日本黄色网站在线观看,欧美色欧美亚洲高清在线观看,国产成人综合精品一区

Springboot 數(shù)據(jù)安全傳輸加密與解密

環(huán)境：springboot2.2.6.RELEASE、Vue+axios

通過(guò)繼承RequestBodyAdviceAdapter實(shí)現(xiàn)對(duì)于請(qǐng)求的內(nèi)容進(jìn)行解密操作，實(shí)現(xiàn)ResponseBodyAdvice來(lái)對(duì)相應(yīng)內(nèi)容進(jìn)行加密處理。

定義加密解密的接口：

SecretProcess.java

public interface SecretProcess {
/**
* 數(shù)據(jù)加密
* 時(shí)間：2020年12月24日-下午12:22:13
* @author xg
* @param data 待加密數(shù)據(jù)
* @return String 加密結(jié)果
*/
String encrypt(String data) ;
/**
* 數(shù)據(jù)解密
* 時(shí)間：2020年12月24日-下午12:23:20
* @author xg
* @param data 待解密數(shù)據(jù)
* @return String 解密后的數(shù)據(jù)
*/
String decrypt(String data) ;
/**
* 加密算法格式：算法[/模式/填充]
* 時(shí)間：2020年12月24日-下午12:32:49
* @author xg
* @return String
*/
String getAlgorithm() ;
public static class Hex {
private static final char[] HEX = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
'a', 'b', 'c', 'd', 'e', 'f' };
public static byte[] decode(CharSequence s) {
int nChars = s.length();
if (nChars % 2 != 0) {
throw new IllegalArgumentException("16進(jìn)制數(shù)據(jù)錯(cuò)誤");
}
byte[] result = new byte[nChars / 2];
for (int i = 0; i < nChars; i += 2) {
int msb = Character.digit(s.charAt(i), 16);
int lsb = Character.digit(s.charAt(i + 1), 16);
if (msb < 0 || lsb < 0) {
throw new IllegalArgumentException(
"Detected a Non-hex character at " + (i + 1) + " or " + (i + 2) + " position");
}
result[i / 2] = (byte) ((msb << 4) | lsb);
}
return result;
}
public static String encode(byte[] buf) {
StringBuilder sb = new StringBuilder() ;
for (int i = 0, leng = buf.length; i < leng; i++) {
sb.append(HEX[(buf[i] & 0xF0) >>> 4]).append(HEX[buf[i] & 0x0F]) ;
}
return sb.toString() ;
}
}
}

該接口中定義了兩個(gè)方法分別是加密與解密的方法，還有Hex類該類用來(lái)對(duì)數(shù)據(jù)處理16進(jìn)制的轉(zhuǎn)換。

定義一個(gè)抽象類實(shí)現(xiàn)上面的接口，具體的加解密實(shí)現(xiàn)細(xì)節(jié)在該抽象類中

AbstractSecretProcess.java

public abstract class AbstractSecretProcess implements SecretProcess {
@Resource
private SecretProperties props ;
@Override
public String decrypt(String data) {
try {
Cipher cipher = Cipher.getInstance(getAlgorithm()) ;
cipher.init(Cipher.DECRYPT_MODE, keySpec()) ;
byte[] decryptBytes = cipher.doFinal(Hex.decode(data)) ;
return new String(decryptBytes) ;
} catch (Exception e) {
throw new RuntimeException(e) ;
}
}
@Override
public String encrypt(String data) {
try {
Cipher cipher = Cipher.getInstance(getAlgorithm()) ;
cipher.init(Cipher.ENCRYPT_MODE, keySpec()) ;
return Hex.encode(cipher.doFinal(data.getBytes(Charset.forName("UTF-8")))) ;
} catch (Exception e) {
throw new RuntimeException(e) ;
}
}
/**
* 根據(jù)密鑰生成不同的密鑰材料
* 目前支持：AES, DES
* 時(shí)間：2020年12月25日-下午1:02:54
* @author xg
* @param secretKey 密鑰
* @param algorithm 算法
* @return Key
*/
public Key getKeySpec(String algorithm) {
if (algorithm == null || algorithm.trim().length() == 0) {
return null ;
}
String secretKey = props.getKey() ;
switch (algorithm.toUpperCase()) {
case "AES":
return new SecretKeySpec(secretKey.getBytes(), "AES") ;
case "DES":
Key key = null ;
try {
DESKeySpec desKeySpec = new DESKeySpec(secretKey.getBytes()) ;
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("DES") ;
key = secretKeyFactory.generateSecret(desKeySpec);
} catch (Exception e) {
throw new RuntimeException(e) ;
}
return key ;
default:
return null ;
}
}
/**
* 生成密鑰材料
* 時(shí)間：2020年12月25日-上午11:35:03
* @author xg
* @return Key 密鑰材料
*/
public abstract Key keySpec() ;
}

該抽象類中提供了2中對(duì)稱加密的密鑰還原，分表是AES和DES算法。一個(gè)抽象方法，該抽象方法

keySpec該方法需要子類實(shí)現(xiàn)(具體使用的是哪種對(duì)稱加密算法)。

具體加密算法的實(shí)現(xiàn)類

AESAlgorithm.java

public class AESAlgorithm extends AbstractSecretProcess {
@Override
public String getAlgorithm() {
return "AES/ECB/PKCS5Padding";
}
@Override
public Key keySpec() {
return this.getKeySpec("AES") ;
}
}

SecretProperties.java 屬性配置類

@Configuration
public class SecretConfig {
@Bean
@ConditionalOnMissingBean(SecretProcess.class)
public SecretProcess secretProcess() {
return new AESAlgorithm() ;
}
@Component
@ConfigurationProperties(prefix = "secret")
public static class SecretProperties {
private Boolean enabled ;
private String key ;
public Boolean getEnabled() {
return enabled;
}
public void setEnabled(Boolean enabled) {
this.enabled = enabled;
}
public String getKey() {
return key;
}
public void setKey(String key) {
this.key = key;
}
}
}

配置文件中如下配置：

secret:
key: aaaabbbbccccdddd #密鑰
enabled: true #是否開(kāi)啟加解密功能

在項(xiàng)目中可能不是所有的方法都要進(jìn)行數(shù)據(jù)的加密解密出來(lái)，所以接下來(lái)定義一個(gè)注解，只有添加有該注解的Controller類或是具體接口方法才進(jìn)行數(shù)據(jù)的加密解密，如下：

SIProtection.java

@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Mapping
@Documented
public @interface SIProtection {
}

對(duì)請(qǐng)求內(nèi)容進(jìn)行解密出來(lái)，通過(guò)RequestBodyAdvice

DecryptRequestBodyAdivce.java

@ControllerAdvice
@ConditionalOnProperty(name = "secret.enabled", havingValue = "true")
public class DecryptRequestBodyAdivce extends RequestBodyAdviceAdapter {
@Resource
private SecretProcess secretProcess ;
@Override
public boolean supports(MethodParameter methodParameter, Type targetType,
Class<? extends HttpMessageConverter<?>> converterType) {
return methodParameter.getMethod().isAnnotationPresent(SIProtection.class)
|| methodParameter.getMethod().getDeclaringClass().isAnnotationPresent(SIProtection.class) ;
}
@Override
public HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter, Type targetType,
Class<? extends HttpMessageConverter<?>> converterType) throws IOException {
String body = secretProcess.decrypt(inToString(inputMessage.getBody())) ;
return new HttpInputMessage() {
@Override
public HttpHeaders getHeaders() {
return inputMessage.getHeaders();
}
@Override
public InputStream getBody() throws IOException {
return new ByteArrayInputStream(body.getBytes()) ;
}
} ;
}
private String inToString(InputStream is) {
byte[] buf = new byte[10 * 1024] ;
int leng = -1 ;
StringBuilder sb = new StringBuilder() ;
try {
while ((leng = is.read(buf)) != -1) {
sb.append(new String(buf, 0, leng)) ;
}
return sb.toString() ;
} catch (IOException e) {
throw new RuntimeException(e) ;
}
}
}

注意這里的：@ConditionalOnProperty(name = "secret.enabled", havingValue = "true")注解，只有開(kāi)啟了加解密功能才會(huì)生效。注意這里的supports方法

對(duì)響應(yīng)內(nèi)容加密出來(lái)

EncryptResponseBodyAdivce.java

@ControllerAdvice
@ConditionalOnProperty(name = "secret.enabled", havingValue = "true")
public class EncryptResponseBodyAdivce implements ResponseBodyAdvice<Object> {
@Resource
private SecretProcess secretProcess ;
@Override
public boolean supports(MethodParameter returnType, Class<? extends HttpMessageConverter<?>> converterType) {
return returnType.getMethod().isAnnotationPresent(SIProtection.class)
|| returnType.getMethod().getDeclaringClass().isAnnotationPresent(SIProtection.class) ;
}
@Override
public Object beforeBodyWrite(Object body, MethodParameter returnType, MediaType selectedContentType,
Class<? extends HttpMessageConverter<?>> selectedConverterType, ServerHttpRequest request,
ServerHttpResponse response) {
if (body == null) {
return body ;
}
try {
String jsonStr = new ObjectMapper().writeValueAsString(body) ;
return secretProcess.encrypt(jsonStr) ;
} catch (Exception e) {
throw new RuntimeException(e) ;
}
}
}

Controller應(yīng)用

@PostMapping("/save")
@SIProtection
public R save(@RequestBody Users users) {
return R.success(usersService.save(users)) ;
} // 這對(duì)具體方法進(jìn)行加解密
@RestController
@RequestMapping("/users")
@SIProtection
public class UsersController { // 對(duì)該Controller中的所有方法進(jìn)行加解密處理
}

前端

引入第三方插件：crypto-js

工具方法加解密：

/**
* 加密方法
* @param data 待加密數(shù)據(jù)
* @returns {string|*}
*/
encrypt (data) {
let key = CryptoJS.enc.Utf8.parse(Consts.Secret.key)
if (typeof data === 'object') {
data = JSON.stringify(data)
}
let plainText = CryptoJS.enc.Utf8.parse(data)
let secretText = CryptoJS.AES.encrypt(plainText, key, {mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.Pkcs7}).ciphertext.toString()
return secretText
},
/**
* 解密數(shù)據(jù)
* @param data 待解密數(shù)據(jù)
*/
decrypt (data) {
let key = CryptoJS.enc.Utf8.parse(Consts.Secret.key)
let secretText = CryptoJS.enc.Hex.parse(data)
let encryptedBase64Str = CryptoJS.enc.Base64.stringify(secretText)
let result = CryptoJS.AES.decrypt(encryptedBase64Str, key, {mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.Pkcs7}).toString(CryptoJS.enc.Utf8)
return JSON.parse(result)
}

配置：

let Consts = {
Secret: {
key: 'aaaabbbbccccdddd', // 必須16位（前后端要一致，密鑰）
urls: ['/users/save']
}
}
export default Consts

這里的urls表示對(duì)那些請(qǐng)求進(jìn)行攔截出來(lái)(加解密)，這里也可以配置 "*" 表示對(duì)所有的請(qǐng)求出來(lái)。

axios請(qǐng)求前和響應(yīng)后對(duì)數(shù)據(jù)進(jìn)行加解密出來(lái)：

發(fā)送請(qǐng)求前：

axios.interceptors.request.use((config) => {
let uri = config.url
if (uri.includes('?')) {
uri = uri.substring(0, uri.indexOf('?'))
}
if (window.cfg.enableSecret === '1' && config.data && (Consts.Secret.urls.indexOf('*') > -1 || Consts.Secret.urls.indexOf(uri) > -1)) {
let data = config.data
let secretText = Utils.Secret.encrypt(data)
config.data = secretText
}
return config
}, (error) => {
let errorMessage = '請(qǐng)求失敗'
store.dispatch(types.G_SHOW_ALERT, {title: '請(qǐng)求失敗', content: errorMessage, showDetail: false, detailContent: String(error)})
return Promise.reject(error)
})
axios.interceptors.response.use((response) => {
let uri = response.config.url
if (uri.includes('?')) {
uri = uri.substring(0, uri.indexOf('?'))
}
if (window.cfg.enableSecret === '1' && response.data && (Consts.Secret.urls.indexOf('*') > -1 || Consts.Secret.urls.indexOf(uri) > -1)) {
let data = Utils.Secret.decrypt(response.data)
if (data) {
response.data = data
}
}
return response
}, (error) => {
console.error(`test interceptors.response is in, ${error}`)
return Promise.reject(error)
})