数据格式
不加密的情况下,数据一般是这样的(当然,data 也可能是一个列表):
请求:
{
"id": 88
}
返回:
{
"code": 200,
"data": {
"name": "Rose"
},
"message": "success"
}
加密的情况下:
请求:
{
"encryptKey": "xxx",
"encryptValue": "yyy"
}
返回:
{
"code": 200,
"data": {
"encryptKey": "xxx",
"encryptValue": "yyy"
},
"message": "success"
}
加解密流程:
- 发起请求(加密)
- 获取一个含字符和数字的随机字符串(比如16位)
key - 使用 AES 加密将 RequestBody 进行加密,秘钥为上面的
key,得到encryptValue - 使用 秘钥对1 的公钥对
key进行 RSA 加密,得到encryptKey - 使用
encryptKey和encryptValue生成新的 RequestBody 发起网络请求
- 接收返回(解密)
- 常规解析得到
data.encryptKey和data.encryptValue - 使用 秘钥对2 的私钥对
data.encryptKey进行 RSA 解密,得到key - 使用 AES 解密将
data.encryptValue进行解密,秘钥为上面的key,得到解密后的实体
- 为什么不直接用 RSA 加解密,因为 AES 效率更高
封装 - 使用 interceptor 的方式
- EncryptInterceptor.kt
class EncryptInterceptor : Interceptor {
override fun intercept(chain: Interceptor.Chain): Response {
val request = chain.call().request()
var newRequest = request
request.body()?.let {
val buffer = Buffer()
it.writeTo(buffer)
val requestBodyStr = buffer.readString(Charsets.UTF_8)
if (!TextUtils.isEmpty(requestBodyStr)) {
// encrypt data here:
// 1. get random alpha-numeric string, for example "1abcd234"
// 2. use RSA with public key to encrypt the alpha-numeric string, this is the encryptKey
// 3. use AES with the alpha-numeric string to encrypt the body, this is the encryptValue
val randomString = MyUtil.getAlphaNumericString()
val encryptKey = MyUtil.rsaEncrypt(randomString, "MIGXXX...XXX")
val encryptValue = MyUtil.aesEncrypt(requestBodyStr, randomString)
val encryptJson = GsonUtils.toJson(EncryptData(encryptKey, encryptValue))
val encryptBody = RequestBody.create(
MediaType.parse("application/json; charset=utf-8"),
encryptJson
)
newRequest = request.newBuilder().post(encryptBody).build()
}
}
// decrypt the response body vice versa.
val response = chain.proceed(newRequest)
response.body()?.let { responseBody ->
val source: BufferedSource = responseBody.source()
// Buffer the entire body(into source.buffer).
source.request(Long.MAX_VALUE)
// Must use clone, otherwise if we not create new
// ResponseBody(for example result.data is null), the buffer will be empty,
// after this interceptor returns, other places will get nothing with this buffer.
val responseBodyStr = source.buffer.clone().readString(StandardCharsets.UTF_8)
val typeToken = object : TypeToken<Result<EncryptData>>() {}.type
val result = GsonUtils.fromJson<Result<EncryptData>>(responseBodyStr, typeToken)
if (result.data != null) {
val aesKey = MyUtil.rsaDecrypt(result.data.encryptKey, "MIGXXX...XXX")
val decrypt = MyUtil.aesDecrypt(result.data.encryptValue, aesKey)
val newResultJson =
"""{"message":"${result.message}","code":${result.code},"data":$decrypt}""".trimIndent()
// new instance of ResponseBody created here, should close the origin one.
responseBody.use {
return response.newBuilder()
.body(
ResponseBody.create(
MediaType.parse("application/json"),
newResultJson
)
)
.build()
}
}
}
return response
}
}
- EncryptData.kt
data class EncryptData(val encryptKey: String, val encryptValue: String)
- Result.kt
data class Result<T>(val message: String?, val code: Int, val data: T?)
封装 - 使用 converter 的方式
- EncryptConverterFactory.kt
class EncryptConverterFactory : Converter.Factory() {
companion object {
fun create(): EncryptConverterFactory = EncryptConverterFactory()
}
override fun requestBodyConverter(
type: Type,
parameterAnnotations: Array<out Annotation>,
methodAnnotations: Array<out Annotation>,
retrofit: Retrofit
): Converter<*, RequestBody>? {
return EncryptRequestBodyConverter()
}
override fun responseBodyConverter(
type: Type,
annotations: Array<out Annotation>,
retrofit: Retrofit
): Converter<ResponseBody, *>? {
if (type is ParameterizedType) {
return EncryptResponseBodyConverter(type.actualTypeArguments[0])
}
return null
}
internal class EncryptRequestBodyConverter : Converter<Any, RequestBody> {
override fun convert(value: Any): RequestBody? {
val requestBodyStr = GsonUtils.toJson(value)
val randomString = MyUtil.getAlphaNumericString()
val encryptKey = MyUtil.rsaEncrypt(randomString, "MIGXXX...XXX")
val encryptValue = MyUtil.aesEncrypt(requestBodyStr, randomString)
val encryptJson = GsonUtils.toJson(EncryptData(encryptKey, encryptValue))
return RequestBody.create(
MediaType.parse("application/json; charset=utf-8"),
encryptJson
)
}
}
internal class EncryptResponseBodyConverter(private val innerType: Type) :
Converter<ResponseBody, Result<Any>> {
@Throws(IOException::class)
override fun convert(value: ResponseBody): Result<Any> {
value.use {
val originalStr = value.charStream()
val result = GsonUtils.fromJson<Result<EncryptData>>(
originalStr,
object : TypeToken<Result<EncryptData>>() {}.type
)
return if (result.data != null) {
val aesKey = MyUtil.rsaDecrypt(result.data.encryptKey, "MIGXXX...XXX")
val decrypt = MyUtil.aesDecrypt(result.data.encryptValue, aesKey)
val newResult = GsonUtils.fromJson<Any>(decrypt, innerType)
Result(result.message, result.code, newResult)
} else {
Result(result.message, result.code, null)
}
}
}
}
}
封装 - 改进 converter
- EncryptConverterFactory.kt
class EncryptConverterFactory : Converter.Factory() {
companion object {
fun create(): EncryptConverterFactory = EncryptConverterFactory()
}
override fun requestBodyConverter(
type: Type,
parameterAnnotations: Array<out Annotation>,
methodAnnotations: Array<out Annotation>,
retrofit: Retrofit
): Converter<*, RequestBody>? {
return EncryptRequestBodyConverter()
}
override fun responseBodyConverter(
type: Type,
annotations: Array<out Annotation>,
retrofit: Retrofit
): Converter<ResponseBody, *>? {
return EncryptResponseBodyConverter(type)
}
internal class EncryptRequestBodyConverter : Converter<Any, RequestBody> {
override fun convert(value: Any): RequestBody? {
val requestBodyStr = GsonUtils.toJson(value)
val randomString = MyUtil.getAlphaNumericString()
val encryptKey = MyUtil.rsaEncrypt(randomString, "MIGXXX...XXX")
val encryptValue = MyUtil.aesEncrypt(requestBodyStr, randomString)
val encryptJson = GsonUtils.toJson(EncryptData(encryptKey, encryptValue))
return RequestBody.create(
MediaType.parse("application/json; charset=utf-8"),
encryptJson
)
}
}
internal class EncryptResponseBodyConverter(private val type: Type) :
Converter<ResponseBody, Any> {
@Throws(IOException::class)
override fun convert(value: ResponseBody): Any {
try {
val originalStr = value.charStream()
val originalMap = GsonUtils.fromJson<Any>(
originalStr,
Object::class.java
) as MutableMap<String, Any>
originalMap["data"]?.let { data ->
val dataStr = GsonUtils.toJson(data)
val encryptData = GsonUtils.fromJson<EncryptData>(
dataStr, object : TypeToken<EncryptData>() {}.type
)
val aesKey = MyUtil.rsaDecrypt(encryptData.encryptKey, "MIGXXX...XXX")
val decrypt = MyUtil.aesDecrypt(encryptData.encryptValue, aesKey)
originalMap["data"] =
GsonUtils.fromJson<Any>(decrypt, Object::class.java)
}
val newStr = GsonUtils.toJson(originalMap)
return GsonUtils.fromJson(newStr, type)
} finally {
value.close()
}
}
}
}
这里不强制要求返回类型是 Result,只需要服务端返回的 json 数据的第一层级中有 "data" 字段即可,取出该字段进行解密,并重新赋值该字段,然后再进行解析
比较
interceptor 的方式效率要高点,但是 converter 的方式要更加灵活点。
补充
这里采用了把 encryptKey 也放在 body 里一起传输的方案,所以实现起来有点麻烦;其实也可以选择把 encryptKey 放在 header 里,然后对 body 整体加解密的方案,这样实现起来就会简单一些
