mianbin/ops-pro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

机器管理密钥、密钥密码,加密/解密依赖包新增,版本更换

Browse Source
This commit is contained in:
zyj 2025-07-08 16:59:09 +08:00
parent de12ccfd9e
commit de817f1060
5 changed files with 44 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
modules/module-ci-machine/pom.xml
View File

@ -11,6 +11,18 @@
<artifactId>module-ci-machine</artifactId>
<packaging>jar</packaging>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>16</source>
<target>16</target>
</configuration>
</plugin>
</plugins>
</build>
<version>${revision}</version>
<name>${project.artifactId}</name>
@ -43,7 +55,12 @@
<dependency>
<groupId>com.antherd</groupId>
<artifactId>sm-crypto</artifactId>
<version>0.3.2</version>
<version>0.3.2.1-RELEASE</version>
</dependency>
<dependency>
<groupId>org.openjdk.nashorn</groupId>
<artifactId>nashorn-core</artifactId>
<version>15.4</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>

8
modules/module-ci-machine/src/main/java/cd/casic/module/machine/component/WebSocketConnection.java
View File

@ -19,6 +19,7 @@ import org.springframework.util.StringUtils;
import org.springframework.web.socket.TextMessage;
import org.springframework.web.socket.WebSocketSession;
import javax.script.ScriptException;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
@ -166,7 +167,12 @@ public class WebSocketConnection {
throw exception(SECRET_KEY_NULL);
}
//公钥解密
String pubKeyContent = CryptogramUtil.doDecrypt(secretKeyService.getPublicKeyContent(machineInfo.getSecretKeyId()));
String pubKeyContent;
try {
pubKeyContent = CryptogramUtil.doDecrypt(secretKeyService.getPublicKeyContent(machineInfo.getSecretKeyId()));
} catch (ScriptException e) {
throw exception(ENCRYPT_OR_DECRYPT_FAIL);
}
// 验证秘钥格式
if (!pubKeyContent.startsWith("-----BEGIN")) {
log.error("无效的密钥格式{}", pubKeyContent);

1
modules/module-ci-machine/src/main/java/cd/casic/module/machine/contants/MachineErrorCodeConstants.java
View File

@ -36,6 +36,7 @@ public interface MachineErrorCodeConstants {
ErrorCode SECRET_KEY_NOT_EXISTS = new ErrorCode(1_003_004_001, "密钥不存在");
ErrorCode INVALID_kEY_FORMAT = new ErrorCode(1_003_004_002, "无效的密钥格式");
ErrorCode READ_SECRET_CONTENT_ERROR = new ErrorCode(1_003_004_003, "读取密钥加载失败");
ErrorCode ENCRYPT_OR_DECRYPT_FAIL = new ErrorCode(1_003_004_004, "加密/解密失败");
//========== 会话连接模块 1-003-006-000 ==========
ErrorCode SESSION_CONNECT_ERROR = new ErrorCode(1_003_006_001, "会话连接失败");

5
modules/module-ci-machine/src/main/java/cd/casic/module/machine/service/impl/SecretKeyServiceImpl.java
View File

@ -14,6 +14,7 @@ import jakarta.annotation.Resource;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import javax.script.ScriptException;
import java.util.List;
import static cd.casic.framework.commons.exception.util.ServiceExceptionUtil.exception;
@ -51,10 +52,14 @@ public class SecretKeyServiceImpl implements SecretKeyService {
public Long createSecretKey(SecretKeyVO secretKeyVO) {
validateSecretKeyAdd(secretKeyVO);
SecretKeyDO secretKeyDO = BeanUtils.toBean(secretKeyVO, SecretKeyDO.class);
try {
//密码加密
secretKeyDO.setPassword(CryptogramUtil.doEncrypt(secretKeyVO.getPassword()));
//公钥加密
secretKeyDO.setPublicKey(CryptogramUtil.doEncrypt(secretKeyVO.getPublic_key()));
} catch (ScriptException e) {
throw exception(ENCRYPT_OR_DECRYPT_FAIL);
}
secretKeyMapper.insert(secretKeyDO);
return secretKeyDO.getId();
}

16
modules/module-ci-machine/src/main/java/cd/casic/module/machine/utils/CryptogramUtil.java
View File

@ -7,6 +7,8 @@ import com.antherd.smcrypto.sm3.Sm3;
import com.antherd.smcrypto.sm4.Sm4;
import com.antherd.smcrypto.sm4.Sm4Options;
import javax.script.ScriptException;
public class CryptogramUtil {
private static final Log log = Log.get();
@ -18,7 +20,7 @@ public class CryptogramUtil {
* @param str 待加密数据
* @return 加密后的密文
*/
public static String doSm2Encrypt (String str) {
public static String doSm2Encrypt (String str) throws ScriptException {
return Sm2.doEncrypt(str, Keypair.PUBLIC_KEY);
}
@ -30,7 +32,7 @@ public class CryptogramUtil {
* @param str 密文
* @return 解密后的明文
*/
public static String doSm2Decrypt (String str) {
public static String doSm2Decrypt (String str) throws ScriptException {
// 解密
return Sm2.doDecrypt(str, Keypair.PRIVATE_KEY);
}
@ -42,7 +44,7 @@ public class CryptogramUtil {
* @param str 待加密数据
* @return 加密后的密文
*/
public static String doEncrypt (String str) {
public static String doEncrypt (String str) throws ScriptException {
// SM4 加密 cbc模式
Sm4Options sm4Options4 = new Sm4Options();
sm4Options4.setMode("cbc");
@ -58,7 +60,7 @@ public class CryptogramUtil {
* @param str 密文
* @return 解密后的明文
*/
public static String doDecrypt (String str) {
public static String doDecrypt (String str) throws ScriptException {
// 解密cbc 模式输出 utf8 字符串
Sm4Options sm4Options8 = new Sm4Options();
sm4Options8.setMode("cbc");
@ -79,7 +81,7 @@ public class CryptogramUtil {
* @param str 待签名数据
* @return 签名结果
*/
public static String doSignature (String str) {
public static String doSignature (String str) throws ScriptException {
return Sm2.doSignature(str, Keypair.PRIVATE_KEY);
}
@ -91,7 +93,7 @@ public class CryptogramUtil {
* @param str 签名结果
* @return 是否通过
*/
public static boolean doVerifySignature (String originalStr, String str) {
public static boolean doVerifySignature (String originalStr, String str) throws ScriptException {
return Sm2.doVerifySignature(originalStr, str, Keypair.PUBLIC_KEY);
}
@ -102,7 +104,7 @@ public class CryptogramUtil {
* @param str 字符串
* @return hash
*/
public static String doHashValue (String str) {
public static String doHashValue (String str) throws ScriptException {
return Sm3.sm3(str);
}