com.alogic.remote.xscript.auth.WithAuthorizedSignature Maven / Gradle / Ivy
package com.alogic.remote.xscript.auth;
import com.alogic.remote.Request;
import com.alogic.remote.xscript.RequestHandler;
import com.alogic.xscript.ExecuteWatcher;
import com.alogic.xscript.Logiclet;
import com.alogic.xscript.LogicletContext;
import com.alogic.xscript.doc.XsObject;
import com.anysoft.util.Properties;
import com.anysoft.util.PropertiesConstants;
import com.anysoft.util.code.Coder;
import com.anysoft.util.code.CoderFactory;
import org.apache.commons.lang3.StringUtils;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
* 可授权签名
*
* 在Signature基础上按照可授权签名的模式扩展
* @author yyduan
*
* @since 1.6.12.41 [20190902]
*
* @version 1.6.12.50 [20191204]
* - 修正URL取值的问题
*/
public class WithAuthorizedSignature extends RequestHandler {
protected static String timestampId = "x-alogic-now";
protected static String payloadId = "x-alogic-payload";
protected static String signatureId = "x-alogic-signature";
protected static String keyId = "x-alogic-app";
protected static String acGroupKeyId = "x-alogic-ac";
protected static String dftAcGroup = "app";
protected static long cycle = 24 * 60 * 60 * 1000L;
protected Coder coder = null;
/**
* 应用id
*/
protected String $key="";
/**
* 密钥
*/
protected String $keyContent="";
/**
* 本次访问的URIPath
*/
protected String $url;
/**
* payload的签名信息
*/
protected String $payload;
protected String $acGroup = dftAcGroup;
/**
* 匹配完整url的表达式
*/
protected static Pattern pattern = Pattern.compile("(\\w+):\\/\\/([^/:]+)(?::(\\d*))?(.*)");
public WithAuthorizedSignature(String tag, Logiclet p) {
super(tag, p);
}
@Override
public void configure(Properties p){
super.configure(p);
$key = PropertiesConstants.getRaw(p,"key",$key);
$keyContent = PropertiesConstants.getRaw(p,"keyContent",$keyContent);
$url = PropertiesConstants.getRaw(p,"url","");
$payload = PropertiesConstants.getRaw(p,"payload","");
$acGroup = PropertiesConstants.getRaw(p,"acGroup",$acGroup);
coder = CoderFactory.newCoder(PropertiesConstants.getString(p,"coder", "HmacSHA256"));
}
@Override
protected void onExecute(final Request req, final XsObject root, final XsObject current, final LogicletContext ctx,
final ExecuteWatcher watcher) {
String uriPath = getUriPath(PropertiesConstants.transform(ctx,$url,""));
if (StringUtils.isNotEmpty(uriPath)) {
long now = System.currentTimeMillis();
String key = PropertiesConstants.transform(ctx,$key,"");
StringBuffer toSign = new StringBuffer();
toSign.append(key).append("\n");
toSign.append(now).append("\n");
toSign.append(uriPath);
String payload = PropertiesConstants.transform(ctx,$payload,"");
if (StringUtils.isNotEmpty(payload)) {
toSign.append("\n").append(payload);
}
String signature = coder.encode(toSign.toString(), getAuthorizedKey(key,PropertiesConstants.transform(ctx,$keyContent,""),now));
if (StringUtils.isNotEmpty(signature)) {
req.setHeader(signatureId, signature);
req.setHeader(timestampId, String.valueOf(now));
req.setHeader(keyId, key);
req.setHeader(acGroupKeyId, PropertiesConstants.transform(ctx,$acGroup,dftAcGroup));
}
}
}
protected static String getUriPath(String urlPath){
Matcher matcher = pattern.matcher(urlPath);
if (matcher.find()){
return matcher.group(4);
}else{
return urlPath;
}
}
protected String getAuthorizedKey(String keyId,String key,long now){
long t = now / cycle;
return coder.encode(String.format("%s:%d", keyId,t), key);
}
}