主机管理,对密码秘钥 进行加密
This commit is contained in:
蒲先生
parent
0887d3bc29
commit
f27c2e9a17
@ -24,10 +24,17 @@
|
||||
<groupId>cd.casic.boot</groupId>
|
||||
<artifactId>spring-boot-starter-security</artifactId>
|
||||
</dependency>
|
||||
<!--加解密-->
|
||||
<dependency>
|
||||
<groupId>com.antherd</groupId>
|
||||
<artifactId>sm-crypto</artifactId>
|
||||
<version>0.3.2.1-RELEASE</version>
|
||||
<version>0.3.2</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.openjdk.nashorn</groupId>
|
||||
<artifactId>nashorn-core</artifactId>
|
||||
<version>15.4</version>
|
||||
</dependency>
|
||||
<!--加解密-->
|
||||
</dependencies>
|
||||
</project>
|
||||
|
||||
@ -10,6 +10,7 @@ import cd.casic.module.machine.dal.dataobject.MachineInfoDO;
|
||||
import cd.casic.module.machine.enums.MachineInfoStatus;
|
||||
import cd.casic.module.machine.service.MachineInfoService;
|
||||
import cd.casic.module.machine.service.SecretKeyService;
|
||||
import cd.casic.module.machine.utils.CryptogramUtil;
|
||||
import com.google.common.annotations.VisibleForTesting;
|
||||
import jakarta.annotation.Resource;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
@ -47,6 +48,9 @@ public class MachineInfoServiceImpl implements MachineInfoService {
|
||||
throw exception(SECRET_KEY_NOT_EXISTS);
|
||||
}
|
||||
}
|
||||
if (Objects.nonNull(machineInfoDO.getPassword())) {
|
||||
machineInfoDO.setPassword(CryptogramUtil.doEncrypt(machineInfoDO.getPassword()));
|
||||
}
|
||||
machineInfoMapper.insert(machineInfoDO);
|
||||
return machineInfoDO.getId();
|
||||
}
|
||||
|
||||
@ -54,14 +54,10 @@ public class SecretKeyServiceImpl implements SecretKeyService {
|
||||
public Long createSecretKey(SecretKeyVO secretKeyVO) {
|
||||
validateSecretKeyAdd(secretKeyVO);
|
||||
SecretKeyDO secretKeyDO = BeanUtils.toBean(secretKeyVO, SecretKeyDO.class);
|
||||
try {
|
||||
//密码加密
|
||||
secretKeyDO.setPassword(CryptogramUtil.doEncrypt(secretKeyVO.getPassword()));
|
||||
//公钥加密
|
||||
secretKeyDO.setPublicKey(CryptogramUtil.doEncrypt(secretKeyVO.getPublicKey()));
|
||||
} catch (ScriptException e) {
|
||||
throw exception(ENCRYPT_OR_DECRYPT_FAIL);
|
||||
}
|
||||
//密码加密
|
||||
secretKeyDO.setPassword(CryptogramUtil.doEncrypt(secretKeyVO.getPassword()));
|
||||
//公钥加密
|
||||
secretKeyDO.setPublicKey(CryptogramUtil.doEncrypt(secretKeyVO.getPublicKey()));
|
||||
secretKeyMapper.insert(secretKeyDO);
|
||||
return secretKeyDO.getId();
|
||||
}
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
package cd.casic.module.machine.utils;
|
||||
|
||||
|
||||
import cd.casic.module.machine.dal.model.Keypair;
|
||||
import cn.hutool.log.Log;
|
||||
import com.antherd.smcrypto.sm2.Sm2;
|
||||
@ -7,8 +8,12 @@ import com.antherd.smcrypto.sm3.Sm3;
|
||||
import com.antherd.smcrypto.sm4.Sm4;
|
||||
import com.antherd.smcrypto.sm4.Sm4Options;
|
||||
|
||||
import javax.script.ScriptException;
|
||||
|
||||
/**
|
||||
* 加密工具类,本框架目前使用 https://github.com/antherd/sm-crypto 项目中一些加解密方式
|
||||
* 使用小伙伴需要过等保密评相关,请在此处更改为自己的加密方法,或加密机,使用加密机同时需要替换公钥,私钥在内部无法导出,提供加密的方法
|
||||
*
|
||||
* @author yubaoshan
|
||||
*/
|
||||
public class CryptogramUtil {
|
||||
|
||||
private static final Log log = Log.get();
|
||||
@ -16,11 +21,11 @@ public class CryptogramUtil {
|
||||
/**
|
||||
* 加密方法(Sm2 的专门针对前后端分离,非对称秘钥对的方式,暴露出去的公钥,对传输过程中的密码加个密)
|
||||
*
|
||||
* @author yubaoshan
|
||||
* @param str 待加密数据
|
||||
* @return 加密后的密文
|
||||
* @author yubaoshan
|
||||
*/
|
||||
public static String doSm2Encrypt(String str) throws ScriptException {
|
||||
public static String doSm2Encrypt (String str) {
|
||||
return Sm2.doEncrypt(str, Keypair.PUBLIC_KEY);
|
||||
}
|
||||
|
||||
@ -28,11 +33,11 @@ public class CryptogramUtil {
|
||||
* 解密方法
|
||||
* 如果采用加密机的方法,用try catch 捕捉异常,返回原文值即可
|
||||
*
|
||||
* @author yubaoshan
|
||||
* @param str 密文
|
||||
* @return 解密后的明文
|
||||
* @author yubaoshan
|
||||
*/
|
||||
public static String doSm2Decrypt(String str) throws ScriptException {
|
||||
public static String doSm2Decrypt (String str) {
|
||||
// 解密
|
||||
return Sm2.doDecrypt(str, Keypair.PRIVATE_KEY);
|
||||
}
|
||||
@ -40,11 +45,11 @@ public class CryptogramUtil {
|
||||
/**
|
||||
* 加密方法
|
||||
*
|
||||
* @author yubaoshan
|
||||
* @param str 待加密数据
|
||||
* @return 加密后的密文
|
||||
* @author yubaoshan
|
||||
*/
|
||||
public static String doEncrypt(String str) throws ScriptException {
|
||||
public static String doEncrypt (String str) {
|
||||
// SM4 加密 cbc模式
|
||||
Sm4Options sm4Options4 = new Sm4Options();
|
||||
sm4Options4.setMode("cbc");
|
||||
@ -56,17 +61,17 @@ public class CryptogramUtil {
|
||||
* 解密方法
|
||||
* 如果采用加密机的方法,用try catch 捕捉异常,返回原文值即可
|
||||
*
|
||||
* @author yubaoshan
|
||||
* @param str 密文
|
||||
* @return 解密后的明文
|
||||
* @author yubaoshan
|
||||
*/
|
||||
public static String doDecrypt(String str) throws ScriptException {
|
||||
public static String doDecrypt (String str) {
|
||||
// 解密,cbc 模式,输出 utf8 字符串
|
||||
Sm4Options sm4Options8 = new Sm4Options();
|
||||
sm4Options8.setMode("cbc");
|
||||
sm4Options8.setIv("fedcba98765432100123456789abcdef");
|
||||
String docString = Sm4.decrypt(str, Keypair.KEY, sm4Options8);
|
||||
if (docString.isEmpty()) {
|
||||
String docString = Sm4.decrypt(str, Keypair.KEY, sm4Options8);
|
||||
if (docString.equals("")) {
|
||||
log.warn(">>> 字段解密失败,返回原文值:{}", str);
|
||||
return str;
|
||||
} else {
|
||||
@ -77,34 +82,34 @@ public class CryptogramUtil {
|
||||
/**
|
||||
* 纯签名
|
||||
*
|
||||
* @author yubaoshan
|
||||
* @param str 待签名数据
|
||||
* @return 签名结果
|
||||
* @author yubaoshan
|
||||
*/
|
||||
public static String doSignature(String str) throws ScriptException {
|
||||
public static String doSignature (String str) {
|
||||
return Sm2.doSignature(str, Keypair.PRIVATE_KEY);
|
||||
}
|
||||
|
||||
/**
|
||||
* 验证签名结果
|
||||
*
|
||||
* @param originalStr 签名原文数据
|
||||
* @param str 签名结果
|
||||
* @return 是否通过
|
||||
* @author yubaoshan
|
||||
* @param originalStr 签名原文数据
|
||||
* @param str 签名结果
|
||||
* @return 是否通过
|
||||
*/
|
||||
public static boolean doVerifySignature(String originalStr, String str) throws ScriptException {
|
||||
public static boolean doVerifySignature (String originalStr, String str) {
|
||||
return Sm2.doVerifySignature(originalStr, str, Keypair.PUBLIC_KEY);
|
||||
}
|
||||
|
||||
/**
|
||||
* 通过杂凑算法取得hash值,用于做数据完整性保护
|
||||
*
|
||||
* @author yubaoshan
|
||||
* @param str 字符串
|
||||
* @return hash 值
|
||||
* @author yubaoshan
|
||||
*/
|
||||
public static String doHashValue(String str) throws ScriptException {
|
||||
public static String doHashValue (String str) {
|
||||
return Sm3.sm3(str);
|
||||
}
|
||||
|
||||
|
||||
@ -5,6 +5,7 @@ import cd.casic.module.machine.dal.dataobject.MachineInfoDO;
|
||||
import cd.casic.module.machine.dal.dataobject.SecretKeyDO;
|
||||
import cd.casic.module.machine.dal.mysql.MachineInfoMapper;
|
||||
import cd.casic.module.machine.dal.mysql.SecretKeyMapper;
|
||||
import cd.casic.module.machine.utils.CryptogramUtil;
|
||||
import cd.casic.module.terminal.common.ErrorMessage;
|
||||
import cd.casic.module.terminal.controller.dto.TerminalConnectDTO;
|
||||
import cd.casic.module.terminal.enums.*;
|
||||
@ -64,7 +65,7 @@ public class HostConnectServiceImpl implements HostConnectService {
|
||||
CONFIG.setUsername(host.getUsername());
|
||||
if (host.getAuthenticationType().equals(1)){
|
||||
CONFIG.setAuthType(HostSshAuthTypeEnum.PASSWORD.name());
|
||||
CONFIG.setPassword(host.getPassword());
|
||||
CONFIG.setPassword(CryptogramUtil.doDecrypt(host.getPassword()));
|
||||
}else {
|
||||
CONFIG.setKeyId(host.getSecretKeyId());
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user