feat：去掉不需要的示例和注释

Author: dabai827

volcengine-java-sdk-ark-runtime/src/main/java/com/volcengine/ark/runtime/interceptor/EncryptionInterceptor.java

@@ -57,26 +57,21 @@ public Response intercept(Chain chain) throws IOException {
             return chain.proceed(request);
         }
 
-        // 读取并解析请求体
         Map<String, Object> requestBodyJson = parseRequestBody(originalBody);
         String model = requestBodyJson.get("model").toString();
 
-        // 非加密模式直接处理
         if (!"true".equals(is_encrypt)) {
             return proceedWithoutEncryption(chain, request, requestBodyJson);
         }
 
-        // 加密模式处理
         return proceedWithEncryption(chain, request, requestBodyJson, model);
     }
 
     private Response proceedWithEncryption(Chain chain, Request request, Map<String, Object> requestBodyJson, String model) throws IOException {
-        // 获取服务器证书信息
         CertificateManager.ServerCertificateInfo certInfo = getServerCertificate(this.apiKey, this.baseUrl, model);
         if (certInfo == null) {
             throw new IOException("Failed to get server certificate for encryption");
         }
-        // 生成会话密钥和令牌
         SessionData sessionData;
         try {
             sessionData = KeyAgreementUtil.generateEciesKeyPair(certInfo.getPublicKey());
@@ -86,26 +81,22 @@ private Response proceedWithEncryption(Chain chain, Request request, Map<String,
         byte[] e2eKey = sessionData.getCryptoKey();
         byte[] e2eNonce = sessionData.getCryptoNonce();
         String sessionToken = sessionData.getSessionToken();
-        // 加密请求体
         RequestBody encryptedBody = encryptRequestBody(requestBodyJson, e2eKey, e2eNonce);
 
         Request.Builder requestBuilder = request.newBuilder()
                 .method(request.method(), encryptedBody);
 
-        // 添加AICC加密头信息
         addAiccEncryptionHeader(requestBuilder, certInfo);
 
         requestBuilder.addHeader("X-Session-Token", sessionToken);
         Request encryptedRequest = requestBuilder.build();
 
         Response originalResponse = chain.proceed(encryptedRequest);
 
-        // 处理失败响应
         if (!originalResponse.isSuccessful()) {
             return handleErrorResponse(originalResponse);
         }
 
-        // 解密成功响应
         return decryptResponse(e2eKey, e2eNonce, originalResponse);
     }
 
@@ -179,10 +170,8 @@ private Map<String, Object> processMessage(Map<String, Object> message, byte[] e
      */
     private Object processMessageContent(Object content, byte[] e2eKey, byte[] e2eNonce) throws IOException {
         if (content instanceof String) {
-            // text
             return encryptStringWithKey(e2eKey, e2eNonce, (String) content);
         } else if (content instanceof Iterable) {
-            // multiParts
             List<Object> processedParts = new ArrayList<>();
             for (Object part : (Iterable<?>) content) {
                 if (part instanceof Map) {
@@ -207,10 +196,8 @@ private Map<String, Object> processContentPart(Map<String, Object> part, byte[]
 
         switch (type) {
             case "text":
-                // 加密文本
                 part.put("text", encryptStringWithKey(e2eKey, e2eNonce, part.get("text").toString()));
                 break;
-
             case "image_url":
                 @SuppressWarnings("unchecked")
                 Map<String, Object> imageUrl = (Map<String, Object>) part.get("image_url");
@@ -233,7 +220,6 @@ private void processImageUrl(Map<String, Object> imageUrl, byte[] e2eKey, byte[]
             URI uri = new URI(url);
             String scheme = uri.getScheme();
             if ("data".equals(scheme)) {
-                // 加密data URL
                 imageUrl.put("url", encryptStringWithKey(e2eKey, e2eNonce, url));
             } else if ("http".equals(scheme) || "https".equals(scheme)) {
                 System.err.println("encryption is not supported for image url, please use base64 image if you want encryption");
@@ -243,7 +229,6 @@ private void processImageUrl(Map<String, Object> imageUrl, byte[] e2eKey, byte[]
 
         } catch (URISyntaxException e) {
             if (url.startsWith("data:")) {
-                // 加密data URL
                 imageUrl.put("url", encryptStringWithKey(e2eKey, e2eNonce, url));
             } else {
                 throw new IOException("Invalid image URL format: " + url, e);
@@ -360,7 +345,7 @@ private Response handleNormalResponse(byte[] key, byte[] nonce, Response respons
             }
         }
 
-        String modifiedResponseBodyStr = mapper.writeValueAsString(responseJson);
+        String decryptedContent = mapper.writeValueAsString(responseJson);
         ResponseBody originalResponseBody = response.body();
         MediaType contentType = null;
         if (originalResponseBody != null) {
@@ -371,7 +356,7 @@ private Response handleNormalResponse(byte[] key, byte[] nonce, Response respons
         }
         ResponseBody decryptedBody = ResponseBody.create(
                 contentType,
-                modifiedResponseBodyStr.getBytes(StandardCharsets.UTF_8)
+                decryptedContent.getBytes(StandardCharsets.UTF_8)
         );
 
         return response.newBuilder()

volcengine-java-sdk-ark-runtime/src/main/java/com/volcengine/ark/runtime/service/ArkService.java

@@ -523,7 +523,6 @@ public ArkService build() {
                 clientBuilder.dispatcher(dispatcher);
             }
 
-            // 重新配置clientBuilder，添加加密拦截器
             OkHttpClient client = clientBuilder
                     .addInterceptor(new RequestIdInterceptor())
                     .addInterceptor(new RetryInterceptor(retryTimes))

volcengine-java-sdk-ark-runtime/src/main/java/com/volcengine/ark/runtime/service/CertificateManager.java

@@ -23,7 +23,6 @@
 import java.util.regex.Pattern;
 
 public class CertificateManager {
-    // 证书缓存
     private static final ConcurrentHashMap<String, ServerCertificateInfo> certificateCache = new ConcurrentHashMap<>();
 
     /**
@@ -87,7 +86,6 @@ public static ServerCertificateInfo getServerCertificateFromCache(String ep) {
     }
 
     public static ServerCertificateInfo getServerCertificate(String apiKey, String baseUrl, String ep) throws IOException {
-        // 首先检查内存缓存，用ep作为key
         if (hasCertificateInCache(ep)) {
             return getServerCertificateFromCache(ep);
         }
@@ -98,18 +96,13 @@ public static ServerCertificateInfo getServerCertificate(String apiKey, String b
 
             String certificate;
 
-            // 1. 首先尝试从本地文件加载证书
             certificate = loadCertificateLocally(ep);
             if (certificate != null) {
                 return createCertificateInfo(certificate, ep);
             }
 
-            // 2. 使用API Key方式获取证书
-            else {
-                certificate = loadCertificateByApiKey(baseUrl, apiKey, ep, aiccEnabled);
-            }
+            certificate = loadCertificateByApiKey(baseUrl, apiKey, ep, aiccEnabled);
 
-            // 保存证书到本地缓存
             saveCertificateLocally(ep, certificate);
 
             return createCertificateInfo(certificate, ep);
@@ -121,7 +114,6 @@ public static ServerCertificateInfo getServerCertificate(String apiKey, String b
 
     public static String[] getCertInfo(String certPem) {
         try {
-            // 使用try-with-resources自动管理PEMParser资源
             try (PEMParser pemParser = new PEMParser(new StringReader(certPem))) {
                 Object object = pemParser.readObject();
 
@@ -141,16 +133,15 @@ public static String[] getCertInfo(String certPem) {
 
                             if (ringPattern.matcher(firstDns).matches() &&
                                     keyPattern.matcher(secondDns).matches()) {
-                                String ringId = firstDns.substring(5);  // ring. 5个字符
-                                String keyId = secondDns.substring(4);  // key. 4个字符
+                                String ringId = firstDns.substring(5);
+                                String keyId = secondDns.substring(4);
                                 return new String[]{ringId, keyId};
                             }
                         }
                     }
                 }
             }
         } catch (Exception e) {
-            // 异常处理
             throw new RuntimeException("Failed to parse certificate to get ring_id and key_id", e);
         }
         return new String[]{"", ""};
@@ -167,23 +158,19 @@ public static String loadCertificateLocally(String ep) throws IOException {
             File certFile = new File(certFilePath);
 
             if (certFile.exists()) {
-                // 检查证书是否过期（是否超过14天）
                 long lastModifiedSeconds = certFile.lastModified() / 1000;
                 long currentTimeSeconds = System.currentTimeMillis() / 1000;
                 long timeDifferenceSeconds = currentTimeSeconds - lastModifiedSeconds;
-                long certExpirationSeconds = 14L * 24 * 60 * 60; // 14天，以秒为单位
+                long certExpirationSeconds = 14L * 24 * 60 * 60;
                 if (timeDifferenceSeconds <= certExpirationSeconds) {
                     String certPem = new String(java.nio.file.Files.readAllBytes(certFile.toPath()), StandardCharsets.UTF_8);
 
-                    // 检查证书是否完整（与AICC/PCA兼容性检查）
                     String[] certInfo = getCertInfo(certPem);
                     String ringId = certInfo[0];
                     String keyId = certInfo[1];
 
                     boolean aiccEnabled = "AICC".equals(System.getenv("VOLC_ARK_ENCRYPTION"));
 
-                    // 1. 非AICC模式：即使ring或key为空也可以接受
-                    // 2. AICC模式：ring和key都必须不为空
                     if ((ringId.isEmpty() || keyId.isEmpty()) && !aiccEnabled) {
                         return certPem;
                     }
@@ -192,7 +179,6 @@ public static String loadCertificateLocally(String ep) throws IOException {
                     }
                 }
 
-                // 证书过期或不满足条件，删除文件
                 certFile.delete();
             }
         } catch (Exception e) {
@@ -346,7 +332,6 @@ public static void saveCertificateLocally(String ep, String certificate) throws
             String certStoragePath = getCertStoragePath();
             String certFilePath = certStoragePath + File.separator + ep + ".pem";
 
-            // 确保目录存在
             File storageDir = new File(certStoragePath);
             if (!storageDir.exists()) {
                 if (!storageDir.mkdirs()) {
@@ -355,7 +340,6 @@ public static void saveCertificateLocally(String ep, String certificate) throws
                 }
             }
 
-            // 写入证书文件
             java.nio.file.Files.write(
                     Paths.get(certFilePath),
                     certificate.getBytes(StandardCharsets.UTF_8)
@@ -387,15 +371,12 @@ public static void cacheServerCertificate(String cacheKey, PublicKey publicKey,
      */
     public static PublicKey extractPublicKeyFromCertificate(String certificate) throws GeneralSecurityException {
         try {
-            // 移除PEM头尾
             String certContent = certificate.replace("-----BEGIN CERTIFICATE-----", "")
                     .replace("-----END CERTIFICATE-----", "")
                     .replaceAll("\\s", "");
 
-            // 解码Base64
             byte[] certBytes = Base64.getDecoder().decode(certContent);
 
-            // 解析证书
             CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
             X509Certificate x509Cert = (X509Certificate) certFactory.generateCertificate(
                     new java.io.ByteArrayInputStream(certBytes));
@@ -420,7 +401,6 @@ public static ServerCertificateInfo createCertificateInfo(String certificate, St
             ServerCertificateInfo certInfo =
                     new ServerCertificateInfo(publicKey, ringId, keyId);
 
-            // 缓存到内存
             cacheServerCertificate(ep, publicKey, ringId, keyId);
 
             return certInfo;

volcengine-java-sdk-ark-runtime/src/main/java/com/volcengine/ark/runtime/utils/KeyAgreementUtil.java

@@ -27,11 +27,9 @@
  */
 public class KeyAgreementUtil {
     static {
-        // 注册Bouncy Castle提供者
         Security.addProvider(new BouncyCastleProvider());
     }
 
-    // 算法常量
     private static final String HKDF_ALGORITHM = "HmacSHA256";
 
     /**
@@ -104,7 +102,6 @@ public static SessionData generateEciesKeyPair(PublicKey publicKey) throws Gener
      */
     public static byte[] hkdf(byte[] sharedSecret, byte[] salt, byte[] info, int length)
             throws GeneralSecurityException {
-        // 提取阶段
         Mac hmacExtract = Mac.getInstance(HKDF_ALGORITHM);
         if (salt == null) {
             salt = new byte[32];
@@ -113,7 +110,6 @@ public static byte[] hkdf(byte[] sharedSecret, byte[] salt, byte[] info, int len
         hmacExtract.init(saltKey);
         byte[] prk = hmacExtract.doFinal(sharedSecret);
 
-        // 扩展阶段
         Mac hmacExpand = Mac.getInstance(HKDF_ALGORITHM);
         SecretKeySpec prkKey = new SecretKeySpec(prk, HKDF_ALGORITHM);
         hmacExpand.init(prkKey);
@@ -318,7 +314,6 @@ public static String aesGcmDecryptBase64List(byte[] key, byte[] nonce, String ci
                 String decrypted = aesGcmDecryptBase64String(key, nonce, b64);
                 result.add(decrypted);
             } catch (Exception e) {
-                // 调用递归解密方法
                 String cornerCaseResult = decryptCornerCase(key, nonce, b64);
                 result.add(cornerCaseResult);
             }
@@ -368,7 +363,6 @@ private static String decryptCornerCase(byte[] key, byte[] nonce, String data) {
                 continue;
             }
         }
-        // 如果所有尝试都失败，返回空字符串
         return "";
     }
 }