From e7c3908f3252e24f3dd307ad51d9fd7a33b7de00 Mon Sep 17 00:00:00 2001
From: Haotian Zhang <skyebefreeman@qq.com>
Date: Mon, 16 Oct 2023 19:57:25 +0800
Subject: [PATCH] feat:support configuration encryption. (#1182)

---
 CHANGELOG.md                                  |  1 +
 .../polaris/config/ConfigurationModifier.java | 14 +++++++
 ...larisConfigBootstrapAutoConfiguration.java | 10 ++++-
 .../config/PolarisCryptoConfigProperties.java | 41 +++++++++++++++++++
 ...itional-spring-configuration-metadata.json |  9 +++-
 5 files changed, 73 insertions(+), 2 deletions(-)
 create mode 100644 spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/config/PolarisCryptoConfigProperties.java

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4fe116fb..877b0a96 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,3 +15,4 @@
 - [feat: add circuit breaker actuator.](https://github.com/Tencent/spring-cloud-tencent/pull/1172)
 - [feat: add metadata transfer for http header via spring.cloud.tencent.metadata.headers.](https://github.com/Tencent/spring-cloud-tencent/pull/1174)
 - [fix:remove bcprov-jdk15on dependency.](https://github.com/Tencent/spring-cloud-tencent/pull/1178)
+- [feat:support configuration encryption.](https://github.com/Tencent/spring-cloud-tencent/pull/1182)
diff --git a/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/ConfigurationModifier.java b/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/ConfigurationModifier.java
index 50242481..3c5e87c5 100644
--- a/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/ConfigurationModifier.java
+++ b/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/ConfigurationModifier.java
@@ -19,14 +19,17 @@
 package com.tencent.cloud.polaris.config;
 
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;
 
 import com.tencent.cloud.common.constant.OrderConstant;
 import com.tencent.cloud.common.util.AddressUtils;
 import com.tencent.cloud.polaris.config.config.PolarisConfigProperties;
+import com.tencent.cloud.polaris.config.config.PolarisCryptoConfigProperties;
 import com.tencent.cloud.polaris.context.PolarisConfigModifier;
 import com.tencent.cloud.polaris.context.config.PolarisContextProperties;
 import com.tencent.polaris.factory.config.ConfigurationImpl;
+import com.tencent.polaris.factory.config.configuration.ConfigFilterConfigImpl;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -46,11 +49,15 @@ public class ConfigurationModifier implements PolarisConfigModifier {
 
 	private final PolarisConfigProperties polarisConfigProperties;
 
+	private final PolarisCryptoConfigProperties polarisCryptoConfigProperties;
+
 	private final PolarisContextProperties polarisContextProperties;
 
 	public ConfigurationModifier(PolarisConfigProperties polarisConfigProperties,
+			PolarisCryptoConfigProperties polarisCryptoConfigProperties,
 			PolarisContextProperties polarisContextProperties) {
 		this.polarisConfigProperties = polarisConfigProperties;
+		this.polarisCryptoConfigProperties = polarisCryptoConfigProperties;
 		this.polarisContextProperties = polarisContextProperties;
 	}
 
@@ -65,6 +72,13 @@ public class ConfigurationModifier implements PolarisConfigModifier {
 		else {
 			throw new RuntimeException("Unsupported config data source");
 		}
+
+		ConfigFilterConfigImpl configFilterConfig = configuration.getConfigFile().getConfigFilterConfig();
+		configFilterConfig.setEnable(polarisCryptoConfigProperties.isEnabled());
+		if (polarisCryptoConfigProperties.isEnabled()) {
+			configFilterConfig.getChain().add("crypto");
+			configFilterConfig.getPlugin().put("crypto", Collections.singletonMap("type", "AES"));
+		}
 	}
 
 	private void initByLocalDataSource(ConfigurationImpl configuration) {
diff --git a/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/PolarisConfigBootstrapAutoConfiguration.java b/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/PolarisConfigBootstrapAutoConfiguration.java
index 925342f9..2383cbf6 100644
--- a/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/PolarisConfigBootstrapAutoConfiguration.java
+++ b/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/PolarisConfigBootstrapAutoConfiguration.java
@@ -23,6 +23,7 @@ import com.tencent.cloud.polaris.config.adapter.PolarisConfigFileLocator;
 import com.tencent.cloud.polaris.config.adapter.PolarisPropertySourceManager;
 import com.tencent.cloud.polaris.config.condition.ConditionalOnReflectRefreshType;
 import com.tencent.cloud.polaris.config.config.PolarisConfigProperties;
+import com.tencent.cloud.polaris.config.config.PolarisCryptoConfigProperties;
 import com.tencent.cloud.polaris.context.PolarisSDKContextManager;
 import com.tencent.cloud.polaris.context.config.PolarisContextAutoConfiguration;
 import com.tencent.cloud.polaris.context.config.PolarisContextProperties;
@@ -54,6 +55,12 @@ public class PolarisConfigBootstrapAutoConfiguration {
 	}
 
 	@Bean
+	public PolarisCryptoConfigProperties polarisCryptoConfigProperties() {
+		return new PolarisCryptoConfigProperties();
+	}
+
+	@Bean
+	@ConditionalOnMissingBean
 	public PolarisPropertySourceManager polarisPropertySourceManager() {
 		return new PolarisPropertySourceManager();
 	}
@@ -80,8 +87,9 @@ public class PolarisConfigBootstrapAutoConfiguration {
 	@Bean
 	@ConditionalOnConnectRemoteServerEnabled
 	public ConfigurationModifier configurationModifier(PolarisConfigProperties polarisConfigProperties,
+			PolarisCryptoConfigProperties polarisCryptoConfigProperties,
 			PolarisContextProperties polarisContextProperties) {
-		return new ConfigurationModifier(polarisConfigProperties, polarisContextProperties);
+		return new ConfigurationModifier(polarisConfigProperties, polarisCryptoConfigProperties, polarisContextProperties);
 	}
 
 	@Bean
diff --git a/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/config/PolarisCryptoConfigProperties.java b/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/config/PolarisCryptoConfigProperties.java
new file mode 100644
index 00000000..3d891ee4
--- /dev/null
+++ b/spring-cloud-starter-tencent-polaris-config/src/main/java/com/tencent/cloud/polaris/config/config/PolarisCryptoConfigProperties.java
@@ -0,0 +1,41 @@
+/*
+ * Tencent is pleased to support the open source community by making Spring Cloud Tencent available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ *
+ */
+package com.tencent.cloud.polaris.config.config;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+/**
+ * polaris config module bootstrap configs.
+ *
+ * @author lepdou 2022-03-10
+ */
+@ConfigurationProperties("spring.cloud.polaris.config.crypto")
+public class PolarisCryptoConfigProperties {
+	/**
+	 * Whether to open the configuration crypto.
+	 */
+	private boolean enabled = true;
+
+	public boolean isEnabled() {
+		return enabled;
+	}
+
+	public void setEnabled(boolean enabled) {
+		this.enabled = enabled;
+	}
+}
diff --git a/spring-cloud-starter-tencent-polaris-config/src/main/resources/META-INF/additional-spring-configuration-metadata.json b/spring-cloud-starter-tencent-polaris-config/src/main/resources/META-INF/additional-spring-configuration-metadata.json
index f3dd3fe3..1aae75cd 100644
--- a/spring-cloud-starter-tencent-polaris-config/src/main/resources/META-INF/additional-spring-configuration-metadata.json
+++ b/spring-cloud-starter-tencent-polaris-config/src/main/resources/META-INF/additional-spring-configuration-metadata.json
@@ -64,7 +64,14 @@
       "name": "spring.cloud.polaris.config.local-file-root-path",
       "type": "java.lang.String",
       "defaultValue": "./polaris/backup/config",
-      "description": "The root path of config files, only used in local mode."
+      "description": "Where to load config file, polaris or local."
+    },
+    {
+      "name": "spring.cloud.polaris.config.crypto.enabled",
+      "type": "java.lang.Boolean",
+      "defaultValue": "true",
+      "description": "Whether to open the configuration crypto.",
+      "sourceType": "com.tencent.cloud.polaris.config.config.PolarisCryptoConfigProperties"
     }
   ]
 }