密码学【java】初探究之springboo集成mybatis,swagger,数字签名
文章目录
- 项目环境
- 一 swagger技术的补充
-
- 1.1 [swagger]((https://github.com/OAI/OpenAPI-Specification))介绍
- 1.2 swagger的基础注解
- 1.3 controller添加swagger注解
- 二 项目搭建
-
- 2.1 创建数据库
- 2.2 引入项目依赖
- 2.3 配置数据库的连接
- 2.4 配置swagger的配置信息
- 2.5 编写实体类
- 2.6 编写业务接口和查询实现
- 2.7 启动项目
- 三 项目完成之数字签名
-
- 3.1 编写工具类
-
- 3.1.1 RsaDemo
- 3.1.2 SignatureDemo
- 3.2 添加controller接口
- 3.3 运行程序
项目环境
- JDK19
- springboot 2.7.6
- swagger 2.9.2
- lombok
- commons-io 2.11.0
- mysql 8.0.32
一 swagger技术的补充
1.1 swagger介绍
- OpenAPI规范(OpenAPI Specification 简称OAS)是Linux基金会的一个项目,试图通过定义一种用来描述API格式或API定义的语言,来规范RESTful服务开发过程,目前版本是V3.0,并且已经发布并开源在github上。
- Swagger是全球最大的OpenAPI规范(OAS)API开发工具框架,支持从设计和文档到测试和部署的整个API生命周期的开发。
- Spring Boot 可以集成Swagger,生成Swagger接口,Spring Boot是Java领域的神器,它是Spring项目下快速构建项目的框架
1.2 swagger的基础注解
- swagger通过注解生成接口文档,包括接口名、请求方法、参数、返回信息的等
| 注释 | 说明 |
|---|---|
| @Api | 修饰整个类,描述Controller的作用 |
| @ApiOperation | 描述一个类的一个方法,或者说一个接口 |
| @ApiParam | 单个参数描述 |
| @ApiModel | 用对象实体来作为入参 |
| @ApiProperty | 用对象接实体收参数时,描述对象的一个字段 |
| @ApiResponse | HTTP响应其中1个描述 |
| @ApiResponses | HTTP响应整体描述 |
| @ApiIgnore | 使用该注解忽略这个API |
| @ApiError | 发生错误返回的信息 |
| @ApiImplicitParam | 一个请求参数 |
| @ApiImplicitParams | 多个请求参数 |
- @Api
- 修饰整个类,描述Controller的作用
@Controller @RequestMapping("/queryAll") @Api(value = "查询所有记录") public class queryAll { //... }
- @ApiOperation
- 用于描述一个方法或者接口,可以添加的参数形式:
@ApiOperation(value = “接口说明”, httpMethod = “接口请求方式”, response = “接口返回参数类型”, notes = “接口发布说明”)@RequestMapping("/swagger") @ResponseBody @ApiOperation(value = "根据用户名获取用户的信息",notes = "查询数据库中的记录",httpMethod = "POST",response = String.class) public String getUserInfo(String userName) { return "1234"; } }
- @ApiImplicitParam 一个请求参数
@ApiImplicitParam(required = “是否必须参数”, name = “参数名称”, value = “参数具体描述”,dateType=“变量类型”,paramType=”请求方式”)
@ApiImplicitParam(name = "userName",value = "用户名",required = true,dataType = "String",paramType = "query")
public String getUserInfo(String userName) {
return "1234";
}
}
- @ApiImplicitParams 多个请求参数
- 参数和@ApiImplicitParam一致,只是这个注解可以添加多个参数而已
@ApiImplicitParams({ @ApiImplicitParam(name = "nickName",value = "用户的昵称",paramType = "query",dataType = "String",required = true), @ApiImplicitParam(name = "id",value = "用户的ID",paramType = "query",dataType = "Integer",required = true) }) public String getUserInfoByNickName(String nickName, Integer id) { return "1234"; }
1.3 controller添加swagger注解
import com.yang.mapper.UserMapper;
import com.yang.pojo.User;
import com.yang.utils.RsaDemo;
import com.yang.utils.SignatureDemo;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import java.security.PublicKey;
import java.util.List;
/**
* @author 缘友一世
* date 2023/1/22-13:00
*/
@Api(tags = "提供用户的增删改查的功能")
@RestController
//@RestController为开发提供了方便☺,在提供json接口时需要的配置操作再也不需要自己配置了
//@RestController注解相当于@ResponseBody和@Controller的结合
public class UserController {
@Autowired
UserMapper userMapper;
@ApiOperation(value = "查询用户")
@RequestMapping(value = "/findAll", method = RequestMethod.GET)
public List<User> queryUserList() {
List<User> userList = userMapper.queryUserList();
for(User user:userList ) {
System.out.println(user);
}
return userList;
}
@ApiOperation(value = "根据id查询用户")
@RequestMapping(value = "/queryUserById",method = RequestMethod.GET)
@ApiImplicitParams({
//@ApiImplicitParam(name = "userName",value = "用户的昵称",paramType = "query",dataType = "String",required = true),
@ApiImplicitParam(name = "id",value = "用户的id",paramType = "query",dataType = "int",required = true)
})
public User queryUserById(@RequestParam("id") int Id) {
return userMapper.queryUserById(Id);
}
@ApiOperation(value = "添加用户")
@RequestMapping(value = "/addUser", method = RequestMethod.POST)
public String addUser() {
userMapper.addUser(new User(6, "三毛", "123456"));
return "finish addUser";
}
@ApiOperation(value = "更新用户")
@RequestMapping(value = "/updateUser", method = RequestMethod.PUT)
public String updateUser() {
userMapper.updateUser(new User(6, "阿毛", "5211314"));
return "finish UpdateUser";
}
@ApiOperation(value = "删除用户")
@RequestMapping(value = "/addUser", method = RequestMethod.DELETE)
public String deleteUer() {
userMapper.deleteUser(6);
return "finish DeleteUser";
}
@ApiOperation(value = "购物")
@RequestMapping(value = "/buy", method = RequestMethod.GET)
public String buy(String price, String num, String signature) {
try {
// 获取公钥
PublicKey publicKey = RsaDemo.loadPublicKeyFromFile("RSA", "a.pub");
// 第一个参数:原文
// 第二个参数:算法
// 第三个参数:公钥
// 第四个参数:签名
boolean result = SignatureDemo.verifySignature(price + num, "SHA256withRSA", publicKey, signature);
System.out.println(result);
if (result) {
return "购物成功";
}
} catch (Exception e) {
e.printStackTrace();
}
return "购物失败";
}
}
二 项目搭建
- 创建项目的过程,就不再赘述!
2.1 创建数据库
CREATE DATABASE USER;
USE USER;
CREATE TABLE USER(
id INT PRIMARY KEY AUTO_INCREMENT,
username VARCHAR(20),
password VARCHAR(50),
)
- 然后自己随便插入一条数据!
2.2 引入项目依赖
<dependencies>
<dependency>
<groupId>org.springframework.bootgroupId>
<artifactId>spring-boot-starter-jdbcartifactId>
dependency>
<dependency>
<groupId>org.springframework.bootgroupId>
<artifactId>spring-boot-starter-webartifactId>
dependency>
<dependency>
<groupId>com.mysqlgroupId>
<artifactId>mysql-connector-jartifactId>
<scope>runtimescope>
dependency>
<dependency>
<groupId>org.springframework.bootgroupId>
<artifactId>spring-boot-starter-testartifactId>
<scope>testscope>
dependency>
<dependency>
<groupId>org.mybatis.spring.bootgroupId>
<artifactId>mybatis-spring-boot-starterartifactId>
<version>3.0.1version>
dependency>
<dependency>
<groupId>org.projectlombokgroupId>
<artifactId>lombokartifactId>
dependency>
<dependency>
<groupId>io.springfoxgroupId>
<artifactId>springfox-swagger2artifactId>
<version>2.9.2version>
dependency>
<dependency>
<groupId>io.springfoxgroupId>
<artifactId>springfox-swagger-uiartifactId>
<version>2.9.2version>
dependency>
<dependency>
<groupId>commons-iogroupId>
<artifactId>commons-ioartifactId>
<version>2.11.0version>
dependency>
<dependency>
<groupId>commons-codecgroupId>
<artifactId>commons-codecartifactId>
<version>1.15version>
dependency>
dependencies>
2.3 配置数据库的连接
spring:
mvc:
pathmatch:
matching-strategy: ant_path_matcher
datasource:
username: root
password: yqk.20021027
url: jdbc:mysql://localhost:3306/user?useSSL=true&useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC
driver-class-name: com.mysql.cj.jdbc.Driver
#整合mybatis
mybatis:
type-aliases-package: com.yang.pojo
mapper-locations: classpath:mybatis/mapper/*.xml
2.4 配置swagger的配置信息
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.service.ApiInfo;
import springfox.documentation.service.Contact;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spring.web.plugins.Docket;
import springfox.documentation.swagger2.annotations.EnableSwagger2;
import java.util.ArrayList;
@Configuration //配置类
@EnableSwagger2// 开启Swagger2的自动配置
public class SwaggerConfig {
//配置docket以配置Swagger具体参数
@Bean
public Docket docket() {
return new Docket(DocumentationType.SWAGGER_2)
.enable(true)
.apiInfo(apiInfo())
.select()
.apis(RequestHandlerSelectors.basePackage("com.yang.controller"))
.build();
}
//配置swagger文档信息apiInfo
private ApiInfo apiInfo() {
//作者信息
Contact contact = new Contact("缘友一世", "https://www.csdn.net/", "[email protected]");
return new ApiInfo(
"Spring Boot集成Swagger和加密解密",//标题
"学习Swagger",//描述
"1.0",//版本
"http://localhost",//组织连接
contact,//联系人信息
"Apache 2.0",//许可
"http://www.apache.org/licenses/LICENSE-2.0",//许可连接
new ArrayList());//拓展
}
}
2.5 编写实体类
- 根据数据库表的结果,进行编写实体类
- 可以使用lombok工具快速生成get,set方法和有参、无参构造器
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import org.apache.ibatis.type.Alias;
/**
* @author 缘友一世
* date 2023/1/22-12:55
*/
@Data
@AllArgsConstructor
@NoArgsConstructor
@Alias("User")
public class User {
private int id;
private String username;
private String password;
}
2.6 编写业务接口和查询实现
- 编写controller接口
import com.yang.mapper.UserMapper; import com.yang.pojo.User; import com.yang.utils.RsaDemo; import com.yang.utils.SignatureDemo; import io.swagger.annotations.Api; import io.swagger.annotations.ApiImplicitParam; import io.swagger.annotations.ApiImplicitParams; import io.swagger.annotations.ApiOperation; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; import java.security.PublicKey; import java.util.List; /** * @author 缘友一世 * date 2023/1/22-13:00 */ @Api(tags = "提供用户的增删改查的功能") @RestController //@RestController为开发提供了方便☺,在提供json接口时需要的配置操作再也不需要自己配置了 //@RestController注解相当于@ResponseBody和@Controller的结合 public class UserController { @Autowired UserMapper userMapper; @ApiOperation(value = "查询用户") @RequestMapping(value = "/findAll", method = RequestMethod.GET) public List<User> queryUserList() { List<User> userList = userMapper.queryUserList(); for(User user:userList ) { System.out.println(user); } return userList; } @ApiOperation(value = "根据id查询用户") @RequestMapping(value = "/queryUserById",method = RequestMethod.GET) @ApiImplicitParams({ //@ApiImplicitParam(name = "userName",value = "用户的昵称",paramType = "query",dataType = "String",required = true), @ApiImplicitParam(name = "id",value = "用户的id",paramType = "query",dataType = "int",required = true) }) public User queryUserById(@RequestParam("id") int Id) { return userMapper.queryUserById(Id); } @ApiOperation(value = "添加用户") @RequestMapping(value = "/addUser", method = RequestMethod.POST) public String addUser() { userMapper.addUser(new User(6, "三毛", "123456")); return "finish addUser"; } @ApiOperation(value = "更新用户") @RequestMapping(value = "/updateUser", method = RequestMethod.PUT) public String updateUser() { userMapper.updateUser(new User(6, "阿毛", "5211314")); return "finish UpdateUser"; } @ApiOperation(value = "删除用户") @RequestMapping(value = "/addUser", method = RequestMethod.DELETE) public String deleteUer() { userMapper.deleteUser(6); return "finish DeleteUser"; } } - 编写mapper接口
@Mapper//这个注释表名这是一个mybatis的mapper的类 @Repository public interface UserMapper { List<User> queryUserList(); User queryUserById(int id); int addUser(User user); int updateUser(User user); int deleteUser(int id); } - 编写mapeer的实现
DOCTYPE mapper
PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.yang.mapper.UserMapper">
<select id="queryUserList" resultType="User">
select * from user;
select>
<select id="queryUserById" resultType="User" parameterType="int">
select * from user where id = #{id};
select>
<insert id="addUser" parameterType="User">
insert into user(id,name,pwd) values (#{id},#{name},#{pwd});
insert>
<update id="updateUser" parameterType="User">
update user set name=#{name},pwd=#{pwd} where id=#{id};
update>
<delete id="deleteUser" parameterType="int">
delete from user where id=#{id};
delete>
mapper>
2.7 启动项目
- swagger的访问地址:
http://localhost:8080/swagger-ui.html
- 点击try it out 输入姓名, Execute执行,返回如下图效果
三 项目完成之数字签名
- 模拟购物场景,用户点击购物的时候,在前端生成签名信息,传递给后台服务器进行校验,如果价格,数量,签名都正确,购物成功,如果参数被人修改,则购物失败
3.1 编写工具类
- 两个代码 RsaDemo.java 和 SignatureDemo.java
- RsaDemo:生成并保存公钥和私钥文件
- SignatureDemo:生成数字签名
3.1.1 RsaDemo
package com.yang.utils;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.nio.charset.Charset;
import java.security.*;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.FileUtils;
import javax.crypto.Cipher;
public class RsaDemo {
public static void main(String[] args) throws Exception {
generateKeyToFile("RSA", "a.pub", "a.pri");
}
/**
* 生成密钥对并保存在本地文件中
*
* @param algorithm : 算法
* @param pubPath : 公钥保存路径
* @param priPath : 私钥保存路径
*/
public static void generateKeyToFile(String algorithm, String pubPath, String priPath) throws Exception {
// 获取密钥对生成器
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(algorithm);
// 获取密钥对
KeyPair keyPair = keyPairGenerator.generateKeyPair();
// 获取公钥
PublicKey publicKey = keyPair.getPublic();
// 获取私钥
PrivateKey privateKey = keyPair.getPrivate();
// 获取byte数组
byte[] publicKeyEncoded = publicKey.getEncoded();
byte[] privateKeyEncoded = privateKey.getEncoded();
// 进行Base64编码
String publicKeyString = Base64.encodeBase64String(publicKeyEncoded);
String privateKeyString = Base64.encodeBase64String(privateKeyEncoded);
// 保存文件
FileUtils.writeStringToFile(new File(pubPath), publicKeyString,Charset.forName("UTF-8"));
FileUtils.writeStringToFile(new File(priPath), privateKeyString,Charset.forName("UTF-8"));
}
/**
* 从文件中加载公钥
*
* @param algorithm : 算法
* @param filePath : 文件路径
* @return : 公钥
*/
public static PublicKey loadPublicKeyFromFile(String algorithm, String filePath) throws Exception {
// 将文件内容转为字符串
String keyString = FileUtils.readFileToString(new File(filePath), Charset.forName("UTF-8"));
return loadPublicKeyFromString(algorithm, keyString);
}
/**
* 从字符串中加载公钥
*
* @param algorithm : 算法
* @param keyString : 公钥字符串
* @return : 公钥
*/
public static PublicKey loadPublicKeyFromString(String algorithm, String keyString) throws Exception {
// 进行Base64解码
byte[] decode = Base64.decodeBase64(keyString);
// 获取密钥工厂
KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
// 构建密钥规范
X509EncodedKeySpec keyspec = new X509EncodedKeySpec(decode);
// 获取公钥
return keyFactory.generatePublic(keyspec);
}
/**
* 从文件中加载私钥
*
* @param algorithm : 算法
* @param filePath : 文件路径
* @return : 私钥
*/
public static PrivateKey loadPrivateKeyFromFile(String algorithm, String filePath) throws Exception {
// 将文件内容转为字符串
String keyString = FileUtils.readFileToString(new File(filePath),Charset.forName("UTF-8"));
return loadPrivateKeyFromString(algorithm, keyString);
}
/**
* 从字符串中加载私钥
*
* @param algorithm : 算法
* @param keyString : 私钥字符串
* @return : 私钥
*/
public static PrivateKey loadPrivateKeyFromString(String algorithm, String keyString) throws Exception {
// 进行Base64解码
byte[] decode = Base64.decodeBase64(keyString);
// 获取密钥工厂
KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
// 构建密钥规范
PKCS8EncodedKeySpec keyspec = new PKCS8EncodedKeySpec(decode);
// 生成私钥
return keyFactory.generatePrivate(keyspec);
}
/**
* 使用密钥加密数据
*
* @param algorithm : 算法
* @param input : 原文
* @param key : 密钥
* @param maxEncryptSize : 最大加密长度(需要根据实际情况进行调整)
* @return : 密文
*/
public static String encrypt(String algorithm, String input, Key key, int maxEncryptSize) throws Exception {
// 获取Cipher对象
Cipher cipher = Cipher.getInstance(algorithm);
// 初始化模式(加密)和密钥
cipher.init(Cipher.ENCRYPT_MODE, key);
// 将原文转为byte数组
byte[] data = input.getBytes();
// 总数据长度
int total = data.length;
// 输出流
ByteArrayOutputStream baos = new ByteArrayOutputStream();
decodeByte(maxEncryptSize, cipher, data, total, baos);
// 对密文进行Base64编码
return Base64.encodeBase64String(baos.toByteArray());
}
/**
* 分段处理数据
*
* @param maxSize : 最大处理能力
* @param cipher : Cipher对象
* @param data : 要处理的byte数组
* @param total : 总数据长度
* @param baos : 输出流
* @throws Exception
*/
public static void decodeByte(int maxSize, Cipher cipher, byte[] data, int total, ByteArrayOutputStream baos) throws Exception {
// 偏移量
int offset = 0;
// 缓冲区
byte[] buffer;
// 如果数据没有处理完, 就一直继续
while (total - offset > 0) {
// 如果剩余的数据 >= 最大处理能力, 就按照最大处理能力来加密数据
if (total - offset >= maxSize) {
// 加密数据
buffer = cipher.doFinal(data, offset, maxSize);
// 偏移量向右侧偏移最大数据能力个
offset += maxSize;
} else {
// 如果剩余的数据 < 最大处理能力, 就按照剩余的个数来加密数据
buffer = cipher.doFinal(data, offset, total - offset);
// 偏移量设置为总数据长度, 这样可以跳出循环
offset = total;
}
// 向输出流写入数据
baos.write(buffer);
}
}
}
- 运行 RsaDemo.java 生成 公钥和私钥
3.1.2 SignatureDemo
package com.yang.utils;
import org.apache.commons.codec.binary.Base64;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
public class SignatureDemo {
public static void main(String[] args) throws Exception {
// 10:表示购物的价格
// 10:表示购物的数量
String a = "10" + "10";
PublicKey publicKey = RsaDemo.loadPublicKeyFromFile("RSA", "a.pub");
PrivateKey privateKey = RsaDemo.loadPrivateKeyFromFile("RSA", "a.pri");
String signaturedData = getSignature(a, "sha256withrsa", privateKey);
System.out.println(signaturedData);
}
/**
* 生成签名
*
* @param input : 原文
* @param algorithm : 算法
* @param privateKey : 私钥
* @return : 签名
* @throws Exception
*/
public static String getSignature(String input, String algorithm, PrivateKey privateKey) throws Exception {
// 获取签名对象
Signature signature = Signature.getInstance(algorithm);
// 初始化签名
signature.initSign(privateKey);
// 传入原文
signature.update(input.getBytes());
// 开始签名
byte[] sign = signature.sign();
// 对签名数据进行Base64编码
return Base64.encodeBase64String(sign);
}
/**
* 校验签名
*
* @param input : 原文
* @param algorithm : 算法
* @param publicKey : 公钥
* @param signaturedData : 签名
* @return : 数据是否被篡改
* @throws Exception
*/
public static boolean verifySignature(String input, String algorithm, PublicKey publicKey, String signaturedData) throws Exception {
// 获取签名对象
Signature signature = Signature.getInstance(algorithm);
// 初始化签名
signature.initVerify(publicKey);
// 传入原文
signature.update(input.getBytes());
// 校验数据
return signature.verify(Base64.decodeBase64(signaturedData));
}
}
- 运行 SignatureDemo.java 生成 签名信息
iMWjY/L17jMT8nippbtnWjkztU1l9DOH6I31cBwpVRNR7wD3qYRKJGTS+eFNrC+ygFlGmOLqON14vGxBxp7KKAauSuWMmWlbfynKeMsDveIo8ttssYHT+InNf 0WLgwOnvUnKVK/CZF3rOdYTWYAZAqinJ/SikniPUfE1ZRknwksEFfXqEMUOAWeuHRdeVE+JdhGxv9yT5kV6agBccwili3fPaCQR5nfalPLRccrKlEV5RDwOjO YzQk3q64NHXNP1qsK9CpRbVsQPQjNFgU+GwgwI1E8HQJpdDKsbZYgLcBoCFqaoiARDjSsFnlmjpB/uUmF9YJdPkIkTEr3fSiteO3mNeu/WeZXp749MZF3IjRj zJYg9bF2s/iuR42zszvlmmWkBLzv9FD8kmg2u8UxhcsarSHirjl7MHF20kbM6h9t51v8DR2cz8ci6ciphiMI6ZE7/rVTfnzq9SdZRaoM+rMKn08ZFHWYXO3MX XZmlDQtd0WSF5hVwAgyU9zXMAHi2
3.2 添加controller接口
@ApiOperation(value = "购物")
@RequestMapping(value = "/buy", method = RequestMethod.GET)
public String buy(String price, String num, String signature) {
try {
// 获取公钥
PublicKey publicKey = RsaDemo.loadPublicKeyFromFile("RSA", "a.pub");
// 第一个参数:原文
// 第二个参数:算法
// 第三个参数:公钥
// 第四个参数:签名
boolean result = SignatureDemo.verifySignature(price + num, "SHA256withRSA", publicKey, signature);
System.out.println(result);
if (result) {
return "购物成功";
}
} catch (Exception e) {
e.printStackTrace();
}
return "购物失败";
}
3.3 运行程序
-
swagger访问的地址:
http://localhost:8080/swagger-ui.html
-
如果在请求服务器的时候,程序被人篡改,如价格改成100元,运行就会购物失败
