国产化第一次提交

base-modules/service-system/service-system-biz/pom.xml

@@ -11,10 +11,133 @@
     <dependencies>
 
 
-        <dependency>
+<!--        <dependency>
             <groupId>com.usky</groupId>
             <artifactId>common-cloud-starter</artifactId>
+        </dependency>-->
+        <dependency>
+            <groupId>com.alibaba</groupId>
+            <artifactId>druid-spring-boot-starter</artifactId>
+            <version>1.2.8</version>
+        </dependency>
+        <dependency>
+            <groupId>com.alibaba.cloud</groupId>
+            <artifactId>spring-cloud-alibaba-commons</artifactId>
+            <version>2021.1</version>
+        </dependency>
+        <dependency>
+            <groupId>org.reflections</groupId>
+            <artifactId>reflections</artifactId>
+            <version>0.9.11</version>
+        </dependency>
+        <dependency>
+            <groupId>io.prometheus</groupId>
+            <artifactId>simpleclient_tracer_common</artifactId>
+            <version>0.12.0</version>
+        </dependency>
+        <dependency>
+            <groupId>com.alibaba.spring</groupId>
+            <artifactId>spring-context-support</artifactId>
+            <version>1.0.10</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-commons</artifactId>
+            <version>3.1.1</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-context</artifactId>
+            <version>3.1.1</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-actuator</artifactId>
+            <version>2.6.6</version>
+        </dependency>
+        <dependency>
+            <groupId>mysql</groupId>
+            <artifactId>mysql-connector-java</artifactId>
+            <version>8.0.28</version>
+        </dependency>
+        <dependency>
+            <groupId>com.baomidou</groupId>
+            <artifactId>mybatis-plus-generator</artifactId>
+            <version>3.4.0</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.velocity</groupId>
+            <artifactId>velocity-engine-core</artifactId>
+            <version>2.3</version>
+        </dependency>
+        <dependency>
+            <groupId>com.usky</groupId>
+            <artifactId>service-system-api</artifactId>
+            <version>0.0.1</version>
+        </dependency>
+<!--        <dependency>
+            <groupId>org.hibernate.validator</groupId>
+            <artifactId>hibernate-validator-parent</artifactId>
+            <version>6.2.3.Final</version>
+        </dependency>-->
+        <dependency>
+            <groupId>jakarta.validation</groupId>
+            <artifactId>jakarta.validation-api</artifactId>
+            <version>2.0.2</version>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.logging</groupId>
+            <artifactId>jboss-logging</artifactId>
+            <version>3.4.3.Final</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml</groupId>
+            <artifactId>classmate</artifactId>
+            <version>1.5.1</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.usky</groupId>
+            <artifactId>usky-common-security</artifactId>
+            <version>0.0.1</version>
+        </dependency>
+        <dependency>
+            <groupId>com.usky</groupId>
+            <artifactId>usky-common-mybatis</artifactId>
+            <version>0.0.1</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.usky</groupId>
+            <artifactId>ruoyi-common-datascope</artifactId>
+            <version>0.0.1</version>
+        </dependency>
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>1.18.22</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.12.0</version>
+        </dependency>
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>2.11.0</version>
+        </dependency>
+        <dependency>
+            <groupId>commons-beanutils</groupId>
+            <artifactId>commons-beanutils</artifactId>
+            <version>1.9.4</version>
         </dependency>
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+            <version>29.0-jre</version>
+        </dependency>
+
 
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -47,6 +170,40 @@
             <groupId>com.usky</groupId>
             <artifactId>ruoyi-common-swagger</artifactId>
         </dependency>
+        <dependency>
+            <groupId>com.usky</groupId>
+            <artifactId>usky-common-log</artifactId>
+        </dependency>
+
+        <!--达梦数据库依赖-->
+<!--        <dependency>
+            <groupId>com.dameng</groupId>
+            <artifactId>DmJdbcDriver18</artifactId>
+            <version>8.1.2.141</version>
+        </dependency>-->
+        <dependency>
+            <groupId>com.dm</groupId>
+            <artifactId>DmJdbcDriver</artifactId>
+            <version>1.8.0</version>
+        </dependency>
+        <!--工具类依赖-->
+        <dependency>
+            <groupId>com.dm</groupId>
+            <artifactId>ccsp-crypto</artifactId>
+            <version>2.2.2</version>
+        </dependency>
+        <dependency>
+            <groupId>com.dm</groupId>
+            <artifactId>crypto</artifactId>
+            <version>v5-0.0.1</version>
+        </dependency>
+        <dependency>
+            <groupId>com.dm</groupId>
+            <artifactId>swxajce</artifactId>
+            <version>v5.3.2.6</version>
+        </dependency>
+
+
 
     </dependencies>
 

base-modules/service-system/service-system-biz/src/main/java/com/usky/system/MybatisGeneratorUtils.java

@@ -32,7 +32,7 @@ public class MybatisGeneratorUtils {
         projectPath += "/" + model;
         gc.setOutputDir(projectPath + "/src/main/java");  //生成路径(一般都是生成在此项目的src/main/java下面)
         //修改为自己的名字
-        gc.setAuthor("han"); //设置作者
+        gc.setAuthor("fu"); //设置作者
         gc.setOpen(false);
         gc.setFileOverride(true); //第二次生成会把第一次生成的覆盖掉
         gc.setServiceName("%sService"); //生成的service接口名字首字母是否为I，这样设置就没有
@@ -42,10 +42,10 @@ public class MybatisGeneratorUtils {
         //2、数据源配置
         //修改数据源
         DataSourceConfig dsc = new DataSourceConfig();
-        dsc.setUrl("jdbc:mysql://172.16.120.165:3306/usky-cloud?useUnicode=true&serverTimezone=GMT&useSSL=false&characterEncoding=utf8");
+        dsc.setUrl("jdbc:mysql://127.0.0.1:3306/usky-cloud?useUnicode=true&serverTimezone=GMT&useSSL=false&characterEncoding=utf8");
         dsc.setDriverName("com.mysql.cj.jdbc.Driver");
-        dsc.setUsername("usky");
-        dsc.setPassword("Yt#75Usky");
+        dsc.setUsername("root");
+        dsc.setPassword("root");
         mpg.setDataSource(dsc);
 
         // 3、包配置
@@ -70,7 +70,7 @@ public class MybatisGeneratorUtils {
         // strategy.setTablePrefix("t_"); // 表名前缀
         strategy.setEntityLombokModel(true); //使用lombok
         //修改自己想要生成的表
-        strategy.setInclude("sys_mobile_banner");  // 逆向工程使用的表   如果要生成多个,这里可以传入String[]
+        strategy.setInclude("sys_check_code");  // 逆向工程使用的表   如果要生成多个,这里可以传入String[]
         mpg.setStrategy(strategy);
 
         // 关闭默认 xml 生成，调整生成 至 根目录

base-modules/service-system/service-system-biz/src/main/java/com/usky/system/controller/api/SysLogControllerApi.java

@@ -2,17 +2,19 @@ package com.usky.system.controller.api;
 
 import com.usky.common.core.bean.ApiResult;
 import com.usky.common.core.util.BeanMapperUtils;
+import com.usky.common.security.utils.SecurityUtils;
 import com.usky.system.RemoteLogService;
-import com.usky.system.domain.SysLogininfor;
-import com.usky.system.domain.SysLogininforVO;
-import com.usky.system.domain.SysOperLog;
-import com.usky.system.domain.SysOperLogVO;
+import com.usky.system.domain.*;
+import com.usky.system.mapper.SysCheckCodeMapper;
 import com.usky.system.service.ISysLogininforService;
 import com.usky.system.service.ISysOperLogService;
+import com.usky.system.service.util.Operation;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import java.io.UnsupportedEncodingException;
+
 /**
  * @author yq
  * @date 2022/7/1 11:08
@@ -26,13 +28,49 @@ public class SysLogControllerApi implements RemoteLogService {
 
     @Autowired
     private ISysLogininforService sysLogininforService;
+
+    @Autowired
+    private SysCheckCodeMapper sysCheckCodeMapper;
+
+    Operation operation = new Operation();
+
     @Override
     public ApiResult<Boolean> saveLog(SysOperLogVO sysOperLog) {
+        SysCheckCode sysCheckCode = new SysCheckCode();
+        //校验码存储
+        sysCheckCode.setDeptId(SecurityUtils.getLoginUser().getSysUser().getDeptId());
+        sysCheckCode.setUserId(SecurityUtils.getUserId());
+        sysCheckCode.setTenantId(SecurityUtils.getTenantId());
+        sysCheckCode.setUserName(SecurityUtils.getUsername());
+        sysCheckCode.setCheckCodeType(4);
+        sysCheckCode.setPlaintext(sysOperLog.getOperId().toString());
+        try {
+            sysCheckCode.setCheckCode(operation.CBCMAC((sysOperLog.getTitle() + sysOperLog.getBusinessType().toString() + sysOperLog.getMethod() + sysOperLog.getOperName()
+                    + sysOperLog.getOperUrl() + sysOperLog.getOperIp() + sysOperLog.getOperTime().toString() + SecurityUtils.getTenantId().toString()).getBytes("UTF-8")));
+        } catch (UnsupportedEncodingException e) {
+            e.printStackTrace();
+        }
+        sysCheckCodeMapper.insert(sysCheckCode);
         return ApiResult.success(sysOperLogService.save(BeanMapperUtils.map(sysOperLog, SysOperLog.class)));
     }
 
     @Override
     public ApiResult<Boolean> saveLogininfor(SysLogininforVO sysLogininfor) {
+        SysCheckCode sysCheckCode = new SysCheckCode();
+        //校验码存储
+        sysCheckCode.setDeptId(SecurityUtils.getLoginUser().getSysUser().getDeptId());
+        sysCheckCode.setUserId(SecurityUtils.getUserId());
+        sysCheckCode.setTenantId(SecurityUtils.getTenantId());
+        sysCheckCode.setUserName(SecurityUtils.getUsername());
+        sysCheckCode.setCheckCodeType(3);
+        sysCheckCode.setPlaintext(sysLogininfor.getInfoId().toString());
+        try {
+            sysCheckCode.setCheckCode(operation.CBCMAC((sysLogininfor.getUserName() + sysLogininfor.getIpaddr() + sysLogininfor.getStatus() + sysLogininfor.getMsg()
+                    + sysLogininfor.getAccessTime().toString() + sysLogininfor.getDeptId().toString() + sysLogininfor.getTenantId().toString()).getBytes("UTF-8")));
+        } catch (UnsupportedEncodingException e) {
+            e.printStackTrace();
+        }
+        sysCheckCodeMapper.insert(sysCheckCode);
         return ApiResult.success(sysLogininforService.save(BeanMapperUtils.map(sysLogininfor, SysLogininfor.class)));
     }
 }

base-modules/service-system/service-system-biz/src/main/java/com/usky/system/controller/web/SysCheckCodeController.java

@@ -0,0 +1,21 @@
+package com.usky.system.controller.web;
+
+
+import org.springframework.web.bind.annotation.RequestMapping;
+
+import org.springframework.stereotype.Controller;
+
+/**
+ * <p>
+ * 密码服务：校验码信息表 前端控制器
+ * </p>
+ *
+ * @author fu
+ * @since 2024-03-07
+ */
+@Controller
+@RequestMapping("/sysCheckCode")
+public class SysCheckCodeController {
+
+}
+

base-modules/service-system/service-system-biz/src/main/java/com/usky/system/controller/web/SysLogininforController.java

@@ -1,67 +1,110 @@
 package com.usky.system.controller.web;
 
 
-import com.ruoyi.common.core.annotation.Excel;
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.ruoyi.common.core.utils.poi.ExcelUtil;
 import com.usky.common.core.bean.ApiResult;
+import com.usky.common.core.exception.BusinessException;
 import com.usky.system.controller.web.page.TableDataInfo;
+import com.usky.system.domain.SysCheckCode;
 import com.usky.system.domain.SysLogininfor;
+import com.usky.system.mapper.SysCheckCodeMapper;
 import com.usky.system.service.ISysLogininforService;
+import com.usky.system.service.util.Operation;
 import com.usky.system.service.vo.SysLoginExportVO;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.io.UnsupportedEncodingException;
 import java.util.List;
+import java.util.Objects;
 
 /**
  * 系统访问记录
- * 
+ *
  * @author ruoyi
  */
 @RestController
 @RequestMapping("/logininfor")
-public class SysLogininforController extends BaseController
-{
+public class SysLogininforController extends BaseController {
     @Autowired
     private ISysLogininforService logininforService;
 
+    @Autowired
+    private SysCheckCodeMapper sysCheckCodeMapper;
+    Operation operation = new Operation();
 
     @GetMapping("/list")
-    public ApiResult<TableDataInfo> list(SysLogininfor logininfor)
-    {
+    public ApiResult<TableDataInfo> list(SysLogininfor logininfor) {
         startPage();
         List<SysLogininfor> list = logininforService.selectLogininforList(logininfor);
+        if (list.size() != 0) {
+            for (int i = 0; i < list.size(); i++) {
+                LambdaQueryWrapper<SysCheckCode> query = new LambdaQueryWrapper<>();
+                query.select(SysCheckCode::getCheckCode)
+                        .eq(SysCheckCode::getPlaintext, list.get(i).getInfoId())
+                        .eq(SysCheckCode::getCheckCodeType, 3);
+                SysCheckCode sysCheckCode = sysCheckCodeMapper.selectOne(query);
+
+                if (sysCheckCode == null) {
+                    throw new BusinessException("日志数据异常！");//登录日志记录有数据，而校验码表中没有数据
+                }
+                String checkCode1 = sysCheckCode.getCheckCode();
+                System.out.println(list.get(i).getUserName());
+                System.out.println(list.get(i).getIpaddr());
+                System.out.println(list.get(i).getStatus());
+                System.out.println(list.get(i).getMsg());
+                System.out.println(list.get(i).getAccessTime());
+                System.out.println(list.get(i).getTenantId());
+                System.out.println(list.get(i).getDeptId());
+                //分两种情况判断：dept_id参与校验码计算与否
+                try {
+                    if (!Objects.nonNull(list.get(i).getDeptId())) {
+                        String checkCode = operation.CBCMAC((list.get(i).getUserName() + list.get(i).getIpaddr() + list.get(i).getStatus() +
+                                list.get(i).getMsg() + list.get(i).getAccessTime().toString() + list.get(i).getTenantId().toString()).getBytes("UTF-8"));
+                        if (!checkCode.equals(checkCode1)) {
+                            throw new BusinessException("【完整性】校验失败，日志数据是被破坏或者篡改的");
+                        }
+                    }else {
+                        String checkCode = operation.CBCMAC((list.get(i).getUserName() + list.get(i).getIpaddr() + list.get(i).getStatus() +
+                                list.get(i).getMsg() + list.get(i).getAccessTime().toString() + list.get(i).getDeptId().toString() + list.get(i).getTenantId().toString()).getBytes("UTF-8"));
+                        if (!checkCode.equals(checkCode1)) {
+                            throw new BusinessException("【完整性】校验失败，日志数据是被破坏或者篡改的");
+                        }
+                    }
+                } catch (UnsupportedEncodingException e) {
+                    e.printStackTrace();
+                }
+            }
+        }
         return ApiResult.success(getDataTable(list));
     }
 
     @PostMapping("/listExport")
     public void export(HttpServletResponse response,
                        @RequestParam(value = "exportTitle") String exportTitle,
-                       SysLogininfor logininfor)throws IOException{
+                       SysLogininfor logininfor) throws IOException {
         List<SysLoginExportVO> list = logininforService.selectLogininforListExport(logininfor);
         ExcelUtil<SysLoginExportVO> util = new ExcelUtil<SysLoginExportVO>(SysLoginExportVO.class);
         util.exportExcel(response, list, exportTitle, exportTitle);
     }
 
     @DeleteMapping("/{infoIds}")
-    public ApiResult<Void> remove(@PathVariable Long[] infoIds)
-    {
+    public ApiResult<Void> remove(@PathVariable Long[] infoIds) {
         return toAjax(logininforService.deleteLogininforByIds(infoIds));
     }
 
 
     @DeleteMapping("/clean")
-    public ApiResult<Void> clean()
-    {
+    public ApiResult<Void> clean() {
         logininforService.cleanLogininfor();
         return ApiResult.success();
     }
 
     @PostMapping
-    public ApiResult<Void> add(@RequestBody SysLogininfor logininfor)
-    {
+    public ApiResult<Void> add(@RequestBody SysLogininfor logininfor) {
         logininforService.insertLogininfor(logininfor);
         return ApiResult.success();
     }

base-modules/service-system/service-system-biz/src/main/java/com/usky/system/controller/web/SysOperlogController.java

@@ -1,38 +1,68 @@
 package com.usky.system.controller.web;
 
 
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.ruoyi.common.core.utils.poi.ExcelUtil;
 import com.usky.common.core.bean.ApiResult;
+import com.usky.common.core.exception.BusinessException;
 import com.usky.common.log.annotation.Log;
 import com.usky.common.log.enums.BusinessType;
+import com.usky.common.security.utils.SecurityUtils;
 import com.usky.system.controller.web.page.TableDataInfo;
+import com.usky.system.domain.SysCheckCode;
 import com.usky.system.domain.SysOperLog;
+import com.usky.system.mapper.SysCheckCodeMapper;
 import com.usky.system.service.ISysOperLogService;
+import com.usky.system.service.util.Operation;
 import com.usky.system.service.vo.SysOperLogExportVO;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.io.UnsupportedEncodingException;
 import java.util.List;
 
 /**
  * 操作日志记录
- * 
+ *
  * @author ruoyi
  */
 @RestController
 @RequestMapping("/operlog")
-public class SysOperlogController extends BaseController
-{
+public class SysOperlogController extends BaseController {
     @Autowired
     private ISysOperLogService operLogService;
 
+    @Autowired
+    private SysCheckCodeMapper sysCheckCodeMapper;
+
+    Operation operation = new Operation();
+
     @GetMapping("/list")
-    public ApiResult<TableDataInfo> list(SysOperLog operLog)
-    {
+    public ApiResult<TableDataInfo> list(SysOperLog operLog) {
         startPage();
         List<SysOperLog> list = operLogService.selectOperLogList(operLog);
+        for (int i = 0; i < list.size(); i++) {
+            LambdaQueryWrapper<SysCheckCode> query = new LambdaQueryWrapper<>();
+            query.select(SysCheckCode::getCheckCode)
+                    .eq(SysCheckCode::getPlaintext,list.get(i).getOperId())
+                    .eq(SysCheckCode::getCheckCodeType,4);
+            SysCheckCode sysCheckCode = sysCheckCodeMapper.selectOne(query);
+            if (sysCheckCode==null){
+                throw new BusinessException("未查询到数据！");
+            }
+            String checkCode1 = sysCheckCode.getCheckCode();
+            try {
+                String checkCode = operation.CBCMAC((list.get(i).getTitle() + list.get(i).getBusinessType().toString() + list.get(i).getMethod() +
+                        list.get(i).getOperName() + list.get(i).getOperUrl() + list.get(i).getOperIp() + list.get(i).getOperTime().toString() + list.get(i).getTenantId().toString()).getBytes("UTF-8"));
+                if (!checkCode.equals(checkCode1)){
+                    throw new BusinessException("【完整性】校验失败，日志数据是被破坏或者篡改的");
+                }
+            } catch (UnsupportedEncodingException e) {
+                e.printStackTrace();
+            }
+        }
         return ApiResult.success(getDataTable(list));
     }
 
@@ -46,7 +76,7 @@ public class SysOperlogController extends BaseController
     @PostMapping("listExport")
     public void export(HttpServletResponse response,
                        @RequestParam(value = "exportTitle") String exportTitle,
-                       SysOperLog operLog)throws IOException{
+                       SysOperLog operLog) throws IOException {
         List<SysOperLogExportVO> list = operLogService.selectOperLogListExport(operLog);
         ExcelUtil<SysOperLogExportVO> util = new ExcelUtil<SysOperLogExportVO>(SysOperLogExportVO.class);
         util.exportExcel(response, list, exportTitle, exportTitle);
@@ -55,23 +85,20 @@ public class SysOperlogController extends BaseController
 
     @DeleteMapping("/{operIds}")
     @Log(title = "操作日志", businessType = BusinessType.DELETE)
-    public ApiResult<Void> remove(@PathVariable Long[] operIds)
-    {
+    public ApiResult<Void> remove(@PathVariable Long[] operIds) {
         return toAjax(operLogService.deleteOperLogByIds(operIds));
     }
 
 
     @DeleteMapping("/clean")
     @Log(title = "操作日志-清空", businessType = BusinessType.DELETE)
-    public ApiResult<Void> clean()
-    {
+    public ApiResult<Void> clean() {
         operLogService.cleanOperLog();
         return ApiResult.success();
     }
 
     @PostMapping
-    public ApiResult<Void> add(@RequestBody SysOperLog operLog)
-    {
+    public ApiResult<Void> add(@RequestBody SysOperLog operLog) {
         operLogService.insertOperlog(operLog);
         return ApiResult.success();
     }

base-modules/service-system/service-system-biz/src/main/java/com/usky/system/controller/web/SysUserController.java

@@ -1,21 +1,23 @@
 package com.usky.system.controller.web;
 
-
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.usky.common.security.utils.SecurityUtils;
 import com.usky.common.core.bean.ApiResult;
 import com.usky.common.core.exception.BusinessErrorCode;
 import com.usky.system.controller.web.page.TableDataInfo;
+import com.usky.system.domain.SysCheckCode;
 import com.usky.system.domain.SysRole;
 import com.usky.system.domain.SysUser;
 import com.usky.system.domain.constants.UserConstants;
-import com.usky.system.service.ISysPostService;
-import com.usky.system.service.ISysRoleService;
-import com.usky.system.service.ISysUserService;
+import com.usky.system.mapper.SysCheckCodeMapper;
+import com.usky.system.service.*;
+import com.usky.system.service.util.Operation;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
+import java.io.UnsupportedEncodingException;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -24,13 +26,12 @@ import java.util.stream.Collectors;
 
 /**
  * 用户信息
- * 
+ *
  * @author yq
  */
 @RestController
 @RequestMapping("/user")
-public class SysUserController extends BaseController
-{
+public class SysUserController extends BaseController {
     @Autowired
     private ISysUserService userService;
 
@@ -40,13 +41,17 @@ public class SysUserController extends BaseController
     @Autowired
     private ISysPostService postService;
 
+    @Autowired
+    private SysCheckCodeMapper sysCheckCodeMapper;
+
+    Operation operation = new Operation();
+
     /**
      * 获取用户列表
      */
 //    @Log(title = "用户管理", businessType = BusinessType.OTHER)
     @GetMapping("/list")
-    public ApiResult<TableDataInfo> list(SysUser user)
-    {
+    public ApiResult<TableDataInfo> list(SysUser user) {
         startPage();
         List<SysUser> list = userService.selectUserList(user);
         return ApiResult.success(getDataTable(list));
@@ -55,15 +60,13 @@ public class SysUserController extends BaseController
     /**
      * 根据用户编号获取详细信息
      */
-    @GetMapping(value = { "/", "/{userId}" })
-    public ApiResult<Map<String,Object>> getInfo(@PathVariable(value = "userId", required = false) Long userId)
-    {
-        Map<String,Object> ajax = new HashMap<>();
+    @GetMapping(value = {"/", "/{userId}"})
+    public ApiResult<Map<String, Object>> getInfo(@PathVariable(value = "userId", required = false) Long userId) {
+        Map<String, Object> ajax = new HashMap<>();
         List<SysRole> roles = roleService.selectRoleAll();
         ajax.put("roles", SysUser.isAdmin(userId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()));
         ajax.put("posts", postService.selectPostAll());
-        if (Objects.nonNull(userId))
-        {
+        if (Objects.nonNull(userId)) {
             ajax.put("data", userService.selectUserById(userId));
             ajax.put("postIds", postService.selectPostListByUserId(userId));
             ajax.put("roleIds", roleService.selectRoleListByUserId(userId));
@@ -77,17 +80,49 @@ public class SysUserController extends BaseController
 //    @Log(title = "用户管理", businessType = BusinessType.INSERT)
     @Transactional
     @PostMapping
-    public ApiResult<Void> add(@Validated @RequestBody SysUser user)
-    {
-        if (UserConstants.NOT_UNIQUE.equals(userService.checkUserNameUnique(user.getUserName(),SecurityUtils.getTenantId())))
-        {
+    public ApiResult<Void> add(@Validated @RequestBody SysUser user) {
+        SysCheckCode sysCheckCode = new SysCheckCode();
+        if (UserConstants.NOT_UNIQUE.equals(userService.checkUserNameUnique(user.getUserName(), SecurityUtils.getTenantId()))) {
             return ApiResult.error(BusinessErrorCode.BIZ_BUSINESS_ERROR.getCode(), "新增用户'" + user.getUserName() + "'失败，登录账号已存在");
         }
         user.setUserType("00");
         user.setTenantId(SecurityUtils.getTenantId());
         user.setCreateBy(SecurityUtils.getUsername());
-        user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
-        int row = userService.insertUser(user);
+
+        sysCheckCode.setPlaintext(user.getPassword());
+        try {
+            sysCheckCode.setCheckCode(operation.CBCMAC(user.getPassword().getBytes("UTF-8")));//存密码校验码
+        } catch (UnsupportedEncodingException e) {
+            e.printStackTrace();
+        }
+        user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));//让校验码工具先获取原始明文密码的校验码在进行加密存储到sys_user表中
+        int row = userService.insertUser(user);//将数据插入user表中后才生成user_id与表sys_check_code表关联
+
+        sysCheckCode.setUserId(user.getUserId());
+        sysCheckCode.setUserName(user.getUserName());
+        sysCheckCode.setDeptId(user.getDeptId());
+        sysCheckCode.setTenantId(user.getTenantId());
+        sysCheckCode.setCheckCodeType(1);
+        sysCheckCodeMapper.insert(sysCheckCode);
+
+        sysCheckCode.setUserId(user.getUserId());
+        sysCheckCode.setUserName(user.getUserName());
+        sysCheckCode.setDeptId(user.getDeptId());
+        sysCheckCode.setTenantId(user.getTenantId());
+        try {
+            sysCheckCode.setCheckCode(operation.CBCMAC(user.getPhonenumber().getBytes("UTF-8")));//存手机校验码
+        } catch (UnsupportedEncodingException e) {
+            e.printStackTrace();
+        }
+        sysCheckCode.setPlaintext(user.getPhonenumber());
+        try {
+            sysCheckCode.setCiphertext(operation.SM4CBCEnc(user.getPassword().getBytes("UTF-8")));//存手机号密文
+        } catch (UnsupportedEncodingException e) {
+            e.printStackTrace();
+        }
+        sysCheckCode.setCheckCodeType(2);
+        sysCheckCodeMapper.insert(sysCheckCode);
+
         return toAjax(row);
     }
 
@@ -97,10 +132,8 @@ public class SysUserController extends BaseController
 //    @Log(title = "用户管理", businessType = BusinessType.INSERT)
     @Transactional
     @PostMapping("/appAdd")
-    public ApiResult<Void> appAdd(@Validated @RequestBody SysUser user)
-    {
-        if (UserConstants.NOT_UNIQUE.equals(userService.checkUserNameUnique(user.getUserName(),user.getTenantId())))
-        {
+    public ApiResult<Void> appAdd(@Validated @RequestBody SysUser user) {
+        if (UserConstants.NOT_UNIQUE.equals(userService.checkUserNameUnique(user.getUserName(), user.getTenantId()))) {
             return ApiResult.error(BusinessErrorCode.BIZ_BUSINESS_ERROR.getCode(), "新增用户'" + user.getUserName() + "'失败，登录账号已存在");
         }
         user.setUserType("00");
@@ -117,10 +150,25 @@ public class SysUserController extends BaseController
 //    @Log(title = "用户管理", businessType = BusinessType.UPDATE)
     @Transactional
     @PutMapping
-    public ApiResult<Void> edit(@Validated @RequestBody SysUser user)
-    {
+    public ApiResult<Void> edit(@Validated @RequestBody SysUser user) {
         userService.checkUserAllowed(user);
         user.setUpdateBy(SecurityUtils.getUsername());
+        //更新手机号校验数据
+        LambdaQueryWrapper<SysCheckCode> wrapper = new LambdaQueryWrapper<>();
+        wrapper.select(SysCheckCode::getId)
+                .eq(SysCheckCode::getUserId, user.getUserId())
+                .eq(SysCheckCode::getCheckCodeType, 2);
+        SysCheckCode sysCheckCode = sysCheckCodeMapper.selectOne(wrapper);
+        if (sysCheckCode != null) {
+            sysCheckCode.setPlaintext(user.getPhonenumber());
+            try {
+                sysCheckCode.setCiphertext(operation.SM4CBCEnc(user.getPhonenumber().getBytes("UTF-8")));
+                sysCheckCode.setCheckCode(operation.CBCMAC(user.getPhonenumber().getBytes("UTF-8")));
+            } catch (UnsupportedEncodingException e) {
+                e.printStackTrace();
+            }
+        }
+        sysCheckCodeMapper.updateById(sysCheckCode);
         return toAjax(userService.updateUser(user));
     }
 
@@ -129,8 +177,7 @@ public class SysUserController extends BaseController
      */
 //    @Log(title = "用户管理", businessType = BusinessType.DELETE)
     @DeleteMapping("/{userIds}")
-    public ApiResult<Void> remove(@PathVariable Long[] userIds)
-    {
+    public ApiResult<Void> remove(@PathVariable Long[] userIds) {
         return toAjax(userService.deleteUserByIds(userIds));
     }
 
@@ -139,19 +186,31 @@ public class SysUserController extends BaseController
      */
 //    @Log(title = "用户管理", businessType = BusinessType.DELETE)
     @DeleteMapping("/{userId}/{password}")
-    public ApiResult<Void> remove(@PathVariable Long userId,@PathVariable String password)
-    {
+    public ApiResult<Void> remove(@PathVariable Long userId, @PathVariable String password) {
         String password1 = SecurityUtils.encryptPassword(password);
-        return toAjax(userService.deleteUserByPwd(userId,password1));
+        return toAjax(userService.deleteUserByPwd(userId, password1));
     }
 
     /**
      * 重置密码
      */
     @PutMapping("/resetPwd")
-    public ApiResult<Void> resetPwd(@RequestBody SysUser user)
-    {
+    public ApiResult<Void> resetPwd(@RequestBody SysUser user) {
         userService.checkUserAllowed(user);
+        //更新密码数据
+        LambdaQueryWrapper<SysCheckCode> wrapper = new LambdaQueryWrapper<>();
+        wrapper.eq(SysCheckCode::getUserId, user.getUserId())
+                .eq(SysCheckCode::getCheckCodeType, 1);
+        SysCheckCode sysCheckCode = sysCheckCodeMapper.selectOne(wrapper);
+        if (sysCheckCode != null) {
+            try {
+                sysCheckCode.setCheckCode(operation.CBCMAC(user.getPassword().getBytes("UTF-8")));
+            } catch (UnsupportedEncodingException e) {
+                e.printStackTrace();
+            }
+        }
+        sysCheckCode.setPlaintext(user.getPassword());
+        sysCheckCodeMapper.updateById(sysCheckCode);
         user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
         user.setUpdateBy(SecurityUtils.getUsername());
         return toAjax(userService.resetPwd(user));
@@ -161,8 +220,7 @@ public class SysUserController extends BaseController
      * 状态修改
      */
     @PutMapping("/changeStatus")
-    public ApiResult<Void> changeStatus(@RequestBody SysUser user)
-    {
+    public ApiResult<Void> changeStatus(@RequestBody SysUser user) {
         userService.checkUserAllowed(user);
         user.setUpdateBy(SecurityUtils.getUsername());
         return toAjax(userService.updateUserStatus(user));
@@ -172,9 +230,8 @@ public class SysUserController extends BaseController
      * 根据用户编号获取授权角色
      */
     @GetMapping("/authRole/{userId}")
-    public ApiResult<Map<String,Object>> authRole(@PathVariable("userId") Long userId)
-    {
-        Map<String,Object> ajax = new HashMap<>();
+    public ApiResult<Map<String, Object>> authRole(@PathVariable("userId") Long userId) {
+        Map<String, Object> ajax = new HashMap<>();
         SysUser user = userService.selectUserById(userId);
         List<SysRole> roles = roleService.selectRolesByUserId(userId);
         ajax.put("user", user);
@@ -186,8 +243,7 @@ public class SysUserController extends BaseController
      * 用户授权角色
      */
     @PutMapping("/authRole")
-    public ApiResult<Void> insertAuthRole(Long userId, Long[] roleIds)
-    {
+    public ApiResult<Void> insertAuthRole(Long userId, Long[] roleIds) {
         userService.insertUserAuth(userId, roleIds);
         return ApiResult.success();
     }

base-modules/service-system/service-system-biz/src/main/java/com/usky/system/domain/SysCheckCode.java

@@ -0,0 +1,148 @@
+package com.usky.system.domain;
+
+import com.baomidou.mybatisplus.annotation.IdType;
+import com.baomidou.mybatisplus.annotation.TableId;
+import java.io.Serializable;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+/**
+ * <p>
+ * 密码服务：校验码信息表
+ * </p>
+ *
+ * @author fu
+ * @since 2024-03-07
+ */
+@Data
+@EqualsAndHashCode(callSuper = false)
+public class SysCheckCode implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * 自增主键ID
+     */
+    @TableId(value = "id", type = IdType.AUTO)
+    private Long id;
+
+    /**
+     * 用户ID
+     */
+    private Long userId;
+
+    /**
+     * 部门ID
+     */
+    private Long deptId;
+
+    /**
+     * 租户ID
+     */
+    private Integer tenantId;
+
+    /**
+     * 敏感数据明文存储
+     */
+    private String plaintext;
+
+    /**
+     * 敏感数据加密存储
+     */
+    private String ciphertext;
+
+    /**
+     * 校验码
+     */
+    private String checkCode;
+
+    /**
+     * 用户名
+     */
+    private String userName;
+
+    /**
+     * 校验码类型（1：密码校验码；2：手机号校验码；3：登录日志校验码；4：操作日志校验码，5：文件校验码）
+     */
+    private Integer checkCodeType;
+
+    public static long getSerialVersionUID() {
+        return serialVersionUID;
+    }
+
+    public String getPlaintext() {
+        return plaintext;
+    }
+
+    public void setPlaintext(String plaintext) {
+        this.plaintext = plaintext;
+    }
+
+    public String getCiphertext() {
+        return ciphertext;
+    }
+
+    public void setCiphertext(String ciphertext) {
+        this.ciphertext = ciphertext;
+    }
+
+    public Long getId() {
+        return id;
+    }
+
+    public void setId(Long id) {
+        this.id = id;
+    }
+
+    public Long getDeptId() {
+        return deptId;
+    }
+
+    public void setDeptId(Long deptId) {
+        this.deptId = deptId;
+    }
+
+    public Integer getTenantId() {
+        return tenantId;
+    }
+
+    public void setTenantId(Integer tenantId) {
+        this.tenantId = tenantId;
+    }
+
+    public String getCheckCode() {
+        return checkCode;
+    }
+
+    public void setCheckCode(String checkCode) {
+        this.checkCode = checkCode;
+    }
+
+    public Integer getCheckCodeType() {
+        return checkCodeType;
+    }
+
+    public void setCheckCodeType(Integer checkCodeType) {
+        this.checkCodeType = checkCodeType;
+    }
+
+    public Long getUserId() {
+        return userId;
+    }
+
+    public void setUserId(Long userId) {
+        this.userId = userId;
+    }
+
+    @Override
+    public String toString() {
+        return "SysCheckCode{" +
+                "id=" + id +
+                ", deptId=" + deptId +
+                ", tenantId=" + tenantId +
+                ", userId=" + userId +
+                ", checkCode='" + checkCode + '\'' +
+                ", checkCodeType=" + checkCodeType +
+                '}';
+    }
+}

base-modules/service-system/service-system-biz/src/main/java/com/usky/system/mapper/SysCheckCodeMapper.java

@@ -0,0 +1,18 @@
+package com.usky.system.mapper;
+
+import com.usky.system.domain.SysCheckCode;
+import com.usky.common.mybatis.core.CrudMapper;
+import org.springframework.stereotype.Repository;
+
+/**
+ * <p>
+ * 密码服务：校验码信息表 Mapper 接口
+ * </p>
+ *
+ * @author fu
+ * @since 2024-03-07
+ */
+@Repository
+public interface SysCheckCodeMapper extends CrudMapper<SysCheckCode> {
+
+}

base-modules/service-system/service-system-biz/src/main/java/com/usky/system/mapper/SysOperLogMapper.java

@@ -4,6 +4,8 @@ package com.usky.system.mapper;
 import com.usky.common.mybatis.core.CrudMapper;
 import com.usky.system.domain.SysOperLog;
 import com.usky.system.service.vo.SysOperLogExportVO;
+import org.apache.ibatis.annotations.Insert;
+import org.apache.ibatis.annotations.Options;
 import org.apache.ibatis.annotations.Param;
 import org.springframework.stereotype.Repository;
 

base-modules/service-system/service-system-biz/src/main/java/com/usky/system/service/SysCheckCodeService.java

@@ -0,0 +1,16 @@
+package com.usky.system.service;
+
+import com.usky.system.domain.SysCheckCode;
+import com.usky.common.mybatis.core.CrudService;
+
+/**
+ * <p>
+ * 密码服务：校验码信息表 服务类
+ * </p>
+ *
+ * @author fu
+ * @since 2024-03-07
+ */
+public interface SysCheckCodeService extends CrudService<SysCheckCode> {
+
+}

base-modules/service-system/service-system-biz/src/main/java/com/usky/system/service/SysLoginService.java

@@ -11,14 +11,17 @@ import com.usky.common.core.exception.BusinessException;
 import com.usky.system.RuoYiSystemApplication;
 import com.usky.system.domain.*;
 import com.usky.system.domain.constants.UserConstants;
+import com.usky.system.mapper.SysCheckCodeMapper;
 import com.usky.system.model.LoginUser;
 import com.usky.system.service.enums.UserStatus;
+import com.usky.system.service.util.Operation;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import org.springframework.web.bind.annotation.RequestParam;
 
+import java.io.UnsupportedEncodingException;
 import java.util.List;
 import java.util.Objects;
 import java.util.Random;
@@ -45,32 +48,36 @@ public class SysLoginService {
     private SysPersonService sysPersonService;
 
     @Autowired
-    private  SysTenantService sysTenantService;
+    private SysTenantService sysTenantService;
+
+    @Autowired
+    private SysCheckCodeMapper sysCheckCodeMapper;
 
 
-    public final String LOGIN_QRCODE_VERIFY ="login_qrcode_verify";
+    public final String LOGIN_QRCODE_VERIFY = "login_qrcode_verify";
 
     private static final Logger LOGGER = LoggerFactory.getLogger(SysLoginService.class);
 
+    Operation operation = new Operation();
     /**
      * 登录
      */
     public LoginUser login(String username, String password, Integer tenantId) {
         // 用户名或密码为空 错误
         if (StringUtils.isAnyBlank(username, password)) {
-            recordLogininfor(tenantId,username, Constants.LOGIN_FAIL, "用户/密码必须填写");
+            recordLogininfor(tenantId, username, Constants.LOGIN_FAIL, "用户/密码必须填写");
             throw new BusinessException("用户/密码必须填写");
         }
         // 密码如果不在指定范围内 错误
         if (password.length() < UserConstants.PASSWORD_MIN_LENGTH
                 || password.length() > UserConstants.PASSWORD_MAX_LENGTH) {
-            recordLogininfor(tenantId,username, Constants.LOGIN_FAIL, "用户密码不在指定范围");
+            recordLogininfor(tenantId, username, Constants.LOGIN_FAIL, "用户密码不在指定范围");
             throw new BusinessException("用户密码不在指定范围");
         }
         // 用户名不在指定范围内 错误
         if (username.length() < UserConstants.USERNAME_MIN_LENGTH
                 || username.length() > UserConstants.USERNAME_MAX_LENGTH) {
-            recordLogininfor(tenantId,username, Constants.LOGIN_FAIL, "用户名不在指定范围");
+            recordLogininfor(tenantId, username, Constants.LOGIN_FAIL, "用户名不在指定范围");
             throw new BusinessException("用户名不在指定范围");
         }
 
@@ -84,15 +91,15 @@ public class SysLoginService {
 
         SysUserVO user = loginUser.getSysUser();
         if (UserStatus.DELETED.getCode().equals(user.getDelFlag())) {
-            recordLogininfor(tenantId,username, Constants.LOGIN_FAIL, "对不起，您的账号已被删除");
+            recordLogininfor(tenantId, username, Constants.LOGIN_FAIL, "对不起，您的账号已被删除");
             throw new BusinessException("对不起，您的账号：" + username + " 已被删除");
         }
         if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {
-            recordLogininfor(tenantId,username, Constants.LOGIN_FAIL, "用户已停用，请联系管理员");
+            recordLogininfor(tenantId, username, Constants.LOGIN_FAIL, "用户已停用，请联系管理员");
             throw new BusinessException("对不起，您的账号：" + username + " 已停用");
         }
         if (!SecurityUtils.matchesPassword(password, user.getPassword())) {
-            recordLogininfor(tenantId,username, Constants.LOGIN_FAIL, "用户密码错误");
+            recordLogininfor(tenantId, username, Constants.LOGIN_FAIL, "用户密码错误");
             throw new BusinessException("用户不存在/密码错误");
         }
         //判断租户状态是否停用
@@ -100,18 +107,18 @@ public class SysLoginService {
         queryWrapper.select(SysTenant::getStatus, SysTenant::getDomain)
                 .eq(SysTenant::getId, tenantId);
         List<SysTenant> list = sysTenantService.list(queryWrapper);
-        if(CollectionUtils.isNotEmpty(list)){
+        if (CollectionUtils.isNotEmpty(list)) {
             String status = list.get(0).getStatus();
             String domain = list.get(0).getDomain();
-            if(status.equals("1")){
-                recordLogininfor(tenantId,username, Constants.LOGIN_FAIL, "系统已停用，请联系管理员");
+            if (status.equals("1")) {
+                recordLogininfor(tenantId, username, Constants.LOGIN_FAIL, "系统已停用，请联系管理员");
                 throw new BusinessException("对不起，系统已停用，请联系管理员");
             }
         }
 
         SysPerson sysPerson = sysPersonService.getsysPerson(user.getUserId());
         loginUser.setSysPerson(sysPerson);
-        recordLogininfor(tenantId,username, Constants.LOGIN_SUCCESS, "登录成功");
+        recordLogininfor(tenantId, username, Constants.LOGIN_SUCCESS, "登录成功");
         return loginUser;
     }
 
@@ -121,21 +128,21 @@ public class SysLoginService {
         if (!StringUtils.isBlank(username) && !StringUtils.isBlank(password)) {
             // 用户名或密码为空 错误
             if (StringUtils.isAnyBlank(username, password)) {
-                recordLogininfor(tenantId,username, Constants.LOGIN_FAIL, "用户/密码必须填写");
+                recordLogininfor(tenantId, username, Constants.LOGIN_FAIL, "用户/密码必须填写");
                 throw new BusinessException("用户/密码必须填写");
             }
 
             // 密码如果不在指定范围内 错误
             if (password.length() < UserConstants.PASSWORD_MIN_LENGTH
                     || password.length() > UserConstants.PASSWORD_MAX_LENGTH) {
-                recordLogininfor(tenantId,username, Constants.LOGIN_FAIL, "用户密码不在指定范围");
+                recordLogininfor(tenantId, username, Constants.LOGIN_FAIL, "用户密码不在指定范围");
                 throw new BusinessException("用户密码不在指定范围");
             }
 
             // 用户名不在指定范围内 错误
             if (username.length() < UserConstants.USERNAME_MIN_LENGTH
                     || username.length() > UserConstants.USERNAME_MAX_LENGTH) {
-                recordLogininfor(tenantId,username, Constants.LOGIN_FAIL, "用户名不在指定范围");
+                recordLogininfor(tenantId, username, Constants.LOGIN_FAIL, "用户名不在指定范围");
                 throw new BusinessException("用户名不在指定范围");
             }
 
@@ -143,15 +150,38 @@ public class SysLoginService {
             loginUser = sysUserService.getAppUserInfo(username, tenantId, null);
 
             if (Objects.isNull(loginUser)) {
-                recordLogininfor(tenantId,username, Constants.LOGIN_FAIL, "用户不存在");
+                recordLogininfor(tenantId, username, Constants.LOGIN_FAIL, "用户不存在");
                 throw new BusinessException("用户不存在");
             }
 
+            String str1 = password;
+            //访问控制信息校验码计算
+            String mac1 = null;
+            try {
+                mac1 = operation.CBCMAC(str1.getBytes("UTF-8"));
+            } catch (UnsupportedEncodingException e) {
+                e.printStackTrace();
+            }
+            //访问控制信息的读取
+            String mac2 = null;
+            LambdaQueryWrapper<SysCheckCode> wrapper = new LambdaQueryWrapper<>();
+            wrapper.eq(SysCheckCode::getUserId, loginUser.getUserId())
+                    .eq(SysCheckCode::getCheckCodeType,1)
+                    .select(SysCheckCode::getCheckCode);
+            SysCheckCode checkCodeRecord = sysCheckCodeMapper.selectOne(wrapper);
+            if (checkCodeRecord != null) {
+                mac2 = checkCodeRecord.getCheckCode();
+            }
+            //比较mac1和mac2
+            if (!mac1.equals(mac2)) {
+                throw new BusinessException("【完整性】校验失败，访问控制信息是被破坏或者篡改的!");
+            }
+
             if (!SecurityUtils.matchesPassword(password, loginUser.getPassword())) {
-                recordLogininfor(tenantId,username, Constants.LOGIN_FAIL, "用户密码错误");
+                recordLogininfor(tenantId, username, Constants.LOGIN_FAIL, "用户密码错误");
                 throw new BusinessException("用户不存在/密码错误");
             }
-        } else if(!StringUtils.isBlank(phone) && !StringUtils.isBlank(verify)) {
+        } else if (!StringUtils.isBlank(phone) && !StringUtils.isBlank(verify)) {
             //手机验证码登录
             if (StringUtils.isBlank(verify)) {
                 throw new BusinessException("验证码不能为空");
@@ -163,12 +193,12 @@ public class SysLoginService {
                 throw new BusinessException("用户名或手机号不能为空");
             }
             loginUser = sysUserService.getAppUserInfo(null, tenantId, phone);
-        } else if(!StringUtils.isBlank(username) && !StringUtils.isBlank(verify)) {
+        } else if (!StringUtils.isBlank(username) && !StringUtils.isBlank(verify)) {
             LOGGER.info("二维码验证码登录");
             if (StringUtils.isBlank(username)) {
                 throw new BusinessException("用户名不能为空");
             }
-            String qrCode_verify = LOGIN_QRCODE_VERIFY+":"+username;
+            String qrCode_verify = LOGIN_QRCODE_VERIFY + ":" + username;
             if (!verify.equals(redisHelper.get(qrCode_verify))) {
                 throw new BusinessException("扫码验证码失败");
             }
@@ -176,21 +206,21 @@ public class SysLoginService {
         }
 
         if (UserStatus.DELETED.getCode().equals(loginUser.getDelFlag())) {
-            recordLogininfor(tenantId,username, Constants.LOGIN_FAIL, "对不起，您的账号已被删除");
+            recordLogininfor(tenantId, username, Constants.LOGIN_FAIL, "对不起，您的账号已被删除");
             throw new BusinessException("对不起，您的账号：" + username + " 已被删除");
         }
         if (UserStatus.DISABLE.getCode().equals(loginUser.getStatus())) {
-            recordLogininfor(tenantId,username, Constants.LOGIN_FAIL, "用户已停用，请联系管理员");
+            recordLogininfor(tenantId, username, Constants.LOGIN_FAIL, "用户已停用，请联系管理员");
             throw new BusinessException("对不起，您的账号：" + username + " 已停用");
         }
 
-        recordLogininfor(tenantId,username, Constants.LOGIN_SUCCESS, "登录成功");
+        recordLogininfor(tenantId, username, Constants.LOGIN_SUCCESS, "登录成功");
         return loginUser;
     }
 
 
-    public void logout(Integer tenantId,String loginName) {
-        recordLogininfor(tenantId,loginName, Constants.LOGOUT, "退出成功");
+    public void logout(Integer tenantId, String loginName) {
+        recordLogininfor(tenantId, loginName, Constants.LOGOUT, "退出成功");
     }
 
     /**
@@ -216,7 +246,7 @@ public class SysLoginService {
         sysUser.setNickName(username);
         sysUser.setPassword(SecurityUtils.encryptPassword(password));
         sysUserService.register(BeanMapperUtils.map(sysUser, SysUser.class));
-        recordLogininfor(SecurityUtils.getTenantId(),username, Constants.REGISTER, "注册成功");
+        recordLogininfor(SecurityUtils.getTenantId(), username, Constants.REGISTER, "注册成功");
     }
 
     /**
@@ -227,7 +257,7 @@ public class SysLoginService {
      * @param message  消息内容
      * @return
      */
-    public void recordLogininfor(Integer tenantId,String username, String status, String message) {
+    public void recordLogininfor(Integer tenantId, String username, String status, String message) {
         SysLogininforVO logininfor = new SysLogininforVO();
         logininfor.setUserName(username);
         logininfor.setIpaddr(IpUtils.getIpAddr(ServletUtils.getRequest()));
@@ -236,11 +266,11 @@ public class SysLoginService {
 
         LambdaQueryWrapper<SysUser> queryWrapper = Wrappers.lambdaQuery();
         queryWrapper.select(SysUser::getDeptId)
-                .eq(SysUser::getDelFlag,0)
-                .eq(SysUser::getUserName,username)
-                .eq(SysUser::getTenantId,tenantId);
+                .eq(SysUser::getDelFlag, 0)
+                .eq(SysUser::getUserName, username)
+                .eq(SysUser::getTenantId, tenantId);
         SysUser one = sysUserService.getOne(queryWrapper);
-        if(one != null){
+        if (one != null) {
             logininfor.setDeptId(one.getDeptId().intValue());
         }
         logininfor.setTenantId(tenantId);
@@ -256,27 +286,27 @@ public class SysLoginService {
     }
 
 
-    public String getQrCodeResult(@RequestParam String qrCode){
-        Object o = redisHelper.get(LOGIN_QRCODE_VERIFY+ ":" + qrCode);
-        if(null !=o) {
+    public String getQrCodeResult(@RequestParam String qrCode) {
+        Object o = redisHelper.get(LOGIN_QRCODE_VERIFY + ":" + qrCode);
+        if (null != o) {
             String result = String.valueOf(o);
             return result;
         }
-       return null;
+        return null;
     }
 
 
     public void qrCodeSend(@RequestParam String userName, @RequestParam String qrCode, @RequestParam Integer tenantId) {
-        if(StringUtils.isBlank(userName)){
+        if (StringUtils.isBlank(userName)) {
             throw new BusinessException("用户名不能为空");
         }
-        if(StringUtils.isBlank(qrCode)){
+        if (StringUtils.isBlank(qrCode)) {
             throw new BusinessException("二维码不能为空");
         }
-        SysUser sysUser = sysUserService.selectUserByUserNameOne(userName,tenantId);
+        SysUser sysUser = sysUserService.selectUserByUserNameOne(userName, tenantId);
         String code = String.valueOf(new Random().nextInt(1000000));
-        redisHelper.set(LOGIN_QRCODE_VERIFY+":"+userName,code,60,TimeUnit.SECONDS);
-        redisHelper.set(LOGIN_QRCODE_VERIFY+":"+qrCode,userName+":"+code,60, TimeUnit.SECONDS);
+        redisHelper.set(LOGIN_QRCODE_VERIFY + ":" + userName, code, 60, TimeUnit.SECONDS);
+        redisHelper.set(LOGIN_QRCODE_VERIFY + ":" + qrCode, userName + ":" + code, 60, TimeUnit.SECONDS);
     }
 
 }

base-modules/service-system/service-system-biz/src/main/java/com/usky/system/service/impl/SysCheckCodeServiceImpl.java

@@ -0,0 +1,20 @@
+package com.usky.system.service.impl;
+
+import com.usky.system.domain.SysCheckCode;
+import com.usky.system.mapper.SysCheckCodeMapper;
+import com.usky.system.service.SysCheckCodeService;
+import com.usky.common.mybatis.core.AbstractCrudService;
+import org.springframework.stereotype.Service;
+
+/**
+ * <p>
+ * 密码服务：校验码信息表 服务实现类
+ * </p>
+ *
+ * @author fu
+ * @since 2024-03-07
+ */
+@Service
+public class SysCheckCodeServiceImpl extends AbstractCrudService<SysCheckCodeMapper, SysCheckCode> implements SysCheckCodeService {
+
+}

base-modules/service-system/service-system-biz/src/main/java/com/usky/system/service/impl/SysLogininforServiceImpl.java

@@ -1,58 +1,102 @@
 package com.usky.system.service.impl;
 
-
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.ruoyi.common.datascope.annotation.DataScope;
-import com.usky.common.core.util.StringUtils;
+import com.usky.common.core.exception.BusinessException;
 import com.usky.common.mybatis.core.AbstractCrudService;
 import com.usky.common.security.utils.SecurityUtils;
+import com.usky.system.domain.SysCheckCode;
 import com.usky.system.domain.SysLogininfor;
+import com.usky.system.domain.SysUser;
+import com.usky.system.mapper.SysCheckCodeMapper;
 import com.usky.system.mapper.SysLogininforMapper;
+import com.usky.system.mapper.SysUserMapper;
 import com.usky.system.service.ISysLogininforService;
+import com.usky.system.service.util.Operation;
 import com.usky.system.service.vo.SysLoginExportVO;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import java.time.LocalDateTime;
+import java.io.UnsupportedEncodingException;
 import java.util.Date;
 import java.util.List;
 import java.util.Objects;
 
-
 /**
  * 系统访问日志情况信息 服务层处理
- * 
+ *
  * @author yq
  */
 @Service
-public class SysLogininforServiceImpl extends AbstractCrudService<SysLogininforMapper, SysLogininfor> implements ISysLogininforService
-{
+public class SysLogininforServiceImpl extends AbstractCrudService<SysLogininforMapper, SysLogininfor> implements ISysLogininforService {
 
     @Autowired
     private SysLogininforMapper logininforMapper;
 
+    @Autowired
+    private SysCheckCodeMapper sysCheckCodeMapper;
+
+    @Autowired
+    private SysUserMapper sysUserMapper;
+
+    Operation operation = new Operation();
+
     /**
      * 新增系统登录日志
-     * 
+     *
      * @param logininfor 访问日志对象
      */
     @Override
-    public void insertLogininfor(SysLogininfor logininfor)
-    {
+    public void insertLogininfor(SysLogininfor logininfor) {
+        LambdaQueryWrapper<SysUser> wrapper = new LambdaQueryWrapper<>();
+        wrapper.select(SysUser::getUserId, SysUser::getTenantId)
+                .eq(SysUser::getUserName,logininfor.getUserName());
+        SysUser sysUser = sysUserMapper.selectOne(wrapper);
+        SysCheckCode sysCheckCode = new SysCheckCode();
         Date now = new Date();
         logininfor.setAccessTime(now);
+        logininfor.setTenantId(sysUser.getTenantId());
         logininforMapper.insertLogininfor(logininfor);
+        System.out.println(logininfor.getUserName());
+        System.out.println(logininfor.getIpaddr());
+        System.out.println(logininfor.getStatus());
+        System.out.println(logininfor.getMsg());
+        System.out.println(logininfor.getAccessTime());
+        System.out.println(logininfor.getTenantId());
+        System.out.println(logininfor.getDeptId());
+        System.out.println(logininfor.getTenantId());
+        System.out.println("sysUser---dept_id"+sysUser.getDeptId());
+        System.out.println("sysUser---tenant_id"+sysUser.getTenantId());
+
+        sysCheckCode.setPlaintext(logininfor.getInfoId().toString());
+        sysCheckCode.setUserName(logininfor.getUserName());
+        sysCheckCode.setDeptId(sysUser.getDeptId() != null ? sysUser.getDeptId() : null);
+        sysCheckCode.setUserId(sysUser.getUserId());
+        sysCheckCode.setTenantId(sysUser.getTenantId());
+        sysCheckCode.setCheckCodeType(3);
+        try {
+            if (logininfor.getDeptId() == null) {
+                sysCheckCode.setCheckCode(operation.CBCMAC((logininfor.getUserName() + logininfor.getIpaddr() + logininfor.getStatus() + logininfor.getMsg()
+                        + logininfor.getAccessTime().toString() + logininfor.getTenantId().toString()).getBytes("UTF-8")));
+            } else {
+                sysCheckCode.setCheckCode(operation.CBCMAC((logininfor.getUserName() + logininfor.getIpaddr() + logininfor.getStatus() + logininfor.getMsg()
+                        + logininfor.getAccessTime().toString() + logininfor.getDeptId().toString() + logininfor.getTenantId().toString()).getBytes("UTF-8")));
+            }
+        } catch (UnsupportedEncodingException e) {
+            e.printStackTrace();
+        }
+        sysCheckCodeMapper.insert(sysCheckCode);
     }
 
     /**
      * 查询系统登录日志集合
-     * 
+     *
      * @param logininfor 访问日志对象
      * @return 登录记录集合
      */
-    @DataScope(deptAlias = "d",userAlias = "d")
+    @DataScope(deptAlias = "d", userAlias = "d")
     @Override
-    public List<SysLogininfor> selectLogininforList(SysLogininfor logininfor)
-    {
+    public List<SysLogininfor> selectLogininforList(SysLogininfor logininfor) {
         logininfor.setTenantId(SecurityUtils.getTenantId());
         return logininforMapper.selectLogininforList(logininfor);
     }
@@ -64,22 +108,20 @@ public class SysLogininforServiceImpl extends AbstractCrudService<SysLogininforM
      * @return 登录记录导出集合
      */
     @Override
-    @DataScope(deptAlias = "d",userAlias = "d")
-    public List<SysLoginExportVO> selectLogininforListExport(SysLogininfor logininfor)
-    {
+    @DataScope(deptAlias = "d", userAlias = "d")
+    public List<SysLoginExportVO> selectLogininforListExport(SysLogininfor logininfor) {
         logininfor.setTenantId(SecurityUtils.getTenantId());
         return logininforMapper.selectLogininforListExport(logininfor);
     }
 
     /**
      * 批量删除系统登录日志
-     * 
+     *
      * @param infoIds 需要删除的登录日志ID
      * @return
      */
     @Override
-    public int deleteLogininforByIds(Long[] infoIds)
-    {
+    public int deleteLogininforByIds(Long[] infoIds) {
         return logininforMapper.deleteLogininforByIds(infoIds);
     }
 
@@ -87,8 +129,7 @@ public class SysLogininforServiceImpl extends AbstractCrudService<SysLogininforM
      * 清空系统登录日志
      */
     @Override
-    public void cleanLogininfor()
-    {
+    public void cleanLogininfor() {
         logininforMapper.cleanLogininfor();
     }
 }

base-modules/service-system/service-system-biz/src/main/java/com/usky/system/service/impl/SysOperLogServiceImpl.java

@@ -4,14 +4,18 @@ package com.usky.system.service.impl;
 import com.ruoyi.common.datascope.annotation.DataScope;
 import com.usky.common.mybatis.core.AbstractCrudService;
 import com.usky.common.security.utils.SecurityUtils;
+import com.usky.system.domain.SysCheckCode;
 import com.usky.system.domain.SysOperLog;
+import com.usky.system.mapper.SysCheckCodeMapper;
 import com.usky.system.mapper.SysOperLogMapper;
 import com.usky.system.service.ISysOperLogService;
+import com.usky.system.service.util.Operation;
 import com.usky.system.service.vo.SysOperLogExportVO;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import sun.util.calendar.BaseCalendar;
 
+import java.io.UnsupportedEncodingException;
 import java.util.Date;
 import java.util.List;
 import java.util.Objects;
@@ -27,6 +31,10 @@ public class SysOperLogServiceImpl extends AbstractCrudService<SysOperLogMapper,
     @Autowired
     private SysOperLogMapper operLogMapper;
 
+    @Autowired
+    private SysCheckCodeMapper sysCheckCodeMapper;
+
+    Operation operation = new Operation();
     /**
      * 新增操作日志
      * 
@@ -35,6 +43,7 @@ public class SysOperLogServiceImpl extends AbstractCrudService<SysOperLogMapper,
     @Override
     public void insertOperlog(SysOperLog operLog)
     {
+        SysCheckCode sysCheckCode = new SysCheckCode();
         operLog.setDeptId(SecurityUtils.getLoginUser().getSysUser().getDeptId().intValue());
         operLog.setCreateBy(operLog.getOperName());
 
@@ -42,6 +51,20 @@ public class SysOperLogServiceImpl extends AbstractCrudService<SysOperLogMapper,
         Date now = new Date();
         operLog.setOperTime(now);
         operLogMapper.insertOperlog(operLog);
+        sysCheckCode.setPlaintext(operLog.getOperId().toString());
+        Long deptId = operLog.getDeptId() != null ? operLog.getDeptId().longValue() : null;
+        sysCheckCode.setDeptId(deptId);
+        sysCheckCode.setUserId(SecurityUtils.getUserId());
+        sysCheckCode.setTenantId(SecurityUtils.getTenantId());
+        sysCheckCode.setUserName(operLog.getOperName());
+        sysCheckCode.setCheckCodeType(4);
+        try {
+            sysCheckCode.setCheckCode(operation.CBCMAC((operLog.getTitle()+operLog.getBusinessType().toString()+ operLog.getMethod() +operLog.getOperName()
+                    +operLog.getOperUrl()+operLog.getOperIp()+operLog.getOperTime().toString()+operLog.getTenantId().toString()).getBytes("UTF-8")));
+        } catch (UnsupportedEncodingException e) {
+            e.printStackTrace();
+        }
+        sysCheckCodeMapper.insert(sysCheckCode);
     }
 
     /**

base-modules/service-system/service-system-biz/src/main/java/com/usky/system/service/impl/SysUserServiceImpl.java

@@ -1,6 +1,7 @@
 package com.usky.system.service.impl;
 
 
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.usky.common.core.constants.Constants;
 import com.usky.common.security.utils.SecurityUtils;
 import com.usky.common.core.bean.CommonPage;
@@ -21,6 +22,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
+import java.io.UnsupportedEncodingException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Objects;

base-modules/service-system/service-system-biz/src/main/java/com/usky/system/service/util/App.java

@@ -0,0 +1,221 @@
+package com.usky.system.service.util;
+
+import java.io.UnsupportedEncodingException;
+
+/**
+ * CCSP Demo
+ *
+ */
+public class App 
+{
+	static Operation operation = null;
+	public static void main( String[] args )throws Exception
+	{
+		operation = new Operation();
+		
+
+		System.out.println( "应用系统密码应用工作流程演示示例" );
+
+		System.out.println("1、访问控制信息【完整性】保护");
+
+		AccessControlInformationIntegrityProtection();
+
+
+		System.out.println();
+		System.out.println("2、敏感数据存储【机密性】+【完整性】保护");
+
+		DataStorageProtection();
+
+		System.out.println();
+		System.out.println("3、日志数据存储【完整性】保护");
+
+		LogDataStorageProtection();
+
+		System.out.println();
+		System.out.println("4、操作行为【抗抵赖性】保护");
+		OperationalBehaviorProtection();
+
+		System.out.println();
+		System.out.println("5、文件【机密性】+【完整性】保护");
+		FileStorageProtection();
+
+	}
+	//访问控制信息完整性保护示例
+	public static void AccessControlInformationIntegrityProtection() throws UnsupportedEncodingException {
+
+		System.out.println(">>>>访问控制信息存储MAC计算：");
+
+		//访问控制信息的获取
+		String str1 = "YT_admin";
+		System.out.println("        测试数据： [ "+str1+" ] ");
+
+		//访问控制信息校验码计算
+		String mac1 = operation.CBCMAC(str1.getBytes("UTF-8"));
+		System.out.println("        计算得到的MAC值：mac1 = [ "+mac1+" ] ");
+
+		System.out.println("        记录MAC值，待读取校验时使用");
+
+		System.out.println(">>>>访问控制信息读取完整性校验：");
+		
+		//访问控制信息的读取
+		String str2 = str1;
+		System.out.println("        读取的测试数据： [ "+str2+" ] ");
+
+		//访问控制信息校验码计算
+		String mac2 = operation.CBCMAC(str2.getBytes("UTF-8"));
+		System.out.println("        计算得到的MAC值：mac2 = [ "+mac2+" ] ");
+
+		//比较mac1和mac2
+		if (mac1.equals(mac2)) {
+			System.out.println("【完整性】校验成功，访问控制信息数据是完整的");
+		}else {
+			System.out.println("【完整性】校验失败，访问控制信息是被破坏或者篡改的");
+		}
+	}
+
+	//数据存储安全，机密性和完整性保护示例
+	public static void DataStorageProtection() throws UnsupportedEncodingException{
+
+		System.out.println(">>>>敏感数据安全存储：");
+
+		//敏感数据的获取
+		String str1 = "16621197124";
+		System.out.println("        敏感数据： 某人员身份证号码=  [ "+str1+" ] ");
+
+		//敏感数据校验码计算
+		String mac1 = operation.CBCMAC(str1.getBytes("UTF-8"));
+
+		System.out.println("        存储敏感数据的MAC值：mac1 = [ "+mac1+" ] ");
+
+		//敏感数据加密存储
+		String encData1 = operation.SM4CBCEnc(str1.getBytes("UTF-8"));
+
+		System.out.println("        存储敏感数据密文： encData = [ "+encData1+" ] ");
+
+
+		System.out.println(">>>>敏感数据读取：");
+		//敏感数据的读取
+		String encData2 = encData1;
+		System.out.println("        读取的敏感数据密文： [ "+encData2+" ] ");
+
+		//敏感数据密文脱密
+		byte[] mgData = null;
+		mgData = operation.SM4CBCDec(encData2);
+
+		//访问控制信息校验码计算
+		String mac2 = operation.CBCMAC(mgData);
+		System.out.println("        计算得到敏感数据的MAC值：mac2 = [ "+mac2+" ] ");
+
+		//比较mac1和mac2
+		if (mac1.equals(mac2)) {
+			System.out.println("【完整性】校验成功，访问控制信息数据是完整的");
+		}else {
+			System.out.println("【完整性】校验失败，访问控制信息是被破坏或者篡改的");
+		}
+		System.out.println("【解密】得到的敏感数据： mgData=  [ "+(new String(mgData,"UTF-8"))+" ] ");
+
+	}
+
+	//日志数据存储，完整性保护示例
+	public static void LogDataStorageProtection() throws UnsupportedEncodingException{
+
+		System.out.println(">>>>日志数据安全存储：");
+
+		//日志数据的获取
+		String str1 = "xx年xx月1日 xx时x分：xxxx业务处理日志信息，xxxx";
+		System.out.println("        日志数据： str1=  [ "+str1+" ] ");
+
+		//敏感数据校验码计算
+		String mac1 = operation.CBCMAC(str1.getBytes("UTF-8"));
+
+		System.out.println("        存储日志数据的MAC值：mac1 = [ "+mac1+" ] ");
+
+		System.out.println(">>>>日志数据读取完整性校验：");
+		//日志数据的读取
+		String str2 = "111111";
+		System.out.println("        读取的日志数据： [ "+str2+" ] ");
+
+		//日志数据校验码计算
+		String mac2 = operation.CBCMAC(str2.getBytes("UTF-8"));
+		System.out.println("        计算得到的MAC值：mac21 = [ "+mac2+" ] ");
+
+		//比较mac1和mac2
+		if (mac1.equals(mac2)) {
+			System.out.println("【完整性】校验成功，日志数据是完整的");
+		}else {
+			System.out.println("【完整性】校验失败，日志数据是被破坏或者篡改的");
+		}
+	}
+
+	//操作行为抗抵赖性验证
+	public static void OperationalBehaviorProtection() throws UnsupportedEncodingException {
+		
+		//对某条操作数据进行抗抵赖验证
+		//读取需要验证的那条操作记录数据
+		String str1 = "helloword";
+		//读取该条操作记录对应的签名值
+//		String GMsignValue = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdKATLom+LLjirYnRXHShnw7xxLyrQpdzM+6p1oQS+KQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7oZdaby392y2ogsDYsHeJ14CXwrxzAkn0nq4cKbJAzc=";
+		String derSignValue = "MEYCIQDdKATLom+LLjirYnRXHShnw7xxLyrQpdzM+6p1oQS+KQIhAO6GXWm8t/dstqILA2LB3ideAl8K8cwJJ9J6uHCmyQM3";
+		//读取该条操作记录对应的公钥证书
+		String publickeyCert ="MIIEfzCCBCKgAwIBAgIIPfUASAAJd9owDAYIKoEcz1UBg3UFADBpMQswCQYDVQQGEwJDTjE8MDoGA1UECgwzTmF0aW9uYWwgRS1Hb3Zlcm5tZW50IE5ldHdvcmsgQWRtaW5pc3RyYXRpb24gQ2VudGVyMRwwGgYDVQQDDBNDRUdOIFNNMiBDbGFzcyAyIENBMB4XDTE5MDQyOTA0MTIxMloXDTIyMDQyODA0MTIxMlowgaQxCzAJBgNVBAYTAkNOMRIwEAYDVQQIDAnkupHljZfnnIExEjAQBgNVBAcMCeaYhuaYjuW4gjESMBAGA1UEBwwJ6KW/5bGx5Yy6MRswGQYDVQQKDBLkupHljZfnnIHmoaPmoYjlsYAxEjAQBgNVBAsMCeWKnuWFrOWupDEUMBIGA1UEKgwLMTM5MDg4NTE4NjYxEjAQBgNVBAMMCem7hOWHpOW5szBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABM48SLbzKVhyfoqd0hIdk2AbFQJJ5qw/Fp/CFe2rV8g9Xvy3q4XvDMomjLNnGeLeUsgCDqIusalgwtPJNRUAIUqjggJ0MIICcDAMBgNVHRMEBTADAQEAMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCAMAwEQYJYIZIAYb4QgEBBAQDAgCAMFQGA1UdIARNMEswSQYIKwYBBQUHAgEwPTA7BggrBgEFBQcCARYvaHR0cDovL3d3dy5zdGF0ZWNhLmdvdi5jbi9Db2x1bW4vQ29sdW1uXzI0OC5odG0wHwYDVR0jBBgwFoAUucCMM4GesPqheyNyP0OU7qnWfn0wgcUGA1UdHwSBvTCBujCBt6CBtKCBsYaBrmxkYXA6Ly9sZGFwLnN0YXRlY2EuY2Vnbi5jbjozODkvQ049Q0VHTiBTTTIgQ2xhc3MgMiBDQSxDTj1DRUdOIFNNMiBDbGFzcyAyIENBLCBPVT1DUkxEaXN0cmlidXRlUG9pbnRzLCBvPXNpY2NhP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RjbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDCBvwYIKwYBBQUHAQEEgbIwga8wgawGCCsGAQUFBzAChoGfbGRhcDovL2xkYXAuc3RhdGVjYS5jZWduLmNuOjM4OS9DTj1DRUdOIFNNMiBDbGFzcyAyIENBLENOPUNFR04gU00yIENsYXNzIDIgQ0EsIE9VPWNBQ2VydGlmaWNhdGVzLCBvPXNpY2NhP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MB0GA1UdDgQWBBRRVjRIJ6LKL8/3NQjWhgR8MEXGODAMBggqgRzPVQGDdQUAA0kAMEYCIQDVOoz/NovQDFHk79mq6dxVq4XR0IfgwI1CBnNM4NoLVgIhAK1mLECcnDEP11pHjxu9uJXdqcHdfKvKD8RVVrgz+36G";
+		//进行数字验签运算
+		System.out.println(">>>>操作行为抗抵赖验证：");
+		boolean rs = operation.sm2VerByCert(str1.getBytes("UTF-8"),derSignValue , publickeyCert);
+		if (rs) {
+			System.out.println("【抗抵赖性】验证成功，该条操作是该用户所为，不可抵赖");
+		}else {
+			System.out.println("【抗抵赖性】验证失败，该条操作不是该用户所为");
+		}
+	}
+	public static void testSm2SignVer() throws UnsupportedEncodingException {
+		operation.sm2SignVer();
+	}
+	
+	//文件机密性，完整性保护示例
+	public static void FileStorageProtection(){
+		System.out.println(">>>>文件存储安全保护示例：");
+
+		//文件数据的获取
+		String filename = "F:\\Gitcode\\usky\\data-agbox-java-master.zip";
+		String str1 = filename;
+		System.out.println("        文件路径： 示例用的文件 =  [ "+str1+" ] ");
+
+		//文件校验码计算
+		String mac1 = operation.SM3AndCMAC(str1);
+		System.out.println("        文件的MAC值：mac1 = [ "+mac1+" ] ");
+		
+		//敏感数据加密存储
+		String str1Enc = str1+".enc";
+		System.out.println("        对源文件进行加密中... ");
+		operation.SM4CBCEnc(str1,str1Enc);
+
+		System.out.println("        对源文件加密完成，得到密文文件  [ "+str1Enc+" ] ");
+
+
+		System.out.println(">>>>密文文件读取：");
+		//密文的读取
+		String encData2 = str1Enc;
+		System.out.println("        示例使用的密文文件名字： [ "+encData2+" ] ");
+
+		//密文文件脱密
+		String str1Dec = filename+".dec";
+		System.out.println("        对密文文件进行解密中... ");
+		
+		operation.SM4CBCDec(encData2,str1Dec);
+		System.out.println("        【解密】对密文文件解密完成，得到脱密后的文件[ "+str1Dec+" ] ");
+
+		//文件校验码计算
+		String mac2 = operation.SM3AndCMAC(str1Dec);
+		System.out.println("        计算得到脱密后文件的MAC值：mac2 = [ "+mac2+" ] ");
+
+		//比较mac1和mac2
+		if (mac1.equals(mac2)) {
+			System.out.println("【完整性】校验成功，访问控制信息数据是完整的");
+		}else {
+			System.out.println("【完整性】校验失败，访问控制信息是被破坏或者篡改的");
+		}
+
+	}
+	
+	
+}

base-modules/service-system/service-system-biz/src/main/java/com/usky/system/service/util/FileTools.java

@@ -0,0 +1,99 @@
+package com.usky.system.service.util;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.RandomAccessFile;
+import java.nio.ByteBuffer;
+import java.nio.channels.FileChannel;
+
+public class FileTools {
+	public static long KBSIZE = 1024;
+	public static long MBSIZE1 = 1024 * 1024;
+	public static long MBSIZE10 = 1024 * 1024 * 10;
+	public static long MBSIZE100 = 1024 * 1024 * 100;
+	public static long MBSIZE150 = 1024 * 1024 * 150;
+	public static long fileSizeLen = 0;
+
+	public long getFileSize(String name){
+		long fileSize = 0;
+		File file = new File(name);
+		if (file.exists()&&file.isFile()) {
+			fileSize = file.length();
+		}else {
+			fileSize = 0;
+		}
+		return fileSize;
+	}
+	public void creatFile(String pathname,long fileLength){
+		try {
+			File file = new File(pathname);
+			FileOutputStream fos = null;
+			file.createNewFile();
+			long batchSize = 0;
+			batchSize = fileLength;
+			if (fileLength > 1) {
+				batchSize = KBSIZE;
+			}
+			if (fileLength > MBSIZE1) {
+				batchSize = MBSIZE1;
+			}
+			if (fileLength > MBSIZE10) {
+				batchSize = MBSIZE10;
+			}if(fileLength >MBSIZE100){
+				batchSize = MBSIZE100;
+			}if(fileLength > MBSIZE150){
+				batchSize = MBSIZE150;
+			}
+			long count = fileLength / batchSize;
+			long last = fileLength % batchSize;
+			fos = new FileOutputStream(file);
+			FileChannel fileChannel = fos.getChannel();
+			for (int i = 0; i < count; i++) {
+				ByteBuffer buffer = ByteBuffer.allocate((int) batchSize);
+				fileChannel.write(buffer);
+			}
+			ByteBuffer buffer = ByteBuffer.allocate((int) last);
+			fileChannel.write(buffer);
+			fos.close();
+		} catch (IOException e) {
+			new RuntimeException("creatFile error"+e.getMessage());
+		}
+	}
+	public void reName(String oldname ,String newName){
+		File oldfile = new File(oldname);
+		File newfile = new File(newName);
+		boolean b = oldfile.renameTo(newfile);
+		if (!b) {
+			b = newfile.delete();
+			if (b) {
+				b = oldfile.renameTo(newfile);
+				if (!b) {
+					new RuntimeException("file reName error:["+oldname+"] to ["+newfile+"]");
+				}
+			}else {
+				new RuntimeException("file delete error: delete ["+newName+"]");
+			}
+		}
+	}
+	public byte[] readFileByRAF(RandomAccessFile raf, long off,int size){
+		byte[] rd = new byte[size];
+		try {
+			raf.seek(off);
+			raf.read(rd, 0,size);
+		} catch (IOException e) {
+			new RuntimeException("readFileByRAF error: "+e.getMessage());
+		}
+		return rd;
+	}
+	
+	
+	public void writFileByRAF(RandomAccessFile raf, long off,byte[] data){
+		try {
+			raf.seek(off);
+			raf.write(data);
+		} catch (IOException e) {
+			new RuntimeException("writFileByRAF error"+e.getMessage());
+		}
+	}
+}

base-modules/service-system/service-system-biz/src/main/java/com/usky/system/service/util/Operation.java

@@ -0,0 +1,561 @@
+package com.usky.system.service.util;
+
+import algo.sm2.util.encoders.Base64;
+import com.ccsp.device.SDFFactory;
+import com.ccsp.device.bean.GlobalData;
+import com.ccsp.device.bean.SM2refPublicKey;
+import com.ccsp.device.bean.SM2refSignature;
+import com.ccsp.device.bean.SessionKeyContext;
+import com.ccsp.device.crypto.CryptoException;
+import com.ccsp.device.crypto.SDFCrypto;
+import com.sansec.jcajce.provider.asymmetric.sm2.JCESM2PublicKey;
+import com.sansec.jce.provider.SwxaProvider;
+import com.sansec.util.BigIntegerUitl;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.io.RandomAccessFile;
+import java.io.UnsupportedEncodingException;
+import java.security.Security;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.concurrent.CancellationException;
+
+public class Operation {
+
+	static SDFCrypto crypto;
+	static SDFCrypto crypto2;
+	//通过默认配置文件去初始化连接，如果配置文件位于接口库当前路径，参数传空即可。
+    static String filepath = "";
+
+	static String ip = "32.2.10.15"; // 公网环境：ip:60.217.194.220 端口：34012
+	static int port = 18007;
+	  static String appName = "mhxfyjpt";
+		static String password = "mhxf@1234";
+		static String sm4keyid = "mhxfyjpt_SM4_Random_DEK";
+		static String sm2Keyid = "mhxfyjpt_SM2_Standard";
+
+
+
+
+	static int algo_hash = GlobalData.SGD_SM3;
+	static int algo_cbc = GlobalData.SGD_SM4_CBC;
+	static int algo_ecb = GlobalData.SGD_SM4_ECB;
+	static int algo_mac = GlobalData.SGD_SM4_MAC;
+
+	static int block_MB = 1*1024*1024;
+	static int block_50MB = block_MB*50;
+
+    static int block_KB=1*1024;
+    static int block_10KB = block_MB*10;
+	//
+	public Operation() {
+		try {
+			Security.addProvider(new SwxaProvider(null,null));
+			crypto = SDFFactory.getInstance(ip , port , 40, 30, 1);
+			crypto.SDF_LoginbyAppNameAndPwd(appName, password);
+		} catch (CryptoException e) {
+			e.printStackTrace();
+		}
+	}
+
+
+	//对文件进行完整性计算
+	public String SM3AndCMAC(String file){
+		FileTools fileTool = new FileTools();
+		//获取文件大小
+		long fileSize = fileTool.getFileSize(file);
+		if (fileSize<=0) {
+			throw new RuntimeException("SM3AndCMAC error:"+"fileSize error");
+		}
+		RandomAccessFile rafr;
+		Object hashContext = null;
+		byte[] hash = null;
+		//组数
+		int groupNumber = 0;
+		//余数
+		int remainder = 0;
+		byte[] mac = null;
+		byte[] mac2=null;
+
+		groupNumber = (int)(fileSize/block_50MB);
+		remainder = (int)(fileSize%block_50MB);
+		String macValue = "";
+		String macValue2 = "";
+		try {
+			//read init
+			rafr = new RandomAccessFile(file, "r");
+			//开始sm3计算
+			hashContext = crypto.SDF_HashInit(algo_hash, null,null);
+			for (int i = 0; i < groupNumber; i++) {
+				crypto.SDF_HashUpdate(hashContext, fileTool.readFileByRAF(rafr, i*block_50MB, block_50MB));
+			}
+			if (remainder==0) {
+				hash = crypto.SDF_HashFinal(hashContext,null);
+			}else {
+				hash = crypto.SDF_HashFinal(hashContext,fileTool.readFileByRAF(rafr, groupNumber*block_50MB, remainder));
+			}
+			//开始CBCMAC计算
+			SessionKeyContext skc = new SessionKeyContext();
+			skc.setKeyID(sm4keyid.getBytes());
+			mac = crypto.SDF_CalculateMAC(skc, algo_mac, null, hash);
+			macValue = new String(Base64.encode(mac));
+
+			//end...
+			rafr.close();
+		} catch (Exception e) {
+			throw new RuntimeException("SM3AndCMAC error:"+e.getMessage());
+		}
+		return macValue;
+	}
+
+	//对文件进行机密性运算，输出密文文件
+	//sm4cbc加密
+	public void SM4CBCEnc(String originalFile,String encryptFile){
+		RandomAccessFile rafr;
+		RandomAccessFile rafw;
+		FileTools fileTool = new FileTools();
+		// 使用keyName构造key对象
+		SessionKeyContext skc = new SessionKeyContext();
+		skc.setKeyID(sm4keyid.getBytes());
+		try {
+			//read init
+			rafr = new RandomAccessFile(originalFile, "r");
+			byte[] tempEncdata = null;
+			byte[] inData = null;
+			byte[] inDataPading = null;
+			//组数
+			int groupNumber = 0;
+			//余数
+			int remainder = 0;
+			//获取文件大小
+			long fileSize = fileTool.getFileSize(originalFile);
+			if (fileSize<=0) {
+				throw new RuntimeException("SM4CBCEnc error:"+"fileSize error");
+			}
+			groupNumber = (int)(fileSize/block_50MB);
+			remainder = (int)(fileSize%block_50MB);
+			//创建临时的密文文件
+			String tempFile = encryptFile+".temp";
+			fileTool.creatFile(tempFile, fileSize+(16-remainder%16));
+			//writ init
+			rafw = new RandomAccessFile(tempFile, "rw");
+
+			//开始加密
+			for (int i = 0; i < groupNumber; i++) {
+				inData = fileTool.readFileByRAF(rafr,i*block_50MB, block_50MB);
+				tempEncdata = crypto.SDF_Encrypt(skc, algo_cbc, null, inData);
+				fileTool.writFileByRAF(rafw, i*block_50MB, tempEncdata);
+			}
+			inData = null;
+			inData = fileTool.readFileByRAF(rafr,groupNumber*block_50MB, remainder);
+			inDataPading = cbcPadding(inData);
+			tempEncdata = crypto.SDF_Encrypt(skc, algo_cbc, null, inDataPading);
+			fileTool.writFileByRAF(rafw, groupNumber*block_50MB, tempEncdata);
+
+			//end...
+			rafr.close();
+			rafw.close();
+			//改临时密文文件的名字
+			fileTool.reName(tempFile, encryptFile);
+		} catch (Exception e) {
+			throw new RuntimeException("SM4CBCEnc error:"+e.getMessage());
+		}
+	}
+	//sm4cbc解密
+	public void SM4CBCDec(String encryptFile, String decryptFile){
+		RandomAccessFile rafr;
+		RandomAccessFile rafw;
+		FileTools fileTool = new FileTools();
+
+		// 使用keyName构造key对象
+		SessionKeyContext skc = new SessionKeyContext();
+		skc.setKeyID(sm4keyid.getBytes());
+
+
+		try {
+			//read init
+			rafr = new RandomAccessFile(encryptFile, "r");
+
+
+			byte[] tempDecdata = null;
+			byte[] tempDecdataUnPading = null;
+			byte[] inData = null;
+
+			//组数
+			int groupNumber = 0;
+			//余数
+			int remainder = 0;
+			//原文文件大小
+			int decryptFileSize = 0;
+			String tempFile = decryptFile+".temp";
+			//获取文件大小
+			long fileSize = fileTool.getFileSize(encryptFile);
+			if (fileSize<=0) {
+				rafr.close();
+				throw new RuntimeException("SM4CBCDec error:"+"fileSize error");
+			}
+			groupNumber = (int)(fileSize/block_50MB);
+			remainder = (int)(fileSize%block_50MB);
+
+			//解最后的块
+			if (remainder!=0) {
+				inData = fileTool.readFileByRAF(rafr,groupNumber*block_50MB, remainder);
+				tempDecdata = crypto.SDF_Decrypt(skc, algo_cbc, null, inData);
+				tempDecdataUnPading = cbcUnPadding(tempDecdata);
+				decryptFileSize = (int)(fileSize - (remainder-tempDecdataUnPading.length));
+
+				//创建临时的密文文件
+				fileTool.creatFile(tempFile, decryptFileSize);
+				//writ init
+				rafw = new RandomAccessFile(tempFile, "rw");
+				fileTool.writFileByRAF(rafw, groupNumber*block_50MB, tempDecdataUnPading);
+
+			}else {
+				inData = fileTool.readFileByRAF(rafr,(groupNumber-1)*block_50MB, block_50MB);
+				tempDecdata = crypto.SDF_Decrypt(skc, algo_cbc, null, inData);
+				tempDecdataUnPading = cbcUnPadding(tempDecdata);
+				decryptFileSize = (int)(fileSize - (block_50MB-tempDecdataUnPading.length));
+
+				//创建临时的密文文件
+				fileTool.creatFile(tempFile, decryptFileSize);
+				//writ init
+				rafw = new RandomAccessFile(tempFile, "rw");
+				fileTool.writFileByRAF(rafw, (groupNumber-1)*block_50MB, tempDecdataUnPading);
+				groupNumber--;
+			}
+
+
+			//开始解密
+			for (int i = 0; i < groupNumber; i++) {
+				inData = fileTool.readFileByRAF(rafr,i*block_50MB, block_50MB);
+				tempDecdata = crypto.SDF_Decrypt(skc, algo_cbc, null, inData);
+				fileTool.writFileByRAF(rafw, i*block_50MB, tempDecdata);
+			}
+
+			//end...
+			rafr.close();
+			rafw.close();
+			//改临时密文文件的名字
+			fileTool.reName(tempFile, decryptFile);
+		} catch (Exception e) {
+			throw new RuntimeException("SM4CBCDec error:"+e.getMessage());
+		}
+	}
+
+
+
+	//CBCMAC-SM4计算
+	public String CBCMAC(byte[] inData){
+		SessionKeyContext skc = new SessionKeyContext();
+		skc.setKeyID(sm4keyid.getBytes());
+		byte[] mac = null;
+		byte[] paddingData = macPadding(inData);
+		try {
+			mac = crypto.SDF_CalculateMAC(skc, algo_mac, null, paddingData);
+		} catch (CryptoException e) {
+			e.printStackTrace();
+		}
+		String macValue = new String(Base64.encode(mac));
+		return macValue;
+	}
+
+
+	//Hmac计算  (测试)
+		public String HMAC(byte[] inData){
+			SessionKeyContext skc = new SessionKeyContext();
+			skc.setKeyID(sm4keyid.getBytes());
+			byte[] mac = null;
+			byte[] paddingData = macPadding(inData);
+			try {
+				mac = crypto.SDF_CalculateMAC(skc, algo_mac, null, paddingData);
+			} catch (CryptoException e) {
+				e.printStackTrace();
+			}
+			String macValue = new String(Base64.encode(mac));
+			return macValue;
+		}
+	//mac运算填充
+	public byte[] macPadding(byte[] inData) {
+		byte[] padData = {(byte)0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+		int remainder = inData.length%16;//余数
+		int padLength = 16 - remainder;
+		byte[] indatapad = new byte[inData.length+padLength];
+		System.arraycopy(inData, 0, indatapad, 0, inData.length);
+		System.arraycopy(padData, 0, indatapad, inData.length, padLength);
+		return indatapad;
+	}
+	//sm4cbc加密
+	public String SM4CBCEnc(byte[] inData){
+
+		// 使用keyName构造key对象
+		SessionKeyContext skc = new SessionKeyContext();
+		skc.setKeyID(sm4keyid.getBytes());
+		byte[] inDataPadding = cbcPadding(inData);
+		byte[] encdata = null;
+		try {
+			encdata = crypto.SDF_Encrypt(skc, algo_cbc, null, inDataPadding);
+		} catch (CryptoException e) {
+			e.printStackTrace();
+		}
+		String encdataStr = new String(Base64.encode(encdata));
+		return encdataStr;
+	}
+	//sm4cbc解密
+	public byte[] SM4CBCDec(String encStr){
+		byte[] indata = Base64.decode(encStr.getBytes());
+		// 使用keyName构造key对象
+		SessionKeyContext skc = new SessionKeyContext();
+		skc.setKeyID(sm4keyid.getBytes());
+
+		byte[] data = null;
+		try {
+			data = crypto.SDF_Decrypt(skc, algo_cbc, null, indata);
+		} catch (CryptoException e) {
+			e.printStackTrace();
+		}
+		byte[] outdata = cbcUnPadding(data);
+		return outdata;
+	}
+	//sm4加密数据填充
+	public byte[] cbcPadding(byte[] inData) {
+		byte[] padData = null;
+		int remainder = inData.length%16;//余数
+		int padLength = 16 - remainder;
+		padData = new byte[padLength];
+		for (int i = 0; i < padLength; i++) {
+			padData[i] = (byte)padLength;
+		}
+		byte[] indatapad = new byte[inData.length+padLength];
+		System.arraycopy(inData, 0, indatapad, 0, inData.length);
+		System.arraycopy(padData, 0, indatapad, inData.length, padLength);
+		return indatapad;
+	}
+	//sm4解密数据去填充
+	public byte[] cbcUnPadding(byte[] inData) {
+		byte[] outData = null;
+		int outDataLength = 0;
+		int padLength = (int)inData[inData.length-1];//余数
+		if (padLength>16||padLength<1) {
+			throw new RuntimeException("cbcUnPadding error,Data error");
+		}
+		outDataLength = inData.length-padLength;
+		outData = new byte[outDataLength];
+		System.arraycopy(inData, 0, outData, 0, outDataLength);
+		return outData;
+	}
+	//SM2数字签名
+	public String sm2Sign(byte[] inData) {
+		byte[] hash = null;
+		byte[] signValue = null;
+		SM2refPublicKey refPublicKey = null;
+		try {
+			refPublicKey =crypto.SDF_ExportPublicKey_ECC(sm2Keyid);
+			Object hashContext = null;
+			hashContext = crypto.SDF_HashInit(algo_hash, refPublicKey, "1234567812345678".getBytes());//算法为SM3时，第二个参数签名者公钥对象有效
+			crypto.SDF_HashUpdate(hashContext, inData);
+			hash = crypto.SDF_HashFinal(hashContext,null);
+			SM2refSignature sm2signValue = crypto.SDF_InternalSign_ECC(sm2Keyid,hash);
+			signValue = sm2signValue.encode();
+		} catch (CryptoException e) {
+			throw new RuntimeException("sm2Sign error:"+e.getMessage());
+		}
+		return new String(Base64.encode(signValue));
+	}
+
+	private byte[] getPubkeyByCert(String certStr) {
+		X509Certificate cert = null;
+		byte[] certByte = Base64.decode(certStr);
+		InputStream stream = new ByteArrayInputStream(certByte);
+
+		CertificateFactory factory = null;
+		try {
+			factory = CertificateFactory.getInstance("X.509", "SwxaJCE");
+			cert = (X509Certificate) factory.generateCertificate(stream);
+		} catch (CancellationException e) {
+			System.out.println("解析证书失败" + e.getMessage());
+			e.printStackTrace();
+		} catch (Exception e) {
+			e.printStackTrace();
+		}
+		JCESM2PublicKey pubKey = (JCESM2PublicKey)cert.getPublicKey();
+		byte[] pubkey = new byte[132];
+		for (int i = 0; i < pubkey.length; i++) {
+			pubkey[i]= 0x00;
+		}
+		pubkey[1] = 0x01;
+		System.arraycopy(BigIntegerUitl.asUnsigned32ByteArray(pubKey.getW().getAffineX()),0,pubkey,36,32);
+		System.arraycopy(BigIntegerUitl.asUnsigned32ByteArray(pubKey.getW().getAffineY()),0,pubkey,100,32);
+		return pubkey;
+	}
+
+	public String getSerialNumberByCert(String certStr) {
+		X509Certificate cert = null;
+		byte[] certByte = Base64.decode(certStr);
+		InputStream stream = new ByteArrayInputStream(certByte);
+
+		CertificateFactory factory = null;
+		try {
+			factory = CertificateFactory.getInstance("X.509", "SwxaJCE");
+			cert = (X509Certificate) factory.generateCertificate(stream);
+		} catch (CancellationException e) {
+			System.out.println("解析证书失败" + e.getMessage());
+			e.printStackTrace();
+		} catch (Exception e) {
+			e.printStackTrace();
+		}
+		String serialNumber = cert.getSerialNumber().toString(16);
+		return serialNumber;
+	}
+
+	private byte[] signValueDerToGm(byte[] derSignvalue) {
+		byte[] gm = new byte[128];
+		byte[] r = new byte[32];
+		byte[] s = new byte[32];
+		int p = 0;
+		if (derSignvalue[p]==0x30) {
+			p=p+2;
+			if (derSignvalue[p]==0x02) {
+				p = p+1;
+				if (derSignvalue[p]==0x20) {
+					p = p+1;
+					System.arraycopy(derSignvalue, p, r,0,32);
+					p = p+32;
+					if (derSignvalue[p]==0x02) {
+						p = p+1;
+						if (derSignvalue[p]==0x20) {
+							p = p+1;
+							System.arraycopy(derSignvalue, p, s,0,32);
+						}else if (derSignvalue[p]==0x21) {
+							p = p+2;
+							System.arraycopy(derSignvalue, p, s,0,32);
+						}else {
+							throw new RuntimeException("signValueDerToGm error");
+						}
+					}else {
+						throw new RuntimeException("signValueDerToGm error");
+					}
+				}else if (derSignvalue[p]==0x21) {
+					p = p+2;
+					System.arraycopy(derSignvalue, p, r,0,32);
+					p = p+32;
+					if (derSignvalue[p]==0x02) {
+						p = p+1;
+						if (derSignvalue[p]==0x20) {
+							p = p+1;
+							System.arraycopy(derSignvalue, p, s,0,32);
+						}else if (derSignvalue[p]==0x21) {
+							p = p+2;
+							System.arraycopy(derSignvalue, p, s,0,32);
+						}else {
+							throw new RuntimeException("signValueDerToGm error");
+						}
+					}else {
+						throw new RuntimeException("signValueDerToGm error");
+					}
+				}
+			}else {
+				throw new RuntimeException("signValueDerToGm error");
+			}
+		}else {
+			throw new RuntimeException("signValueDerToGm error");
+		}
+		for (int i = 0; i < gm.length; i++) {
+			gm[i]=0x00;
+		}
+
+		System.arraycopy(r, 0,gm,32,32);
+		System.arraycopy(s, 0,gm,96,32);
+
+
+		return gm;
+	}
+
+	//SM2数字验签
+	public boolean sm2VerByCert(byte[] inData,String signValue,String certStr ) {
+		boolean result = false;
+		byte[] hash = null;
+		byte signValueOne = signValue.getBytes()[0];
+		byte[] signValueByte = null;
+		if (signValueOne=='M') {
+			//将der转换成GM
+			signValueByte = signValueDerToGm(Base64.decode(signValue));
+		}else {
+			signValueByte = Base64.decode(signValue.getBytes());
+		}
+		byte[] pubkey = getPubkeyByCert(certStr);
+		SM2refSignature sm2refSignature = new SM2refSignature();
+		SM2refPublicKey refPublicKey = new SM2refPublicKey();
+		try {
+			refPublicKey.decode(pubkey);
+			sm2refSignature.decode(signValueByte);
+			Object hashContext = null;
+			hashContext = crypto.SDF_HashInit(algo_hash, refPublicKey, "1234567812345678".getBytes());//算法为SM3时，第二个参数签名者公钥对象有效
+			crypto.SDF_HashUpdate(hashContext, inData);
+			hash = crypto.SDF_HashFinal(hashContext,null);
+			result = crypto.SDF_ExternalVerify_ECC(refPublicKey, hash,sm2refSignature);
+			result = true;
+		} catch (CryptoException e) {
+			System.out.println("sm2Ver error:"+e.getMessage());
+			result = false;
+		}
+		return result;
+	}
+
+	//SM2数字验签
+	public boolean sm2Ver(byte[] inData,String signValue,String publickey ) {
+		boolean result = false;
+		byte[] hash = null;
+		byte[] signValueByte = Base64.decode(signValue.getBytes());
+		byte[] pubkeyByte = Base64.decode(publickey.getBytes());
+		SM2refSignature sm2refSignature = new SM2refSignature();
+		SM2refPublicKey refPublicKey = new SM2refPublicKey();
+		try {
+			refPublicKey.decode(pubkeyByte);
+			sm2refSignature.decode(signValueByte);
+			Object hashContext = null;
+			hashContext = crypto.SDF_HashInit(algo_hash, refPublicKey, "1234567812345678".getBytes());//算法为SM3时，第二个参数签名者公钥对象有效
+			crypto.SDF_HashUpdate(hashContext, inData);
+			hash = crypto.SDF_HashFinal(hashContext,null);
+			result = crypto.SDF_ExternalVerify_ECC(refPublicKey, hash,sm2refSignature);
+		} catch (CryptoException e) {
+			throw new RuntimeException("sm2Ver error:"+e.getMessage());
+		}
+		return result;
+	}
+	public boolean sm2SignVer() throws UnsupportedEncodingException {
+		byte[] inData = "修改某条业务数据xxx为yyy".getBytes("utf-8");
+		boolean result = false;
+		byte[] hash = null;
+		byte[] signValueByte = null; //= Base64.decode(signValue.getBytes());
+		byte[] pubkeyByte = null;//= Base64.decode(publickey.getBytes());
+		SM2refSignature sm2refSignature = new SM2refSignature();
+		SM2refPublicKey refPublicKey = new SM2refPublicKey();
+		try {
+			refPublicKey = crypto.SDF_ExportPublicKey_ECC(sm2Keyid);
+			Object hashContext = null;
+			hashContext = crypto.SDF_HashInit(algo_hash, refPublicKey, "1234567812345678".getBytes());//算法为SM3时，第二个参数签名者公钥对象有效
+			crypto.SDF_HashUpdate(hashContext, inData);
+			hash = crypto.SDF_HashFinal(hashContext,null);
+
+			sm2refSignature = crypto.SDF_InternalSign_ECC(sm2Keyid, hash);
+			System.out.println(new String(Base64.encode(refPublicKey.encode())));
+			System.out.println(new String(Base64.encode(sm2refSignature.encode())));
+			result = crypto.SDF_ExternalVerify_ECC(refPublicKey, hash,sm2refSignature);
+		} catch (CryptoException e) {
+			throw new RuntimeException("sm2Ver error:"+e.getMessage());
+		}
+		System.out.println("sm2SignVer 成功");
+		return result;
+	}
+	public String getSm2PublicKey() {
+		SM2refPublicKey refPublicKey = null;
+		try {
+			refPublicKey =crypto.SDF_ExportPublicKey_ECC(sm2Keyid);
+		} catch (CryptoException e) {
+			throw new RuntimeException("getSm2PublicKey error:"+e.getMessage());
+		}
+		return new String(Base64.encode(refPublicKey.encode()));
+	}
+
+}

base-modules/service-system/service-system-biz/src/main/resources/application.yml

@@ -0,0 +1,91 @@
+mybatis:
+  refresh:
+    delay-seconds: 10
+    enabled: true
+    sleep-seconds: 20
+mybatis-plus:
+  configuration:
+    defaultStatementTimeout: 3
+    lazy-loading-enabled: true
+    map-underscore-to-camel-case: true
+  global-config:
+    db-config:
+      id-type: auto
+    mapperRegistryCache: true
+  mapper-locations: classpath*:mapper/**/*.xml
+server:
+  compression:
+    enabled: true
+    mime-types: application/javascript,text/css,application/json,application/xml,text/html,text/xml,text/plain
+  port: 9886
+spring:
+  application:
+    name: usky-system
+  autoconfigure:
+    exclude: com.alibaba.druid.spring.boot.autoconfigure.DruidDataSourceAutoConfigure
+  cache:
+    ehcache:
+      config: classpath:ehcache.xml
+      enabled: false
+    redis:
+      enabled: true
+  datasource:
+    druid:
+      stat-view-servlet:
+        enabled: true
+        login-password: '@dmin1234'
+        login-username: admin
+        reset-enable: true
+        url-pattern: /druid/*
+    dynamic:
+      datasource:
+        master:
+          password: root
+          url: jdbc:mysql://localhost:3306/usky-cloud?useUnicode=true&useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=Asia/Shanghai&characterEncoding=utf8&allowMultiQueries=true
+          username: root
+#          driver-class-name: dm.jdbc.driver.DmDriver
+#          password: Yt#75Usky
+#          url: jdbc:dm://localhost:5237/usky_cloud?zeroDateTimeBehavior=convertToNull&useUnicode=true&characterEncoding=UTF-8
+#          username: usky_cloud
+      druid:
+        initial-size: 5
+        min-idle: 5
+        maxActive: 20
+        maxWait: 60000
+        timeBetweenEvictionRunsMillis: 60000
+        minEvictableIdleTimeMillis: 300000
+        validationQuery: SELECT 1 FROM DUAL
+        testWhileIdle: true
+        testOnBorrow: false
+        testOnReturn: false
+        poolPreparedStatements: true
+        maxPoolPreparedStatementPerConnectionSize: 20
+        filters: stat,slf4j
+        connectionProperties: druid.stat.mergeSql\=true;druid.stat.slowSqlMillis\=5000
+      primary: master
+  jackson:
+    date-format: yyyy-MM-dd HH:mm:ss
+    default-property-inclusion: always
+    deserialization:
+      fail-on-unknown-properties: false
+    parser:
+      allow-single-quotes: true
+      allow-unquoted-control-chars: true
+    serialization:
+      fail-on-empty-beans: false
+    time-zone: GMT+8
+#  redis:
+#    host: 172.16.120.165
+#    password: 123456
+#    port: 6379
+#    timeout: 10000
+#  influx:
+#    url: http://172.16.120.69:8086
+#    password: root
+#    user: root
+#    database: USKTSDB
+#  tenant:
+#    enable: true
+  mvc:
+    pathmatch:
+      matching-strategy: ant_path_matcher

base-modules/service-system/service-system-biz/src/main/resources/bootstrap.yml

@@ -1,24 +0,0 @@
-# Tomcat
-server:
-  port: 9886
-# Spring
-spring:
-  application:
-    # 应用名称
-    name: usky-system
-  profiles:
-    # 环境配置
-    active: dev
-  cloud:
-    nacos:
-      discovery:
-        # 服务注册地址
-        server-addr: usky-cloud-nacos:8848
-      config:
-        # 配置中心地址
-        server-addr: usky-cloud-nacos:8848
-        # 配置文件格式
-        file-extension: yml
-        # 共享配置
-        shared-configs:
-          - application-${spring.profiles.active}.${spring.cloud.nacos.config.file-extension}

base-modules/service-system/service-system-biz/src/main/resources/mapper/system/SysCheckCodeMapper.xml

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.usky.system.mapper.SysCheckCodeMapper">
+
+    <!-- 通用查询映射结果 -->
+    <resultMap id="BaseResultMap" type="com.usky.system.domain.SysCheckCode">
+        <id column="id" property="id" />
+        <result column="user_id" property="userId" />
+        <result column="dept_id" property="deptId" />
+        <result column="tenant_id" property="tenantId" />
+        <result column="plaintext" property="plaintext" />
+        <result column="ciphertext" property="ciphertext" />
+        <result column="check_code" property="checkCode" />
+        <result column="check_code_type" property="checkCodeType" />
+        <result column="user_name" property="userName" />
+    </resultMap>
+
+</mapper>

base-modules/service-system/service-system-biz/src/main/resources/mapper/system/SysLogininforMapper.xml

@@ -16,7 +16,8 @@
 		<result property="createBy"      column="create_by"         />
 	</resultMap>
 
-	<insert id="insertLogininfor" parameterType="com.usky.system.domain.SysLogininfor">
+	<insert id="insertLogininfor" parameterType="com.usky.system.domain.SysLogininfor"
+			useGeneratedKeys="true" keyProperty="infoId">
 		insert into sys_logininfor
 		<trim prefix="(" suffix=")" suffixOverrides=",">
 			<if test="userName != null"> user_name, </if>
@@ -42,7 +43,7 @@
 	</insert>
 
 	<select id="selectLogininforList" parameterType="com.usky.system.domain.SysLogininfor" resultMap="SysLogininforResult">
-		select info_id, user_name, ipaddr, status, msg, access_time from sys_logininfor d
+		select info_id, user_name, ipaddr, status, msg, access_time, tenant_id from sys_logininfor d
 		<where>
 			<if test="ipaddr != null and ipaddr != ''">
 				AND ipaddr like concat('%', #{ipaddr}, '%')

base-modules/service-system/service-system-biz/src/main/resources/mapper/system/SysMenuMapper.xml

@@ -225,10 +225,9 @@
             m.isNew
         FROM
             sys_menu m
-                JOIN sys_tenant_menu t
+                JOIN sys_tenant_menu t ON m.menu_id = t.menu_id
         WHERE
-            m.menu_id = t.menu_id
-          AND m.menu_type IN ('M', 'C')
+           m.menu_type IN ('M', 'C')
           AND m. STATUS = 0
           AND t.tenant_id=#{tenantId}
         ORDER BY

base-modules/service-system/service-system-biz/src/main/resources/mapper/system/SysOperLogMapper.xml

@@ -31,7 +31,8 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
         from sys_oper_log d
     </sql>
     
-	<insert id="insertOperlog" parameterType="com.usky.system.domain.SysOperLog">
+	<insert id="insertOperlog" parameterType="com.usky.system.domain.SysOperLog"
+			useGeneratedKeys="true" keyProperty="operId">
 		insert into sys_oper_log
 		<trim prefix="(" suffix=")" suffixOverrides=",">
 			<if test="title != null"> title, </if>
@@ -165,4 +166,6 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
         truncate table sys_oper_log
     </update>
 
+
+
 </mapper> 

base-modules/service-system/service-system-biz/src/main/resources/mapper/system/SysTenantConfigMapper.xml

@@ -37,7 +37,7 @@
         LEFT JOIN sys_tenant_config AS b ON a.id = b.tenant_id
         <where>
             a. STATUS = 0
-            AND a.domain = #{url}
+            AND a."domain" = #{url}
         </where>
     </select>
 

base-modules/service-system/service-system-biz/src/main/resources/mapper/system/SysUserMapper.xml

@@ -27,7 +27,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
 		<result property="remark"       column="remark"       />
 		<result property="tenantId"       column="tenant_id"       />
 		<result property="address"       column="address"       />
-		<result property="centerUserId"       column="center_user_id"       />
+
 		<association property="dept" column="dept_id" javaType="com.usky.system.domain.SysDeptVO" resultMap="deptResult" />
 		<collection  property="roles"   javaType="java.util.List"        resultMap="RoleResult" />
 	</resultMap>