Springboot請求引數解密

浪天涯&*發表於2024-12-06

新建一個 HttpServletRequestWrapper 實現類，在Filter 中使用該類包裝原request

import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.io.IoUtil;
import cn.hutool.core.map.MapUtil;
import cn.hutool.core.net.URLDecoder;
import cn.hutool.core.text.CharSequenceUtil;
import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.SecureUtil;
import cn.hutool.crypto.asymmetric.KeyType;
import cn.hutool.crypto.asymmetric.RSA;
import cn.hutool.extra.spring.SpringUtil;
import cn.hutool.json.JSONObject;
import cn.hutool.json.JSONUtil;
import com.test.base.config.SecretConfig;
import com.test.common.constant.CommonConstant;
import com.test.common.exception.IchibanShoException;
import com.test.common.servlet.CommonServletInputStream;
import lombok.extern.slf4j.Slf4j;

import javax.servlet.ServletInputStream;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.*;

@Slf4j
public class DecryptHttpServletRequest extends HttpServletRequestWrapper {
    private byte[] body;
    private static SecretConfig secretConfig;
    private final Map<String, String[]> parameterMap = new HashMap<>();

    public DecryptHttpServletRequest (HttpServletRequest request) {
        super(request);
        if (Objects.isNull(secretConfig)) {
            secretConfig = SpringUtil.getBean(SecretConfig.class);
        }
        if (MapUtil.isNotEmpty(request.getParameterMap())) {
            parameterMap.putAll(request.getParameterMap());
        }
        decryptSecretParam();
        decryptPostBody(request);
    }

    private void decryptSecretParam() {
        String secretParam = getParameter("secretParam");
        MapUtil.removeAny(parameterMap, "secretParam");
        if (StrUtil.isNotBlank(secretParam) && Objects.nonNull(secretConfig)) {
            log.info(">>>>>>>>>>> 解密 secretParam 開始 <<<<<<<<<<<<<<<<<<");
            log.info("原始secretParam: {}", secretParam);
            secretParam = URLDecoder.decode(secretParam, StandardCharsets.UTF_8);
            log.info("URLDecoder後secretParam: {}", secretParam);
            String privateKey = secretConfig.getPrivateKey();
            String publicKey = secretConfig.getPublicKey();
            if (CharSequenceUtil.isNotBlank(privateKey)) {
                RSA rsa = SecureUtil.rsa(privateKey, publicKey);
                rsa.setDecryptBlockSize(CommonConstant.RSA_DECRYPT_BLOCK_SIZE);//hutool RSA解密預設128
                String decryptData = rsa.decryptStr(secretParam, KeyType.PrivateKey);
                log.info("RSA解碼後secretParam: {}", decryptData);
                decryptData = URLDecoder.decode(decryptData, StandardCharsets.UTF_8);
                log.info("URLDecoder後decryptData: {}", decryptData);
                if (CharSequenceUtil.isNotBlank(decryptData)) {
                    decryptData = StrUtil.removePrefix(decryptData, "\"");
                    decryptData = StrUtil.removeSuffix(decryptData, "\"");
                    log.info("去除首尾雙引號後decryptData: {}", decryptData);
                    List<String> params = StrUtil.split(decryptData, "&");
                    for (String param : params) {
                        List<String> paramArr = StrUtil.splitTrim(param, "=");
                        if (CollUtil.isNotEmpty(paramArr) && paramArr.size() == 2) {
                            setParameter(paramArr.get(0), paramArr.get(1));
                        }
                    }
                }
            }
            log.info(">>>>>>>>>>> 解密 secretParam 結束 <<<<<<<<<<<<<<<<<<");
        }
    }

    private void decryptPostBody(HttpServletRequest request) {
        try {
            InputStream inputStream = request.getInputStream();
            String bodyStr = IoUtil.read(new InputStreamReader(inputStream));
            if (JSONUtil.isTypeJSON(bodyStr)) {
                JSONObject jsonObject = JSONUtil.parseObj(bodyStr);
                if (jsonObject.containsKey("secretData")) {
                    bodyStr = jsonObject.getStr("secretData");
                }
            }
            if (!JSONUtil.isTypeJSON(bodyStr) && CharSequenceUtil.isNotBlank(bodyStr) && Objects.nonNull(secretConfig)) {
                log.info(">>>>>>>>>>> 解密 secretData 開始 <<<<<<<<<<<<<<<<<<");
                log.info("原始secretData: {}", bodyStr);
                String privateKey = secretConfig.getPrivateKey();
                String publicKey = secretConfig.getPublicKey();
                if (CharSequenceUtil.isNotBlank(privateKey)) {
                    RSA rsa = SecureUtil.rsa(privateKey, publicKey);
                    rsa.setDecryptBlockSize(CommonConstant.RSA_DECRYPT_BLOCK_SIZE);
                    String decryptData = rsa.decryptStr(bodyStr, KeyType.PrivateKey);
                    log.info("RSA解碼後secretData: {}", decryptData);
                    decryptData = URLDecoder.decode(decryptData, StandardCharsets.UTF_8);
                    log.info("URLDecoder後secretData: {}", decryptData);
                    if (CharSequenceUtil.isNotBlank(decryptData)) {
                        body = CharSequenceUtil.bytes(decryptData);
                    } else {
                        throw new IchibanShoException("無效的請求引數");
                    }
                } else {
                    body = CharSequenceUtil.bytes(bodyStr);
                }
                log.info(">>>>>>>>>>> 解密 secretData 結束 <<<<<<<<<<<<<<<<<<");
            } else {
                body = CharSequenceUtil.bytes(bodyStr);
            }
        } catch (Exception e) {
            log.error("解密失敗", e);
        }
    }

    public void setParameter(String name, String value) {
        parameterMap.put(name, new String[] { value });
    }

    @Override
    public String getParameter(String name) {
        String[] values = parameterMap.get(name);
        if (ArrayUtil.isNotEmpty(values)) {
            return values[0];
        }
        return StrUtil.EMPTY;
    }

    @Override
    public Map<String, String[]> getParameterMap() {
        return parameterMap;
    }

    @Override
    public Enumeration<String> getParameterNames() {
        Vector<String> parameterNames = new Vector<>(parameterMap.keySet());
        return parameterNames.elements();
    }

    @Override
    public String[] getParameterValues(String name) {
        return parameterMap.get(name);
    }

    @Override
    public ServletRequest getRequest() {
        return super.getRequest();
    }

    @Override
    public BufferedReader getReader() {
        return new BufferedReader(new InputStreamReader(new ByteArrayInputStream(body)));
    }

    @Override
    public ServletInputStream getInputStream() {
        return new CommonServletInputStream(new ByteArrayInputStream(body));
    }
}

import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;

public class CommonServletInputStream extends ServletInputStream {
    private final ByteArrayInputStream inputStream;

    public CommonServletInputStream(ByteArrayInputStream inputStream) {
        this.inputStream = inputStream;
    }

    @Override
    public boolean isFinished() {
        return inputStream.available() == 0;
    }

    @Override
    public boolean isReady() {
        return true;
    }

    @Override
    public void setReadListener(ReadListener readListener) {

    }

    @Override
    public int read() {
        return inputStream.read();
    }

    @Override
    public void close() throws IOException {
        inputStream.close();
    }
}

　　在filter中：filterChain.doFilter(new DecryptHttpServletRequest(request), response);

SpringBoot Get 請求接收 Date 型別引數
2021-04-16
Spring Boot型別
SpringBoot 攔截器獲取http請求引數
2020-09-08
Spring BootHTTP
SpringBoot使用Axios傳送請求，引數處理
2019-03-22
Spring BootiOS
有趣的請求引數/請求頭
2020-08-05
SpringMVC請求引數解析
2021-04-29
SpringMVC
fastapi 請求引數校驗
2024-07-07
ASTAPI
Charles 修改請求(Request)引數
2024-05-26
請求引數的傳遞
2020-01-31
springBoot 過濾器去除請求引數前後空格(附原始碼)
2022-11-27
Spring Boot過濾器原始碼
springboot 2.0中 PUT請求接收不到引數解決辦法
2019-04-01
Spring Boot
Postman傳送請求引數是Map格式的請求
2020-12-30
Postman
ajax中POST請求與引數(請求體)設定
2020-12-31
postman 請求引數和 Spring Boot Controller 接受引數
2018-03-30
PostmanSpring BootController
GET請求的引數丟失
2021-01-03
GOLANG Web請求引數驗證
2018-07-17
GolangWeb
charles 打斷點修改請求引數
2024-06-20
斷點
java傳送get請求帶引數
2024-06-10
Java
表單請求獲取路由引數
2019-05-22
路由
Mybatis foreach 請求引數是物件集合
2018-03-19
MyBatis物件
Spring對JSON請求加解密
2018-03-06
SpringJSON解密
SpringBoot 介面引數解密的實現方法（使用註解）
2022-08-20
Spring Boot解密
關於在request請求時，處理請求引數的問題
2024-05-19
RestTemplate exchange GET POST請求傳引數DEMO
2024-11-27
REST
leaflet動態更改wms瓦片請求引數
2024-06-22
Thinkphp5基礎——10 請求引數
2019-01-18
PHP
什麼是請求引數、表單引數、url引數、header引數、Cookie引數？一文講懂
2022-05-22
HeaderCookie
springboot打jar包請求jsp請求不到問題
2020-12-11
Spring BootJARJS
Blazor Server 發起HttpPost請求，但是多引數
2023-09-21
BlazorServerHTTP
拙見--springMVC的controller接受的請求引數
2022-06-16
SpringMVCController
SpringMVC底層——請求引數處理流程描述
2022-07-18
SpringMVC
RESTFUL風格的URL請求及引數接收
2020-08-01
REST
請求引數為物件，mybatis的sql寫法
2020-10-18
物件MyBatisSQL
（七）Spring Boot Controller的請求引數獲取
2020-12-12
Spring BootController
GET請求引數為中文時亂碼分析
2018-11-22
linux 下用 Wget 傳送帶引數的請求
2021-09-09
Linuxwget
Laravel 檔案上傳和獲取請求引數
2020-01-07
Laravel
springmvc引數設定預設值，多地址請求
2021-09-09
SpringMVC
JavaWeb基礎-Request物件接收表單請求引數
2020-12-08
JavaWeb物件

Springboot請求引數解密

相關文章