From 07900e03d0d037709ddbbeffec4b6b861a679016 Mon Sep 17 00:00:00 2001
From: zoujiangtao <z17779007624@163.com>
Date: Mon, 30 Dec 2024 17:31:35 +0800
Subject: [PATCH] =?UTF-8?q?=E6=8F=90=E4=BA=A4=E5=86=85=E5=AE=B9=EF=BC=9ACA?=
 =?UTF-8?q?=E4=BB=A3=E7=A0=81=E6=B5=8B=E8=AF=95=20=E5=A4=87=E6=B3=A8?=
 =?UTF-8?q?=EF=BC=9ACA=E4=BB=A3=E7=A0=81=E6=B5=8B=E8=AF=95=20=E6=8F=90?=
 =?UTF-8?q?=E4=BA=A4=E4=BA=BA=EF=BC=9A=E9=82=B9=E6=B1=9F=E6=B6=9B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../sys/plugin/CA/InfoSecResourceBundle.java  | 69 +++++++++++++++
 .../sys/sys/plugin/CA/InfoSecService.java     | 83 +++++++++++++++++++
 2 files changed, 152 insertions(+)
 create mode 100644 sys/shkd-sys-sys/src/main/java/shkd/sys/sys/plugin/CA/InfoSecResourceBundle.java
 create mode 100644 sys/shkd-sys-sys/src/main/java/shkd/sys/sys/plugin/CA/InfoSecService.java

diff --git a/sys/shkd-sys-sys/src/main/java/shkd/sys/sys/plugin/CA/InfoSecResourceBundle.java b/sys/shkd-sys-sys/src/main/java/shkd/sys/sys/plugin/CA/InfoSecResourceBundle.java
new file mode 100644
index 0000000..80a3c95
--- /dev/null
+++ b/sys/shkd-sys-sys/src/main/java/shkd/sys/sys/plugin/CA/InfoSecResourceBundle.java
@@ -0,0 +1,69 @@
+package shkd.sys.sys.plugin.CA;
+
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Properties;
+import java.util.ResourceBundle;
+import java.util.Set;
+
+/**
+ * @description: CA服务 ResourceBundle对象
+ **/
+public class InfoSecResourceBundle extends ResourceBundle {
+
+    private Map<String,Object> lookup;
+
+    public InfoSecResourceBundle(Properties properties){
+        lookup = new HashMap(properties);
+    }
+
+    public InfoSecResourceBundle(Map<String,Object> lookup){
+        this.lookup = lookup;
+    }
+
+    public InfoSecResourceBundle(InputStream stream) throws IOException {
+        Properties properties = new Properties();
+        properties.load(stream);
+        lookup = new HashMap(properties);
+    }
+
+    @Override
+    protected Object handleGetObject(String key) {
+        if (key == null) {
+            throw new NullPointerException();
+        }
+        return lookup.get(key);
+    }
+
+    @Override
+    public Enumeration<String> getKeys() {
+        return new Enumeration() {
+            private Iterator<String> iterator = lookup.keySet().iterator();
+            @Override
+            public boolean hasMoreElements() {
+                return iterator.hasNext();
+            }
+
+            @Override
+            public Object nextElement() {
+                return iterator.next();
+            }
+        };
+    }
+
+    protected Set<String> handleKeySet() {
+        return lookup.keySet();
+    }
+
+    @Override
+    public boolean containsKey(String key) {
+        return lookup.containsKey(key);
+    }
+
+
+}
diff --git a/sys/shkd-sys-sys/src/main/java/shkd/sys/sys/plugin/CA/InfoSecService.java b/sys/shkd-sys-sys/src/main/java/shkd/sys/sys/plugin/CA/InfoSecService.java
new file mode 100644
index 0000000..6cd20eb
--- /dev/null
+++ b/sys/shkd-sys-sys/src/main/java/shkd/sys/sys/plugin/CA/InfoSecService.java
@@ -0,0 +1,83 @@
+package shkd.sys.sys.plugin.CA;
+
+
+import cn.com.infosec.netsign.agent.NetSignAgent;
+import cn.com.infosec.netsign.agent.NetSignResult;
+
+import java.io.InputStream;
+import java.security.cert.X509Certificate;
+import java.util.Map;
+import java.util.Properties;
+
+import kd.bos.ca.bean.VerifySignResult;
+import kd.bos.dataentity.serialization.SerializationUtils;
+import kd.bos.ca.AbstractCAService;
+import kd.bos.logging.Log;
+import kd.bos.logging.LogFactory;
+
+/**
+ * @description: CA服务
+ **/
+public class InfoSecService extends AbstractCAService {
+    private static Log log = LogFactory.getLog(InfoSecService.class);
+    private static Properties properties;
+    private static boolean isInitialize;
+
+    static {
+        initProperties();
+    }
+
+    /**
+     * 初始化
+     */
+    private static void initProperties() {
+        if (properties == null) {
+            try (InputStream in = InfoSecService.class.getResourceAsStream("/resources/InfoSecConfig.properties")) {
+                properties = new Properties();
+                properties.load(in);
+            } catch (Exception e) {
+                e.printStackTrace();
+                throw new RuntimeException("信安世纪服务配置文件初始化失败：" + e.getMessage());
+            }
+        }
+    }
+
+    /**
+     * @param signData  签名信息
+     * @param cleartext 原文信息
+     * @param publicKey 证书公钥
+     * @param caConfig  ca配置信息
+     * @return 验签结果
+     */
+    @Override
+    public VerifySignResult verifySign(String signData, String cleartext, String publicKey, Map<String, Object> caConfig) {
+        log.info("验签开始");
+        VerifySignResult result = new VerifySignResult();
+        try {
+            /**
+             * 虽然能获取到苍穹系统上的配置，并构造ResourceBundle对象，但是信安世纪的服务只能初始化一次。感觉有点坑
+             * 服务只能初始化一次。再次调用NetSignAgent.initialize不会生效。所以修改配置后只能重启服务。。。
+             */
+            if (!isInitialize) {
+                properties.putAll(caConfig);
+                InfoSecResourceBundle resourceBundle = new InfoSecResourceBundle(properties);
+                NetSignAgent.initialize(resourceBundle);
+                isInitialize = Boolean.TRUE;
+            }
+
+            X509Certificate certificate = NetSignAgent.generateCertificate(publicKey.getBytes());
+            NetSignResult netSignResult = NetSignAgent.rawVerify(cleartext.getBytes(), signData, "SHA1", null, certificate);
+            log.info(SerializationUtils.toJsonString(netSignResult));
+            result.setSuccess(true);
+            result.setMessage("验签通过。");
+        } catch (Exception e) {
+            log.error(e);
+            result.setSuccess(false);
+            result.setMessage("验签失败:" + e.getMessage());
+        }
+
+        return result;
+    }
+
+
+}