From 1f786d18bf7a452a492b69ac97de6a52e86e6682 Mon Sep 17 00:00:00 2001
From: HuangXin <huangxin@cmhi.chinamobile.com>
Date: Fri, 18 Sep 2020 09:31:30 +0800
Subject: [PATCH] =?UTF-8?q?OCT=20REM:=201.=20=E5=A2=9E=E5=8A=A0=E9=85=8D?=
 =?UTF-8?q?=E7=BD=AE=E6=96=87=E4=BB=B6=E9=85=8D=E7=BD=AE=E9=A1=B9=E5=8A=A0?=
 =?UTF-8?q?=E5=AF=86=E4=BF=9D=E6=8A=A4=E5=8A=9F=E8=83=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../config/CfgFileSecurityConfigure.java      | 50 ++++++++++++
 .../com/dispose/config/SecurityConfigure.java |  2 +
 .../ConfigSecurityInterceptor.java            | 36 ---------
 .../configure/EncryptionPropertyResolver.java | 76 +++++++++++++++++++
 4 files changed, 128 insertions(+), 36 deletions(-)
 create mode 100644 src/main/java/com/dispose/config/CfgFileSecurityConfigure.java
 delete mode 100644 src/main/java/com/dispose/interceptor/ConfigSecurityInterceptor.java
 create mode 100644 src/main/java/com/security/configure/EncryptionPropertyResolver.java

diff --git a/src/main/java/com/dispose/config/CfgFileSecurityConfigure.java b/src/main/java/com/dispose/config/CfgFileSecurityConfigure.java
new file mode 100644
index 00000000..bbb56efd
--- /dev/null
+++ b/src/main/java/com/dispose/config/CfgFileSecurityConfigure.java
@@ -0,0 +1,50 @@
+package com.dispose.config;
+
+import com.security.configure.EncryptionPropertyResolver;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+
+/**
+ * The type Config security interceptor.
+ *
+ * @author <huangxin@cmhi.chinamoblie.com>
+ */
+@Slf4j
+@Configuration
+public class CfgFileSecurityConfigure {
+    /**
+     * Encryptable property resolver encryption property resolver.
+     *
+     * @return the encryption property resolver
+     * @throws IOException the io exception
+     */
+    @Bean(name = "encryptablePropertyResolver")
+    public EncryptionPropertyResolver encryptablePropertyResolver() throws IOException {
+        InputStream is = ClassLoader.getSystemResourceAsStream("git.properties");
+        assert is != null;
+        String password = "";
+
+        BufferedReader reader = new BufferedReader(new InputStreamReader(is));
+        log.info("Version Information:");
+        while (true) {
+            String val = reader.readLine();
+            log.info("{}", val);
+
+            if (val == null) {
+                break;
+            }
+
+            if (val.startsWith("git.commit.id=")) {
+                password = val.substring("git.commit.id=".length());
+            }
+        }
+
+        return new EncryptionPropertyResolver(password);
+    }
+}
diff --git a/src/main/java/com/dispose/config/SecurityConfigure.java b/src/main/java/com/dispose/config/SecurityConfigure.java
index 4c03124e..b2e29ab7 100644
--- a/src/main/java/com/dispose/config/SecurityConfigure.java
+++ b/src/main/java/com/dispose/config/SecurityConfigure.java
@@ -4,6 +4,7 @@ import com.dispose.common.ProtoCryptoType;
 import com.dispose.common.SecurityConfigValue;
 import lombok.Getter;
 import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.stereotype.Component;
@@ -21,6 +22,7 @@ import java.util.Optional;
 @Component
 @ConfigurationProperties(prefix = "crypto")
 @Configuration
+@Slf4j
 public class SecurityConfigure {
     /**
      * The Aes key.
diff --git a/src/main/java/com/dispose/interceptor/ConfigSecurityInterceptor.java b/src/main/java/com/dispose/interceptor/ConfigSecurityInterceptor.java
deleted file mode 100644
index b0d4bbeb..00000000
--- a/src/main/java/com/dispose/interceptor/ConfigSecurityInterceptor.java
+++ /dev/null
@@ -1,36 +0,0 @@
-package com.dispose.interceptor;
-
-import lombok.extern.slf4j.Slf4j;
-import org.jasypt.encryption.StringEncryptor;
-import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
-import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
-import org.springframework.context.annotation.Bean;
-
-/**
- * The type Config security interceptor.
- *
- * @author <huangxin@cmhi.chinamoblie.com>
- */
-@Slf4j
-public class ConfigSecurityInterceptor {
-    /**
-     * String encryptor string encryptor.
-     *
-     * @return the string encryptor
-     */
-    @Bean("jasyptStringEncryptor")
-    static public StringEncryptor stringEncryptor() {
-        PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
-        SimpleStringPBEConfig config = new SimpleStringPBEConfig();
-        config.setPassword("xajhuang");
-        config.setAlgorithm("PBEWITHHMACSHA512ANDAES_256");
-        config.setKeyObtentionIterations("1000");
-        config.setPoolSize("1");
-        config.setProviderName("SunJCE");
-        config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
-        config.setIvGeneratorClassName("org.jasypt.iv.NoIvGenerator");
-        config.setStringOutputType("base64");
-        encryptor.setConfig(config);
-        return encryptor;
-    }
-}
diff --git a/src/main/java/com/security/configure/EncryptionPropertyResolver.java b/src/main/java/com/security/configure/EncryptionPropertyResolver.java
new file mode 100644
index 00000000..b523daa3
--- /dev/null
+++ b/src/main/java/com/security/configure/EncryptionPropertyResolver.java
@@ -0,0 +1,76 @@
+package com.security.configure;
+
+import com.security.arithmetic.CryptoHelper;
+import com.ulisesbocchio.jasyptspringboot.EncryptablePropertyResolver;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang.StringUtils;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import java.nio.charset.StandardCharsets;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+
+/**
+ * The type Encryption property resolver.
+ *
+ * @author <huangxin@cmhi.chinamoblie.com>
+ */
+@Slf4j
+public class EncryptionPropertyResolver implements EncryptablePropertyResolver {
+    /**
+     * The Password.
+     */
+    private final String password;
+
+    /**
+     * Instantiates a new Encryption property resolver.
+     *
+     * @param key the key
+     */
+    public EncryptionPropertyResolver(String key) {
+        this.password = key + "cmcc@10086!";
+    }
+
+    /**
+     * Resolve property value string.
+     *
+     * @param value the value
+     * @return the string
+     */
+    @Override
+    public String resolvePropertyValue(String value) {
+        final String encPrefix = "ENC@";
+        if (StringUtils.isBlank(value)) {
+            return value;
+        }
+        //值以ENC@开头的均为加密
+        if (value.startsWith(encPrefix)) {
+            try {
+                return resolveValue(value.substring(encPrefix.length()));
+            } catch (Exception e) {
+                return value;
+            }
+        }
+        //不需要解密的值直接返回
+        return value;
+    }
+
+    /**
+     * Resolve value string.
+     *
+     * @param value the value
+     * @return the string
+     */
+    private String resolveValue(String value) throws IllegalBlockSizeException, InvalidKeyException,
+        BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException {
+        //自定义密文解密
+        byte[] encode = CryptoHelper.aes256Decryption(CryptoHelper.base64Decryption(value), password);
+
+//        log.info("+++++++++++++++++++Decrypt with key {}: {} --> {}", this.password, value,
+//                 new String(encode, StandardCharsets.UTF_8));
+
+        return new String(encode, StandardCharsets.UTF_8);
+    }
+}