.user;
import cn.quantgroup.tech.db.DSType;
import cn.quantgroup.tech.db.TargetDataSource;
import cn.quantgroup.user.enums.Relation;
import cn.quantgroup.user.enums.*;
import cn.quantgroup.xyqb.Constants;
import cn.quantgroup.xyqb.aspect.accessable.IpValidator;
import cn.quantgroup.xyqb.controller.IBaseController;
import cn.quantgroup.xyqb.entity.*;
import cn.quantgroup.xyqb.entity.enumerate.*;
import cn.quantgroup.xyqb.exception.UserNotExistException;
import cn.quantgroup.xyqb.model.*;
import cn.quantgroup.xyqb.model.Gender;
import cn.quantgroup.xyqb.model.IdType;
import cn.quantgroup.xyqb.service.api.IUserApiService;
import cn.quantgroup.xyqb.service.auth.IIdCardService;
import cn.quantgroup.xyqb.service.merchant.IMerchantService;
......@@ -755,7 +756,7 @@ public class InnerController implements IBaseController {
UserExtInfo extInfo = userExtInfoService.findByUserId(user.getId());
if (Objects.nonNull(extInfo)) {
// 婚姻状态
bean.setMarryStatus(Optional.ofNullable(extInfo.getMarryStatus()).orElse(cn.quantgroup.user.enums.MaritalStatus.UNKNOWN).getDescription());
bean.setMarryStatus(Optional.ofNullable(extInfo.getMarryStatus()).orElse(cn.quantgroup.user.enums.MaritalStatus.UNKNOWN).getDesc());
// 受教育程度
bean.setEducationEnum(Optional.ofNullable(extInfo.getEducationEnum()).orElse(cn.quantgroup.user.enums.EducationEnum.UNKNOWN).getName());
// 职业
......@@ -856,9 +857,9 @@ public class InnerController implements IBaseController {
bean.setOccupationEnum(extInfo.getOccupationEnum().getName());
}
if (null == extInfo.getMarryStatus()) {
bean.setMarryStatus(cn.quantgroup.user.enums.MaritalStatus.UNKNOWN.getDescription());
bean.setMarryStatus(cn.quantgroup.user.enums.MaritalStatus.UNKNOWN.getDesc());
} else {
bean.setMarryStatus(extInfo.getMarryStatus().getDescription());
bean.setMarryStatus(extInfo.getMarryStatus().getDesc());
}
}
if (org.apache.commons.collections.CollectionUtils.isNotEmpty(contacts)) {
......@@ -878,7 +879,7 @@ public class InnerController implements IBaseController {
ret.setUserId(c.getUserId());
ret.setName(c.getName());
ret.setPhoneNo(c.getPhoneNo());
ret.setRelation(c.getRelation().getDescription());
ret.setRelation(c.getRelation().getDesc());
return ret;
}
......
src/main/java/cn/quantgroup/xyqb/entity/UserExtInfo.java
View file @ c78d2e93
......@@ -8,8 +8,6 @@ import javax.persistence.*;
import java.io.Serializable;
import java.sql.Timestamp;
//import cn.quantgroup.xyqb.entity.enumerate.*;
/**
* Created by 11 on 2016/12/30.
*/
......
src/main/java/cn/quantgroup/xyqb/entity/enumerate/EducationEnum.java deleted 100644 → 0
View file @ 9671a3b6
package cn.quantgroup.xyqb.entity.enumerate;
/**
* Created by 11 on 2016/12/30.
*/
public enum EducationEnum {
UNKNOWN("暂无"),
MASTER("硕士及以上"),
UNDER_GRADUATE("本科"),
JUNIOR_COLLEGE("大专"),
TECHNICAL_SECONDARY_SCHOOL("中专"),
TECHNICAL_SCHOOL("技校"),
HIGH_SCHOOL("高中"),
MIDDLE_SCHOOL("初中"),
PRIMARY_SCHOOL("小学"),
OTHER("其他");
private String name;
EducationEnum(String name) {
this.name = name;
}
public String getName() {
return name;
}
@Override
public String toString() {
return name;
}
}
src/main/java/cn/quantgroup/xyqb/entity/enumerate/IncomeEnum.java deleted 100644 → 0
View file @ 9671a3b6
package cn.quantgroup.xyqb.entity.enumerate;
/**
* Created by 11 on 2016/12/30.
*/
public enum IncomeEnum {
UNKNOWN("未知"),
CASH("现金计算"),
PAY_CARD("工资卡"),
CASH_AND_PAY_CARD("混合");
private String desc;
IncomeEnum(String desc) {
this.desc = desc;
}
}
\ No newline at end of file
src/main/java/cn/quantgroup/xyqb/entity/enumerate/IncomeRangeEnum.java deleted 100644 → 0
View file @ 9671a3b6
package cn.quantgroup.xyqb.entity.enumerate;
/**
* Created by 11 on 2016/12/30.
*/
public enum IncomeRangeEnum {
UNKNOWN("暂无"),
BELOW_1000("小于1000元"),
BELOW_3000("1000至3000元"),
BELOW_5000("3000至5000元"),
BELOW_8000("5000至8000元"),
BELOW_10000("8000至10000元"),
BELOW_15000("10000至15000元"),
BELOW_20000("15000至20000元"),
ABOVE_20000("大于20000元");
private String desc;
IncomeRangeEnum(String desc) {
this.desc = desc;
}
}
src/main/java/cn/quantgroup/xyqb/entity/enumerate/MaritalStatus.java deleted 100644 → 0
View file @ 9671a3b6
package cn.quantgroup.xyqb.entity.enumerate;
/**
* Created by sunnan on 2016-11-24.
*/
public enum MaritalStatus {
UNKNOWN("未知"),
SINGLE("未婚"), // 1
MARRIED("已婚"), // 2
DIVORCED("离异"), // 3
WINDOWED("丧偶"), // 4
OTHER("其他");
String description;
MaritalStatus(String desc) {
description = desc;
}
public String getDescription() {
return description;
}
@Override
public String toString() {
String sb = "MaritalStatus{" + "description='" + description + '\'' +
'}';
return sb;
}
}
src/main/java/cn/quantgroup/xyqb/entity/enumerate/OccupationEnum.java deleted 100644 → 0
View file @ 9671a3b6
package cn.quantgroup.xyqb.entity.enumerate;
/**
* Created by 11 on 2016/12/30.
*/
public enum OccupationEnum {
UNKNOWN("暂未填写"),
WORKER("工人"),
TEACHER("教师"),
WHITE_COLLAR("白领"),
STUDENT("学生"),
CAREER_BUILDER("创业者"),
SELF_EMPLOYER("个体户"),
EMPLOYEE("公司职员"),
BISUNESS_ENTITY("企业法人"),
ONLINE_STORE_OWNER("网店店主"),
UNEMPLOYED("暂无职业"),
OTHER("其他");
private String name;
OccupationEnum(String name) {
this.name = name;
}
public String getName() {
return name;
}
@Override
public String toString() {
return name;
}
}
src/main/java/cn/quantgroup/xyqb/entity/enumerate/Relation.java deleted 100644 → 0
View file @ 9671a3b6
package cn.quantgroup.xyqb.entity.enumerate;
/**
* Created by Miraculous on 2017/1/3.
*/
public enum Relation {
PARENT("父母"),
CHILDREN("子女"),
BROTHER("兄弟姐妹"),
COLLEAGUE("同事"),
CLASSMATE("同学"),
FRIEND("朋友"),
SPOUSE("夫妻"),
SELF("本人"),
OTHER("其他");
String description;
Relation(String desc) {
description = desc;
}
public String getDescription() {
return description;
}
@Override
public String toString() {
String sb = "Relation{" + "description='" + description + '\'' +
'}';
return sb;
}
}
src/main/java/cn/quantgroup/xyqb/model/ApiResponse.java
View file @ c78d2e93
......@@ -26,9 +26,9 @@ public class ApiResponse {
public static final int OK = 4;
public static final int TOO_BUSY = 5;
int code;
String type;
String message;
private int code;
private String type;
private String message;
public ApiResponse(){}
......
src/main/java/cn/quantgroup/xyqb/model/ContactModel.java
View file @ c78d2e93
......@@ -32,7 +32,7 @@ public class ContactModel implements Serializable {
ContactModel model = new ContactModel();
model.setName(entity.getName());
model.setPhoneNo(entity.getPhoneNo());
model.setRelationName(Optional.ofNullable(entity.getRelation()).orElse(Relation.OTHER).getDescription());
model.setRelationName(Optional.ofNullable(entity.getRelation()).orElse(Relation.OTHER).getDesc());
model.setRelation(entity.getRelation().name());
return model;
}
......
src/main/java/cn/quantgroup/xyqb/service/captcha/GeetestLib.java
View file @ c78d2e93
package cn.quantgroup.xyqb.service.captcha;
import cn.quantgroup.xyqb.Constants;
import cn.quantgroup.xyqb.util.encrypt.Md5Util;
import lombok.extern.slf4j.Slf4j;
import org.json.JSONException;
import org.json.JSONObject;
......@@ -10,8 +11,6 @@ import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
......@@ -162,7 +161,7 @@ public class GeetestLib {
if (return_challenge.length() == Constants.MD5_LENGTH) {
this.responseStr = this.getSuccessPreProcessRes(this.md5Encode(return_challenge + this.privateKey));
this.responseStr = this.getSuccessPreProcessRes(Md5Util.build(return_challenge + this.privateKey));
return 1;
......@@ -278,14 +277,14 @@ public class GeetestLib {
response = readContentFromPost(postUrl, param);
gtlog("response: " + response);
} catch (Exception e) {
e.printStackTrace();
log.error("向gt-server进行二次验证", e);
}
String return_seccode = "";
try {
JSONObject return_map = new JSONObject(response);
return_seccode = return_map.getString("seccode");
gtlog("md5: " + md5Encode(return_seccode));
if (return_seccode.equals(md5Encode(seccode))) {
gtlog("md5: " + Md5Util.build(return_seccode));
if (return_seccode.equals(Md5Util.build(seccode))) {
return 1;
} else {
return 0;
......@@ -328,7 +327,7 @@ public class GeetestLib {
}
protected boolean checkResultByPrivate(String challenge, String validate) {
String encodeStr = md5Encode(privateKey + "geetest" + challenge);
String encodeStr = Md5Util.build(privateKey + "geetest" + challenge);
return validate.equals(encodeStr);
}
......@@ -344,9 +343,10 @@ public class GeetestLib {
URL getUrl = new URL(URL);
HttpURLConnection connection = (HttpURLConnection) getUrl
.openConnection();
connection.setConnectTimeout(2000);// 设置连接主机超时(单位:毫秒)
connection.setReadTimeout(2000);// 设置从主机读取数据超时(单位:毫秒)
// 设置连接主机超时(单位:毫秒)
connection.setConnectTimeout(2000);
// 设置从主机读取数据超时(单位:毫秒)
connection.setReadTimeout(2000);
// 建立与服务器的连接,并未发送数据
connection.connect();
......@@ -362,11 +362,11 @@ public class GeetestLib {
sBuffer.append(new String(buf, 0, n, "UTF-8"));
}
inStream.close();
connection.disconnect();// 断开连接
// 断开连接
connection.disconnect();
return sBuffer.toString();
} else {
return Constants.CHECK_FAIL;
}
}
......@@ -385,9 +385,10 @@ public class GeetestLib {
URL postUrl = new URL(URL);
HttpURLConnection connection = (HttpURLConnection) postUrl
.openConnection();
connection.setConnectTimeout(2000);// 设置连接主机超时(单位:毫秒)
connection.setReadTimeout(2000);// 设置从主机读取数据超时(单位:毫秒)
// 设置连接主机超时(单位:毫秒)
connection.setConnectTimeout(2000);
// 设置从主机读取数据超时(单位:毫秒)
connection.setReadTimeout(2000);
connection.setRequestMethod("POST");
connection.setDoInput(true);
connection.setDoOutput(true);
......@@ -412,7 +413,8 @@ public class GeetestLib {
sBuffer.append(new String(buf, 0, n, "UTF-8"));
}
inStream.close();
connection.disconnect();// 断开连接
// 断开连接
connection.disconnect();
return sBuffer.toString();
} else {
......@@ -421,38 +423,4 @@ public class GeetestLib {
}
}
/**
* md5 加密
*
* @param plainText
* @return
* @time 2014年7月10日 下午3:30:01
*/
private String md5Encode(String plainText) {
String re_md5 = "";
try {
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(plainText.getBytes());
byte b[] = md.digest();
int i;
StringBuilder buf = new StringBuilder();
for (int offset = 0; offset < b.length; offset++) {
i = b[offset];
if (i < 0) {
i += 256;
}
if (i < 16) {
buf.append("0");
}
buf.append(Integer.toHexString(i));
}
re_md5 = buf.toString();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return re_md5;
}
}
src/main/java/cn/quantgroup/xyqb/util/encrypt/Md5Util.java
View file @ c78d2e93
package cn.quantgroup.xyqb.util.encrypt;
import lombok.extern.slf4j.Slf4j;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
......@@ -9,16 +10,15 @@ import java.security.NoSuchAlgorithmException;
/**
* Created by tums on 2015/11/30.
*/
@Slf4j
public final class Md5Util {
private static final Logger LOGGER = LoggerFactory.getLogger(Md5Util.class);
public static String build(String content) {
MessageDigest messageDigest;
try {
messageDigest = MessageDigest
.getInstance("md5");
messageDigest = MessageDigest.getInstance("md5");
} catch (NoSuchAlgorithmException e) {
LOGGER.error(e.getMessage(), e);
log.error("MessageDigest获取实例失败", e);
return null;
}
messageDigest.update(content.getBytes());
......
src/test/java/common/Md5Test.java 0 → 100644
View file @ c78d2e93
package common;
import cn.quantgroup.xyqb.service.captcha.GeetestLib;
import cn.quantgroup.xyqb.util.encrypt.Md5Util;
import lombok.extern.slf4j.Slf4j;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;
@Slf4j
@RunWith(JUnit4.class)
public class Md5Test {
final static String PWD = "123456";
@Test
public void test() {
log.info("pwd:{},Md5Util:{},Geetest:{}", PWD, Md5Util.build(PWD), GeetestLib.md5Encode(PWD));
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment