worker.bank
/
scfs-api-sdk
4
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases 1 Wiki Activity

fix: 错误校验

main
13009 2024-05-22 16:07:17 +08:00
parent 5eee93a4b3
commit 43d3d5f8c4
2 changed files with 150 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/DefaultValidator.java
View File

@ -40,20 +40,20 @@ public final class DefaultValidator implements Validator {
isInvalidHttpCode(response); isInvalidHttpCode(response);
// 校验时间戳 // 校验时间戳
validateTimestamp(request, response); validateTimestamp(response);
// 校验应答签名 // 校验应答签名
validateResponseSignature(request, response, channel); validateResponseSignature(response, channel);
} }
private void isInvalidHttpCode(OriginalResponse response) { public void isInvalidHttpCode(OriginalResponse response) {
if (response.getStatusCode() < HTTP_OK || response.getStatusCode() >= HTTP_MULT_CHOICE) { if (response.getStatusCode() < HTTP_OK || response.getStatusCode() >= HTTP_MULT_CHOICE) {
throw new ValidationException(String.format("校验失败, HttpStatusCode=%s, Request-Id=%s, HttpResponseBody=%s", throw new ValidationException(String.format("校验失败, HttpStatusCode=%s, Request-Id=%s, HttpResponseBody=%s",
response.getStatusCode(), response.getHttpHeaders().getHeader(REQUEST_ID), plainBody(response))); response.getStatusCode(), response.getHttpHeaders().getHeader(REQUEST_ID), plainBody(response)));
} }
} }
public void validateTimestamp(HttpRequest request, OriginalResponse response) { public void validateTimestamp(OriginalResponse response) {
String timestamp = response.getHttpHeaders().getHeader(TIMESTAMP); String timestamp = response.getHttpHeaders().getHeader(TIMESTAMP);
if (Strings.isEmpty(timestamp)) { if (Strings.isEmpty(timestamp)) {
throw new TimestampException(String.format("校验失败, 时间戳[%s]不存在, Request-Id=%s, HttpResponseBody=%s", TIMESTAMP, throw new TimestampException(String.format("校验失败, 时间戳[%s]不存在, Request-Id=%s, HttpResponseBody=%s", TIMESTAMP,
@ -68,7 +68,7 @@ public final class DefaultValidator implements Validator {
} }
} }
public void validateResponseSignature(HttpRequest request, OriginalResponse response, Channel channel) { public void validateResponseSignature(OriginalResponse response, Channel channel) {
// 待签名串 // 待签名串
String message = profile.getSignature().getCredential().buildResponseMessage(response, channel); String message = profile.getSignature().getCredential().buildResponseMessage(response, channel);
String signature = response.getHttpHeaders().getHeader(SIGNATURE); String signature = response.getHttpHeaders().getHeader(SIGNATURE);

149
scfs-api-core/src/test/java/com/czcb/scfs/api/core/cipher/DefaultValidatorTest.java
View File

@ -1,14 +1,155 @@
package com.czcb.scfs.api.core.cipher; package com.czcb.scfs.api.core.cipher;
import com.czcb.scfs.api.core.DefaultChannel;
import com.czcb.scfs.api.core.KeyText;
import com.czcb.scfs.api.core.Profile;
import com.czcb.scfs.api.core.exception.TimestampException;
import com.czcb.scfs.api.core.exception.ValidationException;
import com.czcb.scfs.api.core.http.*;
import com.czcb.scfs.api.core.http.client.TestPrivacy;
import com.czcb.scfs.api.core.http.client.TestProfile;
import com.czcb.scfs.api.core.http.client.TestSigner;
import com.czcb.scfs.api.core.http.client.TestVerifier;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
class DefaultValidatorTest { import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@Test import static com.czcb.scfs.api.core.Constants.TIMESTAMP;
void validate() {
class DefaultValidatorTest {
Profile buildProfile() {
PrivateKey privateKey = KeyText.loadTestPrivateKeyRSA();
X509Certificate certificate = KeyText.loadTestRSA();
List<X509Certificate> list = new ArrayList<>();
list.add(certificate);
CertificateProvider certificateProvider = new LocalCertificateProvider(list);
Privacy privacy = new TestPrivacy(privateKey, certificateProvider);
Signature signature = new DefaultSignature(certificateProvider, new TestSigner(privateKey), new TestVerifier(certificateProvider));
return new TestProfile(
privacy,
signature,
new DefaultChannel.Builder()
.channelNo("000000")
.appNo("111111")
.build(),
new DefaultHttpProfile.Builder()
.online(false)
.logLevel(LogLevel.basic)
.compressionEnabled(false)
.host("http://127.0.0.1:8888")
.build()
);
} }
@Test @Test
void responseHeaderContainsSecretKey() { void isInvalidHttpCode() {
DefaultValidator defaultValidator = new DefaultValidator(buildProfile());
Map<String, String> headers = new HashMap<>();
headers.put("X-SCFS-Request-Id", "123456789");
OriginalResponse response = new OriginalResponse.Builder()
.request(new HttpRequest.Builder()
.httpMethod(HttpMethod.POST)
.url("http://demo")
.build())
.body("123")
.headers(headers)
.statusCode(200)
.build();
defaultValidator.isInvalidHttpCode(response);
}
@Test
void isInvalidHttpCodeError() {
DefaultValidator defaultValidator = new DefaultValidator(buildProfile());
Map<String, String> headers = new HashMap<>();
headers.put("X-SCFS-Request-Id", "123456789");
OriginalResponse response = new OriginalResponse.Builder()
.request(new HttpRequest.Builder()
.httpMethod(HttpMethod.POST)
.url("http://demo")
.build())
.body("123")
.headers(headers)
.statusCode(500)
.build();
Assertions.assertThrows(ValidationException.class, () -> {
defaultValidator.isInvalidHttpCode(response);
});
}
@Test
void validateTimestamp() {
DefaultValidator defaultValidator = new DefaultValidator(buildProfile());
Map<String, String> headers = new HashMap<>();
headers.put("X-SCFS-Request-Id", "123456789");
headers.put(TIMESTAMP, String.valueOf(System.currentTimeMillis() / 1000));
OriginalResponse response = new OriginalResponse.Builder()
.request(new HttpRequest.Builder()
.httpMethod(HttpMethod.POST)
.url("http://demo")
.build())
.body("123")
.headers(headers)
.statusCode(200)
.build();
defaultValidator.validateTimestamp(response);
}
@Test
void validateTimestampError() {
DefaultValidator defaultValidator = new DefaultValidator(buildProfile());
Map<String, String> headers = new HashMap<>();
headers.put("X-SCFS-Request-Id", "123456789");
OriginalResponse response = new OriginalResponse.Builder()
.request(new HttpRequest.Builder()
.httpMethod(HttpMethod.POST)
.url("http://demo")
.build())
.body("123")
.headers(headers)
.statusCode(500)
.build();
Assertions.assertThrows(TimestampException.class, () -> {
defaultValidator.validateTimestamp(response);
});
}
@Test
void validateResponseSignature() {
DefaultValidator defaultValidator = new DefaultValidator(buildProfile());
Map<String, String> headers = new HashMap<>();
headers.put("X-SCFS-Request-Id", "123456789");
OriginalResponse response = new OriginalResponse.Builder()
.request(new HttpRequest.Builder()
.httpMethod(HttpMethod.POST)
.url("http://demo")
.build())
.body("123")
.headers(headers)
.statusCode(500)
.build();
Assertions.assertThrows(ValidationException.class, () -> {
defaultValidator.validateResponseSignature(response, new DefaultChannel.Builder()
.channelNo("1010")
.appNo("1111")
.build());
});
} }
} }