vod普通加密

src/main/java/com/peanut/common/service/HlsDecryptService.java

@@ -0,0 +1,215 @@
+package com.peanut.common.service;
+
+import com.aliyun.vod20170321.models.DecryptKMSDataKeyResponseBody;
+import com.aliyuncs.DefaultAcsClient;
+import com.aliyuncs.profile.DefaultProfile;
+import com.peanut.common.utils.PlayToken;
+import com.peanut.common.utils.SpdbUtil;
+import com.sun.net.httpserver.Headers;
+import com.sun.net.httpserver.HttpExchange;
+import com.sun.net.httpserver.HttpHandler;
+import com.sun.net.httpserver.HttpServer;
+import com.sun.net.httpserver.spi.HttpServerProvider;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.codec.binary.Base64;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.SpringApplication;
+import org.springframework.stereotype.Service;
+
+import javax.annotation.PostConstruct;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.net.HttpURLConnection;
+import java.net.InetSocketAddress;
+import java.net.URI;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+@Slf4j
+@Service
+public class HlsDecryptService {
+    @Autowired
+    private PlayToken playToken;
+    private static DefaultAcsClient client;
+
+    static {
+        //KMS的区域，必须与视频对应区域
+        String region = "cn-shanghai";
+        // 访问KMS的授权AccessKey信息
+        // 阿里云账号AccessKey拥有所有API的访问权限，建议您使用RAM用户进行API访问或日常运维。
+        // 强烈建议不要把AccessKey ID和AccessKey Secret保存到工程代码里，否则可能导致AccessKey泄露，威胁您账号下所有资源的安全。
+        // 本示例通过从环境变量中读取AccessKey，来实现API访问的身份验证。运行代码示例前，请配置环境变量ALIBABA_CLOUD_ACCESS_KEY_ID和ALIBABA_CLOUD_ACCESS_KEY_SECRET。
+        String accessKeyId = "LTAI5tMKmWhPfnPsz2J3bfxL";
+        String accessKeySecret = "doFUplbiIxL6PgJME3eSaW8G6HauuC";
+        client = new DefaultAcsClient(DefaultProfile.getProfile(region, accessKeyId, accessKeySecret));
+    }
+
+    /**
+     * 说明：
+     * 1、接收解密请求，获取密文密钥和用户令牌Token
+     * 2、调用KMS decrypt接口获取明文密钥
+     * 3、将明文密钥Base64 decode返回
+     */
+    public class HlsDecryptHandler implements HttpHandler {
+        /**
+         * 处理解密请求
+         *
+         * @param httpExchange
+         * @throws IOException
+         */
+        public void handle(HttpExchange httpExchange) throws IOException {
+            String requestMethod = httpExchange.getRequestMethod();
+//            String response;
+//            int statusCode;
+//
+//            if ("/health".equals(httpExchange.getRequestURI().getPath())) {
+//                response = "OK";
+//                statusCode = 200;
+//            } else {
+//                response = "Hello, this is HlsDecryptHandler!";
+//                statusCode = 200;
+//            }
+//            httpExchange.sendResponseHeaders(statusCode, response.getBytes().length);
+//            OutputStream os = httpExchange.getResponseBody();
+//            os.write(response.getBytes());
+//            os.close();
+
+            if ("GET".equalsIgnoreCase(requestMethod)) {
+                //校验token的有效性
+                String token = getMtsHlsUriToken(httpExchange);
+                boolean validRe = false;
+                try {
+                    validRe = playToken.validateToken(token);
+                } catch (Exception e) {
+                    throw new RuntimeException(e);
+                }
+                if (!validRe) {
+                    return;
+                }
+                //从URL中取得密文密钥
+                String ciphertext = getCiphertext(httpExchange);
+                if (null == ciphertext)
+                    return;
+                //从KMS中解密出来，并Base64 decode
+                byte[] key = decrypt(ciphertext);
+                //设置header
+                setHeader(httpExchange, key);
+                //返回Base64 decode之后的密钥
+                OutputStream responseBody = httpExchange.getResponseBody();
+                responseBody.write(key);
+                responseBody.close();
+            }
+        }
+
+        private void setHeader(HttpExchange httpExchange, byte[] key) throws IOException {
+            Headers responseHeaders = httpExchange.getResponseHeaders();
+            responseHeaders.set("Access-Control-Allow-Origin", "*");
+            httpExchange.sendResponseHeaders(HttpURLConnection.HTTP_OK, key.length);
+        }
+
+        /**
+         * 调用KMS decrypt接口解密，并将明文Base64 decode
+         *
+         * @param ciphertext
+         * @return
+         */
+        private byte[] decrypt(String ciphertext) {
+            DecryptKMSDataKeyResponseBody decryptKMSDataKeyResponseBody = SpdbUtil.enKMS(ciphertext);
+            return Base64.decodeBase64(decryptKMSDataKeyResponseBody.getPlaintext());
+//            DecryptKMSDataKeyRequest request = new DecryptKMSDataKeyRequest();
+//            request.setCipherText(ciphertext);
+//            request.setProtocol(ProtocolType.HTTPS);
+//            try {
+//                DecryptKMSDataKeyResponse response = client.getAcsResponse(request);
+//                String plaintext = response.getPlaintext();
+//                System.out.println("PlainText: " + plaintext);
+//                //注意：需要Base64 decode
+//                return Base64.decodeBase64(plaintext);
+//            } catch (ClientException e) {
+//                e.printStackTrace();
+//                return null;
+//            }
+        }
+
+        /**
+         * 校验令牌有效性
+         *
+         * @param token
+         * @return
+         */
+        private boolean validateToken(String token) {
+            if (null == token || "".equals(token)) {
+                return false;
+            }
+
+            return true;
+        }
+
+        /**
+         * 从URL中获取密文密钥参数
+         *
+         * @param httpExchange
+         * @return
+         */
+        private String getCiphertext(HttpExchange httpExchange) {
+            URI uri = httpExchange.getRequestURI();
+            String queryString = uri.getQuery();
+            String pattern = "CipherText=(\\w*)";
+            Pattern r = Pattern.compile(pattern);
+            Matcher m = r.matcher(queryString);
+            if (m.find())
+                return m.group(1);
+            else {
+                System.out.println("Not Found CipherText Param");
+                return null;
+            }
+        }
+
+        /**
+         * 获取Token参数
+         *
+         * @param httpExchange
+         * @return
+         */
+        private String getMtsHlsUriToken(HttpExchange httpExchange) {
+            URI uri = httpExchange.getRequestURI();
+            String queryString = uri.getQuery();
+            String pattern = "MtsHlsUriToken=(\\w*)";
+            Pattern r = Pattern.compile(pattern);
+            Matcher m = r.matcher(queryString);
+            if (m.find())
+                return m.group(1);
+            else {
+                System.out.println("Not Found MtsHlsUriToken Param");
+                return null;
+            }
+        }
+    }
+
+    /**
+     * 服务启动
+     *
+     * @throws IOException
+     */
+    private void serviceBootStrap() throws IOException {
+        HttpServerProvider provider = HttpServerProvider.provider();
+        //监听端口可以自定义，能同时接受最多30个请求
+        HttpServer httpserver = provider.createHttpServer(new InetSocketAddress(8099), 30);
+        httpserver.createContext("/", new HlsDecryptHandler());
+        httpserver.start();
+//        return httpserver;
+//        System.out.println("hls decrypt server started");
+    }
+
+    @PostConstruct
+    public void init() throws IOException {
+//        HlsDecryptService server = new HlsDecryptService();
+        serviceBootStrap();
+    }
+
+//    @PostConstruct
+//    public static void main(String[] args) throws IOException {
+//        HlsDecryptService server = new HlsDecryptService();
+//        server.serviceBootStrap();
+//    }}
+}