|
|
@@ -1,134 +1,103 @@
|
|
|
package nckd.base.helper;
|
|
|
|
|
|
-import com.itrus.security.cert.X509Certificate;
|
|
|
import kd.bos.dataentity.entity.DynamicObject;
|
|
|
import kd.bos.fileservice.FileServiceFactory;
|
|
|
import kd.bos.orm.query.QCP;
|
|
|
import kd.bos.orm.query.QFilter;
|
|
|
-import kd.bos.sdk.util.KHttpClientUtils;
|
|
|
import kd.bos.servicehelper.AttachmentDto;
|
|
|
import kd.bos.servicehelper.AttachmentServiceHelper;
|
|
|
import kd.bos.servicehelper.BusinessDataServiceHelper;
|
|
|
-import okhttp3.*;
|
|
|
-
|
|
|
+import org.apache.http.client.methods.CloseableHttpResponse;
|
|
|
+import org.apache.http.client.methods.HttpPost;
|
|
|
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
|
|
|
+import org.apache.http.conn.ssl.SSLContextBuilder;
|
|
|
+import org.apache.http.conn.ssl.TrustStrategy;
|
|
|
+import org.apache.http.entity.AbstractHttpEntity;
|
|
|
+import org.apache.http.entity.InputStreamEntity;
|
|
|
+import org.apache.http.impl.client.CloseableHttpClient;
|
|
|
+import org.apache.http.impl.client.HttpClients;
|
|
|
import javax.net.ssl.SSLContext;
|
|
|
-import javax.net.ssl.TrustManager;
|
|
|
-import javax.net.ssl.X509TrustManager;
|
|
|
+
|
|
|
import java.io.*;
|
|
|
import java.security.cert.CertificateException;
|
|
|
-import java.util.HashMap;
|
|
|
import java.util.List;
|
|
|
import java.util.Map;
|
|
|
|
|
|
+
|
|
|
public class FileSECUtils {
|
|
|
|
|
|
- public static byte[] getFileTest() {
|
|
|
+ public static InputStream getFileTest() {
|
|
|
|
|
|
String entryEntityName = "nckd_filetest";
|
|
|
|
|
|
-// DynamicObject billByn = BusinessDataServiceHelper.loadSingle(entryEntityName,
|
|
|
-// new QFilter[]{new QFilter("billno", QCP.equals, "test0001")});
|
|
|
-//
|
|
|
-// List<Map<String, Object>> sourceFileList = AttachmentServiceHelper.getAttachments(entryEntityName,billByn.getPkValue(), "attachmentpanel");
|
|
|
-// Map<String, InputStream> files = new HashMap<>();
|
|
|
-//
|
|
|
-// if(sourceFileList != null && sourceFileList.size()>0)
|
|
|
-// {
|
|
|
-// for(Map<String,Object> fileMap : sourceFileList){
|
|
|
-// //AttachmentDto attachmentDto = AttachmentServiceHelper.getAttachmentInfoByAttPk(fileMap.get("attPkId"));
|
|
|
-// //String fileUrl= attachmentDto.getResourcePath();
|
|
|
-// //String fileName = attachmentDto.getFilename();
|
|
|
-//
|
|
|
-//
|
|
|
-//
|
|
|
-// System.out.println("fileUrl:" + fileUrl+ ",fileName:"+fileName);
|
|
|
-// ByteArrayOutputStream out = new ByteArrayOutputStream();
|
|
|
-// FileServiceFactory.getAttachmentFileService().download(fileUrl, out, null);
|
|
|
-// System.out.println("file:" + out.toByteArray());
|
|
|
-// return out.toByteArray();
|
|
|
-// //InputStream in = new ByteArrayInputStream(out.toByteArray());
|
|
|
-// //files.put(fileUrl,in);
|
|
|
-// }
|
|
|
-// }
|
|
|
-
|
|
|
- String filePath = "C:\\Users\\Administrator\\Desktop\\test.txt";
|
|
|
- try (InputStream inputStream = new FileInputStream(filePath)) {
|
|
|
- byte[] buffer = new byte[1024];
|
|
|
- int bytesRead;
|
|
|
-
|
|
|
- ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
|
|
|
-
|
|
|
- while ((bytesRead = inputStream.read(buffer)) != -1) {
|
|
|
- outputStream.write(buffer, 0, bytesRead);
|
|
|
- }
|
|
|
- // 如果需要,可以在这里对 outputStream 进行额外操作
|
|
|
- // 例如:outputStream.flush();
|
|
|
- return outputStream.toByteArray();
|
|
|
+ DynamicObject billByn = BusinessDataServiceHelper.loadSingle(entryEntityName,
|
|
|
+ new QFilter[]{new QFilter("billno", QCP.equals, "test0001")});
|
|
|
|
|
|
- } catch (IOException e) {
|
|
|
- e.printStackTrace();
|
|
|
+ List<Map<String, Object>> sourceFileList = AttachmentServiceHelper.getAttachments(entryEntityName,billByn.getPkValue(), "attachmentpanel");
|
|
|
+
|
|
|
+ if(sourceFileList != null && sourceFileList.size()>0)
|
|
|
+ {
|
|
|
+ for(Map<String,Object> fileMap : sourceFileList){
|
|
|
+ AttachmentDto attachmentDto = AttachmentServiceHelper.getAttachmentInfoByAttPk(fileMap.get("attPkId"));
|
|
|
+ String fileUrl= attachmentDto.getResourcePath();
|
|
|
+ String fileName = attachmentDto.getFilename();
|
|
|
+
|
|
|
+ System.out.println("fileUrl:" + fileUrl+ ",fileName:"+fileName);
|
|
|
+ ByteArrayOutputStream out = new ByteArrayOutputStream();
|
|
|
+ FileServiceFactory.getAttachmentFileService().download(fileUrl, out, null);
|
|
|
+ InputStream in = new ByteArrayInputStream(out.toByteArray());
|
|
|
+ return in;
|
|
|
+ }
|
|
|
}
|
|
|
+
|
|
|
return null;
|
|
|
}
|
|
|
|
|
|
- public static void postSECApi(){
|
|
|
- String url = "https://ebis.jeyoupharma.com:8443";
|
|
|
- Map<String, String> header = new HashMap<>();
|
|
|
- header.put("method-name", "checkFileIsEncryptionRest");
|
|
|
|
|
|
- TrustManager[] trustAllCerts = new TrustManager[]{
|
|
|
- new X509TrustManager() {
|
|
|
|
|
|
- @Override
|
|
|
- public void checkClientTrusted(java.security.cert.X509Certificate[] x509Certificates, String s) throws CertificateException {
|
|
|
+ /**
|
|
|
+ * 检查文件是否加密的REST接口调用方法
|
|
|
+ * 该方法会从配置中获取检查URL,构造请求并发送文件流进行检测。
|
|
|
+ * 返回结果说明:
|
|
|
+ * 1: 文件是秘文(加密状态)
|
|
|
+ * 0: 文件是明文(未加密状态)
|
|
|
+ * -1: 发生错误或未找到配置信息
|
|
|
+ */
|
|
|
+ public static int checkFileIsEncryptionRest(){
|
|
|
|
|
|
- }
|
|
|
+ Map<String, String> mapentity = CommonHelperUtils.getCommonParams("SEC");
|
|
|
+ if(mapentity == null){
|
|
|
+ return -1;
|
|
|
+ }
|
|
|
+ String url = mapentity.get("url");
|
|
|
|
|
|
- @Override
|
|
|
- public void checkServerTrusted(java.security.cert.X509Certificate[] x509Certificates, String s) throws CertificateException {
|
|
|
+ try {
|
|
|
+ CloseableHttpClient httpclient = null;
|
|
|
+ HttpPost post = new HttpPost(url);
|
|
|
+ post.addHeader("method~name", "checkFileIsEncryptionRest");//文件加密
|
|
|
|
|
|
- }
|
|
|
+ String filePath = "C:\\Users\\Administrator\\Desktop\\test.txt";
|
|
|
+ InputStream inputStream = new FileInputStream(filePath);
|
|
|
|
|
|
- @Override
|
|
|
- public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; }
|
|
|
- }
|
|
|
- };
|
|
|
+ AbstractHttpEntity entity = new InputStreamEntity(inputStream);
|
|
|
+ post.setEntity(entity);
|
|
|
|
|
|
- try {
|
|
|
- // 配置 SSLContext 使用不安全的 TrustManager
|
|
|
- SSLContext sslContext = SSLContext.getInstance("SSL");
|
|
|
- sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
|
|
|
-
|
|
|
- //OkHttpClient client = new OkHttpClient();
|
|
|
- // 创建安全的 OkHttpClient
|
|
|
- // 创建 OkHttpClient 并禁用证书验证
|
|
|
- OkHttpClient insecureClient = new OkHttpClient.Builder()
|
|
|
- .sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) trustAllCerts[0])
|
|
|
- .hostnameVerifier((hostname, session) -> true) // 绕过主机名验证
|
|
|
- .build();
|
|
|
-
|
|
|
- // 创建 byte[] 类型的数据
|
|
|
- byte[] data = getFileTest();
|
|
|
-
|
|
|
- // 创建 RequestBody,设置媒体类型和 byte[] 数据
|
|
|
- //RequestBody requestBody = RequestBody.create(MediaType.get("application/octet-stream"), data);
|
|
|
- RequestBody requestBody = RequestBody.create(data, MediaType.get("application/octet-stream"));
|
|
|
-
|
|
|
- // 创建 Request 对象,设置目标 URL 和请求体
|
|
|
- Request request = new Request.Builder()
|
|
|
- .url(url)
|
|
|
- .post(requestBody)
|
|
|
- .build();
|
|
|
-
|
|
|
- // 执行请求
|
|
|
- Response response = insecureClient.newCall(request).execute() ;
|
|
|
- // 获取响应状态码
|
|
|
- System.out.println("Status code: " + response.code());
|
|
|
+ httpclient = buildSSLCloseableHttpClient();
|
|
|
+ CloseableHttpResponse response = httpclient.execute(post);
|
|
|
+ String result = response.getFirstHeader("data~returnFlag").getValue();
|
|
|
|
|
|
- // 获取响应体并打印
|
|
|
- if (response.body() != null) {
|
|
|
- System.out.println("Response content: " + response.body().string());
|
|
|
+ // 获取响应状态码
|
|
|
+ if("1".equals(result)){//1表示秘文
|
|
|
+ System.out.println("是秘文");
|
|
|
+ return 1;
|
|
|
+ }else if("0".equals(result)){//0表示明文
|
|
|
+ System.out.println("是明文");
|
|
|
+ return 0;
|
|
|
+ }else{
|
|
|
+ System.out.println(result);
|
|
|
+ return -1;
|
|
|
}
|
|
|
+
|
|
|
} catch (IOException e) {
|
|
|
e.printStackTrace();
|
|
|
System.out.println("ERR content1: " + e.getMessage());
|
|
|
@@ -136,6 +105,20 @@ public class FileSECUtils {
|
|
|
e1.printStackTrace();
|
|
|
System.out.println("ERR content2: " + e1.getMessage());
|
|
|
}
|
|
|
+ return -1;
|
|
|
+ }
|
|
|
+
|
|
|
+ private static CloseableHttpClient buildSSLCloseableHttpClient() throws Exception {
|
|
|
+ SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
|
|
|
+ @Override
|
|
|
+ public boolean isTrusted(java.security.cert.X509Certificate[] x509Certificates, String s) throws CertificateException {
|
|
|
+ return true;
|
|
|
+ }
|
|
|
+ }).build();
|
|
|
+ // ALLOW_ALL_HOSTNAME_VERIFIER:这个主机名验证器基本上是关闭主机名验证的,实现的是一个空操作,并且不会抛出javax.net.ssl.SSLException异常。
|
|
|
+ SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1" }, null,
|
|
|
+ SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
|
|
|
+ return HttpClients.custom().setSSLSocketFactory(sslsf).build();
|
|
|
}
|
|
|
|
|
|
}
|
