线上成功一版

cg-casb.properties

@@ -0,0 +1,97 @@
+# 插件名称
+SDK_NAME=AOEClient-V1.1.14-1602657903071
+SDK_ID=1316268763997278209
+
+# 插件版本
+VERSION=V1.1.14
+
+#协议http/https
+PROTOCOL=https
+
+# 服务端IP
+HOST=121.37.153.131
+
+# 服务端端口
+PORT=446
+
+# TOKEN获取地址
+UIM_TOKEN_PATH=/uim/v1/token
+
+# 密管平台派生接口地址
+KMS_SDK_DERIVE_PATH=/kms/v1/sdk/derive
+
+# 策略服务地址
+SEM_AOE_PATH=/sem/v1/aoe
+
+# 插件用户名
+USER_NAME=1316268763997278209
+
+# 插件用户密码
+USER_SECRET=WOpxP2V7E8glo6UO0xNhabOy+5U9BCkfCcSvWdZEw2F3tOf+6acwSt+h48K+3GDM
+
+# 证书名称
+CERTIFICATE_NAME=1602657903664_795246d73fb875a5409a7db0446dff4d.p12
+
+# 证书密码
+CERTIFICATE_SECRET=1EZNhlsshVJ72txupKZQu0lkUTgXnF5EUSL0E209ycBkjHXHe6bR8HM7Wx7yyPos
+
+
+# 驱动列表
+DRIVER_LIST=
+
+# KMS模式
+KMS_OPTIONS=1
+
+# 是否开启密钥缓存
+CACHE_SWITCH=on
+
+# 密钥缓存数
+CACHE_KEY_NUM=50.0
+
+# 密钥使用次数，超过次数后更新此密钥
+ENCRYPT_KEY_COUNT=0
+
+# 加密密钥使用时间，单位：秒，超过时间后更新此密钥
+ENCRYPT_KEY_EXPIRE=0
+
+# 解密密钥使用时间，单位：秒，超过时间后更新此密钥
+DECRYPT_KEY_EXPIRE=0
+
+# 策略轮询周期
+STRATEGY_PERIOD=180
+
+# BATCH_SIZE代表小组分组的记录数
+BATCH_SIZE=50000
+
+# mongo代理目标IP
+MONGODB_IP=
+
+# mongo数据源获取地址
+MONGODB_INFO_PATH=/sem/v1/proxy/list-mongo-db
+
+# mongo策略获取地址
+MONGODB_STRATEGY_PATH=/sem/v1/proxy/list-mongo-strategy
+
+# mongo Netty proxy 数量
+MONGODB_PROXY_SERVICE_NUM=16
+
+# mongo 定时更新所有策略,单位毫秒,默认60秒
+MONGODB_UPDATE_STRATEGY_INTERVAL=20000
+
+#linux版本库名称
+LINUX_LIB_NAME=libCSCipherJNI-release-2.2.7.so
+
+#windows版本库名称
+WIN_LIB_NAME=libCSCipherJNI-release-2.2.7.dll
+
+#sdk日志级别
+CS_LOG_FLAG=2
+
+# 日志路径
+LOG_PATH=/home/jkxy-01/services/casb/logs/1316268763997278209
+
+# SDK根目录
+SDK_BASE_PATH=/home/jkxy-01/services/casb/CipherSuiteSdk_linux
+
+# 插件根目录
+AOE_BASE_PATH=

pom.xml

@@ -51,6 +51,11 @@
             <artifactId>fastjson</artifactId>
             <version>1.2.70</version>
         </dependency>
+        <dependency>
+            <groupId>com.ciphergateway</groupId>
+            <artifactId>libCSCipher</artifactId>
+            <version>2.2.18</version>
+        </dependency>
     </dependencies>
 
     <build>

src/main/java/com/jkcredit/query/record/config/EsConfig.java

@@ -1,10 +1,15 @@
 package com.jkcredit.query.record.config;
 
 import org.apache.http.HttpHost;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.CredentialsProvider;
+import org.apache.http.impl.client.BasicCredentialsProvider;
 import org.elasticsearch.client.RequestOptions;
 import org.elasticsearch.client.RestClient;
 import org.elasticsearch.client.RestClientBuilder;
 import org.elasticsearch.client.RestHighLevelClient;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
@@ -14,9 +19,16 @@ import org.springframework.context.annotation.Configuration;
  **/
 @Configuration
 public class EsConfig {
+    @Value("${ElasticSearch.host}")
+    private String host;
+    @Value("${ElasticSearch.port}")
+    private Integer port;
+    @Value("${ElasticSearch.username}")
+    private String username;
+    @Value("${ElasticSearch.password}")
+    private String password;
 
     public static final RequestOptions COMMON_OPTIONS;
-
     static {
         RequestOptions.Builder builder = RequestOptions.DEFAULT.toBuilder();
         COMMON_OPTIONS = builder.build();
@@ -27,10 +39,26 @@ public class EsConfig {
         RestClientBuilder builder = null;
         // 可以指定多个es
         builder = RestClient.builder(
-                new HttpHost("192.168.50.17", 9200, "http"),
-                new HttpHost("192.168.50.18", 9200, "http"),
-                new HttpHost("192.168.50.19", 9200, "http"));
+                new HttpHost(host, port, "http"));
+
+        CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
+        credentialsProvider.setCredentials(AuthScope.ANY,
+                //es账号密码
+                new UsernamePasswordCredentials(username, password));
+        builder.setHttpClientConfigCallback(f -> f.setDefaultCredentialsProvider(credentialsProvider));
         RestHighLevelClient client = new RestHighLevelClient(builder);
         return client;
     }
+
+//    @Bean
+//    public RestHighLevelClient esRestClient() {
+//        RestClientBuilder builder = null;
+//        // 可以指定多个es
+//        builder = RestClient.builder(
+//                new HttpHost("192.168.50.17", 9200, "http"),
+//                new HttpHost("192.168.50.18", 9200, "http"),
+//                new HttpHost("192.168.50.19", 9200, "http"));
+//        RestHighLevelClient client = new RestHighLevelClient(builder);
+//        return client;
+//    }
 }

src/main/java/com/jkcredit/query/record/constant/CommonConstant.java

@@ -1,7 +1,5 @@
 package com.jkcredit.query.record.constant;
 
-import com.sun.xml.internal.fastinfoset.tools.FI_DOM_Or_XML_DOM_SAX_SAXEvent;
-
 /**
  * @author xusonglin
  * @version V1.0
@@ -17,12 +15,6 @@ public class CommonConstant {
 
     public static final String SUCCESS_CODE = "200";
 
-    public static final String SUCCESS_MESSAGE = "请求成功，开始处理";
-
-    public static final String ERROR_CODE_EXCEPTION = "500";
-
-    public static final String ERROR_MESSAGE_EXCEPTION = "处理失败";
-
     public static final String ES_INDEX = "index-record-";
 
     public static final String MONTH_ERROR_CODE = "603";
@@ -32,4 +24,12 @@ public class CommonConstant {
     public static final Integer OUT_TIME = 1500;
 
     public static final Integer MAX_RESULT_SIZE = 1000;
+
+    public static final String INDEX_NOT_FIND = "索引不存在";
+
+    public static final String ENCRYPT_ERROR = "车牌号加密失败";
+
+    public static final String QUERY_ERROR = "查询失败";
+
+    public static final String QUERY_SUCCESS = "查询成功";
 }

src/main/java/com/jkcredit/query/record/filter/RequestCheckFilter.java

@@ -10,7 +10,6 @@ import org.springframework.stereotype.Component;
 import javax.servlet.*;
 import javax.servlet.annotation.WebFilter;
 import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 
 /**
@@ -26,7 +25,6 @@ public class RequestCheckFilter implements Filter {
 
     @Override
     public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
-        System.out.println(234);
         if (((RequestFacade) servletRequest).getRequestURI().equals("/token")) {
             filterChain.doFilter(servletRequest, servletResponse);
         } else {
@@ -34,12 +32,12 @@ public class RequestCheckFilter implements Filter {
             String token = httpServletRequest.getHeader("token");
             if (StringUtils.isBlank(token)) {
                 // token不存在
-                servletRequest.getRequestDispatcher("/tokenNotExist").forward(servletRequest,servletResponse);
+                servletRequest.getRequestDispatcher("/tokenNotExist").forward(servletRequest, servletResponse);
             } else {
                 // 验证token
                 boolean validateResult = tokenService.validateToken(token);
                 if (!validateResult) {
-                    servletRequest.getRequestDispatcher("/tokenError").forward(servletRequest,servletResponse);
+                    servletRequest.getRequestDispatcher("/tokenError").forward(servletRequest, servletResponse);
                 } else {
                     filterChain.doFilter(servletRequest, servletResponse);
                 }

src/main/java/com/jkcredit/query/record/interceptor/RequestInterceptor.java

@@ -1,28 +0,0 @@
-package com.jkcredit.query.record.interceptor;
-
-import org.springframework.web.servlet.HandlerInterceptor;
-import org.springframework.web.servlet.ModelAndView;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-/**
- * @author xusonglin
- * @version V1.0
- **/
-public class RequestInterceptor implements HandlerInterceptor {
-    @Override
-    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
-        return false;
-    }
-
-    @Override
-    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
-
-    }
-
-    @Override
-    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
-
-    }
-}

src/main/java/com/jkcredit/query/record/model/CommonResponseObject.java

@@ -20,16 +20,4 @@ public class CommonResponseObject implements Serializable {
     private static final long serialVersionUID = 426198091527213137L;
     private String code;
     private String message;
-
-    public CommonResponseObject success() {
-        this.code = CommonConstant.SUCCESS_CODE;
-        this.message = CommonConstant.SUCCESS_MESSAGE;
-        return this;
-    }
-
-    public CommonResponseObject failed() {
-        this.code = CommonConstant.ERROR_CODE_EXCEPTION;
-        this.code = CommonConstant.ERROR_MESSAGE_EXCEPTION;
-        return this;
-    }
 }

src/main/java/com/jkcredit/query/record/model/LogObject.java

@@ -0,0 +1,31 @@
+package com.jkcredit.query.record.model;
+
+import lombok.Data;
+
+import java.util.Arrays;
+
+/**
+ * @author xusonglin
+ * @version V1.0
+ **/
+@Data
+public class LogObject {
+    private String plateNumber;
+    private String[] indices;
+    private Object result;
+    private Long queryRecordSuccess;
+    private boolean isSuccess;
+    private String message;
+
+    @Override
+    public String toString() {
+        return "{" +
+                "plateNumber='" + plateNumber + '\'' +
+                ", indices=" + Arrays.toString(indices) +
+                ", result=" + result +
+                ", queryRecordSuccess=" + queryRecordSuccess +
+                ", isSuccess=" + isSuccess +
+                ", message='" + message + '\'' +
+                '}';
+    }
+}

src/main/java/com/jkcredit/query/record/service/impl/QueryRecordServiceImpl.java

@@ -2,8 +2,12 @@ package com.jkcredit.query.record.service.impl;
 
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
+import com.ciphergateway.ciphersuite.CipherSuiteException;
+import com.ciphergateway.ciphersuite.CipherSuiteMacException;
+import com.ciphergateway.ciphersuite.CipherSuiteUtils;
 import com.jkcredit.query.record.constant.CommonConstant;
 import com.jkcredit.query.record.model.CommonResponseObject;
+import com.jkcredit.query.record.model.LogObject;
 import com.jkcredit.query.record.model.MonthResult;
 import com.jkcredit.query.record.service.QueryRecordService;
 import com.jkcredit.query.record.util.IndexUtil;
@@ -23,9 +27,12 @@ import org.elasticsearch.search.SearchHit;
 import org.elasticsearch.search.SearchHits;
 import org.elasticsearch.search.builder.SearchSourceBuilder;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 
+import javax.xml.bind.DatatypeConverter;
 import java.io.IOException;
+import java.io.UnsupportedEncodingException;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.time.LocalDate;
@@ -41,10 +48,25 @@ import java.util.concurrent.TimeUnit;
 @Service
 @Slf4j
 public class QueryRecordServiceImpl implements QueryRecordService {
+    @Value("${recordsEncrypt.keyId}")
+    private String keyId;
+    @Value("${recordsEncrypt.metadata}")
+    private String metadata;
+    @Value("${recordsEncrypt.ivStr}")
+    private String ivStr;
+    @Value("${recordsEncrypt.algorithm}")
+    private String algorithm;
+
     @Autowired
     private RestHighLevelClient esRestClient;
     private static SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
 
+    /**
+     * 根据月份，车牌号查询
+     * @param plateNumber 车牌号
+     * @param month 月份
+     * @return 结果
+     */
     @Override
     public CommonResponseObject monthRecords(String plateNumber, String month) {
         String[] indices = {CommonConstant.ES_INDEX + month};
@@ -52,6 +74,11 @@ public class QueryRecordServiceImpl implements QueryRecordService {
         return new CommonResponseObject(CommonConstant.SUCCESS_CODE, JSON.toJSONString(results));
     }
 
+    /**
+     * 根据车牌号，查询12个月的结果
+     * @param plateNumber 车牌号
+     * @return 结果
+     */
     @Override
     public CommonResponseObject yearRecords(String plateNumber) {
         String[] indices = new String[12];
@@ -65,6 +92,11 @@ public class QueryRecordServiceImpl implements QueryRecordService {
         return new CommonResponseObject(CommonConstant.SUCCESS_CODE, JSON.toJSONString(results));
     }
 
+    /**
+     * 查询索引中结果总数
+     * @param month 月份
+     * @return 结果总数
+     */
     @Override
     public CommonResponseObject countByMonth(String month) {
         String index = CommonConstant.ES_INDEX + month;
@@ -87,6 +119,13 @@ public class QueryRecordServiceImpl implements QueryRecordService {
         return new CommonResponseObject(CommonConstant.SUCCESS_CODE, String.valueOf(count));
     }
 
+    /**
+     * 根据车牌号，查询多月结果（小于12个月）
+     * @param plateNumber 车牌号
+     * @param startMonth 起始月份
+     * @param endMonth 结束月份
+     * @return 结果
+     */
     @Override
     public CommonResponseObject multipleMonthRecords(String plateNumber, String startMonth, String endMonth) {
         List<String> monthList = getMonthBetween(startMonth, endMonth);
@@ -101,46 +140,90 @@ public class QueryRecordServiceImpl implements QueryRecordService {
         return new CommonResponseObject(CommonConstant.SUCCESS_CODE, JSON.toJSONString(results));
     }
 
+    /**
+     * 根据车牌号，索引查结果
+     * @param plateNumber 车牌号
+     * @param indices 索引
+     * @return 结果
+     */
     private List<MonthResult> find(String plateNumber, String[] indices) {
+        // 打印入参出参日志
+        LogObject logObject = new LogObject();
+        logObject.setPlateNumber(plateNumber);
+        logObject.setIndices(indices);
+
+        // 结果集合
+        List<MonthResult> results = new ArrayList<>();
+
+        // 判断索引是否存在
         List<String> existIndices = new ArrayList<>();
         for (String index : indices) {
             if (isExistIndex(index)) {
                 existIndices.add(index);
             }
         }
-        //设置es的索引index和类型他type
+        // 索引不存在，返回空结果
+        if (existIndices.size() == 0) {
+            logObject.setSuccess(false);
+            logObject.setMessage(CommonConstant.INDEX_NOT_FIND);
+            log.info(JSON.toJSONString(logObject));
+            return results;
+        }
+        // 车牌号加密
+        String encryptPlateNumber = vehicleIdEncrypt(plateNumber);
+        if (StringUtils.isBlank(encryptPlateNumber)) {
+            logObject.setSuccess(false);
+            logObject.setMessage(CommonConstant.ENCRYPT_ERROR);
+            log.info(JSON.toJSONString(logObject));
+            log.error("encryptPlateNumberError:{}", plateNumber);
+            return results;
+        }
+        // 设置es的索引index
         SearchRequest searchRequest = new SearchRequest();
         searchRequest.indices(existIndices.toArray(new String[0]));
-        //bool工厂，相当于sql中where条件，where之后的条件都写在这里
+        // bool工厂，相当于sql中where条件，where之后的条件都写在这里
         BoolQueryBuilder queryBuilder = QueryBuilders.boolQuery();
-        queryBuilder.must(QueryBuilders.matchQuery("vehicleid.keyword", plateNumber));
-        //将where条件放入工厂
+        queryBuilder.must(QueryBuilders.matchQuery("vehicleid.keyword", encryptPlateNumber));
+        // 将where条件放入工厂
         searchSourceBuilder.timeout(new TimeValue(CommonConstant.OUT_TIME, TimeUnit.MILLISECONDS));
         searchSourceBuilder.query(queryBuilder);
         searchSourceBuilder.size(CommonConstant.MAX_RESULT_SIZE);
         searchRequest.source(searchSourceBuilder);
         SearchResponse searchResponse = null;
+
+        long startTime = System.currentTimeMillis();
         try {
-            //执行请求
+            // 执行请求
             searchResponse = esRestClient.search(searchRequest, RequestOptions.DEFAULT);
         } catch (IOException e) {
+            logObject.setSuccess(false);
+            logObject.setMessage(CommonConstant.QUERY_ERROR);
+            log.info(JSON.toJSONString(logObject));
+            log.error("encryptPlateNumberError:{}", plateNumber);
             log.error("queryRecordError:", e);
         }
-        //返回查询到的具体数据
+        long endTime = System.currentTimeMillis();
+
+        // 返回查询到的具体数据
         SearchHits searchHits = searchResponse.getHits();
-        List<MonthResult> results = new ArrayList<>();
         for (SearchHit hit : searchHits.getHits()) {
             MonthResult monthResult = JSON.toJavaObject(JSON.parseObject(hit.getSourceAsString()), MonthResult.class);
             results.add(monthResult);
         }
-        JSONObject logObject = new JSONObject();
-        logObject.put("plateNumber", plateNumber);
-        logObject.put("indices", indices);
-        logObject.put("result", results);
-        log.info("queryRecordSuccess:{}", logObject.toJSONString());
+
+        logObject.setSuccess(true);
+        logObject.setMessage(CommonConstant.QUERY_SUCCESS);
+        logObject.setResult(results);
+        logObject.setQueryRecordSuccess(endTime-startTime);
+        log.info(JSON.toJSONString(logObject));
         return results;
     }
 
+    /**
+     * 判断索引是否存在
+     * @param index 索引
+     * @return 结果
+     */
     private boolean isExistIndex(String index) {
         boolean isExistIndex = false;
         String indexInMap = IndexUtil.INSTANCE.getByIndex(index);
@@ -161,6 +244,12 @@ public class QueryRecordServiceImpl implements QueryRecordService {
         return isExistIndex;
     }
 
+    /**
+     * 获取月份区间
+     * @param minDate 开始月
+     * @param maxDate 结束月
+     * @return 月份集合
+     */
     private List<String> getMonthBetween(String minDate, String maxDate) {
         ArrayList<String> result = new ArrayList<String>();
         try {
@@ -184,4 +273,35 @@ public class QueryRecordServiceImpl implements QueryRecordService {
         }
         return result;
     }
+
+    /**
+     * 对vehicle_id字段进行加密
+     * @param vehicleId 待加密vehicleId
+     * @return 加密后vehicleId
+     */
+    private String vehicleIdEncrypt(String vehicleId) {
+        try {
+            byte[] plainData = vehicleId.getBytes("UTF-8");
+            byte[] iv = ivStr.getBytes("UTF-8");
+            Long startTime = System.currentTimeMillis();
+            // 加密
+            byte[] cipherData = CipherSuiteUtils.encrypt(plainData, algorithm, keyId, metadata, iv);
+            return DatatypeConverter.printHexBinary(cipherData);
+        } catch (UnsupportedEncodingException ue) {
+            log.error("UnsupportedEncodingException:", ue);
+            return "";
+        } catch (CipherSuiteException cse) {
+            log.error("CipherSuiteException:", cse);
+            return "";
+        } catch (CipherSuiteMacException csme) {
+            log.error("CipherSuiteMacException:", csme);
+            return "";
+        } catch (Exception e) {
+            log.error("Exception:", e);
+            return "";
+        } catch (Error error) {
+            log.error("Error:", error);
+            return "";
+        }
+    }
 }

src/main/java/com/jkcredit/query/record/service/impl/TokenServiceImpl.java

@@ -28,7 +28,7 @@ public class TokenServiceImpl implements TokenService {
         Map<String, Object> claims = new HashMap<>();
         claims.put("client_key", clientKey);
         claims.put("client_secret", clientSecret);
-        return JwtTokenUtil.generateToken(userName, claims, 3000, userSalt);
+        return JwtTokenUtil.generateToken(userName, claims, 3600, userSalt);
     }
 
     @Override

src/main/java/com/jkcredit/query/record/util/Test.java

@@ -5,6 +5,7 @@ import java.text.SimpleDateFormat;
 import java.time.LocalDate;
 import java.util.ArrayList;
 import java.util.Calendar;
+import java.util.Date;
 import java.util.List;
 
 /**
@@ -13,5 +14,6 @@ import java.util.List;
  **/
 public class Test {
     public static void main(String[] args) {
+        System.out.println(new Date(System.currentTimeMillis() + 3600 * 1000));
     }
 }

src/main/resources/application-dev.yml

@@ -2,5 +2,9 @@ user:
   name: jkCredit
   key: deb7cf03360064d7
   secret: 259ae98a84367d817aaf220b601b7f62
-jwt:
   salt: fhw4u543rth
+recordsEncrypt:
+  keyId: 1316275955873878017
+  metadata: JKCredit
+  ivStr: dbdca8e8316fdee2
+  algorithm: SM4_CBC

src/main/resources/application-prod.yml

@@ -3,3 +3,13 @@ user:
   key: deb7cf03360064d7
   secret: 259ae98a84367d817aaf220b601b7f62
   salt: fhw4u543rth
+recordsEncrypt:
+  keyId: 1316275955873878017
+  metadata: JKCredit
+  ivStr: dbdca8e8316fdee2
+  algorithm: SM4_CBC
+ElasticSearch:
+  host: es-cn-2r427cps10022b0yt.elasticsearch.aliyuncs.com
+  port: 9200
+  username: kibana
+  password: Kibana@2021