From 750532c047fec0d40702890aa991633e314bb287 Mon Sep 17 00:00:00 2001 From: JAEWOO HONG Date: Thu, 6 Nov 2025 14:15:57 +0900 Subject: [PATCH] =?UTF-8?q?ApiAdapterService.java=20=ED=8E=B8=EC=A7=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../adapter/service/ApiAdapterService.java | 317 +++++++++++++++++- 1 file changed, 304 insertions(+), 13 deletions(-) diff --git a/src/main/java/com/eactive/eai/adapter/service/ApiAdapterService.java b/src/main/java/com/eactive/eai/adapter/service/ApiAdapterService.java index 77b80b4..88a46f3 100644 --- a/src/main/java/com/eactive/eai/adapter/service/ApiAdapterService.java +++ b/src/main/java/com/eactive/eai/adapter/service/ApiAdapterService.java @@ -7,6 +7,7 @@ import com.eactive.eai.adapter.Keys; import com.eactive.eai.adapter.http.HttpMemoryLogger; import com.eactive.eai.adapter.http.HttpMethodType; import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceSupport; +import com.eactive.eai.adapter.http.dynamic.filter.JwtAuthFilter; import com.eactive.eai.common.exception.ExceptionUtil; import com.eactive.eai.common.message.MessageType; import com.eactive.eai.common.util.CommonLib; @@ -24,6 +25,7 @@ import org.apache.commons.lang3.time.StopWatch; import org.apache.mina.common.ByteBuffer; import org.json.simple.JSONObject; import org.json.simple.JSONValue; +import org.json.simple.parser.JSONParser; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpMethod; import org.springframework.http.MediaType; @@ -40,6 +42,7 @@ import java.util.*; import com.eactive.eai.authserver.service.OAuth2Manager; import com.kjbank.encrypt.exchange.crypto.AES256Cipher; import com.kjbank.encrypt.exchange.crypto.AESCipher; +import com.kjbank.encrypt.exchange.crypto.AES256GCMCipher; import java.nio.charset.StandardCharsets; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; @@ -47,12 +50,15 @@ import java.io.ObjectOutputStream; import java.io.IOException; import java.io.ObjectInputStream; import org.springframework.security.oauth2.provider.ClientDetails; +import com.nimbusds.jwt.SignedJWT; + @Service public class ApiAdapterService extends HttpAdapterServiceSupport { static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER); public static final String HEADER_GROUP = "HEADER_GROUP"; + public static final String HTTP_STATUS = "HTTP_STATUS"; // jwhong // HEADER_GROUP JSON에 추가할 항목 정의, 없으면 전체 header 추가 public static final String HEADER_KEYS = "HEADER_KEYS"; public static final String PROPERTIES_NAME_HTTP_REQUEST_METHOD = "httpRequestMethod"; @@ -61,6 +67,7 @@ public class ApiAdapterService extends HttpAdapterServiceSupport { private static final String JSON_FIELD_NAME = "json-body"; private static final String FILE_GROUP_NAME = "image-file"; private static final String UPLOAD_ROOT_PATH = "UPLOAD_ROOT_PATH"; + public static final String PAYLOAD_PARAM_NAME_CLIENT_ID = "client_id"; // jwhong public String callApi(HttpServletRequest request, HttpServletResponse response, Properties httpProp, AdapterGroupVO adapterGroupVO, AdapterVO adapterVO, Properties transactionProp) throws Exception { int traceLevel = 0; @@ -105,10 +112,14 @@ public class ApiAdapterService extends HttpAdapterServiceSupport { transactionProp.put(ENC_PATHS, httpProp.getProperty(ENC_PATHS, "")); transactionProp.put(ENCRYPT_ALGORITHM, httpProp.getProperty(ENCRYPT_ALGORITHM, "")); //jwhong - transactionProp.put(HEADER_NAME_CLIENT_ID, getHeaders(request).get(HEADER_NAME_CLIENT_ID)); // jwhong + if (getHeaders(request).get(HEADER_NAME_CLIENT_ID) != null) { // jwhong + transactionProp.put(HEADER_NAME_CLIENT_ID, getHeaders(request).get(HEADER_NAME_CLIENT_ID)); + } transactionProp.put(ENCRYPT_BASE_TYPE, httpProp.getProperty(ENCRYPT_BASE_TYPE, "")); //jwhong //transactionProp.put(INBOUND_TOKEN, getHeaders(request).get(INBOUND_TOKEN)); // jwhong transactionProp.put(INBOUND_TOKEN, getHeaders(request).get(INBOUND_TOKEN) != null ? getHeaders(request).get(INBOUND_TOKEN) : ""); //jwhong , null 이면 default로 "" put + transactionProp.put(ENCRYPT_AES256_IV, httpProp.getProperty(ENCRYPT_AES256_IV, "")); //jwhong + transactionProp.put(ENCRYPT_AES256_KEY, httpProp.getProperty(ENCRYPT_AES256_KEY, "")); //jwhong try { @@ -218,7 +229,7 @@ public class ApiAdapterService extends HttpAdapterServiceSupport { paramValue = ""; } else { // jwhong decrypt - paramValue = doPreDecryption(paramValue, transactionProp); + paramValue = doPreDecryption(paramValue, transactionProp, request); } if ("Y".equals(urlDecodeYn) && isParameterType) { @@ -262,7 +273,7 @@ public class ApiAdapterService extends HttpAdapterServiceSupport { } } } - + if (headerJson.size() > 0) { jsonMessage.put(headerGroupName, headerJson); message = jsonMessage.toJSONString(); @@ -284,6 +295,7 @@ public class ApiAdapterService extends HttpAdapterServiceSupport { stopWatch.stop(); String syncAsyncType = transactionProp.getProperty(INBOUND_SYNC_ASYNC_TYPE); + if (!"ASYN".equals(syncAsyncType) && MessageType.JSON.equals(adptMsgType) && StringUtils.isNotBlank(headerGroupName)) { ObjectMapper mapper = new ObjectMapper(); ObjectNode rootNode = (ObjectNode) mapper.readTree(result); @@ -298,19 +310,85 @@ public class ApiAdapterService extends HttpAdapterServiceSupport { result = mapper.writeValueAsString(rootNode); } } - + + // ASYNC 인 경우 광주은행은 RETURN 해 주는 값들이 수정되어야 한다. JWHONG + /* + if ("ASYN".equals(syncAsyncType) && MessageType.JSON.equals(adptMsgType) && StringUtils.isNotBlank(headerGroupName)) { + ObjectMapper mapper = new ObjectMapper(); + ObjectNode rootNode = (ObjectNode) mapper.readTree(result); + JsonNode headerGroup = rootNode.get(headerGroupName); + if(headerGroup != null) { + for(Iterator it = headerGroup.fieldNames(); it.hasNext();) { + String name = it.next(); + String value = headerGroup.get(name).asText(); + response.addHeader(name, value); + } + rootNode.remove(headerGroupName); + result = mapper.writeValueAsString(rootNode); + } + } + */ + + // KJBank는 요청에 대한 응답 (Sync응답, Aync 에 대한 Ack응답) 에 대하여 암호화 하지 않는다. 무조건 안한다. 따라서 아래부분은 구현은 했지만 사용하지 않는다. + //result = doPostEncryption(result, transactionProp); // jwhong Encrypt return result; } - // jwhong encrypt + // jwhong decrypt - private String doPreDecryption(String eaiBody, Properties transactionProp) { + private String doPreDecryption(String eaiBody, Properties transactionProp, HttpServletRequest request) { + String decryptAlgorithm = transactionProp.getProperty(ENCRYPT_ALGORITHM, ""); + String xElinkClientId = transactionProp.getProperty(HEADER_NAME_CLIENT_ID, ""); // 이 값이 OAuth의 client id 값이다 . http header 에 포함되어 온다. jwhong + String encryptBaseKeyType = transactionProp.getProperty(ENCRYPT_BASE_TYPE); + //String inboundToken2 = transactionProp.getProperty(INBOUND_TOKEN, ""); // 이건 token 값이 아니고 authorization 값이다 + String inboundToken = ""; + + String secretAES256Iv = transactionProp.getProperty("ENCRYPT_AES256_IV"); + String secretAES256Key = transactionProp.getProperty("ENCRYPT_AES256_KEY"); + + if ( decryptAlgorithm == "" ) { // 복호화 대상이 아님 + return eaiBody; + } + + inboundToken = JwtTokenExtractor(request); + xElinkClientId = JwtClientIdExtractor(inboundToken); // token에서 client id를 추출함 + + // 암호화 key를 token 내용으로 할지 client secret 내용으로 할지 결정함. adapter property에 정의함 + // ENCRYPT_ALGORITHM 을 설정했는데 ENCRYPT_BASE_TYPE을 설정안하면 Decrypt 수행시 Exception 발생함 + String clientSecret = ""; + if ("TOKEN".equalsIgnoreCase(encryptBaseKeyType)) { + clientSecret = inboundToken; + } else if ( "SECRETKEY".equalsIgnoreCase(encryptBaseKeyType)) { + OAuth2Manager manager = OAuth2Manager.getInstance(); + ClientDetails clientDetail = manager.getClientDeatilsStore().get(xElinkClientId); + + if ( clientDetail != null ) { // 여기서 not null 이라는 것은 apim oauth server에서 발급된 token 임. + // 즉 KJBank 에서 요청이 들어온 것이다. + clientSecret = clientDetail.getClientSecret(); + } // 그럼 업체에서 요청이 들어오면?? 업체도 apim oauth server에서 발급된 token을 사용하는것이다. + } + + byte[] decryptedMessage = null; + decryptedMessage = doInboundPreDecrypt(eaiBody, decryptAlgorithm,clientSecret,secretAES256Iv, secretAES256Key ); + + String resultMessage = new String(decryptedMessage, StandardCharsets.UTF_8 ); + return resultMessage; + //return new String(decryptedMessage, StandardCharsets.UTF_8 ); + } + + + // jwhong encrypt + private String doPostEncryption(String eaiBody, Properties transactionProp) { String decryptAlgorithm = transactionProp.getProperty(ENCRYPT_ALGORITHM, ""); String xElinkClientId = transactionProp.getProperty(HEADER_NAME_CLIENT_ID, ""); // 이 값이 OAuth의 client id 값이다 . http header 에 포함되어 온다. jwhong String encryptBaseKeyType = transactionProp.getProperty(ENCRYPT_BASE_TYPE); String inboundToken = transactionProp.getProperty(INBOUND_TOKEN, ""); + String secretAES256Iv = transactionProp.getProperty("ENCRYPT_AES256_IV"); + String secretAES256Key = transactionProp.getProperty("ENCRYPT_AES256_KEY"); + + if ( decryptAlgorithm == "" ) { // 복호화 대상이 아님 return eaiBody; } @@ -330,7 +408,7 @@ public class ApiAdapterService extends HttpAdapterServiceSupport { } byte[] decryptedMessage = null; - decryptedMessage = doInboundPreDecrypt(eaiBody, decryptAlgorithm,clientSecret); + decryptedMessage = doInboundPostEncrypt(eaiBody, decryptAlgorithm,clientSecret,secretAES256Iv, secretAES256Key ); String resultMessage = new String(decryptedMessage, StandardCharsets.UTF_8 ); return resultMessage; @@ -366,11 +444,13 @@ public class ApiAdapterService extends HttpAdapterServiceSupport { } - private byte[] doInboundPreDecrypt(String eaiStringBody, String decryptAlgorithm, String clientSecretKey) { + private byte[] doInboundPreDecrypt(String eaiStringBody, String decryptAlgorithm, String clientSecretKey, String secretAES256Iv, String secretAES256Key) { byte[] decryptedMessage = null; //String eaiStringBody = new String(eaiBody, StandardCharsets.UTF_8); + eaiStringBody = extractBodyMsg(decryptAlgorithm, eaiStringBody); + //test source //System.out.println("eaiBody 바이트 배열 길이: " + eaiBody.length); System.out.println("Base64 문자열: " + eaiStringBody); @@ -387,10 +467,20 @@ public class ApiAdapterService extends HttpAdapterServiceSupport { // end test source switch (decryptAlgorithm) { - case "AES128": - - String key128 = clientSecretKey.substring(22,38); //togetherEncoder 경우는 substring(44,60) 이네?? + case "AES128-TOSS": try { + String key128 = clientSecretKey.substring(22,38); //togetherEncoder 경우는 substring(44,60) 이네?? + //String decryptedStrMessage = AESCipher.decrypt(eaiStringBody, key128); + String decryptedStrMessage = AESCipher.decryptExistException(eaiStringBody, key128); + decryptedMessage = decryptedStrMessage.getBytes(StandardCharsets.UTF_8); + } catch (Exception e) { + e.printStackTrace(); + logger.error("HttpClientAdapterServiceRest] AES128 Decryption error=" + e.getMessage()); + } + break; + case "AES128-TOGETHER": + try { + String key128 = clientSecretKey.substring(44,60); //togetherEncoder 경우는 substring(44,60) 이네?? //String decryptedStrMessage = AESCipher.decrypt(eaiStringBody, key128); String decryptedStrMessage = AESCipher.decryptExistException(eaiStringBody, key128); decryptedMessage = decryptedStrMessage.getBytes(StandardCharsets.UTF_8); @@ -400,8 +490,8 @@ public class ApiAdapterService extends HttpAdapterServiceSupport { } break; case "AES256": - String key = clientSecretKey.substring(10,42); try { + String key = clientSecretKey.substring(10,42); String decryptedStrMessage = AES256Cipher.decrypt(eaiStringBody, key); decryptedMessage = decryptedStrMessage.getBytes(StandardCharsets.UTF_8); } catch (Exception e) { @@ -409,9 +499,41 @@ public class ApiAdapterService extends HttpAdapterServiceSupport { logger.error("HttpClientAdapterServiceRest] AES256 Decryption error=" + e.getMessage()); } break; + case "AES256-KAKAO": + try { + String decryptedStrMessage = AES256Cipher.decrypt(eaiStringBody, secretAES256Iv, secretAES256Key); + decryptedMessage = decryptedStrMessage.getBytes(StandardCharsets.UTF_8); + } catch (Exception e) { + e.printStackTrace(); + logger.error("HttpClientAdapterServiceRest] AES256 Decryption error=" + e.getMessage()); + } + break; + case "AES256-TOSS": + try { + String decryptedStrMessage = AES256Cipher.decrypt(eaiStringBody, secretAES256Iv, secretAES256Key); + decryptedMessage = decryptedStrMessage.getBytes(StandardCharsets.UTF_8); + } catch (Exception e) { + e.printStackTrace(); + logger.error("HttpClientAdapterServiceRest] AES256 Decryption error=" + e.getMessage()); + } + break; + + case "AES256GCM": + try { + byte[] key = AES256GCMCipher.generateKey(); + AES256GCMCipher cipher = new AES256GCMCipher(key); + byte[] aad = "metadata".getBytes(); + + String decryptedStrMessage = cipher.decrypt(eaiStringBody , aad); + decryptedMessage = decryptedStrMessage.getBytes(StandardCharsets.UTF_8); + + } catch (Exception e) { + e.printStackTrace(); + logger.error("HttpClientAdapterServiceRest] AES256GCM Encryption error=" + e.getMessage()); + } + break; default: try { - //decryptedMessage = Arrays.copyOf(eaiBody, eaiBody.length); decryptedMessage = eaiStringBody.getBytes(); } catch (Exception e) { e.printStackTrace(); @@ -423,6 +545,175 @@ public class ApiAdapterService extends HttpAdapterServiceSupport { return decryptedMessage; } + private String extractBodyMsg(String decryptAlgorithm, String eaiStringBody) { + + String decryptedJsonKey = ""; + String decryptedBodyMessage = ""; + + switch (decryptAlgorithm) { + case "AES128-TOSS": + decryptedJsonKey = "preScreeningRequest"; + break; + case "AES128-TOGETHER": + decryptedJsonKey = "obpTxData"; + break; + case "AES256": + decryptedJsonKey = "preScreeningRequest"; + break; + case "AES256-KAKAO": + decryptedJsonKey = "encrypted_data"; + break; + case "AES256-TOSS": + decryptedJsonKey = "encryptedData"; + break; + case "AES256GCM": + break; + default: + break; + } + + try { + JSONParser parser = new JSONParser(); + JSONObject jsonObject = (JSONObject) parser.parse(eaiStringBody); + decryptedBodyMessage = (String) jsonObject.get(decryptedJsonKey); + } catch (Exception e) { + e.printStackTrace(); + logger.error("HttpClient5AdapterServiceRest] extractBodyMsg error : " + e.getMessage()); + } + + return decryptedBodyMessage; + + } + + private byte[] doInboundPostEncrypt(String eaiStringBody, String encryptAlgorithm, String clientSecretKey, String secretAES256Iv, String secretAES256Key) { + + byte[] encryptedMessage = null; + //String eaiStringBody = new String(eaiBody, StandardCharsets.UTF_8); + + //test source + //System.out.println("eaiBody 바이트 배열 길이: " + eaiBody.length); + System.out.println("Base64 문자열: " + eaiStringBody); + System.out.println("Base64 문자열 길이: " + eaiStringBody.length()); + System.out.println("Base64 문자열 끝: " + eaiStringBody.substring(eaiStringBody.length() - 10)); + + // Base64 디코딩 테스트 + try { + byte[] decoded = Base64.getDecoder().decode(eaiStringBody); + System.out.println("디코딩 성공, 길이: " + decoded.length); + } catch (IllegalArgumentException e) { + System.out.println("Base64 디코딩 실패: " + e.getMessage()); + } + // end test source + + switch (encryptAlgorithm) { + case "AES128-TOSS": + try { + String key128 = clientSecretKey.substring(22,38); //togetherEncoder 경우는 substring(44,60) 이네?? + String decryptedStrMessage = AESCipher.encrypt(eaiStringBody, key128); + encryptedMessage = decryptedStrMessage.getBytes(StandardCharsets.UTF_8); + } catch (Exception e) { + e.printStackTrace(); + logger.error("HttpClientAdapterServiceRest] AES128 Decryption error=" + e.getMessage()); + } + break; + case "AES128-TOGETHER": + try { + String key128 = clientSecretKey.substring(44,60); //togetherEncoder 경우는 substring(44,60) 이네?? + String decryptedStrMessage = AESCipher.encrypt(eaiStringBody, key128); + encryptedMessage = decryptedStrMessage.getBytes(StandardCharsets.UTF_8); + } catch (Exception e) { + e.printStackTrace(); + logger.error("HttpClientAdapterServiceRest] AES128 Decryption error=" + e.getMessage()); + } + break; + case "AES256": + try { + String key = clientSecretKey.substring(10,42); + String decryptedStrMessage = AES256Cipher.encrypt(eaiStringBody, key); + encryptedMessage = decryptedStrMessage.getBytes(StandardCharsets.UTF_8); + } catch (Exception e) { + e.printStackTrace(); + logger.error("HttpClientAdapterServiceRest] AES256 Decryption error=" + e.getMessage()); + } + break; + case "AES256-KAKAO": + try { + String decryptedStrMessage = AES256Cipher.encrypt(eaiStringBody, secretAES256Iv, secretAES256Key); + encryptedMessage = decryptedStrMessage.getBytes(StandardCharsets.UTF_8); + } catch (Exception e) { + e.printStackTrace(); + logger.error("HttpClientAdapterServiceRest] AES256 Decryption error=" + e.getMessage()); + } + break; + case "AES256-TOSS": + try { + String decryptedStrMessage = AES256Cipher.encrypt(eaiStringBody, secretAES256Iv, secretAES256Key); + encryptedMessage = decryptedStrMessage.getBytes(StandardCharsets.UTF_8); + } catch (Exception e) { + e.printStackTrace(); + logger.error("HttpClientAdapterServiceRest] AES256 Decryption error=" + e.getMessage()); + } + break; + + case "AES256GCM": + try { + byte[] key = AES256GCMCipher.generateKey(); + AES256GCMCipher cipher = new AES256GCMCipher(key); + byte[] aad = "metadata".getBytes(); + + String decryptedStrMessage = cipher.encrypt(eaiStringBody , aad); + encryptedMessage = decryptedStrMessage.getBytes(StandardCharsets.UTF_8); + + } catch (Exception e) { + e.printStackTrace(); + logger.error("HttpClientAdapterServiceRest] AES256GCM Encryption error=" + e.getMessage()); + } + break; + default: + try { + encryptedMessage = eaiStringBody.getBytes(); + } catch (Exception e) { + e.printStackTrace(); + logger.error("HttpClientAdapterServiceRest] doOutboundPostFilter Array copy error=" + e.getMessage()); + } + break; + } + + return encryptedMessage; + } + + + + private String JwtTokenExtractor(HttpServletRequest request) { + + String Token = ""; + try { + Token = JwtAuthFilter.extractJWTToken(request); + } catch (Exception e) { + logger.error(e.getMessage()); + } + + System.out.println("Token is: " + Token); + return Token; + + } + + private String JwtClientIdExtractor(String inboundToken) { + + String tokenClientId =""; + try { + SignedJWT signedJWT = SignedJWT.parse(inboundToken); + tokenClientId = (String) signedJWT.getJWTClaimsSet().getClaim(PAYLOAD_PARAM_NAME_CLIENT_ID); + } catch (Exception e) { + logger.error(e.getMessage()); + tokenClientId = ""; + } + + System.out.println("Token Client ID: " + tokenClientId); + return tokenClientId; + + } + // jwhong until here