Merge branch 'jenkins_with_weblogic' of ssh://git@192.168.240.178:18081/eapim/eapim-online.git into jenkins_with_weblogic

This commit is contained in:
jaewohong
2025-12-15 14:14:01 +09:00
@@ -0,0 +1,148 @@
package com.eactive.eai.custom.adapter.http.dynamic.filter;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Properties;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.net.util.Base64;
import org.springframework.http.HttpStatus;
import org.apache.commons.lang3.StringUtils;
import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceKey;
import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceSupport;
import com.eactive.eai.adapter.http.dynamic.filter.HttpAdapterFilter;
import com.eactive.eai.adapter.http.dynamic.filter.JwtAuthException;
import com.eactive.eai.authserver.service.OAuth2Manager;
import com.eactive.eai.authserver.vo.ClientVO;
import com.eactive.eai.common.util.Logger;
public class KjbHmacSha256VerifyFilter implements HttpAdapterFilter, HttpAdapterServiceKey {
static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
private static final String SERVICE_CODE_UNKNOWN = "00";
@Override
public Object doPreFilter(String adptGrpName, String adptName, Object message, Properties prop,
HttpServletRequest request, HttpServletResponse response) throws Exception {
String inboundMethod = prop.getProperty(INBOUND_METHOD);
String inboundUri = prop.getProperty(INBOUND_URI);
String inboundBody = prop.getProperty(INBOUND_REQUEST_MESSAGE);
try {
String xObpPartnercode = request.getHeader("x-obp-partnercode");
String xObpSignatureUrl = request.getHeader("x-obp-signature-url");
String xObpSignatureBody = request.getHeader("x-obp-signature-body");
if (StringUtils.isBlank(xObpPartnercode)
|| StringUtils.isBlank(xObpSignatureUrl)
|| StringUtils.isBlank(xObpSignatureBody)) {
throw new JwtAuthException(
String.valueOf(HttpStatus.UNAUTHORIZED.value()),
"Can not find mandatory Http Header");
}
if (StringUtils.isNotBlank(prop.getProperty(INBOUND_QUERY_STRING))) {
inboundUri = inboundUri + "?" + prop.getProperty(INBOUND_QUERY_STRING);
inboundBody = "";
}
String chkUrl = inboundMethod + "&" + inboundUri;
String chkBody = inboundBody;
String clientSecret = assignClientSecret(prop, request);
String macUrl = calculateHMAC(chkUrl, clientSecret);
String macBody = calculateHMAC(chkBody, clientSecret);
if (!StringUtils.equals(xObpSignatureUrl, macUrl)) {
throw new JwtAuthException(
String.valueOf(HttpStatus.UNAUTHORIZED.value()),
"Signature verifying failed : x-obp-signature-url");
}
if (!StringUtils.equals(xObpSignatureBody, macBody)) {
throw new JwtAuthException(
String.valueOf(HttpStatus.UNAUTHORIZED.value()),
"Signature verifying failed : x-obp-signature-body");
}
} catch (JwtAuthException e) {
logger.debug(e.getMessage());
throw e;
} catch (Exception e) {
logger.error(e.getMessage());
throw new JwtAuthException(
String.valueOf(HttpStatus.UNAUTHORIZED.value()),
"Signature verifying failed(unkown)");
}
return message;
}
public static String calculateHMAC(String data, String key)
throws NoSuchAlgorithmException, InvalidKeyException, UnsupportedEncodingException {
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(key.getBytes(), "HmacSHA256"));
return Base64.encodeBase64String(mac.doFinal(data.getBytes("UTF-8")));
}
private String assignClientSecret(Properties prop, HttpServletRequest request) throws Exception {
String clientId = assignClientId(prop, request);
if (StringUtils.isBlank(clientId)) {
throw new JwtAuthException(
String.valueOf(HttpStatus.UNAUTHORIZED.value()),
"Can not find clientId info");
}
ClientVO client = (ClientVO) OAuth2Manager.getInstance().getClientDeatilsStore().get(clientId);
if (client == null) {
throw new JwtAuthException(
String.valueOf(HttpStatus.UNAUTHORIZED.value()),
"Can not find client info");
}
return client.getClientSecret();
}
private String assignClientId(Properties prop, HttpServletRequest request) {
String clientId = null;
try {
// 이전 filter에서 셋팅한 clientId 확보
clientId = prop.getProperty(HttpAdapterServiceSupport.PROPERTIES_NAME_CLIENT_ID);
// 이전 filter에서 셋팅한 값이 없다면 header 정보에서 확보
if (StringUtils.isBlank(clientId)) {
clientId = request.getHeader(HttpAdapterServiceSupport.HEADER_NAME_CLIENT_ID);
}
} catch (Exception e) {
logger.error(e.getMessage());
}
return clientId;
}
@Override
public Object doPostFilter(String adptGrpName, String adptName, Object resultMessage, Properties prop,
HttpServletRequest request, HttpServletResponse response) throws Exception {
String outboundBody = (String) resultMessage;
try {
String clientSecret = assignClientSecret(prop, request);
String macBody = calculateHMAC(outboundBody, clientSecret);
response.addHeader("x-obp-signature-body", macBody);
} catch (Exception e) {
logger.error(e.getMessage());
}
return resultMessage;
}
}