mianbin/ops-pro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

加密类更改

Browse Source
This commit is contained in:
even 2025-07-21 16:36:48 +08:00
parent cd90dd7e28
commit 6a76e855d6
11 changed files with 29 additions and 200 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/engine/worker/CustomCompilerWorker.java
View File

@ -11,11 +11,11 @@ import cd.casic.ci.process.process.dataObject.pipeline.PipPipeline;
import cd.casic.ci.process.process.dataObject.target.TargetVersion;
import cd.casic.ci.process.process.dataObject.task.PipTask;
import cd.casic.ci.process.process.service.target.TargetVersionService;
import cd.casic.ci.process.util.CryptogramUtil;
import cd.casic.ci.process.util.SftpUploadUtil;
import cd.casic.framework.commons.exception.ServiceException;
import cd.casic.framework.commons.exception.enums.GlobalErrorCodeConstants;
import cd.casic.module.machine.dal.dataobject.MachineInfoDO;
import cd.casic.module.machine.utils.CryptogramUtil;
import jakarta.annotation.Resource;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
@ -92,7 +92,7 @@ public class CustomCompilerWorker extends SshWorker {
//则默认路径写死
remoteDir = "/home/casic/706/ai_test_527";
}
SftpUploadUtil.uploadFileViaSftp(resourceMachine.getHostIp(), resourceMachine.getSshPort(),resourceMachine.getUsername(), resourceMachine.getPassword(),null,file.getAbsolutePath(),remoteDir,file.getName());
SftpUploadUtil.uploadFileViaSftp(resourceMachine.getHostIp(), resourceMachine.getSshPort(),resourceMachine.getUsername(), CryptogramUtil.doDecrypt(resourceMachine.getPassword()),null,file.getAbsolutePath(),remoteDir,file.getName());
//TODO 得改一下
statusCode = shell(resourceMachine, null,context,

5
modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/engine/worker/afl/AFLSlotCompileWorker.java
View File

@ -13,6 +13,7 @@ import cd.casic.ci.process.process.service.target.TargetVersionService;
import cd.casic.ci.process.util.SftpUploadUtil;
import cd.casic.module.execute.docker.dataobject.dto.DockerEndpointDo;
import cd.casic.module.machine.dal.dataobject.MachineInfoDO;
import cd.casic.module.machine.utils.CryptogramUtil;
import com.alibaba.fastjson.JSON;
import com.jcraft.jsch.*;
import jakarta.annotation.Resource;
@ -70,7 +71,7 @@ public class AFLSlotCompileWorker extends DockerWorker {
append(context,"AFL编译上传文件路径:"+realPath);
SftpUploadUtil.uploadFileViaSftp(
machineInfo.getHostIp()
,machineInfo.getSshPort(),machineInfo.getUsername(), machineInfo.getPassword(),"",filePath,realPath,file.getName());
,machineInfo.getSshPort(),machineInfo.getUsername(), CryptogramUtil.doDecrypt(machineInfo.getPassword()),"",filePath,realPath,file.getName());
} catch (SftpUploadUtil.SftpUploadException e) {
append(context,"上传文件失败,请确认资源信息是否有误:"+JSON.toJSONString(machineInfo));
log.error("上传文件报错",e);
@ -145,7 +146,7 @@ public class AFLSlotCompileWorker extends DockerWorker {
try {
JSch jsch = new JSch();
Session session = jsch.getSession(user, host, 22);
session.setPassword(machineInfo.getPassword());
session.setPassword(CryptogramUtil.doDecrypt(machineInfo.getPassword()));
session.setConfig("StrictHostKeyChecking", "no");
session.connect();
ChannelSftp sftpChannel = (ChannelSftp) session.openChannel("sftp");

6
modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/engine/worker/afl/TestCaseGenerationWorker.java
View File

@ -12,10 +12,10 @@ import cd.casic.ci.process.process.dataObject.task.PipTask;
import cd.casic.ci.process.process.dataObject.testCase.TestCaseInfo;
import cd.casic.ci.process.process.service.target.TargetVersionService;
import cd.casic.ci.process.process.service.testCase.TestCaseInfoService;
import cd.casic.ci.process.util.CryptogramUtil;
import cd.casic.ci.process.util.SftpUploadUtil;
import cd.casic.module.execute.docker.dataobject.dto.DockerEndpointDo;
import cd.casic.module.machine.dal.dataobject.MachineInfoDO;
import cd.casic.module.machine.utils.CryptogramUtil;
import com.alibaba.fastjson.JSON;
import jakarta.annotation.Resource;
import lombok.extern.slf4j.Slf4j;
@ -90,7 +90,7 @@ public class TestCaseGenerationWorker extends DockerWorker {
try {
SftpUploadUtil.uploadFileViaSftp(
machineInfo.getHostIp()
,Integer.valueOf(machineInfo.getSshPort()),machineInfo.getUsername(),machineInfo.getPassword(),"",filePath,seedTarget,file.getName());
,machineInfo.getSshPort(),machineInfo.getUsername(), CryptogramUtil.doDecrypt(machineInfo.getPassword()),"",filePath,seedTarget,file.getName());
} catch (SftpUploadUtil.SftpUploadException e) {
append(context,"seed文件上传失败");
log.error("seed文件上传失败",e);
@ -111,7 +111,7 @@ public class TestCaseGenerationWorker extends DockerWorker {
machineInfo.getHostIp()
,machineInfo.getSshPort()
,machineInfo.getUsername()
,machineInfo.getPassword()
,CryptogramUtil.doDecrypt(machineInfo.getPassword())
,"", testFilePath,seedTarget,testCaseInfo.getFileName());
} catch (SftpUploadUtil.SftpUploadException e) {
toBadEnding();

8
modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/aflManager/impl/AflCrashesInfoServiceImpl.java
View File

@ -13,11 +13,11 @@ import cd.casic.ci.process.process.dataObject.aflManager.AflCrashesInfo;
import cd.casic.ci.process.process.dataObject.aflManager.AflInfo;
import cd.casic.ci.process.process.service.aflManager.AflCrashesInfoService;
import cd.casic.ci.process.process.service.resource.ResourceManagerService;
import cd.casic.ci.process.util.CryptogramUtil;
import cd.casic.ci.process.util.SftpUploadUtil;
import cd.casic.framework.commons.exception.ServiceException;
import cd.casic.framework.commons.exception.enums.GlobalErrorCodeConstants;
import cd.casic.module.machine.dal.dataobject.MachineInfoDO;
import cd.casic.module.machine.utils.CryptogramUtil;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import de.danielbechler.util.Collections;
@ -79,7 +79,7 @@ public class AflCrashesInfoServiceImpl extends ServiceImpl<AflCrashesInfoDao, Af
}
MachineInfoDO resourceMachine = resourceById.getMachineInfo();
String password = resourceMachine.getPassword();
String password = CryptogramUtil.doDecrypt(resourceMachine.getPassword());
resourceMachine.setPassword(password);
try {
@ -248,7 +248,7 @@ public class AflCrashesInfoServiceImpl extends ServiceImpl<AflCrashesInfoDao, Af
}
MachineInfoDO resourceMachine = resourceById.getMachineInfo();
String password = resourceMachine.getPassword();
String password = CryptogramUtil.doDecrypt(resourceMachine.getPassword());
resourceMachine.setPassword(password);
try {
@ -295,7 +295,7 @@ public class AflCrashesInfoServiceImpl extends ServiceImpl<AflCrashesInfoDao, Af
}
MachineInfoDO resourceMachine = resourceById.getMachineInfo();
String password = resourceMachine.getPassword();
String password = CryptogramUtil.doDecrypt(resourceMachine.getPassword());
resourceMachine.setPassword(password);
try {

7
modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/aflManager/impl/AflInfoServiceImpl.java
View File

@ -12,11 +12,11 @@ import cd.casic.ci.process.process.dao.aflManager.AflInfoDao;
import cd.casic.ci.process.process.dataObject.aflManager.AflInfo;
import cd.casic.ci.process.process.service.aflManager.AflInfoService;
import cd.casic.ci.process.process.service.resource.ResourceManagerService;
import cd.casic.ci.process.util.CryptogramUtil;
import cd.casic.ci.process.util.SftpUploadUtil;
import cd.casic.framework.commons.exception.ServiceException;
import cd.casic.framework.commons.exception.enums.GlobalErrorCodeConstants;
import cd.casic.module.machine.dal.dataobject.MachineInfoDO;
import cd.casic.module.machine.utils.CryptogramUtil;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import de.danielbechler.util.Collections;
@ -74,6 +74,7 @@ public class AflInfoServiceImpl extends ServiceImpl<AflInfoDao, AflInfo> impleme
}
MachineInfoDO resourceMachine = resourceById.getMachineInfo();
resourceMachine.setPassword(CryptogramUtil.doDecrypt(resourceMachine.getPassword()));
AflInfo aflInfo = SftpUploadUtil.downloadFileSftpForInputStreamAndSetAflInfo(resourceMachine.getHostIp(), resourceMachine.getSshPort(), resourceMachine.getUsername(), resourceMachine.getPassword(),null, remoteFilePath + "PIP_" + req.getPipelineId() + "/ai_afl/default/fuzzer_stats");
//在本地创建一个新文件夹将远程文件复制一份过去
List<String> sourceFilePaths = new ArrayList<>();
@ -132,7 +133,7 @@ public class AflInfoServiceImpl extends ServiceImpl<AflInfoDao, AflInfo> impleme
}
MachineInfoDO resourceMachine = resourceById.getMachineInfo();
String password = resourceMachine.getPassword();
String password = CryptogramUtil.doDecrypt(resourceMachine.getPassword());
resourceMachine.setPassword(password);
AflInfo aflInfo = SftpUploadUtil.downloadFileSftpForInputStreamAndSetAflInfo(resourceMachine.getHostIp(), resourceMachine.getSshPort(), resourceMachine.getUsername(), resourceMachine.getPassword(),null, remoteFilePath + "PIP_" + req.getPipelineId() + "/ai_afl/default/fuzzer_stats");
@ -216,7 +217,7 @@ public class AflInfoServiceImpl extends ServiceImpl<AflInfoDao, AflInfo> impleme
MachineInfoDO resourceMachine = resourceById.getMachineInfo();
//找出seed文件夹下的所有测试样例文件计算数量
List<String> files = SftpUploadUtil.listFilesInRemoteDirectory(
resourceMachine.getHostIp(), resourceMachine.getSshPort(), resourceMachine.getUsername(), resourceMachine.getPassword(), null, remoteFilePath + "PIP_" + req.getPipelineId() + "/SEED/");
resourceMachine.getHostIp(), resourceMachine.getSshPort(), resourceMachine.getUsername(), CryptogramUtil.doDecrypt(resourceMachine.getPassword()), null, remoteFilePath + "PIP_" + req.getPipelineId() + "/SEED/");
if (!CollectionUtils.isEmpty(files)){
resp.setTestCaseCount(files.size());

2
modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/aflManager/impl/AflPlotInfoServiceImpl.java
View File

@ -15,6 +15,7 @@ import cd.casic.ci.process.util.SftpUploadUtil;
import cd.casic.framework.commons.exception.ServiceException;
import cd.casic.framework.commons.exception.enums.GlobalErrorCodeConstants;
import cd.casic.module.machine.dal.dataobject.MachineInfoDO;
import cd.casic.module.machine.utils.CryptogramUtil;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import de.danielbechler.util.Collections;
@ -69,6 +70,7 @@ public class AflPlotInfoServiceImpl extends ServiceImpl<AflPlotInfoDao, AflPlotI
}
MachineInfoDO resourceMachine = resourceById.getMachineInfo();
resourceMachine.setPassword(CryptogramUtil.doDecrypt(resourceMachine.getPassword()));
AflPlotInfo aflPlotInfo = SftpUploadUtil.downloadFileSftpForLastLineAndSetAflPlotInfo(resourceMachine.getHostIp(), resourceMachine.getSshPort(), resourceMachine.getUsername(), resourceMachine.getPassword(),null, remoteFilePath + "PIP_" + req.getPipelineId() + "/ai_afl/default/plot_data");
//在本地创建一个新文件夹将远程文件复制一份过去
List<String> sourceFilePaths = new ArrayList<>();

4
modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/aflManager/impl/AflSeedInfoServiceImpl.java
View File

@ -10,11 +10,11 @@ import cd.casic.ci.process.process.dao.aflManager.AflSeedInfoDao;
import cd.casic.ci.process.process.dataObject.aflManager.AflSeedInfo;
import cd.casic.ci.process.process.service.aflManager.AflSeedInfoService;
import cd.casic.ci.process.process.service.resource.ResourceManagerService;
import cd.casic.ci.process.util.CryptogramUtil;
import cd.casic.ci.process.util.SftpUploadUtil;
import cd.casic.framework.commons.exception.ServiceException;
import cd.casic.framework.commons.exception.enums.GlobalErrorCodeConstants;
import cd.casic.module.machine.dal.dataobject.MachineInfoDO;
import cd.casic.module.machine.utils.CryptogramUtil;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import de.danielbechler.util.Collections;
@ -194,7 +194,7 @@ public class AflSeedInfoServiceImpl extends ServiceImpl<AflSeedInfoDao, AflSeedI
}
MachineInfoDO resourceMachine = resourceById.getMachineInfo();
String password = resourceMachine.getPassword();
String password = CryptogramUtil.doDecrypt(resourceMachine.getPassword());
resourceMachine.setPassword(password);
try {
// 步骤1列出源目录下的所有文件

3
modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/ssh/SshCommand.java
View File

@ -4,6 +4,7 @@ package cd.casic.ci.process.ssh;
import cd.casic.ci.process.constant.CommandConstant;
import cd.casic.ci.process.util.ChannelShellUtil;
import cd.casic.module.machine.dal.dataobject.MachineInfoDO;
import cd.casic.module.machine.utils.CryptogramUtil;
import cn.hutool.extra.ssh.JschUtil;
import com.jcraft.jsch.ChannelShell;
import com.jcraft.jsch.JSchException;
@ -58,7 +59,7 @@ public class SshCommand implements SshClient {
*/
public SshCommand(MachineInfoDO machine) throws JSchException {
// 根据用户名主机ip端口获取一个Session对象
String decrypt = machine.getPassword();
String decrypt = CryptogramUtil.doDecrypt(machine.getPassword());
this.session = JschUtil.createSession(machine.getHostIp(), machine.getSshPort(), machine.getUsername(), decrypt);
this.session.setConfig("PreferredAuthentications", "password");
this.session.setConfig("StrictHostKeyChecking", "no");

4
modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/ssh/WinRMHelper.java
View File

@ -1,7 +1,7 @@
package cd.casic.ci.process.ssh;
import cd.casic.ci.process.util.CryptogramUtil;
import cd.casic.module.machine.dal.dataobject.MachineInfoDO;
import cd.casic.module.machine.utils.CryptogramUtil;
import io.cloudsoft.winrm4j.client.WinRmClientContext;
import io.cloudsoft.winrm4j.winrm.WinRmTool;
import io.cloudsoft.winrm4j.winrm.WinRmToolResponse;
@ -35,7 +35,7 @@ public class WinRMHelper {
public WinRMHelper(MachineInfoDO machineInfo) {
this.ip = machineInfo.getHostIp();
this.username = machineInfo.getUsername();
this.password = machineInfo.getPassword();
this.password = CryptogramUtil.doDecrypt(machineInfo.getPassword());
}
public int execute(final String command, ExecCallback execCallback) {

175
modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/util/CryptogramUtil.java
View File

@ -1,175 +0,0 @@
package cd.casic.ci.process.util;
// ... 省略 package import ...
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.crypto.engines.SM4Engine;
import org.bouncycastle.crypto.generators.SM2KeyPairGenerator;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.bouncycastle.crypto.params.*;
import org.bouncycastle.crypto.signers.SM2Signer;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Hex;
import java.nio.charset.StandardCharsets;
import java.security.*;
import java.security.spec.ECGenParameterSpec;
public class CryptogramUtil {
static {
Security.addProvider(new BouncyCastleProvider());
}
/**
* SM2 公钥加密
*/
public static String doSm2Encrypt(String str) {
try {
byte[] data = str.getBytes(StandardCharsets.UTF_8);
ECPublicKeyParameters pubKey = getSm2PublicKey(Keypair.PUBLIC_KEY);
SM2Engine engine = new SM2Engine();
engine.init(true, pubKey);
byte[] enc = engine.processBlock(data, 0, data.length);
return Hex.toHexString(enc);
} catch (Exception e) {
throw new RuntimeException("SM2加密失败", e);
}
}
/**
* SM2 私钥解密
*/
public static String doSm2Decrypt(String str) {
try {
byte[] enc = Hex.decode(str);
ECPrivateKeyParameters priKey = getSm2PrivateKey(Keypair.PRIVATE_KEY);
SM2Engine engine = new SM2Engine();
engine.init(false, priKey);
byte[] dec = engine.processBlock(enc, 0, enc.length);
return new String(dec, StandardCharsets.UTF_8);
} catch (Exception e) {
// 解密失败返回原文
return str;
}
}
/**
* SM4 CBC 加密
*/
public static String doEncrypt(String str) {
try {
byte[] key = Hex.decode(Keypair.KEY);
byte[] iv = Hex.decode(Keypair.IV);
PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new SM4Engine()));
cipher.init(true, new ParametersWithIV(new KeyParameter(key), iv));
byte[] input = str.getBytes(StandardCharsets.UTF_8);
byte[] output = new byte[cipher.getOutputSize(input.length)];
int len = cipher.processBytes(input, 0, input.length, output, 0);
len += cipher.doFinal(output, len);
return Hex.toHexString(output, 0, len);
} catch (Exception e) {
throw new RuntimeException("SM4加密失败", e);
}
}
/**
* SM4 CBC 解密
*/
public static String doDecrypt(String str) {
try {
byte[] key = Hex.decode(Keypair.KEY);
byte[] iv = Hex.decode(Keypair.IV);
PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new SM4Engine()));
cipher.init(false, new ParametersWithIV(new KeyParameter(key), iv));
byte[] input = Hex.decode(str);
byte[] output = new byte[cipher.getOutputSize(input.length)];
int len = cipher.processBytes(input, 0, input.length, output, 0);
len += cipher.doFinal(output, len);
return new String(output, 0, len, StandardCharsets.UTF_8);
} catch (Exception e) {
// 解密失败返回原文
return str;
}
}
/**
* SM2 签名
*/
public static String doSignature(String str) {
try {
ECPrivateKeyParameters priKey = getSm2PrivateKey(Keypair.PRIVATE_KEY);
SM2Signer signer = new SM2Signer();
signer.init(true, priKey);
byte[] msg = str.getBytes(StandardCharsets.UTF_8);
signer.update(msg, 0, msg.length);
byte[] sig = signer.generateSignature();
return Hex.toHexString(sig);
} catch (Exception e) {
throw new RuntimeException("SM2签名失败", e);
}
}
/**
* SM2 验签
*/
public static boolean doVerifySignature(String originalStr, String str) {
try {
ECPublicKeyParameters pubKey = getSm2PublicKey(Keypair.PUBLIC_KEY);
SM2Signer signer = new SM2Signer();
signer.init(false, pubKey);
byte[] msg = originalStr.getBytes(StandardCharsets.UTF_8);
signer.update(msg, 0, msg.length);
byte[] sig = Hex.decode(str);
return signer.verifySignature(sig);
} catch (Exception e) {
return false;
}
}
/**
* SM3 哈希
*/
public static String doHashValue(String str) {
try {
SM3Digest digest = new SM3Digest();
byte[] msg = str.getBytes(StandardCharsets.UTF_8);
digest.update(msg, 0, msg.length);
byte[] hash = new byte[digest.getDigestSize()];
digest.doFinal(hash, 0);
return Hex.toHexString(hash);
} catch (Exception e) {
throw new RuntimeException("SM3哈希失败", e);
}
}
// ====== 工具方法 ======
// 获取SM2公钥参数
private static ECPublicKeyParameters getSm2PublicKey(String hex) {
org.bouncycastle.jce.spec.ECParameterSpec ecSpec = org.bouncycastle.jce.ECNamedCurveTable.getParameterSpec("sm2p256v1");
org.bouncycastle.math.ec.ECPoint q = ecSpec.getCurve().decodePoint(Hex.decode(hex));
return new ECPublicKeyParameters(q, new ECDomainParameters(ecSpec.getCurve(), ecSpec.getG(), ecSpec.getN()));
}
// 获取SM2私钥参数
private static ECPrivateKeyParameters getSm2PrivateKey(String hex) {
org.bouncycastle.jce.spec.ECParameterSpec ecSpec = org.bouncycastle.jce.ECNamedCurveTable.getParameterSpec("sm2p256v1");
return new ECPrivateKeyParameters(new java.math.BigInteger(hex, 16), new ECDomainParameters(ecSpec.getCurve(), ecSpec.getG(), ecSpec.getN()));
}
private static class Keypair {
// 公钥未压缩点hex字符串前缀04
public static final String PUBLIC_KEY = "04298364ec840088475eae92a591e01284d1abefcda348b47eb324bb521bb03b0b2a5bc393f6b71dabb8f15c99a0050818b56b23f31743b93df9cf8948f15ddb54";
// 私钥hex字符串
public static final String PRIVATE_KEY = "3037723d47292171677ec8bd7dc9af696c7472bc5f251b2cec07e65fdef22e25";
// SM4密钥16字节128位hex字符串
public static final String KEY = "0123456789abcdeffedcba9876543210";
// SM4 IV16字节hex字符串
public static final String IV = "fedcba98765432100123456789abcdef";
}
}

11
ops-server/src/test/java/cd/casic/server/SftpTest.java
View File

File diff suppressed because one or more lines are too long