RSA接口加密封装优化

4 years ago · 182e1ce709
parent 9885b962ea
commit 182e1ce709
12 changed files with 272 additions and 50 deletions
--- a/opsli-api/src/main/java/org/opsli/api/base/encrypt/BaseEncrypt.java
+++ b/opsli-api/src/main/java/org/opsli/api/base/encrypt/BaseEncrypt.java
@ -0,0 +1,28 @@
 package org.opsli.api.base.encrypt;
 import com.alibaba.excel.annotation.ExcelIgnore;
 import com.baomidou.mybatisplus.annotation.TableField;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import java.io.Serializable;
 /**
 * 加解密
 *
 * @author 周鹏程
 * @date 2021-01-24 12:48 下午
 **/
@Data
 public class BaseEncrypt implements Serializable {
    private static final long serialVersionUID = 1L;
    /** 加密数据 */
    @ApiModelProperty(value = "加密数据")
    @ExcelIgnore
    @TableField(exist = false)
    private String encryptData;
 }
--- a/opsli-api/src/main/java/org/opsli/api/base/warpper/ApiWrapper.java
+++ b/opsli-api/src/main/java/org/opsli/api/base/warpper/ApiWrapper.java
@ -28,6 +28,7 @@ import lombok.Data;
 import lombok.EqualsAndHashCode;
 import lombok.experimental.Accessors;
 import org.apache.poi.ss.usermodel.FillPatternType;
 import org.opsli.api.base.encrypt.BaseEncrypt;
 import org.opsli.plugins.excel.annotation.ExcelInfo;
 import org.springframework.format.annotation.DateTimeFormat;
@ -57,7 +58,7 @@ import java.util.Date;
@HeadFontStyle(fontName = "Arial",color = 9,fontHeightInPoints = 10)
@HeadStyle(fillPatternType = FillPatternType.SOLID_FOREGROUND, fillForegroundColor = 23)
@ColumnWidth(22)
-public abstract class ApiWrapper implements Serializable {
+public abstract class ApiWrapper extends BaseEncrypt implements Serializable {
 	private static final long serialVersionUID = 1L;
--- a/opsli-base-support/opsli-common/src/main/java/org/opsli/common/annotation/InterfaceEncryptAndDecrypt.java
+++ b/opsli-base-support/opsli-common/src/main/java/org/opsli/common/annotation/InterfaceEncryptAndDecrypt.java
@ -0,0 +1,24 @@
 package org.opsli.common.annotation;
 import java.lang.annotation.*;
 /**
 * 接口数据 加解密
 * @author Parker
 */
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
 public @interface InterfaceEncryptAndDecrypt {
    /** 加密启用状态 */
    boolean enable() default true;
    /** 请求解密 */
    boolean requestDecrypt() default true;
    /** 返回加密 */
    boolean responseEncrypt() default true;
 }
--- a/opsli-base-support/opsli-common/src/main/java/org/opsli/common/constants/OrderConstants.java
+++ b/opsli-base-support/opsli-common/src/main/java/org/opsli/common/constants/OrderConstants.java
@ -31,6 +31,9 @@ public interface OrderConstants {
    /** token */
    int TOKEN_AOP_SORT = 150;
    /** 请求加解密 */
    int ENCRYPT_ADN_DECRYPT_AOP_SORT = 160;
    /** 热点数据加载顺序 */
    int HOT_DATA_ORDER = 180;
--- a/opsli-base-support/opsli-common/src/main/java/org/opsli/common/utils/RateLimiterUtil.java
+++ b/opsli-base-support/opsli-common/src/main/java/org/opsli/common/utils/RateLimiterUtil.java
@ -119,12 +119,10 @@ public final class RateLimiterUtil {
        RateLimiterInner rateLimiterInner = rateLimiterInnerMap.get(resource);
        // 如果为空 则创建一个新的限流器
        if(rateLimiterInner == null){
            System.out.println(456);
            rateLimiterInner = new RateLimiterInner();
            rateLimiterInner.setQps(dfQps);
            rateLimiterInner.setRateLimiter(RateLimiter.create(dfQps));
            rateLimiterInnerMap.put(resource, rateLimiterInner);
        }else{
            qps = rateLimiterInner.getQps();
        }
--- a/opsli-base-support/opsli-core/src/main/java/org/opsli/core/aspect/InterfaceEncryptAndDecryptAop.java
+++ b/opsli-base-support/opsli-core/src/main/java/org/opsli/core/aspect/InterfaceEncryptAndDecryptAop.java
@ -0,0 +1,168 @@
 /**
 * Copyright 2020 OPSLI 快速开发平台 https://www.opsli.com
 * <p>
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 * <p>
 * http://www.apache.org/licenses/LICENSE-2.0
 * <p>
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */
 package org.opsli.core.aspect;
 import cn.hutool.core.convert.Convert;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.core.util.TypeUtil;
 import cn.hutool.crypto.asymmetric.RSA;
 import lombok.extern.slf4j.Slf4j;
 import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.Around;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Pointcut;
 import org.aspectj.lang.reflect.MethodSignature;
 import org.opsli.api.base.encrypt.BaseEncrypt;
 import org.opsli.api.base.result.ResultVo;
 import org.opsli.common.annotation.InterfaceEncryptAndDecrypt;
 import org.opsli.common.exception.ServiceException;
 import org.opsli.common.utils.Props;
 import org.opsli.core.msg.CoreMsg;
 import org.opsli.core.utils.EncryptAndDecryptByRsaUtil;
 import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;
 import java.lang.reflect.Method;
 import java.lang.reflect.Type;
 import static org.opsli.common.constants.OrderConstants.ENCRYPT_ADN_DECRYPT_AOP_SORT;
 /**
 * 接口请求加解密 拦截处理
 *
 * @author parker
 * @date 2021-01-23
 */
@Slf4j
@Order(ENCRYPT_ADN_DECRYPT_AOP_SORT)
@Aspect
@Component
 public class InterfaceEncryptAndDecryptAop {
    /** RSA 公钥 */
    private static String RSA_PUBLIC_KEY;
    /** RSA 私钥 */
    private static String RSA_PRIVATE_KEY;
    /** RSA */
    private static RSA ASSIGN_RSA;
    static {
        // 缓存前缀
        Props props = new Props("application.yaml");
        RSA_PUBLIC_KEY = props.getStr("opsli.encrypt-decrypt.rsa.public-key");
        RSA_PRIVATE_KEY = props.getStr("opsli.encrypt-decrypt.rsa.private-key");
        try {
            ASSIGN_RSA = EncryptAndDecryptByRsaUtil.INSTANCE.createRsa(RSA_PUBLIC_KEY, RSA_PRIVATE_KEY);
        }catch (Exception e){
            ASSIGN_RSA = EncryptAndDecryptByRsaUtil.INSTANCE.createRsa();
            RSA_PUBLIC_KEY = ASSIGN_RSA.getPublicKeyBase64();
            RSA_PRIVATE_KEY = ASSIGN_RSA.getPrivateKeyBase64();
            String errorMsg = StrUtil.format(CoreMsg.OTHER_EXCEPTION_RSA_CREATE.getMessage(),
                    RSA_PUBLIC_KEY, RSA_PRIVATE_KEY
                    );
            log.error(errorMsg);
        }
    }
    /**
     * 获得公钥
     * @return
     */
    public static String getRsaPublicKey() {
        return RSA_PUBLIC_KEY;
    }
    /**
     * 获得私钥
     * @return
     */
    public static String getRsaPrivateKey() {
        return RSA_PRIVATE_KEY;
    }
    @Pointcut("@annotation(org.opsli.common.annotation.InterfaceEncryptAndDecrypt)")
    public void encryptAndDecrypt() {
    }
    /**
     * 切如 post 请求
     * @param point
     */
    @Around("encryptAndDecrypt()")
    public Object encryptAndDecryptHandle(ProceedingJoinPoint point) throws Throwable {
        // 获得请求参数
        Object[] args = point.getArgs();
        // 返回结果
        Object returnValue = null;
        MethodSignature signature = (MethodSignature) point.getSignature();
        // 获得 方法
        Method  method = signature.getMethod();
        // 获得方法注解
        InterfaceEncryptAndDecrypt annotation =
                method.getAnnotation(InterfaceEncryptAndDecrypt.class);
        if(annotation != null){
            // 1. 拆解请求数据
            // request 解密
            if (annotation.enable() && annotation.requestDecrypt()){
                for (int i = 0; i < args.length; i++) {
                    Object arg = args[i];
                    // 参数校验
                    if(arg instanceof BaseEncrypt){
                        // 获得加密数据
                        BaseEncrypt baseEncrypt = (BaseEncrypt) arg;
                        String encryptData = baseEncrypt.getEncryptData();
                        // 解密对象
                        Object dataToObj = EncryptAndDecryptByRsaUtil.INSTANCE.decryptedDataToObj(ASSIGN_RSA, encryptData);
                        // 根据方法类型转化对象
                        Type type = TypeUtil.getParamType(method, i);
                        args[i] = Convert.convert(type, dataToObj);
                    }
                }
            }
            // 2. 执行方法
            returnValue = point.proceed(args);
            // 3. 返回响应数据
            // response 加密
            if (annotation.enable() && annotation.responseEncrypt()){
                try {
                    // 执行加密过程
                    if(returnValue instanceof ResultVo){
                        ResultVo<Object> ret = (ResultVo<Object>) returnValue;
                        ret.setData(
                                EncryptAndDecryptByRsaUtil.INSTANCE.encryptedData(
                                        ASSIGN_RSA, ret.getData()
                                )
                        );
                        returnValue = ret;
                    }else {
                        returnValue = EncryptAndDecryptByRsaUtil.INSTANCE.encryptedData(
                                ASSIGN_RSA, returnValue
                        );
                    }
                }catch (Exception e){
                    // RSA非对称加密失败
                    throw new ServiceException(CoreMsg.OTHER_EXCEPTION_RSA_EN);
                }
            }
        }
        return returnValue;
    }
 }
--- a/opsli-base-support/opsli-core/src/main/java/org/opsli/core/msg/CoreMsg.java
+++ b/opsli-base-support/opsli-core/src/main/java/org/opsli/core/msg/CoreMsg.java
@ -69,9 +69,10 @@ public enum CoreMsg implements BaseMsg {
    /** 其他 */
    OTHER_EXCEPTION_LIMITER(10700,"当前系统繁忙，请稍后再试"),
-    OTHER_EXCEPTION_RSA_EN(10701,"RSA非对称加密失败"),
+    OTHER_EXCEPTION_RSA_CREATE(10701,"指定RSA算法器创建失败，系统已自动创建随机RSA算法\n公钥：{}\n私钥：{}"),
-    OTHER_EXCEPTION_RSA_DE(10701,"RSA非对称解密失败"),
+    OTHER_EXCEPTION_RSA_EN(10702,"RSA非对称加密失败"),
-    OTHER_EXCEPTION_RSA_REFLEX(10702,"RSA非对称解密反射失败"),
+    OTHER_EXCEPTION_RSA_DE(10703,"RSA非对称解密失败"),
    OTHER_EXCEPTION_RSA_REFLEX(10704,"RSA非对称解密反射失败"),
    ;
--- a/opsli-base-support/opsli-core/src/main/java/org/opsli/core/utils/EncryptAndDecryptByRsaUtil.java
+++ b/opsli-base-support/opsli-core/src/main/java/org/opsli/core/utils/EncryptAndDecryptByRsaUtil.java
@ -22,6 +22,7 @@ import cn.hutool.crypto.asymmetric.KeyType;
 import cn.hutool.crypto.asymmetric.RSA;
 import com.alibaba.fastjson.JSONObject;
 import org.opsli.common.exception.ServiceException;
 import org.opsli.common.utils.Props;
 import org.opsli.core.msg.CoreMsg;
 import java.util.Collection;
@ -31,10 +32,10 @@ import java.util.Collection;
 *
 * @author 周鹏程
 */
-public enum AsymmetricCryptoUtil {
+public enum EncryptAndDecryptByRsaUtil {
-    /** 实例 */
+    /** 默认实例 */
-    INSTANCE;
+    INSTANCE();
    /** RSA KEY */
    private final String rsaKey = "data";
@ -42,11 +43,11 @@ public enum AsymmetricCryptoUtil {
    /** RSA对象 */
    private final RSA rsa;
-    AsymmetricCryptoUtil(){
+    EncryptAndDecryptByRsaUtil(){
        // 初始化RSA对象
        this.rsa = this.createRsa();
    }
    /**
     * 生成 RSA 对象
     * @return RSA
@ -74,6 +75,14 @@ public enum AsymmetricCryptoUtil {
        return rsa.getPublicKeyBase64();
    }
    /**
     * 获得私钥
     * @return String
     */
    public String getPrivateKey(){
        return rsa.getPrivateKeyBase64();
    }
    /**
     * RSA 加密数据
     * @param data 数据
--- a/opsli-base-support/opsli-core/src/test/java/RsaTest.java
+++ b/opsli-base-support/opsli-core/src/test/java/RsaTest.java
@ -3,8 +3,10 @@ import com.alibaba.fastjson.JSONObject;
 import com.google.common.collect.Maps;
 import lombok.Data;
 import org.junit.Test;
-import org.opsli.core.utils.AsymmetricCryptoUtil;
+import org.opsli.core.utils.EncryptAndDecryptByRsaUtil;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 /**
@ -18,7 +20,7 @@ public class RsaTest {
     */
    @Test
    public void getPublicKey(){
-        System.out.println(AsymmetricCryptoUtil.INSTANCE.getPublicKey());
+        System.out.println(EncryptAndDecryptByRsaUtil.INSTANCE.getPublicKey());
    }
@ -36,18 +38,24 @@ public class RsaTest {
 //        t1.setName( "张三");
 //        t1.setAge( 16);
        List<Integer> list = new ArrayList<>();
        list.add(1);
        list.add(2);
        list.add(111);
        Object parse = JSONObject.parse("{\"username\":\"demo\",\"password\":\"Aa123456\",\"captcha\":\"\",\"uuid\":\"0d3eea43edf19e4ed0e88aae8d56878046a5\"}");
        // 加密
-        String encryptedData = AsymmetricCryptoUtil.INSTANCE.encryptedData(parse);
+        String encryptedData = EncryptAndDecryptByRsaUtil.INSTANCE.encryptedData(list);
        System.out.println(encryptedData);
        // 解密
-        String decryptedData = AsymmetricCryptoUtil.INSTANCE.decryptedData(encryptedData);
+        String decryptedData = EncryptAndDecryptByRsaUtil.INSTANCE.decryptedData(encryptedData);
-        Object decryptedDataToObj = AsymmetricCryptoUtil.INSTANCE.decryptedDataToObj(encryptedData);
+        Object decryptedDataToObj = EncryptAndDecryptByRsaUtil.INSTANCE.decryptedDataToObj(encryptedData);
        System.out.println(decryptedData);
        // 解密
        List<Integer> integers = Convert.toList(Integer.class, decryptedDataToObj);
        //Map<String, Object> stringObjectMap = Convert.toMap(String.class, Object.class, decryptedData);
        //Map<String, Object> stringObjectMap = Convert.toMap(String.class, Object.class, decryptedDataToObj);
--- a/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/login/entity/LoginForm.java
+++ b/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/login/entity/LoginForm.java
@ -18,6 +18,7 @@ package org.opsli.modulars.system.login.entity;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 import org.opsli.api.base.encrypt.BaseEncrypt;
 import org.opsli.common.annotation.validation.ValidationArgs;
 import org.opsli.common.annotation.validation.ValidationArgsLenMax;
 import org.opsli.common.annotation.validation.ValidationArgsLenMin;
@ -31,7 +32,7 @@ import org.opsli.common.enums.ValiArgsType;
 */
@Data
@EqualsAndHashCode(callSuper = false)
-public class LoginForm {
+public class LoginForm extends BaseEncrypt {
    /** 用户名 */
    @ApiModelProperty(value = "用户名")
@ -52,7 +53,6 @@ public class LoginForm {
    /** UUID */
    @ApiModelProperty(value = "UUID")
    @ValidationArgs(ValiArgsType.IS_NOT_NULL)
    private String uuid;
 }
--- a/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/login/web/LoginRestController.java
+++ b/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/login/web/LoginRestController.java
@ -15,8 +15,6 @@
 */
 package org.opsli.modulars.system.login.web;
 import cn.hutool.core.convert.Convert;
 import com.alibaba.fastjson.JSONObject;
 import com.google.common.collect.Maps;
 import io.swagger.annotations.ApiOperation;
 import lombok.extern.slf4j.Slf4j;
@ -26,6 +24,7 @@ import org.opsli.api.base.result.ResultVo;
 import org.opsli.api.utils.ValidationUtil;
 import org.opsli.api.wrapper.system.tenant.TenantModel;
 import org.opsli.api.wrapper.system.user.UserModel;
 import org.opsli.common.annotation.InterfaceEncryptAndDecrypt;
 import org.opsli.common.annotation.Limiter;
 import org.opsli.common.api.TokenThreadLocal;
 import org.opsli.common.enums.AlertType;
@ -33,14 +32,13 @@ import org.opsli.common.exception.TokenException;
 import org.opsli.common.thread.refuse.AsyncProcessQueueReFuse;
 import org.opsli.common.utils.IPUtil;
 import org.opsli.common.utils.OutputStreamUtil;
 import org.opsli.core.aspect.InterfaceEncryptAndDecryptAop;
 import org.opsli.core.msg.TokenMsg;
 import org.opsli.core.security.shiro.realm.JwtRealm;
 import org.opsli.core.utils.*;
 import org.opsli.modulars.system.login.entity.LoginForm;
 import org.opsli.modulars.system.login.entity.LoginFormStr;
 import org.opsli.modulars.system.user.service.IUserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@ -67,41 +65,18 @@ import java.util.Map;
@RestController
 public class LoginRestController {
    /** 登录是否开启 RSA加密 */
    @Value("${opsli.login.login-rsa:false}")
    private boolean loginRsa;
    @Autowired
    private IUserService iUserService;
    /**
     * 登录 登录数据加密
     */
    @Limiter
    @InterfaceEncryptAndDecrypt(responseEncrypt = false)
    @ApiOperation(value = "登录", notes = "登录")
    @PostMapping("/sys/login")
-    public ResultVo<?> login(@RequestBody LoginFormStr formStr, HttpServletRequest request){
+    public ResultVo<?> login(@RequestBody LoginForm form, HttpServletRequest request){
        // 非空验证
        if(formStr == null || StringUtils.isBlank(formStr.getLoginFormStr())){
            throw new TokenException(TokenMsg.EXCEPTION_LOGIN_NULL);
        }
        LoginForm form;
        try{
            Object loginFromObj;
            if(loginRsa){
                loginFromObj = AsymmetricCryptoUtil.INSTANCE.decryptedDataToObj(formStr.getLoginFormStr());
            }else {
                loginFromObj = JSONObject.parse(formStr.getLoginFormStr());
            }
            form = Convert.convert(LoginForm.class, loginFromObj);
        }catch (Exception e){
            log.error("登录账号密码解析失败 - 解析值：["+formStr.getLoginFormStr()+"]",e.getMessage(), e);
            // 登录账号密码解析失败
            throw new TokenException(TokenMsg.EXCEPTION_LOGIN_DECRYPT);
        }
        // 非空验证
        if(form == null){
            throw new TokenException(TokenMsg.EXCEPTION_LOGIN_NULL);
@ -110,7 +85,6 @@ public class LoginRestController {
        // 验证登录对象
        ValidationUtil.verify(form);
        // 判断账号是否临时锁定
        UserTokenUtil.verifyLockAccount(form.getUsername());
@ -234,7 +208,7 @@ public class LoginRestController {
    public ResultVo<?> getPublicKey(){
        return ResultVo.success(
                "操作成功!",
-                AsymmetricCryptoUtil.INSTANCE.getPublicKey()
+                InterfaceEncryptAndDecryptAop.getRsaPublicKey()
        );
    }
--- a/opsli-starter/src/main/resources/application.yaml
+++ b/opsli-starter/src/main/resources/application.yaml
@ -203,6 +203,14 @@ opsli:
    # 失败锁定时间(秒)
    slip-lock-speed: 300
  #加解密
  encrypt-decrypt:
    # RSA 加密算法
    rsa:
      # 公钥
      public-key: "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCakyyq8rfkmKvKB2fz3hUeuD6tgParCmZmRc1OoL5EN+yXghQmDIrcZhewLZZLUpLQd3T3cRxKaW30nWNfoteNHgKjGYGu4+BZoyHZ8ltTmrolYGopiSwBMhO7kwAD4IK1PZHaoF2wPISH35ubbugykav7dTaWBDuNkvyBiv8qMQIDAQAB"
      # 私钥
      private-key: "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJqTLKryt+SYq8oHZ/PeFR64Pq2A9qsKZmZFzU6gvkQ37JeCFCYMitxmF7AtlktSktB3dPdxHEppbfSdY1+i140eAqMZga7j4FmjIdnyW1OauiVgaimJLAEyE7uTAAPggrU9kdqgXbA8hIffm5tu6DKRq/t1NpYEO42S/IGK/yoxAgMBAAECgYEAiWu+klwm0LxKPdpHuK7/58e1MVst8PHWB6aW2AhgHxX46NlkQE92RGsfNCnTLDPFAkCxZCrTE/SXJJmn9yY2qoS26OV0PbTGajk96M8lDi9JSmWCNV1eywPecObSyvtPd5jaPtq2jkgNY/hHJjH6kV7UAFZuaSK7jxskfq7uR2ECQQDPfmGjPiMc65+LE9U7jC4LokyUi1yCgN6AY5MgF6fkxUVJD2mtl9BqRK7qE0OnsRb0NzID3PSfa7aA2I0Rlsj/AkEAvrXUBQ6hfuEwD1896qpSJUr7tLidby/3jYwSoewuydDT2duDc2ZCz4/U/1NpxSxWT10ZZi2ExsFZn/3PDylczwJARA3oijkcHSUu69eybVh51bkCswnOasNHtwZxv+niWEdXhTH38EbFxcUHNaDh5MNRiwH7dobm+M7EShg8lJNHEwJAclRdU97OkFr9zeliHCGZd4P5XAFlWHfgJ7p2nR4Teqe3qZ6Aspj2qqpmnd7qxOrsn02H4YqeU+0sBs9I56T7XwJAAg8wHrh/FAPY96mAya0bpv6zm/7bave17vs+8B+fhBEHHuvetfv8Xi/RkXL0rjE4LaTHefoUbZPNbIhNYiN0CQ=="
  # Excel 最大操作数量 防止OOM
  excel-max-count: 20000