SpringBoot custom annotations for SM2 signature verification

This article uses the SM2 signature verification tool class, and lower versions have not been verified.

        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcprov-jdk15to18</artifactId>
            <version>1.66</version>
        </dependency>

        <dependency>
            <groupId>cn.hutool</groupId>
            <artifactId>hutool-all</artifactId>
            <version>5.5.9</version>
        </dependency>

The signature character is

        byte[] dataBytes = "我是一段测试aaaa".getBytes();

How to generate the public key and private key for signing by using the following code, please refer to my previous article

final SM2 sm2Sign = new SM2(privateKey, null);
        sm2Sign.usePlainEncoding();
//签名后
        String sign = HexUtil.encodeHexStr(sm2Sign.sign(dataBytes, null));

The decryption code is

        byte[] verifyBytes = "我是一段测试aaaa".getBytes();

        SM2 sm2Verify = new SM2(null, publicKey);
        sm2Verify.usePlainEncoding();

        boolean verify = sm2Verify.verify(verifyBytes, HexUtil.decodeHex(sign));

And create CheckSign custom annotation

@Target({ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Constraint(validatedBy = SignValidator.class)
public @interface CheckSign {
    String message() default "签名验证失败";

    Class<?>[] groups() default {};

    Class<? extends Payload>[] payload() default {};

}

The meaning of the annotation

@Target({ElementType.FIELD})

  Annotation specifies where the current custom annotation can be used. Here it only allows it to be used on attributes. But it can also be used in more places, such as methods, constructors, etc.

• TYPE - class, interface (including annotation types) or enumeration
• FIELD - field (including enumeration constants)
• METHOD - method
• PARAMETER - Parameter
• CONSTRUCTOR - Constructor
• LOCAL_VARIABLE – local variable
• ANNOTATION_TYPE - annotation type
• PACKAGE - package
• TYPE_PARAMETER - type parameter
• TYPE_USE - use type

@Retention(RetentionPolicy.RUNTIME)

  Specifies that the current annotation is retained until runtime. There are three types of retention policies:

• SOURCE - Annotations are only retained in the source file. When the Java file is compiled into a class file, the annotations are discarded.
• CLASS - The annotation is retained in the class file, but is discarded when the jvm loads the class file. This is the default life cycle.
• RUNTIME - the annotations are not only saved to the class file, they still exist after the jvm loads the class file.

@Constraint(validatedBy = SignValidator.class)

  Specifies which verification class is used for verification of the current annotation.

The code for the effectiveness layer is as follows

public class SignValidator implements ConstraintValidator<CheckSign, SignInput> {

    @Override
    public boolean isValid(QuotaReportInput input, ConstraintValidatorContext constraintValidatorContext) {
        //采用了APPID + APPSECRET + 时间戳作为签名
        SM2 sm2Verify = new SM2(null, '你的公钥');
        sm2Verify.usePlainEncoding();
        String signText = input.getAppId() + input.getAppSecret() + input.getTimestamp();
        return sm2Verify.verify(signText.getBytes(), HexUtil.decodeHex(input.getSign()));
    }
}

Enable @Valid annotation in the controller layer

   public vpod report(@Valid @RequestBody SignInput input) {
}

You can return a signature verification failure exception when the signature verification fails.