xuqinmin12/ImServer
0
0
派生 0
代码 工单 合并请求 版本发布 百科 动态

临时用,腾讯im获取sig

浏览代码
这个提交包含在:
xuqm 2023-06-05 16:53:55 +08:00
父节点 abc1a3c202
当前提交 c1a3551c7f
共有 4 个文件被更改,包括 355 次插入1 次删除
显示统计 下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

6
pom.xml
查看文件

@ -49,6 +49,12 @@
<artifactId>gson</artifactId>
<version>2.9.0</version>
</dependency>
<dependency>
<groupId>com.vaadin.external.google</groupId>
<artifactId>android-json</artifactId>
<version>0.0.20131108.vaadin1</version>
<scope>compile</scope>
</dependency>
<dependency>

24
src/main/java/cn/org/bjca/trust/java/imserver/common/Base64URL.java 普通文件
查看文件

@ -0,0 +1,24 @@
package cn.org.bjca.trust.java.imserver.common;
import java.util.Base64;
public class Base64URL {
public static byte[] base64EncodeUrl(byte[] input) {
byte[] base64 = Base64.getEncoder().encode(input);
for (int i = 0; i < base64.length; ++i)
switch (base64[i]) {
case '+':
base64[i] = '*';
break;
case '/':
base64[i] = '-';
break;
case '=':
base64[i] = '_';
break;
default:
break;
}
return base64;
}
}

315
src/main/java/cn/org/bjca/trust/java/imserver/common/TLSSigAPIv2.java 普通文件
查看文件

@ -0,0 +1,315 @@
package cn.org.bjca.trust.java.imserver.common;
import org.json.JSONException;
import org.json.JSONObject;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;
import java.util.zip.Deflater;
public class TLSSigAPIv2 {
final private long sdkappid;
final private String key;
public TLSSigAPIv2(long sdkappid, String key) {
this.sdkappid = sdkappid;
this.key = key;
}
/**
* 功能说明用于签发 TRTC IM 服务中必须要使用的 UserSig 鉴权票据
* <p>
* 参数说明
*
* @param userid - 用户id限制长度为32字节只允许包含大小写英文字母a-zA-Z数字0-9及下划线和连词符
* @param expire - UserSig 票据的过期时间单位是秒比如 86400 代表生成的 UserSig 票据在一天后就无法再使用了
* @return usersig -生成的签名
*/
/**
* Function: Used to issue UserSig that is required by the TRTC and IM services.
* <p>
* Parameter description:
*
* @param userid - User ID. The value can be up to 32 bytes in length and contain letters (a-z and A-Z), digits (0-9), underscores (_), and hyphens (-).
* @param expire - UserSig expiration time, in seconds. For example, 86400 indicates that the generated UserSig will expire one day after being generated.
* @return usersig - Generated signature.
*/
public String genUserSig(String userid, long expire) throws JSONException {
return genUserSig(userid, expire, null);
}
/**
* 功能说明
* 用于签发 TRTC 进房参数中可选的 PrivateMapKey 权限票据
* PrivateMapKey 需要跟 UserSig 一起使用 PrivateMapKey UserSig 有更强的权限控制能力
* - UserSig 只能控制某个 UserID 有无使用 TRTC 服务的权限只要 UserSig 正确其对应的 UserID 可以进出任意房间
* - PrivateMapKey 则是将 UserID 的权限控制的更加严格包括能不能进入某个房间能不能在该房间里上行音视频等等
* 如果要开启 PrivateMapKey 严格权限位校验需要在实时音视频控制台/应用管理/应用信息中打开启动权限密钥开关
* <p>
* 参数说明
*
* @param userid - 用户id限制长度为32字节只允许包含大小写英文字母a-zA-Z数字0-9及下划线和连词符
* @param expire - PrivateMapKey 票据的过期时间单位是秒比如 86400 生成的 PrivateMapKey 票据在一天后就无法再使用了
* @param roomid - 房间号用于指定该 userid 可以进入的房间号
* @param privilegeMap - 权限位使用了一个字节中的 8 个比特位分别代表八个具体的功能权限开关
* - 1 0000 0001 = 1创建房间的权限
* - 2 0000 0010 = 2加入房间的权限
* - 3 0000 0100 = 4发送语音的权限
* - 4 0000 1000 = 8接收语音的权限
* - 5 0001 0000 = 16发送视频的权限
* - 6 0010 0000 = 32接收视频的权限
* - 7 0100 0000 = 64发送辅路也就是屏幕分享视频的权限
* - 8 1000 0000 = 200接收辅路也就是屏幕分享视频的权限
* - privilegeMap == 1111 1111 == 255 代表该 userid 在该 roomid 房间内的所有功能权限
* - privilegeMap == 0010 1010 == 42 代表该 userid 拥有加入房间和接收音视频数据的权限但不具备其他权限
* @return usersig - 生成带userbuf的签名
*/
/**
* Function:
* Used to issue PrivateMapKey that is optional for room entry.
* PrivateMapKey must be used together with UserSig but with more powerful permission control capabilities.
* - UserSig can only control whether a UserID has permission to use the TRTC service. As long as the UserSig is correct, the user with the corresponding UserID can enter or leave any room.
* - PrivateMapKey specifies more stringent permissions for a UserID, including whether the UserID can be used to enter a specific room and perform audio/video upstreaming in the room.
* To enable stringent PrivateMapKey permission bit verification, you need to enable permission key in TRTC console > Application Management > Application Info.
* <p>
* Parameter description:
*
* @param userid - User ID. The value can be up to 32 bytes in length and contain letters (a-z and A-Z), digits (0-9), underscores (_), and hyphens (-).
* @param roomid - ID of the room to which the specified UserID can enter.
* @param expire - PrivateMapKey expiration time, in seconds. For example, 86400 indicates that the generated PrivateMapKey will expire one day after being generated.
* @param privilegeMap - Permission bits. Eight bits in the same byte are used as the permission switches of eight specific features:
* - Bit 1: 0000 0001 = 1, permission for room creation
* - Bit 2: 0000 0010 = 2, permission for room entry
* - Bit 3: 0000 0100 = 4, permission for audio sending
* - Bit 4: 0000 1000 = 8, permission for audio receiving
* - Bit 5: 0001 0000 = 16, permission for video sending
* - Bit 6: 0010 0000 = 32, permission for video receiving
* - Bit 7: 0100 0000 = 64, permission for substream video sending (screen sharing)
* - Bit 8: 1000 0000 = 200, permission for substream video receiving (screen sharing)
* - privilegeMap == 1111 1111 == 255: Indicates that the UserID has all feature permissions of the room specified by roomid.
* - privilegeMap == 0010 1010 == 42: Indicates that the UserID has only the permissions to enter the room and receive audio/video data.
* @return usersig - Generate signature with userbuf
*/
public String genPrivateMapKey(String userid, long expire, long roomid, long privilegeMap) throws JSONException {
byte[] userbuf = genUserBuf(userid, roomid, expire, privilegeMap, 0, ""); //生成userbuf
return genUserSig(userid, expire, userbuf);
}
/**
* 功能说明
* 用于签发 TRTC 进房参数中可选的 PrivateMapKey 权限票据
* PrivateMapKey 需要跟 UserSig 一起使用 PrivateMapKey UserSig 有更强的权限控制能力
* - UserSig 只能控制某个 UserID 有无使用 TRTC 服务的权限只要 UserSig 正确其对应的 UserID 可以进出任意房间
* - PrivateMapKey 则是将 UserID 的权限控制的更加严格包括能不能进入某个房间能不能在该房间里上行音视频等等
* 如果要开启 PrivateMapKey 严格权限位校验需要在实时音视频控制台/应用管理/应用信息中打开启动权限密钥开关
* <p>
* 参数说明
*
* @param userid - 用户id限制长度为32字节只允许包含大小写英文字母a-zA-Z数字0-9及下划线和连词符
* @param expire - PrivateMapKey 票据的过期时间单位是秒比如 86400 生成的 PrivateMapKey 票据在一天后就无法再使用了
* @param roomstr - 字符串房间号用于指定该 userid 可以进入的房间号
* @param privilegeMap - 权限位使用了一个字节中的 8 个比特位分别代表八个具体的功能权限开关
* - 1 0000 0001 = 1创建房间的权限
* - 2 0000 0010 = 2加入房间的权限
* - 3 0000 0100 = 4发送语音的权限
* - 4 0000 1000 = 8接收语音的权限
* - 5 0001 0000 = 16发送视频的权限
* - 6 0010 0000 = 32接收视频的权限
* - 7 0100 0000 = 64发送辅路也就是屏幕分享视频的权限
* - 8 1000 0000 = 200接收辅路也就是屏幕分享视频的权限
* - privilegeMap == 1111 1111 == 255 代表该 userid 在该 roomid 房间内的所有功能权限
* - privilegeMap == 0010 1010 == 42 代表该 userid 拥有加入房间和接收音视频数据的权限但不具备其他权限
* @return usersig - 生成带userbuf的签名
*/
/**
* Function:
* Used to issue PrivateMapKey that is optional for room entry.
* PrivateMapKey must be used together with UserSig but with more powerful permission control capabilities.
* - UserSig can only control whether a UserID has permission to use the TRTC service. As long as the UserSig is correct, the user with the corresponding UserID can enter or leave any room.
* - PrivateMapKey specifies more stringent permissions for a UserID, including whether the UserID can be used to enter a specific room and perform audio/video upstreaming in the room.
* To enable stringent PrivateMapKey permission bit verification, you need to enable permission key in TRTC console > Application Management > Application Info.
* <p>
* Parameter description:
*
* @param userid - User ID. The value can be up to 32 bytes in length and contain letters (a-z and A-Z), digits (0-9), underscores (_), and hyphens (-).
* @param roomstr - ID of the room to which the specified UserID can enter.
* @param expire - PrivateMapKey expiration time, in seconds. For example, 86400 indicates that the generated PrivateMapKey will expire one day after being generated.
* @param privilegeMap - Permission bits. Eight bits in the same byte are used as the permission switches of eight specific features:
* - Bit 1: 0000 0001 = 1, permission for room creation
* - Bit 2: 0000 0010 = 2, permission for room entry
* - Bit 3: 0000 0100 = 4, permission for audio sending
* - Bit 4: 0000 1000 = 8, permission for audio receiving
* - Bit 5: 0001 0000 = 16, permission for video sending
* - Bit 6: 0010 0000 = 32, permission for video receiving
* - Bit 7: 0100 0000 = 64, permission for substream video sending (screen sharing)
* - Bit 8: 1000 0000 = 200, permission for substream video receiving (screen sharing)
* - privilegeMap == 1111 1111 == 255: Indicates that the UserID has all feature permissions of the room specified by roomid.
* - privilegeMap == 0010 1010 == 42: Indicates that the UserID has only the permissions to enter the room and receive audio/video data.
* @return usersig - Generate signature with userbuf
*/
public String genPrivateMapKeyWithStringRoomID(String userid, long expire, String roomstr, long privilegeMap) throws JSONException {
byte[] userbuf = genUserBuf(userid, 0, expire, privilegeMap, 0, roomstr); //生成userbuf
return genUserSig(userid, expire, userbuf);
}
private String hmacsha256(String identifier, long currTime, long expire, String base64Userbuf) {
String contentToBeSigned = "TLS.identifier:" + identifier + "\n"
+ "TLS.sdkappid:" + sdkappid + "\n"
+ "TLS.time:" + currTime + "\n"
+ "TLS.expire:" + expire + "\n";
if (null != base64Userbuf) {
contentToBeSigned += "TLS.userbuf:" + base64Userbuf + "\n";
}
try {
byte[] byteKey = key.getBytes(StandardCharsets.UTF_8);
Mac hmac = Mac.getInstance("HmacSHA256");
SecretKeySpec keySpec = new SecretKeySpec(byteKey, "HmacSHA256");
hmac.init(keySpec);
byte[] byteSig = hmac.doFinal(contentToBeSigned.getBytes(StandardCharsets.UTF_8));
return (Base64.getEncoder().encodeToString(byteSig)).replaceAll("\\s*", "");
} catch (NoSuchAlgorithmException | InvalidKeyException e) {
return "";
}
}
private String genUserSig(String userid, long expire, byte[] userbuf) throws JSONException {
long currTime = System.currentTimeMillis() / 1000;
JSONObject sigDoc = new JSONObject();
sigDoc.put("TLS.ver", "2.0");
sigDoc.put("TLS.identifier", userid);
sigDoc.put("TLS.sdkappid", sdkappid);
sigDoc.put("TLS.expire", expire);
sigDoc.put("TLS.time", currTime);
String base64UserBuf = null;
if (null != userbuf) {
base64UserBuf = Base64.getEncoder().encodeToString(userbuf).replaceAll("\\s*", "");
sigDoc.put("TLS.userbuf", base64UserBuf);
}
String sig = hmacsha256(userid, currTime, expire, base64UserBuf);
if (sig.length() == 0) {
return "";
}
sigDoc.put("TLS.sig", sig);
Deflater compressor = new Deflater();
compressor.setInput(sigDoc.toString().getBytes(StandardCharsets.UTF_8));
compressor.finish();
byte[] compressedBytes = new byte[2048];
int compressedBytesLength = compressor.deflate(compressedBytes);
compressor.end();
return (new String(Base64URL.base64EncodeUrl(Arrays.copyOfRange(compressedBytes,
0, compressedBytesLength)))).replaceAll("\\s*", "");
}
public byte[] genUserBuf(String account, long dwAuthID, long dwExpTime,
long dwPrivilegeMap, long dwAccountType, String RoomStr) {
//视频校验位需要用到的字段,按照网络字节序放入buf中
/*
cVer unsigned char/1 版本号填0
wAccountLen unsigned short /2 第三方自己的帐号长度
account wAccountLen 第三方自己的帐号字符
dwSdkAppid unsigned int/4 sdkappid
dwAuthID unsigned int/4 群组号码
dwExpTime unsigned int/4 过期时间 直接使用填入的值
dwPrivilegeMap unsigned int/4 权限位主播0xff观众0xab
dwAccountType unsigned int/4 第三方帐号类型
*/
//The fields required for the video check digit are placed in buf according to the network byte order.
/*
cVer unsigned char/1 Version number, fill in 0
wAccountLen unsigned short /2 Third party's own account length
account wAccountLen Third party's own account characters
dwSdkAppid unsigned int/4 sdkappid
dwAuthID unsigned int/4 group number
dwExpTime unsigned int/4 Expiration time , use the filled value directly
dwPrivilegeMap unsigned int/4 Permission bits, host 0xff, audience 0xab
dwAccountType unsigned int/4 Third-party account type
*/
int accountLength = account.length();
int roomStrLength = RoomStr.length();
int offset = 0;
int bufLength = 1 + 2 + accountLength + 20;
if (roomStrLength > 0) {
bufLength = bufLength + 2 + roomStrLength;
}
byte[] userbuf = new byte[bufLength];
//cVer
if (roomStrLength > 0) {
userbuf[offset++] = 1;
} else {
userbuf[offset++] = 0;
}
//wAccountLen
userbuf[offset++] = (byte) ((accountLength & 0xFF00) >> 8);
userbuf[offset++] = (byte) (accountLength & 0x00FF);
//account
for (; offset < 3 + accountLength; ++offset) {
userbuf[offset] = (byte) account.charAt(offset - 3);
}
//dwSdkAppid
userbuf[offset++] = (byte) ((sdkappid & 0xFF000000) >> 24);
userbuf[offset++] = (byte) ((sdkappid & 0x00FF0000) >> 16);
userbuf[offset++] = (byte) ((sdkappid & 0x0000FF00) >> 8);
userbuf[offset++] = (byte) (sdkappid & 0x000000FF);
//dwAuthId,房间号
//dwAuthId, room number
userbuf[offset++] = (byte) ((dwAuthID & 0xFF000000) >> 24);
userbuf[offset++] = (byte) ((dwAuthID & 0x00FF0000) >> 16);
userbuf[offset++] = (byte) ((dwAuthID & 0x0000FF00) >> 8);
userbuf[offset++] = (byte) (dwAuthID & 0x000000FF);
//expire过期时间,当前时间 + 有效期单位
//expire,Expiration time, current time + validity period (unit: seconds)
long currTime = System.currentTimeMillis() / 1000;
long expire = currTime + dwExpTime;
userbuf[offset++] = (byte) ((expire & 0xFF000000) >> 24);
userbuf[offset++] = (byte) ((expire & 0x00FF0000) >> 16);
userbuf[offset++] = (byte) ((expire & 0x0000FF00) >> 8);
userbuf[offset++] = (byte) (expire & 0x000000FF);
//dwPrivilegeMap权限位
//dwPrivilegeMapPermission bits
userbuf[offset++] = (byte) ((dwPrivilegeMap & 0xFF000000) >> 24);
userbuf[offset++] = (byte) ((dwPrivilegeMap & 0x00FF0000) >> 16);
userbuf[offset++] = (byte) ((dwPrivilegeMap & 0x0000FF00) >> 8);
userbuf[offset++] = (byte) (dwPrivilegeMap & 0x000000FF);
//dwAccountType账户类型
//dwAccountTypeaccount type
userbuf[offset++] = (byte) ((dwAccountType & 0xFF000000) >> 24);
userbuf[offset++] = (byte) ((dwAccountType & 0x00FF0000) >> 16);
userbuf[offset++] = (byte) ((dwAccountType & 0x0000FF00) >> 8);
userbuf[offset++] = (byte) (dwAccountType & 0x000000FF);
if (roomStrLength > 0) {
//roomStrLen
userbuf[offset++] = (byte) ((roomStrLength & 0xFF00) >> 8);
userbuf[offset++] = (byte) (roomStrLength & 0x00FF);
//roomStr
for (; offset < bufLength; ++offset) {
userbuf[offset] = (byte) RoomStr.charAt(offset - (bufLength - roomStrLength));
}
}
return userbuf;
}
}

11
src/main/java/cn/org/bjca/trust/java/imserver/controller/HelloController.java
查看文件

@ -1,5 +1,6 @@
package cn.org.bjca.trust.java.imserver.controller;
import cn.org.bjca.trust.java.imserver.common.TLSSigAPIv2;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
@ -8,10 +9,18 @@ import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("hello")
public class HelloController {
private TLSSigAPIv2 tl;
@GetMapping("/{id}")
public String getById(@PathVariable String id) throws Exception {
System.out.println("id ==> " + id);
return "{\"msg\":\"qdxorigin\",\"code\":200,\"data\":\"Sbfuiaefhaikufhcsauik\"}";
}
@GetMapping("/getUserSig/{id}")
public String getUserSig(@PathVariable String id) throws Exception {
System.out.println("id ==> " + id);
if (null == tl)
tl = new TLSSigAPIv2(1400803988, "057bdae3217929deeedb59625f8dba67169ce404212b74729417ff9909b101e7");
return "{\"code\":0,\"data\":{\"userId\":\"" + id + "\",\"userSig\":\"" + tl.genUserSig(id, 2592000) + "\"},\"message\":\"\"}";
}
}