diff --git a/modules/module-ci-machine/pom.xml b/modules/module-ci-machine/pom.xml
index e36adc39..506a3bd5 100644
--- a/modules/module-ci-machine/pom.xml
+++ b/modules/module-ci-machine/pom.xml
@@ -24,10 +24,17 @@
cd.casic.boot
spring-boot-starter-security
+
com.antherd
sm-crypto
- 0.3.2.1-RELEASE
+ 0.3.2
+
+ org.openjdk.nashorn
+ nashorn-core
+ 15.4
+
+
diff --git a/modules/module-ci-machine/src/main/java/cd/casic/module/machine/service/impl/MachineInfoServiceImpl.java b/modules/module-ci-machine/src/main/java/cd/casic/module/machine/service/impl/MachineInfoServiceImpl.java
index 90428a99..d3137a52 100644
--- a/modules/module-ci-machine/src/main/java/cd/casic/module/machine/service/impl/MachineInfoServiceImpl.java
+++ b/modules/module-ci-machine/src/main/java/cd/casic/module/machine/service/impl/MachineInfoServiceImpl.java
@@ -10,6 +10,7 @@ import cd.casic.module.machine.dal.dataobject.MachineInfoDO;
import cd.casic.module.machine.enums.MachineInfoStatus;
import cd.casic.module.machine.service.MachineInfoService;
import cd.casic.module.machine.service.SecretKeyService;
+import cd.casic.module.machine.utils.CryptogramUtil;
import com.google.common.annotations.VisibleForTesting;
import jakarta.annotation.Resource;
import lombok.extern.slf4j.Slf4j;
@@ -47,6 +48,9 @@ public class MachineInfoServiceImpl implements MachineInfoService {
throw exception(SECRET_KEY_NOT_EXISTS);
}
}
+ if (Objects.nonNull(machineInfoDO.getPassword())) {
+ machineInfoDO.setPassword(CryptogramUtil.doEncrypt(machineInfoDO.getPassword()));
+ }
machineInfoMapper.insert(machineInfoDO);
return machineInfoDO.getId();
}
diff --git a/modules/module-ci-machine/src/main/java/cd/casic/module/machine/service/impl/SecretKeyServiceImpl.java b/modules/module-ci-machine/src/main/java/cd/casic/module/machine/service/impl/SecretKeyServiceImpl.java
index b322a954..037c929a 100644
--- a/modules/module-ci-machine/src/main/java/cd/casic/module/machine/service/impl/SecretKeyServiceImpl.java
+++ b/modules/module-ci-machine/src/main/java/cd/casic/module/machine/service/impl/SecretKeyServiceImpl.java
@@ -54,14 +54,10 @@ public class SecretKeyServiceImpl implements SecretKeyService {
public Long createSecretKey(SecretKeyVO secretKeyVO) {
validateSecretKeyAdd(secretKeyVO);
SecretKeyDO secretKeyDO = BeanUtils.toBean(secretKeyVO, SecretKeyDO.class);
- try {
- //密码加密
- secretKeyDO.setPassword(CryptogramUtil.doEncrypt(secretKeyVO.getPassword()));
- //公钥加密
- secretKeyDO.setPublicKey(CryptogramUtil.doEncrypt(secretKeyVO.getPublicKey()));
- } catch (ScriptException e) {
- throw exception(ENCRYPT_OR_DECRYPT_FAIL);
- }
+ //密码加密
+ secretKeyDO.setPassword(CryptogramUtil.doEncrypt(secretKeyVO.getPassword()));
+ //公钥加密
+ secretKeyDO.setPublicKey(CryptogramUtil.doEncrypt(secretKeyVO.getPublicKey()));
secretKeyMapper.insert(secretKeyDO);
return secretKeyDO.getId();
}
diff --git a/modules/module-ci-machine/src/main/java/cd/casic/module/machine/utils/CryptogramUtil.java b/modules/module-ci-machine/src/main/java/cd/casic/module/machine/utils/CryptogramUtil.java
index 0a91bfd1..421aeef7 100644
--- a/modules/module-ci-machine/src/main/java/cd/casic/module/machine/utils/CryptogramUtil.java
+++ b/modules/module-ci-machine/src/main/java/cd/casic/module/machine/utils/CryptogramUtil.java
@@ -1,5 +1,6 @@
package cd.casic.module.machine.utils;
+
import cd.casic.module.machine.dal.model.Keypair;
import cn.hutool.log.Log;
import com.antherd.smcrypto.sm2.Sm2;
@@ -7,8 +8,12 @@ import com.antherd.smcrypto.sm3.Sm3;
import com.antherd.smcrypto.sm4.Sm4;
import com.antherd.smcrypto.sm4.Sm4Options;
-import javax.script.ScriptException;
-
+/**
+ * 加密工具类,本框架目前使用 https://github.com/antherd/sm-crypto 项目中一些加解密方式
+ * 使用小伙伴需要过等保密评相关,请在此处更改为自己的加密方法,或加密机,使用加密机同时需要替换公钥,私钥在内部无法导出,提供加密的方法
+ *
+ * @author yubaoshan
+ */
public class CryptogramUtil {
private static final Log log = Log.get();
@@ -16,11 +21,11 @@ public class CryptogramUtil {
/**
* 加密方法(Sm2 的专门针对前后端分离,非对称秘钥对的方式,暴露出去的公钥,对传输过程中的密码加个密)
*
+ * @author yubaoshan
* @param str 待加密数据
* @return 加密后的密文
- * @author yubaoshan
*/
- public static String doSm2Encrypt(String str) throws ScriptException {
+ public static String doSm2Encrypt (String str) {
return Sm2.doEncrypt(str, Keypair.PUBLIC_KEY);
}
@@ -28,11 +33,11 @@ public class CryptogramUtil {
* 解密方法
* 如果采用加密机的方法,用try catch 捕捉异常,返回原文值即可
*
+ * @author yubaoshan
* @param str 密文
* @return 解密后的明文
- * @author yubaoshan
*/
- public static String doSm2Decrypt(String str) throws ScriptException {
+ public static String doSm2Decrypt (String str) {
// 解密
return Sm2.doDecrypt(str, Keypair.PRIVATE_KEY);
}
@@ -40,11 +45,11 @@ public class CryptogramUtil {
/**
* 加密方法
*
+ * @author yubaoshan
* @param str 待加密数据
* @return 加密后的密文
- * @author yubaoshan
*/
- public static String doEncrypt(String str) throws ScriptException {
+ public static String doEncrypt (String str) {
// SM4 加密 cbc模式
Sm4Options sm4Options4 = new Sm4Options();
sm4Options4.setMode("cbc");
@@ -56,17 +61,17 @@ public class CryptogramUtil {
* 解密方法
* 如果采用加密机的方法,用try catch 捕捉异常,返回原文值即可
*
+ * @author yubaoshan
* @param str 密文
* @return 解密后的明文
- * @author yubaoshan
*/
- public static String doDecrypt(String str) throws ScriptException {
+ public static String doDecrypt (String str) {
// 解密,cbc 模式,输出 utf8 字符串
Sm4Options sm4Options8 = new Sm4Options();
sm4Options8.setMode("cbc");
sm4Options8.setIv("fedcba98765432100123456789abcdef");
- String docString = Sm4.decrypt(str, Keypair.KEY, sm4Options8);
- if (docString.isEmpty()) {
+ String docString = Sm4.decrypt(str, Keypair.KEY, sm4Options8);
+ if (docString.equals("")) {
log.warn(">>> 字段解密失败,返回原文值:{}", str);
return str;
} else {
@@ -77,34 +82,34 @@ public class CryptogramUtil {
/**
* 纯签名
*
+ * @author yubaoshan
* @param str 待签名数据
* @return 签名结果
- * @author yubaoshan
*/
- public static String doSignature(String str) throws ScriptException {
+ public static String doSignature (String str) {
return Sm2.doSignature(str, Keypair.PRIVATE_KEY);
}
/**
* 验证签名结果
*
- * @param originalStr 签名原文数据
- * @param str 签名结果
- * @return 是否通过
* @author yubaoshan
+ * @param originalStr 签名原文数据
+ * @param str 签名结果
+ * @return 是否通过
*/
- public static boolean doVerifySignature(String originalStr, String str) throws ScriptException {
+ public static boolean doVerifySignature (String originalStr, String str) {
return Sm2.doVerifySignature(originalStr, str, Keypair.PUBLIC_KEY);
}
/**
* 通过杂凑算法取得hash值,用于做数据完整性保护
*
+ * @author yubaoshan
* @param str 字符串
* @return hash 值
- * @author yubaoshan
*/
- public static String doHashValue(String str) throws ScriptException {
+ public static String doHashValue (String str) {
return Sm3.sm3(str);
}
diff --git a/modules/module-ci-terminal/src/main/java/cd/casic/module/terminal/service/impl/HostConnectServiceImpl.java b/modules/module-ci-terminal/src/main/java/cd/casic/module/terminal/service/impl/HostConnectServiceImpl.java
index 0056ca1e..d1a5e53a 100644
--- a/modules/module-ci-terminal/src/main/java/cd/casic/module/terminal/service/impl/HostConnectServiceImpl.java
+++ b/modules/module-ci-terminal/src/main/java/cd/casic/module/terminal/service/impl/HostConnectServiceImpl.java
@@ -5,6 +5,7 @@ import cd.casic.module.machine.dal.dataobject.MachineInfoDO;
import cd.casic.module.machine.dal.dataobject.SecretKeyDO;
import cd.casic.module.machine.dal.mysql.MachineInfoMapper;
import cd.casic.module.machine.dal.mysql.SecretKeyMapper;
+import cd.casic.module.machine.utils.CryptogramUtil;
import cd.casic.module.terminal.common.ErrorMessage;
import cd.casic.module.terminal.controller.dto.TerminalConnectDTO;
import cd.casic.module.terminal.enums.*;
@@ -64,7 +65,7 @@ public class HostConnectServiceImpl implements HostConnectService {
CONFIG.setUsername(host.getUsername());
if (host.getAuthenticationType().equals(1)){
CONFIG.setAuthType(HostSshAuthTypeEnum.PASSWORD.name());
- CONFIG.setPassword(host.getPassword());
+ CONFIG.setPassword(CryptogramUtil.doDecrypt(host.getPassword()));
}else {
CONFIG.setKeyId(host.getSecretKeyId());
}