71 Commits

Author SHA1 Message Date
curry772 6eedac51f7 마스킹 유틸리티 추가 (MaskingUtils + 단위테스트)
- 보안아키텍처 마스킹 정책에 따라 고유식별정보·금융식별정보·인증정보·신상정보·온라인정보
- 카테고리별 마스킹 처리 유틸 및 JUnit 5 단위테스트(3단계 번호 체계) 신규 작성
2026-05-20 16:33:21 +09:00
curry772 8d63586749 거래파일로그 기능 추가
- HTTP Inbound 거래도 출력되도록 수정
- HTTP Header 파일로그 추가
2026-05-19 13:41:35 +09:00
curry772 7b0699fdb9 로그 오타 수정 2026-05-19 11:20:23 +09:00
curry772 b6a5dce74a 거래파일로그(SIFT_LOGGER) 출력기능 개발
- UUID별로 거래파일로그 생성
2026-05-19 11:18:59 +09:00
curry772 265a30ccf3 Outbound Client oAuth Token 기능 개선 및 패치
- 광주은행 내용 적용
- ignite 사용
2026-05-18 10:58:10 +09:00
curry772 d458d1b008 Merge branch 'feature/cryptofilter' 2026-05-14 15:24:04 +09:00
curry772 29b8b7eaac perf: encryptField/decryptField JSON 파싱 횟수 절감
JsonPathUtil에 JsonNode 기반 저수준 API(toTree/getAt/setAt/fromTree) 추가.
기존 getValueAtPath/setValueAtPath/mergeAtRoot는 내부적으로 이를 위임.

AbstractCryptoFilter.encryptField, decryptField는 파싱된 JsonNode를
재사용하여 JSON 파싱을 기존 2~3회에서 1회로 단축.
- encryptField non-root: 파싱 2회 → 1회
- decryptField non-root: 파싱 2회 → 1회
- decryptField toPath="/": 파싱 3회 → 2회 (body 1회 + mergeJson 1회)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-14 13:55:29 +09:00
curry772 74302df5a2 fix: decryptField toPath='/' 시 기존 필드 보존 - mergeAtRoot 연동
toPath='/'일 때 복호화된 텍스트로 body 전체를 교체하던 동작을
JsonPathUtil.mergeAtRoot 를 통해 fromPath 필드만 제거하고
복호화된 JSON을 body에 병합하는 방식으로 수정.

- AbstractCryptoFilter.decryptField: return plainText → mergeAtRoot 호출
- JsonPathUtil.mergeAtRoot: 신규 메서드 추가
- InCryptoFilterTest: 4-4 병합 동작 검증 테스트 추가, 4-2 설명 수정

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-14 13:34:55 +09:00
curry772 9a15b5506f fix: CryptoFilterHsmIntegrationTest - BaseCryptoFilter 잔여 참조 InCryptoFilter로 교체
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-14 11:28:02 +09:00
curry772 0b68b8166f feat: InCryptoFilter / OutCryptoFilter 추가 및 암호화 필터 계층 재구성
- AbstractCryptoFilter (신규, http.filter 패키지): 공통 암복호화 로직 및 상수 분리
- InCryptoFilter (신규, dynamic.filter): HttpAdapterFilter 구현 - 수신 요청 복호화, 응답 암호화
- OutCryptoFilter (신규, client.impl.filter): HttpClientAdapterFilter 구현 - 송신 요청 암호화, 응답 복호화
- BaseCryptoFilter, CryptoFilter 제거 → InCryptoFilter로 통합
- CryptoFilterHsmIntegrationTest: 새 클래스명으로 업데이트

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-14 11:26:36 +09:00
curry772 8db66f8bef DefaultProcess - 표준전문 오류응답을 수신 응답 설정(setResMsg) 로직 변경
- AdapterErrorMessageHandler를 사용하는 경우, BWK_FAILMSG_CODE(RIBEAI999999)를
설정하도록 변경
- AdapterErrorMessageHandler 설정이 없은 경우, Exception 발생 부분 처리
2026-05-14 10:42:12 +09:00
curry772 c4a250db08 refactor: HttpAdapterFilterFactoryKjb 제거 및 HttpAdapterFilterFactory 통합
- HttpAdapterFilterFactoryKjb 삭제
- HttpAdapterFilterFactory에 HMAC_SHA256, REFLECTALLHEADER 케이스 추가
- classForName() 헬퍼로 basePackage / customBasePackage 순차 탐색 적용
- HttpAdapterServiceSupport 임포트를 HttpAdapterFilterFactory로 교체

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 16:09:22 +09:00
curry772 db7a728344 feat: HttpClient5 어댑터 필터 패키지 eapim-online에서 이동
- HttpClient5AdapterServiceRestAddFilter 이동
- HttpClientAdapterFilter / HttpClient5AdapterFilterFactory 등 filter 패키지 이동
  (AllHeaderFilter, AsyncReponseFilter, JBOBPFilter, KAKAOBankFilter,
   KFTCFaceFilter, KFTCP2PFilter, NAVERFinFilter, NICECreditFilter,
   SimpleFrameworkFilter, SimpleframeworkBodyFilter, TOSSBankFilter, TraceBodyFilter)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 15:58:07 +09:00
curry772 813bb99952 test: CryptoModuleServiceTest DYNAMIC AES/CBC 출력 로그 추가
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 13:53:17 +09:00
curry772 becd8612e8 Merge branch 'feature/crypto-module'
CryptoFilter 프로퍼티 키 규격화, HSM 통합 테스트, SoftHSM2 연동 검증 완료
2026-05-13 13:29:14 +09:00
curry772 e208a2d64b feat: CryptoFilter 프로퍼티 키 규격화 및 HSM 통합 테스트 추가
- CryptoFilter prop 키를 UPPER_UNDERSCORE 형식으로 변경 (CRYPTO_MODULE_NAME 등)
- CRYPTO_DEC_ENABLED / CRYPTO_ENC_ENABLED 옵션 제거 (필터 설정 시 항상 암복호화)
- getProp() 빈 문자열도 기본값으로 처리 (StringUtils.isBlank 적용)
- CryptoFilterHsmIntegrationTest 추가: SoftHSM2 연동 전체 흐름 검증 (7개 케이스)
  - attributes(*, CKO_SECRET_KEY, CKK_AES): 임포트 키도 CKA_SENSITIVE=false 적용
  - HsmKeyDerivationStrategy / HsmContextSha256KeyDerivationStrategy 검증
- HsmKeyRegisterUtil 추가: SoftHSM2 마스터키 등록 유틸리티
- CryptoModuleServiceTest: GCM AAD 관련 테스트 케이스 보강

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 13:29:02 +09:00
curry772 444b7ad595 feat: CryptoFilter GCM AAD 지원 추가 및 단위테스트 작성
- CryptoFilter: crypto.aad.header 프로퍼티 + buildAad() 메서드 추가
- CryptoFilter: 기본 scope SCOPE_BODY → SCOPE_FIELD 변경
- CryptoFilter: decryptBody/decryptField/encryptBody/encryptField aad 파라미터 적용
- BaseCryptoFilterTest: BODY/FIELD scope, buildAad, AAD 헤더 연동 단위테스트 신규 작성
- CryptoModuleServiceTest: STATIC/DYNAMIC GCM AAD 테스트 섹션 추가

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-12 18:15:40 +09:00
curry772 085dd024d8 feat: HsmContextSha256KeyDerivationStrategyTest common 패키지로 이동
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-12 16:37:15 +09:00
curry772 3b6b3f6e4c Merge branch 'master' into feature/crypto-module 2026-05-12 16:33:59 +09:00
curry772 f4c28e8a27 feat: HSM 키 파생 전략 클래스 추가 (common 패키지로 이동)
- BaseHsmKeyDerivationStrategy: HSM 마스터키 조회 공통 로직 추상 기반 클래스
- HsmKeyDerivationStrategy: HSM 마스터키 직접 사용 전략
- HsmSha256KeyDerivationStrategy: HSM 마스터키 SHA-256 해싱 도출 전략
- HsmContextSha256KeyDerivationStrategy: HSM 마스터키 + 컨텍스트 SHA-256 해싱 도출 전략

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-12 16:30:26 +09:00
curry772 3cda2873cc feat: HTTP 어댑터 암복호화 필터 기반 클래스 추가 및 기본 scope 수정
- BaseCryptoFilter: 빈 RuntimeContext를 반환하는 기반 클래스 추가
- CryptoFilter: 기본 scope SCOPE_BODY → SCOPE_FIELD로 변경

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-12 16:27:21 +09:00
curry772 c0efdd89d4 Merge branch 'feature/template-adapter-error-msg-handler' 2026-05-12 13:06:08 +09:00
curry772 3eac4eeaa6 feat: 모든 변수 표현식에 :기본값 문법 추가 및 JSON 필드 파싱 지원
- ${callprop.KEY:default} / ${callprop[path]:default} / ${MSG.path:default} 기본값 문법
- ${DATA.BIZDATA.acctNo} : StandardMessage String 값이 JSON이면 Gson으로 필드 추출
  (중첩 경로 지원, 없는 필드는 빈 문자열 또는 기본값)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-12 13:05:33 +09:00
curry772 c0c3f45d18 feat: 모든 변수 표현식에 :기본값 문법 추가
- ${callprop.KEY:default} - 직접 참조 기본값
- ${callprop[MSG.path]:default} - 간접 참조 기본값
- ${MSG.path:default} - 표준전문 경로 기본값
키/경로 미존재 또는 callProp null 시 기본값 반환, 기본값 미지정 시 빈 문자열.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-12 11:21:58 +09:00
curry772 2686448791 fix: GenerateMethod 테스트에서 AdapterPropManager → PropManager 목 객체로 변경
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-12 10:47:23 +09:00
curry772 3d4e5762c8 Merge branch 'feature/template-adapter-error-msg-handler' into master 2026-05-12 09:44:10 +09:00
curry772 f7859a77dc feat: 템플릿 기반 어댑터 에러 메시지 핸들러 추가
AdapterPropManager "AdapterErrorMessageHandler" 그룹의
{adapterGroupId}.template 키로 등록된 템플릿을 읽어
StandardMessage 및 callProp 값으로 치환한 에러 응답을 생성한다.

변수 치환 규칙:
- ${callprop.키}         → callProp.getProperty("키")
- ${MSG.MAIN_MSG.경로}  → StandardMessage.findItemValue("경로")
- {{#foreach 경로}}...{{/foreach}} → GRID 배열 반복 (쉼표 구분)

JSON/XML 템플릿 모두 지원

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-12 09:42:32 +09:00
curry772 c4010147db 테스트 거래 시 forwardproxy 사용하지 않도록 변경 2026-05-11 16:17:26 +09:00
curry772 5994befbb6 테스트 거래 시 forwardproxy 사용하지 않도록 변경 2026-05-11 16:16:26 +09:00
curry772 07569e62da HTTP도 REST 처럼 simulator 호출 기능, mock server(test master) 호출로 변경 2026-05-11 16:11:10 +09:00
curry772 e5638f22bb Outbound HeaderGroup 전체 전달 'ALL' 지원 2026-05-11 16:10:20 +09:00
curry772 e64319e7d2 Merge branch 'feature/inflow-control-improvement' into master 2026-05-08 10:51:21 +09:00
curry772 43548a90c4 fix: AbstractInflowControlManager Bandwidth.simple → classic+intervally 버킷 생성 버그 수정 및 테스트 추가
- makeBucketUsingInflowVO: 어댑터/인터페이스 단일 버킷 threshold 리필을 greedy → intervally 변경
- makeGroupBucket: 그룹 threshold 버킷 동일하게 수정
- DualInflowControlManagerMakeBucketTest: 버킷 생성 로직 직접 검증 테스트 추가
- InflowControlManagerTest: @BeforeEach reload + spike/burst 경계 케이스 테스트 추가
- SQL 픽스처: MIN 단위 TEST_ADAPTER/TEST_INTERFACE/test-group-quota 항목 추가

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-08 10:21:57 +09:00
curry772 8900966d71 refactor: DualBucket/DualInflowControlManager 클라이언트 분리 및 Bandwidth 방식 변경
- DualBucket 인터페이스에서 클라이언트 메서드 분리 → ClientDualBucket 신규 인터페이스
- DualInflowControlManager 클라이언트 구현 분리 → ClientDualInflowControlManager
- DualInflowControlManager @Component 제거 (ClientDualInflowControlManager가 단일 빈)
- makeBucket: Bandwidth.simple → Bandwidth.classic + Refill.greedy/intervally 변경
  (threshold 버킷을 진짜 기간 쿼터로 동작하도록 수정)
- DualRequestProcessor → eapim-online custom 패키지로 이동 (삭제)
- ReloadInflowClientControlCommand / RemoveInflowClientControlCommand:
  instanceof 타입을 ClientDualInflowControlManager로 변경
- 단위 테스트: ClientDualInflowControlManagerMetricsTest 추가,
  DualInflowControlManagerMetricsTest 클라이언트 케이스 분리

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-07 18:02:34 +09:00
curry772 32a7723fa4 Merge branch 'feature/crypto-module' into master 2026-05-07 15:38:47 +09:00
curry772 580686886c feat: HTTP 어댑터 암복호화 필터 기반 클래스 추가 및 ReloadCryptoModuleCommand 개선
- CryptoFilter (abstract): BODY/FIELD scope 암복호화, buildRuntimeContext 추상화
  - String/byte[]/JSONObject 타입 message 처리 (toBodyString)
  - STATIC/DYNAMIC 키 모듈 공통 지원 (CryptoModuleManager가 내부 분기)
- ReloadCryptoModuleCommand: 로깅 추가, 성공 시 "success" 반환, 에러코드 정의

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-07 15:03:47 +09:00
curry772 bf1135f9ad feat: 암호화모듈 프레임워크 신규 구현
- CryptoModuleExtension 인터페이스: BC 프로바이더, AAD, 편의 메서드 오버로드 추가
- AESCryptoModuleExtension: CBC/GCM/ECB/FF1 지원, GCM 랜덤 nonce, AAD 처리
- ARIACryptoModuleExtension: ARIA 알고리즘 지원
- CryptoModuleConfigVO: JPA Entity 분리를 위한 Lombok VO
- CryptoModuleManager: VO 패턴 적용, FQCN 기반 전략 동적 로딩(Class.forName)
- CryptoModuleService: STATIC/DYNAMIC × AAD 조합 8가지 오버로드
- CryptoModuleConfigMapper: MapStruct Entity→VO 매퍼
- KeyDerivationStrategy 인터페이스 및 DerivedKey
- HsmContextXorKeyDerivationStrategy: HSM 마스터키 XOR 컨텍스트값 전략
- ReloadCryptoModuleCommand: 설정 런타임 재로드 커맨드
- build.gradle: BouncyCastle bcprov-jdk15on:1.70 의존성 추가
- 단위 테스트 전체 추가

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-06 16:49:33 +09:00
curry772 8f70451477 Merge branch 'feature/inflow-control-improvement'
- AbstractInflowControlManager 상속 구조 리팩토링
- DualInflowControlManager DAO 이중 호출 제거 및 타겟 메트릭 추가
- ReloadInflowClientControlCommandTest / RemoveInflowClientControlCommandTest 수정
2026-04-30 10:16:52 +09:00
curry772 437961e7d5 test: ReloadInflowClientControlCommandTest / RemoveInflowClientControlCommandTest 수정
PropManager NPE 및 정적 캐시 미초기화로 인한 테스트 실패 수정.
InflowControlUtil.cachedInflowControlManager를 ReflectionTestUtils로
직접 주입/초기화하는 방식으로 변경.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-30 10:15:27 +09:00
curry772 496bdd1468 feat: DualInflowControlManager DAO 이중 호출 제거 및 타겟 메트릭 추가
- 베이스 맵 메서드 오버라이드(getAdapterAllKeys, getInterfaceAllKeys,
  getAdapterInflowThreashold, getInterfaceInflowThreashold,
  removeAdapter, removeInterface)로 DAO 이중 호출 제거
- super.reload*() 호출 제거
- 어댑터/인터페이스/클라이언트별 TargetMetrics 수집 추가
  (allowed, rejectedPerSecond, rejectedThreshold)
- 메트릭 조회/초기화 API 메서드 추가
- 단위테스트: DualInflowControlManagerBucketMethodsTest(18건),
  DualInflowControlManagerMetricsTest 확장

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-30 10:15:04 +09:00
curry772 2bfc3d0bde refactor: AbstractInflowControlManager 상속 구조 리팩토링 및 커맨드 클래스 타입 변경
InflowControlManager에서 공통 로직을 AbstractInflowControlManager로 분리하고,
커맨드 클래스들이 AbstractInflowControlManager 타입을 사용하도록 변경.
InflowControlUtil에 cachedInflowControlManager 정적 캐시 도입.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-30 10:14:31 +09:00
curry772 9589bc635a test: 클라이언트 유량제어 Command 단위 테스트 추가
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-29 15:15:11 +09:00
curry772 ca8be26583 feat: 클라이언트 유량제어 Command 추가 및 removeClient() 구현
- ReloadInflowClientControlCommand: 클라이언트 버킷 전체/개별 리로드
- RemoveInflowClientControlCommand: 클라이언트 버킷 제거
- DualInflowControlManager.removeClient(clientId) 메서드 추가
  (기존 removeAdapter/removeInterface와 동일한 패턴)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-29 14:59:15 +09:00
curry772 5641baff35 Merge branch 'feature/circuit-breaker-test' into master 2026-04-29 14:47:15 +09:00
curry772 f36f78d63c refactor: TypedCircuitBreakerManager 미사용 코드 정리
- urlCBConfigMap 선언 주석 처리 (URL 기반 CB 기능 미사용)
- AlarmStateManager 연동 코드 주석 처리 (AlarmEvent/AlarmCondition/CoreAlarmKey import 제거)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-29 14:47:01 +09:00
curry772 06f0d389a6 test: TypedCircuitBreakerManager 단위테스트 추가 및 idCBConfigMap 버그 수정
- TypedCircuitBreakerManagerTest 추가 (JUnit5/Mockito, DB/Spring 없이 동작)
- getCircuitBreaker 조회/fallback/비활성화/normalizeUseYn 검증 (1-1~1-5)
- apiId 별 CB 인스턴스 독립성 및 상태 격리 검증 (2-1~2-2)
- CLOSED/OPEN/HALF_OPEN 상태 전이 전체 검증 (3-1~3-6)
- reload(key) 설정 갱신/비활성화 제거, reload() 레지스트리 재생성 검증 (4-1~4-3)
- 생명주기 isStarted 검증 (5-1)
- init()에서 idCBConfigMap.remove를 put으로 수정 (reload(key) 동작 오류 버그 수정)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-29 13:32:44 +09:00
curry772 00735f6614 Merge branch 'feature/hsm-integration-jdk8' into master 2026-04-29 12:59:07 +09:00
curry772 a1a5a34874 feat: HSM 키 캐시 및 PropManager 연동 초기화, DB 설정 파싱 오류 수정
- HsmCryptoService: getPublicKey/getSecretKey ConcurrentHashMap 캐시 추가 (HSM 통신 최소화)
- HsmCryptoService: encryptAes/decryptAes Provider 파라미터 오버로드 추가 (non-extractable 키 지원)
- HsmCryptoService: PropertyChangeListener 구현, HSM.CACHE_RELOAD_YN=Y 시 clearKeyCache() 자동 호출
- HsmCryptoService: @PostConstruct NPE 수정 - PropManager.getInstance() → @Autowired 직접 주입
- HsmManager: DB PKCS11_CONFIG 리터럴 \n → 실제 줄바꿈 치환 (파싱 오류 수정)
- HsmManager: 기동 시 HSM 키 목록 로그 추가

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-29 12:58:50 +09:00
curry772 acdb58049c feat: SafeNet HSM 연동 구현 (JDK 8 / SunPKCS11)
- HsmManager: SunPKCS11 Provider 초기화, Lifecycle 관리
  - JDK 8 / JDK 9+ 분기를 리플렉션으로 처리하는 createProvider() 추가
  - PropManager DB에서 PKCS11_CONFIG / PIN 읽어 초기화
- HsmCryptoService: RSA / AES 암복호화 서비스
  - encryptRsa: 공개키 기반 JVM 소프트웨어 암호화
  - decryptRsa: HSM 내부 복호화 (미초기화 시 HsmException 발생)
  - encryptAes / decryptAes: AES/CBC/PKCS5Padding
- HsmException: HSM 전용 커스텀 예외
- pkcs11-dev.cfg: SoftHSM2용 (slotListIndex = 0)
- pkcs11-prod.cfg: SafeNet ProtectServer 운영용 (slot = 0)
- HsmSoftHsm2IntegrationTest: 저수준 PKCS11 직접 테스트 (8개)
- HsmManagerServiceTest: HsmManager/HsmCryptoService 경유 테스트 (8개)
  Mockito + GenericApplicationContext로 DB 없이 실행 가능

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-28 20:52:14 +09:00
curry772 81f7898eb1 Merge branch 'feature/inflow-control-improvement' into master 2026-04-27 17:24:58 +09:00
curry772 d08c7efcdc refactor: DualRequestProcessor를 inbound.processor 패키지로 이동
유량제어 컴포넌트(inflow.dual)가 아닌 요청 처리기이므로
부모 클래스(RequestProcessor)와 동일 패키지로 이동.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-27 13:50:48 +09:00
curry772 a4c9a2f2bd feat: Dual 이중 버킷 유량제어 패키지 추가 (DJErp→Dual 리네임·이관)
- InflowType 열거형 추가 (ADAPTER/INTERFACE/CLIENT 타입 코드 캡슐화)
- InflowControlDAO: InflowType 기반 범용 메서드 추가, 기존 메서드 위임
- RequestProcessor: private→protected 전환, 클라이언트/어댑터/인터페이스
  유량제어 훅 메서드 5개 추가 (checkClientInflow 등)
- dual 패키지 신규 추가
  · DualCustomBucket: perSecond/threshold 이중 버킷, 차단 원인 구분
  · DualBucket: isAdapterPassDetail 등 차단 원인 반환 인터페이스
  · DualInflowControlManager: 그룹 메트릭 카운팅(TargetMetrics), 리로드 연동
  · DualRequestProcessor: 클라이언트 유량제어 + 상세 오류 메시지 훅 구현
- 단위 테스트 5종 추가 (DualCustomBucket, Manager, Metrics, RequestProcessor, Concurrency)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-27 09:40:27 +09:00
curry772 632550220d fix: Reload 동시성 수정 - volatile ConcurrentHashMap + 원자적 맵 교체
1. 맵 5개를 volatile + ConcurrentHashMap으로 변경
   - 비동기 읽기(isGroupPass 등) 중 HashMap 구조 변경으로 발생하던 race condition 제거

2. initAdapter/Interface/Group()에서 빌드-완성 후 원자적 교체 패턴 적용
   - 신규 맵을 완전히 구성한 뒤 this.field = newMap으로 한 번에 교체
   - 구→신 전환 중 불완전 상태가 외부에 노출되던 문제 제거

3. removeAdapter/Interface/Group()에 synchronized 추가
   - 락 없이 맵을 수정하던 메서드와 reload 사이의 race condition 방지

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-23 15:25:58 +09:00
curry772 d88dbe1eef feat: 리플렉션 제거 - InflowControlManager.getGroupBucket() public 메서드 추가
groupBucketList private 필드에 리플렉션 없이 접근할 수 있도록
getGroupBucket(String groupId) public 메서드 제공.

그룹 테이블 테스트 픽스처 SQL 추가 및 InflowControlManagerTest에
getGroupBucket() 동작 검증 테스트 케이스 2개 추가.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-23 15:21:00 +09:00
curry772 31b8a2b130 Merge branch 'feature/standard-message-djb' 2026-04-23 14:14:54 +09:00
curry772 d81aeeef67 chore: DJErp InterfaceID 설정 TODO 주석 추가
표준전문 InterfaceID에 SEND_RECV_DIVISION·IN_EX_DIVISION 포함 여부 결정 전까지
mapper.setInterfaceId() 호출을 주석 처리 및 TODO 표기.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-23 14:10:54 +09:00
curry772 5dae063fe5 fix: FLAT 직렬화 시 비활성 조건부 GROUP 블록 바이트 포함 버그 수정
toByteArray() / getBytesDataLength() GROUP 케이스에서
size==0 이면 refPath/refValue 유무와 무관하게 무조건 skip 하도록 변경.
(toJson() 동작과 일치)

기존 로직은 refPath 또는 refValue 가 없는 경우에만 skip 하여,
조건부 블록(EZDATA, MSG 등)이 비활성 상태(size=0, isHidden=false)일 때도
FLAT 바이트에 잘못 포함되는 문제가 있었음.
→ FlatReader 파싱 시 오프셋 불일치로 overflow 예외 또는 DATA 필드 오염 발생.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-23 10:34:22 +09:00
curry772 024b24af49 Merge branch 'master' into feature/standard-message-djb 2026-04-22 15:50:23 +09:00
curry772 6807e2b947 Merge branch 'feature/jejubank-oauth-bypass' 2026-04-22 15:49:37 +09:00
curry772 56fc66faa0 fix: 표준헤더 진행번호(SendTime) 처리 수정
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-22 15:40:49 +09:00
curry772 126f41624d Merge branch 'feature/standard-message-djb' into master 2026-04-21 16:00:25 +09:00
curry772 ae6ed9b262 fix: DJBank 표준전문 대응 프레임워크 수정
- BaseFCProcess.setGUID(): nextGuidSeq 자동 호출 비활성화
  (guid_prgs_no 증가는 Coordinator에서 처리)
- DefaultProcess: 오류 응답 시 nextGuidSeq 자동 호출 비활성화
- RequestProcessor: GUID 조합(guid+seq) 로직 비활성화,
  logger.error에 exception 객체 추가
- StandardMessageManager: config 기본 경로 ./resources/ → ./ 수정

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-21 15:48:20 +09:00
curry772 6f5af2ac69 fix: toJson 직렬화 시 빈 항목 제외 처리
itemPart가 비어있을 경우 구분자와 내용을 출력하지 않도록 수정.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-21 09:08:31 +09:00
curry772 6fd9caa7d4 오류응답 디폴트 형식(ERROR_MESSAGE_DEFAULT_FORMAT) 프러퍼티 설정 가능하도록 수정
- 프러퍼티 그룹 : MessageUtil
- 프러퍼티 : ERROR_MESSAGE_DEFAULT_FORMAT
2026-04-17 09:43:32 +09:00
curry772 68cf1dff16 Authorization 오류 메시지 출력 변경 - 실제 사용하는 토큰헤더이름사용하도록 변경 2026-04-17 09:42:13 +09:00
curry772 bebf5fa36d ApiConfig token.header.name 프러퍼티를 추가하여 token 헤더 프러퍼티 추가 2026-04-15 17:39:59 +09:00
curry772 dd9fc6fbdb BearerToken 간헐적 파싱 못하는 경우 발생에 대한 방어로직 2026-04-09 08:59:38 +09:00
curry772 71686fb387 RFC 2616 §13.5.1 (Hop-by-hop 헤더 목록) 오류 정정, Trailers -> Trailer 2026-04-08 14:38:34 +09:00
curry772 bc8b549a33 HTTP Header 로그 off 기능 - -Duse.http.header.log=y 옵션 추가시 로깅 2026-04-08 14:16:59 +09:00
curry772 56ac438265 fix: 비-mTLS https 연결 시 testMode에서 hostname 검증 우회 적용
TrustAllStrategy 사용 시에도 DefaultHostnameVerifier가 적용되어
외부 testmaster 인증서 hostname mismatch 오류 발생.
testMode(-Duse.test.trust=y)일 때 NoopHostnameVerifier 적용하여 해결.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-08 09:57:51 +09:00
curry772 791e362a74 feature: DJErp OAuth bypass 지원을 위한 공통 모듈 개선
- UnkownMessageLogUtils 추가: unknown 메시지 발생 시 DB 에러 로그 기록
- HttpAdapterServiceSupport: transactionId 추출을 try 블록 외부로 이동,
  예외 분기 처리(HttpStatusException/JwtAuthException/Exception) 및 UnkownMessageLogUtils 연동
- ApiAuthFilter: eaiSvcCd 강제 덮어쓰기 로직 주석처리 (STDMessage 조회값 우선 사용)
- MessageUtil: ERROR_MESSAGE_DEFAULT_FORMAT을 표준 OAuth2 에러 형식으로 변경

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 00:01:38 +09:00
114 changed files with 13960 additions and 940 deletions
+2
View File
@@ -82,6 +82,8 @@ dependencies {
api 'com.nimbusds:nimbus-jose-jwt:9.24.3'
api 'org.bouncycastle:bcprov-jdk15on:1.70'
api "io.undertow:undertow-servlet:${undertowVersion}"
api 'org.java-websocket:Java-WebSocket:1.3.9'
api 'javax.cache:cache-api:1.1.1'
@@ -0,0 +1,319 @@
package com.eactive.eai.adapter.handler;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import com.eactive.eai.common.property.PropManager;
import com.google.gson.JsonElement;
import com.google.gson.JsonParser;
import com.eactive.eai.common.util.Logger;
import com.eactive.eai.message.StandardItem;
import com.eactive.eai.message.StandardMessage;
/**
* 템플릿 기반 어댑터 에러 메시지 핸들러.
*
* [프로퍼티 설정]
* AdapterPropManager 의 "AdapterErrorMessageHandler" 프로퍼티 그룹에서
* "{adapterGroupId}.template" 키로 등록된 템플릿 문자열을 읽어
* StandardMessage 의 필드 값으로 치환한 결과를 반환한다.
*
* [변수 치환 규칙]
* 1. "${callprop.키}" → callProp.getProperty("키") 로 치환
* "${callprop.키:기본값}" → 키 없거나 callProp null 이면 기본값 반환
* 2. "${callprop[경로]}" → StandardMessage 경로 값을 키로 callProp 간접 조회
* "${callprop[경로]:기본값}" → 키 결정 실패 또는 키 없으면 기본값 반환
* 3. "${경로}" → StandardMessage.findItemValue("경로") 로 치환
* "${경로:기본값}" → 경로 값이 null/공백이면 기본값 반환
* 모든 형태에서 기본값 미지정 시 빈 문자열을 반환한다.
*
* [배열 반복 문법] (MSG_LIST 등 GRID 타입)
* {{#foreach MSG.MSG_LIST}}
* { "code":"${outp_msg_cd}", "msg":"${outp_msg_ctnt}" }
* {{/foreach}}
* → MSG_LIST 각 행을 반복하며 행 내 필드명(접두어 없이)으로 치환,
* 반복 결과를 쉼표(,)로 이어 붙임
*
* [사용 예 JSON 템플릿]
* {
* "adapterName": "${callprop.ADAPTER_NAME}",
* "resultCode": "${MSG.MAIN_MSG.outp_msg_cd}",
* "resultMsg": "${MSG.MAIN_MSG.outp_msg_ctnt}",
* "errors": [
* {{#foreach MSG.MSG_LIST}}
* {
* "code": "${outp_msg_cd}",
* "msg": "${outp_msg_ctnt}",
* "desc": "${outp_msg_desc}",
* "field": "${err_occu_item_nm}"
* }
* {{/foreach}}
* ]
* }
*
* [사용 예 – XML 템플릿]
* <error>
* <adapter>${callprop.ADAPTER_NAME}</adapter>
* <code>${MSG.MAIN_MSG.outp_msg_cd}</code>
* <errors>
* {{#foreach MSG.MSG_LIST}}
* <item><code>${outp_msg_cd}</code><msg>${outp_msg_ctnt}</msg></item>
* {{/foreach}}
* </errors>
* </error>
*
* [callProp 중첩 Properties 참조]
* callProp 의 값이 Properties 인 경우 점(.) 으로 체인 탐색이 가능하다.
* callProp.put("OUTBOUND", subProps) // subProps.setProperty("IF_ID", "SVC001")
* → 템플릿에서 ${callprop.OUTBOUND.IF_ID} 로 참조
* 중간 값이 Properties 가 아닌 경우 전체 keyPath 를 키로 폴백 조회한다.
*/
public class TemplateAdapterErrorMsgHandler implements AdapterErrorMessageHandler {
private static final Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
/** AdapterPropManager 에서 템플릿을 조회할 프로퍼티 그룹 이름 */
static final String PROP_GROUP = "AdapterErrorMessageHandler";
/** callProp 참조 변수 접두어: ${callprop.키} */
static final String CALLPROP_PREFIX = "callprop.";
/** callProp 간접 참조 접두어: ${callprop[표준전문경로]} */
static final String CALLPROP_INDIRECT_PREFIX = "callprop[";
/** ${path} 또는 ${callprop.key} 스칼라 변수 패턴 */
private static final Pattern VAR_PATTERN =
Pattern.compile("\\$\\{([^}]+)\\}");
/** {{#foreach path}}...{{/foreach}} 배열 반복 블록 패턴 */
private static final Pattern FOREACH_PATTERN =
Pattern.compile("\\{\\{#foreach\\s+([^}]+)\\}\\}(.*?)\\{\\{/foreach\\}\\}",
Pattern.DOTALL);
@Override
public Object generateNonStandardErrorResponseMessage(
String inboundAdapterGroupName,
String inboundAdapterName,
Properties callProp,
Object outboundRequestData,
StandardMessage resStandardMessage) throws Exception {
String templateKey = inboundAdapterGroupName + ".template";
String template = PropManager.getInstance().getProperty(PROP_GROUP, templateKey);
if (StringUtils.isBlank(template)) {
if (logger.isWarn()) {
logger.warn("TemplateAdapterErrorMsgHandler] template not found. group=" + PROP_GROUP
+ ", key=" + templateKey);
}
return null;
}
return render(template, resStandardMessage, callProp);
}
/**
* 템플릿에 StandardMessage 및 callProp 값을 치환해 최종 문자열을 반환한다.
* package-private: 단위 테스트에서 직접 호출 가능
*/
String render(String template, StandardMessage msg, Properties callProp) {
// 1단계: {{#foreach path}}...{{/foreach}} 배열 반복 처리
StringBuffer sb = new StringBuffer();
Matcher foreachMatcher = FOREACH_PATTERN.matcher(template);
while (foreachMatcher.find()) {
String arrayPath = foreachMatcher.group(1).trim();
String blockContent = foreachMatcher.group(2);
String rendered = renderForeach(arrayPath, blockContent, msg);
foreachMatcher.appendReplacement(sb, Matcher.quoteReplacement(rendered));
}
foreachMatcher.appendTail(sb);
// 2단계: 나머지 ${path} / ${callprop.키} 스칼라 변수 치환
String intermediate = sb.toString();
StringBuffer result = new StringBuffer();
Matcher varMatcher = VAR_PATTERN.matcher(intermediate);
while (varMatcher.find()) {
String expr = varMatcher.group(1).trim();
String value = resolveScalar(expr, msg, callProp);
varMatcher.appendReplacement(result, Matcher.quoteReplacement(value));
}
varMatcher.appendTail(result);
return result.toString();
}
/**
* 변수 표현식을 해석해 값을 반환한다.
* 모든 형태에서 ':기본값' 접미사를 지원한다. 기본값 미지정 시 빈 문자열.
* - "callprop[경로][:기본값]" → 표준전문 경로 값을 키로 callProp 간접 조회
* - "callprop.키[:기본값]" → callProp 직접/중첩 조회
* - "경로[:기본값]" → StandardMessage.findItemValue(경로)
*/
private String resolveScalar(String expr, StandardMessage msg, Properties callProp) {
if (expr.startsWith(CALLPROP_INDIRECT_PREFIX)) {
return resolveIndirectCallProp(expr, msg, callProp);
}
if (expr.startsWith(CALLPROP_PREFIX)) {
String rest = expr.substring(CALLPROP_PREFIX.length());
int colonIdx = rest.indexOf(':');
String keyPath = colonIdx >= 0 ? rest.substring(0, colonIdx) : rest;
String defaultVal = colonIdx >= 0 ? rest.substring(colonIdx + 1) : "";
if (callProp == null) return defaultVal;
String value = resolveCallProp(callProp, keyPath);
return value != null ? value : defaultVal;
}
int colonIdx = expr.indexOf(':');
String path = colonIdx >= 0 ? expr.substring(0, colonIdx) : expr;
String defaultVal = colonIdx >= 0 ? expr.substring(colonIdx + 1) : "";
String value = resolveMessagePath(msg, path);
return StringUtils.isNotEmpty(value) ? value : defaultVal;
}
/**
* StandardMessage 경로를 해석한다.
* 1. findItemValue(path) 로 직접 조회한다.
* 2. null 이면 경로를 뒤에서부터 분리하며, 부모 경로 값이 JSON 문자열인 경우
* 나머지 경로(subPath)를 키로 JSON 필드를 추출한다.
* 예) DATA.BIZDATA.acctNo → findItemValue("DATA.BIZDATA") → JSON 파싱 → acctNo
* DATA.BIZDATA.addr.city → findItemValue("DATA.BIZDATA") → JSON 파싱 → addr.city
*/
private String resolveMessagePath(StandardMessage msg, String path) {
String value = msg.findItemValue(path);
if (value != null) return value;
int dotIdx = path.lastIndexOf('.');
while (dotIdx > 0) {
String parentPath = path.substring(0, dotIdx);
String subPath = path.substring(dotIdx + 1);
String parentVal = msg.findItemValue(parentPath);
if (StringUtils.isNotBlank(parentVal)) {
String extracted = extractFromJson(parentVal, subPath);
if (extracted != null) return extracted;
}
dotIdx = parentPath.lastIndexOf('.');
}
return null;
}
/**
* JSON 문자열에서 dot 구분 경로로 필드 값을 추출한다.
* 중간 경로가 JSON 오브젝트면 계속 탐색하고, 최종 값이 primitive 면 문자열로,
* 오브젝트/배열이면 JSON 문자열 그대로 반환한다. 파싱 실패 시 null 반환.
*/
private String extractFromJson(String json, String fieldPath) {
try {
JsonElement el = new JsonParser().parse(json);
for (String part : fieldPath.split("\\.", -1)) {
if (!el.isJsonObject()) return null;
el = el.getAsJsonObject().get(part);
if (el == null) return null;
}
return el.isJsonPrimitive() ? el.getAsString() : el.toString();
} catch (Exception e) {
return null;
}
}
/**
* ${callprop[경로]} 또는 ${callprop[경로]:기본값} 처리.
* 1. 표준전문 경로로 callProp 키를 동적으로 결정한다.
* 2. 결정된 키로 callProp 에서 값을 조회한다.
* 3. 키 또는 값을 찾지 못하면 기본값(없으면 빈 문자열)을 반환한다.
*/
private String resolveIndirectCallProp(String expr, StandardMessage msg, Properties callProp) {
int closeIdx = expr.indexOf(']');
if (closeIdx < 0) return "";
String msgPath = expr.substring(CALLPROP_INDIRECT_PREFIX.length(), closeIdx);
String defaultVal = (closeIdx + 1 < expr.length() && expr.charAt(closeIdx + 1) == ':')
? expr.substring(closeIdx + 2)
: "";
String key = msg.findItemValue(msgPath);
if (StringUtils.isBlank(key)) return defaultVal;
if (callProp == null) return defaultVal;
String value = resolveCallProp(callProp, key);
return value != null ? value : defaultVal;
}
/**
* Properties 체인을 점(.) 구분자로 재귀 탐색한다.
* - 첫 세그먼트의 값이 Properties 이면 나머지 경로로 재귀
* - String 이면 반환, 그 외 Object 이면 toString() 반환
* - 첫 세그먼트 값이 Properties 가 아닌 경우 전체 keyPath 로 폴백 조회
*/
private String resolveCallProp(Properties props, String keyPath) {
int dotIdx = keyPath.indexOf('.');
if (dotIdx < 0) {
Object val = props.get(keyPath);
if (val == null) return null;
if (val instanceof String) return (String) val;
return val.toString();
}
String first = keyPath.substring(0, dotIdx);
String rest = keyPath.substring(dotIdx + 1);
Object val = props.get(first);
if (val instanceof Properties) {
return resolveCallProp((Properties) val, rest);
}
// 중간 값이 Properties 가 아닌 경우: 전체 keyPath 를 키로 폴백
Object direct = props.get(keyPath);
if (direct == null) return null;
if (direct instanceof String) return (String) direct;
return direct.toString();
}
/**
* GRID 타입 배열 아이템을 반복하며 blockContent 를 각 행으로 치환,
* 결과를 쉼표로 이어 반환한다. (foreach 블록 내부는 callProp 참조 미지원)
*/
private String renderForeach(String arrayPath, String blockContent, StandardMessage msg) {
StandardItem arrayItem = msg.findItem(arrayPath);
if (arrayItem == null) {
if (logger.isWarn()) logger.warn("TemplateAdapterErrorMsgHandler] foreach path not found: " + arrayPath);
return "";
}
List<LinkedHashMap<String, StandardItem>> rows = arrayItem.getList();
if (rows == null || rows.isEmpty()) {
return "";
}
List<String> renderedItems = new ArrayList<>();
for (LinkedHashMap<String, StandardItem> row : rows) {
String rowText = renderRow(blockContent, row);
if (StringUtils.isNotBlank(rowText)) {
renderedItems.add(rowText);
}
}
return String.join(",", renderedItems);
}
/**
* 배열 한 행(LinkedHashMap) 기준으로 blockContent 의 ${fieldName} 을 치환한다.
* fieldName 은 경로 없이 해당 행의 컬럼명만 사용한다.
*/
private String renderRow(String blockContent, LinkedHashMap<String, StandardItem> row) {
StringBuffer result = new StringBuffer();
Matcher varMatcher = VAR_PATTERN.matcher(blockContent);
while (varMatcher.find()) {
String fieldName = varMatcher.group(1).trim();
String value = "";
StandardItem item = row.get(fieldName);
if (item != null) {
value = StringUtils.defaultString(item.getValue());
}
varMatcher.appendReplacement(result, Matcher.quoteReplacement(value));
}
varMatcher.appendTail(result);
return result.toString().trim();
}
}
@@ -40,7 +40,9 @@ import com.eactive.eai.adapter.AdapterManager;
import com.eactive.eai.adapter.Keys;
import com.eactive.eai.adapter.http.secure.HttpClient5SSLContextFactory;
import com.eactive.eai.common.TransactionContextKeys;
import com.eactive.eai.common.message.EAIMessageKeys;
import com.eactive.eai.common.property.PropManager;
import com.eactive.eai.common.server.EAIServerManager;
import com.eactive.eai.common.util.HttpAdapterExtraLogUtil;
import com.eactive.eai.common.util.Logger;
import com.eactive.eai.httpouttlsinfo.HttpOutTlsInfoVO;
@@ -53,6 +55,8 @@ public abstract class HttpClient5AdapterServiceSupport implements HttpClientAdap
private static boolean testMode = TestModeChecker.isTestMode();
private static boolean httpHeaderLogMode = HttpAdapterExtraLogUtil.isHttpHeaderMode();
public synchronized void close() {
if(connectionManager != null) {
connectionManager.close();
@@ -366,8 +370,20 @@ public abstract class HttpClient5AdapterServiceSupport implements HttpClientAdap
}
else {
sslContext = SSLContextBuilder.create().loadTrustMaterial(new TrustAllStrategy()).build();
SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext);
cmBuilder.setSSLSocketFactory(csf);
SSLConnectionSocketFactory sslSocketFactory = null;
if(testMode) {
// Hostname verifier 비활성화 (테스트용)
sslSocketFactory = new SSLConnectionSocketFactory(
sslContext
, NoopHostnameVerifier.INSTANCE
);
}
else {
sslSocketFactory = new SSLConnectionSocketFactory(
sslContext
);
}
cmBuilder.setSSLSocketFactory(sslSocketFactory);
}
} catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException
@@ -384,6 +400,11 @@ public abstract class HttpClient5AdapterServiceSupport implements HttpClientAdap
HttpRequestInterceptor requestLogInterceptor = (request, entity, context) -> {
if (!httpHeaderLogMode) {
logger.info("httpHeader logging off - use.http.header.log");
return;
}
try {
String uuid = (String) context.getAttribute(TransactionContextKeys.TRANSACTION_UUID);
String contextAdapterGroupName = (String) context.getAttribute(HttpClientAdapterServiceKey.ADAPTER_GROUP_NAME);
@@ -403,7 +424,12 @@ public abstract class HttpClient5AdapterServiceSupport implements HttpClientAdap
};
HttpResponseInterceptor responseLogInterceptor = (response, entity, context) -> {
try{
if (!httpHeaderLogMode) {
logger.info("httpHeader logging off - use.http.header.log");
return;
}
try{
HttpRequest request = (HttpRequest)context.getAttribute("http.request");
String url = request.getUri().toString();
String uuid = (String) context.getAttribute(TransactionContextKeys.TRANSACTION_UUID);
@@ -542,4 +568,10 @@ public abstract class HttpClient5AdapterServiceSupport implements HttpClientAdap
}
public abstract Object execute(Properties prop, Object message, Properties tempProp) throws Exception;
protected boolean isTas(Properties tempProp) {
String simYn = tempProp.getProperty("SIM_YN");
return EAIServerManager.getInstance().isTASEnabledEAIServer()
&& StringUtils.equals(simYn, EAIMessageKeys.TRANTYPE_TAS);
}
}
@@ -7,6 +7,8 @@ import com.eactive.eai.adapter.http.client.HttpClientAdapterVO;
import com.eactive.eai.common.TransactionContextKeys;
import com.eactive.eai.common.message.MessageType;
import com.eactive.eai.common.util.CommonLib;
import com.eactive.eai.common.util.TxFileLogger;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.time.StopWatch;
@@ -41,14 +43,11 @@ public class HttpClient5AdapterServiceBody extends HttpClient5AdapterServiceSupp
boolean useForwardProxy = StringUtils.equalsIgnoreCase(prop.getProperty("FORWARD_PROXY_USE_YN", "N"), "Y");
String forwardProxyUrl = prop.getProperty("FORWARD_PROXY_URL");
if(useForwardProxy) {
if(useForwardProxy && !isTas(tempProp)) {
java.net.URL url = new java.net.URL(forwardProxyUrl);
// 프로토콜, 호스트, 포트 추출
String protocol = url.getProtocol();
String host = url.getHost();
int port = url.getPort();
HttpHost proxy = new HttpHost(protocol,host, port);
HttpHost proxy = new HttpHost(url.getProtocol(), url.getHost(), url.getPort());
requestConfigBuilder.setProxy(proxy);
}
@@ -121,7 +120,9 @@ public class HttpClient5AdapterServiceBody extends HttpClient5AdapterServiceSupp
HttpMemoryLogger.txlog(vo.getAdapterGroupName() + vo.getAdapterName(),
"SEND [" + sendData + "]" + CommonLib.getDumpMessage(sendData));
}
TxFileLogger.logTxFile(tempProp, sendData, "[OUT_SEND]");
String uuid = tempProp.getProperty(TransactionContextKeys.TRANSACTION_UUID);
HttpContext context = new BasicHttpContext();
context.setAttribute(TransactionContextKeys.TRANSACTION_UUID, uuid);
@@ -150,7 +151,8 @@ public class HttpClient5AdapterServiceBody extends HttpClient5AdapterServiceSupp
}
stopWatch.stop();
TxFileLogger.logTxFile(tempProp, responseString, "[OUT_RECV]");
if (status >= 400 && status < 500) {
String errMsg = String.format(
@@ -11,6 +11,7 @@ import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -74,6 +75,7 @@ import com.eactive.eai.common.exception.ExceptionUtil;
import com.eactive.eai.common.message.MessageType;
import com.eactive.eai.common.property.PropManager;
import com.eactive.eai.common.util.CommonLib;
import com.eactive.eai.common.util.TxFileLogger;
import com.jayway.jsonpath.DocumentContext;
import com.jayway.jsonpath.JsonPath;
import com.kjbank.encrypt.exchange.crypto.AES256Cipher;
@@ -294,14 +296,11 @@ public class HttpClient5AdapterServiceRest extends HttpClient5AdapterServiceSupp
RequestConfig.Builder requestConfigBuilder = RequestConfig.custom();
if(useForwardProxy) {
if(useForwardProxy && !isTas(tempProp)) {
java.net.URL url = new java.net.URL(forwardProxyUrl);
// 프로토콜, 호스트, 포트 추출
String protocol = url.getProtocol();
String host = url.getHost();
int port = url.getPort();
HttpHost proxy = new HttpHost(protocol,host, port);
HttpHost proxy = new HttpHost(url.getProtocol(), url.getHost(), url.getPort());
requestConfigBuilder.setProxy(proxy);
}
@@ -429,6 +428,8 @@ public class HttpClient5AdapterServiceRest extends HttpClient5AdapterServiceSupp
HttpMemoryLogger.txlog(vo.getAdapterGroupName() + vo.getAdapterName(),
"SEND [" + sendData + "]" + CommonLib.getDumpMessage(sendData));
}
TxFileLogger.logTxFile(tempProp, sendData, "[OUT_SEND]");
String uuid = tempProp.getProperty(TransactionContextKeys.TRANSACTION_UUID);
HttpContext context = new BasicHttpContext();
@@ -474,11 +475,14 @@ public class HttpClient5AdapterServiceRest extends HttpClient5AdapterServiceSupp
// 여기까지
responseHeaders = response.getHeaders();
TxFileLogger.logTxFile(tempProp, new String(responseMessage, vo.getEncode()), "[OUT_RECV]");
if (logger.isDebug()) {
logger.debug("[received status]" + status);
logger.debug("HttpClientAdapterServiceRest] RECV (" + vo.getAdapterGroupName() + ") = [" + responseMessage + "]");
}
}
} catch (ConnectException e) {
if (logger.isDebug() && "N".equals(vo.getTestCallYn())) {
@@ -708,12 +712,19 @@ public class HttpClient5AdapterServiceRest extends HttpClient5AdapterServiceSupp
return new String(responseMessage, encode);
}
String[] relayKeyArr = org.springframework.util.StringUtils.tokenizeToStringArray(relayHeaderKeys, ",");
JSONObject headerJson = new JSONObject();
for (String key : relayKeyArr) {
String value = responseHeaderProp.getProperty(key);
if (StringUtils.isNotBlank(value)) {
headerJson.put(key, value);
if (StringUtils.equalsIgnoreCase(relayHeaderKeys, "ALL")) {
for (Enumeration<Object> e = responseHeaderProp.keys(); e.hasMoreElements(); ) {
String key = (String)e.nextElement();
headerJson.put(StringUtils.lowerCase(key), responseHeaderProp.getProperty(key));
}
} else {
String[] relayKeyArr = org.springframework.util.StringUtils.tokenizeToStringArray(relayHeaderKeys, ",");
for (String key : relayKeyArr) {
String value = responseHeaderProp.getProperty(key);
if (StringUtils.isNotBlank(value)) {
headerJson.put(StringUtils.lowerCase(key), value);
}
}
}
@@ -0,0 +1,142 @@
package com.eactive.eai.adapter.http.client.impl;
import java.util.Properties;
import org.apache.commons.lang3.StringUtils;
import org.dom4j.Node;
import org.json.simple.JSONObject;
import com.eactive.eai.adapter.http.client.HttpClientAdapterServiceKey;
import com.eactive.eai.adapter.http.client.impl.filter.HttpClient5AdapterFilterFactory;
import com.eactive.eai.adapter.http.client.impl.filter.HttpClientAdapterFilter;
/**
* 1. 기능 : HttpClient5AdapterServiceRest 호출 전후 Filter 적용할 있는 기능을 제공한다.<br>
* 2. 처리 개요 : <br>
* 3. 주의사항 <br>
*
* @author :
* @version : v 1.0.0
* @see : HttpClientAdapterServiceFactory.java,
* HttpClientAdapterServiceSupport.java, HttpClient5AdapterServiceRest.java
* @since :
*
*/
public class HttpClient5AdapterServiceRestAddFilter extends HttpClient5AdapterServiceRest
implements HttpClientAdapterServiceKey {
// 요청전 수행할 필터(쉼표(,) 구분)
static final String PRE_FILTERS = "PRE_FILTERS";
// 요청후 수행할 필터(쉼표(,) 구분)
static final String POST_FILTERS = "POST_FILTERS";
// // Adapter에서 Exception이 발생한 경우, 처리할 필터
// static final String EXCEPTION_FILTER = "EXCEPTION_FILTER";
/**
* 1. 기능 : HttpClient 호출 전후 Filter 적용용 2. 처리 개요 : <br>
* 3. 주의사항 <br>
*
* @param prop Http Adapter 속성 정보
* @return 반환 Object
* @exception Exception 수동 시스템 통신 발생
*/
public Object execute(Properties prop, Object data, Properties tempProp) throws Exception {
String adptGrpName = tempProp.getProperty(ADAPTER_GROUP_NAME);
String adptName = tempProp.getProperty(ADAPTER_NAME);
data = doPreFilters(adptGrpName, adptName, prop, data, tempProp);
Object adapterResponse = super.execute(prop, data, tempProp);
adapterResponse = doPostFilters(adptGrpName, adptName, prop, adapterResponse, tempProp);
if (adapterResponse instanceof JSONObject)
adapterResponse = ((JSONObject) adapterResponse).toJSONString();
if (adapterResponse instanceof Node)
adapterResponse = ((Node) adapterResponse).asXML();
return adapterResponse;
}
protected Object doPreFilters(String adptGrpName, String adptName, Properties prop, Object message,
Properties tempProp) throws Exception {
// boolean isSetCommonFilterInAdapterProp = false;
// 1. adapter에 설정된 필터 수행
String preFiltersStr = prop.getProperty(PRE_FILTERS);
if (StringUtils.isNotEmpty(preFiltersStr)) {
String[] preFilters = StringUtils.split(preFiltersStr, ",");
for (String filterName : preFilters) {
if (StringUtils.isBlank(filterName)) {
continue;
}
logger.debug("HttpClient5AdapterServiceRestAddFilter] Processing Start [" + filterName + "]");
HttpClientAdapterFilter adapterFilter = HttpClient5AdapterFilterFactory.createFilter(filterName.trim());
if (adapterFilter != null) {
// if (adapterFilter instanceof IBKOutCommonFilter)
// isSetCommonFilterInAdapterProp = true;
message = adapterFilter.doPreFilter(adptGrpName, adptName, prop, message, tempProp);
} else {
throw new Exception("Failed get Filter Class: " + filterName);
}
}
}
// // 2. IBKOutCommonFilter 필터 수행(adapter 필터에서 수행하지 않을 때만)
// if (!isSetCommonFilterInAdapterProp) {
// HttpClientAdapterFilter ibkFilter = HttpClient5AdapterFilterFactory
// .createFilter(IBKOutCommonFilter.class.getName());
// if (ibkFilter != null) {
// message = ibkFilter.doPreFilter(adptGrpName, adptName, prop, message, tempProp);
// }
// } else {
// logger.debug("IBKOutCommonFilter isSetCommonFilterInAdapterProp 'POST_FILTERS'. already in adapter filters");
// }
return message;
}
protected Object doPostFilters(String adptGrpName, String adptName, Properties prop, Object message,
Properties tempProp) throws Exception {
// boolean isSetCommonFilterInAdapterProp = false;
// 1. adapter에 설정된 필터 수행
String postFiltersStr = prop.getProperty(POST_FILTERS);
if (StringUtils.isNotEmpty(postFiltersStr)) {
String[] postFilters = StringUtils.split(postFiltersStr, ",");
for (String filterName : postFilters) {
if (StringUtils.isBlank(filterName)) {
continue;
}
HttpClientAdapterFilter adapterFilter = HttpClient5AdapterFilterFactory.createFilter(filterName.trim());
if (adapterFilter != null) {
// if (adapterFilter instanceof IBKOutCommonFilter)
// isSetCommonFilterInAdapterProp = true;
message = adapterFilter.doPostFilter(adptGrpName, adptName, prop, message, tempProp);
} else {
throw new Exception("Failed get Filter Class: " + filterName);
}
}
}
// // 2. IBKOutCommonFilter 필터 수행
// if (!isSetCommonFilterInAdapterProp) {
// HttpClientAdapterFilter ibkFilter = HttpClient5AdapterFilterFactory
// .createFilter(IBKOutCommonFilter.class.getName());
// if (ibkFilter != null) {
// message = ibkFilter.doPostFilter(adptGrpName, adptName, prop, message, tempProp);
// }
// } else {
// logger.debug("IBKOutCommonFilter isSetCommonFilterInAdapterProp 'PRE_FILTERS'. already in adapter filters");
// }
return message;
}
}
@@ -0,0 +1,121 @@
package com.eactive.eai.adapter.http.client.impl.filter;
import java.util.Arrays;
import java.util.Map;
import java.util.Properties;
import java.util.TreeMap;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceKey;
import com.eactive.eai.common.property.PropManager;
import com.eactive.eai.common.util.Logger;
public class AllHeaderFilter implements HttpClientAdapterFilter, HttpAdapterServiceKey {
protected static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
public static final String PROPERTIES_GROUP_NAME = "HttpHeaderFilter";
public static final String HEADER_KEY_NAMES = "AllHeaderFilter.blackList";
String[] HttpHeaderRelayBlackList = {
"Content-Length",
"Transfer-Encoding",
"Host",
"Authorization",
"Accept",
"Host",
"Cookie",
"Connection",
"Keep-Alive",
"Proxy-Authenticate",
"Proxy-Authorization",
"TE",
"Trailer",
"Transfer-Encoding",
"Upgrade",
"Content-Type",
"Content-Encoding",
"Content-Language",
"Content-Location",
"Content-MD5",
"Expect",
};
@Override
public Object doPreFilter(String adptGrpName, String adptName, Properties prop, Object message, Properties tempProp)
throws Exception {
logger.debug("doPreFilter Processing Start.");
Properties filterHeaders = (Properties) tempProp.get("FILTERHEADER");
if (filterHeaders == null) {
filterHeaders = new Properties();
tempProp.put("FILTERHEADER", filterHeaders);
}
Map<String, String> inboundHeaderMap = getInboundHeaderProp(tempProp);
String propValue = PropManager.getInstance().getProperty(PROPERTIES_GROUP_NAME, HEADER_KEY_NAMES, "").trim();
String[] userSettingBlackList = propValue.split(",");
if( userSettingBlackList.length > 0 ) {
HttpHeaderRelayBlackList = Stream
.concat(Arrays.stream(HttpHeaderRelayBlackList), Arrays.stream(userSettingBlackList))
.toArray(String[]::new);
}
for(String keyName : inboundHeaderMap.keySet() ) {
if( StringUtils.equalsAnyIgnoreCase( keyName, HttpHeaderRelayBlackList ) ) {
logger.debug("Skip Processing Key ["+keyName+"], value ["+inboundHeaderMap.get(keyName)+"] in HttpHeaderRelayBlackList");
continue;
}
filterHeaders.put(keyName, inboundHeaderMap.get(keyName));
logger.debug("Processing Key ["+keyName+"], value ["+inboundHeaderMap.get(keyName)+"]");
}
logger.debug("doPreFilter Processing End.");
return message;
}
public Map<String, String> getInboundHeaderProp(Properties prop) {
Properties header = new Properties();
Map<String, String> inboundHeaderMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
try {
Object headerObj = prop.get(HttpAdapterServiceKey.INBOUND_HEADER);
if (headerObj instanceof Properties) { //tomcat
header = (Properties) headerObj;
for (String name : header.stringPropertyNames()) {
inboundHeaderMap.put(name, header.getProperty(name));
}
} else if (headerObj instanceof String) { //weblogic
String str = (String) headerObj;
str = str.substring(1, str.length() - 1);
// key=value 분리
String[] entries = str.split(",");
for (String entry : entries) {
String[] kv = entry.split("=", 2);
if (kv.length == 2) {
inboundHeaderMap.put(kv[0].trim(), kv[1].trim());
}
}
}
} catch (Exception e) {
e.printStackTrace();
}
return inboundHeaderMap;
}
@Override
public Object doPostFilter(String adptGrpName, String adptName, Properties prop, Object message,
Properties tempProp) throws Exception {
return message;
}
}
@@ -0,0 +1,118 @@
package com.eactive.eai.adapter.http.client.impl.filter;
import java.util.Arrays;
import java.util.Map;
import java.util.Properties;
import java.util.TreeMap;
import org.apache.commons.lang3.StringUtils;
import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceKey;
import com.eactive.eai.common.TransactionContextKeys;
import com.eactive.eai.common.property.PropManager;
import com.eactive.eai.common.util.Logger;
public class AsyncReponseFilter implements HttpClientAdapterFilter, HttpAdapterServiceKey {
protected static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
public static final String X_TRACE_ID = "partnerTraceId";
public static final String TRACE_ID = "traceId";
public static final String PROPERTIES_GROUP_NAME = "HttpHeaderFilter";
public static final String HEADER_KEY_NAMES = "AsyncReponseFilter";
@Override
public Object doPreFilter(String adptGrpName, String adptName, Properties prop, Object message, Properties tempProp)
throws Exception {
logger.debug("AsyncReponseFilter] PreFilter Processing Start!!");
String traceId = tempProp.getProperty(TransactionContextKeys.TRANSACTION_UUID, "");
Properties filterHeaders = (Properties) tempProp.get("FILTERHEADER");
if (filterHeaders == null) {
filterHeaders = new Properties();
tempProp.put("FILTERHEADER", filterHeaders);
}
String propValue = PropManager.getInstance().getProperty(PROPERTIES_GROUP_NAME, HEADER_KEY_NAMES, "").trim();
String[] headerKeyNames = propValue.split(",");
headerKeyNames = Arrays.stream(headerKeyNames)
.map(String::trim)
.toArray(String[]::new);
try {
Map<String, String> inboundHeaderMap = getInboundHeaderProp(tempProp);
if (!inboundHeaderMap.isEmpty()) {
if (inboundHeaderMap.containsKey(X_TRACE_ID)) {
filterHeaders.put(X_TRACE_ID, inboundHeaderMap.get(X_TRACE_ID));
logger.debug("AsyncReponseFilter] Processing Key ["+X_TRACE_ID+"], value ["+inboundHeaderMap.get(X_TRACE_ID)+"]");
}
if (inboundHeaderMap.containsKey(TransactionContextKeys.X_LOAN_TOKEN)) {
filterHeaders.put(TransactionContextKeys.X_LOAN_TOKEN, inboundHeaderMap.get(TransactionContextKeys.X_LOAN_TOKEN));
logger.debug("AsyncReponseFilter] Processing Key ["+TransactionContextKeys.X_LOAN_TOKEN+"], value ["+inboundHeaderMap.get(TransactionContextKeys.X_LOAN_TOKEN)+"]");
}
}
filterHeaders.setProperty(TRACE_ID, traceId);
logger.debug("AsyncReponseFilter] Processing Key ["+TRACE_ID+"], value ["+traceId+"]");
for (String keyName : inboundHeaderMap.keySet()) {
if (StringUtils.equalsAnyIgnoreCase(keyName, headerKeyNames)) {
String value = inboundHeaderMap.get(keyName);
filterHeaders.put(keyName, value);
logger.debug("AsyncReponseFilter] Processing Key [" + keyName + "], value [" + value + "]");
}
}
} catch (Exception e) {
logger.error(e.getMessage());
}
return message;
}
public Map<String, String> getInboundHeaderProp(Properties prop) {
Properties header = new Properties();
Map<String, String> inboundHeaderMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
try {
Object headerObj = prop.get(HttpAdapterServiceKey.INBOUND_HEADER);
if (headerObj instanceof Properties) { //tomcat
header = (Properties) headerObj;
for (String name : header.stringPropertyNames()) {
inboundHeaderMap.put(name, header.getProperty(name));
}
} else if (headerObj instanceof String) { //weblogic
String str = (String) headerObj;
str = str.substring(1, str.length() - 1);
// key=value 분리
String[] entries = str.split(",");
for (String entry : entries) {
String[] kv = entry.split("=", 2);
if (kv.length == 2) {
inboundHeaderMap.put(kv[0].trim(), kv[1].trim());
}
}
}
} catch (Exception e) {
e.printStackTrace();
}
return inboundHeaderMap;
}
@Override
public Object doPostFilter(String adptGrpName, String adptName, Properties prop, Object message,
Properties tempProp) throws Exception {
return message;
}
}
@@ -0,0 +1,90 @@
package com.eactive.eai.adapter.http.client.impl.filter;
import java.util.concurrent.ConcurrentHashMap;
import com.eactive.eai.common.util.Logger;
public class HttpClient5AdapterFilterFactory {
static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
static String customBasePackage = "com.eactive.eai.custom.adapter.http.client.filter";
static String basePackage = "com.eactive.eai.adapter.http.client.impl.filter";
private static ConcurrentHashMap<String, HttpClientAdapterFilter> h = new ConcurrentHashMap<>();
private HttpClient5AdapterFilterFactory() {
throw new IllegalStateException("Utility class");
}
public static HttpClientAdapterFilter createFilter(String type) {
if (h.containsKey(type)) {
return h.get(type);
}
HttpClientAdapterFilter filter = null;
switch (HttpClient5AdapterFilterType.getValue(type)) {
case SIMPLEFRAMEWORK:
filter = new SimpleFrameworkFilter();
break;
case SIMPLEFRAMEWORKBODY:
filter = new SimpleframeworkBodyFilter();
break;
case JBOBP:
filter = new JBOBPFilter();
break;
case KFTCFACE:
filter = new KFTCFaceFilter();
break;
case KFTCP2P:
filter = new KFTCP2PFilter();
break;
case KAKAOBANK:
filter = new KAKAOBankFilter();
break;
case NAVERFIN:
filter = new NAVERFinFilter();
break;
case NICECREDIT:
filter = new NICECreditFilter();
break;
case TRACEBODY:
filter = new TraceBodyFilter();
break;
case TOSSBANK:
filter = new TOSSBankFilter();
break;
case ASYNCRESPONSE:
filter = new AsyncReponseFilter();
break;
case ALLHEADER:
filter = new AllHeaderFilter();
break;
default:
filter = classForName(type);
if (filter == null) {
filter = classForName(customBasePackage + "." + type);
}
if (filter == null) {
filter = classForName(basePackage + "." + type);
}
break;
}
if (filter != null) {
h.put(type, filter);
return filter;
} else {
return null;
}
}
private static HttpClientAdapterFilter classForName(String type) {
try {
Class<?> cl = Class.forName(type);
return (HttpClientAdapterFilter) cl.newInstance();
} catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
logger.error("Cannot create a HttpClientAdapterFilter. - {}", type);
return null;
}
}
}
@@ -0,0 +1,27 @@
package com.eactive.eai.adapter.http.client.impl.filter;
public enum HttpClient5AdapterFilterType {
SIMPLEFRAMEWORK,
SIMPLEFRAMEWORKBODY,
JBOBP,
KFTCFACE,
KFTCP2P,
KAKAOBANK,
NAVERFIN,
NICECREDIT,
TOSSBANK,
TRACEBODY,
ASYNCRESPONSE,
ALLHEADER,
UNKNOWN;
public static HttpClient5AdapterFilterType getValue(String type) {
try {
return valueOf(type.toUpperCase());
} catch (NullPointerException e) {
return UNKNOWN;
} catch (Exception e) {
return UNKNOWN;
}
}
}
@@ -0,0 +1,12 @@
package com.eactive.eai.adapter.http.client.impl.filter;
import java.util.Properties;
public interface HttpClientAdapterFilter {
public Object doPreFilter(String adptGrpName, String adptName, Properties prop, Object message, Properties tempProp)
throws Exception;
public Object doPostFilter(String adptGrpName, String adptName, Properties prop, Object message,
Properties tempProp) throws Exception;
}
@@ -0,0 +1,35 @@
package com.eactive.eai.adapter.http.client.impl.filter;
import java.util.Properties;
import lombok.Getter;
public class HttpClientAdapterFilterException extends RuntimeException {
private static final long serialVersionUID = -1208983360831093751L;
@Getter
private final String code;
@Getter
private final Properties prop;
@Getter
private final Properties tempProp;
public HttpClientAdapterFilterException(String code, String msg, Properties prop, Properties tmepProp) {
super(msg);
this.code = code;
this.prop = prop;
this.tempProp = tmepProp;
}
public HttpClientAdapterFilterException(String code, String msg, Properties prop, Properties tempProp, Throwable cause) {
super(msg, cause);
this.code = code;
this.prop = prop;
this.tempProp = tempProp;
}
@Override
public String toString() {
return "HttpClientAdapterFilterException [code=" + code + ", prop=" + prop + ", tempProp=" + tempProp + ", parent=" + super.toString() + "]";
}
}
@@ -0,0 +1,106 @@
package com.eactive.eai.adapter.http.client.impl.filter;
import java.util.Map;
import java.util.Properties;
import java.util.TreeMap;
import org.apache.commons.lang3.StringUtils;
import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceKey;
import com.eactive.eai.common.TransactionContextKeys;
import com.eactive.eai.common.property.PropGroupVO;
import com.eactive.eai.common.property.PropManager;
import com.eactive.eai.common.util.Logger;
public class JBOBPFilter implements HttpClientAdapterFilter, HttpAdapterServiceKey {
protected static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
public static final String KJB_HEADER = "KJB_Header";
public static final String X_OBP_PARTNERCODE = "x-obp-partnercode";
public static final String X_OBP_TXID = "x-obp-txid";
public static final String X_OBP_TRUST_SYSTEM = "x-obp-trust-system";
String systemTrustKey = "APIMGW-0001-QVBJTUdXLTAwMDE=";
@Override
public Object doPreFilter(String adptGrpName, String adptName, Properties prop, Object message, Properties tempProp)
throws Exception {
logger.debug("JBOBPFilter] PreFilter Processing Start!!");
PropGroupVO propGroupVo = PropManager.getInstance().getPropGroupVO(KJB_HEADER);
if (propGroupVo != null) systemTrustKey = propGroupVo.getProperty(X_OBP_TRUST_SYSTEM, systemTrustKey);
Properties filterHeaders = (Properties) tempProp.get("FILTERHEADER");
if (filterHeaders == null) {
filterHeaders = new Properties();
tempProp.put("FILTERHEADER", filterHeaders);
}
try {
String obpPartnerCode = "000000-00";
Map<String, String> inboundHeaderMap = getInboundHeaderProp(tempProp);
if (!inboundHeaderMap.isEmpty()) {
if (inboundHeaderMap.containsKey(X_OBP_PARTNERCODE)) {
filterHeaders.put(X_OBP_PARTNERCODE, inboundHeaderMap.get(X_OBP_PARTNERCODE));
logger.debug("JBOBPFilter] Processing Key ["+X_OBP_PARTNERCODE+"], value ["+inboundHeaderMap.get(X_OBP_PARTNERCODE)+"]");
} else {
filterHeaders.put(X_OBP_PARTNERCODE, obpPartnerCode);
logger.debug("JBOBPFilter] Processing Key ["+X_OBP_PARTNERCODE+"], value ["+obpPartnerCode+"]");
}
} else {
filterHeaders.put(X_OBP_PARTNERCODE, obpPartnerCode);
logger.debug("JBOBPFilter] Processing Key ["+X_OBP_PARTNERCODE+"], value ["+obpPartnerCode+"]");
}
String uuid = tempProp.getProperty(TransactionContextKeys.TRANSACTION_UUID, "");
if (StringUtils.isNotBlank(uuid)) {
filterHeaders.setProperty(X_OBP_TXID, uuid); // JB OBP Framework용
logger.debug("JBOBPFilter] Processing Key ["+X_OBP_TXID+"], value ["+uuid+"]");
}
if (StringUtils.isNotBlank(systemTrustKey)) {
filterHeaders.setProperty(X_OBP_TRUST_SYSTEM, systemTrustKey); // JB OBP Framework용
logger.debug("JBOBPFilter] Processing Key ["+X_OBP_TRUST_SYSTEM+"], value ["+systemTrustKey+"]");
}
} catch (Exception e) {
logger.error(e.getMessage());
}
return message;
}
public Map<String, String> getInboundHeaderProp(Properties prop) {
Properties header = new Properties();
Map<String, String> inboundHeaderMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
try {
Object headerObj = prop.get(HttpAdapterServiceKey.INBOUND_HEADER);
if (headerObj instanceof Properties) { //tomcat
header = (Properties) headerObj;
for (String name : header.stringPropertyNames()) {
inboundHeaderMap.put(name, header.getProperty(name));
}
} else if (headerObj instanceof String) { //weblogic
String str = (String) headerObj;
str = str.substring(1, str.length() - 1);
// key=value 분리
String[] entries = str.split(",");
for (String entry : entries) {
String[] kv = entry.split("=", 2);
if (kv.length == 2) {
inboundHeaderMap.put(kv[0].trim(), kv[1].trim());
}
}
}
} catch (Exception e) {
e.printStackTrace();
}
return inboundHeaderMap;
}
@Override
public Object doPostFilter(String adptGrpName, String adptName, Properties prop, Object message,
Properties tempProp) throws Exception {
return message;
}
}
@@ -0,0 +1,135 @@
package com.eactive.eai.adapter.http.client.impl.filter;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Map;
import java.util.Properties;
import java.util.TreeMap;
import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceKey;
import com.eactive.eai.common.property.PropGroupVO;
import com.eactive.eai.common.property.PropManager;
import com.eactive.eai.common.util.Logger;
public class KAKAOBankFilter implements HttpClientAdapterFilter, HttpAdapterServiceKey {
protected static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
public static final String KJB_HEADER = "KJB_Header";
public static final String PROP_PREFIX = "kakaobank";
public static final String X_KKB_PARTNER_CODE = "X-KKB-PARTNER-CODE";
public static final String X_KKB_API_NAME = "X-KKB-API-NAME";
public static final String X_KKB_API_TX_ID = "X-KKB-API-TX-ID";
public static final String X_KKB_TX_TIME = "X-KKB-TX-TIME";
public static final String X_KKB_CMPR_MGMT_NO = "X-KKB-CMPR-MGMT-NO";
@Override
public Object doPreFilter(String adptGrpName, String adptName, Properties prop, Object message, Properties tempProp)
throws Exception {
logger.debug("KAKAOBankFilter] PreFilter Processing Start!!");
Object returnMessage = message;
String partnerCode = "KJB";
String apiName = "status_change";
String apiTxId = "0";
String txTime = new SimpleDateFormat("yyyyMMddHHmmss").format(new Date());
String cmprMgmtNo = "0";
PropGroupVO propGroupVo = PropManager.getInstance().getPropGroupVO(KJB_HEADER);
if (propGroupVo != null) {
partnerCode = propGroupVo.getProperty(PROP_PREFIX + "." + X_KKB_PARTNER_CODE);
apiName = propGroupVo.getProperty(PROP_PREFIX + "." + X_KKB_API_NAME);
apiTxId = propGroupVo.getProperty(PROP_PREFIX + "." + X_KKB_API_TX_ID);
cmprMgmtNo = propGroupVo.getProperty(PROP_PREFIX + "." + X_KKB_CMPR_MGMT_NO);
}
Properties filterHeaders = (Properties) tempProp.get("FILTERHEADER");
if (filterHeaders == null) {
filterHeaders = new Properties();
tempProp.put("FILTERHEADER", filterHeaders);
}
try {
Map<String, String> inboundHeaderMap = getInboundHeaderProp(tempProp);
if (!inboundHeaderMap.isEmpty()) {
if (inboundHeaderMap.containsKey(X_KKB_PARTNER_CODE)) {
filterHeaders.put(X_KKB_PARTNER_CODE, inboundHeaderMap.get(X_KKB_PARTNER_CODE));
} else {
filterHeaders.put(X_KKB_PARTNER_CODE, partnerCode);
}
if (inboundHeaderMap.containsKey(X_KKB_API_NAME)) {
filterHeaders.put(X_KKB_API_NAME, inboundHeaderMap.get(X_KKB_API_NAME));
} else {
filterHeaders.put(X_KKB_API_NAME, apiName);
}
if (inboundHeaderMap.containsKey(X_KKB_API_TX_ID)) {
filterHeaders.put(X_KKB_API_TX_ID, inboundHeaderMap.get(X_KKB_API_TX_ID));
} else {
filterHeaders.put(X_KKB_API_TX_ID, apiTxId);
}
if (inboundHeaderMap.containsKey(X_KKB_TX_TIME)) {
filterHeaders.put(X_KKB_TX_TIME, inboundHeaderMap.get(X_KKB_TX_TIME));
} else {
filterHeaders.put(X_KKB_TX_TIME, txTime);
}
if (inboundHeaderMap.containsKey(X_KKB_CMPR_MGMT_NO)) {
filterHeaders.put(X_KKB_CMPR_MGMT_NO, inboundHeaderMap.get(X_KKB_CMPR_MGMT_NO));
} else {
filterHeaders.put(X_KKB_CMPR_MGMT_NO, cmprMgmtNo);
}
} else {
filterHeaders.put(X_KKB_PARTNER_CODE, partnerCode);
filterHeaders.put(X_KKB_API_NAME, apiName);
filterHeaders.put(X_KKB_API_TX_ID, apiTxId);
filterHeaders.put(X_KKB_TX_TIME, txTime);
filterHeaders.put(X_KKB_CMPR_MGMT_NO, cmprMgmtNo);
}
logger.debug("KAKAOBankFilter] Processing Key ["+X_KKB_PARTNER_CODE+"], value ["+filterHeaders.getProperty(X_KKB_PARTNER_CODE)+"]");
logger.debug("KAKAOBankFilter] Processing Key ["+X_KKB_API_NAME+"], value ["+filterHeaders.getProperty(X_KKB_API_NAME)+"]");
logger.debug("KAKAOBankFilter] Processing Key ["+X_KKB_API_TX_ID+"], value ["+filterHeaders.getProperty(X_KKB_API_TX_ID)+"]");
logger.debug("KAKAOBankFilter] Processing Key ["+X_KKB_TX_TIME+"], value ["+filterHeaders.getProperty(X_KKB_TX_TIME)+"]");
logger.debug("KAKAOBankFilter] Processing Key ["+X_KKB_CMPR_MGMT_NO+"], value ["+filterHeaders.getProperty(X_KKB_CMPR_MGMT_NO)+"]");
} catch (Exception e) {
logger.error(e.getMessage());
}
return returnMessage;
}
public Map<String, String> getInboundHeaderProp(Properties prop) {
Properties header = new Properties();
Map<String, String> inboundHeaderMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
try {
Object headerObj = prop.get(HttpAdapterServiceKey.INBOUND_HEADER);
if (headerObj instanceof Properties) { //tomcat
header = (Properties) headerObj;
for (String name : header.stringPropertyNames()) {
inboundHeaderMap.put(name, header.getProperty(name));
}
} else if (headerObj instanceof String) { //weblogic
String str = (String) headerObj;
str = str.substring(1, str.length() - 1);
// key=value 분리
String[] entries = str.split(",");
for (String entry : entries) {
String[] kv = entry.split("=", 2);
if (kv.length == 2) {
inboundHeaderMap.put(kv[0].trim(), kv[1].trim());
}
}
}
} catch (Exception e) {
e.printStackTrace();
}
return inboundHeaderMap;
}
@Override
public Object doPostFilter(String adptGrpName, String adptName, Properties prop, Object message,
Properties tempProp) throws Exception {
return message;
}
}
@@ -0,0 +1,154 @@
package com.eactive.eai.adapter.http.client.impl.filter;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Map;
import java.util.Properties;
import java.util.TreeMap;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.json.simple.JSONObject;
import org.json.simple.JSONValue;
import com.eactive.eai.adapter.AdapterGroupVO;
import com.eactive.eai.adapter.AdapterManager;
import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceKey;
import com.eactive.eai.common.property.PropGroupVO;
import com.eactive.eai.common.property.PropManager;
import com.eactive.eai.common.server.EAIServerManager;
import com.eactive.eai.common.util.Logger;
public class KFTCFaceFilter implements HttpClientAdapterFilter, HttpAdapterServiceKey {
protected static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
public static final String KJB_HEADER = "KJB_Header";
public static final String PROP_PREFIX = "kftcface";
public static final String H_CLIENT_ID = "Client-Id";
public static final String B_ORG_CODE = "org_code";
public static final String B_TRANSACTION_ID = "transaction_id";
public static final String B_REQUEST_DATETIME = "request_datetime";
public static String instId = null;
static {
EAIServerManager eaiServerManager = EAIServerManager.getInstance();
instId = eaiServerManager.getInstId();
}
@SuppressWarnings({ "unchecked" })
@Override
public Object doPreFilter(String adptGrpName, String adptName, Properties prop, Object message, Properties tempProp)
throws Exception {
logger.debug("KFTCFaceFilter] PreFilter Processing Start!!");
JSONObject returnMessage = null;
String clientId = "";
String orgCode = "034"; // 광주은행 행코드
PropGroupVO propGroupVo = PropManager.getInstance().getPropGroupVO(KJB_HEADER);
if (propGroupVo != null) {
if (StringUtils.isEmpty(clientId))
clientId = propGroupVo.getProperty(PROP_PREFIX + "." + H_CLIENT_ID);
orgCode = propGroupVo.getProperty(PROP_PREFIX + "." + B_ORG_CODE);
}
String request_datetime = new SimpleDateFormat("yyyyMMddHHmmss").format(new Date());
String reqDate = new SimpleDateFormat("yyMMdd").format(new Date());
String reqTime = new SimpleDateFormat("HHmmss").format(new Date());
// 기관코드(3) + 요청일자(6) -- 금결원 표준화 항목, 고정 9자리.
// 요청시간(6) + 인스턴스ID(2) + RandomString(3) -- 기관별 생성 거래고유번호(11자리)
// 기관코드(3) + 요청일자(6) + 요청시간(6) + 인스턴스ID(2) + RandomString(3) -- 20자리.
String transaction_id = orgCode + reqDate + reqTime + instId + RandomStringUtils.random(3, true, true).toUpperCase();
Properties filterHeaders = (Properties) tempProp.get("FILTERHEADER");
if (filterHeaders == null) {
filterHeaders = new Properties();
tempProp.put("FILTERHEADER", filterHeaders);
}
try {
Map<String, String> inboundHeaderMap = getInboundHeaderProp(tempProp);
if (!inboundHeaderMap.isEmpty()) {
if (inboundHeaderMap.containsKey(H_CLIENT_ID)) {
filterHeaders.put(H_CLIENT_ID, inboundHeaderMap.get(H_CLIENT_ID));
logger.debug("KFTCFaceFilter] Processing Key ["+H_CLIENT_ID+"], value ["+inboundHeaderMap.get(H_CLIENT_ID)+"]");
} else {
filterHeaders.put(H_CLIENT_ID, clientId);
logger.debug("KFTCFaceFilter] Processing Key ["+H_CLIENT_ID+"], value ["+clientId+"]");
}
} else {
filterHeaders.setProperty(H_CLIENT_ID, clientId);
logger.debug("KFTCFaceFilter] Processing Key ["+H_CLIENT_ID+"], value ["+clientId+"]");
}
} catch (Exception e) {
logger.error(e.getMessage());
}
AdapterManager adapterManager = AdapterManager.getInstance();
AdapterGroupVO adptGrpVO = adapterManager.getAdapterGroupVO(adptGrpName);
String encode = adptGrpVO.getMessageEncode();
if (message == null) {
returnMessage = new JSONObject();
} else {
if (message instanceof JSONObject) {
returnMessage = (JSONObject) message;
} else if (message instanceof String) {
returnMessage = parseJson((String) message);
} else if (message instanceof byte[]) {
returnMessage = parseJson(new String((byte[]) message, encode));
}
}
returnMessage.put(B_ORG_CODE, orgCode);
returnMessage.put(B_TRANSACTION_ID, transaction_id);
returnMessage.put(B_REQUEST_DATETIME, request_datetime);
return returnMessage.toJSONString();
}
private JSONObject parseJson(String message) throws Exception {
if (message == null) {
return null;
}
return (JSONObject) JSONValue.parse(message);
}
public Map<String, String> getInboundHeaderProp(Properties prop) {
Properties header = new Properties();
Map<String, String> inboundHeaderMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
try {
Object headerObj = prop.get(HttpAdapterServiceKey.INBOUND_HEADER);
if (headerObj instanceof Properties) { //tomcat
header = (Properties) headerObj;
for (String name : header.stringPropertyNames()) {
inboundHeaderMap.put(name, header.getProperty(name));
}
} else if (headerObj instanceof String) { //weblogic
String str = (String) headerObj;
str = str.substring(1, str.length() - 1);
// key=value 분리
String[] entries = str.split(",");
for (String entry : entries) {
String[] kv = entry.split("=", 2);
if (kv.length == 2) {
inboundHeaderMap.put(kv[0].trim(), kv[1].trim());
}
}
}
} catch (Exception e) {
e.printStackTrace();
}
return inboundHeaderMap;
}
@Override
public Object doPostFilter(String adptGrpName, String adptName, Properties prop, Object message,
Properties tempProp) throws Exception {
return message;
}
}
@@ -0,0 +1,122 @@
package com.eactive.eai.adapter.http.client.impl.filter;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Map;
import java.util.Properties;
import java.util.TreeMap;
import org.apache.commons.lang3.RandomStringUtils;
import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceKey;
import com.eactive.eai.common.property.PropGroupVO;
import com.eactive.eai.common.property.PropManager;
import com.eactive.eai.common.server.EAIServerManager;
import com.eactive.eai.common.util.Logger;
public class KFTCP2PFilter implements HttpClientAdapterFilter, HttpAdapterServiceKey {
protected static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
public static final String KJB_HEADER = "KJB_Header";
public static final String PROP_PREFIX = "kftcp2p";
public static final String H_ORG_CODE = "org_code";
public static final String H_TRX_NO = "api_trx_no";
public static final String H_TRX_DTM = "api_trx_dtm";
public static String instId = null;
static {
EAIServerManager eaiServerManager = EAIServerManager.getInstance();
instId = eaiServerManager.getInstId();
}
@Override
public Object doPreFilter(String adptGrpName, String adptName, Properties prop, Object message, Properties tempProp)
throws Exception {
logger.debug("KFTCP2PFilter] PreFilter Processing Start!!");
String orgCode = "D210400012"; // 광주은행 개발 기관코드(운영: K210800020)
PropGroupVO propGroupVo = PropManager.getInstance().getPropGroupVO(KJB_HEADER);
if (propGroupVo != null) {
orgCode = propGroupVo.getProperty(PROP_PREFIX + "." + H_ORG_CODE);
}
String apiTrxDtm = new SimpleDateFormat("yyyyMMddHHmmssSSS").format(new Date());
String apiTrxTm = new SimpleDateFormat("HHmmss").format(new Date());
// 기관코드(10) + 인스턴스ID(2) + 일시(6) + RandomString(2) -- 20자리
String apiTrxNo = orgCode + instId + apiTrxTm + RandomStringUtils.random(2, true, true).toUpperCase();
Properties filterHeaders = (Properties) tempProp.get("FILTERHEADER");
if (filterHeaders == null) {
filterHeaders = new Properties();
tempProp.put("FILTERHEADER", filterHeaders);
}
try {
Map<String, String> inboundHeaderMap = getInboundHeaderProp(tempProp);
if (!inboundHeaderMap.isEmpty()) {
if (inboundHeaderMap.containsKey(H_TRX_NO)) {
filterHeaders.put(H_TRX_NO, inboundHeaderMap.get(H_TRX_NO));
logger.debug("KFTCP2PFilter] Processing Key ["+H_TRX_NO+"], value ["+inboundHeaderMap.get(H_TRX_NO)+"]");
} else {
filterHeaders.put(H_TRX_NO, apiTrxNo);
logger.debug("KFTCP2PFilter] Processing Key ["+H_TRX_NO+"], value ["+apiTrxNo+"]");
}
if (inboundHeaderMap.containsKey(H_TRX_DTM)) {
filterHeaders.put(H_TRX_DTM, inboundHeaderMap.get(H_TRX_DTM));
logger.debug("KFTCP2PFilter] Processing Key ["+H_TRX_DTM+"], value ["+inboundHeaderMap.get(H_TRX_DTM)+"]");
} else {
filterHeaders.put(H_TRX_DTM, apiTrxDtm);
logger.debug("KFTCP2PFilter] Processing Key ["+H_TRX_DTM+"], value ["+apiTrxDtm+"]");
}
} else {
filterHeaders.put(H_TRX_NO, apiTrxNo);
filterHeaders.put(H_TRX_DTM, apiTrxDtm);
}
logger.debug("KFTCP2PFilter] Processing Key ["+H_TRX_NO+"], value ["+filterHeaders.getProperty(H_TRX_NO)+"]");
logger.debug("KFTCP2PFilter] Processing Key ["+H_TRX_DTM+"], value ["+filterHeaders.getProperty(H_TRX_DTM)+"]");
} catch (Exception e) {
logger.error(e.getMessage());
}
return message;
}
public Map<String, String> getInboundHeaderProp(Properties prop) {
Properties header = new Properties();
Map<String, String> inboundHeaderMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
try {
Object headerObj = prop.get(HttpAdapterServiceKey.INBOUND_HEADER);
if (headerObj instanceof Properties) { //tomcat
header = (Properties) headerObj;
for (String name : header.stringPropertyNames()) {
inboundHeaderMap.put(name, header.getProperty(name));
}
} else if (headerObj instanceof String) { //weblogic
String str = (String) headerObj;
str = str.substring(1, str.length() - 1);
// key=value 분리
String[] entries = str.split(",");
for (String entry : entries) {
String[] kv = entry.split("=", 2);
if (kv.length == 2) {
inboundHeaderMap.put(kv[0].trim(), kv[1].trim());
}
}
}
} catch (Exception e) {
e.printStackTrace();
}
return inboundHeaderMap;
}
@Override
public Object doPostFilter(String adptGrpName, String adptName, Properties prop, Object message,
Properties tempProp) throws Exception {
return message;
}
}
@@ -0,0 +1,107 @@
package com.eactive.eai.adapter.http.client.impl.filter;
import java.util.Map;
import java.util.Properties;
import java.util.TreeMap;
import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceKey;
import com.eactive.eai.common.property.PropGroupVO;
import com.eactive.eai.common.property.PropManager;
import com.eactive.eai.common.util.Logger;
public class NAVERFinFilter implements HttpClientAdapterFilter, HttpAdapterServiceKey {
protected static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
public static final String KJB_HEADER = "KJB_Header";
public static final String PROP_PREFIX = "naverfin";
public static final String X_PARTNER_ID = "X-Partner-Id";
public static final String X_FINTECH_ID = "X-Fintech-Id";
@Override
public Object doPreFilter(String adptGrpName, String adptName, Properties prop, Object message, Properties tempProp)
throws Exception {
logger.debug("NAVERFinFilter] PreFilter Processing Start!!");
String partnerID = "r0jtqwC9gAW5";
String fintechId = "NF";
PropGroupVO propGroupVo = PropManager.getInstance().getPropGroupVO(KJB_HEADER);
if (propGroupVo != null) {
partnerID = propGroupVo.getProperty(PROP_PREFIX + "." + X_PARTNER_ID);
fintechId = propGroupVo.getProperty(PROP_PREFIX + "." + X_FINTECH_ID);
}
Properties filterHeaders = (Properties) tempProp.get("FILTERHEADER");
if (filterHeaders == null) {
filterHeaders = new Properties();
tempProp.put("FILTERHEADER", filterHeaders);
}
try {
Map<String, String> inboundHeaderMap = getInboundHeaderProp(tempProp);
if (!inboundHeaderMap.isEmpty()) {
if (inboundHeaderMap.containsKey(X_PARTNER_ID)) {
filterHeaders.put(X_PARTNER_ID, inboundHeaderMap.get(X_PARTNER_ID));
logger.debug("NAVERFinFilter] Processing Key ["+X_PARTNER_ID+"], value ["+inboundHeaderMap.get(X_PARTNER_ID)+"]");
} else {
filterHeaders.put(X_PARTNER_ID, partnerID);
logger.debug("NAVERFinFilter] Processing Key ["+X_PARTNER_ID+"], value ["+partnerID+"]");
}
if (inboundHeaderMap.containsKey(X_FINTECH_ID)) {
filterHeaders.put(X_FINTECH_ID, inboundHeaderMap.get(X_FINTECH_ID));
logger.debug("NAVERFinFilter] Processing Key ["+X_FINTECH_ID+"], value ["+inboundHeaderMap.get(X_FINTECH_ID)+"]");
} else {
filterHeaders.put(X_FINTECH_ID, fintechId);
logger.debug("NAVERFinFilter] Processing Key ["+X_FINTECH_ID+"], value ["+fintechId+"]");
}
} else {
filterHeaders.put(X_PARTNER_ID, partnerID);
filterHeaders.put(X_FINTECH_ID, fintechId);
}
logger.debug("NAVERFinFilter] Processing Key ["+X_PARTNER_ID+"], value ["+filterHeaders.getProperty(X_PARTNER_ID)+"]");
logger.debug("NAVERFinFilter] Processing Key ["+X_FINTECH_ID+"], value ["+filterHeaders.getProperty(X_FINTECH_ID)+"]");
} catch (Exception e) {
logger.error(e.getMessage());
}
return message;
}
public Map<String, String> getInboundHeaderProp(Properties prop) {
Properties header = new Properties();
Map<String, String> inboundHeaderMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
try {
Object headerObj = prop.get(HttpAdapterServiceKey.INBOUND_HEADER);
if (headerObj instanceof Properties) { //tomcat
header = (Properties) headerObj;
for (String name : header.stringPropertyNames()) {
inboundHeaderMap.put(name, header.getProperty(name));
}
} else if (headerObj instanceof String) { //weblogic
String str = (String) headerObj;
str = str.substring(1, str.length() - 1);
// key=value 분리
String[] entries = str.split(",");
for (String entry : entries) {
String[] kv = entry.split("=", 2);
if (kv.length == 2) {
inboundHeaderMap.put(kv[0].trim(), kv[1].trim());
}
}
}
} catch (Exception e) {
e.printStackTrace();
}
return inboundHeaderMap;
}
@Override
public Object doPostFilter(String adptGrpName, String adptName, Properties prop, Object message,
Properties tempProp) throws Exception {
return message;
}
}
@@ -0,0 +1,138 @@
package com.eactive.eai.adapter.http.client.impl.filter;
import java.util.Map.Entry;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Map;
import java.util.Properties;
import java.util.TreeMap;
import org.apache.commons.lang3.StringUtils;
import org.json.simple.JSONObject;
import org.json.simple.JSONValue;
import com.eactive.eai.adapter.AdapterGroupVO;
import com.eactive.eai.adapter.AdapterManager;
import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceKey;
import com.eactive.eai.common.property.PropGroupVO;
import com.eactive.eai.common.property.PropManager;
import com.eactive.eai.common.util.Logger;
public class NICECreditFilter implements HttpClientAdapterFilter, HttpAdapterServiceKey {
protected static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
public static final String KJB_HEADER = "KJB_Header";
public static final String PROP_PREFIX = "nicecredit";
public static final String H_PRODUCTID = "ProductID";
public static final String B_REQ_DTM = "req_dtm";
public static final String B_GOODS_CLS = "goods_cls";
@SuppressWarnings({ "unchecked" })
@Override
public Object doPreFilter(String adptGrpName, String adptName, Properties prop, Object message, Properties tempProp)
throws Exception {
JSONObject returnMessage = null;
String productId = "2303102120";
String reqDtm = new SimpleDateFormat("yyyyMMddHHmmss").format(new Date());
String goodsCls = "KJBAPI0001";
PropGroupVO propGroupVo = PropManager.getInstance().getPropGroupVO(KJB_HEADER);
if (propGroupVo != null) {
productId = propGroupVo.getProperty(PROP_PREFIX + "." + H_PRODUCTID);
goodsCls = propGroupVo.getProperty(PROP_PREFIX + "." + B_GOODS_CLS);
}
Properties filterHeaders = (Properties) tempProp.get("FILTERHEADER");
if (filterHeaders == null) {
filterHeaders = new Properties();
tempProp.put("FILTERHEADER", filterHeaders);
}
try {
Map<String, String> inboundHeaderMap = getInboundHeaderProp(tempProp);
if (inboundHeaderMap != null && inboundHeaderMap.containsKey(H_PRODUCTID)) {
for (Entry<String, String> e : inboundHeaderMap.entrySet()) {
String key = (String) e.getKey();
String value = (String) e.getValue();
if (StringUtils.equalsIgnoreCase(key, H_PRODUCTID)) {
filterHeaders.setProperty(key, value);
}
if (logger.isDebugEnabled()) {
logger.debug("Request Header :" + key + "=[" + value + "]");
}
}
} else {
filterHeaders.setProperty(H_PRODUCTID, productId);
}
} catch (Exception e) {
logger.error(e.getMessage());
}
AdapterManager adapterManager = AdapterManager.getInstance();
AdapterGroupVO adptGrpVO = adapterManager.getAdapterGroupVO(adptGrpName);
String encode = adptGrpVO.getMessageEncode();
if (message == null) {
returnMessage = new JSONObject();
} else {
if (message instanceof JSONObject) {
returnMessage = (JSONObject) message;
} else if (message instanceof String) {
returnMessage = parseJson((String) message);
} else if (message instanceof byte[]) {
returnMessage = parseJson(new String((byte[]) message, encode));
}
}
returnMessage.put(B_REQ_DTM, reqDtm);
returnMessage.put(B_GOODS_CLS, goodsCls);
return returnMessage.toJSONString();
}
private JSONObject parseJson(String message) throws Exception {
if (message == null) {
return null;
}
return (JSONObject) JSONValue.parse(message);
}
public Map<String, String> getInboundHeaderProp(Properties prop) {
Properties header = new Properties();
Map<String, String> inboundHeaderMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
try {
Object headerObj = prop.get(HttpAdapterServiceKey.INBOUND_HEADER);
if (headerObj instanceof Properties) { //tomcat
header = (Properties) headerObj;
for (String name : header.stringPropertyNames()) {
inboundHeaderMap.put(name, header.getProperty(name));
}
} else if (headerObj instanceof String) { //weblogic
String str = (String) headerObj;
str = str.substring(1, str.length() - 1);
// key=value 분리
String[] entries = str.split(",");
for (String entry : entries) {
String[] kv = entry.split("=", 2);
if (kv.length == 2) {
inboundHeaderMap.put(kv[0].trim(), kv[1].trim());
}
}
}
} catch (Exception e) {
e.printStackTrace();
}
return inboundHeaderMap;
}
@Override
public Object doPostFilter(String adptGrpName, String adptName, Properties prop, Object message,
Properties tempProp) throws Exception {
return message;
}
}
@@ -0,0 +1,87 @@
package com.eactive.eai.adapter.http.client.impl.filter;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import org.apache.commons.lang3.StringUtils;
import com.eactive.eai.adapter.http.filter.AbstractCryptoFilter;
/**
* HTTP 클라이언트 어댑터용 암복호화 필터 (송신 방향).
*
* doPreFilter : 외부 시스템으로 보내는 요청 암호화 (CRYPTO_ENC_* 프로퍼티 기반)
* doPostFilter : 외부 시스템에서 받은 응답 복호화 (CRYPTO_DEC_* 프로퍼티 기반)
*
* DYNAMIC 컨텍스트가 필요한 경우 {@link #buildRuntimeContext} 오버라이드한다.
* STATIC 모듈을 사용하는 경우 Map이 기본값이므로 오버라이드 불필요.
*
* 프로퍼티 설명은 {@link AbstractCryptoFilter} 참조.
* AAD 관련 추가 프로퍼티:
* CRYPTO_AAD_PROP tempProp에서 AAD 값을 조회할 이름.
* 미설정 또는 해당 없으면 aad=null IV를 AAD 대체값으로 사용.
*/
public class OutCryptoFilter extends AbstractCryptoFilter implements HttpClientAdapterFilter {
public static final String PROP_AAD_PROP = "CRYPTO_AAD_PROP";
/**
* DYNAMIC 도출용 컨텍스트를 구성한다.
* STATIC 모듈이면 Map({@code new HashMap<>()}) 반환한다.
* 서브클래스에서 오버라이드하여 tempProp으로부터 값을 추출할 있다.
*/
protected Map<String, String> buildRuntimeContext(Properties prop, Properties tempProp) {
return new HashMap<>();
}
/**
* CRYPTO_AAD_PROP 프로퍼티에 지정된 키로 tempProp에서 AAD 값을 조회한다.
* 미설정 또는 없으면 null을 반환하여 GCM 기본 동작(IV를 AAD 대체값으로 사용) 따른다.
*/
protected byte[] buildAad(Properties prop, Properties tempProp) {
String propKey = prop.getProperty(PROP_AAD_PROP);
if (StringUtils.isBlank(propKey) || tempProp == null) {
return null;
}
String value = tempProp.getProperty(propKey);
return StringUtils.isBlank(value) ? null : value.getBytes(StandardCharsets.UTF_8);
}
@Override
public Object doPreFilter(String adptGrpName, String adptName, Properties prop, Object message,
Properties tempProp) throws Exception {
String moduleName = required(prop, PROP_MODULE_NAME);
String scope = getProp(prop, PROP_SCOPE, SCOPE_FIELD).toUpperCase();
String body = toBodyString(message);
Map<String, String> runtimeCtx = buildRuntimeContext(prop, tempProp);
byte[] aad = buildAad(prop, tempProp);
if (SCOPE_FIELD.equals(scope)) {
return encryptField(body, moduleName, runtimeCtx, aad,
getProp(prop, PROP_ENC_FROM_PATH, PATH_ROOT),
getProp(prop, PROP_ENC_TO_PATH, PATH_ENCDATA));
}
return encryptBody(body, moduleName, runtimeCtx, aad);
}
@Override
public Object doPostFilter(String adptGrpName, String adptName, Properties prop, Object message,
Properties tempProp) throws Exception {
String moduleName = required(prop, PROP_MODULE_NAME);
String scope = getProp(prop, PROP_SCOPE, SCOPE_FIELD).toUpperCase();
String body = toBodyString(message);
Map<String, String> runtimeCtx = buildRuntimeContext(prop, tempProp);
byte[] aad = buildAad(prop, tempProp);
if (SCOPE_FIELD.equals(scope)) {
return decryptField(body, moduleName, runtimeCtx, aad,
getProp(prop, PROP_DEC_FROM_PATH, PATH_ENCDATA),
getProp(prop, PROP_DEC_TO_PATH, PATH_ROOT));
}
return decryptBody(body, moduleName, runtimeCtx, aad);
}
}
@@ -0,0 +1,109 @@
package com.eactive.eai.adapter.http.client.impl.filter;
import java.util.Map;
import java.util.Properties;
import java.util.TreeMap;
import org.apache.commons.lang3.StringUtils;
import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceKey;
import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceSupport;
import com.eactive.eai.common.TransactionContextKeys;
import com.eactive.eai.common.util.Logger;
public class SimpleFrameworkFilter implements HttpClientAdapterFilter, HttpAdapterServiceKey {
protected static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
public static final String CLIENTID = "clientId";
public static final String TRACEID = "traceId";
public static final String GUID = "guid";
public static final String RECEIVEDTIMESTAMP = "receivedTimestamp";
public static final String PARTNER_TRACE_ID = "partnerTraceId";
@Override
public Object doPreFilter(String adptGrpName, String adptName, Properties prop, Object message, Properties tempProp)
throws Exception {
logger.debug("SimpleFrameworkFilter] PreFilter Processing Start!!");
Properties filterHeaders = (Properties) tempProp.get("FILTERHEADER");
if (filterHeaders == null) {
filterHeaders = new Properties();
tempProp.put("FILTERHEADER", filterHeaders);
}
Map<String, String> inboundHeaderMap = getInboundHeaderProp(tempProp);
try {
/* 업체정보 */
String clientId = tempProp.getProperty(HttpAdapterServiceSupport.PROPERTIES_NAME_CLIENT_ID);
if (StringUtils.isEmpty(clientId)) clientId = "";
filterHeaders.put(CLIENTID, clientId);
logger.debug("SimpleFrameworkFilter] Processing Key ["+CLIENTID+"], value ["+clientId+"]");
/* APIM 거래추적자 */
String uuid = tempProp.getProperty(TransactionContextKeys.TRANSACTION_UUID, "");
filterHeaders.put(TRACEID, uuid);
logger.debug("SimpleFrameworkFilter] Processing Key ["+TRACEID+"], value ["+uuid+"]");
/* GUID */
String guid = tempProp.getProperty(TransactionContextKeys.GUID, "");
filterHeaders.put(GUID, guid);
logger.debug("SimpleFrameworkFilter] Processing Key ["+GUID+"], value ["+guid+"]");
/* 최초요청시간 */
String receivedTimestamp = tempProp.getProperty(HttpAdapterServiceKey.INBOUND_REQUESTED_TIME, "");
filterHeaders.put(RECEIVEDTIMESTAMP, receivedTimestamp);
logger.debug("SimpleFrameworkFilter] Processing Key ["+RECEIVEDTIMESTAMP+"], value ["+receivedTimestamp+"]");
String partnerTraceId = inboundHeaderMap.getOrDefault(PARTNER_TRACE_ID, "");
filterHeaders.put(PARTNER_TRACE_ID, partnerTraceId);
logger.debug("SimpleFrameworkFilter] Processing Key ["+PARTNER_TRACE_ID+"], value ["+partnerTraceId+"]");
String x_loan_token = inboundHeaderMap.getOrDefault(TransactionContextKeys.X_LOAN_TOKEN, "");
filterHeaders.put(TransactionContextKeys.X_LOAN_TOKEN, x_loan_token);
logger.debug("SimpleFrameworkFilter] Processing Key ["+TransactionContextKeys.X_LOAN_TOKEN+"], value ["+x_loan_token+"]");
} catch (Exception e) {
logger.error(e.getMessage());
}
return message;
}
public Map<String, String> getInboundHeaderProp(Properties prop) {
Properties header = new Properties();
Map<String, String> inboundHeaderMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
try {
Object headerObj = prop.get(HttpAdapterServiceKey.INBOUND_HEADER);
if (headerObj instanceof Properties) { //tomcat
header = (Properties) headerObj;
for (String name : header.stringPropertyNames()) {
inboundHeaderMap.put(name, header.getProperty(name));
}
} else if (headerObj instanceof String) { //weblogic
String str = (String) headerObj;
str = str.substring(1, str.length() - 1);
// key=value 분리
String[] entries = str.split(",");
for (String entry : entries) {
String[] kv = entry.split("=", 2);
if (kv.length == 2) {
inboundHeaderMap.put(kv[0].trim(), kv[1].trim());
}
}
}
} catch (Exception e) {
e.printStackTrace();
}
return inboundHeaderMap;
}
@Override
public Object doPostFilter(String adptGrpName, String adptName, Properties prop, Object message,
Properties tempProp) throws Exception {
return message;
}
}
@@ -0,0 +1,28 @@
package com.eactive.eai.adapter.http.client.impl.filter;
import java.util.Properties;
import org.json.simple.JSONObject;
import org.json.simple.JSONValue;
import com.eactive.eai.common.TransactionContextKeys;
public class SimpleframeworkBodyFilter extends SimpleFrameworkFilter {
@Override
public Object doPreFilter(String adptGrpName, String adptName, Properties prop, Object message, Properties tempProp)
throws Exception {
Object returnMessage = super.doPreFilter(adptGrpName, adptName, prop, message, tempProp);
JSONObject bizJsonStr = null;
if ( returnMessage instanceof String ) {
bizJsonStr = (JSONObject) JSONValue.parse( (String)returnMessage);
if( bizJsonStr != null ) {
bizJsonStr.put("GUID", tempProp.getOrDefault(TransactionContextKeys.GUID, "") );
}
}
return bizJsonStr != null ? bizJsonStr.toJSONString() : returnMessage;
}
}
@@ -0,0 +1,97 @@
package com.eactive.eai.adapter.http.client.impl.filter;
import java.util.Map;
import java.util.Properties;
import java.util.TreeMap;
import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceKey;
import com.eactive.eai.common.TransactionContextKeys;
import com.eactive.eai.common.property.PropGroupVO;
import com.eactive.eai.common.property.PropManager;
import com.eactive.eai.common.util.Logger;
public class TOSSBankFilter implements HttpClientAdapterFilter, HttpAdapterServiceKey {
protected static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
public static final String KJB_HEADER = "KJB_Header";
public static final String PROP_PREFIX = "tossbank";
public static final String X_TOSSBANK_LOAN_TRACE_ID = "X-TOSSBANK-LOAN-TRACE-ID";
@Override
public Object doPreFilter(String adptGrpName, String adptName, Properties prop, Object message, Properties tempProp)
throws Exception {
logger.debug("TOSSBankFilter] PreFilter Processing Start!!");
String traceId = tempProp.getProperty(TransactionContextKeys.TRANSACTION_UUID, "");
PropGroupVO propGroupVo = PropManager.getInstance().getPropGroupVO(KJB_HEADER);
if (propGroupVo != null) {
}
Properties filterHeaders = (Properties) tempProp.get("FILTERHEADER");
if (filterHeaders == null) {
filterHeaders = new Properties();
tempProp.put("FILTERHEADER", filterHeaders);
}
try {
Map<String, String> inboundHeaderMap = getInboundHeaderProp(tempProp);
if (!inboundHeaderMap.isEmpty()) {
if (inboundHeaderMap.containsKey(X_TOSSBANK_LOAN_TRACE_ID)) {
filterHeaders.put(X_TOSSBANK_LOAN_TRACE_ID, inboundHeaderMap.get(X_TOSSBANK_LOAN_TRACE_ID));
logger.debug("TOSSBankFilter] Processing Key ["+X_TOSSBANK_LOAN_TRACE_ID+"], value ["+inboundHeaderMap.get(X_TOSSBANK_LOAN_TRACE_ID)+"]");
} else {
filterHeaders.put(X_TOSSBANK_LOAN_TRACE_ID, traceId);
logger.debug("TOSSBankFilter] Processing Key ["+X_TOSSBANK_LOAN_TRACE_ID+"], value ["+traceId+"]");
}
} else {
/* APIM 거래추적자 */
filterHeaders.setProperty(X_TOSSBANK_LOAN_TRACE_ID, traceId);
logger.debug("TOSSBankFilter] Processing Key ["+X_TOSSBANK_LOAN_TRACE_ID+"], value ["+traceId+"]");
}
logger.debug("TOSSBankFilter] Processing Key ["+X_TOSSBANK_LOAN_TRACE_ID+"], value ["+filterHeaders.getProperty(X_TOSSBANK_LOAN_TRACE_ID)+"]");
} catch (Exception e) {
logger.error(e.getMessage());
}
return message;
}
public Map<String, String> getInboundHeaderProp(Properties prop) {
Properties header = new Properties();
Map<String, String> inboundHeaderMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
try {
Object headerObj = prop.get(HttpAdapterServiceKey.INBOUND_HEADER);
if (headerObj instanceof Properties) { //tomcat
header = (Properties) headerObj;
for (String name : header.stringPropertyNames()) {
inboundHeaderMap.put(name, header.getProperty(name));
}
} else if (headerObj instanceof String) { //weblogic
String str = (String) headerObj;
str = str.substring(1, str.length() - 1);
// key=value 분리
String[] entries = str.split(",");
for (String entry : entries) {
String[] kv = entry.split("=", 2);
if (kv.length == 2) {
inboundHeaderMap.put(kv[0].trim(), kv[1].trim());
}
}
}
} catch (Exception e) {
e.printStackTrace();
}
return inboundHeaderMap;
}
@Override
public Object doPostFilter(String adptGrpName, String adptName, Properties prop, Object message,
Properties tempProp) throws Exception {
return message;
}
}
@@ -0,0 +1,71 @@
package com.eactive.eai.adapter.http.client.impl.filter;
import java.util.Properties;
import org.json.simple.JSONObject;
import org.json.simple.JSONValue;
import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceKey;
import com.eactive.eai.common.TransactionContextKeys;
import com.eactive.eai.common.util.Logger;
import com.nimbusds.jose.shaded.gson.JsonObject;
public class TraceBodyFilter implements HttpClientAdapterFilter, HttpAdapterServiceKey {
protected static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
public static final String BIZ_HEADER = "header";
public static final String GUID = "guid";
public static final String TRACEID = "traceId";
@Override
public Object doPreFilter(String adptGrpName, String adptName, Properties prop, Object message, Properties tempProp)
throws Exception {
JSONObject bizJsonStr = null;
if (message instanceof String) {
bizJsonStr = (JSONObject) JSONValue.parse((String) message);
if ( bizJsonStr == null ) return message; //json string이 아님.
if (bizJsonStr.containsKey(BIZ_HEADER)) {
JSONObject bizHeader = (JSONObject) bizJsonStr.get(BIZ_HEADER);
putBizHeaderData(bizHeader, tempProp);
}else {
JSONObject bizHeader = new JSONObject();
bizJsonStr.put(BIZ_HEADER, bizHeader);
putBizHeaderData(bizHeader, tempProp);
}
}
return bizJsonStr != null ? bizJsonStr.toJSONString() : message;
}
static private void putBizHeaderData(JSONObject bizHeader, Properties tempProp) {
String traceId = tempProp.getProperty(TransactionContextKeys.TRANSACTION_UUID, "");
String guid = tempProp.getProperty(TransactionContextKeys.GUID, "");
bizHeader.put(GUID, guid);
logger.debug("Processing Key [" + GUID + "], value [" + guid + "]");
bizHeader.put(TRACEID, traceId);
logger.debug("Processing Key [" + TRACEID + "], value [" + traceId + "]");
}
@Override
public Object doPostFilter(String adptGrpName, String adptName, Properties prop, Object message,
Properties tempProp) throws Exception {
// TODO Auto-generated method stub
return message;
}
}
@@ -6,51 +6,94 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.MDC;
import com.eactive.eai.adapter.AdapterGroupVO;
import com.eactive.eai.adapter.AdapterManager;
import com.eactive.eai.adapter.RequestDispatcher;
import com.eactive.eai.adapter.http.HttpStatusException;
import com.eactive.eai.adapter.http.client.HttpClientAdapterServiceKey;
import com.eactive.eai.adapter.http.dynamic.filter.HttpAdapterFilter;
import com.eactive.eai.adapter.http.dynamic.filter.HttpAdapterFilterFactoryKjb;
import com.eactive.eai.adapter.http.dynamic.filter.HttpAdapterFilterFactory;
import com.eactive.eai.adapter.http.dynamic.filter.HttpAdapterFilterType;
import com.eactive.eai.adapter.http.dynamic.filter.JwtAuthException;
import com.eactive.eai.common.TransactionContextKeys;
import com.eactive.eai.common.util.Logger;
import com.eactive.eai.common.util.UUIDGenerator;
public abstract class HttpAdapterServiceSupport implements HttpAdapterService, HttpAdapterServiceKey {
private static final String LOG_PREFIX = "HttpAdapterServiceSupport] ";
protected long slowTranTime = 2000L;
public static final String HEADER_NAME_CLIENT_ID = "x-elink-client-id";
public static final String PROPERTIES_NAME_CLIENT_ID = "clientId";
static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
public Object service(String adptGrpName, String adptName, Object message, Properties prop,
HttpServletRequest request, HttpServletResponse response) throws Exception {
String uuid = prop.getProperty(TransactionContextKeys.TRANSACTION_UUID);
boolean bMDCput = false;
if(uuid == null) {
uuid = UUIDGenerator.getUUID().toString().replaceAll("-", "");
prop.setProperty(TransactionContextKeys.TRANSACTION_UUID, uuid);
}
if(MDC.get(Logger.DISCRIMINATOR) == null) {
MDC.put(Logger.DISCRIMINATOR, uuid);
bMDCput = true;
}
try {
String clientId = request.getHeader(HEADER_NAME_CLIENT_ID);
if (StringUtils.isNotBlank(clientId)) {
prop.put(PROPERTIES_NAME_CLIENT_ID, clientId);
}
String transactionId = request.getHeader(HttpClientAdapterServiceKey.TRANSACTION_ID);
if (StringUtils.isNotBlank(transactionId)) {
prop.put(HttpClientAdapterServiceKey.TRANSACTION_ID, transactionId);
}
String instanceId = request.getHeader(HttpClientAdapterServiceKey.INSTANCE_ID);
if (StringUtils.isNotBlank(instanceId)) {
prop.put(HttpClientAdapterServiceKey.INSTANCE_ID, instanceId);
try {
String clientId = request.getHeader(HEADER_NAME_CLIENT_ID);
if (StringUtils.isNotBlank(clientId)) {
prop.put(PROPERTIES_NAME_CLIENT_ID, clientId);
}
String instanceId = request.getHeader(HttpClientAdapterServiceKey.INSTANCE_ID);
if (StringUtils.isNotBlank(instanceId)) {
prop.put(HttpClientAdapterServiceKey.INSTANCE_ID, instanceId);
}
} catch (Exception e) {
logger.warn(LOG_PREFIX + "Failed to read request headers: " + e.getMessage());
}
} catch (Exception e) {
}
message = doPreFilters(adptGrpName, adptName, message, prop, request, response);
Object obj = RequestDispatcher.getRequestDispatcher(adptGrpName).handle(adptName, message, prop);
obj = doPostFilters(adptGrpName, adptName, obj, prop, request, response);
if (obj == null) {
return null;
} else if (obj instanceof byte[]) {
return (byte[]) obj;
} else if (obj instanceof String) {
return (String) obj;
} else {
throw new Exception("RECEAIAHA001");
Object obj = null;
try {
message = doPreFilters(adptGrpName, adptName, message, prop, request, response);
obj = RequestDispatcher.getRequestDispatcher(adptGrpName).handle(adptName, message, prop);
obj = doPostFilters(adptGrpName, adptName, obj, prop, request, response);
} catch (HttpStatusException e) { // inbound error
logger.warn(LOG_PREFIX + transactionId + "-" + adptGrpName + "-" + adptName + ">>" + e.getMessage(), e);
throw e;
} catch (JwtAuthException e) { // filter error
logger.error(LOG_PREFIX + transactionId + "-" + adptGrpName + "-" + adptName + ">>" + e.getMessage(), e);
UnkownMessageLogUtils.logUnkownMessage(adptGrpName, adptName, message, prop, request, response,
"RECEAIIRP202", e);
throw e;
} catch (Exception e) { // filter error
logger.error(LOG_PREFIX + transactionId + "-" + adptGrpName + "-" + adptName + ">>" + e.getMessage(), e);
UnkownMessageLogUtils.logUnkownMessage(adptGrpName, adptName, message, prop, request, response,
"RECEAIIRP201", e);
throw e;
}
if (obj == null) {
return null;
} else if (obj instanceof byte[]) {
return (byte[]) obj;
} else if (obj instanceof String) {
return (String) obj;
} else {
throw new Exception("RECEAIAHA001");
}
} finally {
if(bMDCput)
MDC.remove(Logger.DISCRIMINATOR);
}
}
@@ -62,7 +105,7 @@ public abstract class HttpAdapterServiceSupport implements HttpAdapterService, H
if (!"HTC".equals(group.getType())) {
String allowIp = prop.getProperty(ALLOW_IP,"");
if (StringUtils.isNotBlank(allowIp)) {
HttpAdapterFilter adapterFilter = HttpAdapterFilterFactoryKjb.createFilter(HttpAdapterFilterType.ADAPTERALLOWIPLISTFILTER.toString());
HttpAdapterFilter adapterFilter = HttpAdapterFilterFactory.createFilter(HttpAdapterFilterType.ADAPTERALLOWIPLISTFILTER.toString());
if (adapterFilter != null) {
message = adapterFilter.doPreFilter(adptGrpName, adptName, message, prop, request, response);
}
@@ -80,7 +123,7 @@ public abstract class HttpAdapterServiceSupport implements HttpAdapterService, H
continue;
}
HttpAdapterFilter adapterFilter = HttpAdapterFilterFactoryKjb.createFilter(filterName.trim());
HttpAdapterFilter adapterFilter = HttpAdapterFilterFactory.createFilter(filterName.trim());
if (adapterFilter != null) {
message = adapterFilter.doPreFilter(adptGrpName, adptName, message, prop, request, response);
} else {
@@ -103,7 +146,7 @@ public abstract class HttpAdapterServiceSupport implements HttpAdapterService, H
continue;
}
HttpAdapterFilter adapterFilter = HttpAdapterFilterFactoryKjb.createFilter(filterName.trim());
HttpAdapterFilter adapterFilter = HttpAdapterFilterFactory.createFilter(filterName.trim());
if (adapterFilter != null) {
resultMessage = adapterFilter.doPostFilter(adptGrpName, adptName, resultMessage, prop, request,
response);
@@ -0,0 +1,149 @@
package com.eactive.eai.adapter.http.dynamic;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import com.eactive.eai.adapter.AdapterGroupVO;
import com.eactive.eai.adapter.AdapterManager;
import com.eactive.eai.adapter.http.client.HttpClientAdapterServiceKey;
import com.eactive.eai.common.exception.ExceptionUtil;
import com.eactive.eai.common.server.EAIServerManager;
import com.eactive.eai.common.util.DatetimeUtil;
import com.eactive.eai.common.util.InboundErrorLogger;
import com.eactive.eai.common.util.Logger;
import com.eactive.eai.common.util.UUIDGenerator;
import com.eactive.eai.inbound.error.InboundErrorInfoVO;
import com.eactive.eai.inbound.error.InboundErrorKeys;
import com.eactive.eai.util.HexaConverter;
public class UnkownMessageLogUtils {
static Logger logger = Logger.getLogger(Logger.LOGGER_DEFAULT);
private UnkownMessageLogUtils() {
throw new IllegalStateException("Utility class");
}
public static void logUnkownMessage(String adptGrpName, String adptName, Object message, Properties prop,
HttpServletRequest request, HttpServletResponse response, String errCode, Exception e) {
try {
EAIServerManager eaiServerManager = EAIServerManager.getInstance();
String serverName = eaiServerManager.getLocalServerName();
String txId = prop.getProperty(HttpClientAdapterServiceKey.TRANSACTION_ID);
if(StringUtils.isEmpty(txId)) {
StringBuffer sb = new StringBuffer();
String instanceid1 = serverName.substring(0,2);
String instanceid2 = serverName.substring(serverName.length()-2, serverName.length());
String instid = instanceid1 + instanceid2;
txId = instid + UUIDGenerator.getUUID();
}
String clientId = prop.getProperty("clientId");
String hexClientId = clientId != null ? HexaConverter.bytesToHexa(clientId.getBytes()) : "";
String errorMsg = ExceptionUtil.make(e, errCode);
StringBuffer sb = new StringBuffer();
sb.append(errorMsg).append("\n").append("Remote Addr : ").append(request.getRemoteAddr()).append("\n").append("Request URI : ")
.append(request.getRequestURI()).append("\n").append("clientId=").append(clientId).append(",hexClientId=").append(hexClientId).append(",txProp=").append(prop).append("\n").append("Exception : ").append(e.getMessage());
UnkownMessageLogUtils.logUnknownMessage(txId, adptGrpName, adptName,
"", "", false, errCode, sb.toString(), System.currentTimeMillis(),
serverName, InboundErrorKeys.IN_UNKNOWN, message);
} catch (Exception ex) {
logger.warn("unkown log fail.", ex);
}
}
// public static void logUnkownMessage(String uuid, String adapterGroupName, String adapterName, String errCode,
// String errMsg, Object message) {
// UnkownMessageLogUtils.logUnknownMessage(uuid, adapterGroupName, adapterName,
// "", "", false, errCode, errMsg, System.currentTimeMillis(),
// EAIServerManager.getInstance().getInstId(), InboundErrorKeys.IN_UNKNOWN, message);
// }
private static void logUnknownMessage(String uuid, String adapterGroupName, String adapterName,
String bzwkSvcKeyName, String eaiSvcCd, boolean isTasStarted, String errCode, String errMsg, long errTm,
String svcInstNm, String errDstCd, Object message) {
String msg = null;
if(errDstCd == null || errDstCd.length() ==0) {
errDstCd = "ND";
}
if(isTasStarted) {
errDstCd = InboundErrorKeys.TAS_START;
}
InboundErrorInfoVO errorInfoVO = new InboundErrorInfoVO();
errorInfoVO.setEaiSvcSno(uuid); // EAI서비스일련번호
errorInfoVO.setAdptBwkGrpNm(adapterGroupName); // 어댑터업무그룹명
errorInfoVO.setEaiSvcCd(eaiSvcCd);
errorInfoVO.setErrCd(errCode); // 에러코드
errorInfoVO.setErrTxt(errMsg); // 에러내용
errorInfoVO.setErrTm(DatetimeUtil.getCurrentTime(errTm)); // 에러발생시각
errorInfoVO.setErrDstcd(errDstCd);
errorInfoVO.setBzwkSvcKeyName(bzwkSvcKeyName);
if(message == null) {
msg = "null";
}
else {
if(message instanceof byte[]) {
AdapterManager adapterManager = AdapterManager.getInstance();
AdapterGroupVO srcAdapterGrpVO = adapterManager.getAdapterGroupVO(adapterGroupName);
// TAS 거래일 경우 NULL일 있음
if(srcAdapterGrpVO == null) {
msg = new String((byte[])message);
}
else {
// String srcAdapterMsgType = srcAdapterGrpVO.getMessageType();
// if( MessageUtil.isUTF8(srcAdapterMsgType) ) {
// try {
// msg = new String((byte[])message, UJSONMessage.encode);
// } catch (UnsupportedEncodingException e) {
// logger.warn("msg encode error", e);
// msg = new String((byte[])message); }
// }
// else {
// msg = new String((byte[])message);
// }
String charset = StringUtils.defaultIfBlank(srcAdapterGrpVO.getMessageEncode(), Charset.defaultCharset().name());
try {
msg = new String((byte[])message, charset);
} catch (UnsupportedEncodingException e) {
logger.warn("msg encode error", e);
msg = new String((byte[])message);
}
}
}
else if(message instanceof String) {
msg = (String)message;
}
else {
msg = "invaild message ["+message.getClass().getName()+"] "+message.toString();
}
}
errorInfoVO.setBwkDataTxt(msg); // 업무데이터내용
errorInfoVO.setEaiSvrInstNm(svcInstNm); // EAI서버인스턴스명
InboundErrorLogger.error(errorInfoVO);
if (logger.isError()) {
logger.error("======================================================================" );
logger.error(" RequestDispatcher] GET UNKNOWN MESSAGE");
logger.error(" ADAPTER GROUP NAME [" + adapterGroupName + "]");
logger.error(" EAISVCNAME [" + eaiSvcCd + "]");
logger.error(" ADAPTER NAME [" + adapterName + "]");
logger.error("======================================================================" );
}
}
}
@@ -104,7 +104,8 @@ public class ApiAuthFilter implements HttpAdapterFilter {
*/
StandardMessage standardMessage = STDMessageManager.getInstance().getSTDMessage(apiId);
String eaiSvcCd = StandardMessageManager.getInstance().getMapper().getEaiSvcCode(standardMessage);
if(!StringUtils.equals(eaiSvcCd, prop.getProperty("API_SERVICE_CODE"))) eaiSvcCd = prop.getProperty("API_SERVICE_CODE");
// if (StringUtils.isNotEmpty(eaiSvcCd) && !StringUtils.equals(eaiSvcCd, ))
// eaiSvcCd = prop.getProperty("API_SERVICE_CODE");
EAIMessage eaiMessage = EAIMessageManager.getInstance().getEAIMessage(eaiSvcCd);
if(StringUtils.isBlank(eaiMessage.getAuthType())){
@@ -305,7 +306,8 @@ public class ApiAuthFilter implements HttpAdapterFilter {
}
public static String extractBearerToken(HttpServletRequest request) throws JwtAuthException {
String authorization = request.getHeader("Authorization");
String tokenHeaderName = PropManager.getInstance().getProperty("ApiConfig", "token.header.name", "Authorization");
String authorization = request.getHeader(tokenHeaderName);
if (StringUtils.isBlank(authorization)) {
// QueryString으로 전달된 access_token 파라미터 확인
String tokenParamName = PropManager.getInstance().getProperty("ApiConfig", "token.param.name", "access_token");
@@ -313,13 +315,13 @@ public class ApiAuthFilter implements HttpAdapterFilter {
if (StringUtils.isNotBlank(queryToken)) {
return queryToken.trim();
}
throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "No have header info: Authorization");
throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "No have header info: " + tokenHeaderName);
}
String[] components = authorization.split("\\s");
String[] components = authorization.trim().split("\\s+", 2);
if (components.length != 2) {
throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Malformat [Authorization] content");
throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Malformat [" + tokenHeaderName + "] content");
}
if (!StringUtils.equalsIgnoreCase(components[0], "Bearer")) {
@@ -6,13 +6,10 @@ import com.eactive.eai.common.util.Logger;
public class HttpAdapterFilterFactory {
static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
static String basePackage = "com.eactive.eai.adapter.http.dynamic.filter";
static String customBasePackage = "com.eactive.eai.custom.adapter.http.dynamic.filter";
static private ConcurrentHashMap<String, HttpAdapterFilter> h = new ConcurrentHashMap<String, HttpAdapterFilter>();
public HttpAdapterFilterFactory() {
super();
}
@SuppressWarnings("rawtypes")
public static HttpAdapterFilter createFilter(String type) {
if (h.containsKey(type)) {
return (HttpAdapterFilter) h.get(type);
@@ -32,12 +29,19 @@ public class HttpAdapterFilterFactory {
case ADAPTERALLOWIPLISTFILTER:
filter = new AdapterAllowIPListFilter();
break;
case HMAC_SHA256:
filter = new HmacSha256VerifyFilterKjb();
break;
case REFLECTALLHEADER:
filter = new ReflectAllHeaderFilter();
break;
default:
try {
Class cl = Class.forName(type);
filter = (HttpAdapterFilter) cl.newInstance();
} catch (Exception e) {
logger.error("Cannot create a HttpAdapterFilter. - {}", type);
filter = classForName(type);
if (filter == null) {
filter = classForName(basePackage + "." + type);
}
if (filter == null) {
filter = classForName(customBasePackage + "." + type);
}
break;
}
@@ -49,4 +53,14 @@ public class HttpAdapterFilterFactory {
return null;
}
}
private static HttpAdapterFilter classForName(String type) {
try {
Class<?> cl = Class.forName(type);
return (HttpAdapterFilter) cl.newInstance();
} catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
logger.error("Cannot create a HttpAdapterFilter. - {}", type);
return null;
}
}
}
@@ -1,67 +0,0 @@
package com.eactive.eai.adapter.http.dynamic.filter;
import java.util.concurrent.ConcurrentHashMap;
import com.eactive.eai.common.util.Logger;
public class HttpAdapterFilterFactoryKjb extends HttpAdapterFilterFactory {
static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
static String basePackage = "com.eactive.eai.custom.adapter.http.dynamic.filter";
static private ConcurrentHashMap<String, HttpAdapterFilter> h = new ConcurrentHashMap<String, HttpAdapterFilter>();
public HttpAdapterFilterFactoryKjb() {
super();
}
@SuppressWarnings("rawtypes")
public static HttpAdapterFilter createFilter(String type) {
if (h.containsKey(type)) {
return (HttpAdapterFilter) h.get(type);
}
HttpAdapterFilter filter = null;
switch (HttpAdapterFilterType.getValue(type)) {
case APIAUTHFILTER:
filter = new ApiAuthFilter();
break;
case JWTAUTHFILTER:
filter = new JwtAuthFilter();
break;
case IPWHITELISTFILTER:
filter = new IpWhiteListFilter();
break;
case ADAPTERALLOWIPLISTFILTER:
filter = new AdapterAllowIPListFilter();
break;
case HMAC_SHA256:
filter = new HmacSha256VerifyFilterKjb();
break;
case REFLECTALLHEADER:
filter = new ReflectAllHeaderFilter();
break;
default:
filter = classForName(type);
if (filter == null) {
filter = classForName(basePackage + "." + type);
}
break;
}
if (filter != null) {
h.put(type, filter);
return filter;
} else {
return null;
}
}
private static HttpAdapterFilter classForName(String type) {
try {
Class<?> cl = Class.forName(type);
return (HttpAdapterFilter) cl.newInstance();
} catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
logger.error("Cannot create a HttpAdapterFilter. - {}", type);
return null;
}
}
}
@@ -0,0 +1,85 @@
package com.eactive.eai.adapter.http.dynamic.filter;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import com.eactive.eai.adapter.http.filter.AbstractCryptoFilter;
/**
* HTTP 서버 어댑터용 암복호화 필터 (수신 방향).
*
* doPreFilter : 수신 요청 복호화 (CRYPTO_DEC_* 프로퍼티 기반)
* doPostFilter : 송신 응답 암호화 (CRYPTO_ENC_* 프로퍼티 기반)
*
* DYNAMIC 컨텍스트가 필요한 경우 {@link #buildRuntimeContext} 오버라이드한다.
* STATIC 모듈을 사용하는 경우 Map이 기본값이므로 오버라이드 불필요.
*
* 프로퍼티 설명은 {@link AbstractCryptoFilter} 참조.
*/
public class InCryptoFilter extends AbstractCryptoFilter implements HttpAdapterFilter {
/**
* DYNAMIC 도출용 컨텍스트를 구성한다.
* STATIC 모듈이면 Map({@code new HashMap<>()}) 반환한다.
* 서브클래스에서 오버라이드하여 HttpServletRequest로부터 값을 추출할 있다.
*/
protected Map<String, String> buildRuntimeContext(Properties prop, HttpServletRequest request) {
return new HashMap<>();
}
/**
* CRYPTO_AAD_HEADER 프로퍼티에 지정된 헤더값을 UTF-8 바이트로 반환한다.
* 미설정 또는 헤더값 없으면 null을 반환하여 GCM 기본 동작(IV를 AAD 대체값으로 사용) 따른다.
*/
protected byte[] buildAad(Properties prop, HttpServletRequest request) {
String headerName = prop.getProperty(PROP_AAD_HEADER);
if (StringUtils.isBlank(headerName) || request == null) {
return null;
}
String headerValue = request.getHeader(headerName);
return StringUtils.isBlank(headerValue) ? null : headerValue.getBytes(StandardCharsets.UTF_8);
}
@Override
public Object doPreFilter(String adptGrpName, String adptName, Object message, Properties prop,
HttpServletRequest request, HttpServletResponse response) throws Exception {
String moduleName = required(prop, PROP_MODULE_NAME);
String scope = getProp(prop, PROP_SCOPE, SCOPE_FIELD).toUpperCase();
String body = toBodyString(message);
Map<String, String> runtimeCtx = buildRuntimeContext(prop, request);
byte[] aad = buildAad(prop, request);
if (SCOPE_FIELD.equals(scope)) {
return decryptField(body, moduleName, runtimeCtx, aad,
getProp(prop, PROP_DEC_FROM_PATH, PATH_ENCDATA),
getProp(prop, PROP_DEC_TO_PATH, PATH_ROOT));
}
return decryptBody(body, moduleName, runtimeCtx, aad);
}
@Override
public Object doPostFilter(String adptGrpName, String adptName, Object resultMessage, Properties prop,
HttpServletRequest request, HttpServletResponse response) throws Exception {
String moduleName = required(prop, PROP_MODULE_NAME);
String scope = getProp(prop, PROP_SCOPE, SCOPE_FIELD).toUpperCase();
String body = toBodyString(resultMessage);
Map<String, String> runtimeCtx = buildRuntimeContext(prop, request);
byte[] aad = buildAad(prop, request);
if (SCOPE_FIELD.equals(scope)) {
return encryptField(body, moduleName, runtimeCtx, aad,
getProp(prop, PROP_ENC_FROM_PATH, PATH_ROOT),
getProp(prop, PROP_ENC_TO_PATH, PATH_ENCDATA));
}
return encryptBody(body, moduleName, runtimeCtx, aad);
}
}
@@ -45,7 +45,7 @@ public class HttpAdapterServiceBypass extends HttpAdapterServiceSupport {
public static final String HTTP_STATUS = "HTTP_STATUS";
public static final String PROPERTIES_NAME_HTTP_REQUEST_METHOD = "httpRequestMethod";
public static final String[] HOP_BY_HOP_HEADERS = new String[] { "Connection", "Keep-Alive", "Proxy-Authenticate",
"Proxy-Authorization", "TE", "Trailers", "Transfer-Encoding", "Upgrade" };
"Proxy-Authorization", "TE", "Trailers", "Trailer", "Transfer-Encoding", "Upgrade" };
protected boolean doPreserveCookies = false;
protected boolean doPreserveCookiePath = false;
@@ -0,0 +1,153 @@
package com.eactive.eai.adapter.http.filter;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Map;
import java.util.Properties;
import org.apache.commons.lang3.StringUtils;
import com.eactive.eai.common.security.CryptoModuleService;
import com.eactive.eai.common.util.Logger;
import com.eactive.eai.util.JsonPathUtil;
import com.fasterxml.jackson.databind.JsonNode;
/**
* InCryptoFilter / OutCryptoFilter 공통 기반 클래스.
*
* BODY/FIELD 범위 암복호화 로직, 프로퍼티 상수, 유틸리티 메서드를 제공한다.
* HTTP 서버 어댑터용은 {@link InCryptoFilter}, 클라이언트 어댑터용은 {@link OutCryptoFilter} 참조.
*
* 프로퍼티 :
* CRYPTO_MODULE_NAME 필수. DB에 등록된 암호화 모듈명.
* CRYPTO_SCOPE BODY | FIELD (기본값: FIELD)
* BODY : 메시지 전체를 암복호화 (Base64 인코딩/디코딩)
* FIELD : 특정 JSON 경로의 값만 암복호화
*
* FIELD 범위 전용:
* CRYPTO_DEC_FROM_PATH 복호화 대상 JSON 경로 (기본값: /encrypted_data)
* CRYPTO_DEC_TO_PATH 복호화 결과 반영 경로. "/" = 전체 body 교체.
* CRYPTO_ENC_FROM_PATH 암호화 대상 JSON 경로. "/" = 전체 body 암호화.
* CRYPTO_ENC_TO_PATH 암호화 결과(Base64) 넣을 JSON 경로 (기본값: /encrypted_data)
*
* GCM AAD 전용 (선택):
* CRYPTO_AAD_HEADER AAD로 사용할 HTTP 요청 헤더명 (InCryptoFilter 전용).
* 미설정 또는 헤더값 없으면 aad=null IV를 AAD 대체값으로 사용.
*/
public abstract class AbstractCryptoFilter {
protected static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
public static final String PROP_MODULE_NAME = "CRYPTO_MODULE_NAME";
public static final String PROP_SCOPE = "CRYPTO_SCOPE";
public static final String PROP_DEC_FROM_PATH = "CRYPTO_DEC_FROM_PATH";
public static final String PROP_DEC_TO_PATH = "CRYPTO_DEC_TO_PATH";
public static final String PROP_ENC_FROM_PATH = "CRYPTO_ENC_FROM_PATH";
public static final String PROP_ENC_TO_PATH = "CRYPTO_ENC_TO_PATH";
public static final String PROP_AAD_HEADER = "CRYPTO_AAD_HEADER";
public static final String SCOPE_BODY = "BODY";
public static final String SCOPE_FIELD = "FIELD";
public static final String PATH_ROOT = "/";
public static final String PATH_ENCDATA = "/encrypted_data";
// ------------------------------------------------------------------
// 복호화 구현
// ------------------------------------------------------------------
protected String decryptBody(String body, String moduleName, Map<String, String> runtimeCtx,
byte[] aad) throws Exception {
byte[] cipherBytes = Base64.getDecoder().decode(body.trim());
byte[] plainBytes = CryptoModuleService.getInstance().decrypt(moduleName, runtimeCtx, aad, cipherBytes);
return new String(plainBytes, StandardCharsets.UTF_8);
}
/**
* fromPath의 Base64 값을 복호화하여 toPath에 반영. JSON 파싱 1회.
* toPath = "/" fromPath 필드를 제거하고 복호화된 JSON을 body에 병합.
*/
protected String decryptField(String body, String moduleName, Map<String, String> runtimeCtx,
byte[] aad, String fromPath, String toPath) throws Exception {
JsonNode root = JsonPathUtil.toTree(body);
String encBase64 = JsonPathUtil.getAt(root, fromPath);
if (StringUtils.isBlank(encBase64)) {
logger.warn("CryptoFilter] 복호화 대상 필드 없음: path=" + fromPath);
return body;
}
byte[] cipherBytes = Base64.getDecoder().decode(encBase64.trim());
byte[] plainBytes = CryptoModuleService.getInstance().decrypt(moduleName, runtimeCtx, aad, cipherBytes);
String plainText = new String(plainBytes, StandardCharsets.UTF_8);
if (PATH_ROOT.equals(toPath)) {
return JsonPathUtil.mergeAtRoot(root, fromPath, plainText);
}
JsonPathUtil.setAt(root, toPath, plainText);
return JsonPathUtil.fromTree(root);
}
// ------------------------------------------------------------------
// 암호화 구현
// ------------------------------------------------------------------
protected String encryptBody(String body, String moduleName, Map<String, String> runtimeCtx,
byte[] aad) throws Exception {
byte[] cipherBytes = CryptoModuleService.getInstance().encrypt(moduleName, runtimeCtx, aad,
body.getBytes(StandardCharsets.UTF_8));
return Base64.getEncoder().encodeToString(cipherBytes);
}
/**
* fromPath 값을 암호화하여 toPath(Base64) 반영. JSON 파싱 1회.
* fromPath = "/" body 전체를 암호화하여 toPath 필드명으로 래핑 (파싱 불필요).
*/
protected String encryptField(String body, String moduleName, Map<String, String> runtimeCtx,
byte[] aad, String fromPath, String toPath) throws Exception {
if (PATH_ROOT.equals(fromPath)) {
byte[] cipherBytes = CryptoModuleService.getInstance().encrypt(moduleName, runtimeCtx, aad,
body.getBytes(StandardCharsets.UTF_8));
String encBase64 = Base64.getEncoder().encodeToString(cipherBytes);
String fieldName = toPath.replaceFirst("^/", "");
return "{\"" + fieldName + "\":\"" + encBase64 + "\"}";
}
JsonNode root = JsonPathUtil.toTree(body);
String plainText = JsonPathUtil.getAt(root, fromPath);
if (StringUtils.isBlank(plainText)) {
logger.warn("CryptoFilter] 암호화 대상 필드 없음: path=" + fromPath);
return body;
}
byte[] cipherBytes = CryptoModuleService.getInstance().encrypt(moduleName, runtimeCtx, aad,
plainText.getBytes(StandardCharsets.UTF_8));
String encBase64 = Base64.getEncoder().encodeToString(cipherBytes);
JsonPathUtil.setAt(root, toPath, encBase64);
return JsonPathUtil.fromTree(root);
}
// ------------------------------------------------------------------
// 유틸
// ------------------------------------------------------------------
/**
* 필터로 전달되는 message 객체를 JSON 문자열로 변환한다.
*/
protected String toBodyString(Object message) {
if (message instanceof String) {
return (String) message;
}
if (message instanceof byte[]) {
return new String((byte[]) message, StandardCharsets.UTF_8);
}
return message.toString();
}
protected String required(Properties prop, String key) {
String v = prop.getProperty(key);
if (StringUtils.isBlank(v)) {
throw new IllegalArgumentException("CryptoFilter 필수 프로퍼티 누락: " + key);
}
return v;
}
protected String getProp(Properties prop, String key, String defaultVal) {
String v = prop.getProperty(key);
return StringUtils.isBlank(v) ? defaultVal : v;
}
}
@@ -2,7 +2,8 @@ package com.eactive.eai.agent.inflow;
import com.eactive.eai.agent.command.Command;
import com.eactive.eai.agent.command.CommandException;
import com.eactive.eai.common.inflow.InflowControlManager;
import com.eactive.eai.common.inflow.AbstractInflowControlManager;
import com.eactive.eai.common.inflow.InflowControlUtil;
import com.eactive.eai.common.util.Logger;
public class ReloadInflowAdapterControlCommand extends Command {
@@ -27,7 +28,7 @@ public class ReloadInflowAdapterControlCommand extends Command {
String keyName = (String) args;
try {
InflowControlManager manager = InflowControlManager.getInstance();
AbstractInflowControlManager manager = InflowControlUtil.getInflowControlManager();
if (keyName != null) {
if ("ALL".equals(keyName)) {
@@ -0,0 +1,60 @@
package com.eactive.eai.agent.inflow;
import com.eactive.eai.agent.command.Command;
import com.eactive.eai.agent.command.CommandException;
import com.eactive.eai.common.inflow.AbstractInflowControlManager;
import com.eactive.eai.common.inflow.InflowControlUtil;
import com.eactive.eai.common.inflow.dual.ClientDualInflowControlManager;
import com.eactive.eai.common.util.Logger;
public class ReloadInflowClientControlCommand extends Command {
private static final long serialVersionUID = 1L;
public ReloadInflowClientControlCommand() {
super("ReloadInflowClientControlCommand");
}
public Object execute() throws CommandException {
Logger logger = Logger.getLogger(Logger.LOGGER_DEFAULT);
if (logger.isInfo())
logger.info(this.name + " is executed");
if (!(args instanceof String)) {
String rspErrorCode = "RECEAIMCM001";
String msg = makeException(rspErrorCode, null);
if (logger.isError())
logger.error(msg);
throw new CommandException(msg);
}
String keyName = (String) args;
try {
AbstractInflowControlManager base = InflowControlUtil.getInflowControlManager();
if (!(base instanceof ClientDualInflowControlManager)) {
throw new IllegalStateException("ClientDualInflowControlManager 가 활성화되지 않았습니다.");
}
ClientDualInflowControlManager manager = (ClientDualInflowControlManager) base;
if (keyName != null) {
if ("ALL".equals(keyName)) {
manager.reloadClient();
if (logger.isWarn())
logger.warn(this.name + "] all rule Reload.");
} else {
manager.reloadClient(keyName);
if (logger.isWarn())
logger.warn(this.name + "] " + keyName + " Reload.");
}
}
} catch (Exception e) {
String rspErrorCode = "RECEAIMCM002";
String msg = makeException(rspErrorCode, e);
if (logger.isError())
logger.error(msg, e);
throw new CommandException(msg);
}
return "success";
}
}
@@ -2,7 +2,8 @@ package com.eactive.eai.agent.inflow;
import com.eactive.eai.agent.command.Command;
import com.eactive.eai.agent.command.CommandException;
import com.eactive.eai.common.inflow.InflowControlManager;
import com.eactive.eai.common.inflow.AbstractInflowControlManager;
import com.eactive.eai.common.inflow.InflowControlUtil;
import com.eactive.eai.common.util.Logger;
public class ReloadInflowGroupControlCommand extends Command {
@@ -28,7 +29,7 @@ public class ReloadInflowGroupControlCommand extends Command {
String keyName = (String) args;
try {
InflowControlManager manager = InflowControlManager.getInstance();
AbstractInflowControlManager manager = InflowControlUtil.getInflowControlManager();
if (keyName != null) {
if ("ALL".equals(keyName)) {
@@ -2,7 +2,8 @@ package com.eactive.eai.agent.inflow;
import com.eactive.eai.agent.command.Command;
import com.eactive.eai.agent.command.CommandException;
import com.eactive.eai.common.inflow.InflowControlManager;
import com.eactive.eai.common.inflow.AbstractInflowControlManager;
import com.eactive.eai.common.inflow.InflowControlUtil;
import com.eactive.eai.common.util.Logger;
public class ReloadInflowInterfaceControlCommand extends Command {
@@ -28,7 +29,7 @@ public class ReloadInflowInterfaceControlCommand extends Command {
String keyName = (String) args;
try {
InflowControlManager manager = InflowControlManager.getInstance();
AbstractInflowControlManager manager = InflowControlUtil.getInflowControlManager();
if (keyName != null) {
if ("ALL".equals(keyName)) {
@@ -2,7 +2,8 @@ package com.eactive.eai.agent.inflow;
import com.eactive.eai.agent.command.Command;
import com.eactive.eai.agent.command.CommandException;
import com.eactive.eai.common.inflow.InflowControlManager;
import com.eactive.eai.common.inflow.AbstractInflowControlManager;
import com.eactive.eai.common.inflow.InflowControlUtil;
import com.eactive.eai.common.util.Logger;
public class RemoveInflowAdapterControlCommand extends Command {
@@ -26,7 +27,7 @@ public class RemoveInflowAdapterControlCommand extends Command {
String key = (String) args;
try {
InflowControlManager manager = InflowControlManager.getInstance();
AbstractInflowControlManager manager = InflowControlUtil.getInflowControlManager();
manager.removeAdapter(key);
} catch (Exception e) {
String rspErrorCode = "RECEAIMCM002";
@@ -0,0 +1,50 @@
package com.eactive.eai.agent.inflow;
import com.eactive.eai.agent.command.Command;
import com.eactive.eai.agent.command.CommandException;
import com.eactive.eai.common.inflow.AbstractInflowControlManager;
import com.eactive.eai.common.inflow.InflowControlUtil;
import com.eactive.eai.common.inflow.dual.ClientDualInflowControlManager;
import com.eactive.eai.common.util.Logger;
public class RemoveInflowClientControlCommand extends Command {
private static final long serialVersionUID = 1L;
public RemoveInflowClientControlCommand() {
super("RemoveInflowClientControlCommand");
}
public Object execute() throws CommandException {
Logger logger = Logger.getLogger(Logger.LOGGER_DEFAULT);
if (logger.isInfo())
logger.info(this.name + " is executed");
if (!(args instanceof String)) {
String rspErrorCode = "RECEAIMCM001";
String msg = makeException(rspErrorCode, null);
if (logger.isError())
logger.error(msg);
throw new CommandException(msg);
}
String key = (String) args;
try {
AbstractInflowControlManager base = InflowControlUtil.getInflowControlManager();
if (!(base instanceof ClientDualInflowControlManager)) {
throw new IllegalStateException("ClientDualInflowControlManager 가 활성화되지 않았습니다.");
}
ClientDualInflowControlManager manager = (ClientDualInflowControlManager) base;
manager.removeClient(key);
if (logger.isWarn())
logger.warn(this.name + "] " + key + " removed.");
} catch (Exception e) {
String rspErrorCode = "RECEAIMCM002";
String msg = makeException(rspErrorCode, e);
if (logger.isError())
logger.error(msg, e);
throw new CommandException(msg);
}
return "success";
}
}
@@ -2,7 +2,8 @@ package com.eactive.eai.agent.inflow;
import com.eactive.eai.agent.command.Command;
import com.eactive.eai.agent.command.CommandException;
import com.eactive.eai.common.inflow.InflowControlManager;
import com.eactive.eai.common.inflow.AbstractInflowControlManager;
import com.eactive.eai.common.inflow.InflowControlUtil;
import com.eactive.eai.common.util.Logger;
public class RemoveInflowGroupControlCommand extends Command {
@@ -28,7 +29,7 @@ public class RemoveInflowGroupControlCommand extends Command {
String key = (String) args;
try {
InflowControlManager manager = InflowControlManager.getInstance();
AbstractInflowControlManager manager = InflowControlUtil.getInflowControlManager();
manager.removeGroup(key);
if (logger.isWarn())
logger.warn(this.name + "] group " + key + " removed.");
@@ -2,7 +2,8 @@ package com.eactive.eai.agent.inflow;
import com.eactive.eai.agent.command.Command;
import com.eactive.eai.agent.command.CommandException;
import com.eactive.eai.common.inflow.InflowControlManager;
import com.eactive.eai.common.inflow.AbstractInflowControlManager;
import com.eactive.eai.common.inflow.InflowControlUtil;
import com.eactive.eai.common.util.Logger;
public class RemoveInflowInterfaceControlCommand extends Command {
@@ -25,7 +26,7 @@ public class RemoveInflowInterfaceControlCommand extends Command {
String key = (String) args;
try {
InflowControlManager manager = InflowControlManager.getInstance();
AbstractInflowControlManager manager = InflowControlUtil.getInflowControlManager();
manager.removeInterface(key);
} catch (Exception e) {
String rspErrorCode = "RECEAIMCM002";
@@ -0,0 +1,28 @@
package com.eactive.eai.agent.security;
import com.eactive.eai.agent.command.Command;
import com.eactive.eai.agent.command.CommandException;
import com.eactive.eai.common.security.CryptoModuleManager;
import com.eactive.eai.common.util.Logger;
public class ReloadCryptoModuleCommand extends Command {
private static final long serialVersionUID = 1032982004418318100L;
@Override
public Object execute() throws CommandException {
Logger logger = Logger.getLogger(Logger.LOGGER_DEFAULT);
try {
String cryptoId = (String) args;
CryptoModuleManager.getInstance().reload(cryptoId);
return "success";
} catch (Exception e) {
String rspErrorCode = "RECEAIMCM002";
String msg = this.makeException(rspErrorCode, e);
if (logger.isError()) {
logger.error(msg, e);
}
throw new CommandException(e.getMessage());
}
}
}
@@ -13,15 +13,21 @@ import com.eactive.eai.common.lifecycle.Lifecycle;
import com.eactive.eai.common.lifecycle.LifecycleException;
import com.eactive.eai.common.lifecycle.LifecycleListener;
import com.eactive.eai.common.lifecycle.LifecycleSupport;
import com.eactive.eai.common.session.SessionManager;
import com.eactive.eai.common.session.SessionManagerForIgnite;
import com.eactive.eai.common.util.ApplicationContextProvider;
import com.eactive.eai.common.util.Logger;
import com.mchange.v1.cachedstore.CachedStore.Manager;
import com.openbanking.eai.common.token.AccessTokenVO;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import java.util.*;
import java.util.Map.Entry;
import java.util.concurrent.*;
import java.util.function.Function;
import java.util.function.Supplier;
/**
* 1. 기능 : Access 토큰 정보를 DB로 부터 로딩하고 만료시 재발급 정보를 메모리에 관리하는 Manager 클래스
@@ -55,13 +61,8 @@ public class AccessTokenManagerByDB implements Lifecycle {
/**
* 기동 여부
*/
private boolean started;
/**
* 토큰 정보를 저장하는 collection
*/
private HashMap<String, AccessTokenVO> tokens;
private boolean started;
/**
* 인증 정보를 저장하는 Map
*/
@@ -78,7 +79,6 @@ public class AccessTokenManagerByDB implements Lifecycle {
private static final int TOKEN_SCHEDULER_THREAD_POOL_SIZE = 30;
public AccessTokenManagerByDB() {
tokens = new HashMap<>();
scheduledTasks = new ConcurrentHashMap<>();
outboundOAuthCredentialVos = new HashMap<>();
runningTasks = Collections.newSetFromMap(new ConcurrentHashMap<>());
@@ -117,7 +117,6 @@ public class AccessTokenManagerByDB implements Lifecycle {
lifecycle.fireLifecycleEvent(STARTING_EVENT, this);
try {
tokens.clear();
init();
} catch(Exception e) {
throw new LifecycleException(ExceptionUtil.getErrorCode(e,"RECEAICPM201"));
@@ -168,7 +167,6 @@ public class AccessTokenManagerByDB implements Lifecycle {
logger.error("Scheduler shutdown interrupted", e);
}
this.tokens = null;
started = false;
if (logger.isWarn()){
@@ -240,27 +238,34 @@ public class AccessTokenManagerByDB implements Lifecycle {
try {
logger.debug("Executing token issuance for adapter group: {}", adapterGroupName);
// 현재 토큰 가져오기
AccessTokenVO accessToken = tokens.get(adapterGroupName);
SessionManager.getInstance().getOutboundAccessToken(adapterGroupName, new Function<AccessTokenVO, AccessTokenVO>() {
// 다음 스케줄 시간 계산
long intervalTime = System.currentTimeMillis() + (credential.getIntervalSec() * 1000);
// 토큰이 없거나, 다음 스케줄 시간 전에 만료될 경우 재발급
if (accessToken == null) {
issueToken(credential, false);
} else if(accessToken.getExpiration() != null) {
// 토큰이 있고 만료시간이 설정 경우
if(accessToken.getExpiration().before(new Date(intervalTime))){
// 다음 스케줄 전에 토큰이 만료되는 경우 재발급
issueToken(credential, true);
@Override
public AccessTokenVO apply(AccessTokenVO accessToken) {
long intervalTime = System.currentTimeMillis() + (credential.getIntervalSec() * 1000);
// // 토큰이 없거나, 다음 스케줄 시간 전에 만료될 경우 재발급
if (accessToken == null) {
return issueToken(credential);
} else if(accessToken.getExpiration() != null) {
// 토큰이 있고 만료시간이 설정 경우
if(accessToken.getExpiration().before(new Date(intervalTime))){
// 다음 스케줄 전에 토큰이 만료되는 경우 재발급
return issueToken(credential);
} else {
// 토큰이 아직 유효한 경우
logger.debug("Token still valid until next schedule for adapter group: {}, expiration date: {}", adapterGroupName, accessToken.getExpiration());
return accessToken;
}
} else {
// 토큰이 아직 유효한 경우
logger.debug("Token still valid until next schedule for adapter group: {}, expiration date: {}", adapterGroupName, accessToken.getExpiration());
//토큰이 있지만 만료 시간이 없는 경우
logger.debug("Token exists but expiration time is null for adapter group: {}", adapterGroupName);
return accessToken;
}
} else {
//토큰이 있지만 만료 시간이 없는 경우
logger.debug("Token exists but expiration time is null for adapter group: {}", adapterGroupName);
}
}
});
logger.debug("Token issuance completed for adapter group: {}", adapterGroupName);
} catch (Exception e) {
@@ -282,19 +287,24 @@ public class AccessTokenManagerByDB implements Lifecycle {
}
}
private void issueToken(OutboundOAuthCredentialVo outboundOAuthCredentialVo, boolean isTokenExpiredWithinInterval) throws Exception {
String adapterGroupName = outboundOAuthCredentialVo.getAdapterGroupName();
boolean isExpired = true;
private AccessTokenVO issueToken(OutboundOAuthCredentialVo outboundOAuthCredentialVo) {
String adapterGroupName = outboundOAuthCredentialVo.getAdapterGroupName();
AccessTokenVO accessToken = null;
try {
// boolean isExpired = true;
// if (tokens.containsKey(adapterGroupName)) {
// AccessTokenVO accessToken = tokens.get(adapterGroupName);
// isExpired = accessToken.isExpired();
// }
// logger.debug("Token status for adapter group: {}, expired: {}, isTokenExpiredWithinInterval: {}", adapterGroupName, isExpired, isTokenExpiredWithinInterval);
if (tokens.containsKey(adapterGroupName)) {
AccessTokenVO accessToken = tokens.get(adapterGroupName);
isExpired = accessToken.isExpired();
}
logger.debug("Token status for adapter group: {}, expired: {}, isTokenExpiredWithinInterval: {}", adapterGroupName, isExpired, isTokenExpiredWithinInterval);
if (isExpired || isTokenExpiredWithinInterval) {
// if (isExpired || isTokenExpiredWithinInterval) {
logger.info("Issuing new token for adapter group: {}", adapterGroupName);
tokens.remove(adapterGroupName);
// tokens.remove(adapterGroupName);
AdapterGroupVO gvo = AdapterManager.getInstance().getAdapterGroupVO(adapterGroupName);
@@ -306,16 +316,23 @@ public class AccessTokenManagerByDB implements Lifecycle {
HttpClientAccessTokenServiceByDB service = HttpClientAccessTokenServiceFactoryByDB.createFactory(type);
if(service != null) {
logger.debug("Executing token service of type: {} for adapter group: {}", type, adapterGroupName);
AccessTokenVO accessToken = (AccessTokenVO) service.execute(adapterGroupName, properties, outboundOAuthCredentialVo);
this.tokens.put(adapterGroupName, accessToken);
accessToken = (AccessTokenVO) service.execute(adapterGroupName, properties, outboundOAuthCredentialVo);
logger.info("New token issued successfully for adapter group: {}", adapterGroupName);
return accessToken;
} else {
logger.warn("Token service not found for type: {} and adapter group: {}", type, adapterGroupName);
}
} else {
logger.warn("No valid adapter configuration found for adapter group: {}", adapterGroupName);
}
}
}catch (Exception e) {
logger.error("Task execution failed for adapter group: {}", adapterGroupName, e);
}
return accessToken;
}
public void stopToken(String adapterGroupName) {
@@ -324,7 +341,7 @@ public class AccessTokenManagerByDB implements Lifecycle {
task.cancel(true);
logger.warn("Token task stopped for adapter group: {}", adapterGroupName);
}
tokens.remove(adapterGroupName);
SessionManager.getInstance().removeOutboundAccessToken(adapterGroupName);
logger.debug("Token removed for adapter group: {}", adapterGroupName);
}
@@ -382,15 +399,28 @@ public class AccessTokenManagerByDB implements Lifecycle {
* @return Access 토큰 정보
**/
public AccessTokenVO getAccessTokenVO(String adapterGroupName) {
AccessTokenVO accessToken = null;
try {
accessToken = tokens.get(adapterGroupName);
} catch(Exception e) {
if (logger.isError()) logger.error("토큰을 찾을 수 없습니다. ["+adapterGroupName+"] ", e);
}
AccessTokenVO accessToken = null;
return accessToken;
try {
accessToken = SessionManager.getInstance().getOutboundAccessToken(adapterGroupName,
new Function<AccessTokenVO, AccessTokenVO>() {
@Override
public AccessTokenVO apply(AccessTokenVO t) {
OutboundOAuthCredentialVo outboundOAuthCredentialVo = outboundOAuthCredentialVos
.get(adapterGroupName);
return issueToken(outboundOAuthCredentialVo);
}
});
} catch (Exception e) {
if (logger.isError())
logger.error("토큰을 찾을 수 없습니다. [" + adapterGroupName + "] ", e);
}
return accessToken;
}
/**
@@ -403,9 +433,9 @@ public class AccessTokenManagerByDB implements Lifecycle {
**/
public String getAccessToken(String adapterGroupName) {
String accessToken = null;
try {
accessToken = tokens.get(adapterGroupName).getAccessToken();
accessToken = getAccessTokenVO(adapterGroupName).getAccessToken();
} catch(Exception e) {
if (logger.isError()) logger.error("토큰을 찾을 수 없습니다. ["+adapterGroupName+"] ", e);
}
@@ -435,27 +465,29 @@ public class AccessTokenManagerByDB implements Lifecycle {
* 3. 주의사항
*
**/
public synchronized AccessTokenVO retryAccessTokenVO(String adapterGroupName, Properties properties, String oldToken) throws Exception {
AccessTokenVO accessToken = getAccessTokenVO(adapterGroupName);
public synchronized AccessTokenVO retryAccessTokenVO(String adapterGroupName, Properties properties,
String oldToken) throws Exception {
// 동시 요청이 발생할 경우 synchronized 처리를 했기때문에 토큰을 다시 한번 체크한다.
if (accessToken == null || accessToken.isExpired()
|| StringUtils.equals(accessToken.getAccessToken(), oldToken)) {
AccessTokenVO accessToken = getAccessTokenVO(adapterGroupName);
// 동시 요청이 발생할 경우 synchronized 처리를 했기때문에 토큰을 다시 한번 체크한다.
if (accessToken == null || accessToken.isExpired()
|| StringUtils.equals(accessToken.getAccessToken(), oldToken)) {
if (isOAuthCredentialRegistered(adapterGroupName) == false) {
throw new Exception(
"There is no OAuthCredentialRegistered information, or whether to use it is 'N'.");
}
String type = properties.getProperty("ADAPTER_TOKEN_ISSUING_CLIENT_TYPE");
HttpClientAccessTokenServiceByDB service = HttpClientAccessTokenServiceFactoryByDB.createFactory(type);
OutboundOAuthCredentialVo outboundOAuthCredentialVo = outboundOAuthCredentialVos.get(adapterGroupName);
if (service != null) {
accessToken = (AccessTokenVO) service.execute(adapterGroupName, properties,
outboundOAuthCredentialVo);
}
}
if(isOAuthCredentialRegistered(adapterGroupName) == false){
throw new Exception("There is no OAuthCredentialRegistered information, or whether to use it is 'N'.");
}
String type = properties.getProperty("ADAPTER_TOKEN_ISSUING_CLIENT_TYPE");
HttpClientAccessTokenServiceByDB service = HttpClientAccessTokenServiceFactoryByDB.createFactory(type);
OutboundOAuthCredentialVo outboundOAuthCredentialVo = outboundOAuthCredentialVos.get(adapterGroupName);
if(service != null) {
accessToken = (AccessTokenVO) service.execute(adapterGroupName, properties, outboundOAuthCredentialVo);
}
tokens.put(adapterGroupName, accessToken);
}
return accessToken;
}
}
}
@@ -17,10 +17,6 @@ import com.eactive.eai.common.lifecycle.LifecycleSupport;
import com.eactive.eai.common.property.PropManager;
import com.eactive.eai.common.util.ApplicationContextProvider;
import com.eactive.eai.common.util.Logger;
import com.eactive.eai.custom.alarm.AlarmStateManager;
import com.eactive.eai.custom.alarm.condition.AlarmCondition;
import com.eactive.eai.custom.alarm.event.AlarmEvent;
import com.eactive.eai.custom.alarm.key.CoreAlarmKey;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
@@ -45,7 +41,7 @@ public class TypedCircuitBreakerManager implements Lifecycle {
TypedCircuitBreakerVO defaultConfigVo;
HashMap<String, TypedCircuitBreakerVO> idCBConfigMap = new HashMap<>();
HashMap<String, TypedCircuitBreakerVO> apiIdCBConfigMap = new HashMap<>();
HashMap<String, TypedCircuitBreakerVO> urlCBConfigMap = new HashMap<>();
// HashMap<String, TypedCircuitBreakerVO> urlCBConfigMap = new HashMap<>();
private boolean started;
@Autowired
@@ -116,7 +112,7 @@ public class TypedCircuitBreakerManager implements Lifecycle {
CircuitBreakerConfig circuitBreakerConfig = this.createCircuitBreakerConfig(vo);
vo.setCircuitBreakerConfig(circuitBreakerConfig);
this.apiIdCBConfigMap.put(vo.getName(), vo);
this.idCBConfigMap.remove(vo.getId(), vo);
this.idCBConfigMap.put(vo.getId(), vo);
}
}
@@ -340,7 +336,7 @@ public class TypedCircuitBreakerManager implements Lifecycle {
switch (event.getEventType()) {
case ERROR :
TypedCircuitBreakerManager.logger
.error("CirbuitBreaker ERROR event occurred. CircuitBreakerEvent={}" + event);
.error("CircuitBreaker ERROR event occurred. CircuitBreakerEvent={}" + event);
break;
case STATE_TRANSITION :
if (event instanceof CircuitBreakerOnStateTransitionEvent) {
@@ -349,7 +345,7 @@ public class TypedCircuitBreakerManager implements Lifecycle {
CircuitBreaker.State toState = stateTransition.getToState();
CircuitBreaker.State fromState = stateTransition.getFromState();
TypedCircuitBreakerManager.logger.error(
"CirbuitBreaker STATE_TRANSITION event occurred. {} : {} -> {}. CircuitBreakerEvent={}, UrlCircuitBreakerVO={}",
"CircuitBreaker STATE_TRANSITION event occurred. {} : {} -> {}. CircuitBreakerEvent={}, UrlCircuitBreakerVO={}",
new Object[]{event.getCircuitBreakerName(), fromState, toState, event, this.vo});
// if (!toState.equals(State.OPEN) && !toState.equals(State.HALF_OPEN)
// && !toState.equals(State.CLOSED)) {
@@ -359,18 +355,19 @@ public class TypedCircuitBreakerManager implements Lifecycle {
// } else {
// this.sendAlert(stateTransitionEvent);
// }
AlarmEvent alarmEvent = AlarmEvent.builder().key(CoreAlarmKey.CircuitBreaker)
.condition(AlarmCondition.builder().build())
.message(String.format("CircuitBreaker state changed. apiId=%s, %s -> %s", event.getCircuitBreakerName(), fromState, toState))
.build();
AlarmStateManager.getAlarmStateManager().onEvnet(alarmEvent);
// AlarmEvent alarmEvent = AlarmEvent.builder().key(CoreAlarmKey.CircuitBreaker)
// .condition(AlarmCondition.builder().build())
// .message(String.format("CircuitBreaker state changed. apiId=%s, %s -> %s", event.getCircuitBreakerName(), fromState, toState))
// .build();
//
// AlarmStateManager.getAlarmStateManager().onEvnet(alarmEvent);
logger.warn("CircuitBreaker state changed. apiId={}, {} -> {}", event.getCircuitBreakerName(), fromState, toState);
TypedCircuitBreakerManager.logger.warn("CircuitBreaker state changed. apiId={}, {} -> {}", event.getCircuitBreakerName(), fromState, toState);
} else {
TypedCircuitBreakerManager.logger.error(
"CirbuitBreaker STATE_TRANSITION event occurred. CircuitBreakerEvent={}, UrlCircuitBreakerVO={}",
"CircuitBreaker STATE_TRANSITION event occurred. CircuitBreakerEvent={}, UrlCircuitBreakerVO={}",
new Object[]{event, this.vo});
}
break;
@@ -0,0 +1,266 @@
package com.eactive.eai.common.hsm;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.util.concurrent.ConcurrentHashMap;
import javax.annotation.PostConstruct;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.eactive.eai.common.property.PropManager;
import com.eactive.eai.common.util.Logger;
/**
* SafeNet ProtectServer HSM 암복호화 서비스 (JDK 8)
*
* [ 조회]
* getPublicKey - 공개키 반환 (외부 노출). 최초 1회만 HSM 통신, 이후 캐시 반환.
* getSecretKey - AES 대칭키 반환 (CKA_EXTRACTABLE=true 필요). 최초 1회만 HSM 통신, 이후 캐시 반환.
*
* [암복호화]
* encryptRsa - 공개키로 JVM 소프트웨어 암호화 (HSM 불필요)
* decryptRsa - alias 기반, HSM 내부 복호화 ( 호출마다 HSM 통신 발생 - 불가피)
* encryptAes - SecretKey 객체로 AES/CBC 암호화
* decryptAes - SecretKey 객체로 AES/CBC 복호화
*/
@Service
public class HsmCryptoService implements PropertyChangeListener {
static Logger logger = Logger.getLogger(Logger.LOGGER_DEFAULT);
private static final String RSA_ALGORITHM = "RSA/ECB/PKCS1Padding";
private static final String AES_ALGORITHM = "AES/CBC/PKCS5Padding";
private static final String PROP_GROUP = "HSM";
private static final String PROP_CACHE_RELOAD_YN = "CACHE_RELOAD_YN";
// HSM 통신 최소화: 최초 1회 조회 JVM 메모리에 캐싱
private final ConcurrentHashMap<String, SecretKey> secretKeyCache = new ConcurrentHashMap<String, SecretKey>();
private final ConcurrentHashMap<String, PublicKey> publicKeyCache = new ConcurrentHashMap<String, PublicKey>();
@Autowired
private PropManager propManager;
@PostConstruct
public void registerPropertyChangeListener() {
propManager.addPropertyChangeListener(this);
logger.warn("HsmCryptoService] PropManager PropertyChangeListener 등록 완료");
}
/**
* 관리포털에서 PropManager.reload("HSM") 호출 이벤트를 수신한다.
* HSM.CACHE_RELOAD_YN = Y 이면 캐시를 초기화한다.
*/
@Override
public void propertyChange(PropertyChangeEvent evt) {
if (!PROP_GROUP.equals(evt.getPropertyName())) {
return;
}
String reloadYn = propManager.getProperty(PROP_GROUP, PROP_CACHE_RELOAD_YN, "N");
if ("Y".equalsIgnoreCase(reloadYn)) {
clearKeyCache();
}
}
// -------------------------------------------------------------------------
// 조회 (외부 노출)
// -------------------------------------------------------------------------
/**
* HSM KeyStore 에서 공개키를 반환합니다. 최초 1회만 HSM 통신하고 이후 캐시를 반환합니다.
*/
public PublicKey getPublicKey(String keyAlias) throws HsmException {
checkReady();
PublicKey cached = publicKeyCache.get(keyAlias);
if (cached != null) {
return cached;
}
try {
Certificate cert = HsmManager.getInstance().getKeyStore().getCertificate(keyAlias);
if (cert == null) {
throw new HsmException("인증서를 찾을 수 없습니다. alias=" + keyAlias);
}
PublicKey key = cert.getPublicKey();
publicKeyCache.put(keyAlias, key);
logger.warn("HsmCryptoService] 공개키 캐시 등록: alias=" + keyAlias);
return key;
} catch (HsmException e) {
throw e;
} catch (Exception e) {
throw new HsmException("공개키 조회 실패: " + e.getMessage(), e);
}
}
/**
* HSM KeyStore 에서 AES 대칭키를 반환합니다. 최초 1회만 HSM 통신하고 이후 캐시를 반환합니다.
* HSM 생성 CKA_EXTRACTABLE=true (ctkmu -x 플래그) 생성된 키만 반환됩니다.
*/
public SecretKey getSecretKey(String keyAlias) throws HsmException {
checkReady();
SecretKey cached = secretKeyCache.get(keyAlias);
if (cached != null) {
return cached;
}
try {
KeyStore keyStore = HsmManager.getInstance().getKeyStore();
java.security.Key key = keyStore.getKey(keyAlias, null);
if (!(key instanceof SecretKey)) {
throw new HsmException("AES 키를 찾을 수 없습니다 (CKA_EXTRACTABLE=true 확인 필요). alias=" + keyAlias);
}
SecretKey secretKey = (SecretKey) key;
secretKeyCache.put(keyAlias, secretKey);
logger.warn("HsmCryptoService] 대칭키 캐시 등록: alias=" + keyAlias);
return secretKey;
} catch (HsmException e) {
throw e;
} catch (Exception e) {
throw new HsmException("AES 키 조회 실패: " + e.getMessage(), e);
}
}
/** 캐시를 비웁니다. HSM 키 교체 후 재로드가 필요할 때 호출합니다. */
public void clearKeyCache() {
secretKeyCache.clear();
publicKeyCache.clear();
logger.warn("HsmCryptoService] 키 캐시 초기화 완료");
}
// -------------------------------------------------------------------------
// RSA
// -------------------------------------------------------------------------
/**
* RSA 암호화 - HSM 인증서의 공개키로 JVM 소프트웨어 암호화.
* 공개키는 HSM 에서 추출하므로 HsmManager 초기화되어 있어야 합니다.
*/
public byte[] encryptRsa(String keyAlias, byte[] plaintext) throws HsmException {
return encryptRsa(getPublicKey(keyAlias), plaintext);
}
/**
* RSA 암호화 - 전달받은 공개키로 JVM 소프트웨어 암호화.
* HSM 없이도 호출 가능합니다.
*/
public byte[] encryptRsa(PublicKey publicKey, byte[] plaintext) throws HsmException {
try {
// Provider 미명시 JVM 소프트웨어 Provider(SunRsaSign) 자동 선택
Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
return cipher.doFinal(plaintext);
} catch (Exception e) {
throw new HsmException("RSA 암호화 실패: " + e.getMessage(), e);
}
}
/**
* RSA 복호화 - 개인키 핸들을 HSM 에서 가져와 HSM 내부에서 복호화.
* HsmManager 초기화되지 않은 경우 JVM 소프트웨어로 fallback 합니다.
*
* @param keyAlias HSM KeyStore 개인키 별칭
* @param pin HSM 슬롯 PIN (null 이면 HsmManager 초기화 사용한 PIN 재사용)
* @param ciphertext 암호문 바이트
*/
public byte[] decryptRsa(String keyAlias, char[] pin, byte[] ciphertext) throws HsmException {
try {
HsmManager hsmManager = HsmManager.getInstance();
if (hsmManager.isReady()) {
// HSM 내부 복호화: pkcs11Provider 명시 필수
Provider pkcs11Provider = hsmManager.getPkcs11Provider();
java.security.Key key = hsmManager.getKeyStore().getKey(keyAlias, pin);
if (!(key instanceof PrivateKey)) {
throw new HsmException("개인키를 찾을 수 없습니다. alias=" + keyAlias);
}
Cipher cipher = Cipher.getInstance(RSA_ALGORITHM, pkcs11Provider);
cipher.init(Cipher.DECRYPT_MODE, (PrivateKey) key);
return cipher.doFinal(ciphertext);
} else {
throw new HsmException("RSA 복호화 불가: HsmManager 가 초기화되지 않았습니다. alias=" + keyAlias);
}
} catch (HsmException e) {
throw e;
} catch (Exception e) {
throw new HsmException("RSA 복호화 실패: " + e.getMessage(), e);
}
}
// -------------------------------------------------------------------------
// AES
// -------------------------------------------------------------------------
/**
* AES/CBC/PKCS5Padding 암호화.
* extractable : provider=null JVM 소프트웨어 암호화.
* non-extractable : provider pkcs11Provider 전달해야 합니다.
*
* @param secretKey 대칭키 (HSM 추출 또는 소프트웨어 )
* @param iv 초기화 벡터 (16바이트)
* @param plaintext 평문 바이트
* @param provider null 이면 JVM 기본 Provider 사용
*/
public byte[] encryptAes(SecretKey secretKey, byte[] iv, byte[] plaintext, Provider provider) throws HsmException {
try {
Cipher cipher = (provider != null)
? Cipher.getInstance(AES_ALGORITHM, provider)
: Cipher.getInstance(AES_ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, secretKey, new IvParameterSpec(iv));
return cipher.doFinal(plaintext);
} catch (Exception e) {
throw new HsmException("AES 암호화 실패: " + e.getMessage(), e);
}
}
/** AES 암호화 - extractable 키 전용 (JVM 소프트웨어 Provider 사용). */
public byte[] encryptAes(SecretKey secretKey, byte[] iv, byte[] plaintext) throws HsmException {
return encryptAes(secretKey, iv, plaintext, null);
}
/**
* AES/CBC/PKCS5Padding 복호화.
* extractable : provider=null JVM 소프트웨어 복호화.
* non-extractable : provider pkcs11Provider 전달해야 합니다.
*
* @param secretKey 대칭키 (HSM 추출 또는 소프트웨어 )
* @param iv 초기화 벡터 (16바이트)
* @param ciphertext 암호문 바이트
* @param provider null 이면 JVM 기본 Provider 사용
*/
public byte[] decryptAes(SecretKey secretKey, byte[] iv, byte[] ciphertext, Provider provider) throws HsmException {
try {
Cipher cipher = (provider != null)
? Cipher.getInstance(AES_ALGORITHM, provider)
: Cipher.getInstance(AES_ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(iv));
return cipher.doFinal(ciphertext);
} catch (Exception e) {
throw new HsmException("AES 복호화 실패: " + e.getMessage(), e);
}
}
/** AES 복호화 - extractable 키 전용 (JVM 소프트웨어 Provider 사용). */
public byte[] decryptAes(SecretKey secretKey, byte[] iv, byte[] ciphertext) throws HsmException {
return decryptAes(secretKey, iv, ciphertext, null);
}
// -------------------------------------------------------------------------
// Private helpers
// -------------------------------------------------------------------------
private void checkReady() throws HsmException {
if (!HsmManager.getInstance().isReady()) {
throw new HsmException("HsmManager 가 초기화되지 않았습니다.");
}
}
}
@@ -0,0 +1,13 @@
package com.eactive.eai.common.hsm;
public class HsmException extends Exception {
private static final long serialVersionUID = 1L;
public HsmException(String msg) {
super(msg);
}
public HsmException(String msg, Throwable cause) {
super(msg, cause);
}
}
@@ -0,0 +1,183 @@
package com.eactive.eai.common.hsm;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.InputStream;
import java.lang.reflect.Method;
import java.nio.file.Files;
import java.security.KeyStore;
import java.security.Provider;
import java.security.Security;
import org.springframework.stereotype.Component;
import com.eactive.eai.common.exception.ExceptionUtil;
import com.eactive.eai.common.lifecycle.Lifecycle;
import com.eactive.eai.common.lifecycle.LifecycleException;
import com.eactive.eai.common.lifecycle.LifecycleListener;
import com.eactive.eai.common.lifecycle.LifecycleSupport;
import com.eactive.eai.common.property.PropManager;
import com.eactive.eai.common.util.ApplicationContextProvider;
import com.eactive.eai.common.util.Logger;
/**
* SafeNet ProtectServer HSM 연동 관리자 (JDK 8 / SunPKCS11)
*
* PropManager 그룹 "HSM" 에서 읽는 :
* PKCS11_CONFIG - pkcs11.cfg 파일 내용 (name/library/slot 설정을 DB에 직접 저장)
* PIN - HSM 슬롯 PIN
*
* PKCS11_CONFIG 예시 (개행은 \n 으로 입력):
* name = ProtectServer
* library = /opt/safenet/protecttoolkit5/ptk/lib/libcryptoki.so
* slot = 0
*/
@Component
public class HsmManager implements Lifecycle {
static Logger logger = Logger.getLogger(Logger.LOGGER_DEFAULT);
private static final String GROUP_NAME = "HSM";
private static final String PROP_CONFIG = "PKCS11_CONFIG";
private static final String PROP_PIN = "PIN";
private Provider pkcs11Provider;
private KeyStore keyStore;
private boolean started;
private final LifecycleSupport lifecycle = new LifecycleSupport(this);
private HsmManager() {
}
public static HsmManager getInstance() {
return ApplicationContextProvider.getContext().getBean(HsmManager.class);
}
@Override
public void start() throws LifecycleException {
if (started) {
throw new LifecycleException("RECEAIHSM001");
}
lifecycle.fireLifecycleEvent(STARTING_EVENT, this);
try {
init();
} catch (Exception e) {
throw new LifecycleException(ExceptionUtil.getErrorCode(e, "RECEAIHSM002"));
}
started = true;
lifecycle.fireLifecycleEvent(STARTED_EVENT, this);
}
private void init() throws Exception {
String configContent = PropManager.getInstance().getProperty(GROUP_NAME, PROP_CONFIG);
String pin = PropManager.getInstance().getProperty(GROUP_NAME, PROP_PIN);
if (configContent == null || configContent.trim().isEmpty()) {
logger.warn("HsmManager] PKCS11_CONFIG 가 설정되지 않았습니다. HSM 초기화를 건너뜁니다.");
return;
}
pkcs11Provider = createProvider(configContent.trim().replace("\\n", "\n"));
// 이미 등록된 Provider 있으면 제거 재등록
Provider existing = Security.getProvider(pkcs11Provider.getName());
if (existing != null) {
Security.removeProvider(existing.getName());
}
Security.addProvider(pkcs11Provider);
keyStore = KeyStore.getInstance("PKCS11", pkcs11Provider);
char[] pinChars = (pin != null) ? pin.toCharArray() : null;
keyStore.load(null, pinChars);
logger.warn("HsmManager] 초기화 완료. Provider=" + pkcs11Provider.getName());
java.util.Enumeration<String> aliases = keyStore.aliases();
StringBuilder aliasList = new StringBuilder();
while (aliases.hasMoreElements()) {
if (aliasList.length() > 0) aliasList.append(", ");
aliasList.append(aliases.nextElement());
}
logger.warn("HsmManager] HSM 키 목록: [" + aliasList + "]");
}
/**
* JDK 버전에 따라 SunPKCS11 Provider 생성한다.
*
* JDK 8 : SunPKCS11(InputStream) 생성자를 리플렉션으로 호출
* JDK 9+: Provider.configure(configFilePath) 리플렉션으로 호출
*
* 경로 모두 리플렉션을 사용하므로 컴파일 타임에 JDK 버전 의존성이 없다.
*/
static Provider createProvider(String cfgContent) throws Exception {
String javaVersion = System.getProperty("java.version");
if (javaVersion.startsWith("1.")) {
// JDK 8: new SunPKCS11(InputStream)
InputStream is = new ByteArrayInputStream(cfgContent.getBytes("UTF-8"));
return (Provider) Class.forName("sun.security.pkcs11.SunPKCS11")
.getConstructor(InputStream.class)
.newInstance(is);
} else {
// JDK 9+: Security.getProvider("SunPKCS11").configure(configFilePath)
// configure() JDK 9 에서 추가된 메서드이므로 리플렉션으로 호출
File tmp = File.createTempFile("pkcs11-hsm-", ".cfg");
tmp.deleteOnExit();
Files.write(tmp.toPath(), cfgContent.getBytes("UTF-8"));
Provider base = Security.getProvider("SunPKCS11");
Method configure = Provider.class.getMethod("configure", String.class);
return (Provider) configure.invoke(base, tmp.getAbsolutePath());
}
}
@Override
public void stop() throws LifecycleException {
if (!started) {
throw new LifecycleException("RECEAIHSM003");
}
lifecycle.fireLifecycleEvent(STOPING_EVENT, this);
if (pkcs11Provider != null) {
Security.removeProvider(pkcs11Provider.getName());
}
pkcs11Provider = null;
keyStore = null;
started = false;
lifecycle.fireLifecycleEvent(STOPPED_EVENT, this);
}
@Override
public void addLifecycleListener(LifecycleListener listener) {
lifecycle.addLifecycleListener(listener);
}
@Override
public LifecycleListener[] findLifecycleListeners() {
return lifecycle.findLifecycleListeners();
}
@Override
public void removeLifecycleListener(LifecycleListener listener) {
lifecycle.removeLifecycleListener(listener);
}
@Override
public boolean isStarted() {
return started;
}
public Provider getPkcs11Provider() {
return pkcs11Provider;
}
public KeyStore getKeyStore() {
return keyStore;
}
public boolean isReady() {
return started && pkcs11Provider != null && keyStore != null;
}
}
@@ -0,0 +1,501 @@
package com.eactive.eai.common.inflow;
import java.time.Duration;
import java.util.Arrays;
import java.util.Calendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import com.eactive.eai.common.exception.ExceptionUtil;
import com.eactive.eai.common.lifecycle.Lifecycle;
import com.eactive.eai.common.lifecycle.LifecycleException;
import com.eactive.eai.common.lifecycle.LifecycleListener;
import com.eactive.eai.common.lifecycle.LifecycleSupport;
import com.eactive.eai.common.util.Logger;
import io.github.bucket4j.Bandwidth;
import io.github.bucket4j.Bucket4j;
import io.github.bucket4j.Refill;
import io.github.bucket4j.local.LocalBucket;
import io.github.bucket4j.local.LocalBucketBuilder;
public abstract class AbstractInflowControlManager implements Lifecycle, Bucket {
static Logger logger = Logger.getLogger(Logger.LOGGER_DEFAULT);
public static final String QUOTA_TIMEUNIT_SECOND = "SEC";
public static final String QUOTA_TIMEUNIT_MINUTE = "MIN";
public static final String QUOTA_TIMEUNIT_HOUR = "HOU";
public static final String QUOTA_TIMEUNIT_DAY = "DAY";
public static final String QUOTA_TIMEUNIT_MONTH = "MON";
private volatile Map<String, CustomBucket> adapterBucketList = new ConcurrentHashMap<>();
private volatile Map<String, CustomBucket> interfaceBucketList = new ConcurrentHashMap<>();
private volatile Map<String, CustomGroupBucket> groupBucketList = new ConcurrentHashMap<>();
private volatile Map<String, String> interfaceToGroupMap = new ConcurrentHashMap<>();
private volatile Map<String, InflowGroupVO> groupVoMap = new ConcurrentHashMap<>();
private boolean started;
private LifecycleSupport lifecycle = new LifecycleSupport(this);
@Autowired
protected InflowControlDAO inflowControlDAO;
public void start() throws LifecycleException {
if (started)
throw new LifecycleException("RECEAICMM201");
lifecycle.fireLifecycleEvent(STARTING_EVENT, this);
try {
init();
} catch (Exception e) {
throw new LifecycleException(ExceptionUtil.getErrorCode(e, "RECEAICMM202"));
}
started = true;
lifecycle.fireLifecycleEvent(STARTED_EVENT, this);
}
private void init() throws Exception {
initAdapter();
initInterface();
initGroup();
}
private void initAdapter() throws Exception {
Map<String, CustomBucket> newMap = new HashMap<>();
List<InflowTargetVO> inflowAdapterVoList = inflowControlDAO.getInflowAdapterList();
for (InflowTargetVO inflowVo : inflowAdapterVoList) {
if (AbstractInflowControlManager.isInflowTarget(inflowVo)) {
CustomBucket bucket = makeBucketUsingInflowVO(inflowVo);
if (bucket != null) {
newMap.put(inflowVo.getName(), bucket);
}
}
}
this.adapterBucketList = newMap;
}
private void initInterface() throws Exception {
Map<String, CustomBucket> newMap = new HashMap<>();
List<InflowTargetVO> inflowInterfaceVoList = inflowControlDAO.getInflowInterfaceList();
for (InflowTargetVO inflowVo : inflowInterfaceVoList) {
if (AbstractInflowControlManager.isInflowTarget(inflowVo)) {
CustomBucket bucket = makeBucketUsingInflowVO(inflowVo);
if (bucket != null) {
newMap.put(inflowVo.getName(), bucket);
}
}
}
this.interfaceBucketList = newMap;
}
private void initGroup() throws Exception {
Map<String, CustomGroupBucket> newGroupBucketList = new HashMap<>();
Map<String, String> newInterfaceToGroupMap = new HashMap<>();
Map<String, InflowGroupVO> newGroupVoMap = new HashMap<>();
List<InflowGroupVO> inflowGroupVoList = inflowControlDAO.getInflowGroupList();
for (InflowGroupVO groupVo : inflowGroupVoList) {
if (isInflowGroupTarget(groupVo)) {
CustomGroupBucket bucket = makeGroupBucket(groupVo);
if (bucket != null) {
newGroupBucketList.put(groupVo.getGroupId(), bucket);
newGroupVoMap.put(groupVo.getGroupId(), groupVo);
for (String interfaceId : groupVo.getInterfaceList()) {
newInterfaceToGroupMap.put(interfaceId, groupVo.getGroupId());
}
}
}
}
if (logger.isInfo()) {
logger.info("InflowControlManager] initGroup completed. groups=" + newGroupBucketList.size()
+ ", mappings=" + newInterfaceToGroupMap.size());
}
this.groupBucketList = newGroupBucketList;
this.interfaceToGroupMap = newInterfaceToGroupMap;
this.groupVoMap = newGroupVoMap;
}
public synchronized void reloadAdapter() throws Exception {
if (logger.isWarn()) {
logger.warn("InflowControlManager] reload all Started ...");
}
initAdapter();
if (logger.isWarn()) {
logger.warn("InflowControlManager] reload all finished ...");
}
}
public synchronized void reloadInterface() throws Exception {
if (logger.isWarn()) {
logger.warn("InflowControlManager] reload all Started ...");
}
initInterface();
if (logger.isWarn()) {
logger.warn("InflowControlManager] reload all finished ...");
}
}
public synchronized void reloadAdapter(String adapter) throws Exception {
if (logger.isWarn()) {
logger.warn("InflowControlManager] reload Started ...");
}
Map<String, InflowTargetVO> map = inflowControlDAO.getInflowTargetByAdater(adapter);
if (map != null) {
Iterator<String> it = map.keySet().iterator();
String key = "";
while (it.hasNext()) {
key = it.next();
InflowTargetVO inflowTarget = map.get(key);
if (AbstractInflowControlManager.isInflowTarget(inflowTarget)) {
CustomBucket bucket = makeBucketUsingInflowVO(inflowTarget);
if (bucket != null) {
adapterBucketList.put(inflowTarget.getName(), bucket);
} else {
adapterBucketList.remove(inflowTarget.getName());
}
} else {
adapterBucketList.remove(inflowTarget.getName());
}
}
}
if (logger.isWarn()) {
logger.warn("InflowControlManager] reload finished ...");
}
}
public synchronized void reloadInterface(String inter) throws Exception {
if (logger.isWarn()) {
logger.warn("InflowControlManager] reload Started ...");
}
Map<String, InflowTargetVO> map = inflowControlDAO.getInflowTargetByInterface(inter);
if (map != null) {
Iterator<String> it = map.keySet().iterator();
String key = "";
while (it.hasNext()) {
key = it.next();
InflowTargetVO inflowTarget = map.get(key);
if (AbstractInflowControlManager.isInflowTarget(inflowTarget)) {
CustomBucket bucket = makeBucketUsingInflowVO(inflowTarget);
if (bucket != null) {
interfaceBucketList.put(inflowTarget.getName(), bucket);
} else {
interfaceBucketList.remove(inflowTarget.getName());
}
} else {
interfaceBucketList.remove(inflowTarget.getName());
}
}
}
if (logger.isWarn()) {
logger.warn("InflowControlManager] reload finished ...");
}
}
public synchronized void reloadGroup() throws Exception {
if (logger.isWarn()) {
logger.warn("InflowControlManager] reloadGroup all Started ...");
}
initGroup();
if (logger.isWarn()) {
logger.warn("InflowControlManager] reloadGroup all finished ...");
}
}
public synchronized void reloadGroup(String groupId) throws Exception {
if (logger.isWarn()) {
logger.warn("InflowControlManager] reloadGroup Started ... groupId=" + groupId);
}
Map<String, InflowGroupVO> map = inflowControlDAO.getInflowTargetByGroup(groupId);
if (map != null) {
Iterator<Map.Entry<String, String>> mappingIt = interfaceToGroupMap.entrySet().iterator();
while (mappingIt.hasNext()) {
Map.Entry<String, String> entry = mappingIt.next();
if (groupId.equals(entry.getValue())) {
mappingIt.remove();
}
}
Iterator<String> it = map.keySet().iterator();
while (it.hasNext()) {
String key = it.next();
InflowGroupVO groupVo = map.get(key);
if (isInflowGroupTarget(groupVo)) {
CustomGroupBucket bucket = makeGroupBucket(groupVo);
if (bucket != null) {
groupBucketList.put(groupVo.getGroupId(), bucket);
groupVoMap.put(groupVo.getGroupId(), groupVo);
for (String interfaceId : groupVo.getInterfaceList()) {
interfaceToGroupMap.put(interfaceId, groupVo.getGroupId());
}
} else {
groupBucketList.remove(groupVo.getGroupId());
groupVoMap.remove(groupVo.getGroupId());
}
} else {
groupBucketList.remove(groupVo.getGroupId());
groupVoMap.remove(groupVo.getGroupId());
}
}
}
if (logger.isWarn()) {
logger.warn("InflowControlManager] reloadGroup finished ...");
}
}
public void stop() throws LifecycleException {
if (!started)
throw new LifecycleException("RECEAICMM203");
lifecycle.fireLifecycleEvent(STOPING_EVENT, this);
adapterBucketList = new ConcurrentHashMap<>();
interfaceBucketList = new ConcurrentHashMap<>();
groupBucketList = new ConcurrentHashMap<>();
interfaceToGroupMap = new ConcurrentHashMap<>();
groupVoMap = new ConcurrentHashMap<>();
started = false;
lifecycle.fireLifecycleEvent(STOPPED_EVENT, this);
}
public void addLifecycleListener(LifecycleListener listener) {
lifecycle.addLifecycleListener(listener);
}
public LifecycleListener[] findLifecycleListeners() {
return lifecycle.findLifecycleListeners();
}
public void removeLifecycleListener(LifecycleListener listener) {
lifecycle.removeLifecycleListener(listener);
}
public boolean isStarted() {
return this.started;
}
public String[] getAdapterAllKeys() {
Iterator<String> it = this.adapterBucketList.keySet().iterator();
String[] svcCd = new String[this.adapterBucketList.size()];
for (int i = 0; it.hasNext(); i++) {
svcCd[i] = it.next();
}
Arrays.sort(svcCd);
return svcCd;
}
public String[] getInterfaceAllKeys() {
Iterator<String> it = this.interfaceBucketList.keySet().iterator();
String[] svcCd = new String[this.interfaceBucketList.size()];
for (int i = 0; it.hasNext(); i++) {
svcCd[i] = it.next();
}
Arrays.sort(svcCd);
return svcCd;
}
public synchronized void removeAdapter(String adapter) {
adapterBucketList.remove(adapter);
}
public synchronized void removeInterface(String inter) {
interfaceBucketList.remove(inter);
}
public synchronized void removeGroup(String groupId) {
groupBucketList.remove(groupId);
groupVoMap.remove(groupId);
Iterator<Map.Entry<String, String>> it = interfaceToGroupMap.entrySet().iterator();
while (it.hasNext()) {
Map.Entry<String, String> entry = it.next();
if (groupId.equals(entry.getValue())) {
it.remove();
}
}
}
public String[] getGroupAllKeys() {
Iterator<String> it = this.groupBucketList.keySet().iterator();
String[] groupIds = new String[this.groupBucketList.size()];
for (int i = 0; it.hasNext(); i++) {
groupIds[i] = it.next();
}
Arrays.sort(groupIds);
return groupIds;
}
public CustomGroupBucket getGroupBucket(String groupId) {
return groupBucketList.get(groupId);
}
private CustomBucket makeBucketUsingInflowVO(InflowTargetVO inflowTarget) {
if (AbstractInflowControlManager.isInflowTarget(inflowTarget)) {
LocalBucketBuilder builder = Bucket4j.builder();
if (inflowTarget.getThresholdPerSecond() > 0) {
builder.addLimit(Bandwidth.classic(inflowTarget.getThresholdPerSecond(),
Refill.greedy(inflowTarget.getThresholdPerSecond(), Duration.ofSeconds(1))));
}
if (inflowTarget.getThreshold() > 0 && StringUtils.isNotBlank(inflowTarget.getThresholdTimeUnit())) {
builder.addLimit(Bandwidth.classic(inflowTarget.getThreshold(),
Refill.intervally(inflowTarget.getThreshold(),
AbstractInflowControlManager.getPeriod(inflowTarget.getThresholdTimeUnit()))));
}
return new CustomBucket(builder.build(), inflowTarget);
}
return null;
}
private CustomGroupBucket makeGroupBucket(InflowGroupVO groupVo) {
if (!isInflowGroupTarget(groupVo)) {
return null;
}
LocalBucket perSecondBucket = null;
LocalBucket thresholdBucket = null;
if (groupVo.getThresholdPerSecond() > 0) {
perSecondBucket = Bucket4j.builder()
.addLimit(Bandwidth.classic(groupVo.getThresholdPerSecond(),
Refill.greedy(groupVo.getThresholdPerSecond(), Duration.ofSeconds(1))))
.build();
}
if (groupVo.getThreshold() > 0 && StringUtils.isNotBlank(groupVo.getThresholdTimeUnit())) {
thresholdBucket = Bucket4j.builder()
.addLimit(Bandwidth.classic(groupVo.getThreshold(),
Refill.intervally(groupVo.getThreshold(),
AbstractInflowControlManager.getPeriod(groupVo.getThresholdTimeUnit()))))
.build();
}
return new CustomGroupBucket(perSecondBucket, thresholdBucket, groupVo);
}
@Override
public boolean isAdapterPass(String adapter) {
CustomBucket b = adapterBucketList.get(adapter);
if (b == null)
return true;
return b.getLocalBucket().tryConsume(1);
}
@Override
public boolean isInterfacePass(String inter) {
CustomBucket b = interfaceBucketList.get(inter);
if (b == null)
return true;
return b.getLocalBucket().tryConsume(1);
}
@Override
public InflowTargetVO getAdapterInflowThreashold(String adapter) {
CustomBucket b = adapterBucketList.get(adapter);
if (b == null)
return null;
return b.getInflowTargetVo();
}
@Override
public InflowTargetVO getInterfaceInflowThreashold(String inter) {
CustomBucket b = interfaceBucketList.get(inter);
if (b == null)
return null;
return b.getInflowTargetVo();
}
@Override
public InflowTargetVO getInflowThreashold(String inter) {
return null;
}
public InflowTargetVO getAdapterInflow(String adapter) {
return getAdapterInflowThreashold(adapter);
}
public InflowTargetVO getInterfaceInflow(String inter) {
return getInterfaceInflowThreashold(inter);
}
@Override
public String isGroupPass(String groupId) {
CustomGroupBucket b = groupBucketList.get(groupId);
if (b == null)
return null;
return b.tryConsume();
}
@Override
public InflowGroupVO getGroupInflowThreshold(String groupId) {
return groupVoMap.get(groupId);
}
@Override
public String getGroupIdByInterface(String interfaceId) {
return interfaceToGroupMap.get(interfaceId);
}
public InflowGroupVO getGroupInflow(String groupId) {
return getGroupInflowThreshold(groupId);
}
public static boolean isInflowTarget(InflowTargetVO inflowTarget) {
if (inflowTarget == null || !inflowTarget.isActivate()) {
return false;
}
return inflowTarget.getThresholdPerSecond() > 0 || (inflowTarget.getThreshold() > 0 && StringUtils
.equalsAnyIgnoreCase(inflowTarget.getThresholdTimeUnit(), QUOTA_TIMEUNIT_DAY, QUOTA_TIMEUNIT_SECOND,
QUOTA_TIMEUNIT_MINUTE, QUOTA_TIMEUNIT_HOUR, QUOTA_TIMEUNIT_DAY, QUOTA_TIMEUNIT_MONTH));
}
public static boolean isInflowGroupTarget(InflowGroupVO groupVo) {
if (groupVo == null || !groupVo.isActivate()) {
return false;
}
return groupVo.getThresholdPerSecond() > 0 || (groupVo.getThreshold() > 0 && StringUtils
.equalsAnyIgnoreCase(groupVo.getThresholdTimeUnit(), QUOTA_TIMEUNIT_DAY, QUOTA_TIMEUNIT_SECOND,
QUOTA_TIMEUNIT_MINUTE, QUOTA_TIMEUNIT_HOUR, QUOTA_TIMEUNIT_DAY, QUOTA_TIMEUNIT_MONTH));
}
public static Duration getPeriod(String timeUnit) {
if (StringUtils.equalsIgnoreCase(timeUnit, QUOTA_TIMEUNIT_SECOND)) {
return Duration.ofSeconds(1);
} else if (StringUtils.equalsIgnoreCase(timeUnit, QUOTA_TIMEUNIT_MINUTE)) {
return Duration.ofMinutes(1);
} else if (StringUtils.equalsIgnoreCase(timeUnit, QUOTA_TIMEUNIT_HOUR)) {
return Duration.ofHours(1);
} else if (StringUtils.equalsIgnoreCase(timeUnit, QUOTA_TIMEUNIT_DAY)) {
return Duration.ofDays(1);
} else if (StringUtils.equalsIgnoreCase(timeUnit, QUOTA_TIMEUNIT_MONTH)) {
Calendar calendar = Calendar.getInstance();
return Duration.ofDays(calendar.getActualMaximum(Calendar.DAY_OF_MONTH));
} else {
return null;
}
}
}
@@ -41,20 +41,36 @@ public class InflowControlDAO extends BaseDAO {
@Autowired
private InflowControlGroupMappingLoader inflowControlGroupMappingLoader;
// -------------------------------------------------------------------------
// Enum 기반 범용 메서드 type 코드를 직접 노출하지 않음
// -------------------------------------------------------------------------
public List<InflowTargetVO> getInflowList(InflowType type) throws DAOException {
return getInflowList(type.code());
}
public Map<String, InflowTargetVO> getInflowMap(InflowType type, String name) throws DAOException {
return getInflowMap(type.code(), name);
}
// -------------------------------------------------------------------------
// 기존 명명 메서드 enum 기반 메서드로 위임
// -------------------------------------------------------------------------
public List<InflowTargetVO> getInflowAdapterList() throws DAOException {
return getInflowList("01");
return getInflowList(InflowType.ADAPTER);
}
public List<InflowTargetVO> getInflowInterfaceList() throws DAOException {
return getInflowList("02");
return getInflowList(InflowType.INTERFACE);
}
public Map<String, InflowTargetVO> getInflowTargetByAdater(String name) throws DAOException {
return getInflowMap("01", name);
return getInflowMap(InflowType.ADAPTER, name);
}
public Map<String, InflowTargetVO> getInflowTargetByInterface(String name) throws DAOException {
return getInflowMap("02", name);
return getInflowMap(InflowType.INTERFACE, name);
}
private List<InflowTargetVO> getInflowList(String type) throws DAOException {
@@ -1,54 +1,11 @@
package com.eactive.eai.common.inflow;
import java.time.Duration;
import java.util.Arrays;
import java.util.Calendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import com.eactive.eai.common.exception.ExceptionUtil;
import com.eactive.eai.common.lifecycle.Lifecycle;
import com.eactive.eai.common.lifecycle.LifecycleException;
import com.eactive.eai.common.lifecycle.LifecycleListener;
import com.eactive.eai.common.lifecycle.LifecycleSupport;
import com.eactive.eai.common.message.EAIMessage;
import com.eactive.eai.common.server.EAIServerManager;
import com.eactive.eai.common.util.ApplicationContextProvider;
import com.eactive.eai.common.util.Logger;
import com.eactive.eai.common.util.MessageUtil;
import com.eactive.eai.message.service.InterfaceMapper;
import com.ext.eai.common.stdmessage.STDMessageKeys;
import io.github.bucket4j.Bandwidth;
import io.github.bucket4j.Bucket4j;
import io.github.bucket4j.local.LocalBucket;
import io.github.bucket4j.local.LocalBucketBuilder;
@Component
public class InflowControlManager implements Lifecycle, Bucket {
static Logger logger = Logger.getLogger(Logger.LOGGER_DEFAULT);
public static final String QUOTA_TIMEUNIT_SECOND = "SEC";
public static final String QUOTA_TIMEUNIT_MINUTE = "MIN";
public static final String QUOTA_TIMEUNIT_HOUR = "HOU";
public static final String QUOTA_TIMEUNIT_DAY = "DAY";
public static final String QUOTA_TIMEUNIT_MONTH = "MON";
private Map<String, CustomBucket> adapterBucketList = new HashMap<>();
private Map<String, CustomBucket> interfaceBucketList = new HashMap<>();
private Map<String, CustomGroupBucket> groupBucketList = new HashMap<>();
private Map<String, String> interfaceToGroupMap = new HashMap<>();
private Map<String, InflowGroupVO> groupVoMap = new HashMap<>();
private boolean started;
private LifecycleSupport lifecycle = new LifecycleSupport(this);
@Autowired
private InflowControlDAO inflowControlDAO;
public class InflowControlManager extends AbstractInflowControlManager {
public static synchronized InflowControlManager getInstance() {
return ApplicationContextProvider.getContext().getBean(InflowControlManager.class);
@@ -57,475 +14,4 @@ public class InflowControlManager implements Lifecycle, Bucket {
public static synchronized Bucket getBucket() {
return ApplicationContextProvider.getContext().getBean(InflowControlManager.class);
}
/**
* 유량제어 대상인 거래인지 체크한다.(사이트에 맞게 구성)
*
* @param eaiServerManager
* @param eaiMessage
* @return
*/
public static Boolean isTargetOfInflowControl(EAIServerManager eaiServerManager, EAIMessage eaiMessage) {
InterfaceMapper mapper = eaiMessage.getMapper();
String returnType = mapper.getSendRecvDivision(eaiMessage.getStandardMessage()); // S|R
if (STDMessageKeys.SEND_RECV_CD_SEND.equals(returnType)) {
return Boolean.valueOf(true);
}
return Boolean.valueOf(false);
}
public void start() throws LifecycleException {
if (started)
throw new LifecycleException("RECEAICMM201");
lifecycle.fireLifecycleEvent(STARTING_EVENT, this);
try {
init();
} catch (Exception e) {
throw new LifecycleException(ExceptionUtil.getErrorCode(e, "RECEAICMM202"));
}
started = true;
lifecycle.fireLifecycleEvent(STARTED_EVENT, this);
}
private void init() throws Exception {
initAdapter();
initInterface();
initGroup();
}
private void initAdapter() throws Exception {
adapterBucketList = new HashMap<>();
List<InflowTargetVO> inflowAdapterVoList = inflowControlDAO.getInflowAdapterList();
for (InflowTargetVO inflowVo : inflowAdapterVoList) {
if (InflowControlManager.isInflowTarget(inflowVo)) {
CustomBucket bucket = makeBucketUsingInflowVO(inflowVo);
if (bucket != null) {
adapterBucketList.put(inflowVo.getName(), bucket);
}
}
}
}
private void initInterface() throws Exception {
interfaceBucketList = new HashMap<>();
List<InflowTargetVO> inflowInterfaceVoList = inflowControlDAO.getInflowInterfaceList();
for (InflowTargetVO inflowVo : inflowInterfaceVoList) {
if (InflowControlManager.isInflowTarget(inflowVo)) {
CustomBucket bucket = makeBucketUsingInflowVO(inflowVo);
if (bucket != null) {
interfaceBucketList.put(inflowVo.getName(), bucket);
}
}
}
}
private void initGroup() throws Exception {
groupBucketList = new HashMap<>();
interfaceToGroupMap = new HashMap<>();
groupVoMap = new HashMap<>();
List<InflowGroupVO> inflowGroupVoList = inflowControlDAO.getInflowGroupList();
for (InflowGroupVO groupVo : inflowGroupVoList) {
if (isInflowGroupTarget(groupVo)) {
CustomGroupBucket bucket = makeGroupBucket(groupVo);
if (bucket != null) {
groupBucketList.put(groupVo.getGroupId(), bucket);
groupVoMap.put(groupVo.getGroupId(), groupVo);
// 인터페이스 그룹 매핑 등록
for (String interfaceId : groupVo.getInterfaceList()) {
interfaceToGroupMap.put(interfaceId, groupVo.getGroupId());
}
}
}
}
if (logger.isInfo()) {
logger.info("InflowControlManager] initGroup completed. groups=" + groupBucketList.size()
+ ", mappings=" + interfaceToGroupMap.size());
}
}
public synchronized void reloadAdapter() throws Exception {
if (logger.isWarn()) {
logger.warn("InflowControlManager] reload all Started ...");
}
initAdapter();
if (logger.isWarn()) {
logger.warn("InflowControlManager] reload all finished ...");
}
}
public synchronized void reloadInterface() throws Exception {
if (logger.isWarn()) {
logger.warn("InflowControlManager] reload all Started ...");
}
initInterface();
if (logger.isWarn()) {
logger.warn("InflowControlManager] reload all finished ...");
}
}
public synchronized void reloadAdapter(String adapter) throws Exception {
if (logger.isWarn()) {
logger.warn("InflowControlManager] reload Started ...");
}
Map<String, InflowTargetVO> map = inflowControlDAO.getInflowTargetByAdater(adapter);
if (map != null) {
Iterator<String> it = map.keySet().iterator();
String key = "";
while (it.hasNext()) {
key = it.next();
InflowTargetVO inflowTarget = map.get(key);
if (InflowControlManager.isInflowTarget(inflowTarget)) {
CustomBucket bucket = makeBucketUsingInflowVO(inflowTarget);
if (bucket != null) {
adapterBucketList.put(inflowTarget.getName(), bucket);
} else {
adapterBucketList.remove(inflowTarget.getName());
}
} else {
adapterBucketList.remove(inflowTarget.getName());
}
}
}
if (logger.isWarn()) {
logger.warn("InflowControlManager] reload finished ...");
}
}
public synchronized void reloadInterface(String inter) throws Exception {
if (logger.isWarn()) {
logger.warn("InflowControlManager] reload Started ...");
}
Map<String, InflowTargetVO> map = inflowControlDAO.getInflowTargetByInterface(inter);
if (map != null) {
Iterator<String> it = map.keySet().iterator();
String key = "";
while (it.hasNext()) {
key = it.next();
InflowTargetVO inflowTarget = map.get(key);
if (InflowControlManager.isInflowTarget(inflowTarget)) {
CustomBucket bucket = makeBucketUsingInflowVO(inflowTarget);
if (bucket != null) {
interfaceBucketList.put(inflowTarget.getName(), bucket);
} else {
interfaceBucketList.remove(inflowTarget.getName());
}
} else {
interfaceBucketList.remove(inflowTarget.getName());
}
}
}
if (logger.isWarn()) {
logger.warn("InflowControlManager] reload finished ...");
}
}
public synchronized void reloadGroup() throws Exception {
if (logger.isWarn()) {
logger.warn("InflowControlManager] reloadGroup all Started ...");
}
initGroup();
if (logger.isWarn()) {
logger.warn("InflowControlManager] reloadGroup all finished ...");
}
}
public synchronized void reloadGroup(String groupId) throws Exception {
if (logger.isWarn()) {
logger.warn("InflowControlManager] reloadGroup Started ... groupId=" + groupId);
}
Map<String, InflowGroupVO> map = inflowControlDAO.getInflowTargetByGroup(groupId);
if (map != null) {
// 기존 그룹에 속한 인터페이스 매핑 제거
Iterator<Map.Entry<String, String>> mappingIt = interfaceToGroupMap.entrySet().iterator();
while (mappingIt.hasNext()) {
Map.Entry<String, String> entry = mappingIt.next();
if (groupId.equals(entry.getValue())) {
mappingIt.remove();
}
}
Iterator<String> it = map.keySet().iterator();
while (it.hasNext()) {
String key = it.next();
InflowGroupVO groupVo = map.get(key);
if (isInflowGroupTarget(groupVo)) {
CustomGroupBucket bucket = makeGroupBucket(groupVo);
if (bucket != null) {
groupBucketList.put(groupVo.getGroupId(), bucket);
groupVoMap.put(groupVo.getGroupId(), groupVo);
// 인터페이스 그룹 매핑 재등록
for (String interfaceId : groupVo.getInterfaceList()) {
interfaceToGroupMap.put(interfaceId, groupVo.getGroupId());
}
} else {
groupBucketList.remove(groupVo.getGroupId());
groupVoMap.remove(groupVo.getGroupId());
}
} else {
groupBucketList.remove(groupVo.getGroupId());
groupVoMap.remove(groupVo.getGroupId());
}
}
}
if (logger.isWarn()) {
logger.warn("InflowControlManager] reloadGroup finished ...");
}
}
public void stop() throws LifecycleException {
// Validate and update our current component state
if (!started)
throw new LifecycleException("RECEAICMM203");
// Notify our interested LifecycleListeners
lifecycle.fireLifecycleEvent(STOPING_EVENT, this);
adapterBucketList.clear();
interfaceBucketList.clear();
groupBucketList.clear();
interfaceToGroupMap.clear();
groupVoMap.clear();
started = false;
// Notify our interested LifecycleListeners
lifecycle.fireLifecycleEvent(STOPPED_EVENT, this);
}
public void addLifecycleListener(LifecycleListener listener) {
lifecycle.addLifecycleListener(listener);
}
public LifecycleListener[] findLifecycleListeners() {
return lifecycle.findLifecycleListeners();
}
public void removeLifecycleListener(LifecycleListener listener) {
lifecycle.removeLifecycleListener(listener);
}
public boolean isStarted() {
return this.started;
}
public String[] getAdapterAllKeys() {
Iterator<String> it = this.adapterBucketList.keySet().iterator();
String[] svcCd = new String[this.adapterBucketList.size()];
for (int i = 0; it.hasNext(); i++) {
svcCd[i] = it.next();
}
Arrays.sort(svcCd);
return svcCd;
}
public String[] getInterfaceAllKeys() {
Iterator<String> it = this.interfaceBucketList.keySet().iterator();
String[] svcCd = new String[this.interfaceBucketList.size()];
for (int i = 0; it.hasNext(); i++) {
svcCd[i] = it.next();
}
Arrays.sort(svcCd);
return svcCd;
}
public void removeAdapter(String adapter) {
adapterBucketList.remove(adapter);
}
public void removeInterface(String inter) {
interfaceBucketList.remove(inter);
}
public void removeGroup(String groupId) {
groupBucketList.remove(groupId);
groupVoMap.remove(groupId);
// 해당 그룹에 속한 인터페이스 매핑도 제거
Iterator<Map.Entry<String, String>> it = interfaceToGroupMap.entrySet().iterator();
while (it.hasNext()) {
Map.Entry<String, String> entry = it.next();
if (groupId.equals(entry.getValue())) {
it.remove();
}
}
}
public String[] getGroupAllKeys() {
Iterator<String> it = this.groupBucketList.keySet().iterator();
String[] groupIds = new String[this.groupBucketList.size()];
for (int i = 0; it.hasNext(); i++) {
groupIds[i] = it.next();
}
Arrays.sort(groupIds);
return groupIds;
}
private CustomBucket makeBucketUsingInflowVO(InflowTargetVO inflowTarget) {
if (InflowControlManager.isInflowTarget(inflowTarget)) {
LocalBucketBuilder builder = Bucket4j.builder();
if (inflowTarget.getThresholdPerSecond() > 0) {
builder.addLimit(Bandwidth.simple(inflowTarget.getThresholdPerSecond(), Duration.ofSeconds(1)));
}
if (inflowTarget.getThreshold() > 0 && StringUtils.isNotBlank(inflowTarget.getThresholdTimeUnit())) {
builder.addLimit(Bandwidth.simple(inflowTarget.getThreshold(),
InflowControlManager.getPeriod(inflowTarget.getThresholdTimeUnit())));
}
return new CustomBucket(builder.build(), inflowTarget);
}
return null;
}
/**
* 그룹용 버킷 생성 - 초당/추가 임계치를 별도 버킷으로 분리
*/
private CustomGroupBucket makeGroupBucket(InflowGroupVO groupVo) {
if (!isInflowGroupTarget(groupVo)) {
return null;
}
LocalBucket perSecondBucket = null;
LocalBucket thresholdBucket = null;
// 초당 임계치 버킷 (별도)
if (groupVo.getThresholdPerSecond() > 0) {
perSecondBucket = Bucket4j.builder()
.addLimit(Bandwidth.simple(groupVo.getThresholdPerSecond(), Duration.ofSeconds(1)))
.build();
}
// 추가 임계치 버킷 (별도)
if (groupVo.getThreshold() > 0 && StringUtils.isNotBlank(groupVo.getThresholdTimeUnit())) {
thresholdBucket = Bucket4j.builder()
.addLimit(Bandwidth.simple(groupVo.getThreshold(),
InflowControlManager.getPeriod(groupVo.getThresholdTimeUnit())))
.build();
}
return new CustomGroupBucket(perSecondBucket, thresholdBucket, groupVo);
}
@Override
public boolean isAdapterPass(String adapter) {
CustomBucket b = adapterBucketList.get(adapter);
if (b == null)
return true;
return b.getLocalBucket().tryConsume(1);
}
@Override
public boolean isInterfacePass(String inter) {
CustomBucket b = interfaceBucketList.get(inter);
if (b == null)
return true;
return b.getLocalBucket().tryConsume(1);
}
@Override
public InflowTargetVO getAdapterInflowThreashold(String adapter) {
CustomBucket b = adapterBucketList.get(adapter);
if (b == null)
return null;
return b.getInflowTargetVo();
}
@Override
public InflowTargetVO getInterfaceInflowThreashold(String inter) {
CustomBucket b = interfaceBucketList.get(inter);
if (b == null)
return null;
return b.getInflowTargetVo();
}
@Override
public InflowTargetVO getInflowThreashold(String inter) {
return null;
}
public InflowTargetVO getAdapterInflow(String adapter) {
return getAdapterInflowThreashold(adapter);
}
public InflowTargetVO getInterfaceInflow(String inter) {
return getInterfaceInflowThreashold(inter);
}
@Override
public String isGroupPass(String groupId) {
CustomGroupBucket b = groupBucketList.get(groupId);
if (b == null)
return null;
return b.tryConsume();
}
@Override
public InflowGroupVO getGroupInflowThreshold(String groupId) {
return groupVoMap.get(groupId);
}
@Override
public String getGroupIdByInterface(String interfaceId) {
return interfaceToGroupMap.get(interfaceId);
}
public InflowGroupVO getGroupInflow(String groupId) {
return getGroupInflowThreshold(groupId);
}
public static boolean isInflowTarget(InflowTargetVO inflowTarget) {
if (inflowTarget == null || !inflowTarget.isActivate()) {
return false;
}
return inflowTarget.getThresholdPerSecond() > 0 || (inflowTarget.getThreshold() > 0 && StringUtils
.equalsAnyIgnoreCase(inflowTarget.getThresholdTimeUnit(), QUOTA_TIMEUNIT_DAY, QUOTA_TIMEUNIT_SECOND,
QUOTA_TIMEUNIT_MINUTE, QUOTA_TIMEUNIT_HOUR, QUOTA_TIMEUNIT_DAY, QUOTA_TIMEUNIT_MONTH));
}
public static boolean isInflowGroupTarget(InflowGroupVO groupVo) {
if (groupVo == null || !groupVo.isActivate()) {
return false;
}
return groupVo.getThresholdPerSecond() > 0 || (groupVo.getThreshold() > 0 && StringUtils
.equalsAnyIgnoreCase(groupVo.getThresholdTimeUnit(), QUOTA_TIMEUNIT_DAY, QUOTA_TIMEUNIT_SECOND,
QUOTA_TIMEUNIT_MINUTE, QUOTA_TIMEUNIT_HOUR, QUOTA_TIMEUNIT_DAY, QUOTA_TIMEUNIT_MONTH));
}
public static Duration getPeriod(String timeUnit) {
if (StringUtils.equalsIgnoreCase(timeUnit, QUOTA_TIMEUNIT_SECOND)) {
return Duration.ofSeconds(1);
} else if (StringUtils.equalsIgnoreCase(timeUnit, QUOTA_TIMEUNIT_MINUTE)) {
return Duration.ofMinutes(1);
} else if (StringUtils.equalsIgnoreCase(timeUnit, QUOTA_TIMEUNIT_HOUR)) {
return Duration.ofHours(1);
} else if (StringUtils.equalsIgnoreCase(timeUnit, QUOTA_TIMEUNIT_DAY)) {
return Duration.ofDays(1);
} else if (StringUtils.equalsIgnoreCase(timeUnit, QUOTA_TIMEUNIT_MONTH)) {
Calendar calendar = Calendar.getInstance();
return Duration.ofDays(calendar.getActualMaximum(Calendar.DAY_OF_MONTH));
} else {
return null;
}
}
}
@@ -8,7 +8,10 @@ import org.apache.commons.lang3.StringUtils;
import com.eactive.eai.common.message.EAIMessage;
import com.eactive.eai.common.property.PropManager;
import com.eactive.eai.common.server.EAIServerManager;
import com.eactive.eai.common.util.ApplicationContextProvider;
import com.eactive.eai.common.util.Logger;
import com.eactive.eai.message.service.InterfaceMapper;
import com.ext.eai.common.stdmessage.STDMessageKeys;
public class InflowControlUtil {
private InflowControlUtil() {
@@ -16,28 +19,70 @@ public class InflowControlUtil {
static Logger logger = Logger.getLogger(Logger.LOGGER_DEFAULT);
private static volatile AbstractInflowControlManager cachedInflowControlManager;
private static volatile Bucket cachedBucket;
/**
* INFLOW.properties의 inflow.control.bucket.className 설정에 따라
* 활성화된 InflowControlManager 구현체를 반환한다.
*
* getBean(InflowControlManager.class) 대신 설정된 구체 타입으로 조회하므로
* InflowControlManager와 DualInflowControlManager가 모두 Bean으로 등록된
* 환경에서도 NoUniqueBeanDefinitionException 없이 올바른 인스턴스를 반환한다.
*
* 최초 1회만 조회하고 이후에는 캐시된 인스턴스를 반환한다.
*/
@SuppressWarnings({ "rawtypes", "unchecked" })
public static Bucket getBucket() {
Properties inFlowProp = PropManager.getInstance().getProperties("INFLOW");
String className = inFlowProp.getProperty("inflow.control.bucket.className");
if (StringUtils.isBlank(className)
|| StringUtils.equals(className, "com.eactive.eai.common.inflow.InflowControlManager")) {
return InflowControlManager.getBucket();
} else {
try {
Class clazz = Class.forName(className);
Method method = clazz.getMethod("getBucket", (Class<?>[]) null);
return (Bucket) method.invoke(null, (Object[]) null);
} catch (Exception e) {
logger.error("Method call error class= {}, method= getBucket", className);
logger.error(e.getMessage());
public static AbstractInflowControlManager getInflowControlManager() {
if (cachedInflowControlManager == null) {
synchronized (InflowControlUtil.class) {
if (cachedInflowControlManager == null) {
Properties inFlowProp = PropManager.getInstance().getProperties("INFLOW");
String className = inFlowProp.getProperty("inflow.control.bucket.className");
if (StringUtils.isBlank(className)
|| StringUtils.equals(className, "com.eactive.eai.common.inflow.InflowControlManager")) {
cachedInflowControlManager = InflowControlManager.getInstance();
} else {
try {
Class clazz = Class.forName(className);
cachedInflowControlManager = (AbstractInflowControlManager) ApplicationContextProvider.getContext().getBean(clazz);
} catch (Exception e) {
logger.error("getInflowControlManager error class= {}", className);
logger.error(e.getMessage());
}
}
}
}
}
return null;
return cachedInflowControlManager;
}
@SuppressWarnings({ "rawtypes", "unchecked" })
public static Bucket getBucket() {
if (cachedBucket == null) {
synchronized (InflowControlUtil.class) {
if (cachedBucket == null) {
Properties inFlowProp = PropManager.getInstance().getProperties("INFLOW");
String className = inFlowProp.getProperty("inflow.control.bucket.className");
if (StringUtils.isBlank(className)
|| StringUtils.equals(className, "com.eactive.eai.common.inflow.InflowControlManager")) {
cachedBucket = InflowControlManager.getBucket();
} else {
try {
Class clazz = Class.forName(className);
Method method = clazz.getMethod("getBucket", (Class<?>[]) null);
cachedBucket = (Bucket) method.invoke(null, (Object[]) null);
} catch (Exception e) {
logger.error("Method call error class= {}, method= getBucket", className);
logger.error(e.getMessage());
}
}
}
}
}
return cachedBucket;
}
public static boolean isTargetOfInflowControl(EAIServerManager eaiServerManager, EAIMessage eaiMessage) {
Properties inFlowProp = PropManager.getInstance().getProperties("INFLOW");
String controlInflow = inFlowProp.getProperty("inflow.control.yn", "N");
@@ -45,21 +90,18 @@ public class InflowControlUtil {
if (!"Y".equalsIgnoreCase(controlInflow)) {
return false;
}
try {
InterfaceMapper mapper = eaiMessage.getMapper();
String returnType = mapper.getSendRecvDivision(eaiMessage.getStandardMessage()); // S|R
String className = inFlowProp.getProperty("inflow.control.bucket.className");
if (StringUtils.isBlank(className)
|| StringUtils.equals(className, "com.eactive.eai.common.inflow.InflowControlManager")) {
return InflowControlManager.isTargetOfInflowControl(eaiServerManager, eaiMessage).booleanValue();
} else {
try {
Class clazz = Class.forName(className);
Method method = clazz.getMethod("isTargetOfInflowControl", EAIServerManager.class, EAIMessage.class);
Boolean returnBoolean = (Boolean) method.invoke(null, eaiServerManager, eaiMessage);
return returnBoolean.booleanValue();
} catch (Exception e) {
logger.error("Method call error class= {}, method= isTargetOfInflowControl", className);
logger.error(e.getMessage());
if (STDMessageKeys.SEND_RECV_CD_SEND.equals(returnType)) {
return Boolean.valueOf(true);
}
return Boolean.valueOf(false);
} catch (Exception e) {
logger.error("isTargetOfInflowControl call error", e.getMessage());
}
return false;
@@ -0,0 +1,23 @@
package com.eactive.eai.common.inflow;
/**
* 유량제어 대상 유형.
* {@link InflowControlDAO} type 컬럼 값을 enum으로 관리하여
* 호출부에 코드 문자열이 노출되지 않도록 한다.
*/
public enum InflowType {
ADAPTER("01"),
INTERFACE("02"),
CLIENT("03");
private final String code;
InflowType(String code) {
this.code = code;
}
public String code() {
return code;
}
}
@@ -0,0 +1,22 @@
package com.eactive.eai.common.inflow.dual;
import com.eactive.eai.common.inflow.InflowTargetVO;
/**
* DualBucket에 클라이언트 유량제어 메서드를 추가한 인터페이스.
* {@link ClientDualInflowControlManager} 구현한다.
*/
public interface ClientDualBucket extends DualBucket {
/**
* 클라이언트 유량제어 체크 차단 원인 포함.
* @return null이면 통과, "PER_SECOND" 또는 "THRESHOLD"이면 해당 버킷에서 차단
*/
String isClientPassDetail(String clientId);
/**
* 클라이언트 유량제어 설정 조회 에러 메시지 생성용.
* @return 등록된 설정이 없으면 null
*/
InflowTargetVO getClientInflowThreshold(String clientId);
}
@@ -0,0 +1,112 @@
package com.eactive.eai.common.inflow.dual;
import java.util.Collections;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.springframework.stereotype.Component;
import com.eactive.eai.common.inflow.Bucket;
import com.eactive.eai.common.inflow.InflowTargetVO;
import com.eactive.eai.common.inflow.InflowType;
import com.eactive.eai.common.lifecycle.LifecycleException;
import com.eactive.eai.common.util.ApplicationContextProvider;
import com.eactive.eai.common.util.Logger;
/**
* 어댑터/인터페이스 이중 버킷(DualInflowControlManager) 클라이언트 유량제어를 추가한 관리자.
*
* <p>적용 방법: INFLOW.properties에 아래 추가.
* <pre>inflow.control.bucket.className=com.eactive.eai.common.inflow.dual.ClientDualInflowControlManager</pre>
*/
@Component
public class ClientDualInflowControlManager extends DualInflowControlManager implements ClientDualBucket {
private static final Logger logger = Logger.getLogger(Logger.LOGGER_DEFAULT);
public static synchronized Bucket getBucket() {
return ApplicationContextProvider.getContext().getBean(ClientDualInflowControlManager.class);
}
private volatile Map<String, DualCustomBucket> clientBucketMap = new ConcurrentHashMap<>();
private final ConcurrentHashMap<String, TargetMetrics> clientMetricsMap = new ConcurrentHashMap<>();
// -------------------------------------------------------------------------
// Lifecycle
// -------------------------------------------------------------------------
@Override
public void start() throws LifecycleException {
super.start();
try {
initClients();
} catch (Exception e) {
throw new LifecycleException("ClientDualInflowControlManager init failed: " + e.getMessage());
}
}
// -------------------------------------------------------------------------
// 초기화 / 리로드
// -------------------------------------------------------------------------
private void initClients() throws Exception {
this.clientBucketMap = loadBucketMap(InflowType.CLIENT);
if (logger.isInfo()) logger.info("ClientDualInflowControlManager] initClients: " + clientBucketMap.size() + " buckets");
}
public synchronized void reloadClient() throws Exception {
initClients();
clientMetricsMap.clear();
}
public synchronized void reloadClient(String clientId) throws Exception {
reloadBucketMap(clientBucketMap, InflowType.CLIENT, clientId);
TargetMetrics m = clientMetricsMap.get(clientId);
if (m != null) m.reset();
}
public synchronized void removeClient(String clientId) {
clientBucketMap.remove(clientId);
clientMetricsMap.remove(clientId);
}
// -------------------------------------------------------------------------
// 클라이언트 메트릭 접근자
// -------------------------------------------------------------------------
public TargetMetrics getClientMetrics(String clientId) { return clientMetricsMap.get(clientId); }
public Map<String, TargetMetrics> getAllClientMetrics() { return Collections.unmodifiableMap(clientMetricsMap); }
public void resetClientMetrics(String clientId) { TargetMetrics m = clientMetricsMap.get(clientId); if (m != null) m.reset(); }
public void resetAllClientMetrics() { clientMetricsMap.values().forEach(TargetMetrics::reset); }
// -------------------------------------------------------------------------
// ClientDualBucket 클라이언트 유량제어
// -------------------------------------------------------------------------
@Override
public String isClientPassDetail(String clientId) {
DualCustomBucket b = clientBucketMap.get(clientId);
if (b == null) return DualCustomBucket.RESULT_PASS;
String result = b.tryConsume();
recordMetrics(clientMetricsMap, clientId, result);
return result;
}
@Override
public InflowTargetVO getClientInflowThreshold(String clientId) {
DualCustomBucket b = clientBucketMap.get(clientId);
return (b == null) ? null : b.getInflowTargetVo();
}
// -------------------------------------------------------------------------
// 모니터링용 접근자
// -------------------------------------------------------------------------
public DualCustomBucket getClientBucket(String clientId) {
return clientBucketMap.get(clientId);
}
public Map<String, DualCustomBucket> getClientBucketMap() {
return clientBucketMap;
}
}
@@ -0,0 +1,25 @@
package com.eactive.eai.common.inflow.dual;
import com.eactive.eai.common.inflow.Bucket;
/**
* Bucket 인터페이스 확장.
* 기존 isAdapterPass/isInterfacePass(boolean) 더해
* 어느 버킷(PER_SECOND/THRESHOLD)에서 차단됐는지 반환하는 메서드 추가.
*
* <p>클라이언트 유량제어는 {@link ClientDualBucket}으로 분리됨.
*/
public interface DualBucket extends Bucket {
/**
* 어댑터 유량제어 체크 차단 원인 포함.
* @return null이면 통과, "PER_SECOND" 또는 "THRESHOLD"이면 해당 버킷에서 차단
*/
String isAdapterPassDetail(String adapter);
/**
* 인터페이스 유량제어 체크 차단 원인 포함.
* @return null이면 통과, "PER_SECOND" 또는 "THRESHOLD"이면 해당 버킷에서 차단
*/
String isInterfacePassDetail(String inter);
}
@@ -0,0 +1,58 @@
package com.eactive.eai.common.inflow.dual;
import com.eactive.eai.common.inflow.InflowTargetVO;
import io.github.bucket4j.local.LocalBucket;
/**
* 어댑터/인터페이스 유량제어 버킷.
* 기존 CustomBucket(단일 버킷) 달리 perSecond/threshold를 별도 버킷으로 분리하여
* 어느 한도를 초과했는지 구분 가능 (CustomGroupBucket과 동일한 이중 구조).
*/
public class DualCustomBucket {
public static final String RESULT_PASS = null;
public static final String RESULT_BLOCKED_PER_SECOND = "PER_SECOND";
public static final String RESULT_BLOCKED_THRESHOLD = "THRESHOLD";
private final LocalBucket perSecondBucket;
private final LocalBucket thresholdBucket;
private final InflowTargetVO inflowTargetVo;
public DualCustomBucket(LocalBucket perSecondBucket, LocalBucket thresholdBucket, InflowTargetVO inflowTargetVo) {
this.perSecondBucket = perSecondBucket;
this.thresholdBucket = thresholdBucket;
this.inflowTargetVo = inflowTargetVo;
}
/**
* 버킷을 순서대로 소비 시도.
* @return null이면 통과, "PER_SECOND" 또는 "THRESHOLD"이면 해당 버킷에서 차단
*/
public String tryConsume() {
boolean perSecondPass = (perSecondBucket == null) || perSecondBucket.tryConsume(1);
if (!perSecondPass) {
return RESULT_BLOCKED_PER_SECOND;
}
boolean thresholdPass = (thresholdBucket == null) || thresholdBucket.tryConsume(1);
if (!thresholdPass) {
// perSecond 토큰은 이미 소비됨 Token Bucket 특성상 롤백 불가
// 초당 버킷은 빠르게 리필되므로 실질적 영향 미미
return RESULT_BLOCKED_THRESHOLD;
}
return RESULT_PASS;
}
public long getPerSecondAvailableTokens() {
return (perSecondBucket != null) ? perSecondBucket.getAvailableTokens() : -1;
}
public long getThresholdAvailableTokens() {
return (thresholdBucket != null) ? thresholdBucket.getAvailableTokens() : -1;
}
public LocalBucket getPerSecondBucket() { return perSecondBucket; }
public LocalBucket getThresholdBucket() { return thresholdBucket; }
public InflowTargetVO getInflowTargetVo() { return inflowTargetVo; }
}
@@ -0,0 +1,342 @@
package com.eactive.eai.common.inflow.dual;
import java.time.Duration;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicLong;
import org.apache.commons.lang3.StringUtils;
import com.eactive.eai.common.inflow.AbstractInflowControlManager;
import com.eactive.eai.common.inflow.Bucket;
import com.eactive.eai.common.inflow.CustomGroupBucket;
import com.eactive.eai.common.inflow.InflowTargetVO;
import com.eactive.eai.common.inflow.InflowType;
import com.eactive.eai.common.lifecycle.LifecycleException;
import com.eactive.eai.common.util.ApplicationContextProvider;
import com.eactive.eai.common.util.Logger;
import io.github.bucket4j.Bandwidth;
import io.github.bucket4j.Bucket4j;
import io.github.bucket4j.Refill;
import io.github.bucket4j.local.LocalBucket;
/**
* 어댑터/인터페이스 버킷을 이중 구조(perSecond + threshold) 관리하는 유량제어 관리자.
*
* <p>클라이언트 유량제어는 {@link ClientDualInflowControlManager} 분리됨.
*
* <p>적용 방법: INFLOW.properties에 아래 추가.
* <pre>inflow.control.bucket.className=com.eactive.eai.common.inflow.dual.ClientDualInflowControlManager</pre>
*/
public class DualInflowControlManager extends AbstractInflowControlManager implements DualBucket {
private static final Logger logger = Logger.getLogger(Logger.LOGGER_DEFAULT);
// InflowControlUtil이 리플렉션으로 호출하는 진입점
public static synchronized Bucket getBucket() {
return ApplicationContextProvider.getContext().getBean(DualInflowControlManager.class);
}
private volatile Map<String, DualCustomBucket> adapterBucketMap = new ConcurrentHashMap<>();
private volatile Map<String, DualCustomBucket> interfaceBucketMap = new ConcurrentHashMap<>();
private final ConcurrentHashMap<String, TargetMetrics> adapterMetricsMap = new ConcurrentHashMap<>();
private final ConcurrentHashMap<String, TargetMetrics> interfaceMetricsMap = new ConcurrentHashMap<>();
private final ConcurrentHashMap<String, TargetMetrics> groupMetricsMap = new ConcurrentHashMap<>();
public static class TargetMetrics {
public final AtomicLong allowed = new AtomicLong();
public final AtomicLong rejectedPerSecond = new AtomicLong();
public final AtomicLong rejectedThreshold = new AtomicLong();
public volatile long lastResetTime = System.currentTimeMillis();
public void reset() {
allowed.set(0);
rejectedPerSecond.set(0);
rejectedThreshold.set(0);
lastResetTime = System.currentTimeMillis();
}
}
// -------------------------------------------------------------------------
// Lifecycle
// -------------------------------------------------------------------------
@Override
public void start() throws LifecycleException {
super.start();
try {
initAdapters();
initInterfaces();
} catch (Exception e) {
throw new LifecycleException("DualInflowControlManager init failed: " + e.getMessage());
}
}
// -------------------------------------------------------------------------
// 초기화 / 리로드
// -------------------------------------------------------------------------
private void initAdapters() throws Exception {
this.adapterBucketMap = loadBucketMap(InflowType.ADAPTER);
if (logger.isInfo()) logger.info("DualInflowControlManager] initAdapters: " + adapterBucketMap.size() + " buckets");
}
private void initInterfaces() throws Exception {
this.interfaceBucketMap = loadBucketMap(InflowType.INTERFACE);
if (logger.isInfo()) logger.info("DualInflowControlManager] initInterfaces: " + interfaceBucketMap.size() + " buckets");
}
protected Map<String, DualCustomBucket> loadBucketMap(InflowType type) throws Exception {
Map<String, DualCustomBucket> newMap = new HashMap<>();
for (InflowTargetVO vo : inflowControlDAO.getInflowList(type)) {
DualCustomBucket bucket = makeBucket(vo);
if (bucket != null) newMap.put(vo.getName(), bucket);
}
return newMap;
}
@Override
public synchronized void reloadAdapter() throws Exception {
initAdapters();
adapterMetricsMap.clear();
}
@Override
public synchronized void reloadAdapter(String adapter) throws Exception {
reloadBucketMap(adapterBucketMap, InflowType.ADAPTER, adapter);
TargetMetrics m = adapterMetricsMap.get(adapter);
if (m != null) m.reset();
}
@Override
public synchronized void reloadInterface() throws Exception {
initInterfaces();
interfaceMetricsMap.clear();
}
@Override
public synchronized void reloadInterface(String inter) throws Exception {
reloadBucketMap(interfaceBucketMap, InflowType.INTERFACE, inter);
TargetMetrics m = interfaceMetricsMap.get(inter);
if (m != null) m.reset();
}
@Override
public synchronized void reloadGroup() throws Exception {
super.reloadGroup();
groupMetricsMap.clear();
}
@Override
public synchronized void reloadGroup(String groupId) throws Exception {
super.reloadGroup(groupId);
TargetMetrics m = groupMetricsMap.get(groupId);
if (m != null) m.reset();
}
protected void reloadBucketMap(Map<String, DualCustomBucket> targetMap, InflowType type, String name) throws Exception {
Map<String, InflowTargetVO> updated = inflowControlDAO.getInflowMap(type, name);
if (updated == null) return;
for (InflowTargetVO vo : updated.values()) {
DualCustomBucket bucket = makeBucket(vo);
if (bucket != null) targetMap.put(vo.getName(), bucket);
else targetMap.remove(vo.getName());
}
}
// -------------------------------------------------------------------------
// 어댑터/인터페이스 메트릭 접근자
// -------------------------------------------------------------------------
public TargetMetrics getAdapterMetrics(String adapter) { return adapterMetricsMap.get(adapter); }
public TargetMetrics getInterfaceMetrics(String inter) { return interfaceMetricsMap.get(inter); }
public Map<String, TargetMetrics> getAllAdapterMetrics() { return Collections.unmodifiableMap(adapterMetricsMap); }
public Map<String, TargetMetrics> getAllInterfaceMetrics() { return Collections.unmodifiableMap(interfaceMetricsMap); }
public void resetAdapterMetrics(String adapter) { TargetMetrics m = adapterMetricsMap.get(adapter); if (m != null) m.reset(); }
public void resetInterfaceMetrics(String inter) { TargetMetrics m = interfaceMetricsMap.get(inter); if (m != null) m.reset(); }
public void resetAllAdapterMetrics() { adapterMetricsMap.values().forEach(TargetMetrics::reset); }
public void resetAllInterfaceMetrics() { interfaceMetricsMap.values().forEach(TargetMetrics::reset); }
// -------------------------------------------------------------------------
// 그룹 메트릭 isGroupPass() 카운팅 접근자
// -------------------------------------------------------------------------
@Override
public String isGroupPass(String groupId) {
String result = super.isGroupPass(groupId);
TargetMetrics m = groupMetricsMap.computeIfAbsent(groupId, k -> new TargetMetrics());
if (result == null) {
m.allowed.incrementAndGet();
} else if (CustomGroupBucket.RESULT_BLOCKED_PER_SECOND.equals(result)) {
m.rejectedPerSecond.incrementAndGet();
} else {
m.rejectedThreshold.incrementAndGet();
}
return result;
}
public TargetMetrics getGroupMetrics(String groupId) {
return groupMetricsMap.get(groupId);
}
public Map<String, TargetMetrics> getAllGroupMetrics() {
return Collections.unmodifiableMap(groupMetricsMap);
}
public void resetGroupMetrics(String groupId) {
TargetMetrics m = groupMetricsMap.get(groupId);
if (m != null) m.reset();
}
public void resetAllGroupMetrics() {
groupMetricsMap.values().forEach(TargetMetrics::reset);
}
// -------------------------------------------------------------------------
// DualBucket 차단 원인 포함 메서드
// -------------------------------------------------------------------------
@Override
public String isAdapterPassDetail(String adapter) {
DualCustomBucket b = adapterBucketMap.get(adapter);
if (b == null) return DualCustomBucket.RESULT_PASS;
String result = b.tryConsume();
recordMetrics(adapterMetricsMap, adapter, result);
return result;
}
@Override
public String isInterfacePassDetail(String inter) {
DualCustomBucket b = interfaceBucketMap.get(inter);
if (b == null) return DualCustomBucket.RESULT_PASS;
String result = b.tryConsume();
recordMetrics(interfaceMetricsMap, inter, result);
return result;
}
protected void recordMetrics(ConcurrentHashMap<String, TargetMetrics> metricsMap, String key, String result) {
TargetMetrics m = metricsMap.computeIfAbsent(key, k -> new TargetMetrics());
if (result == null) m.allowed.incrementAndGet();
else if (DualCustomBucket.RESULT_BLOCKED_PER_SECOND.equals(result)) m.rejectedPerSecond.incrementAndGet();
else m.rejectedThreshold.incrementAndGet();
}
// -------------------------------------------------------------------------
// Bucket 인터페이스 오버라이드 이중 버킷으로 교체 (boolean 반환 유지)
// -------------------------------------------------------------------------
@Override
public boolean isAdapterPass(String adapter) {
return isAdapterPassDetail(adapter) == DualCustomBucket.RESULT_PASS;
}
@Override
public boolean isInterfacePass(String inter) {
return isInterfacePassDetail(inter) == DualCustomBucket.RESULT_PASS;
}
// -------------------------------------------------------------------------
// 어댑터/인터페이스 ·VO·삭제 Dual 기준으로 오버라이드
// -------------------------------------------------------------------------
@Override
public String[] getAdapterAllKeys() {
String[] keys = adapterBucketMap.keySet().toArray(new String[0]);
Arrays.sort(keys);
return keys;
}
@Override
public String[] getInterfaceAllKeys() {
String[] keys = interfaceBucketMap.keySet().toArray(new String[0]);
Arrays.sort(keys);
return keys;
}
@Override
public InflowTargetVO getAdapterInflowThreashold(String adapter) {
DualCustomBucket b = adapterBucketMap.get(adapter);
return (b == null) ? null : b.getInflowTargetVo();
}
@Override
public InflowTargetVO getInterfaceInflowThreashold(String inter) {
DualCustomBucket b = interfaceBucketMap.get(inter);
return (b == null) ? null : b.getInflowTargetVo();
}
@Override
public synchronized void removeAdapter(String adapter) {
adapterBucketMap.remove(adapter);
adapterMetricsMap.remove(adapter);
}
@Override
public synchronized void removeInterface(String inter) {
interfaceBucketMap.remove(inter);
interfaceMetricsMap.remove(inter);
}
// -------------------------------------------------------------------------
// 모니터링용 접근자
// -------------------------------------------------------------------------
public DualCustomBucket getAdapterBucket(String adapter) {
return adapterBucketMap.get(adapter);
}
public DualCustomBucket getInterfaceBucket(String inter) {
return interfaceBucketMap.get(inter);
}
public Map<String, DualCustomBucket> getAdapterBucketMap() {
return adapterBucketMap;
}
public Map<String, DualCustomBucket> getInterfaceBucketMap() {
return interfaceBucketMap;
}
// -------------------------------------------------------------------------
// 버킷 팩토리
// -------------------------------------------------------------------------
/**
* perSecond 버킷: greedy refill 초당 N개 요청을 균등하게 허용.
* threshold 버킷: intervally refill 기간(// ) 단위 쿼터를 기간 시작 일괄 충전.
* Bandwidth.simple은 버킷 모두 greedy로 생성되어 시간 단위 구분이 없어지므로 classic으로 교체.
*/
protected DualCustomBucket makeBucket(InflowTargetVO vo) {
if (!AbstractInflowControlManager.isInflowTarget(vo)) {
return null;
}
LocalBucket perSecondBucket = null;
LocalBucket thresholdBucket = null;
if (vo.getThresholdPerSecond() > 0) {
perSecondBucket = Bucket4j.builder()
.addLimit(Bandwidth.classic(vo.getThresholdPerSecond(),
Refill.greedy(vo.getThresholdPerSecond(), Duration.ofSeconds(1))))
.build();
}
if (vo.getThreshold() > 0 && StringUtils.isNotBlank(vo.getThresholdTimeUnit())) {
Duration period = AbstractInflowControlManager.getPeriod(vo.getThresholdTimeUnit());
thresholdBucket = Bucket4j.builder()
.addLimit(Bandwidth.classic(vo.getThreshold(),
Refill.intervally(vo.getThreshold(), period)))
.build();
}
return new DualCustomBucket(perSecondBucket, thresholdBucket, vo);
}
}
@@ -0,0 +1,173 @@
package com.eactive.eai.common.security;
import java.nio.ByteBuffer;
import java.security.Key;
import java.security.SecureRandom;
import java.security.Security;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jcajce.spec.FPEParameterSpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class AESCryptoModuleExtension implements CryptoModuleExtension {
private static final int GCM_IV_LENGTH = 12;
private static final int GCM_TAG_LENGTH = 128;
private static final String DEFAULT_PROVIDER = "BC";
private Cipher encryptEngine;
private Cipher decryptEngine;
private String mode;
private String pad;
private byte[] iv;
private byte[] encKey;
private byte[] decKey;
/** 명시적 프로바이더. null이면 모든 모드에서 BC(DEFAULT_PROVIDER)를 사용한다. */
private String provider;
// ------------------------------------------------------------------
// init 모든 오버로드는 최종적으로 6+provider 버전에 위임한다
// ------------------------------------------------------------------
@Override
public void init(String alg, String mode, String pad, byte[] encKey, byte[] decKey) throws Exception {
init(alg, mode, pad, null, encKey, decKey, null);
}
@Override
public void init(String alg, String mode, String pad, byte[] iv, byte[] encKey, byte[] decKey) throws Exception {
init(alg, mode, pad, iv, encKey, decKey, null);
}
@Override
public void init(String alg, String mode, String pad, byte[] encKey, byte[] decKey, String provider) throws Exception {
init(alg, mode, pad, null, encKey, decKey, provider);
}
@Override
public void init(String alg, String mode, String pad, byte[] iv, byte[] encKey, byte[] decKey, String provider) throws Exception {
this.mode = mode;
this.pad = pad;
this.iv = iv;
this.encKey = encKey;
this.decKey = decKey;
this.provider = (provider != null && !provider.isEmpty()) ? provider : null;
// GCM 포함 모든 모드에서 BC 프로바이더를 사용 기본값 BC
if (Security.getProvider("BC") == null) {
Security.addProvider(new BouncyCastleProvider());
}
if (!mode.equalsIgnoreCase("GCM")) {
String m = mode != null ? mode : "";
String p = pad != null ? pad : "";
String transformation = String.format("AES/%s/%s", m, p);
Key encKeySpec = new SecretKeySpec(encKey, "AES");
Key decKeySpec = new SecretKeySpec(decKey, "AES");
AlgorithmParameterSpec param = iv != null ? new IvParameterSpec(iv) : null;
if (m.toLowerCase().contains("ff")) {
param = new FPEParameterSpec(256, iv);
}
String prov = this.provider != null ? this.provider : DEFAULT_PROVIDER;
this.encryptEngine = Cipher.getInstance(transformation, prov);
this.decryptEngine = Cipher.getInstance(transformation, prov);
this.encryptEngine.init(Cipher.ENCRYPT_MODE, encKeySpec, param, (SecureRandom) null);
this.decryptEngine.init(Cipher.DECRYPT_MODE, decKeySpec, param, (SecureRandom) null);
}
}
// ------------------------------------------------------------------
// encrypt
// ------------------------------------------------------------------
@Override
public int encrypt(byte[] src, int sindex, int slength, byte[] dst, int dindex) throws Exception {
return this.encryptEngine.doFinal(src, sindex, slength, dst, dindex);
}
@Override
public byte[] encrypt(byte[] src, int sindex, int slength) throws Exception {
return encrypt(src, sindex, slength, null);
}
/**
* AAD를 명시한 암호화.
* GCM 모드에서 aad != null 이면 해당 값을 사용하고, null 이면 iv를 AAD로 사용하는 기본 동작을 따른다.
* -GCM 모드는 AAD를 무시하고 사전 초기화된 엔진으로 처리한다.
*/
@Override
public byte[] encrypt(byte[] src, int sindex, int slength, byte[] aad) throws Exception {
if (this.mode.equalsIgnoreCase("GCM")) {
Key key = new SecretKeySpec(this.encKey, "AES");
byte[] nonce = new byte[GCM_IV_LENGTH];
new SecureRandom().nextBytes(nonce);
GCMParameterSpec gcmSpec = new GCMParameterSpec(GCM_TAG_LENGTH, nonce);
String prov = this.provider != null ? this.provider : DEFAULT_PROVIDER;
Cipher cipher = Cipher.getInstance(String.format("AES/%s/%s", this.mode, this.pad), prov);
cipher.init(Cipher.ENCRYPT_MODE, key, gcmSpec);
byte[] effectiveAad = aad != null ? aad : this.iv;
if (effectiveAad != null) cipher.updateAAD(effectiveAad);
byte[] cipherTextWithTag = cipher.doFinal(src, sindex, slength);
byte[] output = new byte[GCM_IV_LENGTH + cipherTextWithTag.length];
System.arraycopy(nonce, 0, output, 0, GCM_IV_LENGTH);
System.arraycopy(cipherTextWithTag, 0, output, GCM_IV_LENGTH, cipherTextWithTag.length);
return output;
}
int outLen = this.encryptEngine.getOutputSize(slength);
byte[] dst = new byte[outLen];
int actual = encrypt(src, sindex, slength, dst, 0);
return ByteBuffer.allocate(actual).put(dst, 0, actual).array();
}
// ------------------------------------------------------------------
// decrypt
// ------------------------------------------------------------------
@Override
public int decrypt(byte[] src, int sindex, int slength, byte[] dst, int dindex) throws Exception {
return this.decryptEngine.doFinal(src, sindex, slength, dst, dindex);
}
@Override
public byte[] decrypt(byte[] src, int sindex, int slength) throws Exception {
return decrypt(src, sindex, slength, null);
}
/**
* AAD를 명시한 복호화.
* GCM 모드에서 aad != null 이면 해당 값을 사용하고, null 이면 iv를 AAD로 사용하는 기본 동작을 따른다.
* -GCM 모드는 AAD를 무시하고 사전 초기화된 엔진으로 처리한다.
*/
@Override
public byte[] decrypt(byte[] src, int sindex, int slength, byte[] aad) throws Exception {
if (this.mode.equalsIgnoreCase("GCM")) {
Key key = new SecretKeySpec(this.decKey, "AES");
byte[] nonce = new byte[GCM_IV_LENGTH];
System.arraycopy(src, sindex, nonce, 0, GCM_IV_LENGTH);
byte[] cipherTextWithTag = new byte[slength - GCM_IV_LENGTH];
System.arraycopy(src, sindex + GCM_IV_LENGTH, cipherTextWithTag, 0, cipherTextWithTag.length);
GCMParameterSpec gcmSpec = new GCMParameterSpec(GCM_TAG_LENGTH, nonce);
String prov = this.provider != null ? this.provider : DEFAULT_PROVIDER;
Cipher cipher = Cipher.getInstance(String.format("AES/%s/%s", this.mode, this.pad), prov);
cipher.init(Cipher.DECRYPT_MODE, key, gcmSpec);
byte[] effectiveAad = aad != null ? aad : this.iv;
if (effectiveAad != null) cipher.updateAAD(effectiveAad);
return cipher.doFinal(cipherTextWithTag);
}
return this.decryptEngine.doFinal(src, sindex, slength);
}
}
@@ -0,0 +1,68 @@
package com.eactive.eai.common.security;
import java.nio.ByteBuffer;
import java.security.Key;
import java.security.SecureRandom;
import java.security.Security;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jcajce.spec.FPEParameterSpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class ARIACryptoModuleExtension implements CryptoModuleExtension {
private Cipher encryptEngine;
private Cipher decryptEngine;
@Override
public void init(String alg, String mode, String pad, byte[] encKey, byte[] decKey) throws Exception {
this.init("ARIA", mode, pad, (byte[]) null, encKey, decKey);
}
@Override
public void init(String alg, String mode, String pad, byte[] iv, byte[] encKey, byte[] decKey) throws Exception {
if (Security.getProvider("BC") == null) {
Security.addProvider(new BouncyCastleProvider());
}
String m = mode != null ? mode : "";
String p = pad != null ? pad : "";
Key encKeySpec = new SecretKeySpec(encKey, "ARIA");
Key decKeySpec = new SecretKeySpec(decKey, "ARIA");
AlgorithmParameterSpec param = iv != null ? new IvParameterSpec(iv) : null;
if (m.toLowerCase().contains("ff")) {
param = new FPEParameterSpec(256, iv);
}
this.encryptEngine = Cipher.getInstance(String.format("ARIA/%s/%s", m, p));
this.encryptEngine.init(Cipher.ENCRYPT_MODE, encKeySpec, param, (SecureRandom) null);
this.decryptEngine = Cipher.getInstance(String.format("ARIA/%s/%s", m, p));
this.decryptEngine.init(Cipher.DECRYPT_MODE, decKeySpec, param, (SecureRandom) null);
}
@Override
public int encrypt(byte[] src, int sindex, int slength, byte[] dst, int dindex) throws Exception {
return this.encryptEngine.doFinal(src, sindex, slength, dst, dindex);
}
@Override
public byte[] encrypt(byte[] src, int sindex, int slength) throws Exception {
int size = (slength + 17) / this.encryptEngine.getBlockSize() * this.encryptEngine.getBlockSize();
size += (slength + 17) % this.encryptEngine.getBlockSize() == 0 ? 0 : this.encryptEngine.getBlockSize();
byte[] dst = new byte[this.encryptEngine.getOutputSize(size)];
size = this.encrypt(src, sindex, slength, dst, 0);
return ByteBuffer.allocate(size).put(dst, 0, size).array();
}
@Override
public int decrypt(byte[] src, int sindex, int slength, byte[] dst, int dindex) throws Exception {
return this.decryptEngine.doFinal(src, sindex, slength, dst, dindex);
}
@Override
public byte[] decrypt(byte[] src, int sindex, int slength) throws Exception {
return this.decryptEngine.doFinal(src, sindex, slength);
}
}
@@ -0,0 +1,23 @@
package com.eactive.eai.common.security;
import lombok.Data;
@Data
public class CryptoModuleConfigVO {
String cryptoId;
String cryptoName;
String cryptoDesc;
String algType;
String cipherMode;
String padding;
String ivHex;
String keySourceType;
String encKeyHex;
String decKeyHex;
String keyDerivStrategy;
String keyDerivParams;
String cacheYn;
Integer cacheTtlSec;
String useYn;
}
@@ -0,0 +1,52 @@
package com.eactive.eai.common.security;
public interface CryptoModuleExtension {
void init(String alg, String mode, String pad, byte[] encKey, byte[] decKey) throws Exception;
void init(String alg, String mode, String pad, byte[] iv, byte[] encKey, byte[] decKey) throws Exception;
/** 프로바이더를 명시한 초기화. 미지원 구현체는 provider를 무시하고 기본 동작한다. */
default void init(String alg, String mode, String pad, byte[] encKey, byte[] decKey, String provider) throws Exception {
init(alg, mode, pad, encKey, decKey);
}
/** 프로바이더를 명시한 초기화 (IV 포함). 미지원 구현체는 provider를 무시하고 기본 동작한다. */
default void init(String alg, String mode, String pad, byte[] iv, byte[] encKey, byte[] decKey, String provider) throws Exception {
init(alg, mode, pad, iv, encKey, decKey);
}
int encrypt(byte[] src, int sindex, int slength, byte[] dst, int dindex) throws Exception;
byte[] encrypt(byte[] src, int sindex, int slength) throws Exception;
/** AAD를 명시한 암호화. null이면 구현체 기본 동작(IV를 AAD로 사용하거나 AAD 없음)을 따른다. */
default byte[] encrypt(byte[] src, int sindex, int slength, byte[] aad) throws Exception {
return encrypt(src, sindex, slength);
}
default byte[] encrypt(byte[] src) throws Exception {
return encrypt(src, 0, src.length);
}
default byte[] encrypt(byte[] src, byte[] aad) throws Exception {
return encrypt(src, 0, src.length, aad);
}
int decrypt(byte[] src, int sindex, int slength, byte[] dst, int dindex) throws Exception;
byte[] decrypt(byte[] src, int sindex, int slength) throws Exception;
/** AAD를 명시한 복호화. null이면 구현체 기본 동작을 따른다. */
default byte[] decrypt(byte[] src, int sindex, int slength, byte[] aad) throws Exception {
return decrypt(src, sindex, slength);
}
default byte[] decrypt(byte[] src) throws Exception {
return decrypt(src, 0, src.length);
}
default byte[] decrypt(byte[] src, byte[] aad) throws Exception {
return decrypt(src, 0, src.length, aad);
}
}
@@ -0,0 +1,244 @@
package com.eactive.eai.common.security;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.xml.bind.DatatypeConverter;
import org.springframework.stereotype.Component;
import com.eactive.eai.common.lifecycle.Lifecycle;
import com.eactive.eai.common.lifecycle.LifecycleException;
import com.eactive.eai.common.lifecycle.LifecycleListener;
import com.eactive.eai.common.lifecycle.LifecycleSupport;
import com.eactive.eai.common.security.keyderiv.DerivedKey;
import com.eactive.eai.common.security.keyderiv.KeyDerivationStrategy;
import com.eactive.eai.common.security.loader.CryptoModuleConfigLoader;
import com.eactive.eai.common.security.mapper.CryptoModuleConfigMapper;
import com.eactive.eai.common.util.ApplicationContextProvider;
import com.eactive.eai.common.util.Logger;
import com.eactive.eai.data.entity.onl.security.CryptoModuleConfig;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
@Component
public class CryptoModuleManager implements Lifecycle {
static Logger logger = Logger.getLogger(Logger.LOGGER_DEFAULT);
private static final ObjectMapper objectMapper = new ObjectMapper();
private final ConcurrentHashMap<String, CryptoModuleConfigVO> configMap = new ConcurrentHashMap<>();
private final ConcurrentHashMap<String, KeyDerivationStrategy> strategyCache = new ConcurrentHashMap<>();
private final ConcurrentHashMap<String, CachedDerivedKey> dynamicKeyCache = new ConcurrentHashMap<>();
private boolean started;
private final LifecycleSupport lifecycle = new LifecycleSupport(this);
private CryptoModuleManager() {}
public static CryptoModuleManager getInstance() {
return ApplicationContextProvider.getContext().getBean(CryptoModuleManager.class);
}
@Override
public void start() throws LifecycleException {
if (started) throw new LifecycleException("RECEAICRY001");
lifecycle.fireLifecycleEvent(STARTING_EVENT, this);
try {
loadAll();
} catch (Exception e) {
throw new LifecycleException("RECEAICRY002");
}
started = true;
lifecycle.fireLifecycleEvent(STARTED_EVENT, this);
}
@Override
public void stop() throws LifecycleException {
if (!started) throw new LifecycleException("RECEAICRY003");
lifecycle.fireLifecycleEvent(STOPING_EVENT, this);
configMap.clear();
dynamicKeyCache.clear();
strategyCache.clear();
started = false;
lifecycle.fireLifecycleEvent(STOPPED_EVENT, this);
}
private void loadAll() {
CryptoModuleConfigLoader loader = ctx().getBean(CryptoModuleConfigLoader.class);
CryptoModuleConfigMapper mapper = ctx().getBean(CryptoModuleConfigMapper.class);
List<CryptoModuleConfig> all = loader.findAll();
configMap.clear();
for (CryptoModuleConfig entity : all) {
if ("Y".equalsIgnoreCase(entity.getUseYn())) {
CryptoModuleConfigVO vo = mapper.toVo(entity);
configMap.put(vo.getCryptoName(), vo);
}
}
logger.warn("CryptoModuleManager] 암호화모듈 로드 완료. 건수=" + configMap.size());
}
public void reload(String cryptoId) {
CryptoModuleConfigLoader loader = ctx().getBean(CryptoModuleConfigLoader.class);
CryptoModuleConfigMapper mapper = ctx().getBean(CryptoModuleConfigMapper.class);
configMap.values().removeIf(vo -> cryptoId.equals(vo.getCryptoId()));
evictDynamicCache(cryptoId);
loader.findById(cryptoId).ifPresent(entity -> {
if ("Y".equalsIgnoreCase(entity.getUseYn())) {
CryptoModuleConfigVO vo = mapper.toVo(entity);
configMap.put(vo.getCryptoName(), vo);
logger.warn("CryptoModuleManager] 재로드 완료: " + vo.getCryptoName());
}
});
}
/**
* STATIC 방식 초기화된 CryptoModuleExtension 반환.
* Cipher는 thread-safe하지 않으므로 호출마다 인스턴스를 생성한다.
*/
public CryptoModuleExtension createExtension(String cryptoName) throws Exception {
CryptoModuleConfigVO vo = getVO(cryptoName);
byte[] encKey = DatatypeConverter.parseHexBinary(vo.getEncKeyHex());
byte[] decKey = vo.getDecKeyHex() != null
? DatatypeConverter.parseHexBinary(vo.getDecKeyHex())
: encKey;
byte[] iv = vo.getIvHex() != null ? DatatypeConverter.parseHexBinary(vo.getIvHex()) : null;
return buildExtension(vo, iv, encKey, decKey);
}
/**
* DYNAMIC 방식 전략으로 키를 도출하고 캐시를 적용한 CryptoModuleExtension 반환.
*/
public CryptoModuleExtension createExtension(String cryptoName, Map<String, String> runtimeContext)
throws Exception {
CryptoModuleConfigVO vo = getVO(cryptoName);
if ("STATIC".equalsIgnoreCase(vo.getKeySourceType())) {
return createExtension(cryptoName);
}
KeyDerivationStrategy strategy = resolveStrategy(vo.getKeyDerivStrategy());
Map<String, String> params = parseParams(vo.getKeyDerivParams());
String cacheKey = strategy.buildCacheKey(cryptoName, params, runtimeContext);
DerivedKey derivedKey = null;
if ("Y".equalsIgnoreCase(vo.getCacheYn())) {
CachedDerivedKey cached = dynamicKeyCache.get(cacheKey);
if (cached != null && !cached.isExpired()) {
derivedKey = cached.getDerivedKey();
}
}
if (derivedKey == null) {
derivedKey = strategy.deriveKey(params, runtimeContext);
if ("Y".equalsIgnoreCase(vo.getCacheYn())) {
int ttl = vo.getCacheTtlSec() != null ? vo.getCacheTtlSec() : 300;
dynamicKeyCache.put(cacheKey, new CachedDerivedKey(derivedKey, ttl));
}
}
byte[] iv = vo.getIvHex() != null ? DatatypeConverter.parseHexBinary(vo.getIvHex()) : null;
return buildExtension(vo, iv, derivedKey.getEncKey(), derivedKey.getDecKey());
}
private CryptoModuleConfigVO getVO(String cryptoName) {
CryptoModuleConfigVO vo = configMap.get(cryptoName);
if (vo == null) {
throw new IllegalArgumentException("암호화모듈 미등록: " + cryptoName);
}
return vo;
}
private CryptoModuleExtension buildExtension(CryptoModuleConfigVO vo, byte[] iv,
byte[] encKey, byte[] decKey) throws Exception {
CryptoModuleExtension ext = "ARIA".equalsIgnoreCase(vo.getAlgType())
? new ARIACryptoModuleExtension()
: new AESCryptoModuleExtension();
ext.init(vo.getAlgType(), vo.getCipherMode(), vo.getPadding(), iv, encKey, decKey);
return ext;
}
/**
* DB key_deriv_strategy 컬럼에 저장된 FQCN으로 전략 클래스를 로드한다.
* 로드된 인스턴스는 strategyCache에 보관하여 재사용한다.
*/
private KeyDerivationStrategy resolveStrategy(String fqcn) {
return strategyCache.computeIfAbsent(fqcn, key -> {
try {
Class<?> clazz = Class.forName(key);
return (KeyDerivationStrategy) clazz.getDeclaredConstructor().newInstance();
} catch (Exception e) {
throw new IllegalArgumentException("전략 클래스 로드 실패: " + key, e);
}
});
}
private Map<String, String> parseParams(String json) throws Exception {
if (json == null || json.trim().isEmpty()) {
return new HashMap<>();
}
return objectMapper.readValue(json, new TypeReference<Map<String, String>>() {});
}
private void evictDynamicCache(String cryptoId) {
configMap.values().stream()
.filter(vo -> cryptoId.equals(vo.getCryptoId()))
.map(CryptoModuleConfigVO::getCryptoName)
.forEach(name -> {
Iterator<String> it = dynamicKeyCache.keySet().iterator();
while (it.hasNext()) {
if (it.next().startsWith(name + ":")) it.remove();
}
});
}
private org.springframework.context.ApplicationContext ctx() {
return ApplicationContextProvider.getContext();
}
@Override
public void addLifecycleListener(LifecycleListener listener) {
lifecycle.addLifecycleListener(listener);
}
@Override
public LifecycleListener[] findLifecycleListeners() {
return lifecycle.findLifecycleListeners();
}
@Override
public void removeLifecycleListener(LifecycleListener listener) {
lifecycle.removeLifecycleListener(listener);
}
@Override
public boolean isStarted() {
return started;
}
private static class CachedDerivedKey {
private final DerivedKey derivedKey;
private final long expireAt;
CachedDerivedKey(DerivedKey derivedKey, int ttlSec) {
this.derivedKey = derivedKey;
this.expireAt = System.currentTimeMillis() + (ttlSec * 1000L);
}
boolean isExpired() {
return System.currentTimeMillis() > expireAt;
}
DerivedKey getDerivedKey() {
return derivedKey;
}
}
}
@@ -0,0 +1,77 @@
package com.eactive.eai.common.security;
import java.util.Map;
import org.springframework.stereotype.Service;
import com.eactive.eai.common.util.ApplicationContextProvider;
/**
* 어댑터 필터 등에서 암복호화를 위임하는 진입점.
*
* STATIC 방식:
* service.encrypt("MODULE_NAME", plainBytes);
*
* DYNAMIC 방식 (런타임 컨텍스트 전달):
* Map<String,String> ctx = Map.of("X-Api-Enc-Key", request.getHeader("X-Api-Enc-Key"));
* service.encrypt("MODULE_NAME", ctx, plainBytes);
*
* AAD 명시 방식 (GCM 인증 데이터 전달):
* byte[] aad = request.getHeader("X-Api-Request-Id").getBytes(StandardCharsets.UTF_8);
* service.encrypt("MODULE_NAME", ctx, aad, plainBytes);
*/
@Service
public class CryptoModuleService {
public static CryptoModuleService getInstance() {
return ApplicationContextProvider.getContext().getBean(CryptoModuleService.class);
}
// ------------------------------------------------------------------
// STATIC
// ------------------------------------------------------------------
public byte[] encrypt(String cryptoName, byte[] plainBytes) throws Exception {
CryptoModuleExtension ext = CryptoModuleManager.getInstance().createExtension(cryptoName);
return ext.encrypt(plainBytes, 0, plainBytes.length);
}
public byte[] encrypt(String cryptoName, byte[] aad, byte[] plainBytes) throws Exception {
CryptoModuleExtension ext = CryptoModuleManager.getInstance().createExtension(cryptoName);
return ext.encrypt(plainBytes, 0, plainBytes.length, aad);
}
public byte[] decrypt(String cryptoName, byte[] cipherBytes) throws Exception {
CryptoModuleExtension ext = CryptoModuleManager.getInstance().createExtension(cryptoName);
return ext.decrypt(cipherBytes, 0, cipherBytes.length);
}
public byte[] decrypt(String cryptoName, byte[] aad, byte[] cipherBytes) throws Exception {
CryptoModuleExtension ext = CryptoModuleManager.getInstance().createExtension(cryptoName);
return ext.decrypt(cipherBytes, 0, cipherBytes.length, aad);
}
// ------------------------------------------------------------------
// DYNAMIC
// ------------------------------------------------------------------
public byte[] encrypt(String cryptoName, Map<String, String> runtimeContext, byte[] plainBytes) throws Exception {
CryptoModuleExtension ext = CryptoModuleManager.getInstance().createExtension(cryptoName, runtimeContext);
return ext.encrypt(plainBytes, 0, plainBytes.length);
}
public byte[] encrypt(String cryptoName, Map<String, String> runtimeContext, byte[] aad, byte[] plainBytes) throws Exception {
CryptoModuleExtension ext = CryptoModuleManager.getInstance().createExtension(cryptoName, runtimeContext);
return ext.encrypt(plainBytes, 0, plainBytes.length, aad);
}
public byte[] decrypt(String cryptoName, Map<String, String> runtimeContext, byte[] cipherBytes) throws Exception {
CryptoModuleExtension ext = CryptoModuleManager.getInstance().createExtension(cryptoName, runtimeContext);
return ext.decrypt(cipherBytes, 0, cipherBytes.length);
}
public byte[] decrypt(String cryptoName, Map<String, String> runtimeContext, byte[] aad, byte[] cipherBytes) throws Exception {
CryptoModuleExtension ext = CryptoModuleManager.getInstance().createExtension(cryptoName, runtimeContext);
return ext.decrypt(cipherBytes, 0, cipherBytes.length, aad);
}
}
@@ -0,0 +1,20 @@
package com.eactive.eai.common.security.keyderiv;
public class DerivedKey {
private final byte[] encKey;
private final byte[] decKey;
public DerivedKey(byte[] encKey, byte[] decKey) {
this.encKey = encKey;
this.decKey = decKey != null ? decKey : encKey;
}
public byte[] getEncKey() {
return encKey;
}
public byte[] getDecKey() {
return decKey;
}
}
@@ -0,0 +1,23 @@
package com.eactive.eai.common.security.keyderiv;
import java.util.Map;
public interface KeyDerivationStrategy {
/**
* 키를 도출한다.
*
* @param params DB의 key_deriv_params (JSON 파싱된 Map)
* @param runtimeContext 런타임 컨텍스트 (HTTP 헤더, 거래 정보 호출자가 채워서 전달)
*/
DerivedKey deriveKey(Map<String, String> params, Map<String, String> runtimeContext) throws Exception;
/**
* 캐시 키를 생성한다. 전략마다 어떤 runtimeContext 값이 키를 결정하는지 다르다.
*
* @param cryptoName 암호화모듈 이름
* @param params DB의 key_deriv_params
* @param runtimeContext 런타임 컨텍스트
*/
String buildCacheKey(String cryptoName, Map<String, String> params, Map<String, String> runtimeContext);
}
@@ -0,0 +1,40 @@
package com.eactive.eai.common.security.keyderiv.strategy;
import java.util.Map;
import javax.crypto.SecretKey;
import com.eactive.eai.common.hsm.HsmCryptoService;
import com.eactive.eai.common.hsm.HsmException;
import com.eactive.eai.common.security.keyderiv.KeyDerivationStrategy;
import com.eactive.eai.common.util.ApplicationContextProvider;
/**
* HSM 마스터키를 이용하는 전략 클래스들의 기본 클래스
*/
public abstract class BaseHsmKeyDerivationStrategy implements KeyDerivationStrategy {
protected static final String PARAM_HSM_KEY_ALIAS = "hsmKeyAlias";
protected byte[] getHsmKey(Map<String, String> params) throws HsmException {
String hsmKeyAlias = required(params, PARAM_HSM_KEY_ALIAS);
return getHsmKey(hsmKeyAlias);
}
protected byte[] getHsmKey(String hsmKeyAlias) throws HsmException {
SecretKey masterKey = hsmCryptoService().getSecretKey(hsmKeyAlias);
return masterKey.getEncoded();
}
private String required(Map<String, String> params, String key) {
String value = params.get(key);
if (value == null || value.trim().isEmpty()) {
throw new IllegalArgumentException("key_deriv_params 필수값 누락: " + key);
}
return value;
}
private HsmCryptoService hsmCryptoService() {
return ApplicationContextProvider.getContext().getBean(HsmCryptoService.class);
}
}
@@ -0,0 +1,65 @@
package com.eactive.eai.common.security.keyderiv.strategy;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.util.Map;
import javax.crypto.SecretKey;
import com.eactive.eai.common.hsm.HsmCryptoService;
import com.eactive.eai.common.security.keyderiv.DerivedKey;
import com.eactive.eai.common.security.keyderiv.KeyDerivationStrategy;
import com.eactive.eai.common.util.ApplicationContextProvider;
/**
* HSM 마스터키 + 런타임 컨텍스트값을 연결(concatenate) SHA-256 해싱으로 키를 도출하는 전략.
* SHA-256 출력은 항상 32바이트(AES-256)이므로 별도 keyLength 파라미터가 불필요하다.
*
* key_deriv_params (JSON) 예시:
* {
* "hsmKeyAlias" : "MASTER_KEY_AES",
* "contextKey" : "X-Api-Group-Seq" -- runtimeContext에서 꺼낼 이름
* }
*/
public class HsmContextSha256KeyDerivationStrategy implements KeyDerivationStrategy {
private static final String PARAM_HSM_KEY_ALIAS = "hsmKeyAlias";
private static final String PARAM_CONTEXT_KEY = "contextKey";
@Override
public DerivedKey deriveKey(Map<String, String> params, Map<String, String> runtimeContext) throws Exception {
String hsmKeyAlias = required(params, PARAM_HSM_KEY_ALIAS);
String contextKey = required(params, PARAM_CONTEXT_KEY);
SecretKey masterKey = hsmCryptoService().getSecretKey(hsmKeyAlias);
byte[] masterKeyBytes = masterKey.getEncoded();
byte[] contextBytes = runtimeContext.getOrDefault(contextKey, "")
.getBytes(StandardCharsets.UTF_8);
byte[] combined = new byte[masterKeyBytes.length + contextBytes.length];
System.arraycopy(masterKeyBytes, 0, combined, 0, masterKeyBytes.length);
System.arraycopy(contextBytes, 0, combined, masterKeyBytes.length, contextBytes.length);
byte[] derived = MessageDigest.getInstance("SHA-256").digest(combined);
return new DerivedKey(derived, derived);
}
@Override
public String buildCacheKey(String cryptoName, Map<String, String> params, Map<String, String> runtimeContext) {
String contextKey = params.getOrDefault(PARAM_CONTEXT_KEY, "");
String contextValue = runtimeContext.getOrDefault(contextKey, "");
return cryptoName + ":" + contextValue;
}
private String required(Map<String, String> params, String key) {
String value = params.get(key);
if (value == null || value.trim().isEmpty()) {
throw new IllegalArgumentException("key_deriv_params 필수값 누락: " + key);
}
return value;
}
private HsmCryptoService hsmCryptoService() {
return ApplicationContextProvider.getContext().getBean(HsmCryptoService.class);
}
}
@@ -0,0 +1,80 @@
package com.eactive.eai.common.security.keyderiv.strategy;
import java.util.Arrays;
import java.util.Map;
import javax.crypto.SecretKey;
import com.eactive.eai.common.hsm.HsmCryptoService;
import com.eactive.eai.common.security.keyderiv.DerivedKey;
import com.eactive.eai.common.security.keyderiv.KeyDerivationStrategy;
import com.eactive.eai.common.util.ApplicationContextProvider;
/**
* HSM 마스터키 + 런타임 컨텍스트값 XOR 조합으로 키를 도출하는 전략.
*
* key_deriv_params (JSON) 예시:
* {
* "hsmKeyAlias" : "MASTER_KEY_AES",
* "contextKey" : "X-Api-Enc-Key", -- runtimeContext에서 꺼낼 이름
* "offset" : "0", -- contextKey 사용할 시작 위치 (byte)
* "length" : "16" -- contextKey 사용할 길이 (byte)
* }
*/
public class HsmContextXorKeyDerivationStrategy implements KeyDerivationStrategy {
/** DB key_deriv_strategy 컬럼에 사용하는 FQCN 참조용 상수. */
public static final String STRATEGY_CLASS = HsmContextXorKeyDerivationStrategy.class.getName();
private static final String PARAM_HSM_KEY_ALIAS = "hsmKeyAlias";
private static final String PARAM_CONTEXT_KEY = "contextKey";
private static final String PARAM_OFFSET = "offset";
private static final String PARAM_LENGTH = "length";
@Override
public DerivedKey deriveKey(Map<String, String> params, Map<String, String> runtimeContext) throws Exception {
String hsmKeyAlias = required(params, PARAM_HSM_KEY_ALIAS);
String contextKey = required(params, PARAM_CONTEXT_KEY);
int offset = Integer.parseInt(params.getOrDefault(PARAM_OFFSET, "0"));
int length = Integer.parseInt(required(params, PARAM_LENGTH));
SecretKey masterKey = hsmCryptoService().getSecretKey(hsmKeyAlias);
byte[] masterBytes = masterKey.getEncoded();
String contextValue = runtimeContext.getOrDefault(contextKey, "");
byte[] contextBytes = contextValue.getBytes("UTF-8");
byte[] derived = xor(masterBytes, contextBytes, offset, length);
return new DerivedKey(derived, derived);
}
@Override
public String buildCacheKey(String cryptoName, Map<String, String> params, Map<String, String> runtimeContext) {
String contextKey = params.getOrDefault(PARAM_CONTEXT_KEY, "");
String contextValue = runtimeContext.getOrDefault(contextKey, "");
return cryptoName + ":" + contextValue;
}
private byte[] xor(byte[] masterBytes, byte[] contextBytes, int offset, int length) {
byte[] derived = Arrays.copyOf(masterBytes, masterBytes.length);
for (int i = 0; i < length && i < derived.length; i++) {
int contextIdx = offset + i;
if (contextIdx < contextBytes.length) {
derived[i] ^= contextBytes[contextIdx];
}
}
return derived;
}
private String required(Map<String, String> params, String key) {
String value = params.get(key);
if (value == null || value.trim().isEmpty()) {
throw new IllegalArgumentException("key_deriv_params 필수값 누락: " + key);
}
return value;
}
private HsmCryptoService hsmCryptoService() {
return ApplicationContextProvider.getContext().getBean(HsmCryptoService.class);
}
}
@@ -0,0 +1,24 @@
package com.eactive.eai.common.security.keyderiv.strategy;
import java.util.Map;
import com.eactive.eai.common.security.keyderiv.DerivedKey;
/**
* HSM 마스터키를 사용하는 전략
*
* key_deriv_params (JSON) 예시: { "hsmKeyAlias" : "MASTER_KEY_AES"}
*/
public class HsmKeyDerivationStrategy extends BaseHsmKeyDerivationStrategy {
@Override
public DerivedKey deriveKey(Map<String, String> params, Map<String, String> runtimeContext) throws Exception {
byte[] masterKeyBytes = super.getHsmKey(params);
return new DerivedKey(masterKeyBytes, masterKeyBytes);
}
@Override
public String buildCacheKey(String cryptoName, Map<String, String> params, Map<String, String> runtimeContext) {
return cryptoName;
}
}
@@ -0,0 +1,30 @@
package com.eactive.eai.common.security.keyderiv.strategy;
import java.security.MessageDigest;
import java.util.Map;
import com.eactive.eai.common.security.keyderiv.DerivedKey;
/**
* HSM 마스터키를 SHA-256 해싱으로 키를 도출하는 전략.
* SHA-256 출력은 항상 32바이트(AES-256)이므로 별도 keyLength 파라미터가 불필요하다.
*
* key_deriv_params (JSON) 예시:
* {
* "hsmKeyAlias" : "MASTER_KEY_AES"
* }
*/
public class HsmSha256KeyDerivationStrategy extends BaseHsmKeyDerivationStrategy {
@Override
public DerivedKey deriveKey(Map<String, String> params, Map<String, String> runtimeContext) throws Exception {
byte[] masterKeyBytes = super.getHsmKey(params);
byte[] derived = MessageDigest.getInstance("SHA-256").digest(masterKeyBytes);
return new DerivedKey(derived, derived);
}
@Override
public String buildCacheKey(String cryptoName, Map<String, String> params, Map<String, String> runtimeContext) {
return cryptoName;
}
}
@@ -0,0 +1,19 @@
package com.eactive.eai.common.security.mapper;
import org.mapstruct.InheritInverseConfiguration;
import org.mapstruct.Mapper;
import org.mapstruct.ReportingPolicy;
import com.eactive.eai.common.security.CryptoModuleConfigVO;
import com.eactive.eai.data.entity.onl.security.CryptoModuleConfig;
import com.eactive.eai.data.mapper.GenericMapper;
@Mapper(componentModel = "spring", unmappedTargetPolicy = ReportingPolicy.IGNORE)
public interface CryptoModuleConfigMapper extends GenericMapper<CryptoModuleConfigVO, CryptoModuleConfig> {
@Override
CryptoModuleConfigVO toVo(CryptoModuleConfig entity);
@InheritInverseConfiguration
CryptoModuleConfig toEntity(CryptoModuleConfigVO vo);
}
@@ -1,5 +1,10 @@
package com.eactive.eai.common.session;
import java.util.function.Function;
import java.util.function.Supplier;
import org.apache.ignite.IgniteCache;
import com.eactive.eai.authserver.service.BearerTokenInfo;
import com.eactive.eai.common.lifecycle.Lifecycle;
import com.eactive.eai.common.lifecycle.LifecycleException;
@@ -11,6 +16,7 @@ import com.eactive.eai.common.server.EAIServerManager;
import com.eactive.eai.common.server.EAIServerVO;
import com.eactive.eai.common.sessioninfo.TerminalInfoVO;
import com.eactive.eai.common.util.Logger;
import com.openbanking.eai.common.token.AccessTokenVO;
/**
* 1. 기능 :
@@ -60,6 +66,7 @@ public abstract class SessionManager implements Lifecycle {
public static final String WEBSOCKER_CAHCE_NAME = "webSocketTimeout";
public static final String TERMINAL_CAHCE_NAME = "terminalSession";
public static final String CAGATEWAY_TOKEN_CACHE_NAME = "CAGatewayToken";
public static final String OUTBOUND_ACCESS_TOKEN_CACHE_NAME = "OutBoundAccessToken";
public static final String SESSION_MANAGER_GROUPNAME = "RMIInfo";
public static final String SESSION_MANAGER_CACHETYPE = "cacheType";
@@ -204,6 +211,13 @@ public abstract class SessionManager implements Lifecycle {
public abstract void removeCAToken(String key);
//Outbound Access Token Cache
public abstract AccessTokenVO getOutboundAccessToken(String key, Function<AccessTokenVO, AccessTokenVO> getNewToken);
public abstract void removeOutboundAccessToken(String key);
public abstract void clearOutboundAccessToken();
// HTTP Cache
public abstract SessionVO getHttpLogin(String key);
@@ -245,4 +259,5 @@ public abstract class SessionManager implements Lifecycle {
public abstract void closeManager();
public abstract String getCacheStatus();
}
@@ -2,6 +2,8 @@ package com.eactive.eai.common.session;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import java.util.function.Supplier;
import com.eactive.eai.authserver.service.BearerTokenInfo;
import com.eactive.eai.common.ehcache.CustomRMICacheReplicatorFactory;
@@ -14,6 +16,7 @@ import com.eactive.eai.common.sessioninfo.TerminalInfoDAO;
import com.eactive.eai.common.sessioninfo.TerminalInfoVO;
import com.eactive.eai.common.util.ApplicationContextProvider;
import com.eactive.eai.util.HealthCheckManager;
import com.openbanking.eai.common.token.AccessTokenVO;
import net.sf.ehcache.Cache;
import net.sf.ehcache.CacheException;
@@ -937,4 +940,19 @@ public class SessionManagerForEhcache extends SessionManager {
public void removeCAToken(String key) {
throw new UnsupportedOperationException();
}
@Override
public AccessTokenVO getOutboundAccessToken(String key, Function<AccessTokenVO, AccessTokenVO> getNewToken) {
throw new UnsupportedOperationException();
}
@Override
public void removeOutboundAccessToken(String key) {
throw new UnsupportedOperationException();
}
@Override
public void clearOutboundAccessToken() {
throw new UnsupportedOperationException();
}
}
@@ -4,6 +4,10 @@ import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.Lock;
import java.util.function.BiConsumer;
import java.util.function.Function;
import java.util.function.Supplier;
import javax.cache.Cache;
import javax.cache.configuration.Factory;
@@ -54,6 +58,7 @@ import com.eactive.eai.common.util.ApplicationContextProvider;
import com.eactive.eai.common.worker.Future;
import com.eactive.eai.common.worker.ResponseMap;
import com.eactive.eai.util.HealthCheckManager;
import com.openbanking.eai.common.token.AccessTokenVO;
import ch.qos.logback.classic.Level;
@@ -66,6 +71,8 @@ import ch.qos.logback.classic.Level;
//------------------------------------------------------------------------------------
public class SessionManagerForIgnite extends SessionManager {
private static final String DISTRIBUTED_TOKEN_LOCK = "DISTRIBUTED_TOKEN_LOCK";
// evictMaster Instance - single socket 관련
private static IgniteCache<String, String> evictMasterCache = null;
// Socket Session cache 정보
@@ -76,8 +83,11 @@ public class SessionManagerForIgnite extends SessionManager {
private static IgniteCache<String, CacheStoreObject> cacheStore = null;
// CA Gateway Token 관리용
private static IgniteCache<String, BearerTokenInfo> cacheCAToken = null;
// OutboundAccessToekn 관리용
private static IgniteCache<String, AccessTokenVO> cacheOutBoundAccessToken = null;
// webSocket Login cache 정보
private static IgniteCache<String, SessionVO> cacheLogin = null; // key = loginId
private static IgniteCache<String, String> cacheConvertUserId = null; // 단말ID userID로 변경
// HTTP Polling 대한 timeout 관리용
private static IgniteCache<String, SessionVO> httpLogin = null; // key == uuid
@@ -392,6 +402,7 @@ public class SessionManagerForIgnite extends SessionManager {
caches.add(initCache(config, sessionTimeout, bootstrapAsynchronously, USERID_CAHCE_NAME, 20000, false));
caches.add(initCache(config, webSocketTimeout, bootstrapAsynchronously, WEBSOCKER_CAHCE_NAME, 20000, false));
caches.add(initCache(config, sessionTimeout, bootstrapAsynchronously, TERMINAL_CAHCE_NAME, 20000, false));
caches.add(initCache(config, 0, bootstrapAsynchronously, OUTBOUND_ACCESS_TOKEN_CACHE_NAME, 1000, false, true)); // transactionMode true
caches.add(initCache(config, 0, bootstrapAsynchronously, CAGATEWAY_TOKEN_CACHE_NAME, 1000, false));
config.setCacheConfiguration(caches.stream().toArray(CacheConfiguration[]::new));
@@ -421,6 +432,7 @@ public class SessionManagerForIgnite extends SessionManager {
cacheTopic = manager.cache(TOPIC_CAHCE_NAME);
cacheStore = manager.cache(STORE_CAHCE_NAME);
cacheCAToken = manager.cache(CAGATEWAY_TOKEN_CACHE_NAME);
cacheOutBoundAccessToken = manager.cache(OUTBOUND_ACCESS_TOKEN_CACHE_NAME);
cacheLogin = manager.cache(LOGIN_CAHCE_NAME);
httpLogin = manager.cache(HTTP_CAHCE_NAME);
@@ -428,49 +440,56 @@ public class SessionManagerForIgnite extends SessionManager {
cacheWebSocketTimeout = manager.cache(WEBSOCKER_CAHCE_NAME);
cacheTerminal = manager.cache(TERMINAL_CAHCE_NAME);
}
private CacheConfiguration initCache(IgniteConfiguration config, int expiryDurationSecs,
String bootstrapAsynchronously, String name, int maxsize, boolean useCacheWriteModeAsync,
boolean transactionMode) {
if (logger.isDebug()) {
logger.debug(logPrefix + " create " + name + " cache expiryDurationSecs=" + expiryDurationSecs);
}
// near-cache
NearCacheConfiguration nearConfiguration = new NearCacheConfiguration();
LruEvictionPolicy nearEvictionPolicy = new LruEvictionPolicy();
nearEvictionPolicy.setMaxSize(maxsize);
nearConfiguration.setNearEvictionPolicy(nearEvictionPolicy);
CacheConfiguration cacheConfig = new CacheConfiguration(name);
cacheConfig.setCacheMode(CacheMode.PARTITIONED);
// ATOMIC,TRANSACTIONAL
if (transactionMode) {
cacheConfig.setAtomicityMode(CacheAtomicityMode.TRANSACTIONAL);
} else {
cacheConfig.setAtomicityMode(CacheAtomicityMode.ATOMIC);
}
// Set the number of backups (replicas) for each partition : default(0)
cacheConfig.setBackups(1);
// Enable reading from backups to improve read consistency : default(true)
cacheConfig.setReadFromBackup(true);
// FULL_SYNC/FULL_ASYNC/PRIMARY_SYNC(default)
if (useCacheWriteModeAsync) {
cacheConfig.setWriteSynchronizationMode(CacheWriteSynchronizationMode.FULL_ASYNC);
} else {
// cacheConfig.setWriteSynchronizationMode(CacheWriteSynchronizationMode.FULL_SYNC);
cacheConfig.setWriteSynchronizationMode(CacheWriteSynchronizationMode.PRIMARY_SYNC);
}
if (expiryDurationSecs > 0) {
cacheConfig.setExpiryPolicyFactory(
ModifiedExpiryPolicy.factoryOf(new Duration(TimeUnit.SECONDS, expiryDurationSecs)));
} else {
cacheConfig.setExpiryPolicyFactory(ModifiedExpiryPolicy.factoryOf(Duration.ETERNAL));
}
cacheConfig.setNearConfiguration(nearConfiguration);
return cacheConfig;
}
private CacheConfiguration initCache(IgniteConfiguration config, int expiryDurationSecs, String bootstrapAsynchronously,
String name, int maxsize, boolean useCacheWriteModeAsync) {
if (logger.isDebug()) {
logger.debug(logPrefix + " create " + name + " cache expiryDurationSecs=" + expiryDurationSecs);
}
// near-cache
NearCacheConfiguration nearConfiguration = new NearCacheConfiguration();
LruEvictionPolicy nearEvictionPolicy = new LruEvictionPolicy();
nearEvictionPolicy.setMaxSize(maxsize);
nearConfiguration.setNearEvictionPolicy(nearEvictionPolicy);
CacheConfiguration cacheConfig = new CacheConfiguration(name);
// REPLICATED,PARTITIONED(default)
// cacheConfig.setCacheMode(CacheMode.REPLICATED);
cacheConfig.setCacheMode(CacheMode.PARTITIONED);
// ATOMIC,TRANSACTIONAL
cacheConfig.setAtomicityMode(CacheAtomicityMode.ATOMIC);
// Set the number of backups (replicas) for each partition : default(0)
cacheConfig.setBackups(1);
// Enable reading from backups to improve read consistency : default(true)
cacheConfig.setReadFromBackup(true);
// FULL_SYNC/FULL_ASYNC/PRIMARY_SYNC(default)
if (useCacheWriteModeAsync) {
cacheConfig.setWriteSynchronizationMode(CacheWriteSynchronizationMode.FULL_ASYNC);
} else {
// cacheConfig.setWriteSynchronizationMode(CacheWriteSynchronizationMode.FULL_SYNC);
cacheConfig.setWriteSynchronizationMode(CacheWriteSynchronizationMode.PRIMARY_SYNC);
}
if(expiryDurationSecs > 0) {
cacheConfig
.setExpiryPolicyFactory(ModifiedExpiryPolicy.factoryOf(new Duration(TimeUnit.SECONDS, expiryDurationSecs)));
}
else {
cacheConfig
.setExpiryPolicyFactory( ModifiedExpiryPolicy.factoryOf(Duration.ETERNAL) );
}
cacheConfig.setNearConfiguration(nearConfiguration);
return cacheConfig;
return initCache(config, expiryDurationSecs, bootstrapAsynchronously, name, maxsize, useCacheWriteModeAsync, false);
}
// WebSocket Login 관련
@@ -868,5 +887,114 @@ public class SessionManagerForIgnite extends SessionManager {
cacheCAToken.remove(key);
}
private void sleepQuietly(long millis) {
try {
Thread.sleep(millis);
} catch (InterruptedException e) {
// 인터럽트 상태 복구 (중요)
Thread.currentThread().interrupt();
}
}
public AccessTokenVO getOutboundAccessToken(String key, Function<AccessTokenVO, AccessTokenVO> tokenSupplier) {
// 1. 먼저 캐시에서 조회 ( 없이 빠르게)
AccessTokenVO token = cacheOutBoundAccessToken.get(key);
// 2. 만료되었거나 없다면 획득 시도
if (token == null || token.isExpired()) {
Lock lock = cacheOutBoundAccessToken.lock(DISTRIBUTED_TOKEN_LOCK); // Ignite 분산
boolean acquired = false;
try {
logger.debug("calling func getOutboundAccessToken = distributed ignite trylock");
acquired = lock.tryLock(60, TimeUnit.SECONDS);
if ( acquired ) {
logger.debug("calling func getOutboundAccessToken = distributed ignite trylock success=>"+acquired);
// 3. 획득 다시 확인 ( 사이 다른 인스턴스가 갱신했을 있음)
token = cacheOutBoundAccessToken.get(key);
logger.debug(String.format("getting token in ignite=%s", token));
if (token == null || token.isExpired()) {
// 4. 실제로 비어있을 때만 외부 API 호출 (I/O 발생)
token = tokenSupplier.apply(token);
logger.debug(String.format("getting token is null or expired borrow new token =%s", token));
cacheOutBoundAccessToken.put(key, token);
}
}
else
{
logger.debug("calling func getOutboundAccessToken = distributed ignite trylock fail=>"+acquired);
}
}catch(Throwable e) {
logger.error("occuring exception in getOutboundAccessToken", e);
}finally {
try {
if( acquired ) {
lock.unlock();
logger.debug("calling func getOutboundAccessToken = distributed ignite unlock");
}
}catch(Throwable e) {
logger.error("occuring exception in getOutboundAccessToken unlock fail.", e);
}
}
}
return token;
}
@Override
public void removeOutboundAccessToken(String key) {
Lock lock = cacheOutBoundAccessToken.lock(DISTRIBUTED_TOKEN_LOCK); // Ignite 분산
boolean acquired = false;
try {
logger.debug("calling func removeOutboundAccessToken = distributed ignite trylock");
acquired = lock.tryLock(60, TimeUnit.SECONDS);
if( acquired ) {
if (logger.isDebug()) {
logger.debug("calling func getOutboundAccessToken = distributed ignite trylock success=>"
+ acquired);
logger.debug("calling func removeOutboundAccessToken Remove OutBoundAccessToken key - " + key);
}
cacheOutBoundAccessToken.remove(key);
}else {
logger.debug("calling func getOutboundAccessToken = distributed ignite trylock fail=>"+acquired);
}
} catch (Throwable e) {
logger.error("occuring exception in removeOutboundAccessToken", e);
} finally {
try {
if (acquired) {
lock.unlock();
logger.debug("calling func removeOutboundAccessToken = distributed ignite unlock");
}
} catch (Throwable e) {
logger.error("occuring exception in removeOutboundAccessToken unlock fail.", e);
}
}
}
@Override
public void clearOutboundAccessToken() {
}
}
@@ -21,6 +21,10 @@ import org.apache.commons.lang3.StringUtils;
public class HttpAdapterExtraLogUtil {
static Logger logger = Logger.getLogger(Logger.LOGGER_DEFAULT);
public static boolean isHttpHeaderMode() {
return StringUtils.equals(System.getProperty("use.http.header.log", "n"), "y");
}
public static void insertHttpAdapterExtraLog(String guid, int serviceProcessNumber, String adapterGroupName, String adapterName, Map<Object, Object> headers, String url, String httpMethod){
insertHttpAdapterExtraLog(guid, serviceProcessNumber, adapterGroupName, adapterName, headers, url, httpMethod, 0);
@@ -68,6 +72,9 @@ public class HttpAdapterExtraLogUtil {
}
httpAdapterExtraLogVo.setHeaderList(headerVoList);
httpAdapterExtraLogVo.setHttpStatus(httpStatus);
logger.debug("[{}] Insert HTTP Log. - {}", guid, httpAdapterExtraLogVo);
if(ElinkConfig.isUseAsyncLogging()) {
AsyncHttpLoggingPoolManager.getInstance().publish(httpAdapterExtraLogVo);
} else {
@@ -0,0 +1,440 @@
package com.eactive.eai.common.util;
import java.util.Arrays;
/**
* 보안아키텍처 마스킹 정책 구현 유틸리티
*
* <pre>
* [고유식별정보]
* 주민등록번호 123456-1234567 123456-1******
* 운전면허번호 제주-22-300001-50 제주-22-3*****-**
* 여권번호 M12345678 M1234****
* 외국인등록번호 123456-5234567 123456-5******
*
* [금융식별정보]
* 계좌번호 99-912345-1 99-9*-*****1
* 카드번호 4518-4212-3456-1234 4518-42**-****-1234
* 유효기간 12/25 **&#47;**
* CVV 123 ***
*
* [인증정보]
* 비밀번호 password ********
*
* [신상정보]
* 전화번호 064-1234-5678 064-12**-56**
* 이메일 aajjbacc@shinhan.com **jjba**@shinhan.com
* 한글 성명 홍길동 *
* 영문 성명 GILDONG HONG ******* HONG
* 지번주소 제주특별자치도 제주시 연동 123번지, 101동 202호 제주특별자치도 제주시 연동 ***번지, **** ****
* 도로명주소 제주특별자치도 제주시 은남2길 5, 101동 202호 제주특별자치도 제주시 은남** ***, **** ****
*
* [온라인 정보]
* IPv4 100.200.123.45 100.200.***.45
* IPv6 21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A 21DA:00D3:0000:2F3B:02AA:00FF:FE28:****
* </pre>
*/
public final class MaskingUtils {
private static final char MASK = '*';
private MaskingUtils() {}
// =========================================================================
// 고유식별정보
// =========================================================================
/**
* 주민등록번호 마스킹: 6자리 마스킹
* <pre>123456-1234567 123456-1******</pre>
*/
public static String maskResidentNumber(String value) {
if (value == null || value.isEmpty()) return value;
int idx = value.indexOf('-');
if (idx < 0) {
return maskTailChars(value, 6);
}
// 하이픈 + 성별 1자리까지 노출, 이후 6자리 마스킹
String front = value.substring(0, Math.min(idx + 2, value.length()));
return front + stars(6);
}
/**
* 운전면허번호 마스킹: 뒤에서부터 숫자 7자리 마스킹
* <pre>제주-22-300001-50 제주-22-3*****-**</pre>
*/
public static String maskDriverLicense(String value) {
if (value == null || value.isEmpty()) return value;
char[] chars = value.toCharArray();
int digitCount = 0;
for (int i = chars.length - 1; i >= 0 && digitCount < 7; i--) {
if (Character.isDigit(chars[i])) {
chars[i] = MASK;
digitCount++;
}
}
return new String(chars);
}
/**
* 여권번호 마스킹: 뒤에서부터 4자리 마스킹
* <pre>M12345678 M1234****</pre>
*/
public static String maskPassport(String value) {
if (value == null || value.isEmpty()) return value;
return maskTailChars(value, 4);
}
/**
* 외국인등록번호 마스킹: 6자리 마스킹 (주민등록번호와 동일)
* <pre>123456-5234567 123456-5******</pre>
*/
public static String maskForeignerNumber(String value) {
return maskResidentNumber(value);
}
// =========================================================================
// 금융식별정보
// =========================================================================
/**
* 계좌번호 마스킹: 3자리, 마지막 1자리만 노출
* <pre>99-912345-1 99-9*-*****1</pre>
*/
public static String maskAccountNumber(String value) {
if (value == null || value.isEmpty()) return value;
String digitsOnly = value.replaceAll("[^0-9]", "");
int totalDigits = digitsOnly.length();
if (totalDigits <= 4) return value;
char[] chars = value.toCharArray();
int digitIdx = 0;
for (int i = 0; i < chars.length; i++) {
if (Character.isDigit(chars[i])) {
digitIdx++;
// 4번째 자리부터 마지막 자리 직전까지 마스킹
if (digitIdx > 3 && digitIdx < totalDigits) {
chars[i] = MASK;
}
}
}
return new String(chars);
}
/**
* 카드번호 마스킹: PCI-DSS 기준 7~12번째 숫자 자리 마스킹
* <pre>4518-4212-3456-1234 4518-42**-****-1234</pre>
*/
public static String maskCardNumber(String value) {
if (value == null || value.isEmpty()) return value;
char[] chars = value.toCharArray();
int digitIdx = 0;
for (int i = 0; i < chars.length; i++) {
if (Character.isDigit(chars[i])) {
digitIdx++;
if (digitIdx >= 7 && digitIdx <= 12) {
chars[i] = MASK;
}
}
}
return new String(chars);
}
/**
* 카드 유효기간 마스킹: / 모두 마스킹
* <pre>12/25 **&#47;**</pre>
*/
public static String maskCardExpiry(String value) {
if (value == null || value.isEmpty()) return value;
return value.replaceAll("[0-9]", String.valueOf(MASK));
}
/**
* CVV 마스킹: 3자리 전체 마스킹
* <pre>123 ***</pre>
*/
public static String maskCvv(String value) {
if (value == null || value.isEmpty()) return value;
return stars(value.length());
}
// =========================================================================
// 인증정보
// =========================================================================
/**
* 비밀번호 마스킹: 전체 자리 마스킹
* <pre>password1234 ************</pre>
*/
public static String maskPassword(String value) {
if (value == null || value.isEmpty()) return value;
return stars(value.length());
}
// =========================================================================
// 신상정보
// =========================================================================
/**
* 전화번호/FAX 마스킹: 가운데 2자리, 뒷자리 2자리 마스킹
* 하이픈 없는 형식은 자릿수·접두사 기반으로 세그먼트를 분리한 마스킹하고 하이픈 없이 반환
* <pre>
* 064-1234-5678 064-12**-56**
* 06412345678 0641234**56**
* 01012345678 01012**56**
* </pre>
*/
public static String maskPhoneNumber(String value) {
if (value == null || value.isEmpty()) return value;
boolean hasHyphen = value.contains("-");
String normalized = hasHyphen ? value : normalizePhoneNumber(value);
String[] parts = normalized.split("-");
if (parts.length == 3) {
String m0 = parts[0];
String m1 = maskSegmentTail(parts[1], 2);
String m2 = maskSegmentTail(parts[2], 2);
return hasHyphen ? m0 + "-" + m1 + "-" + m2 : m0 + m1 + m2;
}
return value;
}
/**
* 한국 전화번호(숫자만) XXX-XXXX-XXXX 형식으로 정규화
* <pre>
* 02 + 7자리 02-XXX-XXXX
* 02 + 8자리 02-XXXX-XXXX
* 0XX + 7자리 0XX-XXX-XXXX
* 0XX + 8자리 0XX-XXXX-XXXX
* </pre>
*/
private static String normalizePhoneNumber(String digits) {
int len = digits.length();
if (digits.startsWith("02")) {
if (len == 9) return digits.substring(0, 2) + "-" + digits.substring(2, 5) + "-" + digits.substring(5);
if (len == 10) return digits.substring(0, 2) + "-" + digits.substring(2, 6) + "-" + digits.substring(6);
} else if (digits.startsWith("0")) {
if (len == 10) return digits.substring(0, 3) + "-" + digits.substring(3, 6) + "-" + digits.substring(6);
if (len == 11) return digits.substring(0, 3) + "-" + digits.substring(3, 7) + "-" + digits.substring(7);
}
return digits;
}
/**
* 휴대폰 번호 마스킹: 가운데 2자리, 뒷자리 2자리 마스킹
* <pre>010-1234-5678 010-12**-56**</pre>
*/
public static String maskMobileNumber(String value) {
return maskPhoneNumber(value);
}
/**
* 이메일 마스킹: 2자리와 @ 2자리 마스킹
* <pre>aajjbacc@shinhan.com **jjba**@shinhan.com</pre>
*/
public static String maskEmail(String value) {
if (value == null || value.isEmpty() || !value.contains("@")) return value;
int atIdx = value.indexOf('@');
String local = value.substring(0, atIdx);
String domain = value.substring(atIdx);
if (local.length() <= 4) {
return stars(local.length()) + domain;
}
return stars(2) + local.substring(2, local.length() - 2) + stars(2) + domain;
}
/**
* 한글/한자 성명 마스킹
* <pre>
* 2자: 1자리 마스킹 홍동 *
* 3자: 가운데 1자리 마스킹 홍길동 *
* 4자 이상: 앞뒤 1자 제외한 가운데 전체 마스킹 홍길순동 **
* </pre>
*/
public static String maskKoreanName(String value) {
if (value == null || value.isEmpty()) return value;
int len = value.length();
if (len == 1) return value;
if (len == 2) {
return String.valueOf(value.charAt(0)) + MASK;
}
if (len == 3) {
return String.valueOf(value.charAt(0)) + MASK + value.charAt(2);
}
// 4자 이상: + 가운데 전체 마스킹 + 마지막
return String.valueOf(value.charAt(0)) + stars(len - 2) + value.charAt(len - 1);
}
/**
* 영문 성명 마스킹: (last name) 노출, 이름(first name) 마스킹
* <pre>GILDONG HONG ******* HONG</pre>
* (마지막 공백 구분 토큰이 (last name)으로 간주)
*/
public static String maskEnglishName(String value) {
if (value == null || value.isEmpty()) return value;
String[] parts = value.trim().split("\\s+");
if (parts.length == 1) return value;
StringBuilder sb = new StringBuilder();
for (int i = 0; i < parts.length - 1; i++) {
if (i > 0) sb.append(' ');
sb.append(stars(parts[i].length()));
}
sb.append(' ').append(parts[parts.length - 1]);
return sb.toString();
}
/**
* 지번주소 마스킹: 번지 이하 주소 마스킹 (String.length() 보존)
* <pre>
* 제주특별자치도 제주시 연동 123번지, 101동 202호 제주특별자치도 제주시 연동 ***번지, **** ****
* </pre>
*/
public static String maskJibunAddress(String value) {
if (value == null || value.isEmpty()) return value;
// 번지 숫자 자릿수 보존 마스킹
String result = maskDigitsBefore(value, "번지");
// 쉼표 이후 상세주소 마스킹 (공백 유지, 자릿수 보존)
int commaIdx = result.indexOf(',');
if (commaIdx >= 0) {
String after = result.substring(commaIdx + 1);
result = result.substring(0, commaIdx + 1) + after.replaceAll("[^\\s]", String.valueOf(MASK));
}
return result;
}
/**
* 도로명주소 마스킹: 도로명 번호 번지 이하 마스킹 (String.length() 보존)
* <pre>
* 제주특별자치도 제주시 은남2길 5, 101동 202호 제주특별자치도 제주시 은남* *, **** ****
* </pre>
*/
public static String maskRoadAddress(String value) {
if (value == null || value.isEmpty()) return value;
// 도로명 번호 자릿수 보존 마스킹 ( suffix 먼저 처리)
String result = maskDigitsBefore(value, "대로");
result = maskDigitsBefore(result, "번길");
result = maskDigitsBefore(result, "");
result = maskDigitsBefore(result, "");
// 도로명 번호 자릿수 보존 마스킹
result = maskDigitsAfter(result, "대로");
result = maskDigitsAfter(result, "번길");
result = maskDigitsAfter(result, "");
result = maskDigitsAfter(result, "");
// 쉼표 이후 상세주소 마스킹 (공백 유지, 자릿수 보존)
int commaIdx = result.indexOf(',');
if (commaIdx >= 0) {
String after = result.substring(commaIdx + 1);
result = result.substring(0, commaIdx + 1) + after.replaceAll("[^\\s]", String.valueOf(MASK));
}
return result;
}
// =========================================================================
// 온라인 정보
// =========================================================================
/**
* IPv4 마스킹: 3번째 옥텟(17~24 비트) 마스킹
* <pre>100.200.123.45 100.200.***.45</pre>
*/
public static String maskIpv4(String value) {
if (value == null || value.isEmpty()) return value;
String[] parts = value.split("\\.", -1);
if (parts.length != 4) return value;
return parts[0] + "." + parts[1] + "." + stars(3) + "." + parts[3];
}
/**
* IPv6 마스킹: 마지막 그룹(113~128 비트) 마스킹
* <pre>21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A 21DA:00D3:0000:2F3B:02AA:00FF:FE28:****</pre>
*/
public static String maskIpv6(String value) {
if (value == null || value.isEmpty()) return value;
int lastColon = value.lastIndexOf(':');
if (lastColon < 0) return value;
return value.substring(0, lastColon + 1) + stars(4);
}
/**
* IP 주소 마스킹: IPv4/IPv6 자동 판별, 쉼표 구분 다중 IP 지원
* <pre>
* 100.200.123.45 100.200.***.45
* 21DA:...FE28:9C5A 21DA:...FE28:****
* 192.168.1.1,10.0.0.1 192.168.***.1,10.0.***.1
* </pre>
*/
public static String maskIpAddress(String value) {
if (value == null || value.isEmpty()) return value;
String[] ips = value.split(",");
StringBuilder sb = new StringBuilder();
for (int i = 0; i < ips.length; i++) {
if (i > 0) sb.append(',');
String ip = ips[i].trim();
if (ip.contains(":")) {
sb.append(maskIpv6(ip));
} else {
sb.append(maskIpv4(ip));
}
}
return sb.toString();
}
// =========================================================================
// private helpers
// =========================================================================
private static String stars(int count) {
if (count <= 0) return "";
char[] arr = new char[count];
Arrays.fill(arr, MASK);
return new String(arr);
}
private static String maskTailChars(String value, int count) {
if (value.length() <= count) return stars(value.length());
return value.substring(0, value.length() - count) + stars(count);
}
private static String maskSegmentTail(String segment, int count) {
if (segment.length() <= count) return stars(segment.length());
return segment.substring(0, segment.length() - count) + stars(count);
}
/** keyword 바로 앞에 연속된 숫자를 동일 자릿수의 '*'로 마스킹 */
private static String maskDigitsBefore(String value, String keyword) {
StringBuilder sb = new StringBuilder(value);
int from = 0;
while (true) {
int kIdx = sb.indexOf(keyword, from);
if (kIdx < 0) break;
int end = kIdx;
int start = end;
while (start > 0 && Character.isDigit(sb.charAt(start - 1))) {
start--;
}
for (int i = start; i < end; i++) {
sb.setCharAt(i, MASK);
}
from = kIdx + keyword.length();
}
return sb.toString();
}
/** keyword 바로 뒤 공백 이후의 연속된 숫자를 동일 자릿수의 '*'로 마스킹 */
private static String maskDigitsAfter(String value, String keyword) {
StringBuilder sb = new StringBuilder(value);
int from = 0;
while (true) {
int kIdx = sb.indexOf(keyword, from);
if (kIdx < 0) break;
int pos = kIdx + keyword.length();
while (pos < sb.length() && sb.charAt(pos) == ' ') pos++;
int start = pos;
while (pos < sb.length() && Character.isDigit(sb.charAt(pos))) pos++;
for (int i = start; i < pos; i++) {
sb.setCharAt(i, MASK);
}
from = kIdx + keyword.length();
}
return sb.toString();
}
}
@@ -23,6 +23,7 @@ import org.w3c.dom.Document;
import com.eactive.eai.common.EAIKeys;
import com.eactive.eai.common.message.MessageType;
import com.eactive.eai.common.monitor.EAIServiceMonitor;
import com.eactive.eai.common.property.PropManager;
import com.eactive.eai.transformer.message.ISO8583Message;
import com.eactive.eai.transformer.message.ISO8583MessageFactory;
import com.eactive.eai.transformer.util.IConv;
@@ -35,7 +36,8 @@ public final class MessageUtil {
static Logger logger = LoggerFactory.getLogger(MessageUtil.class);
//public static final String ERROR_MESSAGE_DEFAULT_FORMAT = "{\"error\":{\"code\":\"%s\",\"message\":\"%s\"}}";
public static final String ERROR_MESSAGE_DEFAULT_FORMAT = "{\"code\":\"%s\",\"message\":\"%s\"}";
// public static final String ERROR_MESSAGE_DEFAULT_FORMAT = "{\"code\":\"%s\",\"message\":\"%s\"}";
public static final String ERROR_MESSAGE_DEFAULT_FORMAT = "{\"error\":\"%s\",\"error_description\":\"%s\"}";
public static final String ERROR_CODE_AP_ERROR = "E.GW.AP_ERROR";
public static final String ERROR_CODE_AUTH_FAIL = "E.GW.AUTH_FAIL";
@@ -516,7 +518,8 @@ public final class MessageUtil {
public static String makeJsonErrorMessage(String code, String msg, String errorFormat) {
if (StringUtils.isBlank(errorFormat)) {
errorFormat = ERROR_MESSAGE_DEFAULT_FORMAT;
errorFormat = PropManager.getInstance().getProperty("MessageUtil",
"ERROR_MESSAGE_DEFAULT_FORMAT", ERROR_MESSAGE_DEFAULT_FORMAT);
}
// errorFormat에 %s가 1개만 있으면 msg만, 2개 이상이면 code, msg 전달
@@ -0,0 +1,15 @@
package com.eactive.eai.common.util;
import java.util.Properties;
public class TxFileLogger {
public static void logTxFile(Properties transactionProp, String message, String prefix) {
Logger siftLogger = Logger.getLogger(Logger.LOGGER_SIFT);
if (siftLogger.isInfoEnabled()) {
siftLogger.info(prefix + message);
if (siftLogger.isDebugEnabled())
siftLogger.debug(CommonLib.getDumpMessage(message));
}
}
}
@@ -427,15 +427,15 @@ public class BaseFCProcess extends Process {
public void setGUID() throws Exception {
InterfaceMapper mapper = this.resEaiMsg.getMapper();
StandardMessage standardMessage = this.resEaiMsg.getStandardMessage();
String guid = mapper.getGuid(standardMessage);
String guidseq = mapper.getGuidSeq(standardMessage);
if (logger.isDebug())
logger.debug(guidLogPrefix + " REQ Current GUID [" + guid + "][" + guidseq + "]");
mapper.nextGuidSeq(standardMessage);
guidseq = mapper.getGuidSeq(standardMessage);
if (logger.isDebug())
logger.debug(guidLogPrefix + " REQ ADD PATHSEQ GUID [" + guid + "][" + guidseq + "]");
// String guid = mapper.getGuid(standardMessage);
// String guidseq = mapper.getGuidSeq(standardMessage);
//
// if (logger.isDebug())
// logger.debug(guidLogPrefix + " REQ Current GUID [" + guid + "][" + guidseq + "]");
// mapper.nextGuidSeq(standardMessage);
// guidseq = mapper.getGuidSeq(standardMessage);
// if (logger.isDebug())
// logger.debug(guidLogPrefix + " REQ ADD PATHSEQ GUID [" + guid + "][" + guidseq + "]");
String svcTsmtUsgTp = this.reqEaiMsg.getSvcTsmtUsgTp(); // 기동 호출방식
String psvItfTp = this.reqEaiMsg.getCurrentSvcMsg().getPsvItfTp(); // 수동 호출방식
@@ -4,6 +4,9 @@ import java.util.Calendar;
import java.util.Properties;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.eactive.eai.common.TransactionContextKeys;
import com.eactive.eai.common.context.ElinkTransactionContext;
import com.eactive.eai.common.util.*;
@@ -85,8 +88,8 @@ import java.util.Map;
public class RequestProcessor extends RequestProcessorSupport {
private static String instid = null;
private static String serverName = null;
protected static String instid = null;
protected static String serverName = null;
//private static boolean isPEAIServer = true;
static {
@@ -96,8 +99,10 @@ public class RequestProcessor extends RequestProcessorSupport {
//isPEAIServer = eaiServerManager.isPEAIServer();
instid = eaiServerManager.getGroupInstId();
}
private ProcessVO setVO(Properties prop,long msgRcvTm) throws RequestProcessorException{
protected static boolean httpHeaderLogMode = HttpAdapterExtraLogUtil.isHttpHeaderMode();
protected ProcessVO setVO(Properties prop,long msgRcvTm) throws RequestProcessorException{
String actionName = prop.getProperty(Processor.REQUEST_ACTION);
String adapterGroupName = prop.getProperty(Processor.ADAPTER_GROUP_NAME);
String adapterName = prop.getProperty(Processor.ADAPTER_NAME);
@@ -124,8 +129,8 @@ public class RequestProcessor extends RequestProcessorSupport {
String testMasterYn = adptGrpVO.getTestMasterYn();
// UUID 생성 : UUID에서 - 없는 32자리
String uuid = "";
uuid = UUIDGenerator.getUUID().toString().replaceAll("-", "");
String uuid = prop.getProperty(TransactionContextKeys.TRANSACTION_UUID);
uuid = uuid == null ? UUIDGenerator.getUUID().toString().replaceAll("-", "") : uuid;
// UUID 생성 : UUID = server구분4자리 + UUID
/*
String uuid = "";
@@ -363,6 +368,9 @@ public class RequestProcessor extends RequestProcessorSupport {
logUnknownMessage(vo,orgMessage);
throw new RequestProcessorException(vo.getRspErrorMsg());
}else {
// TODO : DJErp - 표준전문의 InterfaceID는 SEND_RECV_DIVISION, IN_EX_DIVISION 포함해야 할지에 따라 결정
// mapper.setInterfaceId(standardMessage, eaiSvcCd);
/**
* MCI Sync-Async 응답을 대표인터페이스로 구현하기 위해 추가
* 조건)MCI 거래 && 일반거래 && 응답 거래
@@ -422,12 +430,16 @@ public class RequestProcessor extends RequestProcessorSupport {
// INBOUND_HEADER NULL인 경우는 HTTP가 아닌것으로 간주함.
if(prop.get(HttpClientAdapterServiceKey.INBOUND_HEADER) != null) {
HttpAdapterExtraLogUtil.insertHttpAdapterExtraLog(vo.getUuid(), 100,
prop.getProperty(HttpClientAdapterServiceKey.ADAPTER_GROUP_NAME),
prop.getProperty(HttpClientAdapterServiceKey.ADAPTER_NAME),
(Properties) prop.get(HttpClientAdapterServiceKey.INBOUND_HEADER),
prop.getProperty(HttpClientAdapterServiceKey.INBOUND_EXTURI)+"?"+prop.getProperty(HttpClientAdapterServiceKey.INBOUND_EXTPARAMS),
prop.getProperty(HttpClientAdapterServiceKey.INBOUND_METHOD));
if (!httpHeaderLogMode) {
logger.info("httpHeader logging off - use.http.header.log");
} else {
HttpAdapterExtraLogUtil.insertHttpAdapterExtraLog(vo.getUuid(), 100,
prop.getProperty(HttpClientAdapterServiceKey.ADAPTER_GROUP_NAME),
prop.getProperty(HttpClientAdapterServiceKey.ADAPTER_NAME),
(Properties) prop.get(HttpClientAdapterServiceKey.INBOUND_HEADER),
prop.getProperty(HttpClientAdapterServiceKey.INBOUND_EXTURI)+"?"+prop.getProperty(HttpClientAdapterServiceKey.INBOUND_EXTPARAMS),
prop.getProperty(HttpClientAdapterServiceKey.INBOUND_METHOD));
}
}
EAIMessage eaiMsg = null;
@@ -1021,13 +1033,20 @@ public class RequestProcessor extends RequestProcessorSupport {
Bucket bucket = InflowControlUtil.getBucket();
String blockedType = "";
// Client 유량제어 체크 clientId가 있는 경우에만
String clientBlockedType = checkClientInflow(bucket, clientId);
if (clientBlockedType != null) {
blockedType += "C";
}
// Adapter 유량제어 체크
if (!bucket.isAdapterPass(vo.getAdapterGroupName())) {
String adapterBlockedType = checkAdapterInflow(bucket, vo.getAdapterGroupName());
if (adapterBlockedType != null) {
blockedType += "A";
}
// 그룹 우선, 없으면 인터페이스 유량제어 체크
String groupId = bucket.getGroupIdByInterface(vo.getEaiSvcCd());
String groupBlockedType = null;
String interfaceBlockedType = null;
if (groupId != null) {
// 그룹에 속한 인터페이스 그룹 유량제어 체크
groupBlockedType = bucket.isGroupPass(groupId);
@@ -1036,7 +1055,8 @@ public class RequestProcessor extends RequestProcessorSupport {
}
} else {
// 그룹에 속하지 않은 인터페이스 인터페이스 유량제어 체크
if (!bucket.isInterfacePass(vo.getEaiSvcCd())) {
interfaceBlockedType = checkInterfaceInflow(bucket, vo.getEaiSvcCd());
if (interfaceBlockedType != null) {
blockedType += "I";
}
}
@@ -1045,7 +1065,9 @@ public class RequestProcessor extends RequestProcessorSupport {
if (blockedType.length() > 0) {
InflowTargetVO inflowTargetVO = null;
InflowGroupVO inflowGroupVO = null;
if (blockedType.startsWith("A")) {
if (blockedType.startsWith("C")) {
inflowTargetVO = resolveClientInflowThreshold(bucket, clientId);
} else if (blockedType.startsWith("A")) {
inflowTargetVO = bucket.getAdapterInflowThreashold(vo.getAdapterGroupName());
} else if (blockedType.contains("G")) {
inflowGroupVO = bucket.getGroupInflowThreshold(groupId);
@@ -1066,7 +1088,11 @@ public class RequestProcessor extends RequestProcessorSupport {
inflowGroupVO.getThresholdTimeUnit());
}
} else if (inflowTargetVO != null) {
inflowErrorMsg = String.format("API 호출 한도 초과 [%s]", inflowTargetVO.getName());
String targetBlockedType;
if (blockedType.startsWith("C")) targetBlockedType = clientBlockedType;
else if (blockedType.startsWith("A")) targetBlockedType = adapterBlockedType;
else targetBlockedType = interfaceBlockedType;
inflowErrorMsg = buildInflowTargetErrorMsg(inflowTargetVO, targetBlockedType);
} else {
inflowErrorMsg = "API 호출 한도 초과";
}
@@ -1292,17 +1318,17 @@ public class RequestProcessor extends RequestProcessorSupport {
STDMessageKeys.SEND_RECV_CD_SEND.equals(returnType) ) {
try {
retEaiMsg.setLogPssSno(400);
String retGuid = mapper.getGuid(retEaiMsg.getStandardMessage());
String retGuidSeq = mapper.getGuidSeq(retEaiMsg.getStandardMessage());
String newGuid = retGuid + StringUtils.defaultString(StringUtils.leftPad(retGuidSeq, UUIDGenerator.GUID_SEQ_LENGTH, '0'));
mapper.setGuid(retEaiMsg.getStandardMessage(), newGuid);
// String retGuid = mapper.getGuid(retEaiMsg.getStandardMessage());
// String retGuidSeq = mapper.getGuidSeq(retEaiMsg.getStandardMessage());
// String newGuid = retGuid + StringUtils.defaultString(StringUtils.leftPad(retGuidSeq, UUIDGenerator.GUID_SEQ_LENGTH, '0'));
// mapper.setGuid(retEaiMsg.getStandardMessage(), newGuid);
mapper.setSendTime(retEaiMsg.getStandardMessage(), DatetimeUtil.getCurrentTimeMillis());
EAILogSender.send(retEaiMsg, null);
} catch(Exception e) {
vo.setRspErrorCode("RECEAIIRP100");
vo.setRspErrorMsg(ExceptionUtil.make(e, vo.getRspErrorCode(), new String[]{vo.getEaiSvcCd()} ));
if (logger.isError()) logger.error(guidLogPrefix + " : " + vo.getRspErrorMsg());
if (logger.isError()) logger.error(guidLogPrefix + " : " + vo.getRspErrorMsg(), e);
}
if (logger.isInfo()) logger.info(guidLogPrefix + " : LOG(" + eaiMsg.getLogPssSno() + ") EAIMessage : "+eaiMsg.getEAISvcCd());
}
@@ -1372,7 +1398,29 @@ public class RequestProcessor extends RequestProcessorSupport {
}
}
private String getInboundErrorResponse(Properties prop, StandardMessage standardMessage, InterfaceMapper mapper
// 클라이언트 유량제어 체크 기본 구현은 체크 없음, DJErpRequestProcessor가 오버라이드
protected String checkClientInflow(Bucket bucket, String clientId) {
return null;
}
protected InflowTargetVO resolveClientInflowThreshold(Bucket bucket, String clientId) {
return null;
}
// 어댑터/인터페이스 유량제어 체크 서브클래스에서 오버라이드하여 차단 원인(PER_SECOND/THRESHOLD) 반환 가능
protected String checkAdapterInflow(Bucket bucket, String adapterGroupName) {
return bucket.isAdapterPass(adapterGroupName) ? null : "BLOCKED";
}
protected String checkInterfaceInflow(Bucket bucket, String eaiSvcCd) {
return bucket.isInterfacePass(eaiSvcCd) ? null : "BLOCKED";
}
protected String buildInflowTargetErrorMsg(InflowTargetVO inflowTargetVO, String blockedType) {
return String.format("API 호출 한도 초과 [%s]", inflowTargetVO.getName());
}
protected String getInboundErrorResponse(Properties prop, StandardMessage standardMessage, InterfaceMapper mapper
, String errCode, String errMsg, String charset) {
String errorResponse = null;
@@ -1401,7 +1449,7 @@ public class RequestProcessor extends RequestProcessorSupport {
return errorResponse;
}
private String getInboundErrorResponseForStandard(StandardMessage standardMessage, InterfaceMapper mapper,
protected String getInboundErrorResponseForStandard(StandardMessage standardMessage, InterfaceMapper mapper,
String errCode, String errMsg, String charset, String messageType) {
mapper.nextGuidSeq(standardMessage);
mapper.setSendRecvDivision(standardMessage, STDMessageKeys.SEND_RECV_CD_RECV);
@@ -783,12 +783,15 @@ public class StandardItem implements Serializable, Cloneable {
if(p>0) sb.append(",");
sb.append("{");
while(keyIter.hasNext()) {
if(ai>0) sb.append(",");
String key = keyIter.next();
StandardItem item = group.get(key);
if(showPretty) sb.append("\n");
sb.append(item.toJson(showPretty, withBizData));
ai++;
String itemPart = item.toJson(showPretty, withBizData);
if(StringUtils.isNotEmpty(itemPart)) {
if(ai>0) sb.append(",");
if(showPretty) sb.append("\n");
sb.append(itemPart);
ai++;
}
}
if(showPretty) {
@@ -1020,20 +1023,15 @@ public class StandardItem implements Serializable, Cloneable {
totalSize += getLength();
break;
case StandardType.GROUP :
// skip variable group
if( getSize() == 0
//카카오뱅크 => 카카오카드 400응답시 아래 로직을 추가해야 전체건수에서 메시지부가 처리됨
//메시지부 size 0 refPath refValue 사용 해서 있고 없고 처리
&& (StringUtils.isBlank(getRefPath())
|| StringUtils.isBlank(getRefValue()))
) {
// skip inactive/conditional group (size==0 means not activated)
if( getSize() == 0 ) {
break;
}
if (isHidden) break;
keyIter = childs.keySet().iterator();
while(keyIter.hasNext()) {
String key = keyIter.next();
StandardItem item = childs.get(key);
StandardItem item = childs.get(key);
totalSize +=item.getBytesDataLength(charset);
}
break;
@@ -1120,20 +1118,15 @@ public class StandardItem implements Serializable, Cloneable {
}
break;
case StandardType.GROUP :
// skip variable group
if( getSize() == 0
//카카오뱅크 => 카카오카드 400응답시 아래 로직을 추가해야 전체건수에서 메시지부가 처리됨
//메시지부 size 0 refPath refValue 사용 해서 있고 없고 처리
&& (StringUtils.isBlank(getRefPath())
|| StringUtils.isBlank(getRefValue()))
) {
// skip inactive/conditional group (size==0 means not activated)
if( getSize() == 0 ) {
break;
}
if (isHidden) break;
keyIter = childs.keySet().iterator();
while(keyIter.hasNext()) {
String key = keyIter.next();
StandardItem item = childs.get(key);
StandardItem item = childs.get(key);
bos.write(item.toByteArray(withBizData,charset)); //하위로 내려갈때 withBizDat 값이 없어져서 추가 jun's 20231101
}
break;
@@ -47,7 +47,7 @@ reader.XML=com.eactive.eai.message.parser.XmlReader
reader.FLAT=com.eactive.eai.message.parser.FlatReader
*/
public static String STANDARD_MESSAGE_CONFIG = "standard.message.config";
private String DEFAULT_CONFIG_PATH = "./resources/standard-message-config.properties";
private String DEFAULT_CONFIG_PATH = "./standard-message-config.properties";
private String DEFAULT_CONFIG_FILE = "standard-message-config.properties";
private String LAYOUT_FILE_TYPE = "layout.file.type";
@@ -359,10 +359,10 @@ public abstract class DefaultProcess extends Process {
// GUID SET
mapper.nextGuidSeq(standardMessage);
String guid = mapper.getGuid(standardMessage);
String guidSeq = mapper.getGuidSeq(standardMessage);
mapper.setGuid(standardMessage,
guid + StringUtils.defaultString(StringUtils.leftPad(guidSeq, UUIDGenerator.GUID_SEQ_LENGTH, '0')));
// String guid = mapper.getGuid(standardMessage);
// String guidSeq = mapper.getGuidSeq(standardMessage);
// mapper.setGuid(standardMessage,
// guid + StringUtils.defaultString(StringUtils.leftPad(guidSeq, UUIDGenerator.GUID_SEQ_LENGTH, '0')));
// 시스템구분
// stdmsg.setData("stdheader.Inter_chn", EAIServerManager.getInstance().getSystemGubun());
@@ -682,11 +682,10 @@ public abstract class DefaultProcess extends Process {
AdapterVO inboundAdapterVO = AdapterManager.getInstance().getAdapterVO(inboudnAdapterGroupName, inboudnAdapterName);
String errorResponseHandlerClass = AdapterPropManager.getInstance().getProperty(inboundAdapterVO.getPropGroupName(), "ERR_MSG_HANDLER");
if(StringUtils.isBlank(errorResponseHandlerClass)) {
this.resEaiMsg.setRspErrCd("RECEAIINA001", false);
String errorCode = mapper.getErrorCode(resStandardMessage);
String errorMsg = StringUtils.trim(mapper.getErrorMsg(resStandardMessage));
String errorDesc = StringUtils.trim(resStandardMessage.findItemValue("Message.Msg_Body.OUTPUT_MSG_DESC"));
this.resEaiMsg.setRspErrMsg(String.format("[%s] %s (%s)", errorCode, errorMsg, errorDesc));
String errorDesc = StringUtils.trim(resStandardMessage.findItemValue("MSG.MAIN_MSG.outp_msg_desc"));
this.resEaiMsg.setRspErr("RECEAIINA001", String.format("[%s] %s (%s)", errorCode, errorMsg, errorDesc));
return;
}
@@ -698,6 +697,8 @@ public abstract class DefaultProcess extends Process {
if(responseObj != null) {
resStandardMessage.setBizData(responseObj, inboundAdapterGroupVO.getMessageEncode());
}
this.resEaiMsg.setRspErrCd(EAIMessageKeys.BWK_FAILMSG_CODE, false);
}
}
@@ -776,7 +777,7 @@ public abstract class DefaultProcess extends Process {
}
standardMessage.setBizData(this.resObject, this.inboundCharset);
try {
mapper.nextGuidSeq(standardMessage);
//mapper.nextGuidSeq(standardMessage);
mapper.setSendRecvDivision(standardMessage, STDMessageKeys.SEND_RECV_CD_RECV);
StandardMessageManager standardManager = StandardMessageManager.getInstance();
standardManager.getMessageCoordinator().coordinateSetStandardMessageError(standardMessage, mapper,
@@ -4,11 +4,17 @@ import java.net.SocketTimeoutException;
import java.util.Properties;
import com.eactive.eai.common.TransactionContextKeys;
import com.eactive.eai.common.circuitBreaker.CircuitBreakerManager;
import com.eactive.eai.common.circuitBreaker.type.TypedCircuitBreakerManager;
import com.eactive.eai.util.PropertiesUtil;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import io.github.resilience4j.circuitbreaker.CircuitBreaker;
import org.apache.commons.lang3.StringUtils;
import com.eactive.eai.adapter.AdapterGroupVO;
@@ -17,6 +23,7 @@ import com.eactive.eai.adapter.AdapterPropManager;
import com.eactive.eai.adapter.AdapterVO;
import com.eactive.eai.adapter.http.HttpStatusException;
import com.eactive.eai.adapter.http.client.HttpClientAdapterServiceKey;
import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceKey;
import com.eactive.eai.common.EAIKeys;
import com.eactive.eai.common.exception.ExceptionUtil;
import com.eactive.eai.common.header.HeaderAction;
@@ -98,7 +105,32 @@ public class HTTPProcess extends DefaultProcess {
this.timeout = iTimeoutValue * 1000;
this.tempProp.put(INTERFACE_TIME_OUT, "" + this.timeout);
try {
this.resObject = HttpSender.callService(this.adapterGroupName, this.outboundProp, this.reqObject, this.tempProp);
// API별 이용
String apiId = reqEaiMsg.getEAISvcCd();
CircuitBreaker circuitBreaker = TypedCircuitBreakerManager.getInstance().getCircuitBreaker(apiId);
// 디폴트 이용
if(circuitBreaker == null) {
String circuitBreakerUseYn = PropManager.getInstance().getProperty("CircuitBreaker", "useYn");
if ("Y".equals(circuitBreakerUseYn))
circuitBreaker = CircuitBreakerManager.getInstance().getCircuitBreaker(apiId);
}
if (circuitBreaker != null) {
// ObjectMapper 인스턴스 생성
ObjectMapper objectMapper = new ObjectMapper();
// 서킷 브레이커의 메트릭 정보와 상태 정보를 직접 Node로 변환
ObjectNode combinedNode = objectMapper.createObjectNode();
combinedNode.put("state", circuitBreaker.getState().toString());
combinedNode.set("metrics", objectMapper.valueToTree(circuitBreaker.getMetrics()));
logger.info("CircuitBreaker state " + combinedNode.toString());
this.resObject = circuitBreaker.executeCallable(() -> HttpSender
.callService(this.adapterGroupName, this.outboundProp, this.reqObject, this.tempProp));
} else {
this.resObject = HttpSender.callService(this.adapterGroupName, this.outboundProp, this.reqObject, this.tempProp);
}
// 응답코드에 대한 처리
this.resEaiMsg = setResponseForOutbound(this.resEaiMsg);
if (!com.eactive.eai.adapter.Keys.IF_STANDARD.equals(this.adptrMsgPtrnCd)) {
@@ -352,24 +384,26 @@ public class HTTPProcess extends DefaultProcess {
this.tempProp.put(HttpClientAdapterServiceKey.INSTANCE_ID, instanceId);
}
EAIServerManager eaiServerManager = EAIServerManager.getInstance();
AdapterManager adapterManager = AdapterManager.getInstance();
AdapterGroupVO adptGrpVO = adapterManager.getAdapterGroupVO(reqEaiMsg.getCurrentSvcMsg().getPsvSysItfTp());
if (eaiServerManager.isTASEnabledEAIServer() && EAIMessageKeys.TRANTYPE_TAS.equals(reqEaiMsg.getTranType())
// RESTAdapter는 교체하지 않는다
&& !StringUtils.equals(adptGrpVO.getType(), com.eactive.eai.adapter.Keys.TYPE_REST)) {
PropManager manager = PropManager.getInstance();
Properties prop = manager.getProperties(RouteKeys.SIM);
if (reqEaiMsg.getCurrentSvcMsg().isSyncItfTp()) {
this.adapterGroupName = prop.getProperty(RouteKeys.SIM_ADAPTER_SYNC, "_SIM_OU_HTT_SyC");
} else {
this.adapterGroupName = prop.getProperty(RouteKeys.SIM_ADAPTER_ASYNC, "_SIM_OU_HTT_AsC");
}
this.reqEaiMsg.getSvcMsg(0).setPsvSysItfTp(this.adapterGroupName);
} else {
this.adapterGroupName = reqEaiMsg.getCurrentSvcMsg().getPsvSysItfTp();
}
// EAIServerManager eaiServerManager = EAIServerManager.getInstance();
// AdapterManager adapterManager = AdapterManager.getInstance();
// AdapterGroupVO adptGrpVO = adapterManager.getAdapterGroupVO(reqEaiMsg.getCurrentSvcMsg().getPsvSysItfTp());
// if (eaiServerManager.isTASEnabledEAIServer() && EAIMessageKeys.TRANTYPE_TAS.equals(reqEaiMsg.getTranType())
// // RESTAdapter는 교체하지 않는다
// && !StringUtils.equals(adptGrpVO.getType(), com.eactive.eai.adapter.Keys.TYPE_REST)) {
// PropManager manager = PropManager.getInstance();
// Properties prop = manager.getProperties(RouteKeys.SIM);
//
// if (reqEaiMsg.getCurrentSvcMsg().isSyncItfTp()) {
// this.adapterGroupName = prop.getProperty(RouteKeys.SIM_ADAPTER_SYNC, "_SIM_OU_HTT_SyC");
// } else {
// this.adapterGroupName = prop.getProperty(RouteKeys.SIM_ADAPTER_ASYNC, "_SIM_OU_HTT_AsC");
// }
// this.reqEaiMsg.getSvcMsg(0).setPsvSysItfTp(this.adapterGroupName);
// } else {
// this.adapterGroupName = reqEaiMsg.getCurrentSvcMsg().getPsvSysItfTp();
// }
this.adapterGroupName = reqEaiMsg.getCurrentSvcMsg().getPsvSysItfTp();
this.svcTsmtUsgTp = this.reqEaiMsg.getSvcTsmtUsgTp(); // Inbound 호출방식
this.psvItfTp = this.reqEaiMsg.getCurrentSvcMsg().getPsvItfTp(); // 호출방식
@@ -404,6 +438,7 @@ public class HTTPProcess extends DefaultProcess {
}
// Inbound Adapter mesageType
AdapterManager adapterManager = AdapterManager.getInstance();
AdapterGroupVO inAdptGrpVO = adapterManager.getAdapterGroupVO(this.reqEaiMsg.getSngSysItfTp());
this.inAdapterMsgType = MessageType.ASC;
@@ -592,6 +627,22 @@ public class HTTPProcess extends DefaultProcess {
logger.debug(guidLogPrefix + " HTTP NONSTANDARD Request Message : "
+ MessageUtil.toAdapterTypeString(this.reqObject, this.inboundCharset));
}
// TAS 선택시 시뮬레이터 url로 변경, HTT 어댑터도 RST 처럼 방식을 변경하였다.
EAIServerManager eaiServerManager = EAIServerManager.getInstance();
if (eaiServerManager.isTASEnabledEAIServer() && EAIMessageKeys.TRANTYPE_TAS.equals(reqEaiMsg.getTranType())) {
PropManager manager = PropManager.getInstance();
Properties prop = manager.getProperties(RouteKeys.SIM);
String simAddr = prop.getProperty(RouteKeys.SIM_REST_MOCKSERVER);
if (StringUtils.isBlank(simAddr)) {
throw new Exception(String.format("Properties %s > %s not setted", RouteKeys.SIM,
RouteKeys.SIM_REST_MOCKSERVER));
}
String url = StringUtils.removeEnd(simAddr, "/") + "/mockapi/" + this.reqEaiMsg.getEAISvcCd();
this.outboundProp.put(HttpClientAdapterServiceKey.URL, url);
this.tempProp.remove(HttpAdapterServiceKey.INBOUND_REWRITE_PATH);
logger.debug("simUrl=" + url);
}
} catch (Exception e) {
String[] msgArgs = new String[1];
msgArgs[0] = this.reqEaiMsg.getEAISvcCd();
@@ -10,34 +10,55 @@ import com.fasterxml.jackson.databind.node.ObjectNode;
// 해당 필드에 대한 get/set 수행
public class JsonPathUtil {
private JsonPathUtil() {
}
private static final ObjectMapper objectMapper = new ObjectMapper();
// ---------------------------------------------------------------
// JsonNode 기반 단일 파싱 API 연속 get/set 파싱 횟수 절감
// ---------------------------------------------------------------
/** JSON 문자열을 JsonNode 트리로 파싱. */
public static JsonNode toTree(String json) throws Exception {
return objectMapper.readTree(json);
}
/** 이미 파싱된 트리에서 경로의 값을 추출. */
public static String getAt(JsonNode root, String path) {
JsonNode node = getNodeAtPath(root, path);
return node != null ? node.asText() : null;
}
/** 이미 파싱된 트리의 경로에 값을 설정 (in-place). */
public static void setAt(JsonNode root, String path, String value) {
JsonNode parent = getParentNode(root, getParentPath(path));
if (parent == null) return;
String key = getFieldName(path);
if (parent.isArray()) {
((ArrayNode) parent).set(Integer.parseInt(key), objectMapper.convertValue(value, JsonNode.class));
} else if (parent.isObject()) {
((ObjectNode) parent).put(key, value);
}
}
/** JsonNode 트리를 JSON 문자열로 직렬화. */
public static String fromTree(JsonNode root) throws Exception {
return objectMapper.writeValueAsString(root);
}
// ---------------------------------------------------------------
// 문자열 기반 API (내부적으로 메서드에 위임)
// ---------------------------------------------------------------
// 특정 경로의 값을 설정하는 함수
public static String setValueAtPath(String jsonString, String path, String newValue, boolean isPretty) {
try {
// JSON 문자열을 JsonNode 객체로 파싱
JsonNode rootNode = objectMapper.readTree(jsonString);
// 경로에 해당하는 부모 노드를 가져옴
JsonNode parentNode = getParentNode(rootNode, getParentPath(path));
// 경로의 마지막 노드 이름 또는 배열 인덱스 추출
String fieldNameOrIndex = getFieldName(path);
// 배열 또는 객체에서 값을 설정
if (parentNode.isArray()) {
((ArrayNode) parentNode).set(Integer.parseInt(fieldNameOrIndex), objectMapper.convertValue(newValue, JsonNode.class));
} else if (parentNode.isObject()) {
((ObjectNode) parentNode).put(fieldNameOrIndex, newValue);
}
// 수정된 JSON 문자열 반환
setAt(rootNode, path, newValue);
if(isPretty)
return objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(rootNode);
else
else
return objectMapper.writeValueAsString(rootNode);
} catch (Exception e) {
e.printStackTrace();
@@ -48,13 +69,7 @@ public class JsonPathUtil {
// 특정 경로의 값을 가져오는 함수
public static String getValueAtPath(String jsonString, String path) {
try {
// JSON 문자열을 JsonNode 객체로 파싱
JsonNode rootNode = objectMapper.readTree(jsonString);
// 경로에 해당하는 노드의 값을 반환
JsonNode resultNode = getNodeAtPath(rootNode, path);
return resultNode != null ? resultNode.asText() : null;
return getAt(objectMapper.readTree(jsonString), path);
} catch (Exception e) {
e.printStackTrace();
return null;
@@ -101,6 +116,71 @@ public class JsonPathUtil {
return currentNode;
}
/**
* 이미 파싱된 bodyNode에서 removeFromPath 필드를 제거하고 mergeJson을 병합.
* body의 재파싱 없이 호출 가능하여 파싱 횟수를 1회 절감.
*
* body와 mergeJson이 모두 JSON 객체인 경우에만 병합을 수행한다.
* 어느 한쪽이 JSON 객체가 아니면 mergeJson을 그대로 반환한다 (전체 교체 fallback).
*
* @param bodyNode 이미 파싱된 원본 JsonNode
* @param removeFromPath 제거할 필드의 경로 (: /encryptedData)
* @param mergeJson 병합할 JSON 문자열
* @return 병합된 JSON 문자열, 병합 불가 mergeJson 그대로 반환
*/
public static String mergeAtRoot(JsonNode bodyNode, String removeFromPath, String mergeJson) {
try {
JsonNode mergeNode = objectMapper.readTree(mergeJson);
if (!bodyNode.isObject() || !mergeNode.isObject()) {
return mergeJson;
}
ObjectNode result = (ObjectNode) bodyNode.deepCopy();
// removeFromPath 필드 제거
int lastSlash = removeFromPath.lastIndexOf('/');
String fieldName = removeFromPath.substring(lastSlash + 1);
if (lastSlash == 0) {
result.remove(fieldName);
} else {
JsonNode parent = getNodeAtPath(result, removeFromPath.substring(0, lastSlash));
if (parent instanceof ObjectNode) {
((ObjectNode) parent).remove(fieldName);
}
}
// mergeJson 필드를 body에 병합 (기존 필드 덮어쓰기)
result.setAll((ObjectNode) mergeNode);
return objectMapper.writeValueAsString(result);
} catch (Exception e) {
return mergeJson;
}
}
/**
* body에서 removeFromPath 필드를 제거한 , mergeJson의 필드를 body에 병합하여 반환한다.
* (문자열 기반 overload 내부적으로 body를 1회 파싱하여 메서드에 위임)
*
* 사용 (toPath="/" 복호화):
* body = {"encryptedData":"...","requestId":"REQ001"}
* removeFrom = /encryptedData
* mergeJson = {"userId":"U001","name":"test"}
* 결과 = {"requestId":"REQ001","userId":"U001","name":"test"}
*
* @param body 원본 JSON 문자열
* @param removeFromPath 제거할 필드의 경로 (: /encryptedData)
* @param mergeJson 병합할 JSON 문자열
* @return 병합된 JSON 문자열, 병합 불가 mergeJson 그대로 반환
*/
public static String mergeAtRoot(String body, String removeFromPath, String mergeJson) {
try {
return mergeAtRoot(objectMapper.readTree(body), removeFromPath, mergeJson);
} catch (Exception e) {
return mergeJson;
}
}
public static void main(String[] args) {
String jsonString = "{ \"person\": { \"name\": \"John\", \"age\": 30, \"groups\": [ { \"id\": 1, \"name\": \"Group A\" }, { \"id\": 2, \"name\": \"Group B\" }, { \"id\": 3, \"name\": \"Group C\" } ] } }";
@@ -0,0 +1,6 @@
# SoftHSM2 for Windows - 개발 환경
# https://github.com/disig/SoftHSM2-for-Windows/releases 에서 설치
# 토큰 초기화: softhsm2-util --init-token --slot 0 --label "dev-token" --pin 1234 --so-pin 1234
name = SoftHSM
library = C:/SoftHSM2/lib/softhsm2-x64.dll
slotListIndex = 0
@@ -0,0 +1,8 @@
# SafeNet ProtectServer Network HSM - 운영 환경
# 환경변수 필요:
# ET_HSM_NETCLIENT_SERVERLIST=<HSM 서버 IP>
# ET_HSM_NETCLIENT_SERVERPORT=9000
# LD_LIBRARY_PATH=/opt/safenet/protecttoolkit5/ptk/lib
name = ProtectServer
library = /opt/safenet/protecttoolkit5/ptk/lib/libcryptoki.so
slot = 0
@@ -0,0 +1,725 @@
package com.eactive.eai.adapter.handler;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.ArgumentMatchers.eq;
import java.lang.reflect.Field;
import java.util.LinkedHashMap;
import java.util.Properties;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.context.ApplicationContext;
import com.eactive.eai.common.property.PropManager;
import com.eactive.eai.common.util.ApplicationContextProvider;
import com.eactive.eai.message.StandardItem;
import com.eactive.eai.message.StandardMessage;
import com.eactive.eai.message.StandardType;
/**
* TemplateAdapterErrorMsgHandler 단위테스트
*
* - render() : package-private 이므로 같은 패키지에서 직접 호출
* - generateNonStandardErrorResponseMessage() : ApplicationContextProvider
* mock ApplicationContext 리플렉션으로 주입하여 PropManager 격리
*/
class TemplateAdapterErrorMsgHandlerTest {
private TemplateAdapterErrorMsgHandler handler;
@BeforeEach
void setUp() {
handler = new TemplateAdapterErrorMsgHandler();
}
// ================================================================
// StandardMessage 빌더 헬퍼
// ================================================================
/** FIELD 아이템 (type=2) */
private static StandardItem field(String name, String value) {
return new StandardItem(name, 3, StandardType.FIELD, 1, 0, 300, 1, "", "", value, name);
}
/** GROUP 아이템 (type=3, size=1 → 활성) */
private static StandardItem group(String name) {
return new StandardItem(name, 2, StandardType.GROUP, 1, 0, 0, 1, "", "", null, name);
}
/**
* DJB 표준전문 MSG 영역을 모사한 StandardMessage 생성.
*
* 구조:
* MSG (GROUP)
* MAIN_MSG (GROUP)
* outp_msg_cd, outp_msg_ctnt, outp_msg_desc
* MSG_LIST (GRID)
* row[n]: outp_msg_cd, outp_msg_ctnt, outp_msg_desc, err_occu_item_nm
*
* @param listRows null 또는 배열이면 MSG_LIST 없음
*/
private StandardMessage buildMsg(String errCode, String errMsg, String errDesc,
String[][] listRows) {
StandardMessage msg = new StandardMessage();
StandardItem msgGroup = group("MSG");
StandardItem mainMsg = group("MAIN_MSG");
mainMsg.addItem(field("outp_msg_cd", errCode));
mainMsg.addItem(field("outp_msg_ctnt", errMsg));
mainMsg.addItem(field("outp_msg_desc", errDesc));
msgGroup.addItem(mainMsg);
StandardItem msgList = new StandardItem(
"MSG_LIST", 2, StandardType.GRID, 0, 0, 0, 1, "", "", null, "MSG_LIST");
msgList.addItem(field("outp_msg_cd", ""));
msgList.addItem(field("outp_msg_ctnt", ""));
msgList.addItem(field("outp_msg_desc", ""));
msgList.addItem(field("err_occu_item_nm", ""));
if (listRows != null) {
for (String[] row : listRows) {
LinkedHashMap<String, StandardItem> rowMap = new LinkedHashMap<>();
rowMap.put("outp_msg_cd", field("outp_msg_cd", get(row, 0)));
rowMap.put("outp_msg_ctnt", field("outp_msg_ctnt", get(row, 1)));
rowMap.put("outp_msg_desc", field("outp_msg_desc", get(row, 2)));
rowMap.put("err_occu_item_nm", field("err_occu_item_nm", get(row, 3)));
msgList.addArray(rowMap);
}
}
msgGroup.addItem(msgList);
msg.addItem(msgGroup);
return msg;
}
private static String get(String[] arr, int idx) {
return (arr != null && arr.length > idx) ? arr[idx] : "";
}
private static Properties props(String... keyValues) {
Properties p = new Properties();
for (int i = 0; i < keyValues.length - 1; i += 2) {
p.setProperty(keyValues[i], keyValues[i + 1]);
}
return p;
}
// ================================================================
// 스칼라 변수 치환 ${path}
// ================================================================
@Nested
@DisplayName("StandardMessage 스칼라 변수 치환 ${path}")
class ScalarSubstitution {
@Test
@DisplayName("단순 JSON 템플릿 치환")
void 단순_치환() {
StandardMessage msg = buildMsg("E001", "오류발생", "상세설명", null);
String template = "{\"code\":\"${MSG.MAIN_MSG.outp_msg_cd}\",\"msg\":\"${MSG.MAIN_MSG.outp_msg_ctnt}\"}";
String result = handler.render(template, msg, null);
assertEquals("{\"code\":\"E001\",\"msg\":\"오류발생\"}", result);
}
@Test
@DisplayName("동일 변수 중복 치환")
void 동일_변수_중복_치환() {
StandardMessage msg = buildMsg("E001", "오류", "", null);
String template = "${MSG.MAIN_MSG.outp_msg_cd}/${MSG.MAIN_MSG.outp_msg_cd}";
assertEquals("E001/E001", handler.render(template, msg, null));
}
@Test
@DisplayName("존재하지 않는 경로는 빈 문자열로 치환")
void 없는_경로_빈_문자열() {
StandardMessage msg = buildMsg("E001", "오류", "", null);
assertEquals("", handler.render("${NONE.PATH}", msg, null));
}
@Test
@DisplayName("변수 없는 템플릿은 원본 그대로 반환")
void 변수_없는_템플릿_원본() {
StandardMessage msg = buildMsg("E001", "오류", "", null);
assertEquals("{\"static\":\"value\"}", handler.render("{\"static\":\"value\"}", msg, null));
}
@Test
@DisplayName("outp_msg_desc 필드 치환")
void outp_msg_desc_치환() {
StandardMessage msg = buildMsg("E001", "오류", "상세설명입니다", null);
assertEquals("상세설명입니다", handler.render("${MSG.MAIN_MSG.outp_msg_desc}", msg, null));
}
@Test
@DisplayName("경로:기본값 – 경로 존재 시 값 반환")
void 표준전문_기본값_경로존재() {
StandardMessage msg = buildMsg("E001", "오류", "", null);
assertEquals("E001", handler.render("${MSG.MAIN_MSG.outp_msg_cd:DEFAULT}", msg, null));
}
@Test
@DisplayName("경로:기본값 – 경로 없으면 기본값 반환")
void 표준전문_기본값_경로없음() {
StandardMessage msg = buildMsg("E001", "오류", "", null);
assertEquals("UNKNOWN", handler.render("${NONE.PATH:UNKNOWN}", msg, null));
}
@Test
@DisplayName("경로:기본값 기본값이 빈 문자열")
void 표준전문_기본값_빈문자열() {
StandardMessage msg = buildMsg("E001", "오류", "", null);
assertEquals("", handler.render("${NONE.PATH:}", msg, null));
}
}
// ================================================================
// callProp 변수 치환 ${callprop.}
// ================================================================
@Nested
@DisplayName("callProp 변수 치환 ${callprop.키}")
class CallPropSubstitution {
@Test
@DisplayName("callProp 값을 템플릿에서 참조")
void callProp_단순_참조() {
StandardMessage msg = buildMsg("E001", "오류", "", null);
Properties callProp = props("ADAPTER_NAME", "MY_ADAPTER", "IF_ID", "SVC001");
String template = "{\"adapter\":\"${callprop.ADAPTER_NAME}\",\"ifId\":\"${callprop.IF_ID}\"}";
String result = handler.render(template, msg, callProp);
assertEquals("{\"adapter\":\"MY_ADAPTER\",\"ifId\":\"SVC001\"}", result);
}
@Test
@DisplayName("callProp 과 StandardMessage 혼합 참조")
void callProp_stdmsg_혼합() {
StandardMessage msg = buildMsg("E001", "오류발생", "", null);
Properties callProp = props("ADAPTER_NAME", "MY_ADAPTER");
String template = "{\"adapter\":\"${callprop.ADAPTER_NAME}\",\"code\":\"${MSG.MAIN_MSG.outp_msg_cd}\"}";
String result = handler.render(template, msg, callProp);
assertEquals("{\"adapter\":\"MY_ADAPTER\",\"code\":\"E001\"}", result);
}
@Test
@DisplayName("callProp 에 없는 키는 빈 문자열")
void callProp_없는_키_빈문자열() {
StandardMessage msg = buildMsg("E001", "오류", "", null);
Properties callProp = new Properties();
assertEquals("", handler.render("${callprop.NONE_KEY}", msg, callProp));
}
@Test
@DisplayName("callProp 이 null 이면 빈 문자열")
void callProp_null_빈문자열() {
StandardMessage msg = buildMsg("E001", "오류", "", null);
assertEquals("", handler.render("${callprop.ADAPTER_NAME}", msg, null));
}
@Test
@DisplayName("callProp 값이 Properties 인 경우 중첩 탐색")
void callProp_중첩_Properties() {
Properties sub = new Properties();
sub.setProperty("IF_ID", "SVC001");
sub.setProperty("SVC_NM", "조회서비스");
Properties callProp = new Properties();
callProp.put("OUTBOUND", sub);
callProp.setProperty("ADAPTER_NAME", "MY_ADAPTER");
StandardMessage msg = buildMsg("E001", "오류", "", null);
String template = "{\"adapter\":\"${callprop.ADAPTER_NAME}\",\"ifId\":\"${callprop.OUTBOUND.IF_ID}\",\"svcNm\":\"${callprop.OUTBOUND.SVC_NM}\"}";
String result = handler.render(template, msg, callProp);
assertEquals("{\"adapter\":\"MY_ADAPTER\",\"ifId\":\"SVC001\",\"svcNm\":\"조회서비스\"}", result);
}
@Test
@DisplayName("중첩 Properties 3단계 탐색")
void callProp_3단계_중첩() {
Properties level2 = new Properties();
level2.setProperty("CODE", "L2CODE");
Properties level1 = new Properties();
level1.put("LEVEL2", level2);
Properties callProp = new Properties();
callProp.put("LEVEL1", level1);
StandardMessage msg = buildMsg("E001", "오류", "", null);
assertEquals("L2CODE", handler.render("${callprop.LEVEL1.LEVEL2.CODE}", msg, callProp));
}
@Test
@DisplayName("중간 값이 Properties 가 아니면 전체 keyPath 로 폴백 조회")
void callProp_중간값_비Properties_폴백() {
Properties callProp = new Properties();
callProp.setProperty("A.B", "FALLBACK_VALUE"); // 포함
callProp.setProperty("A", "NOT_PROPS"); // String
StandardMessage msg = buildMsg("E001", "오류", "", null);
// A String 이므로 Properties 아님 "A.B" 전체 키로 폴백
assertEquals("FALLBACK_VALUE", handler.render("${callprop.A.B}", msg, callProp));
}
@Test
@DisplayName("중첩 Properties 에서 없는 키는 빈 문자열")
void callProp_중첩_없는키() {
Properties sub = new Properties();
sub.setProperty("EXIST", "VALUE");
Properties callProp = new Properties();
callProp.put("SUB", sub);
StandardMessage msg = buildMsg("E001", "오류", "", null);
assertEquals("", handler.render("${callprop.SUB.NONE_KEY}", msg, callProp));
}
@Test
@DisplayName("callprop.키:기본값 – 키 존재 시 값 반환")
void callProp_직접_기본값_키존재() {
StandardMessage msg = buildMsg("E001", "오류", "", null);
Properties callProp = props("ADAPTER_NAME", "MY_ADAPTER");
assertEquals("MY_ADAPTER", handler.render("${callprop.ADAPTER_NAME:DEFAULT}", msg, callProp));
}
@Test
@DisplayName("callprop.키:기본값 – 키 없으면 기본값 반환")
void callProp_직접_기본값_키없음() {
StandardMessage msg = buildMsg("E001", "오류", "", null);
Properties callProp = new Properties();
assertEquals("DEFAULT_VAL", handler.render("${callprop.NONE_KEY:DEFAULT_VAL}", msg, callProp));
}
@Test
@DisplayName("callprop.키:기본값 callProp null 이면 기본값 반환")
void callProp_직접_기본값_null() {
StandardMessage msg = buildMsg("E001", "오류", "", null);
assertEquals("FALLBACK", handler.render("${callprop.ADAPTER_NAME:FALLBACK}", msg, null));
}
}
// ================================================================
// callProp 간접 참조 ${callprop[표준전문경로]} / ${callprop[경로]:기본값}
// ================================================================
@Nested
@DisplayName("callProp 간접 참조 ${callprop[경로]}")
class IndirectCallPropSubstitution {
/** 표준전문에 cp_key 필드가 있는 메시지 */
private StandardMessage buildMsgWithKey(String cpKey, String errCode) {
StandardMessage msg = buildMsg(errCode, "오류", "", null);
// MSG 그룹 아래 cp_key 필드 추가
StandardItem msgGroup = msg.findItem("MSG");
if (msgGroup != null) {
msgGroup.addItem(field("cp_key", cpKey));
}
return msg;
}
@Test
@DisplayName("표준전문 경로 값으로 callProp 키를 결정해 값 조회")
void 간접_참조_정상() {
StandardMessage msg = buildMsgWithKey("ADAPTER_NAME", "E001");
Properties callProp = props("ADAPTER_NAME", "MY_ADAPTER");
String template = "${callprop[MSG.cp_key]}";
assertEquals("MY_ADAPTER", handler.render(template, msg, callProp));
}
@Test
@DisplayName("표준전문 경로 값이 없으면 기본값 반환")
void 표준전문_경로_없으면_기본값() {
StandardMessage msg = buildMsg("E001", "오류", "", null);
Properties callProp = props("ADAPTER_NAME", "MY_ADAPTER");
String template = "${callprop[MSG.NONE_KEY]:DEFAULT_ADAPTER}";
assertEquals("DEFAULT_ADAPTER", handler.render(template, msg, callProp));
}
@Test
@DisplayName("callProp 에 해당 키 없으면 기본값 반환")
void callProp_키_없으면_기본값() {
StandardMessage msg = buildMsgWithKey("MISSING_KEY", "E001");
Properties callProp = props("OTHER_KEY", "OTHER_VALUE");
String template = "${callprop[MSG.cp_key]:FALLBACK}";
assertEquals("FALLBACK", handler.render(template, msg, callProp));
}
@Test
@DisplayName("기본값 미지정 시 빈 문자열")
void 기본값_없으면_빈문자열() {
StandardMessage msg = buildMsg("E001", "오류", "", null);
Properties callProp = props("ADAPTER_NAME", "MY_ADAPTER");
String template = "${callprop[MSG.NONE_KEY]}";
assertEquals("", handler.render(template, msg, callProp));
}
@Test
@DisplayName("callProp 이 null 이면 기본값 반환")
void callProp_null_기본값() {
StandardMessage msg = buildMsgWithKey("ADAPTER_NAME", "E001");
String template = "${callprop[MSG.cp_key]:NO_PROP}";
assertEquals("NO_PROP", handler.render(template, msg, null));
}
@Test
@DisplayName("기본값이 빈 문자열인 경우")
void 기본값이_빈문자열() {
StandardMessage msg = buildMsg("E001", "오류", "", null);
Properties callProp = new Properties();
String template = "${callprop[MSG.NONE_KEY]:}";
assertEquals("", handler.render(template, msg, callProp));
}
@Test
@DisplayName("간접 참조와 직접 참조 혼합")
void 간접_직접_혼합() {
StandardMessage msg = buildMsgWithKey("IF_ID_KEY", "E001");
Properties callProp = props("IF_ID_KEY", "SVC_001", "ADAPTER_NAME", "MY_ADAPTER");
String template = "{\"adapter\":\"${callprop.ADAPTER_NAME}\",\"ifId\":\"${callprop[MSG.cp_key]}\"}";
assertEquals("{\"adapter\":\"MY_ADAPTER\",\"ifId\":\"SVC_001\"}", handler.render(template, msg, callProp));
}
}
// ================================================================
// 배열 반복 {{#foreach path}}...{{/foreach}}
// ================================================================
// ================================================================
// DATA 영역 변수 치환 ${DATA.xxx}
// ================================================================
@Nested
@DisplayName("DATA 영역 변수 치환 ${DATA.xxx}")
class DataSectionSubstitution {
/**
* DATA > BIZDATA(FIELD, JSON String value) 구조의 StandardMessage 생성.
* BIZDATA 파싱 없이 JSON 문자열 그대로 세팅되는 형태.
*/
private StandardMessage buildMsgWithBizData(String bizDataJson) {
StandardMessage msg = buildMsg("E001", "오류", "", null);
StandardItem dataGroup = group("DATA");
dataGroup.addItem(field("BIZDATA", bizDataJson));
msg.addItem(dataGroup);
return msg;
}
@Test
@DisplayName("DATA.BIZDATA JSON 필드 치환 단일 depth")
void DATA_BIZDATA_JSON_필드_치환() {
StandardMessage msg = buildMsgWithBizData("{\"acctNo\":\"1234567890\",\"custNm\":\"홍길동\"}");
String template = "{\"acctNo\":\"${DATA.BIZDATA.acctNo}\",\"custNm\":\"${DATA.BIZDATA.custNm}\"}";
assertEquals("{\"acctNo\":\"1234567890\",\"custNm\":\"홍길동\"}",
handler.render(template, msg, null));
}
@Test
@DisplayName("DATA.BIZDATA JSON 필드 치환 중첩 depth")
void DATA_BIZDATA_JSON_중첩_필드_치환() {
StandardMessage msg = buildMsgWithBizData("{\"addr\":{\"city\":\"서울\",\"zip\":\"12345\"}}");
assertEquals("서울", handler.render("${DATA.BIZDATA.addr.city}", msg, null));
}
@Test
@DisplayName("DATA.BIZDATA 원본 JSON 문자열 치환")
void DATA_BIZDATA_원본_치환() {
String rawJson = "{\"acctNo\":\"1234567890\"}";
StandardMessage msg = buildMsgWithBizData(rawJson);
assertEquals(rawJson, handler.render("${DATA.BIZDATA}", msg, null));
}
@Test
@DisplayName("DATA.BIZDATA 와 MSG 영역 혼합 치환")
void DATA_MSG_혼합_치환() {
StandardMessage msg = buildMsgWithBizData("{\"acctNo\":\"9876543210\"}");
String template = "{\"code\":\"${MSG.MAIN_MSG.outp_msg_cd}\",\"acctNo\":\"${DATA.BIZDATA.acctNo}\"}";
assertEquals("{\"code\":\"E001\",\"acctNo\":\"9876543210\"}",
handler.render(template, msg, null));
}
@Test
@DisplayName("DATA.BIZDATA JSON 에 없는 필드는 빈 문자열")
void DATA_BIZDATA_없는_JSON_필드_빈문자열() {
StandardMessage msg = buildMsgWithBizData("{\"acctNo\":\"1234567890\"}");
assertEquals("", handler.render("${DATA.BIZDATA.noneField}", msg, null));
}
@Test
@DisplayName("DATA.BIZDATA JSON 에 없는 필드에 기본값 지정")
void DATA_BIZDATA_없는_JSON_필드_기본값() {
StandardMessage msg = buildMsgWithBizData("{\"acctNo\":\"1234567890\"}");
assertEquals("UNKNOWN", handler.render("${DATA.BIZDATA.noneField:UNKNOWN}", msg, null));
}
@Test
@DisplayName("DATA 영역 미설정 시 기본값 반환")
void DATA_없으면_기본값() {
StandardMessage msg = buildMsg("E001", "오류", "", null);
assertEquals("{}", handler.render("${DATA.BIZDATA:{}}", msg, null));
}
}
@Nested
@DisplayName("배열 반복 블록 {{#foreach}}")
class ForeachBlock {
@Test
@DisplayName("MSG_LIST 1건 렌더링")
void 단건_렌더링() {
StandardMessage msg = buildMsg("E001", "대표오류", "",
new String[][]{{"E001", "메시지A", "설명A", "fieldA"}});
String template = "[{{#foreach MSG.MSG_LIST}}{\"c\":\"${outp_msg_cd}\",\"m\":\"${outp_msg_ctnt}\"}{{/foreach}}]";
assertEquals("[{\"c\":\"E001\",\"m\":\"메시지A\"}]", handler.render(template, msg, null));
}
@Test
@DisplayName("MSG_LIST 2건 → 쉼표로 연결")
void 다건_쉼표_연결() {
StandardMessage msg = buildMsg("E001", "대표오류", "",
new String[][]{
{"E001", "오류A", "설명A", "fieldA"},
{"E002", "오류B", "설명B", "fieldB"}
});
String template = "[{{#foreach MSG.MSG_LIST}}{\"c\":\"${outp_msg_cd}\"}{{/foreach}}]";
assertEquals("[{\"c\":\"E001\"},{\"c\":\"E002\"}]", handler.render(template, msg, null));
}
@Test
@DisplayName("MSG_LIST 가 비어있으면 foreach 결과는 빈 문자열")
void 빈_배열() {
StandardMessage msg = buildMsg("E001", "오류", "", new String[][]{});
String template = "[{{#foreach MSG.MSG_LIST}}{\"c\":\"${outp_msg_cd}\"}{{/foreach}}]";
assertEquals("[]", handler.render(template, msg, null));
}
@Test
@DisplayName("foreach 경로가 없으면 빈 문자열")
void 없는_경로() {
StandardMessage msg = buildMsg("E001", "오류", "", null);
String template = "[{{#foreach NONE.LIST}}{\"c\":\"${outp_msg_cd}\"}{{/foreach}}]";
assertEquals("[]", handler.render(template, msg, null));
}
@Test
@DisplayName("err_occu_item_nm 필드 포함 렌더링")
void err_occu_item_nm_포함() {
StandardMessage msg = buildMsg("E001", "오류", "",
new String[][]{{"E001", "오류A", "설명A", "accountNo"}});
String template = "{{#foreach MSG.MSG_LIST}}{\"field\":\"${err_occu_item_nm}\"}{{/foreach}}";
assertEquals("{\"field\":\"accountNo\"}", handler.render(template, msg, null));
}
}
// ================================================================
// 혼합 템플릿 (스칼라 + callProp + 배열)
// ================================================================
@Nested
@DisplayName("혼합 템플릿")
class MixedTemplate {
@Test
@DisplayName("JSON MAIN_MSG + callProp + MSG_LIST 2건")
void JSON_전체_혼합() {
StandardMessage msg = buildMsg("E001", "대표오류", "대표설명",
new String[][]{
{"E001", "오류A", "설명A", "fieldA"},
{"E002", "오류B", "설명B", "fieldB"}
});
Properties callProp = props("ADAPTER_NAME", "TEST_ADAPTER");
String template =
"{" +
"\"adapter\":\"${callprop.ADAPTER_NAME}\"," +
"\"resultCode\":\"${MSG.MAIN_MSG.outp_msg_cd}\"," +
"\"resultMsg\":\"${MSG.MAIN_MSG.outp_msg_ctnt}\"," +
"\"errors\":[{{#foreach MSG.MSG_LIST}}" +
"{\"code\":\"${outp_msg_cd}\",\"msg\":\"${outp_msg_ctnt}\",\"field\":\"${err_occu_item_nm}\"}" +
"{{/foreach}}]" +
"}";
String result = handler.render(template, msg, callProp);
assertEquals(
"{\"adapter\":\"TEST_ADAPTER\"," +
"\"resultCode\":\"E001\",\"resultMsg\":\"대표오류\"," +
"\"errors\":[{\"code\":\"E001\",\"msg\":\"오류A\",\"field\":\"fieldA\"}," +
"{\"code\":\"E002\",\"msg\":\"오류B\",\"field\":\"fieldB\"}]}",
result);
}
@Test
@DisplayName("XML 스칼라 + callProp 치환")
void XML_스칼라_callProp() {
StandardMessage msg = buildMsg("E001", "오류발생", "", null);
Properties callProp = props("IF_ID", "IF_001");
String template = "<error><ifId>${callprop.IF_ID}</ifId><code>${MSG.MAIN_MSG.outp_msg_cd}</code></error>";
assertEquals("<error><ifId>IF_001</ifId><code>E001</code></error>",
handler.render(template, msg, callProp));
}
@Test
@DisplayName("XML foreach 배열")
void XML_foreach_배열() {
StandardMessage msg = buildMsg("E001", "오류", "",
new String[][]{{"E001", "오류A", "", ""}, {"E002", "오류B", "", ""}});
String template =
"<errors>{{#foreach MSG.MSG_LIST}}" +
"<item><code>${outp_msg_cd}</code><msg>${outp_msg_ctnt}</msg></item>" +
"{{/foreach}}</errors>";
assertEquals(
"<errors>" +
"<item><code>E001</code><msg>오류A</msg></item>," +
"<item><code>E002</code><msg>오류B</msg></item>" +
"</errors>",
handler.render(template, msg, null));
}
}
// ================================================================
// generateNonStandardErrorResponseMessage PropManager mock
// ================================================================
@Nested
@DisplayName("generateNonStandardErrorResponseMessage")
class GenerateMethod {
private void injectMockPropManager(PropManager mockPropManager) throws Exception {
ApplicationContext mockCtx = Mockito.mock(ApplicationContext.class);
Mockito.when(mockCtx.getBean(PropManager.class)).thenReturn(mockPropManager);
Field ctxField = ApplicationContextProvider.class.getDeclaredField("context");
ctxField.setAccessible(true);
ctxField.set(null, mockCtx);
}
@Test
@DisplayName("템플릿 미설정 시 null 반환")
void 템플릿_없으면_null() throws Exception {
PropManager mockProp = Mockito.mock(PropManager.class);
Mockito.when(mockProp.getProperty(anyString(), anyString())).thenReturn(null);
injectMockPropManager(mockProp);
StandardMessage msg = buildMsg("E001", "오류", "", null);
Object result = handler.generateNonStandardErrorResponseMessage(
"TEST_GROUP", "TEST_ADAPTER", new Properties(), null, msg);
assertNull(result);
}
@Test
@DisplayName("빈 템플릿 시 null 반환")
void 빈_템플릿_null() throws Exception {
PropManager mockProp = Mockito.mock(PropManager.class);
Mockito.when(mockProp.getProperty(anyString(), anyString())).thenReturn(" ");
injectMockPropManager(mockProp);
StandardMessage msg = buildMsg("E001", "오류", "", null);
Object result = handler.generateNonStandardErrorResponseMessage(
"TEST_GROUP", "TEST_ADAPTER", new Properties(), null, msg);
assertNull(result);
}
@Test
@DisplayName("템플릿 설정 시 StandardMessage 치환 결과 반환")
void 템플릿_stdmsg_치환() throws Exception {
String template = "{\"code\":\"${MSG.MAIN_MSG.outp_msg_cd}\"}";
PropManager mockProp = Mockito.mock(PropManager.class);
Mockito.when(mockProp.getProperty(
eq(TemplateAdapterErrorMsgHandler.PROP_GROUP),
eq("MY_GROUP.template"))).thenReturn(template);
injectMockPropManager(mockProp);
StandardMessage msg = buildMsg("E999", "테스트오류", "", null);
Object result = handler.generateNonStandardErrorResponseMessage(
"MY_GROUP", "MY_ADAPTER", new Properties(), null, msg);
assertEquals("{\"code\":\"E999\"}", result);
}
@Test
@DisplayName("callProp 값이 템플릿에 치환되어 반환")
void 템플릿_callProp_치환() throws Exception {
String template = "{\"adapter\":\"${callprop.ADAPTER_NAME}\",\"code\":\"${MSG.MAIN_MSG.outp_msg_cd}\"}";
PropManager mockProp = Mockito.mock(PropManager.class);
Mockito.when(mockProp.getProperty(
eq(TemplateAdapterErrorMsgHandler.PROP_GROUP),
eq("MY_GROUP.template"))).thenReturn(template);
injectMockPropManager(mockProp);
StandardMessage msg = buildMsg("E999", "테스트오류", "", null);
Properties callProp = props("ADAPTER_NAME", "REAL_ADAPTER");
Object result = handler.generateNonStandardErrorResponseMessage(
"MY_GROUP", "MY_ADAPTER", callProp, null, msg);
assertEquals("{\"adapter\":\"REAL_ADAPTER\",\"code\":\"E999\"}", result);
}
@Test
@DisplayName("템플릿 키는 {adapterGroupId}.template 형식으로 조회")
void 템플릿_키_형식_검증() throws Exception {
PropManager mockProp = Mockito.mock(PropManager.class);
Mockito.when(mockProp.getProperty(anyString(), anyString())).thenReturn(null);
injectMockPropManager(mockProp);
StandardMessage msg = buildMsg("E001", "오류", "", null);
handler.generateNonStandardErrorResponseMessage(
"SAMPLE_GROUP", "ANY_ADAPTER", new Properties(), null, msg);
Mockito.verify(mockProp).getProperty(
TemplateAdapterErrorMsgHandler.PROP_GROUP,
"SAMPLE_GROUP.template");
}
}
}
@@ -0,0 +1,268 @@
package com.eactive.eai.adapter.http.client.impl.filter;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Properties;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.MethodOrderer;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestMethodOrder;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.context.support.GenericApplicationContext;
import com.eactive.eai.adapter.http.filter.AbstractCryptoFilter;
import com.eactive.eai.common.security.CryptoModuleService;
import com.eactive.eai.common.util.ApplicationContextProvider;
/**
* OutCryptoFilter 단위 테스트.
*
* doPreFilter = 외부로 보내는 요청 암호화 (InCryptoFilter와 반대 방향)
* doPostFilter = 외부에서 받은 응답 복호화
*/
@TestMethodOrder(MethodOrderer.DisplayName.class)
class OutCryptoFilterTest {
private static final String MODULE = "TEST_MODULE";
private static final String PLAIN_STR = "plain-request-body";
private static final byte[] PLAIN = PLAIN_STR.getBytes(StandardCharsets.UTF_8);
private static final byte[] CIPHER = new byte[]{0x10, 0x20, 0x30, 0x40, 0x50, 0x60};
private static final String CIPHER_B64 = Base64.getEncoder().encodeToString(CIPHER);
private static GenericApplicationContext ctx;
private static CryptoModuleService mockService;
private static OutCryptoFilter filter;
private Properties tempProp;
@BeforeAll
static void setUpClass() throws Exception {
mockService = mock(CryptoModuleService.class);
ctx = new GenericApplicationContext();
ctx.getBeanFactory().registerSingleton("cryptoModuleService", mockService);
ctx.registerBeanDefinition("applicationContextProvider",
BeanDefinitionBuilder.genericBeanDefinition(ApplicationContextProvider.class)
.getBeanDefinition());
ctx.refresh();
filter = new OutCryptoFilter();
}
@AfterAll
static void tearDownClass() {
if (ctx != null) ctx.close();
}
@BeforeEach
void setUp() throws Exception {
reset(mockService);
tempProp = new Properties();
when(mockService.decrypt(anyString(), anyMap(), any(), any(byte[].class))).thenReturn(PLAIN);
when(mockService.encrypt(anyString(), anyMap(), any(), any(byte[].class))).thenReturn(CIPHER);
}
// =========================================================================
// 1. buildAad
// =========================================================================
@Test
@DisplayName("1-1. buildAad — CRYPTO_AAD_PROP 미설정 → null")
void testBuildAad_noProp_returnsNull() {
assertNull(filter.buildAad(new Properties(), tempProp));
}
@Test
@DisplayName("1-2. buildAad — CRYPTO_AAD_PROP 설정, tempProp에 값 없음 → null")
void testBuildAad_propSet_noTempValue_returnsNull() {
Properties prop = new Properties();
prop.setProperty(OutCryptoFilter.PROP_AAD_PROP, "aadKey");
assertNull(filter.buildAad(prop, tempProp));
}
@Test
@DisplayName("1-3. buildAad — CRYPTO_AAD_PROP 설정, tempProp에 값 있음 → UTF-8 바이트 반환")
void testBuildAad_propSet_tempValuePresent_returnsByte() {
String aadVal = "aad-value-xyz";
Properties prop = new Properties();
prop.setProperty(OutCryptoFilter.PROP_AAD_PROP, "aadKey");
tempProp.setProperty("aadKey", aadVal);
assertArrayEquals(aadVal.getBytes(StandardCharsets.UTF_8), filter.buildAad(prop, tempProp));
}
// =========================================================================
// 2. doPreFilter 암호화 (요청을 외부로 보내기 )
// =========================================================================
@Test
@DisplayName("2-1. BODY scope — 평문 암호화 → Base64 반환")
void testPreFilter_body_encrypt() throws Exception {
Object result = filter.doPreFilter("g", "a", bodyEncryptProps(), PLAIN_STR, tempProp);
assertEquals(CIPHER_B64, result);
verify(mockService).encrypt(eq(MODULE), anyMap(), isNull(), eq(PLAIN));
}
@Test
@DisplayName("2-2. FIELD scope, fromPath='/' — body 전체 암호화 → toPath 필드명으로 래핑")
void testPreFilter_field_encryptFromRoot() throws Exception {
String body = "{\"userId\":\"U001\"}";
Properties prop = fieldEncryptProps("/", "/encryptedData");
Object result = filter.doPreFilter("g", "a", prop, body, tempProp);
assertEquals("{\"encryptedData\":\"" + CIPHER_B64 + "\"}", result);
}
@Test
@DisplayName("2-3. FIELD scope — fromPath 평문 암호화 → toPath Base64 반영")
void testPreFilter_field_encryptSpecificPath() throws Exception {
String body = "{\"data\":\"secret\",\"enc\":\"\"}";
Properties prop = fieldEncryptProps("/data", "/enc");
Object result = filter.doPreFilter("g", "a", prop, body, tempProp);
assertTrue(result.toString().contains("\"enc\":\"" + CIPHER_B64 + "\""),
"toPath에 Base64 암호문이 반영되어야 한다");
}
@Test
@DisplayName("2-4. FIELD scope — fromPath 값 없음 → body 그대로 반환")
void testPreFilter_field_missingFromPath_passThrough() throws Exception {
String body = "{\"other\":\"value\"}";
Properties prop = fieldEncryptProps("/data", "/enc");
Object result = filter.doPreFilter("g", "a", prop, body, tempProp);
assertEquals(body, result);
verifyNoInteractions(mockService);
}
@Test
@DisplayName("2-5. CRYPTO_MODULE_NAME 누락 — IllegalArgumentException")
void testPreFilter_missingModuleName_throwsException() {
Properties prop = new Properties();
prop.setProperty(AbstractCryptoFilter.PROP_SCOPE, "BODY");
assertThrows(IllegalArgumentException.class,
() -> filter.doPreFilter("g", "a", prop, PLAIN_STR, tempProp));
}
// =========================================================================
// 3. doPostFilter 복호화 (외부로부터 응답 받은 )
// =========================================================================
@Test
@DisplayName("3-1. BODY scope — Base64 암호문 복호화 → 평문 반환")
void testPostFilter_body_decrypt() throws Exception {
Object result = filter.doPostFilter("g", "a", bodyDecryptProps(), CIPHER_B64, tempProp);
assertEquals(PLAIN_STR, result);
verify(mockService).decrypt(eq(MODULE), anyMap(), isNull(), eq(CIPHER));
}
@Test
@DisplayName("3-2. FIELD scope — fromPath 복호화 → toPath 반영")
void testPostFilter_field_decryptToPath() throws Exception {
String body = "{\"enc\":\"" + CIPHER_B64 + "\",\"result\":\"\"}";
Properties prop = fieldDecryptProps("/enc", "/result");
Object result = filter.doPostFilter("g", "a", prop, body, tempProp);
assertTrue(result.toString().contains("\"result\":\"" + PLAIN_STR + "\""),
"toPath에 복호화된 값이 반영되어야 한다");
}
@Test
@DisplayName("3-3. FIELD scope, toPath='/' — 복호화된 텍스트로 body 전체 교체")
void testPostFilter_field_decryptToRoot() throws Exception {
String body = "{\"enc\":\"" + CIPHER_B64 + "\"}";
Properties prop = fieldDecryptProps("/enc", "/");
Object result = filter.doPostFilter("g", "a", prop, body, tempProp);
assertEquals(PLAIN_STR, result);
}
@Test
@DisplayName("3-4. FIELD scope — fromPath 값 없음 → body 그대로 반환")
void testPostFilter_field_missingFromPath_passThrough() throws Exception {
String body = "{\"other\":\"value\"}";
Properties prop = fieldDecryptProps("/enc", "/result");
Object result = filter.doPostFilter("g", "a", prop, body, tempProp);
assertEquals(body, result);
verifyNoInteractions(mockService);
}
// =========================================================================
// 4. AAD (tempProp 경유)
// =========================================================================
@Test
@DisplayName("4-1. doPreFilter BODY — CRYPTO_AAD_PROP 설정 시 tempProp 값을 AAD로 전달")
void testPreFilter_body_aadFromTempProp() throws Exception {
String aadVal = "out-aad-value";
Properties prop = bodyEncryptProps();
prop.setProperty(OutCryptoFilter.PROP_AAD_PROP, "myAadKey");
tempProp.setProperty("myAadKey", aadVal);
filter.doPreFilter("g", "a", prop, PLAIN_STR, tempProp);
verify(mockService).encrypt(eq(MODULE), anyMap(),
eq(aadVal.getBytes(StandardCharsets.UTF_8)), any(byte[].class));
}
@Test
@DisplayName("4-2. doPostFilter BODY — CRYPTO_AAD_PROP 미설정 시 aad=null로 전달")
void testPostFilter_body_noAadProp_nullAad() throws Exception {
filter.doPostFilter("g", "a", bodyDecryptProps(), CIPHER_B64, tempProp);
verify(mockService).decrypt(eq(MODULE), anyMap(), isNull(), any(byte[].class));
}
// =========================================================================
// 헬퍼
// =========================================================================
private Properties bodyEncryptProps() {
Properties p = new Properties();
p.setProperty(AbstractCryptoFilter.PROP_MODULE_NAME, MODULE);
p.setProperty(AbstractCryptoFilter.PROP_SCOPE, "BODY");
return p;
}
private Properties bodyDecryptProps() {
return bodyEncryptProps();
}
private Properties fieldEncryptProps(String fromPath, String toPath) {
Properties p = new Properties();
p.setProperty(AbstractCryptoFilter.PROP_MODULE_NAME, MODULE);
p.setProperty(AbstractCryptoFilter.PROP_SCOPE, "FIELD");
p.setProperty(AbstractCryptoFilter.PROP_ENC_FROM_PATH, fromPath);
p.setProperty(AbstractCryptoFilter.PROP_ENC_TO_PATH, toPath);
return p;
}
private Properties fieldDecryptProps(String fromPath, String toPath) {
Properties p = new Properties();
p.setProperty(AbstractCryptoFilter.PROP_MODULE_NAME, MODULE);
p.setProperty(AbstractCryptoFilter.PROP_SCOPE, "FIELD");
p.setProperty(AbstractCryptoFilter.PROP_DEC_FROM_PATH, fromPath);
p.setProperty(AbstractCryptoFilter.PROP_DEC_TO_PATH, toPath);
return p;
}
}
@@ -0,0 +1,466 @@
package com.eactive.eai.adapter.http.dynamic.filter;
import static org.junit.jupiter.api.Assertions.*;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
import java.io.File;
import java.io.InputStream;
import java.lang.reflect.Constructor;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.MethodOrderer;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestMethodOrder;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.context.support.GenericApplicationContext;
import com.eactive.eai.adapter.http.dynamic.filter.InCryptoFilter;
import com.eactive.eai.adapter.http.filter.AbstractCryptoFilter;
import com.eactive.eai.common.hsm.HsmCryptoService;
import com.eactive.eai.common.hsm.HsmManager;
import com.eactive.eai.common.property.PropManager;
import com.eactive.eai.common.security.CryptoModuleConfigVO;
import com.eactive.eai.common.security.CryptoModuleManager;
import com.eactive.eai.common.security.CryptoModuleService;
import com.eactive.eai.common.security.keyderiv.strategy.HsmContextSha256KeyDerivationStrategy;
import com.eactive.eai.common.security.keyderiv.strategy.HsmKeyDerivationStrategy;
import com.eactive.eai.common.security.loader.CryptoModuleConfigLoader;
import com.eactive.eai.common.security.mapper.CryptoModuleConfigMapper;
import com.eactive.eai.common.util.ApplicationContextProvider;
import com.eactive.eai.data.entity.onl.security.CryptoModuleConfig;
/**
* CryptoFilter HSM 연동 통합 테스트 (SoftHSM2 / SunPKCS11)
*
* SoftHSM2에서 MASTER_KEY를 조회하여 키를 도출한
* InCryptoFilter 암복호화 전체 흐름을 검증한다.
*
* 사전 조건:
* C:\SoftHSM2 SoftHSM2 설치 (미설치 자동 건너뜀)
* MASTER_KEY alias는 없으면 자동 생성됨
*
* 검증 전략:
* HSM 도출 CryptoModuleExtension InCryptoFilter doPostFilter(암호화) doPreFilter(복호화) 원문 일치
*/
@TestMethodOrder(MethodOrderer.DisplayName.class)
public class CryptoFilterHsmIntegrationTest {
// -------------------------------------------------------------------------
// 상수
// -------------------------------------------------------------------------
private static final String SOFTHSM2_DLL = "C:/SoftHSM2/lib/softhsm2-x64.dll";
private static final String SOFTHSM2_UTIL = "C:/SoftHSM2/bin/softhsm2-util.exe";
private static final String TOKEN_LABEL = "eapim-test";
private static final String PIN = "1234";
private static final String MASTER_KEY_ALIAS = "MASTER_KEY";
/** HsmKeyDerivationStrategy: HSM 마스터키를 파생 없이 직접 사용 */
private static final String MOD_HSM_GCM = "HSM_GCM";
/** HsmContextSha256KeyDerivationStrategy: HSM 마스터키 + 컨텍스트값 SHA-256 파생 */
private static final String MOD_CTX_SHA_GCM = "CTX_SHA256_GCM";
private static final String CTX_KEY = "X-Api-Group-Seq";
private static final String CTX_VAL_A = "GROUP-A";
private static final String CTX_VAL_B = "GROUP-B";
// -------------------------------------------------------------------------
// 정적 필드
// -------------------------------------------------------------------------
private static GenericApplicationContext springCtx;
private static HsmManager hsmManager;
private static File tempCfgFile;
// -------------------------------------------------------------------------
// 내부 클래스: runtimeContext를 고정값으로 반환하는 필터
// -------------------------------------------------------------------------
static class ContextAwareCryptoFilter extends InCryptoFilter {
private final String key;
private final String value;
ContextAwareCryptoFilter(String key, String value) {
this.key = key;
this.value = value;
}
@Override
protected Map<String, String> buildRuntimeContext(Properties prop, HttpServletRequest request) {
Map<String, String> ctx = new HashMap<>();
ctx.put(key, value);
return ctx;
}
}
// -------------------------------------------------------------------------
// 인스턴스 필드
// -------------------------------------------------------------------------
private HttpServletRequest mockReq;
private HttpServletResponse mockRes;
// -------------------------------------------------------------------------
// 전체 설정 / 해제
// -------------------------------------------------------------------------
@BeforeAll
static void setUpAll() throws Exception {
assumeTrue(new File(SOFTHSM2_DLL).exists(),
"SoftHSM2 미설치 (C:/SoftHSM2) - 테스트 건너뜀");
System.setProperty("SOFTHSM2_CONF", "C:\\SoftHSM2\\etc\\softhsm2.conf");
// 1. 토큰 초기화
ensureTokenInitialized();
// 2. PKCS11 설정 문자열
// attributes(*,...): generate/import 모두 CKA_SENSITIVE=false getEncoded() 사용 가능
String cfgContent = "name = SoftHSM\n"
+ "library = " + SOFTHSM2_DLL + "\n"
+ "slotListIndex = 0\n"
+ "attributes(*, CKO_SECRET_KEY, CKK_AES) = {\n"
+ " CKA_SENSITIVE = false\n"
+ " CKA_EXTRACTABLE = true\n"
+ "}\n";
tempCfgFile = File.createTempFile("pkcs11-filter-it-", ".cfg");
Files.write(tempCfgFile.toPath(), cfgContent.getBytes("UTF-8"));
// 3. Mock PropManager (DB 없이 HSM 설정값 제공)
PropManager mockPropManager = mock(PropManager.class);
when(mockPropManager.getProperty("HSM", "PKCS11_CONFIG")).thenReturn(cfgContent);
when(mockPropManager.getProperty("HSM", "PIN")).thenReturn(PIN);
when(mockPropManager.getProperty(eq("HSM"), eq("CACHE_RELOAD_YN"), anyString())).thenReturn("N");
// 4. HsmManager (private 생성자 리플렉션)
Constructor<HsmManager> hsmCtor = HsmManager.class.getDeclaredConstructor();
hsmCtor.setAccessible(true);
hsmManager = hsmCtor.newInstance();
// 5. CryptoModuleManager (private 생성자 리플렉션)
CryptoModuleConfigLoader mockLoader = mock(CryptoModuleConfigLoader.class);
when(mockLoader.findAll()).thenReturn(buildModuleConfigs());
Constructor<CryptoModuleManager> managerCtor = CryptoModuleManager.class.getDeclaredConstructor();
managerCtor.setAccessible(true);
CryptoModuleManager manager = managerCtor.newInstance();
CryptoModuleService cryptoService = new CryptoModuleService();
HsmCryptoService hsmCryptoService = new HsmCryptoService();
// 6. Spring ApplicationContext 구성
springCtx = new GenericApplicationContext();
springCtx.getBeanFactory().registerSingleton("propManager", mockPropManager);
springCtx.getBeanFactory().registerSingleton("hsmManager", hsmManager);
springCtx.getBeanFactory().registerSingleton("hsmCryptoService", hsmCryptoService);
springCtx.getBeanFactory().registerSingleton("cryptoModuleConfigLoader", mockLoader);
springCtx.getBeanFactory().registerSingleton("cryptoModuleManager", manager);
springCtx.getBeanFactory().registerSingleton("cryptoModuleService", cryptoService);
springCtx.getBeanFactory().registerSingleton("cryptoModuleConfigMapper", testMapper());
springCtx.registerBeanDefinition("applicationContextProvider",
BeanDefinitionBuilder.genericBeanDefinition(ApplicationContextProvider.class)
.getBeanDefinition());
springCtx.refresh();
// 7. HsmManager 시작 (SunPKCS11 Provider 초기화 + KeyStore 오픈)
hsmManager.start();
assertTrue(hsmManager.isReady(), "HsmManager 초기화 실패");
System.out.println("[HSM] Provider: " + hsmManager.getPkcs11Provider().getName());
// 8. MASTER_KEY 등록 (없으면 자동 생성)
ensureMasterKey();
// 9. CryptoModuleManager 시작 (모듈 설정 로드)
manager.start();
System.out.println("[Crypto] 모듈 로드 완료");
}
@AfterAll
static void tearDownAll() throws Exception {
if (hsmManager != null && hsmManager.isStarted()) hsmManager.stop();
if (springCtx != null) springCtx.close();
if (tempCfgFile != null) tempCfgFile.delete();
}
@BeforeEach
void setUp() {
mockReq = mock(HttpServletRequest.class);
mockRes = mock(HttpServletResponse.class);
}
// =========================================================================
// 1. HsmKeyDerivationStrategy HSM 마스터키 직접 사용 (InCryptoFilter)
// =========================================================================
@Test
@DisplayName("1-1. FIELD/GCM HsmKey — doPostFilter 암호화 → doPreFilter 복호화 라운드트립")
void testHsmGcm_field_roundTrip() throws Exception {
InCryptoFilter filter = new InCryptoFilter();
String original = "{\"acno\":\"1234567890\",\"amount\":\"100000\"}";
Properties prop = new Properties();
prop.setProperty(AbstractCryptoFilter.PROP_MODULE_NAME, MOD_HSM_GCM);
// SCOPE 기본값 FIELD, 경로 기본값 사용
// 암호화: body 전체 /encrypted_data 필드
String encrypted = (String) filter.doPostFilter("G", "A", original, prop, mockReq, mockRes);
System.out.println("[1-1] encrypted: " + encrypted);
assertTrue(encrypted.contains("encrypted_data"), "/encrypted_data 필드가 있어야 한다");
// 복호화: /encrypted_data 필드 body 전체 교체
String decrypted = (String) filter.doPreFilter("G", "A", encrypted, prop, mockReq, mockRes);
System.out.println("[1-1] decrypted: " + decrypted);
assertEquals(original, decrypted);
}
@Test
@DisplayName("1-2. BODY/GCM HsmKey — doPostFilter 암호화 → doPreFilter 복호화 라운드트립")
void testHsmGcm_body_roundTrip() throws Exception {
InCryptoFilter filter = new InCryptoFilter();
String original = "{\"acno\":\"1234567890\",\"amount\":\"100000\"}";
Properties prop = new Properties();
prop.setProperty(AbstractCryptoFilter.PROP_MODULE_NAME, MOD_HSM_GCM);
prop.setProperty(AbstractCryptoFilter.PROP_SCOPE, "BODY");
// 암호화: body 전체 Base64 암호문
String encrypted = (String) filter.doPostFilter("G", "A", original, prop, mockReq, mockRes);
System.out.println("[1-2] encrypted(Base64): " + encrypted);
assertNotEquals(original, encrypted, "암호문은 평문과 달라야 한다");
// 복호화: Base64 암호문 원문
String decrypted = (String) filter.doPreFilter("G", "A", encrypted, prop, mockReq, mockRes);
System.out.println("[1-2] decrypted: " + decrypted);
assertEquals(original, decrypted);
}
@Test
@DisplayName("1-3. FIELD/GCM HsmKey + AAD 헤더 — 동일 요청 ID로 암복호화 성공")
void testHsmGcm_field_withAad_success() throws Exception {
InCryptoFilter filter = new InCryptoFilter();
String original = "{\"amount\":\"500000\"}";
String requestId = "REQ-20240101-001";
when(mockReq.getHeader("X-Request-Id")).thenReturn(requestId);
Properties prop = new Properties();
prop.setProperty(AbstractCryptoFilter.PROP_MODULE_NAME, MOD_HSM_GCM);
prop.setProperty(AbstractCryptoFilter.PROP_AAD_HEADER, "X-Request-Id");
String encrypted = (String) filter.doPostFilter("G", "A", original, prop, mockReq, mockRes);
String decrypted = (String) filter.doPreFilter( "G", "A", encrypted, prop, mockReq, mockRes);
System.out.println("[1-3] decrypted: " + decrypted);
assertEquals(original, decrypted);
}
@Test
@DisplayName("1-4. FIELD/GCM HsmKey + AAD 헤더 — 다른 요청 ID로 복호화 시 GCM 인증 실패")
void testHsmGcm_field_withAad_wrongAad_fails() throws Exception {
InCryptoFilter filter = new InCryptoFilter();
String original = "{\"amount\":\"500000\"}";
// 암호화 요청 ID
HttpServletRequest encReq = mock(HttpServletRequest.class);
when(encReq.getHeader("X-Request-Id")).thenReturn("REQ-CORRECT");
// 복호화 다른 요청 ID
HttpServletRequest decReq = mock(HttpServletRequest.class);
when(decReq.getHeader("X-Request-Id")).thenReturn("REQ-WRONG");
Properties prop = new Properties();
prop.setProperty(AbstractCryptoFilter.PROP_MODULE_NAME, MOD_HSM_GCM);
prop.setProperty(AbstractCryptoFilter.PROP_AAD_HEADER, "X-Request-Id");
String encrypted = (String) filter.doPostFilter("G", "A", original, prop, encReq, mockRes);
assertThrows(Exception.class,
() -> filter.doPreFilter("G", "A", encrypted, prop, decReq, mockRes),
"잘못된 AAD로 GCM 복호화 시 예외가 발생해야 한다");
System.out.println("[1-4] 다른 AAD 복호화 예외 확인 완료");
}
// =========================================================================
// 2. HsmContextSha256KeyDerivationStrategy 컨텍스트 기반 SHA-256 파생
// =========================================================================
@Test
@DisplayName("2-1. FIELD/GCM ContextSha256 — 동일 컨텍스트로 암복호화 라운드트립")
void testCtxSha256Gcm_field_roundTrip() throws Exception {
InCryptoFilter filter = new ContextAwareCryptoFilter(CTX_KEY, CTX_VAL_A);
String original = "{\"accNo\":\"0011234567890\",\"amount\":\"50000\"}";
Properties prop = new Properties();
prop.setProperty(AbstractCryptoFilter.PROP_MODULE_NAME, MOD_CTX_SHA_GCM);
String encrypted = (String) filter.doPostFilter("G", "A", original, prop, mockReq, mockRes);
System.out.println("[2-1] encrypted: " + encrypted);
assertTrue(encrypted.contains("encrypted_data"));
String decrypted = (String) filter.doPreFilter("G", "A", encrypted, prop, mockReq, mockRes);
System.out.println("[2-1] decrypted: " + decrypted);
assertEquals(original, decrypted);
}
@Test
@DisplayName("2-2. FIELD/GCM ContextSha256 — 암호화와 다른 컨텍스트로 복호화 시 GCM 인증 실패")
void testCtxSha256Gcm_differentContext_throwsException() throws Exception {
InCryptoFilter encFilter = new ContextAwareCryptoFilter(CTX_KEY, CTX_VAL_A);
InCryptoFilter decFilter = new ContextAwareCryptoFilter(CTX_KEY, CTX_VAL_B);
String original = "{\"data\":\"sensitive\"}";
Properties prop = new Properties();
prop.setProperty(AbstractCryptoFilter.PROP_MODULE_NAME, MOD_CTX_SHA_GCM);
String encrypted = (String) encFilter.doPostFilter("G", "A", original, prop, mockReq, mockRes);
assertThrows(Exception.class,
() -> decFilter.doPreFilter("G", "A", encrypted, prop, mockReq, mockRes),
"다른 컨텍스트 키로 파생된 키는 복호화에 실패해야 한다");
System.out.println("[2-2] 다른 컨텍스트 복호화 예외 확인 완료");
}
@Test
@DisplayName("2-3. FIELD/GCM ContextSha256 — 컨텍스트별 독립 암복호화 (GROUP-A, GROUP-B 각각 성공)")
void testCtxSha256Gcm_perGroupRoundTrip() throws Exception {
InCryptoFilter filterA = new ContextAwareCryptoFilter(CTX_KEY, CTX_VAL_A);
InCryptoFilter filterB = new ContextAwareCryptoFilter(CTX_KEY, CTX_VAL_B);
String plainA = "{\"group\":\"A\",\"amount\":\"1000\"}";
String plainB = "{\"group\":\"B\",\"amount\":\"2000\"}";
Properties prop = new Properties();
prop.setProperty(AbstractCryptoFilter.PROP_MODULE_NAME, MOD_CTX_SHA_GCM);
String encA = (String) filterA.doPostFilter("G", "A", plainA, prop, mockReq, mockRes);
String encB = (String) filterB.doPostFilter("G", "B", plainB, prop, mockReq, mockRes);
assertEquals(plainA, (String) filterA.doPreFilter("G", "A", encA, prop, mockReq, mockRes));
assertEquals(plainB, (String) filterB.doPreFilter("G", "B", encB, prop, mockReq, mockRes));
System.out.println("[2-3] GROUP-A, GROUP-B 각각 독립 암복호화 성공");
}
// =========================================================================
// 헬퍼
// =========================================================================
private static List<CryptoModuleConfig> buildModuleConfigs() {
return Arrays.asList(
buildDynamic(MOD_HSM_GCM, "AES", "GCM", "NoPadding",
HsmKeyDerivationStrategy.class.getName(),
"{\"hsmKeyAlias\":\"" + MASTER_KEY_ALIAS + "\"}"),
buildDynamic(MOD_CTX_SHA_GCM, "AES", "GCM", "NoPadding",
HsmContextSha256KeyDerivationStrategy.class.getName(),
"{\"hsmKeyAlias\":\"" + MASTER_KEY_ALIAS + "\",\"contextKey\":\"" + CTX_KEY + "\"}")
);
}
private static CryptoModuleConfig buildDynamic(String name, String alg, String mode, String padding,
String strategy, String params) {
CryptoModuleConfig c = new CryptoModuleConfig();
c.setCryptoId(UUID.randomUUID().toString());
c.setCryptoName(name);
c.setAlgType(alg);
c.setCipherMode(mode);
c.setPadding(padding);
c.setKeySourceType("DYNAMIC");
c.setKeyDerivStrategy(strategy);
c.setKeyDerivParams(params);
c.setCacheYn("Y");
c.setCacheTtlSec(60);
c.setUseYn("Y");
// ivHex = null: GCM에서 IV를 AAD 대체값으로 사용하지 않도록 의도적으로 미설정
return c;
}
private static void ensureMasterKey() throws Exception {
java.security.KeyStore ks = hsmManager.getKeyStore();
// 이전 실행 삭제 (sensitive 여부 무관하게 항상 고정키로 재등록)
if (ks.containsAlias(MASTER_KEY_ALIAS)) {
ks.deleteEntry(MASTER_KEY_ALIAS);
System.out.println("[HSM] 기존 MASTER_KEY 삭제");
}
// CryptoModuleServiceTest.KEY_128 동일한 고정 테스트 암호문 비교 가능
// attributes(*, CKO_SECRET_KEY, CKK_AES) 지시어로 임포트 CKA_SENSITIVE=false 적용
byte[] keyBytes = "0123456789abcdef".getBytes(StandardCharsets.UTF_8);
SecretKey fixedKey = new SecretKeySpec(keyBytes, "AES");
ks.setKeyEntry(MASTER_KEY_ALIAS, fixedKey, null, null);
// 임포트 getEncoded() 검증
SecretKey stored = (SecretKey) ks.getKey(MASTER_KEY_ALIAS, null);
byte[] encoded = stored.getEncoded();
System.out.println("[HSM] MASTER_KEY 등록 완료: alias=" + MASTER_KEY_ALIAS
+ " / getEncoded()=" + (encoded != null ? encoded.length + "bytes, " + new String(encoded) : "null (추출 불가!)"));
}
private static void ensureTokenInitialized() throws Exception {
ProcessBuilder pb = new ProcessBuilder(
SOFTHSM2_UTIL, "--init-token", "--free",
"--label", TOKEN_LABEL, "--pin", PIN, "--so-pin", PIN);
pb.redirectErrorStream(true);
Process p = pb.start();
String out = readOutput(p);
p.waitFor(10, TimeUnit.SECONDS);
System.out.println("[SoftHSM2] init-token: " + out.trim());
}
private static CryptoModuleConfigMapper testMapper() {
return new CryptoModuleConfigMapper() {
@Override
public CryptoModuleConfigVO toVo(CryptoModuleConfig e) {
CryptoModuleConfigVO vo = new CryptoModuleConfigVO();
vo.setCryptoId(e.getCryptoId());
vo.setCryptoName(e.getCryptoName());
vo.setCryptoDesc(e.getCryptoDesc());
vo.setAlgType(e.getAlgType());
vo.setCipherMode(e.getCipherMode());
vo.setPadding(e.getPadding());
vo.setIvHex(e.getIvHex());
vo.setKeySourceType(e.getKeySourceType());
vo.setEncKeyHex(e.getEncKeyHex());
vo.setDecKeyHex(e.getDecKeyHex());
vo.setKeyDerivStrategy(e.getKeyDerivStrategy());
vo.setKeyDerivParams(e.getKeyDerivParams());
vo.setCacheYn(e.getCacheYn());
vo.setCacheTtlSec(e.getCacheTtlSec());
vo.setUseYn(e.getUseYn());
return vo;
}
@Override
public CryptoModuleConfig toEntity(CryptoModuleConfigVO vo) {
return null;
}
};
}
private static String readOutput(Process p) throws Exception {
InputStream is = p.getInputStream();
byte[] buf = new byte[4096];
StringBuilder sb = new StringBuilder();
int len;
while ((len = is.read(buf)) != -1) {
sb.append(new String(buf, 0, len, "UTF-8"));
}
return sb.toString();
}
}
@@ -0,0 +1,339 @@
package com.eactive.eai.adapter.http.dynamic.filter;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Map;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.MethodOrderer;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestMethodOrder;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.context.support.GenericApplicationContext;
import com.eactive.eai.adapter.http.filter.AbstractCryptoFilter;
import com.eactive.eai.common.security.CryptoModuleService;
import com.eactive.eai.common.util.ApplicationContextProvider;
/**
* InCryptoFilter / AbstractCryptoFilter 단위 테스트.
* CryptoModuleService는 Mock으로 대체하여 필터 로직(Base64, JSON 경로, 프로퍼티 파싱) 검증한다.
*/
@TestMethodOrder(MethodOrderer.DisplayName.class)
class InCryptoFilterTest {
private static final String MODULE = "TEST_MODULE";
private static final String PLAIN_STR = "decrypted-plain-text";
private static final byte[] PLAIN = PLAIN_STR.getBytes(StandardCharsets.UTF_8);
private static final byte[] CIPHER = new byte[]{0x10, 0x20, 0x30, 0x40, 0x50, 0x60};
private static final String CIPHER_B64 = Base64.getEncoder().encodeToString(CIPHER);
private static GenericApplicationContext ctx;
private static CryptoModuleService mockService;
private static InCryptoFilter filter;
private HttpServletRequest mockRequest;
private HttpServletResponse mockResponse;
@BeforeAll
static void setUpClass() throws Exception {
mockService = mock(CryptoModuleService.class);
ctx = new GenericApplicationContext();
ctx.getBeanFactory().registerSingleton("cryptoModuleService", mockService);
ctx.registerBeanDefinition("applicationContextProvider",
BeanDefinitionBuilder.genericBeanDefinition(ApplicationContextProvider.class)
.getBeanDefinition());
ctx.refresh();
filter = new InCryptoFilter();
}
@AfterAll
static void tearDownClass() {
if (ctx != null) ctx.close();
}
@BeforeEach
void setUp() throws Exception {
reset(mockService);
mockRequest = mock(HttpServletRequest.class);
mockResponse = mock(HttpServletResponse.class);
when(mockService.decrypt(anyString(), anyMap(), any(), any(byte[].class))).thenReturn(PLAIN);
when(mockService.encrypt(anyString(), anyMap(), any(), any(byte[].class))).thenReturn(CIPHER);
}
// =========================================================================
// 1. buildRuntimeContext
// =========================================================================
@Test
@DisplayName("1-1. buildRuntimeContext — 항상 빈 Map 반환")
void testBuildRuntimeContext_returnsEmptyMap() {
Map<String, String> result = filter.buildRuntimeContext(new Properties(), mockRequest);
assertNotNull(result);
assertTrue(result.isEmpty());
}
// =========================================================================
// 2. buildAad
// =========================================================================
@Test
@DisplayName("2-1. buildAad — CRYPTO_AAD_HEADER 미설정 → null")
void testBuildAad_noProp_returnsNull() {
assertNull(filter.buildAad(new Properties(), mockRequest));
}
@Test
@DisplayName("2-2. buildAad — 헤더명 설정, 헤더값 없음 → null")
void testBuildAad_headerNameSet_noValue_returnsNull() {
Properties prop = new Properties();
prop.setProperty(AbstractCryptoFilter.PROP_AAD_HEADER, "X-Api-Request-Id");
when(mockRequest.getHeader("X-Api-Request-Id")).thenReturn(null);
assertNull(filter.buildAad(prop, mockRequest));
}
@Test
@DisplayName("2-3. buildAad — 헤더명 설정, 헤더값 있음 → UTF-8 바이트 반환")
void testBuildAad_headerNameSet_valuePresent_returnsByte() {
String headerVal = "req-id-abc123";
Properties prop = new Properties();
prop.setProperty(AbstractCryptoFilter.PROP_AAD_HEADER, "X-Api-Request-Id");
when(mockRequest.getHeader("X-Api-Request-Id")).thenReturn(headerVal);
assertArrayEquals(headerVal.getBytes(StandardCharsets.UTF_8), filter.buildAad(prop, mockRequest));
}
// =========================================================================
// 3. doPreFilter BODY scope 복호화
// =========================================================================
@Test
@DisplayName("3-1. BODY scope — Base64 암호문 복호화 → 평문 반환")
void testPreFilter_body_decrypt_roundTrip() throws Exception {
Object result = filter.doPreFilter("g", "a", CIPHER_B64, bodyDecryptProps(), mockRequest, mockResponse);
assertEquals(PLAIN_STR, result);
verify(mockService).decrypt(eq(MODULE), anyMap(), isNull(), eq(CIPHER));
}
@Test
@DisplayName("3-2. CRYPTO_MODULE_NAME 누락 — IllegalArgumentException")
void testPreFilter_missingModuleName_throwsException() {
Properties prop = new Properties();
prop.setProperty(AbstractCryptoFilter.PROP_SCOPE, "BODY");
assertThrows(IllegalArgumentException.class,
() -> filter.doPreFilter("g", "a", CIPHER_B64, prop, mockRequest, mockResponse));
}
@Test
@DisplayName("3-3. message가 byte[] — UTF-8 디코딩 후 처리")
void testPreFilter_body_byteArrayMessage() throws Exception {
Object result = filter.doPreFilter("g", "a", CIPHER_B64.getBytes(StandardCharsets.UTF_8),
bodyDecryptProps(), mockRequest, mockResponse);
assertEquals(PLAIN_STR, result);
}
// =========================================================================
// 4. doPreFilter FIELD scope 복호화
// =========================================================================
@Test
@DisplayName("4-1. FIELD scope — fromPath 복호화 → toPath 반영")
void testPreFilter_field_decryptToPath() throws Exception {
String body = "{\"enc\":\"" + CIPHER_B64 + "\",\"result\":\"\"}";
Properties prop = fieldDecryptProps("/enc", "/result");
Object result = filter.doPreFilter("g", "a", body, prop, mockRequest, mockResponse);
assertTrue(result.toString().contains("\"result\":\"" + PLAIN_STR + "\""),
"toPath에 복호화된 값이 반영되어야 한다");
verify(mockService).decrypt(eq(MODULE), anyMap(), isNull(), eq(CIPHER));
}
@Test
@DisplayName("4-2. FIELD scope, toPath='/' — 복호화 결과가 비-JSON이면 텍스트 그대로 반환 (fallback)")
void testPreFilter_field_decryptToRoot_nonJsonFallback() throws Exception {
String body = "{\"enc\":\"" + CIPHER_B64 + "\"}";
Properties prop = fieldDecryptProps("/enc", "/");
Object result = filter.doPreFilter("g", "a", body, prop, mockRequest, mockResponse);
assertEquals(PLAIN_STR, result, "복호화 결과가 JSON 객체가 아니면 텍스트 그대로 반환");
}
@Test
@DisplayName("4-4. FIELD scope, toPath='/' — 복호화된 JSON을 body에 병합 (fromPath 필드 제거)")
void testPreFilter_field_decryptToRoot_mergesJson() throws Exception {
String decryptedJson = "{\"userId\":\"U001\",\"name\":\"test\"}";
when(mockService.decrypt(anyString(), anyMap(), any(), any(byte[].class)))
.thenReturn(decryptedJson.getBytes(StandardCharsets.UTF_8));
String body = "{\"encryptedData\":\"" + CIPHER_B64 + "\",\"requestId\":\"REQ001\"}";
Properties prop = fieldDecryptProps("/encryptedData", "/");
Object result = filter.doPreFilter("g", "a", body, prop, mockRequest, mockResponse);
String r = result.toString();
assertFalse(r.contains("encryptedData"), "암호화 필드(encryptedData)는 제거되어야 한다");
assertTrue(r.contains("\"requestId\":\"REQ001\""), "원본 body의 다른 필드는 유지되어야 한다");
assertTrue(r.contains("\"userId\":\"U001\""), "복호화된 JSON 필드가 병합되어야 한다");
assertTrue(r.contains("\"name\":\"test\""), "복호화된 JSON 필드가 병합되어야 한다");
}
@Test
@DisplayName("4-3. FIELD scope — fromPath 값 없음 → body 그대로 반환")
void testPreFilter_field_missingFromPathValue_passThrough() throws Exception {
String body = "{\"other\":\"value\"}";
Properties prop = fieldDecryptProps("/enc", "/other");
Object result = filter.doPreFilter("g", "a", body, prop, mockRequest, mockResponse);
assertEquals(body, result);
verifyNoInteractions(mockService);
}
// =========================================================================
// 5. doPostFilter BODY scope 암호화
// =========================================================================
@Test
@DisplayName("5-1. BODY scope — 평문 암호화 → Base64 반환")
void testPostFilter_body_encrypt() throws Exception {
String body = "plain-response-body";
Object result = filter.doPostFilter("g", "a", body, bodyEncryptProps(), mockRequest, mockResponse);
assertEquals(CIPHER_B64, result);
verify(mockService).encrypt(eq(MODULE), anyMap(), isNull(), eq(body.getBytes(StandardCharsets.UTF_8)));
}
// =========================================================================
// 6. doPostFilter FIELD scope 암호화
// =========================================================================
@Test
@DisplayName("6-1. FIELD scope — fromPath 평문 암호화 → toPath Base64 반영")
void testPostFilter_field_encryptToPath() throws Exception {
String body = "{\"plain\":\"hello\",\"enc\":\"\"}";
Properties prop = fieldEncryptProps("/plain", "/enc");
Object result = filter.doPostFilter("g", "a", body, prop, mockRequest, mockResponse);
assertTrue(result.toString().contains("\"enc\":\"" + CIPHER_B64 + "\""),
"toPath에 Base64 암호문이 반영되어야 한다");
}
@Test
@DisplayName("6-2. FIELD scope, fromPath='/' — body 전체 암호화 → toPath 필드명으로 래핑")
void testPostFilter_field_encryptFromRoot() throws Exception {
String body = "{\"plain\":\"hello\"}";
Properties prop = fieldEncryptProps("/", "/encrypted");
Object result = filter.doPostFilter("g", "a", body, prop, mockRequest, mockResponse);
assertEquals("{\"encrypted\":\"" + CIPHER_B64 + "\"}", result);
}
@Test
@DisplayName("6-3. FIELD scope — fromPath 값 없음 → body 그대로 반환")
void testPostFilter_field_missingFromPathValue_passThrough() throws Exception {
String body = "{\"other\":\"value\"}";
Properties prop = fieldEncryptProps("/plain", "/enc");
Object result = filter.doPostFilter("g", "a", body, prop, mockRequest, mockResponse);
assertEquals(body, result);
verifyNoInteractions(mockService);
}
// =========================================================================
// 7. AAD 헤더 연동
// =========================================================================
@Test
@DisplayName("7-1. doPreFilter BODY — CRYPTO_AAD_HEADER 설정 시 헤더값을 AAD로 전달")
void testPreFilter_body_aadFromHeader_passedToService() throws Exception {
String aadVal = "request-id-xyz";
Properties prop = bodyDecryptProps();
prop.setProperty(AbstractCryptoFilter.PROP_AAD_HEADER, "X-Api-Request-Id");
when(mockRequest.getHeader("X-Api-Request-Id")).thenReturn(aadVal);
filter.doPreFilter("g", "a", CIPHER_B64, prop, mockRequest, mockResponse);
verify(mockService).decrypt(eq(MODULE), anyMap(),
eq(aadVal.getBytes(StandardCharsets.UTF_8)), eq(CIPHER));
}
@Test
@DisplayName("7-2. doPostFilter BODY — CRYPTO_AAD_HEADER 미설정 시 aad=null로 전달")
void testPostFilter_body_noAadHeader_nullAadPassedToService() throws Exception {
filter.doPostFilter("g", "a", "plain", bodyEncryptProps(), mockRequest, mockResponse);
verify(mockService).encrypt(eq(MODULE), anyMap(), isNull(), any(byte[].class));
}
@Test
@DisplayName("7-3. doPreFilter FIELD — CRYPTO_AAD_HEADER 설정 시 헤더값을 AAD로 전달")
void testPreFilter_field_aadFromHeader_passedToService() throws Exception {
String aadVal = "field-aad-value";
String body = "{\"enc\":\"" + CIPHER_B64 + "\",\"result\":\"\"}";
Properties prop = fieldDecryptProps("/enc", "/result");
prop.setProperty(AbstractCryptoFilter.PROP_AAD_HEADER, "X-Api-Aad");
when(mockRequest.getHeader("X-Api-Aad")).thenReturn(aadVal);
filter.doPreFilter("g", "a", body, prop, mockRequest, mockResponse);
verify(mockService).decrypt(eq(MODULE), anyMap(),
eq(aadVal.getBytes(StandardCharsets.UTF_8)), eq(CIPHER));
}
// =========================================================================
// 헬퍼
// =========================================================================
private Properties bodyDecryptProps() {
Properties p = new Properties();
p.setProperty(AbstractCryptoFilter.PROP_MODULE_NAME, MODULE);
p.setProperty(AbstractCryptoFilter.PROP_SCOPE, "BODY");
return p;
}
private Properties bodyEncryptProps() {
return bodyDecryptProps();
}
private Properties fieldDecryptProps(String fromPath, String toPath) {
Properties p = new Properties();
p.setProperty(AbstractCryptoFilter.PROP_MODULE_NAME, MODULE);
p.setProperty(AbstractCryptoFilter.PROP_SCOPE, "FIELD");
p.setProperty(AbstractCryptoFilter.PROP_DEC_FROM_PATH, fromPath);
p.setProperty(AbstractCryptoFilter.PROP_DEC_TO_PATH, toPath);
return p;
}
private Properties fieldEncryptProps(String fromPath, String toPath) {
Properties p = new Properties();
p.setProperty(AbstractCryptoFilter.PROP_MODULE_NAME, MODULE);
p.setProperty(AbstractCryptoFilter.PROP_SCOPE, "FIELD");
p.setProperty(AbstractCryptoFilter.PROP_ENC_FROM_PATH, fromPath);
p.setProperty(AbstractCryptoFilter.PROP_ENC_TO_PATH, toPath);
return p;
}
}
@@ -0,0 +1,103 @@
package com.eactive.eai.agent.inflow;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.test.util.ReflectionTestUtils;
import com.eactive.eai.agent.command.CommandException;
import com.eactive.eai.common.inflow.InflowControlManager;
import com.eactive.eai.common.inflow.InflowControlUtil;
import com.eactive.eai.common.inflow.dual.ClientDualInflowControlManager;
/**
* ReloadInflowClientControlCommand 단위 테스트.
*
* <p>InflowControlUtil의 cachedInflowControlManager 필드에 mock을 직접 주입하여
* PropManager/ApplicationContext 없이 동작을 검증한다.
*/
class ReloadInflowClientControlCommandTest {
private ClientDualInflowControlManager mockDualManager;
@BeforeEach
void setUp() {
mockDualManager = mock(ClientDualInflowControlManager.class);
ReflectionTestUtils.setField(InflowControlUtil.class, "cachedInflowControlManager", null);
}
@AfterEach
void tearDown() {
ReflectionTestUtils.setField(InflowControlUtil.class, "cachedInflowControlManager", null);
}
private ReloadInflowClientControlCommand commandWith(Object args) {
ReloadInflowClientControlCommand cmd = new ReloadInflowClientControlCommand();
cmd.setArgs(args);
return cmd;
}
// =========================================================================
// args 타입 검증 실패
// =========================================================================
@Test
void execute_argsIsInteger_throwsCommandException() {
// args 검증이 getInflowControlManager() 호출 이전에 발생하므로 캐시 설정 불필요
assertThrows(CommandException.class, commandWith(Integer.valueOf(1))::execute);
}
// =========================================================================
// ClientDualInflowControlManager 비활성
// =========================================================================
@Test
void execute_notClientDualManager_throwsCommandException() {
InflowControlManager baseMgr = mock(InflowControlManager.class);
ReflectionTestUtils.setField(InflowControlUtil.class, "cachedInflowControlManager", baseMgr);
assertThrows(CommandException.class, commandWith("CLIENT_A")::execute);
}
// =========================================================================
// 전체 재로드 (ALL)
// =========================================================================
@Test
void execute_argsIsALL_callsReloadClientNoArgs() throws Exception {
ReflectionTestUtils.setField(InflowControlUtil.class, "cachedInflowControlManager", mockDualManager);
Object result = commandWith("ALL").execute();
assertEquals("success", result);
verify(mockDualManager).reloadClient();
verify(mockDualManager, never()).reloadClient(anyString());
}
// =========================================================================
// 개별 재로드 (ClientId)
// =========================================================================
@Test
void execute_argsIsClientId_callsReloadClientWithId() throws Exception {
ReflectionTestUtils.setField(InflowControlUtil.class, "cachedInflowControlManager", mockDualManager);
Object result = commandWith("CLIENT_A").execute();
assertEquals("success", result);
verify(mockDualManager).reloadClient("CLIENT_A");
verify(mockDualManager, never()).reloadClient();
}
@Test
void execute_differentClientId_callsReloadClientWithThatId() throws Exception {
ReflectionTestUtils.setField(InflowControlUtil.class, "cachedInflowControlManager", mockDualManager);
commandWith("CLIENT_B").execute();
verify(mockDualManager).reloadClient("CLIENT_B");
}
}
@@ -0,0 +1,96 @@
package com.eactive.eai.agent.inflow;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.test.util.ReflectionTestUtils;
import com.eactive.eai.agent.command.CommandException;
import com.eactive.eai.common.inflow.InflowControlManager;
import com.eactive.eai.common.inflow.InflowControlUtil;
import com.eactive.eai.common.inflow.dual.ClientDualInflowControlManager;
/**
* RemoveInflowClientControlCommand 단위 테스트.
*
* <p>InflowControlUtil의 cachedInflowControlManager 필드에 mock을 직접 주입하여
* PropManager/ApplicationContext 없이 동작을 검증한다.
*/
class RemoveInflowClientControlCommandTest {
private ClientDualInflowControlManager mockDualManager;
@BeforeEach
void setUp() {
mockDualManager = mock(ClientDualInflowControlManager.class);
ReflectionTestUtils.setField(InflowControlUtil.class, "cachedInflowControlManager", null);
}
@AfterEach
void tearDown() {
ReflectionTestUtils.setField(InflowControlUtil.class, "cachedInflowControlManager", null);
}
private RemoveInflowClientControlCommand commandWith(Object args) {
RemoveInflowClientControlCommand cmd = new RemoveInflowClientControlCommand();
cmd.setArgs(args);
return cmd;
}
// =========================================================================
// args 타입 검증 실패
// =========================================================================
@Test
void execute_argsIsInteger_throwsCommandException() {
assertThrows(CommandException.class, commandWith(Integer.valueOf(1))::execute);
}
// =========================================================================
// ClientDualInflowControlManager 비활성
// =========================================================================
@Test
void execute_notClientDualManager_throwsCommandException() {
InflowControlManager baseMgr = mock(InflowControlManager.class);
ReflectionTestUtils.setField(InflowControlUtil.class, "cachedInflowControlManager", baseMgr);
assertThrows(CommandException.class, commandWith("CLIENT_A")::execute);
}
// =========================================================================
// 정상 제거
// =========================================================================
@Test
void execute_validClientId_callsRemoveClient() throws CommandException {
ReflectionTestUtils.setField(InflowControlUtil.class, "cachedInflowControlManager", mockDualManager);
Object result = commandWith("CLIENT_A").execute();
assertEquals("success", result);
verify(mockDualManager).removeClient("CLIENT_A");
}
@Test
void execute_differentClientId_callsRemoveClientWithThatId() throws Exception {
ReflectionTestUtils.setField(InflowControlUtil.class, "cachedInflowControlManager", mockDualManager);
commandWith("CLIENT_B").execute();
verify(mockDualManager).removeClient("CLIENT_B");
}
@Test
void execute_validClientId_doesNotCallReload() throws Exception {
ReflectionTestUtils.setField(InflowControlUtil.class, "cachedInflowControlManager", mockDualManager);
commandWith("CLIENT_A").execute();
verify(mockDualManager, never()).reloadClient();
verify(mockDualManager, never()).reloadClient(anyString());
}
}
@@ -0,0 +1,450 @@
package com.eactive.eai.common.circuitBreaker.type;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*;
import java.lang.reflect.Field;
import java.util.Arrays;
import java.util.Collections;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.MethodOrderer;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestMethodOrder;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.context.support.GenericApplicationContext;
import com.eactive.eai.common.property.PropManager;
import com.eactive.eai.common.util.ApplicationContextProvider;
import io.github.resilience4j.circuitbreaker.CallNotPermittedException;
import io.github.resilience4j.circuitbreaker.CircuitBreaker;
/**
* TypedCircuitBreakerManager 단위 테스트
*
* DB / Spring 컨텍스트 없이 동작한다.
* - PropManager : Mockito Mock (DB 없이 설정값 반환)
* - TypedCircuitBreakerDAO : Mockito Mock (JPA 없이 VO 반환)
* - Spring Bean : GenericApplicationContext 수동 구성
*
* 테스트 격리:
* 테스트는 고유한 apiId 사용하거나 manager.reload() 레지스트리를 초기화한다.
* manager.reload() CircuitBreakerRegistry 새로 생성하므로 이전 상태가 제거된다.
*/
@TestMethodOrder(MethodOrderer.DisplayName.class)
class TypedCircuitBreakerManagerTest {
// 슬라이딩 윈도우·최소 호출을 4로 설정해 빠른 상태 전이를 유도한다.
private static final int DEFAULT_FAILURE_RATE = 50;
private static final int DEFAULT_SLIDING_WINDOW = 4;
private static final int DEFAULT_MIN_CALLS = 4;
private static final int DEFAULT_WAIT_DURATION_SEC = 1; // OPEN 대기 1초 (테스트용)
private static final int DEFAULT_HALF_OPEN_PERMITS = 2;
private static final int DEFAULT_SLOW_RATE = 100;
private static final int DEFAULT_SLOW_DURATION_SEC = 5;
private static GenericApplicationContext ctx;
private static PropManager mockPropManager;
private static TypedCircuitBreakerDAO mockDao;
private static TypedCircuitBreakerManager manager;
// -------------------------------------------------------------------------
// 픽스처 설정 / 해제
// -------------------------------------------------------------------------
@BeforeAll
static void setUpClass() throws Exception {
mockPropManager = mock(PropManager.class);
mockDao = mock(TypedCircuitBreakerDAO.class);
setupDefaultPropManagerMock();
when(mockDao.getList()).thenReturn(Collections.emptyList());
// TypedCircuitBreakerManager 인스턴스 생성 DAO 리플렉션 주입
manager = new TypedCircuitBreakerManager();
injectField(manager, "dao", mockDao);
// DB / Spring 없이 최소 컨텍스트 구성
ctx = new GenericApplicationContext();
ctx.getBeanFactory().registerSingleton("propManager", mockPropManager);
ctx.getBeanFactory().registerSingleton("typedCircuitBreakerManager", manager);
ctx.registerBeanDefinition("applicationContextProvider",
BeanDefinitionBuilder.genericBeanDefinition(ApplicationContextProvider.class)
.getBeanDefinition());
ctx.refresh();
manager.start();
}
@AfterAll
static void tearDownClass() {
if (ctx != null) ctx.close();
}
@BeforeEach
void resetMocks() throws Exception {
reset(mockDao);
setupDefaultPropManagerMock();
when(mockDao.getList()).thenReturn(Collections.emptyList());
}
// -------------------------------------------------------------------------
// 헬퍼
// -------------------------------------------------------------------------
private static void setupDefaultPropManagerMock() {
when(mockPropManager.getProperty("CircuitBreaker", "failureRateThreshold"))
.thenReturn(String.valueOf(DEFAULT_FAILURE_RATE));
when(mockPropManager.getProperty("CircuitBreaker", "slidingWindowSize"))
.thenReturn(String.valueOf(DEFAULT_SLIDING_WINDOW));
when(mockPropManager.getProperty("CircuitBreaker", "minimumNumberOfCalls"))
.thenReturn(String.valueOf(DEFAULT_MIN_CALLS));
when(mockPropManager.getProperty("CircuitBreaker", "waitDurationInOpenState"))
.thenReturn(String.valueOf(DEFAULT_WAIT_DURATION_SEC));
when(mockPropManager.getProperty("CircuitBreaker", "permittedNumberOfCallsInHalfOpenState"))
.thenReturn(String.valueOf(DEFAULT_HALF_OPEN_PERMITS));
when(mockPropManager.getProperty("CircuitBreaker", "slowCallRateThreshold"))
.thenReturn(String.valueOf(DEFAULT_SLOW_RATE));
when(mockPropManager.getProperty("CircuitBreaker", "slowCallDurationThreshold"))
.thenReturn(String.valueOf(DEFAULT_SLOW_DURATION_SEC));
when(mockPropManager.getProperty("CircuitBreaker", "useYn", "N")).thenReturn("1");
}
private static void injectField(Object target, String fieldName, Object value) throws Exception {
Field field = target.getClass().getDeclaredField(fieldName);
field.setAccessible(true);
field.set(target, value);
}
/** 테스트용 TypedCircuitBreakerVO 생성 (기본 설정값 사용) */
private TypedCircuitBreakerVO buildVo(String id, String apiId, String useYn) {
return TypedCircuitBreakerVO.builder()
.id(id).name(apiId).type("COUNT_BASED").desc(apiId + " 테스트 설정")
.failureRateThreshold(DEFAULT_FAILURE_RATE)
.slidingWindowSize(DEFAULT_SLIDING_WINDOW)
.minimumNumberOfCalls(DEFAULT_MIN_CALLS)
.waitDurationInOpenState(DEFAULT_WAIT_DURATION_SEC)
.permittedNumberOfCallsInHalfOpenState(DEFAULT_HALF_OPEN_PERMITS)
.slowCallRateThreshold(DEFAULT_SLOW_RATE)
.slowCallDurationThreshold(DEFAULT_SLOW_DURATION_SEC)
.useYn(useYn)
.build();
}
/** CB를 count 회 실패 처리한다 */
private void recordFailures(CircuitBreaker cb, int count) {
for (int i = 0; i < count; i++) {
try {
cb.executeCallable(() -> { throw new RuntimeException("테스트 강제 오류"); });
} catch (Exception ignored) {}
}
}
// =========================================================================
// 1. getCircuitBreaker - 기본 조회 동작
// =========================================================================
@Test
@DisplayName("1-1. 등록된 apiId → 해당 설정의 CircuitBreaker 반환")
void testGetCircuitBreaker_registeredApiId_returnsTypedCircuitBreaker() throws Exception {
when(mockDao.getList()).thenReturn(Arrays.asList(buildVo("uuid-001", "API_REG", "1")));
manager.reload();
CircuitBreaker cb = manager.getCircuitBreaker("API_REG");
assertNotNull(cb);
assertEquals("API_REG", cb.getName());
}
@Test
@DisplayName("1-2. 미등록 apiId → default CircuitBreaker 로 fallback")
void testGetCircuitBreaker_unregisteredApiId_returnsDefaultCircuitBreaker() throws Exception {
when(mockDao.getList()).thenReturn(Collections.emptyList());
manager.reload();
CircuitBreaker cb = manager.getCircuitBreaker("API_UNKNOWN");
assertNotNull(cb, "미등록 apiId 는 default CB 를 반환해야 한다");
assertEquals("default", cb.getName());
}
@Test
@DisplayName("1-3. useYn=0 인 apiId → default CircuitBreaker 로 fallback")
void testGetCircuitBreaker_disabledApiId_returnsDefaultCircuitBreaker() throws Exception {
when(mockDao.getList()).thenReturn(Arrays.asList(buildVo("uuid-002", "API_DISABLED", "0")));
manager.reload();
CircuitBreaker cb = manager.getCircuitBreaker("API_DISABLED");
assertNotNull(cb, "비활성 apiId 는 default CB 로 fallback 되어야 한다");
assertEquals("default", cb.getName());
}
@Test
@DisplayName("1-4. apiId 도 default 도 비활성(useYn=0) → null 반환")
void testGetCircuitBreaker_defaultDisabled_returnsNull() throws Exception {
when(mockPropManager.getProperty("CircuitBreaker", "useYn", "N")).thenReturn("0");
when(mockDao.getList()).thenReturn(Collections.emptyList());
manager.reload();
CircuitBreaker cb = manager.getCircuitBreaker("ANY_API");
assertNull(cb, "default 도 비활성이면 null 을 반환해야 한다");
}
@Test
@DisplayName("1-5. PropManager useYn=Y → normalizeUseYn 으로 '1' 정규화 → default 활성")
void testGetCircuitBreaker_defaultUseYn_Y_isNormalizedToEnabled() throws Exception {
when(mockPropManager.getProperty("CircuitBreaker", "useYn", "N")).thenReturn("Y");
when(mockDao.getList()).thenReturn(Collections.emptyList());
manager.reload();
CircuitBreaker cb = manager.getCircuitBreaker("ANY_API");
assertNotNull(cb, "PropManager useYn=Y 는 활성으로 정규화되어야 한다");
assertEquals("default", cb.getName());
}
// =========================================================================
// 2. apiId 독립성
// =========================================================================
@Test
@DisplayName("2-1. 서로 다른 apiId → 독립적인 CircuitBreaker 인스턴스 반환")
void testDifferentApiIds_haveIndependentCircuitBreakerInstances() throws Exception {
when(mockDao.getList()).thenReturn(Arrays.asList(
buildVo("uuid-A", "API_INDEP_A", "1"),
buildVo("uuid-B", "API_INDEP_B", "1")));
manager.reload();
CircuitBreaker cbA = manager.getCircuitBreaker("API_INDEP_A");
CircuitBreaker cbB = manager.getCircuitBreaker("API_INDEP_B");
assertNotNull(cbA);
assertNotNull(cbB);
assertNotSame(cbA, cbB, "서로 다른 apiId 는 다른 CB 인스턴스여야 한다");
assertEquals("API_INDEP_A", cbA.getName());
assertEquals("API_INDEP_B", cbB.getName());
}
@Test
@DisplayName("2-2. API_A 실패 → OPEN, API_B 는 CLOSED 유지 (상태 격리)")
void testDifferentApiIds_statesAreIsolated() throws Exception {
when(mockDao.getList()).thenReturn(Arrays.asList(
buildVo("uuid-ISO-A", "API_ISO_A", "1"),
buildVo("uuid-ISO-B", "API_ISO_B", "1")));
manager.reload();
CircuitBreaker cbA = manager.getCircuitBreaker("API_ISO_A");
CircuitBreaker cbB = manager.getCircuitBreaker("API_ISO_B");
// API_ISO_A minimumNumberOfCalls=4 실패
recordFailures(cbA, 4);
assertEquals(CircuitBreaker.State.OPEN, cbA.getState(), "API_ISO_A 는 OPEN 이어야 한다");
assertEquals(CircuitBreaker.State.CLOSED, cbB.getState(), "API_ISO_B 는 CLOSED 를 유지해야 한다");
}
// =========================================================================
// 3. 상태 전이
// =========================================================================
@Test
@DisplayName("3-1. 실패율 50% 초과(4/4 실패) → CLOSED → OPEN")
void testCircuitBreaker_closedToOpen_afterFailureThresholdExceeded() throws Exception {
when(mockDao.getList()).thenReturn(Arrays.asList(buildVo("uuid-ST-001", "API_ST_OPEN", "1")));
manager.reload();
CircuitBreaker cb = manager.getCircuitBreaker("API_ST_OPEN");
assertEquals(CircuitBreaker.State.CLOSED, cb.getState(), "초기 상태는 CLOSED 여야 한다");
// minimumNumberOfCalls=4, failureRateThreshold=50% 4/4 실패(100%) OPEN
recordFailures(cb, 4);
assertEquals(CircuitBreaker.State.OPEN, cb.getState(), "실패율 초과 시 OPEN 상태여야 한다");
}
@Test
@DisplayName("3-2. 실패율 미달(1/4 실패, 25%) → CLOSED 유지")
void testCircuitBreaker_belowFailureThreshold_remainsClosed() throws Exception {
when(mockDao.getList()).thenReturn(Arrays.asList(buildVo("uuid-ST-002", "API_ST_BELOW", "1")));
manager.reload();
CircuitBreaker cb = manager.getCircuitBreaker("API_ST_BELOW");
// 4회 3회 성공, 1회 실패 실패율 25% < 50% CLOSED 유지
// Resilience4j >= 비교: 50% >= 50% OPEN 이므로 25% 낮춰야 CLOSED 유지
try { cb.executeCallable(() -> "성공"); } catch (Exception ignored) {}
try { cb.executeCallable(() -> "성공"); } catch (Exception ignored) {}
try { cb.executeCallable(() -> "성공"); } catch (Exception ignored) {}
recordFailures(cb, 1);
assertEquals(CircuitBreaker.State.CLOSED, cb.getState(), "실패율 25% (< threshold 50%) 이면 CLOSED 를 유지해야 한다");
}
@Test
@DisplayName("3-3. CB OPEN 상태 → 모든 요청 즉시 차단 (CallNotPermittedException)")
void testCircuitBreaker_open_blocksAllRequests() throws Exception {
when(mockDao.getList()).thenReturn(Arrays.asList(buildVo("uuid-ST-003", "API_ST_BLOCK", "1")));
manager.reload();
CircuitBreaker cb = manager.getCircuitBreaker("API_ST_BLOCK");
recordFailures(cb, 4);
assertEquals(CircuitBreaker.State.OPEN, cb.getState());
assertThrows(CallNotPermittedException.class,
() -> cb.executeCallable(() -> "도달하면 안 됨"),
"OPEN 상태에서 CallNotPermittedException 이 발생해야 한다");
}
@Test
@DisplayName("3-4. OPEN → waitDuration(1초) 경과 → 첫 요청 시 HALF_OPEN 전이")
void testCircuitBreaker_open_transitionsToHalfOpenAfterWaitDuration() throws Exception {
when(mockDao.getList()).thenReturn(Arrays.asList(buildVo("uuid-ST-004", "API_ST_HALFOPEN", "1")));
manager.reload();
CircuitBreaker cb = manager.getCircuitBreaker("API_ST_HALFOPEN");
recordFailures(cb, 4);
assertEquals(CircuitBreaker.State.OPEN, cb.getState());
// waitDurationInOpenState = 1초 대기 요청 HALF_OPEN 전이
Thread.sleep(1200);
try { cb.executeCallable(() -> "HALF_OPEN 트리거"); } catch (Exception ignored) {}
assertEquals(CircuitBreaker.State.HALF_OPEN, cb.getState(),
"waitDuration 경과 후 첫 요청 시 HALF_OPEN 상태여야 한다");
}
@Test
@DisplayName("3-5. HALF_OPEN → 성공(permittedCalls=2회) → CLOSED 복구")
void testCircuitBreaker_halfOpen_transitionsToClosedOnSuccess() throws Exception {
when(mockDao.getList()).thenReturn(Arrays.asList(buildVo("uuid-ST-005", "API_ST_RECOVER", "1")));
manager.reload();
CircuitBreaker cb = manager.getCircuitBreaker("API_ST_RECOVER");
recordFailures(cb, 4);
Thread.sleep(1200);
// HALF_OPEN 에서 permittedNumberOfCallsInHalfOpenState=2 성공
for (int i = 0; i < DEFAULT_HALF_OPEN_PERMITS; i++) {
final String result = cb.executeCallable(() -> "성공");
assertEquals("성공", result);
}
assertEquals(CircuitBreaker.State.CLOSED, cb.getState(),
"HALF_OPEN 에서 허용 호출 수 이상 성공하면 CLOSED 로 복구되어야 한다");
}
@Test
@DisplayName("3-6. HALF_OPEN → 실패 → 다시 OPEN 재전이")
void testCircuitBreaker_halfOpen_transitionsBackToOpenOnFailure() throws Exception {
when(mockDao.getList()).thenReturn(Arrays.asList(buildVo("uuid-ST-006", "API_ST_REOPEN", "1")));
manager.reload();
CircuitBreaker cb = manager.getCircuitBreaker("API_ST_REOPEN");
recordFailures(cb, 4);
Thread.sleep(1200);
// HALF_OPEN 에서 permittedNumberOfCallsInHalfOpenState=2 모두 실패해야 OPEN 으로 재전이된다.
// Resilience4j 허용 호출 (2회) 모두 소진한 후에 실패율을 평가하므로
// 1회만 실패하면 HALF_OPEN 상태가 유지된다.
recordFailures(cb, DEFAULT_HALF_OPEN_PERMITS);
assertEquals(CircuitBreaker.State.OPEN, cb.getState(),
"HALF_OPEN 에서 허용 호출 수(2회) 모두 실패하면 다시 OPEN 으로 전이되어야 한다");
}
// =========================================================================
// 4. reload
// =========================================================================
@Test
@DisplayName("4-1. reload(key) → CircuitBreakerConfig 갱신 (waitDuration 1초 → 60초)")
void testReload_key_updatesCircuitBreakerConfig() throws Exception {
when(mockDao.getList()).thenReturn(Arrays.asList(buildVo("uuid-RLD-001", "API_RELOAD", "1")));
manager.reload();
// waitDurationInOpenState 60초로 변경
TypedCircuitBreakerVO updated = TypedCircuitBreakerVO.builder()
.id("uuid-RLD-001").name("API_RELOAD").type("COUNT_BASED")
.failureRateThreshold(50).slidingWindowSize(4).minimumNumberOfCalls(4)
.waitDurationInOpenState(60)
.permittedNumberOfCallsInHalfOpenState(2)
.slowCallRateThreshold(100).slowCallDurationThreshold(5)
.useYn("1").build();
when(mockDao.get("uuid-RLD-001")).thenReturn(updated);
manager.reload("uuid-RLD-001");
CircuitBreaker cb = manager.getCircuitBreaker("API_RELOAD");
assertEquals(60,
cb.getCircuitBreakerConfig().getWaitDurationInOpenState().getSeconds(),
"reload 후 waitDurationInOpenState 가 60초로 갱신되어야 한다");
}
@Test
@DisplayName("4-2. reload(key) useYn=0 → 맵에서 제거 → default fallback")
void testReload_key_disabledVo_removesFromMap() throws Exception {
when(mockDao.getList()).thenReturn(Arrays.asList(buildVo("uuid-RLD-002", "API_RM", "1")));
manager.reload();
assertEquals("API_RM", manager.getCircuitBreaker("API_RM").getName());
// useYn=0 으로 비활성화
TypedCircuitBreakerVO disabled = TypedCircuitBreakerVO.builder()
.id("uuid-RLD-002").name("API_RM").type("COUNT_BASED")
.failureRateThreshold(50).slidingWindowSize(4).minimumNumberOfCalls(4)
.waitDurationInOpenState(1).permittedNumberOfCallsInHalfOpenState(2)
.slowCallRateThreshold(100).slowCallDurationThreshold(5)
.useYn("0").build();
when(mockDao.get("uuid-RLD-002")).thenReturn(disabled);
manager.reload("uuid-RLD-002");
CircuitBreaker cb = manager.getCircuitBreaker("API_RM");
assertEquals("default", cb.getName(),
"비활성화된 CB 는 맵에서 제거 후 default 로 fallback 되어야 한다");
}
@Test
@DisplayName("4-3. reload() 전체 → CircuitBreakerRegistry 재생성으로 이전 CB 상태 초기화")
void testReload_all_refreshesAllCircuitBreakers() throws Exception {
// 초기: API_FULL_A 등록 OPEN 상태로 만들기
when(mockDao.getList()).thenReturn(Arrays.asList(buildVo("uuid-FULL-A", "API_FULL_A", "1")));
manager.reload();
CircuitBreaker cbA = manager.getCircuitBreaker("API_FULL_A");
recordFailures(cbA, 4);
assertEquals(CircuitBreaker.State.OPEN, cbA.getState(), "전체 reload 전 API_FULL_A 는 OPEN 이어야 한다");
// 전체 reload CircuitBreakerRegistry 재생성
// init() apiIdCBConfigMap 초기화하지 않으므로 API_FULL_A 맵에 남아있다.
// 하지만 레지스트리를 생성하므로 CB 상태(OPEN) 초기화(CLOSED)된다.
when(mockDao.getList()).thenReturn(Arrays.asList(
buildVo("uuid-FULL-A", "API_FULL_A", "1"),
buildVo("uuid-FULL-B", "API_FULL_B", "1")));
manager.reload();
// 레지스트리 재생성으로 API_FULL_A CB 상태가 CLOSED 초기화되어야 한다
CircuitBreaker cbAAfter = manager.getCircuitBreaker("API_FULL_A");
assertEquals(CircuitBreaker.State.CLOSED, cbAAfter.getState(),
"전체 reload 후 CircuitBreakerRegistry 재생성으로 이전 CB 상태가 CLOSED 로 초기화되어야 한다");
// apiId 정상 등록
assertEquals("API_FULL_B", manager.getCircuitBreaker("API_FULL_B").getName(),
"전체 reload 후 새 apiId 는 정상 등록되어야 한다");
}
// =========================================================================
// 5. 생명주기
// =========================================================================
@Test
@DisplayName("5-1. start() 후 isStarted() = true")
void testIsStarted_afterStart_returnsTrue() {
assertTrue(manager.isStarted(), "start() 후 isStarted() 는 true 여야 한다");
}
}
@@ -0,0 +1,158 @@
package com.eactive.eai.common.hsm;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
import java.io.File;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.Provider;
import java.security.Security;
import java.util.Enumeration;
import java.util.concurrent.TimeUnit;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.MethodOrderer;
import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestMethodOrder;
/**
* SoftHSM2 마스터키 등록 유틸리티 테스트.
*
* 용도: CryptoModuleConfig.keyDerivParams hsmKeyAlias 대응하는
* AES-256 마스터키를 SoftHSM2 토큰에 등록한다.
*
* 사전 조건:
* C:\SoftHSM2 SoftHSM2 설치
* (토큰이 없으면 자동 초기화, 있으면 기존 토큰 재사용)
*
* 실행 확인:
* softhsm2-util.exe --show-slots
* 또는 pkcs11-tool --list-objects (OpenSC 설치 )
*/
@TestMethodOrder(MethodOrderer.OrderAnnotation.class)
public class HsmKeyRegisterUtil {
private static final String SOFTHSM2_DLL = "C:/SoftHSM2/lib/softhsm2-x64.dll";
private static final String SOFTHSM2_UTIL = "C:/SoftHSM2/bin/softhsm2-util.exe";
private static final String TOKEN_LABEL = "eapim-test";
private static final String PIN = "1234";
/** DB CryptoModuleConfig.keyDerivParams.hsmKeyAlias 와 반드시 일치해야 한다. */
private static final String MASTER_KEY_ALIAS = "MASTER_KEY";
private static Provider provider;
private static KeyStore keyStore;
@BeforeAll
static void setUp() throws Exception {
System.setProperty("SOFTHSM2_CONF", "C:\\SoftHSM2\\etc\\softhsm2.conf");
assumeTrue(new File(SOFTHSM2_DLL).exists(),
"SoftHSM2 미설치 (C:/SoftHSM2) - 테스트 건너뜀");
ensureTokenInitialized();
String cfgContent = "name = SoftHSM\n"
+ "library = " + SOFTHSM2_DLL + "\n"
+ "slotListIndex = 0\n";
provider = HsmManager.createProvider(cfgContent);
Provider existing = Security.getProvider(provider.getName());
if (existing != null) Security.removeProvider(existing.getName());
Security.addProvider(provider);
keyStore = KeyStore.getInstance("PKCS11", provider);
keyStore.load(null, PIN.toCharArray());
}
// ------------------------------------------------------------------
// 1. 현재 등록된 목록 출력
// ------------------------------------------------------------------
@Test
@Order(1)
void listKeys() throws Exception {
System.out.println("=== HSM 키 목록 ===");
Enumeration<String> aliases = keyStore.aliases();
if (!aliases.hasMoreElements()) {
System.out.println(" (등록된 키 없음)");
}
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
String type = keyStore.isKeyEntry(alias) ? "KEY" : "CERT";
System.out.println(" [" + type + "] " + alias);
}
System.out.println("==================");
}
// ------------------------------------------------------------------
// 2. 마스터키 등록 (없는 경우에만)
// ------------------------------------------------------------------
@Test
@Order(2)
void registerMasterKey() throws Exception {
if (keyStore.containsAlias(MASTER_KEY_ALIAS)) {
System.out.println("[SKIP] 이미 등록됨: " + MASTER_KEY_ALIAS);
return;
}
KeyGenerator kg = KeyGenerator.getInstance("AES", provider);
kg.init(256);
SecretKey sk = kg.generateKey();
keyStore.setKeyEntry(MASTER_KEY_ALIAS, sk, null, null);
System.out.println("[OK] AES-256 마스터키 등록 완료: alias=" + MASTER_KEY_ALIAS);
}
// ------------------------------------------------------------------
// 3. 등록 조회 확인
// ------------------------------------------------------------------
@Test
@Order(3)
void verifyMasterKey() throws Exception {
keyStore.load(null, PIN.toCharArray()); // 갱신
assert keyStore.containsAlias(MASTER_KEY_ALIAS)
: "마스터키 등록 실패: " + MASTER_KEY_ALIAS;
SecretKey sk = (SecretKey) keyStore.getKey(MASTER_KEY_ALIAS, null);
assert sk != null : "키 조회 실패";
assert "AES".equals(sk.getAlgorithm()) : "알고리즘 불일치: " + sk.getAlgorithm();
System.out.println("[OK] 마스터키 조회 성공: alias=" + MASTER_KEY_ALIAS
+ " / algorithm=" + sk.getAlgorithm());
}
// ------------------------------------------------------------------
// 헬퍼
// ------------------------------------------------------------------
private static void ensureTokenInitialized() throws Exception {
ProcessBuilder pb = new ProcessBuilder(
SOFTHSM2_UTIL, "--init-token", "--free",
"--label", TOKEN_LABEL,
"--pin", PIN,
"--so-pin", PIN);
pb.redirectErrorStream(true);
Process p = pb.start();
String out = readOutput(p);
p.waitFor(10, TimeUnit.SECONDS);
System.out.println("[SoftHSM2] init-token: " + out.trim());
}
private static String readOutput(Process p) throws Exception {
InputStream is = p.getInputStream();
byte[] buf = new byte[4096];
StringBuilder sb = new StringBuilder();
int len;
while ((len = is.read(buf)) != -1) {
sb.append(new String(buf, 0, len, "UTF-8"));
}
return sb.toString();
}
}
@@ -0,0 +1,304 @@
package com.eactive.eai.common.hsm;
import static org.junit.jupiter.api.Assertions.*;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
import java.io.File;
import java.io.InputStream;
import java.lang.reflect.Constructor;
import java.nio.file.Files;
import java.security.PublicKey;
import java.util.concurrent.TimeUnit;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.MethodOrderer;
import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestMethodOrder;
import org.mockito.Mockito;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.context.support.GenericApplicationContext;
import com.eactive.eai.common.property.PropManager;
import com.eactive.eai.common.util.ApplicationContextProvider;
/**
* HsmManager / HsmCryptoService 통합 테스트 (JDK 8 / SunPKCS11 / SoftHSM2)
*
* 사전 조건:
* SoftHSM2 설치: https://github.com/disig/SoftHSM2-for-Windows/releases
* C:\SoftHSM2 설치 (미설치 테스트 자동 건너뜀)
*
* PropManager DB 없이 Mockito Mock 으로 대체하여 테스트합니다.
*/
@TestMethodOrder(MethodOrderer.OrderAnnotation.class)
public class HsmManagerServiceTest {
private static final String SOFTHSM2_DLL = "C:/SoftHSM2/lib/softhsm2-x64.dll";
private static final String SOFTHSM2_UTIL = "C:/SoftHSM2/bin/softhsm2-util.exe";
private static final String TOKEN_LABEL = "eapim-test";
private static final String PIN = "1234";
private static final String RSA_ALIAS = "test-rsa-key";
private static final String AES_ALIAS = "test-aes-key";
private static HsmManager hsmManager;
private static HsmCryptoService hsmCryptoService;
private static GenericApplicationContext springContext;
private static File tempCfgFile;
// -------------------------------------------------------------------------
// 설정 / 해제
// -------------------------------------------------------------------------
@BeforeAll
static void setUp() throws Exception {
System.setProperty("SOFTHSM2_CONF", "C:\\SoftHSM2\\etc\\softhsm2.conf");
assumeTrue(new File(SOFTHSM2_DLL).exists(),
"SoftHSM2 미설치 (C:/SoftHSM2) - 테스트 건너뜀");
// 1. 토큰 초기화 (없으면 신규 생성, 있으면 기존 사용)
ensureTokenInitialized();
// 2. PKCS11 설정 문자열 구성 (slotListIndex = 0 번째 초기화 토큰)
String cfgContent = "name = SoftHSM\n"
+ "library = " + SOFTHSM2_DLL.replace("\\", "/") + "\n"
+ "slotListIndex = 0\n";
// keytool 호출 파일 경로가 필요하므로 임시 파일에도 저장
tempCfgFile = File.createTempFile("pkcs11-svc-test-", ".cfg");
Files.write(tempCfgFile.toPath(), cfgContent.getBytes("UTF-8"));
// 3. PropManager Mock - DB 없이 HSM 설정값 반환
PropManager mockPropManager = Mockito.mock(PropManager.class);
Mockito.when(mockPropManager.getProperty("HSM", "PKCS11_CONFIG")).thenReturn(cfgContent);
Mockito.when(mockPropManager.getProperty("HSM", "PIN")).thenReturn(PIN);
// 4. HsmManager 인스턴스 생성 (private 생성자 리플렉션)
Constructor<HsmManager> ctor = HsmManager.class.getDeclaredConstructor();
ctor.setAccessible(true);
hsmManager = ctor.newInstance();
// 5. Spring ApplicationContext 구성
// ApplicationContextProvider.context 세팅하여
// HsmManager.getInstance() / PropManager.getInstance() 동작하게
springContext = new GenericApplicationContext();
springContext.getBeanFactory().registerSingleton("propManager", mockPropManager);
springContext.getBeanFactory().registerSingleton("hsmManager", hsmManager);
springContext.registerBeanDefinition("applicationContextProvider",
BeanDefinitionBuilder.genericBeanDefinition(ApplicationContextProvider.class)
.getBeanDefinition());
springContext.refresh();
// 6. HsmManager 시작 (SunPKCS11 Provider 초기화 + KeyStore 오픈)
hsmManager.start();
assertTrue(hsmManager.isReady(), "HsmManager 초기화 실패");
System.out.println("[HsmManager] 초기화 완료. provider=" + hsmManager.getPkcs11Provider().getName());
// 7. RSA 키쌍 생성 (없는 경우에만)
if (!hsmManager.getKeyStore().containsAlias(RSA_ALIAS)) {
generateRsaKeyPair();
hsmManager.getKeyStore().load(null, PIN.toCharArray()); // keytool 결과 반영
}
// 8. AES 생성 (없는 경우에만)
if (!hsmManager.getKeyStore().containsAlias(AES_ALIAS)) {
generateAesKey();
}
// 9. HsmCryptoService 생성 (HsmManager.getInstance() 내부에서 사용)
hsmCryptoService = new HsmCryptoService();
}
@AfterAll
static void tearDown() throws Exception {
if (hsmManager != null && hsmManager.isStarted()) {
hsmManager.stop();
}
if (springContext != null) {
springContext.close();
}
if (tempCfgFile != null) {
tempCfgFile.delete();
}
}
// -------------------------------------------------------------------------
// 테스트: HsmManager 상태
// -------------------------------------------------------------------------
@Test
@Order(1)
void testHsmManagerReady() {
assertTrue(hsmManager.isReady());
assertNotNull(hsmManager.getPkcs11Provider());
assertNotNull(hsmManager.getKeyStore());
System.out.println("[HsmManager] isReady=true / provider="
+ hsmManager.getPkcs11Provider().getName());
}
// -------------------------------------------------------------------------
// 테스트: HsmCryptoService - 조회
// -------------------------------------------------------------------------
@Test
@Order(2)
void testGetPublicKey() throws Exception {
PublicKey pk = hsmCryptoService.getPublicKey(RSA_ALIAS);
assertNotNull(pk);
assertEquals("RSA", pk.getAlgorithm());
System.out.println("[HsmCryptoService] getPublicKey: algorithm=" + pk.getAlgorithm()
+ " / format=" + pk.getFormat());
}
@Test
@Order(3)
void testGetSecretKey() throws Exception {
SecretKey sk = hsmCryptoService.getSecretKey(AES_ALIAS);
assertNotNull(sk);
assertEquals("AES", sk.getAlgorithm());
System.out.println("[HsmCryptoService] getSecretKey: algorithm=" + sk.getAlgorithm());
}
// -------------------------------------------------------------------------
// 테스트: HsmCryptoService - RSA 암복호화
// -------------------------------------------------------------------------
@Test
@Order(4)
void testEncryptRsaByAlias() throws Exception {
byte[] plaintext = "RSA alias 암호화 테스트".getBytes("UTF-8");
byte[] ciphertext = hsmCryptoService.encryptRsa(RSA_ALIAS, plaintext);
assertNotNull(ciphertext);
assertTrue(ciphertext.length > 0);
System.out.println("[HsmCryptoService] encryptRsa(alias): ciphertext.length=" + ciphertext.length);
}
@Test
@Order(5)
void testEncryptRsaByPublicKey() throws Exception {
PublicKey pk = hsmCryptoService.getPublicKey(RSA_ALIAS);
byte[] plaintext = "RSA PublicKey 직접 암호화 테스트".getBytes("UTF-8");
byte[] ciphertext = hsmCryptoService.encryptRsa(pk, plaintext);
assertNotNull(ciphertext);
assertTrue(ciphertext.length > 0);
System.out.println("[HsmCryptoService] encryptRsa(PublicKey): ciphertext.length=" + ciphertext.length);
}
@Test
@Order(6)
void testRsaRoundTrip() throws Exception {
byte[] plaintext = "HSM RSA 암복호화 통합 테스트 - HsmCryptoService".getBytes("UTF-8");
// 암호화: 공개키 JVM 소프트웨어 (encryptRsa 내부에서 Provider 미명시)
byte[] ciphertext = hsmCryptoService.encryptRsa(RSA_ALIAS, plaintext);
// 복호화: 개인키 핸들 HSM 내부 (decryptRsa 내부에서 pkcs11Provider 명시)
byte[] decrypted = hsmCryptoService.decryptRsa(RSA_ALIAS, PIN.toCharArray(), ciphertext);
assertArrayEquals(plaintext, decrypted);
System.out.println("[HsmCryptoService] RSA 암복호화 성공: " + new String(decrypted, "UTF-8"));
}
// -------------------------------------------------------------------------
// 테스트: HsmCryptoService - AES 암복호화
// -------------------------------------------------------------------------
@Test
@Order(7)
void testAesRoundTrip() throws Exception {
byte[] plaintext = "HSM AES 암복호화 통합 테스트 - HsmCryptoService".getBytes("UTF-8");
byte[] iv = "1234567890123456".getBytes("UTF-8"); // 16바이트
SecretKey sk = hsmCryptoService.getSecretKey(AES_ALIAS);
byte[] ciphertext = hsmCryptoService.encryptAes(sk, iv, plaintext);
byte[] decrypted = hsmCryptoService.decryptAes(sk, iv, ciphertext);
assertArrayEquals(plaintext, decrypted);
System.out.println("[HsmCryptoService] AES 암복호화 성공: " + new String(decrypted, "UTF-8"));
}
// -------------------------------------------------------------------------
// 테스트: HsmManager Lifecycle - stop / restart
// -------------------------------------------------------------------------
@Test
@Order(8)
void testHsmManagerStopAndRestart() throws Exception {
// stop
hsmManager.stop();
assertFalse(hsmManager.isStarted());
assertFalse(hsmManager.isReady());
System.out.println("[HsmManager] stop 완료");
// restart - PropManager Mock 에서 재설정 읽어 재초기화
hsmManager.start();
assertTrue(hsmManager.isStarted());
assertTrue(hsmManager.isReady());
System.out.println("[HsmManager] restart 완료. provider="
+ hsmManager.getPkcs11Provider().getName());
}
// -------------------------------------------------------------------------
// 헬퍼
// -------------------------------------------------------------------------
private static void ensureTokenInitialized() throws Exception {
ProcessBuilder pb = new ProcessBuilder(
SOFTHSM2_UTIL, "--init-token", "--free",
"--label", TOKEN_LABEL,
"--pin", PIN,
"--so-pin", PIN);
pb.redirectErrorStream(true);
Process p = pb.start();
String out = readOutput(p);
p.waitFor(10, TimeUnit.SECONDS);
System.out.println("[SoftHSM2] init-token: " + out.trim());
}
private static void generateRsaKeyPair() throws Exception {
ProcessBuilder pb = new ProcessBuilder(
"keytool", "-genkeypair",
"-alias", RSA_ALIAS,
"-keyalg", "RSA",
"-keysize", "2048",
"-storetype", "PKCS11",
"-providerclass", "sun.security.pkcs11.SunPKCS11",
"-providerarg", tempCfgFile.getAbsolutePath(),
"-keystore", "NONE",
"-storepass", PIN,
"-dname", "CN=HSM Test, O=eActive, C=KR",
"-noprompt");
pb.redirectErrorStream(true);
Process p = pb.start();
String out = readOutput(p);
if (!p.waitFor(30, TimeUnit.SECONDS)) {
p.destroy();
throw new RuntimeException("keytool -genkeypair timeout");
}
System.out.println("[keytool] genkeypair exit=" + p.exitValue() + ": " + out.trim());
}
private static void generateAesKey() throws Exception {
KeyGenerator kg = KeyGenerator.getInstance("AES", hsmManager.getPkcs11Provider());
kg.init(256);
SecretKey sk = kg.generateKey();
hsmManager.getKeyStore().setKeyEntry(AES_ALIAS, sk, null, null);
System.out.println("[HsmManager] AES-256 키 생성 완료. alias=" + AES_ALIAS);
}
private static String readOutput(Process p) throws Exception {
InputStream is = p.getInputStream();
byte[] buf = new byte[4096];
StringBuilder sb = new StringBuilder();
int len;
while ((len = is.read(buf)) != -1) {
sb.append(new String(buf, 0, len, "UTF-8"));
}
return sb.toString();
}
}
@@ -0,0 +1,310 @@
package com.eactive.eai.common.hsm;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertInstanceOf;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
import java.io.File;
import java.io.InputStream;
import java.nio.file.Files;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.util.concurrent.TimeUnit;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.MethodOrderer;
import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestMethodOrder;
/**
* SoftHSM2 연동 통합 테스트 (JDK 8 / SunPKCS11)
*
* 사전 조건:
* 1. SoftHSM2 설치: https://github.com/disig/SoftHSM2-for-Windows/releases
* SoftHSM2-*-x64.msi 다운로드 C:\SoftHSM2 설치
* 2. 토큰 초기화 (최초 1회):
* "C:\SoftHSM2\bin\softhsm2-util.exe" --init-token --free --label "eapim-test" --pin 1234 --so-pin 1234
* 이미 초기화된 경우 @BeforeAll 에서 자동 처리
*
* SoftHSM2 미설치 모든 테스트는 자동으로 건너뜀.
*/
@TestMethodOrder(MethodOrderer.OrderAnnotation.class)
public class HsmSoftHsm2IntegrationTest {
private static final String SOFTHSM2_DLL = "C:/SoftHSM2/lib/softhsm2-x64.dll";
private static final String SOFTHSM2_UTIL = "C:/SoftHSM2/bin/softhsm2-util.exe";
private static final String TOKEN_LABEL = "eapim-test";
private static final String PIN = "1234";
private static final String RSA_ALIAS = "test-rsa-key";
private static final String AES_ALIAS = "test-aes-key";
private static Provider provider;
private static KeyStore keyStore;
private static File tempCfgFile;
// -------------------------------------------------------------------------
// 설정 / 해제
// -------------------------------------------------------------------------
@BeforeAll
static void setUpHsm() throws Exception {
System.setProperty("SOFTHSM2_CONF", "C:\\SoftHSM2\\etc\\softhsm2.conf");
assumeTrue(new File(SOFTHSM2_DLL).exists(),
"SoftHSM2 미설치 (C:/SoftHSM2) - 테스트 건너뜀");
// 1. 토큰 초기화 (이미 존재하면 출력만 남기고 계속 진행)
initToken();
// 2. pkcs11 설정 내용 (slotListIndex = 0 번째 초기화된 토큰 사용)
String cfgContent = "name = SoftHSM\n"
+ "library = " + SOFTHSM2_DLL.replace("\\", "/") + "\n"
+ "slotListIndex = 0\n";
// keytool 파일 경로를 요구하므로 임시 파일에도 저장
tempCfgFile = File.createTempFile("pkcs11-test-", ".cfg");
Files.write(tempCfgFile.toPath(), cfgContent.getBytes("UTF-8"));
// 3. SunPKCS11 Provider 초기화 (JDK 8 / JDK 9+ 공용)
provider = HsmManager.createProvider(cfgContent);
Provider existing = Security.getProvider(provider.getName());
if (existing != null) {
Security.removeProvider(existing.getName());
}
Security.addProvider(provider);
// 4. PKCS11 KeyStore 오픈
keyStore = KeyStore.getInstance("PKCS11", provider);
keyStore.load(null, PIN.toCharArray());
// 5. RSA 키쌍 생성 (keytool 경유 자체서명 인증서 포함)
if (!keyStore.containsAlias(RSA_ALIAS)) {
generateRsaKeyPair();
keyStore.load(null, PIN.toCharArray()); // keytool 결과 반영
}
// 6. AES 생성 (KeyGenerator 경유)
if (!keyStore.containsAlias(AES_ALIAS)) {
generateAesKey();
}
}
@AfterAll
static void tearDown() {
if (provider != null) {
Security.removeProvider(provider.getName());
}
if (tempCfgFile != null) {
tempCfgFile.delete();
}
}
// -------------------------------------------------------------------------
// 테스트: Provider / KeyStore
// -------------------------------------------------------------------------
@Test
@Order(1)
void testProviderInitialized() {
assertNotNull(provider);
assertTrue(provider.getName().startsWith("SunPKCS11"),
"예상 Provider 이름: SunPKCS11-*, 실제: " + provider.getName());
System.out.println("[HSM] Provider: " + provider.getName()
+ " / version: " + provider.getVersion());
}
@Test
@Order(2)
void testKeyStoreContainsRsaAlias() throws Exception {
assertTrue(keyStore.containsAlias(RSA_ALIAS),
"RSA 키 없음. alias=" + RSA_ALIAS);
}
@Test
@Order(3)
void testKeyStoreContainsAesAlias() throws Exception {
assertTrue(keyStore.containsAlias(AES_ALIAS),
"AES 키 없음. alias=" + AES_ALIAS);
}
// -------------------------------------------------------------------------
// 테스트: 조회 (HsmCryptoService.getPublicKey / getSecretKey 해당)
// -------------------------------------------------------------------------
@Test
@Order(4)
void testGetPublicKey() throws Exception {
Certificate cert = keyStore.getCertificate(RSA_ALIAS);
assertNotNull(cert, "인증서 없음. alias=" + RSA_ALIAS);
PublicKey pk = cert.getPublicKey();
assertNotNull(pk);
assertEquals("RSA", pk.getAlgorithm());
System.out.println("[HSM] PublicKey algorithm=" + pk.getAlgorithm()
+ " / format=" + pk.getFormat());
}
@Test
@Order(5)
void testGetSecretKey() throws Exception {
Key key = keyStore.getKey(AES_ALIAS, null);
assertNotNull(key, "AES 키 없음. alias=" + AES_ALIAS);
assertInstanceOf(SecretKey.class, key);
assertEquals("AES", key.getAlgorithm());
System.out.println("[HSM] SecretKey algorithm=" + key.getAlgorithm());
}
// -------------------------------------------------------------------------
// 테스트: RSA 암복호화 (HsmCryptoService.encryptRsa / decryptRsa 해당)
// -------------------------------------------------------------------------
@Test
@Order(6)
void testRsaEncrypt() throws Exception {
PublicKey publicKey = keyStore.getCertificate(RSA_ALIAS).getPublicKey();
// Provider 미명시 JVM SunRsaSign 으로 암호화 (HsmCryptoService.encryptRsa 동작)
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] ciphertext = cipher.doFinal("테스트 평문".getBytes("UTF-8"));
assertNotNull(ciphertext);
assertTrue(ciphertext.length > 0);
System.out.println("[HSM] RSA 암호화 성공. ciphertext.length=" + ciphertext.length
+ " / provider=" + cipher.getProvider().getName());
}
@Test
@Order(7)
void testRsaEncryptDecryptRoundTrip() throws Exception {
byte[] plaintext = "HSM RSA 암복호화 테스트 - eapim-online".getBytes("UTF-8");
// 암호화: 공개키 JVM 소프트웨어 (Provider 미명시)
PublicKey publicKey = keyStore.getCertificate(RSA_ALIAS).getPublicKey();
Cipher encCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
encCipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] ciphertext = encCipher.doFinal(plaintext);
// 복호화: 개인키 핸들 HSM 내부 수행 (pkcs11Provider 명시)
PrivateKey privateKey = (PrivateKey) keyStore.getKey(RSA_ALIAS, PIN.toCharArray());
Cipher decCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", provider);
decCipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] decrypted = decCipher.doFinal(ciphertext);
assertArrayEquals(plaintext, decrypted);
System.out.println("[HSM] RSA 암복호화 성공."
+ " enc.provider=" + encCipher.getProvider().getName()
+ " / dec.provider=" + decCipher.getProvider().getName()
+ " / plaintext=" + new String(decrypted, "UTF-8"));
}
// -------------------------------------------------------------------------
// 테스트: AES 암복호화 (HsmCryptoService.encryptAes / decryptAes 해당)
// -------------------------------------------------------------------------
@Test
@Order(8)
void testAesEncryptDecryptRoundTrip() throws Exception {
byte[] plaintext = "HSM AES 암복호화 테스트 - eapim-online".getBytes("UTF-8");
byte[] iv = "1234567890123456".getBytes("UTF-8"); // 16바이트 IV
SecretKey secretKey = (SecretKey) keyStore.getKey(AES_ALIAS, null);
// 암호화
Cipher encCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
encCipher.init(Cipher.ENCRYPT_MODE, secretKey, new IvParameterSpec(iv));
byte[] ciphertext = encCipher.doFinal(plaintext);
// 복호화
Cipher decCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
decCipher.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(iv));
byte[] decrypted = decCipher.doFinal(ciphertext);
assertArrayEquals(plaintext, decrypted);
System.out.println("[HSM] AES 암복호화 성공. plaintext=" + new String(decrypted, "UTF-8"));
}
// -------------------------------------------------------------------------
// 헬퍼
// -------------------------------------------------------------------------
private static void initToken() throws Exception {
ProcessBuilder pb = new ProcessBuilder(
SOFTHSM2_UTIL, "--init-token", "--free",
"--label", TOKEN_LABEL,
"--pin", PIN,
"--so-pin", PIN);
pb.redirectErrorStream(true);
Process p = pb.start();
String output = readOutput(p);
p.waitFor(10, TimeUnit.SECONDS);
// 이미 초기화된 슬롯이 없으면 실패할 있으나 무시 (기존 토큰 재사용)
System.out.println("[SoftHSM2] init-token: " + output.trim());
}
/**
* keytool RSA 키쌍 + 자체서명 인증서를 PKCS11 토큰에 생성.
* 인증서가 있어야 PKCS11 KeyStore 에서 alias 조회 가능.
*/
private static void generateRsaKeyPair() throws Exception {
ProcessBuilder pb = new ProcessBuilder(
"keytool", "-genkeypair",
"-alias", RSA_ALIAS,
"-keyalg", "RSA",
"-keysize", "2048",
"-storetype", "PKCS11",
"-providerclass", "sun.security.pkcs11.SunPKCS11",
"-providerarg", tempCfgFile.getAbsolutePath(),
"-keystore", "NONE",
"-storepass", PIN,
"-dname", "CN=HSM Test, O=eActive, C=KR",
"-noprompt");
pb.redirectErrorStream(true);
Process p = pb.start();
String output = readOutput(p);
boolean finished = p.waitFor(30, TimeUnit.SECONDS);
if (!finished) {
p.destroy();
throw new RuntimeException("keytool -genkeypair timeout");
}
System.out.println("[keytool] genkeypair exit=" + p.exitValue() + ": " + output.trim());
}
/**
* KeyGenerator AES-256 키를 HSM 토큰에 직접 생성.
* SoftHSM2 AES 키는 기본적으로 extractable(추출 가능).
*/
private static void generateAesKey() throws Exception {
KeyGenerator kg = KeyGenerator.getInstance("AES", provider);
kg.init(256);
SecretKey sk = kg.generateKey();
keyStore.setKeyEntry(AES_ALIAS, sk, null, null);
System.out.println("[HSM] AES-256 키 생성 완료. alias=" + AES_ALIAS);
}
private static String readOutput(Process p) throws Exception {
InputStream is = p.getInputStream();
byte[] buf = new byte[4096];
StringBuilder sb = new StringBuilder();
int len;
while ((len = is.read(buf)) != -1) {
sb.append(new String(buf, 0, len, "UTF-8"));
}
return sb.toString();
}
}
@@ -1,7 +1,12 @@
package com.eactive.eai.common.inflow;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.domain.EntityScan;
@@ -21,21 +26,59 @@ import com.eactive.eai.data.jpa.BaseRepositoryImpl;
@EnableJpaRepositories(repositoryBaseClass = BaseRepositoryImpl.class, basePackages = {
"com.eactive.eai.common.inflow" })
@EntityScan({ "com.eactive.eai.data.entity.onl.inflow" })
@Sql({ "/com/eactive/eai/common/inflow/init_tseaifr09.sql", "/com/eactive/eai/common/inflow/init_tseaifr11.sql" })
@Sql({
"/com/eactive/eai/common/inflow/init_tseaifr09.sql",
"/com/eactive/eai/common/inflow/init_tseaifr11.sql",
"/com/eactive/eai/common/inflow/init_inflow_control_group.sql",
"/com/eactive/eai/common/inflow/init_inflow_control_group_mapping.sql"
})
class InflowControlManagerTest {
@Autowired
InflowControlManager inflowControlManager;
@BeforeEach
void setUp() throws Exception {
if (!inflowControlManager.isStarted()) {
inflowControlManager.start();
} else {
inflowControlManager.reloadAdapter();
inflowControlManager.reloadInterface();
inflowControlManager.reloadGroup();
}
}
@Test
void testStart() throws LifecycleException {
// given
// when
inflowControlManager.start();
// then
void testStart() {
assertTrue(inflowControlManager.isStarted());
}
@Test
void testGetGroupBucket_existingGroup_returnsNotNull() {
assertNotNull(inflowControlManager.getGroupBucket("test-group-001"));
}
@Test
void testGetGroupBucket_unknownGroup_returnsNull() {
assertNull(inflowControlManager.getGroupBucket("non-existent-group"));
}
@Test
void adapter_spikePasses_thenBurstBlocked() {
for (int i = 0; i < 5; i++) assertTrue(inflowControlManager.isAdapterPass("TEST_ADAPTER"));
assertFalse(inflowControlManager.isAdapterPass("TEST_ADAPTER"));
}
@Test
void interface_spikePasses_thenBurstBlocked() {
for (int i = 0; i < 5; i++) assertTrue(inflowControlManager.isInterfacePass("TEST_INTERFACE"));
assertFalse(inflowControlManager.isInterfacePass("TEST_INTERFACE"));
}
@Test
void group_spikePasses_thenBurstBlocked() {
for (int i = 0; i < 5; i++) assertNull(inflowControlManager.isGroupPass("test-group-quota"));
assertEquals(CustomGroupBucket.RESULT_BLOCKED_THRESHOLD, inflowControlManager.isGroupPass("test-group-quota"));
}
}
@@ -0,0 +1,190 @@
package com.eactive.eai.common.inflow.dual;
import static org.junit.jupiter.api.Assertions.*;
import java.time.Duration;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.test.util.ReflectionTestUtils;
import com.eactive.eai.common.inflow.InflowTargetVO;
import io.github.bucket4j.Bandwidth;
import io.github.bucket4j.Bucket4j;
import io.github.bucket4j.local.LocalBucket;
/**
* ClientDualInflowControlManager 클라이언트 메트릭 단위 테스트.
*/
class ClientDualInflowControlManagerMetricsTest {
private ClientDualInflowControlManager manager;
@BeforeEach
void setUp() {
manager = new ClientDualInflowControlManager();
}
// -------------------------------------------------------------------------
// Helpers
// -------------------------------------------------------------------------
private InflowTargetVO makeTargetVO(String name) {
InflowTargetVO vo = new InflowTargetVO();
vo.setName(name);
vo.setThresholdPerSecond(100);
vo.setThreshold(10000);
vo.setThresholdTimeUnit("DAY");
vo.setActivate(true);
return vo;
}
private LocalBucket stableBucket(long capacity) {
return Bucket4j.builder()
.addLimit(Bandwidth.simple(capacity, Duration.ofHours(1)))
.build();
}
private LocalBucket exhaustedBucket(long capacity) {
LocalBucket b = stableBucket(capacity);
b.tryConsume(capacity);
return b;
}
private DualCustomBucket passDualBucket(String name) {
return new DualCustomBucket(stableBucket(100), null, makeTargetVO(name));
}
private DualCustomBucket blockedPerSecondDualBucket(String name) {
return new DualCustomBucket(exhaustedBucket(1), null, makeTargetVO(name));
}
private DualCustomBucket blockedThresholdDualBucket(String name) {
return new DualCustomBucket(stableBucket(100), exhaustedBucket(1), makeTargetVO(name));
}
private void injectClientMap(Map<String, DualCustomBucket> map) {
ReflectionTestUtils.setField(manager, "clientBucketMap", map);
}
// =========================================================================
// isClientPassDetail() 카운터 증가
// =========================================================================
@Test
void isClientPassDetail_bucketNotRegistered_noMetricsCreated() {
manager.isClientPassDetail("UNKNOWN");
assertNull(manager.getClientMetrics("UNKNOWN"));
}
@Test
void isClientPassDetail_pass_incrementsAllowed() {
Map<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("C1", passDualBucket("C1"));
injectClientMap(map);
manager.isClientPassDetail("C1");
assertEquals(1, manager.getClientMetrics("C1").allowed.get());
}
@Test
void isClientPassDetail_blockedThreshold_incrementsRejectedThreshold() {
Map<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("C1", blockedThresholdDualBucket("C1"));
injectClientMap(map);
manager.isClientPassDetail("C1");
assertEquals(1, manager.getClientMetrics("C1").rejectedThreshold.get());
}
@Test
void isClientPassDetail_blockedPerSecond_incrementsRejectedPerSecond() {
Map<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("C1", blockedPerSecondDualBucket("C1"));
injectClientMap(map);
manager.isClientPassDetail("C1");
assertEquals(1, manager.getClientMetrics("C1").rejectedPerSecond.get());
}
// =========================================================================
// getAllClientMetrics 조회 불변성
// =========================================================================
@Test
void getAllClientMetrics_empty_returnsEmptyMap() {
assertTrue(manager.getAllClientMetrics().isEmpty());
}
@Test
void getAllClientMetrics_afterCalls_containsEntries() {
Map<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("C1", passDualBucket("C1"));
map.put("C2", passDualBucket("C2"));
injectClientMap(map);
manager.isClientPassDetail("C1");
manager.isClientPassDetail("C2");
Map<String, DualInflowControlManager.TargetMetrics> all = manager.getAllClientMetrics();
assertEquals(2, all.size());
assertTrue(all.containsKey("C1"));
assertTrue(all.containsKey("C2"));
}
// =========================================================================
// resetClientMetrics / resetAllClientMetrics
// =========================================================================
@Test
void resetClientMetrics_resetsTargetClient() {
Map<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("C1", passDualBucket("C1"));
injectClientMap(map);
manager.isClientPassDetail("C1");
manager.resetClientMetrics("C1");
assertEquals(0, manager.getClientMetrics("C1").allowed.get());
}
@Test
void resetAllClientMetrics_resetsAll() {
Map<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("C1", passDualBucket("C1"));
map.put("C2", passDualBucket("C2"));
injectClientMap(map);
manager.isClientPassDetail("C1");
manager.isClientPassDetail("C2");
manager.resetAllClientMetrics();
assertEquals(0, manager.getClientMetrics("C1").allowed.get());
assertEquals(0, manager.getClientMetrics("C2").allowed.get());
}
// =========================================================================
// removeClient 메트릭 자동 삭제
// =========================================================================
@Test
void removeClient_cleansUpMetrics() {
Map<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("C1", passDualBucket("C1"));
injectClientMap(map);
manager.isClientPassDetail("C1");
assertNotNull(manager.getClientMetrics("C1"));
manager.removeClient("C1");
assertNull(manager.getClientMetrics("C1"));
}
}
@@ -0,0 +1,164 @@
package com.eactive.eai.common.inflow.dual;
import static org.junit.jupiter.api.Assertions.*;
import java.time.Duration;
import org.junit.jupiter.api.Test;
import com.eactive.eai.common.inflow.InflowTargetVO;
import io.github.bucket4j.Bandwidth;
import io.github.bucket4j.Bucket4j;
import io.github.bucket4j.local.LocalBucket;
class DualCustomBucketTest {
private InflowTargetVO makeVO(String name, long perSec, long threshold, String unit) {
InflowTargetVO vo = new InflowTargetVO();
vo.setName(name);
vo.setThresholdPerSecond(perSec);
vo.setThreshold(threshold);
vo.setThresholdTimeUnit(unit);
vo.setActivate(true);
return vo;
}
private LocalBucket freshBucket(long capacity) {
return Bucket4j.builder()
.addLimit(Bandwidth.simple(capacity, Duration.ofSeconds(1)))
.build();
}
private LocalBucket exhaustedBucket(long capacity) {
LocalBucket b = freshBucket(capacity);
b.tryConsume(capacity);
return b;
}
// -------------------------------------------------------------------------
// tryConsume 통과 케이스
// -------------------------------------------------------------------------
@Test
void bothBucketsNull_returnsPass() {
DualCustomBucket bucket = new DualCustomBucket(null, null, makeVO("A", 0, 0, null));
assertNull(bucket.tryConsume());
}
@Test
void onlyPerSecond_withinLimit_returnsPass() {
DualCustomBucket bucket = new DualCustomBucket(freshBucket(5), null, makeVO("A", 5, 0, null));
assertNull(bucket.tryConsume());
}
@Test
void onlyThreshold_withinLimit_returnsPass() {
DualCustomBucket bucket = new DualCustomBucket(null, freshBucket(100), makeVO("A", 0, 100, "MIN"));
assertNull(bucket.tryConsume());
}
@Test
void bothBuckets_bothWithinLimit_returnsPass() {
DualCustomBucket bucket = new DualCustomBucket(freshBucket(10), freshBucket(100), makeVO("A", 10, 100, "MIN"));
assertNull(bucket.tryConsume());
}
// -------------------------------------------------------------------------
// tryConsume 차단 케이스
// -------------------------------------------------------------------------
@Test
void onlyPerSecond_exceeded_returnsBlockedPerSecond() {
DualCustomBucket bucket = new DualCustomBucket(exhaustedBucket(1), null, makeVO("A", 1, 0, null));
assertEquals(DualCustomBucket.RESULT_BLOCKED_PER_SECOND, bucket.tryConsume());
}
@Test
void onlyThreshold_exceeded_returnsBlockedThreshold() {
DualCustomBucket bucket = new DualCustomBucket(null, exhaustedBucket(1), makeVO("A", 0, 1, "MIN"));
assertEquals(DualCustomBucket.RESULT_BLOCKED_THRESHOLD, bucket.tryConsume());
}
@Test
void perSecondExceeded_thresholdRemaining_returnsBlockedPerSecond() {
DualCustomBucket bucket = new DualCustomBucket(exhaustedBucket(1), freshBucket(100), makeVO("A", 1, 100, "MIN"));
assertEquals(DualCustomBucket.RESULT_BLOCKED_PER_SECOND, bucket.tryConsume());
}
@Test
void perSecondRemaining_thresholdExceeded_returnsBlockedThreshold() {
DualCustomBucket bucket = new DualCustomBucket(freshBucket(10), exhaustedBucket(1), makeVO("A", 10, 1, "MIN"));
assertEquals(DualCustomBucket.RESULT_BLOCKED_THRESHOLD, bucket.tryConsume());
}
@Test
void bothExceeded_returnsBlockedPerSecond() {
DualCustomBucket bucket = new DualCustomBucket(exhaustedBucket(1), exhaustedBucket(1), makeVO("A", 1, 1, "MIN"));
assertEquals(DualCustomBucket.RESULT_BLOCKED_PER_SECOND, bucket.tryConsume());
}
// -------------------------------------------------------------------------
// tryConsume 연속 호출
// -------------------------------------------------------------------------
@Test
void consecutiveConsumes_blockedAfterCapacityExhausted() {
DualCustomBucket bucket = new DualCustomBucket(freshBucket(3), null, makeVO("A", 3, 0, null));
assertNull(bucket.tryConsume());
assertNull(bucket.tryConsume());
assertNull(bucket.tryConsume());
assertEquals(DualCustomBucket.RESULT_BLOCKED_PER_SECOND, bucket.tryConsume());
}
@Test
void bothBuckets_thresholdExhaustedAfterMultiplePasses() {
DualCustomBucket bucket = new DualCustomBucket(freshBucket(10), freshBucket(3), makeVO("A", 10, 3, "MIN"));
assertNull(bucket.tryConsume());
assertNull(bucket.tryConsume());
assertNull(bucket.tryConsume());
assertEquals(DualCustomBucket.RESULT_BLOCKED_THRESHOLD, bucket.tryConsume());
}
// -------------------------------------------------------------------------
// 가용 토큰 조회
// -------------------------------------------------------------------------
@Test
void nullBuckets_availableTokensReturnMinusOne() {
DualCustomBucket bucket = new DualCustomBucket(null, null, makeVO("A", 0, 0, null));
assertEquals(-1, bucket.getPerSecondAvailableTokens());
assertEquals(-1, bucket.getThresholdAvailableTokens());
}
@Test
void availableTokensReflectInitialCapacity() {
DualCustomBucket bucket = new DualCustomBucket(freshBucket(5), freshBucket(100), makeVO("A", 5, 100, "MIN"));
assertEquals(5, bucket.getPerSecondAvailableTokens());
assertEquals(100, bucket.getThresholdAvailableTokens());
}
@Test
void availableTokensDecrementAfterEachConsume() {
DualCustomBucket bucket = new DualCustomBucket(freshBucket(5), freshBucket(10), makeVO("A", 5, 10, "MIN"));
bucket.tryConsume();
assertEquals(4, bucket.getPerSecondAvailableTokens());
assertEquals(9, bucket.getThresholdAvailableTokens());
bucket.tryConsume();
assertEquals(3, bucket.getPerSecondAvailableTokens());
assertEquals(8, bucket.getThresholdAvailableTokens());
}
@Test
void perSecondBlocked_thresholdTokenNotConsumed() {
DualCustomBucket bucket = new DualCustomBucket(exhaustedBucket(1), freshBucket(10), makeVO("A", 1, 10, "MIN"));
long thresholdBefore = bucket.getThresholdAvailableTokens();
bucket.tryConsume();
assertEquals(thresholdBefore, bucket.getThresholdAvailableTokens());
}
@Test
void resultPassConstant_isNull() {
assertNull(DualCustomBucket.RESULT_PASS);
}
}
@@ -0,0 +1,344 @@
package com.eactive.eai.common.inflow.dual;
import static org.junit.jupiter.api.Assertions.*;
import java.time.Duration;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicReference;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.test.util.ReflectionTestUtils;
import com.eactive.eai.common.inflow.InflowTargetVO;
import io.github.bucket4j.Bandwidth;
import io.github.bucket4j.Bucket4j;
import io.github.bucket4j.local.LocalBucket;
/**
* DualCustomBucket / DualInflowControlManager 동시성 테스트.
*
* <p>모든 버킷을 Duration.ofHours(1) 생성하여 테스트 실행 리필이 없도록 한다.
* CountDownLatch로 모든 스레드를 동시 출발시켜 race window를 최대화한다.
*/
class DualInflowControlConcurrencyTest {
private static final int THREAD_COUNT = 20;
private static final int TRIES_PER_THREAD = 50;
private static final int TOTAL_TRIES = THREAD_COUNT * TRIES_PER_THREAD; // 1000
private DualInflowControlManager manager;
@BeforeEach
void setUp() {
manager = new DualInflowControlManager();
}
// -------------------------------------------------------------------------
// Helpers
// -------------------------------------------------------------------------
private InflowTargetVO makeVO(String name, long perSec, long threshold, String unit) {
InflowTargetVO vo = new InflowTargetVO();
vo.setName(name);
vo.setThresholdPerSecond(perSec);
vo.setThreshold(threshold);
vo.setThresholdTimeUnit(unit);
vo.setActivate(true);
return vo;
}
private LocalBucket stableBucket(long capacity) {
return Bucket4j.builder()
.addLimit(Bandwidth.simple(capacity, Duration.ofHours(1)))
.build();
}
private boolean runConcurrently(int threads, int triesPerThread, Runnable work)
throws InterruptedException {
CountDownLatch ready = new CountDownLatch(threads);
CountDownLatch start = new CountDownLatch(1);
CountDownLatch done = new CountDownLatch(threads);
ExecutorService executor = Executors.newFixedThreadPool(threads);
for (int i = 0; i < threads; i++) {
executor.submit(() -> {
ready.countDown();
try {
start.await();
for (int j = 0; j < triesPerThread; j++) {
work.run();
}
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
} finally {
done.countDown();
}
});
}
ready.await();
start.countDown();
boolean completed = done.await(30, TimeUnit.SECONDS);
executor.shutdown();
return completed;
}
// =========================================================================
// DualCustomBucket 동시성 테스트
// =========================================================================
@Test
void perSecondOnly_totalPassEqualsCapacity() throws InterruptedException {
long capacity = 200;
DualCustomBucket bucket = new DualCustomBucket(
stableBucket(capacity), null, makeVO("A", capacity, 0, null));
AtomicInteger passCount = new AtomicInteger();
AtomicInteger blockedPerSecond = new AtomicInteger();
AtomicInteger blockedThreshold = new AtomicInteger();
boolean done = runConcurrently(THREAD_COUNT, TRIES_PER_THREAD, () -> {
String result = bucket.tryConsume();
if (result == null) passCount.incrementAndGet();
else if (DualCustomBucket.RESULT_BLOCKED_PER_SECOND.equals(result)) blockedPerSecond.incrementAndGet();
else blockedThreshold.incrementAndGet();
});
assertTrue(done, "테스트가 타임아웃되었습니다");
assertEquals(TOTAL_TRIES, passCount.get() + blockedPerSecond.get() + blockedThreshold.get());
assertEquals(capacity, passCount.get());
assertEquals(0, blockedThreshold.get());
}
@Test
void thresholdOnly_totalPassEqualsCapacity() throws InterruptedException {
long capacity = 200;
DualCustomBucket bucket = new DualCustomBucket(
null, stableBucket(capacity), makeVO("A", 0, capacity, "HOUR"));
AtomicInteger passCount = new AtomicInteger();
AtomicInteger blockedThreshold = new AtomicInteger();
boolean done = runConcurrently(THREAD_COUNT, TRIES_PER_THREAD, () -> {
String result = bucket.tryConsume();
if (result == null) passCount.incrementAndGet();
else if (DualCustomBucket.RESULT_BLOCKED_THRESHOLD.equals(result)) blockedThreshold.incrementAndGet();
});
assertTrue(done, "테스트가 타임아웃되었습니다");
assertEquals(TOTAL_TRIES, passCount.get() + blockedThreshold.get());
assertEquals(capacity, passCount.get());
}
@Test
void dualBuckets_thresholdIsBottleneck_totalPassEqualsThreshold() throws InterruptedException {
long perSecCapacity = 2000;
long threshCapacity = 200;
DualCustomBucket bucket = new DualCustomBucket(
stableBucket(perSecCapacity), stableBucket(threshCapacity),
makeVO("A", perSecCapacity, threshCapacity, "HOUR"));
AtomicInteger passCount = new AtomicInteger();
AtomicInteger blockedPerSecond = new AtomicInteger();
AtomicInteger blockedThreshold = new AtomicInteger();
boolean done = runConcurrently(THREAD_COUNT, TRIES_PER_THREAD, () -> {
String result = bucket.tryConsume();
if (result == null) passCount.incrementAndGet();
else if (DualCustomBucket.RESULT_BLOCKED_PER_SECOND.equals(result)) blockedPerSecond.incrementAndGet();
else blockedThreshold.incrementAndGet();
});
assertTrue(done, "테스트가 타임아웃되었습니다");
assertEquals(TOTAL_TRIES, passCount.get() + blockedPerSecond.get() + blockedThreshold.get());
assertEquals(threshCapacity, passCount.get());
assertEquals(0, blockedPerSecond.get());
}
@Test
void dualBuckets_perSecondIsBottleneck_noThresholdTokenLeak() throws InterruptedException {
long perSecCapacity = 100;
long threshCapacity = 2000;
DualCustomBucket bucket = new DualCustomBucket(
stableBucket(perSecCapacity), stableBucket(threshCapacity),
makeVO("A", perSecCapacity, threshCapacity, "HOUR"));
AtomicInteger passCount = new AtomicInteger();
AtomicInteger blockedPerSecond = new AtomicInteger();
AtomicInteger blockedThreshold = new AtomicInteger();
boolean done = runConcurrently(THREAD_COUNT, TRIES_PER_THREAD, () -> {
String result = bucket.tryConsume();
if (result == null) passCount.incrementAndGet();
else if (DualCustomBucket.RESULT_BLOCKED_PER_SECOND.equals(result)) blockedPerSecond.incrementAndGet();
else blockedThreshold.incrementAndGet();
});
assertTrue(done, "테스트가 타임아웃되었습니다");
assertEquals(TOTAL_TRIES, passCount.get() + blockedPerSecond.get() + blockedThreshold.get());
assertEquals(perSecCapacity, passCount.get());
assertEquals(0, blockedThreshold.get());
assertEquals(perSecCapacity, threshCapacity - bucket.getThresholdAvailableTokens());
}
@Test
void availableTokensConsistentAfterConcurrentConsume() throws InterruptedException {
long capacity = 300;
DualCustomBucket bucket = new DualCustomBucket(
stableBucket(capacity), null, makeVO("A", capacity, 0, null));
AtomicInteger passCount = new AtomicInteger();
runConcurrently(THREAD_COUNT, TRIES_PER_THREAD, () -> {
if (bucket.tryConsume() == null) passCount.incrementAndGet();
});
long remaining = bucket.getPerSecondAvailableTokens();
assertEquals(capacity, passCount.get() + remaining);
}
// =========================================================================
// DualInflowControlManager 동시성 테스트
// =========================================================================
@Test
void manager_isAdapterPassDetail_concurrent_totalPassEqualsCapacity() throws InterruptedException {
long capacity = 200;
Map<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("ADAPTER_A", new DualCustomBucket(
stableBucket(capacity), null, makeVO("ADAPTER_A", capacity, 0, null)));
ReflectionTestUtils.setField(manager, "adapterBucketMap", map);
AtomicInteger passCount = new AtomicInteger();
AtomicInteger blockCount = new AtomicInteger();
boolean done = runConcurrently(THREAD_COUNT, TRIES_PER_THREAD, () -> {
String result = manager.isAdapterPassDetail("ADAPTER_A");
if (result == null) passCount.incrementAndGet();
else blockCount.incrementAndGet();
});
assertTrue(done, "테스트가 타임아웃되었습니다");
assertEquals(TOTAL_TRIES, passCount.get() + blockCount.get());
assertEquals(capacity, passCount.get());
}
@Test
void manager_isInterfacePassDetail_concurrent_totalPassEqualsCapacity() throws InterruptedException {
long capacity = 200;
Map<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("IF_001", new DualCustomBucket(
null, stableBucket(capacity), makeVO("IF_001", 0, capacity, "HOUR")));
ReflectionTestUtils.setField(manager, "interfaceBucketMap", map);
AtomicInteger passCount = new AtomicInteger();
AtomicInteger blockCount = new AtomicInteger();
boolean done = runConcurrently(THREAD_COUNT, TRIES_PER_THREAD, () -> {
String result = manager.isInterfacePassDetail("IF_001");
if (result == null) passCount.incrementAndGet();
else blockCount.incrementAndGet();
});
assertTrue(done, "테스트가 타임아웃되었습니다");
assertEquals(TOTAL_TRIES, passCount.get() + blockCount.get());
assertEquals(capacity, passCount.get());
}
@Test
void manager_volatileMapSwap_noConcurrentException() throws InterruptedException {
String adapterName = "ADAPTER_A";
int readerCount = THREAD_COUNT;
int swapCount = 200;
Map<String, DualCustomBucket> initialMap = new ConcurrentHashMap<>();
initialMap.put(adapterName, new DualCustomBucket(
stableBucket(10_000), null, makeVO(adapterName, 10_000, 0, null)));
ReflectionTestUtils.setField(manager, "adapterBucketMap", initialMap);
AtomicReference<Throwable> error = new AtomicReference<>();
CountDownLatch ready = new CountDownLatch(readerCount + 1);
CountDownLatch start = new CountDownLatch(1);
CountDownLatch done = new CountDownLatch(readerCount + 1);
ExecutorService executor = Executors.newFixedThreadPool(readerCount + 1);
for (int i = 0; i < readerCount; i++) {
executor.submit(() -> {
ready.countDown();
try {
start.await();
for (int j = 0; j < TRIES_PER_THREAD; j++) {
manager.isAdapterPassDetail(adapterName);
}
} catch (Throwable t) {
error.compareAndSet(null, t);
} finally {
done.countDown();
}
});
}
executor.submit(() -> {
ready.countDown();
try {
start.await();
for (int i = 0; i < swapCount; i++) {
Map<String, DualCustomBucket> newMap = new ConcurrentHashMap<>();
newMap.put(adapterName, new DualCustomBucket(
stableBucket(10_000), null, makeVO(adapterName, 10_000, 0, null)));
ReflectionTestUtils.setField(manager, "adapterBucketMap", newMap);
}
} catch (Throwable t) {
error.compareAndSet(null, t);
} finally {
done.countDown();
}
});
ready.await();
start.countDown();
boolean completed = done.await(30, TimeUnit.SECONDS);
executor.shutdown();
assertTrue(completed, "테스트가 타임아웃되었습니다");
assertNull(error.get(), error.get() != null ? "예외 발생: " + error.get() : null);
}
@Test
void manager_mixedPassAndDetailCalls_totalPassConsistent() throws InterruptedException {
long capacity = 300;
Map<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("ADAPTER_A", new DualCustomBucket(
stableBucket(capacity), null, makeVO("ADAPTER_A", capacity, 0, null)));
ReflectionTestUtils.setField(manager, "adapterBucketMap", map);
AtomicInteger passCount = new AtomicInteger();
AtomicInteger blockCount = new AtomicInteger();
AtomicInteger callIndex = new AtomicInteger();
boolean done = runConcurrently(THREAD_COUNT, TRIES_PER_THREAD, () -> {
boolean useDetail = (callIndex.getAndIncrement() % 2 == 0);
boolean passed;
if (useDetail) {
passed = (manager.isAdapterPassDetail("ADAPTER_A") == null);
} else {
passed = manager.isAdapterPass("ADAPTER_A");
}
if (passed) passCount.incrementAndGet();
else blockCount.incrementAndGet();
});
assertTrue(done, "테스트가 타임아웃되었습니다");
assertEquals(TOTAL_TRIES, passCount.get() + blockCount.get());
assertEquals(capacity, passCount.get());
}
}
@@ -0,0 +1,280 @@
package com.eactive.eai.common.inflow.dual;
import static org.junit.jupiter.api.Assertions.*;
import java.time.Duration;
import java.util.concurrent.ConcurrentHashMap;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.test.util.ReflectionTestUtils;
import com.eactive.eai.common.inflow.InflowTargetVO;
import io.github.bucket4j.Bandwidth;
import io.github.bucket4j.Bucket4j;
import io.github.bucket4j.local.LocalBucket;
/**
* DualInflowControlManager의 Dual 기반 오버라이드 메서드 단위 테스트.
*
* <p>검증 포인트:
* - getAdapterAllKeys / getInterfaceAllKeys Dual (adapterBucketMap/interfaceBucketMap) 사용
* - getAdapterInflowThreashold / getInterfaceInflowThreashold Dual 맵의 VO 반환
* - removeAdapter / removeInterface Dual 맵에서 항목을 제거
* - base adapterBucketList / interfaceBucketList 상태와 무관하게 동작 (DAO 이중 호출 제거 효과)
*/
class DualInflowControlManagerBucketMethodsTest {
private DualInflowControlManager manager;
@BeforeEach
void setUp() {
manager = new DualInflowControlManager();
}
// -------------------------------------------------------------------------
// Helpers
// -------------------------------------------------------------------------
private InflowTargetVO makeVO(String name) {
InflowTargetVO vo = new InflowTargetVO();
vo.setName(name);
vo.setThresholdPerSecond(100);
vo.setThreshold(10000);
vo.setThresholdTimeUnit("DAY");
vo.setActivate(true);
return vo;
}
private LocalBucket bucket(long capacity) {
return Bucket4j.builder()
.addLimit(Bandwidth.simple(capacity, Duration.ofSeconds(1)))
.build();
}
private DualCustomBucket dualBucket(String name) {
return new DualCustomBucket(bucket(100), bucket(1000), makeVO(name));
}
private void setAdapterMap(ConcurrentHashMap<String, DualCustomBucket> map) {
ReflectionTestUtils.setField(manager, "adapterBucketMap", map);
}
private void setInterfaceMap(ConcurrentHashMap<String, DualCustomBucket> map) {
ReflectionTestUtils.setField(manager, "interfaceBucketMap", map);
}
// =========================================================================
// getAdapterAllKeys
// =========================================================================
@Test
void getAdapterAllKeys_emptyMap_returnsEmptyArray() {
setAdapterMap(new ConcurrentHashMap<>());
assertEquals(0, manager.getAdapterAllKeys().length);
}
@Test
void getAdapterAllKeys_twoEntries_returnsSortedKeys() {
ConcurrentHashMap<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("ADAPTER_B", dualBucket("ADAPTER_B"));
map.put("ADAPTER_A", dualBucket("ADAPTER_A"));
setAdapterMap(map);
String[] keys = manager.getAdapterAllKeys();
assertArrayEquals(new String[]{"ADAPTER_A", "ADAPTER_B"}, keys);
}
@Test
void getAdapterAllKeys_usesDualMap_notBaseList() {
// Dual 맵에만 항목 존재 base adapterBucketList 비어 있음
ConcurrentHashMap<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("DUAL_ONLY", dualBucket("DUAL_ONLY"));
setAdapterMap(map);
String[] keys = manager.getAdapterAllKeys();
assertEquals(1, keys.length);
assertEquals("DUAL_ONLY", keys[0]);
}
// =========================================================================
// getInterfaceAllKeys
// =========================================================================
@Test
void getInterfaceAllKeys_emptyMap_returnsEmptyArray() {
setInterfaceMap(new ConcurrentHashMap<>());
assertEquals(0, manager.getInterfaceAllKeys().length);
}
@Test
void getInterfaceAllKeys_threeEntries_returnsSortedKeys() {
ConcurrentHashMap<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("IF_C", dualBucket("IF_C"));
map.put("IF_A", dualBucket("IF_A"));
map.put("IF_B", dualBucket("IF_B"));
setInterfaceMap(map);
String[] keys = manager.getInterfaceAllKeys();
assertArrayEquals(new String[]{"IF_A", "IF_B", "IF_C"}, keys);
}
@Test
void getInterfaceAllKeys_usesDualMap_notBaseList() {
ConcurrentHashMap<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("DUAL_IF", dualBucket("DUAL_IF"));
setInterfaceMap(map);
String[] keys = manager.getInterfaceAllKeys();
assertEquals(1, keys.length);
assertEquals("DUAL_IF", keys[0]);
}
// =========================================================================
// getAdapterInflowThreashold
// =========================================================================
@Test
void getAdapterInflowThreashold_found_returnsVO() {
InflowTargetVO vo = makeVO("ADAPTER_A");
ConcurrentHashMap<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("ADAPTER_A", new DualCustomBucket(bucket(10), bucket(100), vo));
setAdapterMap(map);
InflowTargetVO result = manager.getAdapterInflowThreashold("ADAPTER_A");
assertSame(vo, result);
}
@Test
void getAdapterInflowThreashold_notFound_returnsNull() {
setAdapterMap(new ConcurrentHashMap<>());
assertNull(manager.getAdapterInflowThreashold("MISSING"));
}
@Test
void getAdapterInflowThreashold_usesDualMap_notBaseList() {
// base adapterBucketList 에는 항목 없고 Dual 맵에만 존재
InflowTargetVO vo = makeVO("ADAPTER_A");
ConcurrentHashMap<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("ADAPTER_A", new DualCustomBucket(null, null, vo));
setAdapterMap(map);
assertSame(vo, manager.getAdapterInflowThreashold("ADAPTER_A"));
}
// =========================================================================
// getInterfaceInflowThreashold
// =========================================================================
@Test
void getInterfaceInflowThreashold_found_returnsVO() {
InflowTargetVO vo = makeVO("IF_001");
ConcurrentHashMap<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("IF_001", new DualCustomBucket(bucket(10), bucket(100), vo));
setInterfaceMap(map);
assertSame(vo, manager.getInterfaceInflowThreashold("IF_001"));
}
@Test
void getInterfaceInflowThreashold_notFound_returnsNull() {
setInterfaceMap(new ConcurrentHashMap<>());
assertNull(manager.getInterfaceInflowThreashold("MISSING"));
}
@Test
void getInterfaceInflowThreashold_usesDualMap_notBaseList() {
InflowTargetVO vo = makeVO("IF_001");
ConcurrentHashMap<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("IF_001", new DualCustomBucket(null, null, vo));
setInterfaceMap(map);
assertSame(vo, manager.getInterfaceInflowThreashold("IF_001"));
}
// =========================================================================
// removeAdapter
// =========================================================================
@Test
void removeAdapter_existingKey_removedFromDualMap() {
ConcurrentHashMap<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("ADAPTER_A", dualBucket("ADAPTER_A"));
map.put("ADAPTER_B", dualBucket("ADAPTER_B"));
setAdapterMap(map);
manager.removeAdapter("ADAPTER_A");
assertNull(manager.getAdapterBucket("ADAPTER_A"));
assertNotNull(manager.getAdapterBucket("ADAPTER_B"));
}
@Test
void removeAdapter_keysReflectRemoval() {
ConcurrentHashMap<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("ADAPTER_A", dualBucket("ADAPTER_A"));
map.put("ADAPTER_B", dualBucket("ADAPTER_B"));
setAdapterMap(map);
manager.removeAdapter("ADAPTER_A");
String[] keys = manager.getAdapterAllKeys();
assertEquals(1, keys.length);
assertEquals("ADAPTER_B", keys[0]);
}
@Test
void removeAdapter_missingKey_noException() {
setAdapterMap(new ConcurrentHashMap<>());
assertDoesNotThrow(() -> manager.removeAdapter("NOT_EXISTS"));
}
// =========================================================================
// removeInterface
// =========================================================================
@Test
void removeInterface_existingKey_removedFromDualMap() {
ConcurrentHashMap<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("IF_001", dualBucket("IF_001"));
map.put("IF_002", dualBucket("IF_002"));
setInterfaceMap(map);
manager.removeInterface("IF_001");
assertNull(manager.getInterfaceBucket("IF_001"));
assertNotNull(manager.getInterfaceBucket("IF_002"));
}
@Test
void removeInterface_keysReflectRemoval() {
ConcurrentHashMap<String, DualCustomBucket> map = new ConcurrentHashMap<>();
map.put("IF_001", dualBucket("IF_001"));
map.put("IF_002", dualBucket("IF_002"));
setInterfaceMap(map);
manager.removeInterface("IF_001");
String[] keys = manager.getInterfaceAllKeys();
assertEquals(1, keys.length);
assertEquals("IF_002", keys[0]);
}
@Test
void removeInterface_missingKey_noException() {
setInterfaceMap(new ConcurrentHashMap<>());
assertDoesNotThrow(() -> manager.removeInterface("NOT_EXISTS"));
}
}

Some files were not shown because too many files have changed in this diff Show More