Giter Club home page Giter Club logo

dingtalk-callback-crypto's People

Contributors

cherry-toto avatar chzealot avatar javazhengwu avatar jinhucheung avatar maowenbo1993 avatar opendingtalk avatar shenshouer avatar songlin51 avatar xiaohong avatar zx-luo avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

geek-yuan cannotsay mashihao001 zhuangweifeng sjdlbt parkerjx mr-guo-cs zpaimon 476554858 linyaohong wanghaotian-wht fuli-github youandme66 949386566 chenst1 wangchenlin520 skyclub66 shi-chg fanchen-zc viosion git0521 hemingpang sujiw xinlus gdkunban whitewhitehu h1452665103 lycol-baiwei zyzhaoyun94 morayking wudiwen linnxh ashrashr yejin827 yulebin2017 cloneablex muhongwei wangchaozhong albert-liulei leefvictor cmzzg business-creator lwpk110 pythonohtyp maleweb javazhengwu fantasticliar jiahuwang yuanzcxly lose2014 zou1280 zjd12138 for18 jinhucheung lby110 huming17 jujunchen ganpengwei ailongfei fightzc cq-xiangpan py-wuhao four-li a295470799 lucuicheng jiao-sir fenqing168 zhengjs19 120388602 yangtiao watson-y yknb27 zxf799076293 wahaha402 pandihao guoqixun2008 ninestep coincren robin-repo jch1983 wenyu7980 iamzken shaojianming reyyang wenjiarong duqingnian jinjiafeng123 hujingguang liuyong6584653 ygr757326 fortunearterial storyspeaker sjw1357 401610933 johnyeo dumking neko2339 hahaha1208 user3751 balderwu

dingtalk-callback-crypto's Issues

事件与回调-HTTP请求结果校验返回字段值失败

edf5d8af5bf40f9eb9965b29b3e0391a_lALPDetfY0lnjinNAzDNA-E_993_816

测试日志都能输出。。保存就是失败

补充:使用返回的getEncryptedMap数据进行测试返回的是success

补充2:既然是success那么考虑返回格式问题 测试发现 返回successMap:{"msg_signature":"8207a0ae016d1847f7f1d05a62b9b8a84b13dd43","encrypt":"BCtCbxMLXZNAlTNoMraFDhFWJ8l78y/L8/kGvAytjMqUdIiYmdz13Uk04+FviogTgo8P9rXaLl66pkj3uCziHg==","timeStamp":"749","nonce":"5418emcCHwlW5khH"} 格式是正确的
采用了不同方式返回对象 都是不行!!!

当 aesKey 的配不匹配时,Java 发生 java.lang.OutOfMemoryError

前提:
钉钉第三方企业应用对接 SyncHTTP 推送,设置 aes_key,此 aes_key 与回调处理接口中使用的 aes_key 不一致时,在对回调的文本进行 decrypt 时可能发生内存溢出。

原因:
String decrypt(String text) 函数进行处理时,在获得
byte[] networkOrder = Arrays.copyOfRange(bytes, 16, 20);
int plainTextLength = Utils.bytes2int(networkOrder);
之后,在双方 aes_key 不一致时,解析出来的 plainTextLength 可能会为复数或较大的 int 值,在下一步
plainText = new String(Arrays.copyOfRange(bytes, 20, 20 + plainTextLength), CHARSET);
未对 plainTextLength 长度进行判断,可能导致 java.lang.IllegalArgumentException (plainTextLength为复数)或 java.lang.OutOfMemoryError (plainTextLength为较大正数)异常发生。

异常实例:

paramMap:{signature=bee373eadbee717eb154674c2caec6f4d1d73645, msg_signature=bee373eadbee717eb154674c2caec6f4d1d73645, timestamp=1656056612322, nonce=IqHAQ7r5}
org.springframework.web.util.NestedServletException: Handler dispatch failed; nested exception is java.lang.OutOfMemoryError: Java heap space
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1006)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:925)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:974)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:877)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)

php8.x 版本new Prpcrypt()无法继承AesKey

image

执行$pc = new Prpcrypt($this->m_encodingAesKey);
再继续 $result = $pc->decrypt($encrypt, $this->m_corpId);
在继承下的Prpcrypt $this->key结果是null。

我自己每次new Prpcrypt 后,继续$pc->key = base64_decode($this->m_encodingAesKey. "=");才可以

加密消息长度超127后报UnicodeDecodeError(Python) 

def encrypt(self, content):
        """
        加密
        :param content:
        :return:
        """
        msg_len = self.length(content)
        content = ''.join([self.generateRandomKey(16) , msg_len.decode() , content , self.key])
        contentEncode = self.pks7encode(content)
        iv = self.aesKey[:16]
        aesEncode = AES.new(self.aesKey, AES.MODE_CBC, iv)
        aesEncrypt = aesEncode.encrypt(contentEncode)
        return base64.encodebytes(aesEncrypt).decode('UTF-8')

要调整成如下才能正常运行

content = ''.join([self.generateRandomKey(16) ,  content , self.key])
content = content[:16] + msg_len + content[16:]

解决jdk11、jdk17版本的解密出现Illegal key size异常的问题

目前测试jdk11 和 jdk17是可以完美解决 jdk12-16没有测试过,
进入jdk目录 conf -> security -> policy -> limited ->default_local.policy
修改default_local.policy 文件
将 permission javax.crypto.CryptoPermission *, 128; 这一行
改为permission javax.crypto.CryptoPermission *, 512; 保存即可解决 版本Illegal key size的问题

当 aesKey 的配不匹配时,Java 发生 java.lang.OutOfMemoryError

前提:
钉钉第三方企业应用对接 SyncHTTP 推送,设置 aes_key,此 aes_key 与回调处理接口中使用的 aes_key 不一致时,在对回调的文本进行 decrypt 时可能发生内存溢出。

原因:
String decrypt(String text) 函数进行处理时,在获得
byte[] networkOrder = Arrays.copyOfRange(bytes, 16, 20);
int plainTextLength = Utils.bytes2int(networkOrder);
之后,在双方 aes_key 不一致时,解析出来的 plainTextLength 可能会为复数或较大的 int 值,在下一步
plainText = new String(Arrays.copyOfRange(bytes, 20, 20 + plainTextLength), CHARSET);
未对 plainTextLength 长度进行判断,可能导致 java.lang.IllegalArgumentException (plainTextLength为复数)或 java.lang.OutOfMemoryError (plainTextLength为较大正数)异常发生。

异常实例:

paramMap:{signature=bee373eadbee717eb154674c2caec6f4d1d73645, msg_signature=bee373eadbee717eb154674c2caec6f4d1d73645, timestamp=1656056612322, nonce=IqHAQ7r5}
org.springframework.web.util.NestedServletException: Handler dispatch failed; nested exception is java.lang.OutOfMemoryError: Java heap space
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1006)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:925)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:974)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:877)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)

配置事件回调时解密报错

报错代码 cipher.init(Cipher.DECRYPT_MODE, keySpec, iv);
DingCallbackCrypto$DingTalkEncryptException: 计算解密文字错误

Java版本的解密失败问题 jdk17

jdk版本 -> 17

Java版本的加密类中有如下代码

    static {
        try {
            Security.setProperty("crypto.policy", "limited");
            RemoveCryptographyRestrictions();
        } catch (Exception ignored) {
        }
    }

导致回调解密时报错,找不到256的 provider

将上面的limited修改为unlimited就好了

其它版本的jdk没有测试过,看文档好像是jdk8开始支持crypto.policy配置,为什么要设置成limited呢

python3版本报错ValueError: signature check error

前几天好好的,今天2021.6.7就报错了。msg_signature , sign 这俩有时候相等有时候不等

e67d6e5d3895d19e5441ee35ec0abf6aa4735300 e67d6e5d3895d19e5441ee35ec0abf6aa4735300
{'CorpId': 'dingc5898d74ea40425facaaa37764f94726', 'EventType': 'user_modify_org', 'UserId': ['manager5091'], 'OptStaffId': 'manager5091', 'TimeStamp': '1623060875680'}
ef2292239bf57e0e4a653ab808b9b450f6e9485b ef2292239bf57e0e4a653ab808b9b450f6e9485b
{'CorpId': 'dingc5898d74ea40425facaaa37764f94726', 'EventType': 'user_modify_org', 'UserId': ['manager5091'], 'OptStaffId': 'manager5091', 'TimeStamp': '1623060875733'}
10.0.3.189 - - [07/Jun/2021 18:14:35] "POST /getcallback?signature=e67d6e5d3895d19e5441ee35ec0abf6aa4735300&msg_signature=e67d6e5d3895d19e5441ee35ec0abf6aa4735300&timestamp=1623060875680&nonce=6clubcaE HTTP/1.1" 200 -
a2db01cb3705a585c6b74b24e6bb25ba6a8c4998 5cfffa86aa457189dcd4b9287b26683f7e63541f
[2021-06-07 18:14:35,757] ERROR in app: Exception on /getcallback [POST]
Traceback (most recent call last):
File "D:\dingOa\lib\site-packages\flask-2.0.0-py3.7.egg\flask\app.py", line 2051, in wsgi_app
response = self.full_dispatch_request()
File "D:\dingOa\lib\site-packages\flask-2.0.0-py3.7.egg\flask\app.py", line 1501, in full_dispatch_request
rv = self.handle_user_exception(e)
File "D:\dingOa\lib\site-packages\flask-2.0.0-py3.7.egg\flask\app.py", line 1499, in full_dispatch_request
rv = self.dispatch_request()
File "D:\dingOa\lib\site-packages\flask-2.0.0-py3.7.egg\flask\app.py", line 1485, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
File "D:/dingOa/api.py", line 23, in callback
decryptMsg = dingCrypto.getDecryptMsg(arg['msg_signature'], arg['timestamp'], arg['nonce'], jsondata['encrypt'])
File "D:\dingOa\DingCallbackCrypto.py", line 53, in getDecryptMsg
raise ValueError('signature check error')
ValueError: signature check error

当 aesKey 的钉钉后台和应用中的配置不匹配时,Java 发生 java.lang.OutOfMemoryError

前提:
钉钉第三方企业应用对接 SyncHTTP 推送,设置 aes_key,此 aes_key 与回调处理接口中使用的 aes_key 不一致时,在对回调的文本进行 decrypt 时可能发生内存溢出。

原因:
String decrypt(String text) 函数进行处理时,在获得
byte[] networkOrder = Arrays.copyOfRange(bytes, 16, 20);
int plainTextLength = Utils.bytes2int(networkOrder);
之后,在双方 aes_key 不一致时,解析出来的 plainTextLength 可能会为复数或较大的 int 值,在下一步
plainText = new String(Arrays.copyOfRange(bytes, 20, 20 + plainTextLength), CHARSET);
未对 plainTextLength 长度进行判断,可能导致 java.lang.IllegalArgumentException (plainTextLength为复数)或 java.lang.OutOfMemoryError (plainTextLength为较大正数)异常发生。

异常实例:

paramMap:{signature=bee373eadbee717eb154674c2caec6f4d1d73645, msg_signature=bee373eadbee717eb154674c2caec6f4d1d73645, timestamp=1656056612322, nonce=IqHAQ7r5}
org.springframework.web.util.NestedServletException: Handler dispatch failed; nested exception is java.lang.OutOfMemoryError: Java heap space
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1006)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:925)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:974)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:877)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)

Prpcrypt 没有构造函数 __construct 导致报错

Prpcrypt 这个类 的196行 问题 导致 有一行的substr() 这个函数的第一个参数是空。
原因是Prpcrypt 这个类没有 __construct 构造函数 然后其他类使用这个类直接 new Prpcrypt($this->m_encodingAesKey)
28行 38行 83行

python3.9.5加密失败解决办法

修改DingCallbackCrypto3.py文件中的 encrypt函数


contentEncode = self.pks7encode(content)
改为
contentEncode = self.pks7encode(content).encode('utf-8')

即后面加个.encode('utf-8')

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.