fix: 错误校验

scfs-api-core/src/main/java/com/czcb/scfs/api/core/cipher/DefaultValidator.java

@@ -40,20 +40,20 @@ public final class DefaultValidator implements Validator {
         isInvalidHttpCode(response);
 
         // 校验时间戳
-        validateTimestamp(request, response);
+        validateTimestamp(response);
 
         // 校验应答签名
-        validateResponseSignature(request, response, channel);
+        validateResponseSignature(response, channel);
     }
 
-    private void isInvalidHttpCode(OriginalResponse response) {
+    public void isInvalidHttpCode(OriginalResponse response) {
         if (response.getStatusCode() < HTTP_OK || response.getStatusCode() >= HTTP_MULT_CHOICE) {
             throw new ValidationException(String.format("校验失败, HttpStatusCode=%s, Request-Id=%s, HttpResponseBody=%s",
                     response.getStatusCode(), response.getHttpHeaders().getHeader(REQUEST_ID), plainBody(response)));
         }
     }
 
-    public void validateTimestamp(HttpRequest request, OriginalResponse response) {
+    public void validateTimestamp(OriginalResponse response) {
         String timestamp = response.getHttpHeaders().getHeader(TIMESTAMP);
         if (Strings.isEmpty(timestamp)) {
             throw new TimestampException(String.format("校验失败, 时间戳[%s]不存在, Request-Id=%s, HttpResponseBody=%s", TIMESTAMP,
@@ -68,7 +68,7 @@ public final class DefaultValidator implements Validator {
         }
     }
 
-    public void validateResponseSignature(HttpRequest request, OriginalResponse response, Channel channel) {
+    public void validateResponseSignature(OriginalResponse response, Channel channel) {
         // 待签名串
         String message = profile.getSignature().getCredential().buildResponseMessage(response, channel);
         String signature = response.getHttpHeaders().getHeader(SIGNATURE);

scfs-api-core/src/test/java/com/czcb/scfs/api/core/cipher/DefaultValidatorTest.java

@@ -1,14 +1,155 @@
 package com.czcb.scfs.api.core.cipher;
 
+import com.czcb.scfs.api.core.DefaultChannel;
+import com.czcb.scfs.api.core.KeyText;
+import com.czcb.scfs.api.core.Profile;
+import com.czcb.scfs.api.core.exception.TimestampException;
+import com.czcb.scfs.api.core.exception.ValidationException;
+import com.czcb.scfs.api.core.http.*;
+import com.czcb.scfs.api.core.http.client.TestPrivacy;
+import com.czcb.scfs.api.core.http.client.TestProfile;
+import com.czcb.scfs.api.core.http.client.TestSigner;
+import com.czcb.scfs.api.core.http.client.TestVerifier;
+import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import static com.czcb.scfs.api.core.Constants.TIMESTAMP;
+
 class DefaultValidatorTest {
+    Profile buildProfile() {
+        PrivateKey privateKey = KeyText.loadTestPrivateKeyRSA();
+        X509Certificate certificate = KeyText.loadTestRSA();
+        List<X509Certificate> list = new ArrayList<>();
+        list.add(certificate);
+        CertificateProvider certificateProvider = new LocalCertificateProvider(list);
+        Privacy privacy = new TestPrivacy(privateKey, certificateProvider);
+        Signature signature = new DefaultSignature(certificateProvider, new TestSigner(privateKey), new TestVerifier(certificateProvider));
 
-    @Test
-    void validate() {
+        return new TestProfile(
+                privacy,
+                signature,
+                new DefaultChannel.Builder()
+                        .channelNo("000000")
+                        .appNo("111111")
+                        .build(),
+                new DefaultHttpProfile.Builder()
+                        .online(false)
+                        .logLevel(LogLevel.basic)
+                        .compressionEnabled(false)
+                        .host("http://127.0.0.1:8888")
+                        .build()
+        );
     }
 
     @Test
-    void responseHeaderContainsSecretKey() {
+    void isInvalidHttpCode() {
+        DefaultValidator defaultValidator = new DefaultValidator(buildProfile());
+
+        Map<String, String> headers = new HashMap<>();
+        headers.put("X-SCFS-Request-Id", "123456789");
+        OriginalResponse response = new OriginalResponse.Builder()
+                .request(new HttpRequest.Builder()
+                        .httpMethod(HttpMethod.POST)
+                        .url("http://demo")
+                        .build())
+                .body("123")
+                .headers(headers)
+                .statusCode(200)
+                .build();
+
+        defaultValidator.isInvalidHttpCode(response);
+    }
+
+    @Test
+    void isInvalidHttpCodeError() {
+        DefaultValidator defaultValidator = new DefaultValidator(buildProfile());
+
+        Map<String, String> headers = new HashMap<>();
+        headers.put("X-SCFS-Request-Id", "123456789");
+        OriginalResponse response = new OriginalResponse.Builder()
+                .request(new HttpRequest.Builder()
+                        .httpMethod(HttpMethod.POST)
+                        .url("http://demo")
+                        .build())
+                .body("123")
+                .headers(headers)
+                .statusCode(500)
+                .build();
+
+        Assertions.assertThrows(ValidationException.class, () -> {
+            defaultValidator.isInvalidHttpCode(response);
+        });
+    }
+
+    @Test
+    void validateTimestamp() {
+        DefaultValidator defaultValidator = new DefaultValidator(buildProfile());
+
+        Map<String, String> headers = new HashMap<>();
+        headers.put("X-SCFS-Request-Id", "123456789");
+        headers.put(TIMESTAMP, String.valueOf(System.currentTimeMillis() / 1000));
+        OriginalResponse response = new OriginalResponse.Builder()
+                .request(new HttpRequest.Builder()
+                        .httpMethod(HttpMethod.POST)
+                        .url("http://demo")
+                        .build())
+                .body("123")
+                .headers(headers)
+                .statusCode(200)
+                .build();
+
+        defaultValidator.validateTimestamp(response);
+    }
+
+    @Test
+    void validateTimestampError() {
+        DefaultValidator defaultValidator = new DefaultValidator(buildProfile());
+
+        Map<String, String> headers = new HashMap<>();
+        headers.put("X-SCFS-Request-Id", "123456789");
+        OriginalResponse response = new OriginalResponse.Builder()
+                .request(new HttpRequest.Builder()
+                        .httpMethod(HttpMethod.POST)
+                        .url("http://demo")
+                        .build())
+                .body("123")
+                .headers(headers)
+                .statusCode(500)
+                .build();
+
+        Assertions.assertThrows(TimestampException.class, () -> {
+            defaultValidator.validateTimestamp(response);
+        });
+    }
+
+    @Test
+    void validateResponseSignature() {
+        DefaultValidator defaultValidator = new DefaultValidator(buildProfile());
+
+        Map<String, String> headers = new HashMap<>();
+        headers.put("X-SCFS-Request-Id", "123456789");
+        OriginalResponse response = new OriginalResponse.Builder()
+                .request(new HttpRequest.Builder()
+                        .httpMethod(HttpMethod.POST)
+                        .url("http://demo")
+                        .build())
+                .body("123")
+                .headers(headers)
+                .statusCode(500)
+                .build();
+
+        Assertions.assertThrows(ValidationException.class, () -> {
+            defaultValidator.validateResponseSignature(response, new DefaultChannel.Builder()
+                    .channelNo("1010")
+                    .appNo("1111")
+                    .build());
+        });
     }
 }