Merge branch 'dev-login0218' of...

Merge branch 'dev-login0218' of 192.168.110.53:com.pica.cloud.account/pica-cloud-account into dev-login0218

# Conflicts:
#	server/src/main/java/com/pica/cloud/account/account/server/service/impl/LoginServiceImpl.java

server/src/main/java/com/pica/cloud/account/account/server/controller/AutoCodeController.java

@@ -71,6 +71,14 @@ public class AutoCodeController extends AccountBaseController {
     }
 
 
+    /**
+     * @Description native获取验证码，新老版本兼容 todo joy
+     * @Author peijun.zhao
+     * @Date 2020/2/28 9:55
+     * @ModifyDate 2020/2/28 9:55
+     * @Params [entity, req]
+     * @Return com.pica.cloud.foundation.entity.PicaResponse
+     */
     @ApiOperation("获取短信验证码,无需图形验证码,如app端")
     @PostMapping(value = "/authCode")
     public PicaResponse getAuthCode(@RequestBody EncryptEntity entity, HttpServletRequest req) throws Exception {
@@ -96,6 +104,14 @@ public class AutoCodeController extends AccountBaseController {
         }
     }
 
+    /**
+     * @Description web获取效验码-老版，记录风控行为 todo joy
+     * @Author peijun.zhao
+     * @Date 2020/2/28 9:52
+     * @ModifyDate 2020/2/28 9:52
+     * @Params [entity]
+     * @Return com.pica.cloud.foundation.entity.PicaResponse<java.lang.String>
+     */
     @ApiOperation("获取短信验证码，需要图形验证码,如H5端和PC端；验证码类型 0默认 1注册 2微信登录绑定手机 3修改手机 4重置密码 5忘记密码 7患者招募提交问卷(效验)")
     @PostMapping("/account/authCode")
     public PicaResponse<String> getAuthCodeWithCaptcha(@RequestBody EncryptEntity entity,

server/src/main/java/com/pica/cloud/account/account/server/service/impl/LoginServiceImpl.java

@@ -30,6 +30,7 @@ import com.pica.cloud.foundation.entity.PicaResultCode;
 import com.pica.cloud.foundation.entity.PicaWarnException;
 import com.pica.cloud.foundation.redis.ICacheClient;
 import com.pica.cloud.foundation.utils.utils.ValidateUtils;
+import com.pica.cloud.foundation.utils.utils.json.JsonUtils;
 import com.pica.cloud.patient.smartcontract.common.utils.HttpClientCloudUtils;
 import io.jsonwebtoken.*;
 import org.apache.commons.codec.binary.Base64;
@@ -41,7 +42,10 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
+import java.math.BigInteger;
+import java.security.KeyFactory;
 import java.security.PublicKey;
+import java.security.spec.RSAPublicKeySpec;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
@@ -590,7 +594,7 @@ public class LoginServiceImpl implements LoginService {
                     AccountExceptionEnum.PICA_PARAMS_ERROR.getMessage());
         }
         //  identifyToken校验
-        if (!checkIdentifyToken(request)) {
+        if(!checkIdentifyToken(request)){
             throw new PicaException(
                     AccountExceptionEnum.PICA_APPLE_TOKEN_ERROR.getCode(),
                     AccountExceptionEnum.PICA_APPLE_TOKEN_ERROR.getMessage());
@@ -647,50 +651,69 @@ public class LoginServiceImpl implements LoginService {
         String appleResp = null;
         try {
             appleResp = HttpClientCloudUtils.getHttpExecute(Constants.APPLE_GET_PUBLIC_KEY_URL);
-            //logger.info("checkIdentifyToken-appleResp:{}", appleResp);
+            logger.info("checkIdentifyToken-appleResp:{}", appleResp);
         } catch (Exception e) {
             logger.info("checkIdentifyToken-get apple public key fail " + e.getMessage());
             throw new PicaException("get apple public key fail Exception", "get apple public key fail");
         }
-        JSONObject jsonObject = JSONObject.parseObject(appleResp);
-        String keys = jsonObject.getString("keys");
-        JSONArray arr = JSONObject.parseArray(keys);
-        JSONObject jsonObject1 = JSONObject.parseObject(arr.getString(0));
-        logger.info("checkIdentifyToken-jsonObject1:{}", jsonObject1);
+        JSONObject appleRespJson = JSONObject.parseObject(appleResp);
+        String keys = appleRespJson.getString("keys");
+        JSONArray keysArr = JSONObject.parseArray(keys);
+
+        if (identifyToken.split("\\.").length < 2) {
+            throw new PicaException("get identifyToken fail Exception", "get identifyToken format Exception");
+        }
+        JSONObject useAppleAuth = new JSONObject();
+        String inAuth = new String(Base64.decodeBase64(identifyToken.split("\\.")[0]));
+        String inKid = JSONObject.parseObject(inAuth).get("kid").toString();
+        for(Object obj : keysArr){
+            JSONObject appleAuth = JSONObject.parseObject(obj.toString());
+            if(inKid.equals(appleAuth.getString("kid"))){
+                useAppleAuth = appleAuth;
+                logger.info("checkIdentifyToken-jsonObject1:{}", useAppleAuth);
+                break;
+            }
+        }
 
-        //  通过架包生成publicKey
+        //  通过jar生成publicKey
         PublicKey publicKey;
         try {
-            Jwk jwa = Jwk.fromValues(jsonObject1);
+            Jwk jwa = Jwk.fromValues(useAppleAuth);
             publicKey = jwa.getPublicKey();
         } catch (Exception e) {
             logger.info("checkIdentifyToken-generate publicKey fail " + e.getMessage());
             throw new PicaException("checkIdentifyToken-generate publicKey fail", "generate publicKey fail");
         }
+
         //  分割前台传过来的identifyToken（jwt格式的token）用base64解码使用
-        if (identifyToken.split("\\.").length > 1) {
-            String aud;
-            String sub;
-            try {
-                String claim = new String(Base64.decodeBase64(identifyToken.split("\\.")[1]));
-                logger.info("checkIdentifyToken-claim:{}", claim);
-                aud = JSONObject.parseObject(claim).get("aud").toString();
-                sub = JSONObject.parseObject(claim).get("sub").toString();
-                //  appleUserId从token中解码取出后赋值
-                request.setAppleUserId(sub);
-            } catch (Exception e) {
-                logger.info("checkIdentifyToken-token decode fail " + e.getMessage());
-                throw new PicaException("checkIdentifyToken-token decode fail Exception", "token decode fail");
-            }
-            return this.verify(publicKey, identifyToken, aud, sub, request);
+        String aud;
+        String sub;
+        try {
+            String claim = new String(Base64.decodeBase64(identifyToken.split("\\.")[1]));
+            logger.info("checkIdentifyToken-claim:{}", claim);
+            aud = JSONObject.parseObject(claim).get("aud").toString();
+            sub = JSONObject.parseObject(claim).get("sub").toString();
+            //  appleUserId从token中解码取出后赋值
+            request.setAppleUserId(sub);
+        } catch (Exception e) {
+            logger.info("checkIdentifyToken-token decode fail " + e.getMessage());
+            throw new PicaException("checkIdentifyToken-token decode fail Exception", "token decode fail");
         }
-        return false;
+        return this.verify(publicKey, identifyToken, aud, sub, request);
+//        return false;
     }
 
     public static void main(String[] args) throws InvalidPublicKeyException {
-        String jwt = "eyJraWQiOiJlWGF1bm1MIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnl1bnF1ZXlpLkRvY3RvciIsImV4cCI6MTU4Mjc4MjE2NSwiaWF0IjoxNTgyNzgxNTY1LCJzdWIiOiIwMDExMzAuMmI4NzE0NjVmZDFmNDVmZmFmNWRjMjg3ZTQ4OWVlZjEuMDMxNSIsImNfaGFzaCI6Ing1b3lsbXRCdG9XRy02eFVzakRNRUEiLCJlbWFpbCI6IjdnZ2E1cmo1dGNAcHJpdmF0ZXJlbGF5LmFwcGxlaWQuY29tIiwiZW1haWxfdmVyaWZpZWQiOiJ0cnVlIiwiaXNfcHJpdmF0ZV9lbWFpbCI6InRydWUiLCJhdXRoX3RpbWUiOjE1ODI3ODE1NjUsIm5vbmNlX3N1cHBvcnRlZCI6dHJ1ZX0.QKybdVM-1cQBNYeVzYvoQY8rc2ZdRAeq8dJQqbd0zagkmz8X9eoVoKvLxI-cO09bbpRAGMv7Bz-bVcIDgUjIxhxudInmhU2vltfYGEt5meKHjsgKg_qdjyK_WC_bG3N-LhfHUhiA1n3rU0owSxVOWdBxmnYZhftjMd2kGphY-leVPYMoUJRKPteJAMx-F8er1L9nBkrfazoE61Y5GR_y8qtdVFIqlo9oPEGlb1qUC7A4kSGp5OVb4vRvWiqQj7MTjsYIGfqUWQmnkoA7dvlCpbiHdel3Lq6UexS4XzC_FBYC7ekBFU1EO-5rFUflhzmxepPnD8S51eS1CO0ProwwOA";
+        String jwt = "eyJraWQiOiJlWGF1bm1MIiwiYWxnIjoiUlMyNTYifQ." +
+                "eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnl1bnF1ZXlpLkRvY3RvciIsImV4cCI6MTU4Mjc4MjE2NSwiaWF0IjoxNTgyNzgxNTY1LCJzdWIiOiIwMDExMzAuMmI4NzE0NjVmZDFmNDVmZmFmNWRjMjg3ZTQ4OWVlZjEuMDMxNSIsImNfaGFzaCI6Ing1b3lsbXRCdG9XRy02eFVzakRNRUEiLCJlbWFpbCI6IjdnZ2E1cmo1dGNAcHJpdmF0ZXJlbGF5LmFwcGxlaWQuY29tIiwiZW1haWxfdmVyaWZpZWQiOiJ0cnVlIiwiaXNfcHJpdmF0ZV9lbWFpbCI6InRydWUiLCJhdXRoX3RpbWUiOjE1ODI3ODE1NjUsIm5vbmNlX3N1cHBvcnRlZCI6dHJ1ZX0.QKybdVM-1cQBNYeVzYvoQY8rc2ZdRAeq8dJQqbd0zagkmz8X9eoVoKvLxI-cO09bbpRAGMv7Bz-bVcIDgUjIxhxudInmhU2vltfYGEt5meKHjsgKg_qdjyK_WC_bG3N-LhfHUhiA1n3rU0owSxVOWdBxmnYZhftjMd2kGphY-leVPYMoUJRKPteJAMx-F8er1L9nBkrfazoE61Y5GR_y8qtdVFIqlo9oPEGlb1qUC7A4kSGp5OVb4vRvWiqQj7MTjsYIGfqUWQmnkoA7dvlCpbiHdel3Lq6UexS4XzC_FBYC7ekBFU1EO-5rFUflhzmxepPnD8S51eS1CO0ProwwOA";
 
-        //jwt= "eyJraWQiOiI4NkQ4OEtmIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnl1bnF1ZXlpLkRvY3RvciIsImV4cCI6MTU4Mjc4MDgzMiwiaWF0IjoxNTgyNzgwMjMyLCJzdWIiOiIwMDExMzAuMmI4NzE0NjVmZDFmNDVmZmFmNWRjMjg3ZTQ4OWVlZjEuMDMxNSIsImNfaGFzaCI6Ilg0TzJGQnBQNlJHSm5yTTJaX2toYXciLCJlbWFpbCI6IjdnZ2E1cmo1dGNAcHJpdmF0ZXJlbGF5LmFwcGxlaWQuY29tIiwiZW1haWxfdmVyaWZpZWQiOiJ0cnVlIiwiaXNfcHJpdmF0ZV9lbWFpbCI6InRydWUiLCJhdXRoX3RpbWUiOjE1ODI3ODAyMzIsIm5vbmNlX3N1cHBvcnRlZCI6dHJ1ZX0.fB6Av1KK38U65HbP5XDfNjWyl2i9C9ojHSxAytDKjXHTCaXB2VMHmmnGzEaoSMnS0WR7LilugrmznqOIXkV8i-SyATw-Wx6hWg_9aiBOj-1eeQhUrqZGsWhjklxCFfK0WpAiyNNSAwiklgiZY41P0jrHzNbxk_5WVIxb0sEQ-igLYQhonTeLQ8WuYuCB6iRMlWHxwNdpSNXb-IlzjEKNm1cozf8RRjg0Y00Hu2VPEai2NJzGx5Ro7x7OpvCfePjxlyJze0tSYDVWxBnklBvHGDHXuTqKqMwNNHzo53JIiSARQD7JHxNCgtNTVIYX075zHNn8UgiLZy1mEdf1KnoXHg";
+//        jwt= "eyJraWQiOiI4NkQ4OEtmIiwiYWxnIjoiUlMyNTYifQ." +
+//                "eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnl1bnF1ZXlpLkRvY3RvciIsImV4cCI6MTU4Mjc4MDgzMiwiaWF0IjoxNTgyNzgwMjMyLCJzdWIiOiIwMDExMzAuMmI4NzE0NjVmZDFmNDVmZmFmNWRjMjg3ZTQ4OWVlZjEuMDMxNSIsImNfaGFzaCI6Ilg0TzJGQnBQNlJHSm5yTTJaX2toYXciLCJlbWFpbCI6IjdnZ2E1cmo1dGNAcHJpdmF0ZXJlbGF5LmFwcGxlaWQuY29tIiwiZW1haWxfdmVyaWZpZWQiOiJ0cnVlIiwiaXNfcHJpdmF0ZV9lbWFpbCI6InRydWUiLCJhdXRoX3RpbWUiOjE1ODI3ODAyMzIsIm5vbmNlX3N1cHBvcnRlZCI6dHJ1ZX0." +
+//                "fB6Av1KK38U65HbP5XDfNjWyl2i9C9ojHSxAytDKjXHTCaXB2VMHmmnGzEaoSMnS0WR7LilugrmznqOIXkV8i-SyATw-Wx6hWg_9aiBOj-1eeQhUrqZGsWhjklxCFfK0WpAiyNNSAwiklgiZY41P0jrHzNbxk_5WVIxb0sEQ-igLYQhonTeLQ8WuYuCB6iRMlWHxwNdpSNXb-IlzjEKNm1cozf8RRjg0Y00Hu2VPEai2NJzGx5Ro7x7OpvCfePjxlyJze0tSYDVWxBnklBvHGDHXuTqKqMwNNHzo53JIiSARQD7JHxNCgtNTVIYX075zHNn8UgiLZy1mEdf1KnoXHg";
+
+        jwt = "eyJraWQiOiJlWGF1bm1MIiwiYWxnIjoiUlMyNTYifQ." +
+                "eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnl1bnF1ZXlpLkRvY3RvciIsImV4cCI6MTU4Mjg3MTkwNSwiaWF0IjoxNTgyODcxMzA1LCJzdWIiOiIwMDExMzAuMmI4NzE0NjVmZDFmNDVmZmFmNWRjMjg3ZTQ4OWVlZjEuMDMxNSIsImNfaGFzaCI6IkliX3VSOWdnZEdVRi1jbzZWZGdfTHciLCJlbWFpbCI6IjdnZ2E1cmo1dGNAcHJpdmF0ZXJlbGF5LmFwcGxlaWQuY29tIiwiZW1haWxfdmVyaWZpZWQiOiJ0cnVlIiwiaXNfcHJpdmF0ZV9lbWFpbCI6InRydWUiLCJhdXRoX3RpbWUiOjE1ODI4NzEzMDUsIm5vbmNlX3N1cHBvcnRlZCI6dHJ1ZX0."+
+                "Mek6XzKKUenVQU3IHmLM_tgtilCbsIUSFu1r2gIHsNqseVZYC6JpkQJEZ2SSIwjRPSNUqtK6wqG4s5QbY9qJfIVdVMPqI95eaJiPWKOM6RTlatEhyLs4mokgSutsFHF97nW1qXGidN4tfXaxYygfaoYvOvjeGM-sfUixUbu3fhc5PKH2N91LnVcJNDmqDiUamzOYIXDzn55us8bjCm02fHOQ9D12HY9ambZ_zmPJXAMRi_YoqnSGAhggLfqKJ32pcB2ATHumgDOEhRsuXM89M6pHRS-yzaTfV182prd-fYWdscPVMiEqDt8JXb811lzY8wfqYZxtyg1sEdkq0Hrugw";
 
         //  向苹果后台获取公钥参数
         String appleResp = null;
@@ -703,14 +726,19 @@ public class LoginServiceImpl implements LoginService {
         JSONObject jsonObject = JSONObject.parseObject(appleResp);
         String keys = jsonObject.getString("keys");
         JSONArray arr = JSONObject.parseArray(keys);
+//        JSONObject jsonObject1 = JSONObject.parseObject(arr.getString(0));
         JSONObject jsonObject1 = JSONObject.parseObject(arr.getString(1));
-        System.out.println("jsonObject1:" + jsonObject1);
+        System.out.println("jsonObject1:"+jsonObject1);
 
         Jwk jwa = Jwk.fromValues(jsonObject1);
         PublicKey publicKey = jwa.getPublicKey();
 
-        String audience = "com.yunqueyi.Doctor";
-        String subject = "001130.2b871465fd1f45ffaf5dc287e489eef1.0315";
+        //added by joy begin
+//        publicKey = getPublicKey();
+        //added by joy end
+
+        String audience= "com.yunqueyi.Doctor";
+        String subject= "001130.2b871465fd1f45ffaf5dc287e489eef1.0315";
         JwtParser jwtParser = Jwts.parser().setSigningKey(publicKey);
         jwtParser.requireIssuer(Constants.APPLE_ISSUE_URL);
         jwtParser.requireAudience(audience);
@@ -719,14 +747,14 @@ public class LoginServiceImpl implements LoginService {
         try {
             System.out.println("checkIdentifyToken-apple-verify-starting");
             Jws<Claims> claim = jwtParser.parseClaimsJws(jwt);
-            System.out.println("checkIdentifyToken-apple-verify-claim:" + JSON.toJSONString(claim));
+            System.out.println("checkIdentifyToken-apple-verify-claim:"+ JSON.toJSONString(claim));
             if (claim != null && claim.getBody().containsKey("auth_time")) {
                 JSONObject claimBody = JSONObject.parseObject(JSON.toJSONString(claim.getBody()), JSONObject.class);
                 System.out.println("success......");
             }
         } catch (ExpiredJwtException e) {
             System.out.println("checkIdentifyToken-apple token expired" + e.getMessage());
-            throw new PicaException("apple token expired Exception", e.getMessage());
+            throw new PicaException("apple token expired Exception {}", e.getMessage());
         } catch (Exception e) {
             System.out.println("checkIdentifyToken-apple token illegal" + e.getMessage());
             throw new PicaException("apple token illegal Exception", e.getMessage());