OCT

REM:
1. 增加配置文件配置项加密保护功能

src/main/java/com/dispose/config/CfgFileSecurityConfigure.java

@@ -0,0 +1,50 @@
+package com.dispose.config;
+
+import com.security.configure.EncryptionPropertyResolver;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+
+/**
+ * The type Config security interceptor.
+ *
+ * @author <huangxin@cmhi.chinamoblie.com>
+ */
+@Slf4j
+@Configuration
+public class CfgFileSecurityConfigure {
+    /**
+     * Encryptable property resolver encryption property resolver.
+     *
+     * @return the encryption property resolver
+     * @throws IOException the io exception
+     */
+    @Bean(name = "encryptablePropertyResolver")
+    public EncryptionPropertyResolver encryptablePropertyResolver() throws IOException {
+        InputStream is = ClassLoader.getSystemResourceAsStream("git.properties");
+        assert is != null;
+        String password = "";
+
+        BufferedReader reader = new BufferedReader(new InputStreamReader(is));
+        log.info("Version Information:");
+        while (true) {
+            String val = reader.readLine();
+            log.info("{}", val);
+
+            if (val == null) {
+                break;
+            }
+
+            if (val.startsWith("git.commit.id=")) {
+                password = val.substring("git.commit.id=".length());
+            }
+        }
+
+        return new EncryptionPropertyResolver(password);
+    }
+}

src/main/java/com/dispose/config/SecurityConfigure.java

@@ -4,6 +4,7 @@ import com.dispose.common.ProtoCryptoType;
 import com.dispose.common.SecurityConfigValue;
 import lombok.Getter;
 import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.stereotype.Component;
@@ -21,6 +22,7 @@ import java.util.Optional;
 @Component
 @ConfigurationProperties(prefix = "crypto")
 @Configuration
+@Slf4j
 public class SecurityConfigure {
     /**
      * The Aes key.

src/main/java/com/dispose/interceptor/ConfigSecurityInterceptor.java

@@ -1,36 +0,0 @@
-package com.dispose.interceptor;
-
-import lombok.extern.slf4j.Slf4j;
-import org.jasypt.encryption.StringEncryptor;
-import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
-import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
-import org.springframework.context.annotation.Bean;
-
-/**
- * The type Config security interceptor.
- *
- * @author <huangxin@cmhi.chinamoblie.com>
- */
-@Slf4j
-public class ConfigSecurityInterceptor {
-    /**
-     * String encryptor string encryptor.
-     *
-     * @return the string encryptor
-     */
-    @Bean("jasyptStringEncryptor")
-    static public StringEncryptor stringEncryptor() {
-        PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
-        SimpleStringPBEConfig config = new SimpleStringPBEConfig();
-        config.setPassword("xajhuang");
-        config.setAlgorithm("PBEWITHHMACSHA512ANDAES_256");
-        config.setKeyObtentionIterations("1000");
-        config.setPoolSize("1");
-        config.setProviderName("SunJCE");
-        config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
-        config.setIvGeneratorClassName("org.jasypt.iv.NoIvGenerator");
-        config.setStringOutputType("base64");
-        encryptor.setConfig(config);
-        return encryptor;
-    }
-}

src/main/java/com/security/configure/EncryptionPropertyResolver.java

@@ -0,0 +1,76 @@
+package com.security.configure;
+
+import com.security.arithmetic.CryptoHelper;
+import com.ulisesbocchio.jasyptspringboot.EncryptablePropertyResolver;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang.StringUtils;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import java.nio.charset.StandardCharsets;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+
+/**
+ * The type Encryption property resolver.
+ *
+ * @author <huangxin@cmhi.chinamoblie.com>
+ */
+@Slf4j
+public class EncryptionPropertyResolver implements EncryptablePropertyResolver {
+    /**
+     * The Password.
+     */
+    private final String password;
+
+    /**
+     * Instantiates a new Encryption property resolver.
+     *
+     * @param key the key
+     */
+    public EncryptionPropertyResolver(String key) {
+        this.password = key + "cmcc@10086!";
+    }
+
+    /**
+     * Resolve property value string.
+     *
+     * @param value the value
+     * @return the string
+     */
+    @Override
+    public String resolvePropertyValue(String value) {
+        final String encPrefix = "ENC@";
+        if (StringUtils.isBlank(value)) {
+            return value;
+        }
+        //值以ENC@开头的均为加密
+        if (value.startsWith(encPrefix)) {
+            try {
+                return resolveValue(value.substring(encPrefix.length()));
+            } catch (Exception e) {
+                return value;
+            }
+        }
+        //不需要解密的值直接返回
+        return value;
+    }
+
+    /**
+     * Resolve value string.
+     *
+     * @param value the value
+     * @return the string
+     */
+    private String resolveValue(String value) throws IllegalBlockSizeException, InvalidKeyException,
+        BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException {
+        //自定义密文解密
+        byte[] encode = CryptoHelper.aes256Decryption(CryptoHelper.base64Decryption(value), password);
+
+//        log.info("+++++++++++++++++++Decrypt with key {}: {} --> {}", this.password, value,
+//                 new String(encode, StandardCharsets.UTF_8));
+
+        return new String(encode, StandardCharsets.UTF_8);
+    }
+}