manager/orion-visor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

添加加密器配置.

Browse Source
This commit is contained in:
lijiahang
2023-07-08 02:11:30 +08:00
parent b417503a9e
commit 58c6a30f7c
11 changed files with 393 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/config/CryptoConfig.java Normal file
View File

@@ -0,0 +1,23 @@
package com.orion.ops.framework.security.config;
import com.orion.ops.framework.security.core.crypto.aes.AesCryptoConfig;
import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
/**
* 加密配置
*
* @author Jiahang Li
* @version 1.0.0
* @since 2023/7/8 0:01
*/
@Data
@ConfigurationProperties("orion.crypto")
public class CryptoConfig {
/**
* aes 加密器配置
*/
private AesCryptoConfig aes;
}

42
orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/config/OrionCryptoAutoConfiguration.java Normal file
View File

@@ -0,0 +1,42 @@
package com.orion.ops.framework.security.config;
import com.orion.ops.framework.common.utils.CryptoUtils;
import com.orion.ops.framework.security.core.crypto.ValueCrypto;
import com.orion.ops.framework.security.core.crypto.aes.AesCryptoProcessor;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Primary;
import javax.annotation.Resource;
/**
* 项目加密解密配置
*
* @author Jiahang Li
* @version 1.0.0
* @since 2023/7/7 23:59
*/
@AutoConfiguration
@EnableConfigurationProperties(CryptoConfig.class)
public class OrionCryptoAutoConfiguration {
@Resource
private CryptoConfig config;
/**
* @return aes 加密器
*/
@Primary
@Bean(initMethod = "init")
@ConditionalOnProperty(value = "orion.crypto.aes.enabled", havingValue = "true")
public ValueCrypto aes() {
AesCryptoProcessor processor = new AesCryptoProcessor(config.getAes());
processor.init();
// 设置工具委托类 委托需要与 @Primary 相同, 否则会导致工具类和bean的结果不同
CryptoUtils.delegate = processor;
return processor;
}
}

20
orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/CryptoConfig.java Normal file
View File

@@ -0,0 +1,20 @@
package com.orion.ops.framework.security.core.crypto;
import lombok.Data;
/**
* 加密配置
*
* @author Jiahang Li
* @version 1.0.0
* @since 2023/7/8 0:14
*/
@Data
public class CryptoConfig {
/**
* 是否启用
*/
protected boolean enabled;
}

33
orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/CryptoProcessor.java Normal file
View File

@@ -0,0 +1,33 @@
package com.orion.ops.framework.security.core.crypto;
/**
* 数据加密器
*
* @author Jiahang Li
* @version 1.0.0
* @since 2023/7/7 22:48
*/
public abstract class CryptoProcessor<Config extends CryptoConfig> implements ValueCrypto {
protected final Config config;
protected CryptoProcessor(Config config) {
this.config = config;
}
/**
* 初始化秘钥
*/
protected abstract void initSecretKey();
/**
* 初始化参数规格
*/
protected abstract void initParamSpec();
/**
* 构建加密器
*/
protected abstract void builderCrypto();
}

19
orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/ValueCrypto.java Normal file
View File

@@ -0,0 +1,19 @@
package com.orion.ops.framework.security.core.crypto;
import com.orion.lang.utils.crypto.symmetric.SymmetricCrypto;
/**
* 数据加密器
*
* @author Jiahang Li
* @version 1.0.0
* @since 2023/7/8 0:20
*/
public interface ValueCrypto extends SymmetricCrypto {
/**
* 初始化
*/
void init();
}

62
orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/aes/AesCryptoConfig.java Normal file
View File

@@ -0,0 +1,62 @@
package com.orion.ops.framework.security.core.crypto.aes;
import com.orion.lang.utils.crypto.CryptoConst;
import com.orion.lang.utils.crypto.enums.PaddingMode;
import com.orion.lang.utils.crypto.enums.WorkingMode;
import com.orion.ops.framework.security.core.crypto.CryptoConfig;
import lombok.Data;
import lombok.EqualsAndHashCode;
/**
* aes 加密器配置
*
* @author Jiahang Li
* @version 1.0.0
* @since 2023/7/7 22:22
*/
@Data
@EqualsAndHashCode(callSuper = true)
public class AesCryptoConfig extends CryptoConfig {
/**
* 加密模式
*/
private WorkingMode workingMode = WorkingMode.ECB;
/**
* 填充模式
*/
private PaddingMode paddingMode = PaddingMode.PKCS5_PADDING;
/**
* 加密秘钥
*/
private String secretKey;
/**
* 是否生成秘钥
*/
private boolean useGeneratorKey = true;
/**
* 生成的秘钥长度 128 192 256bytes
*/
private int generatorKeyLength = CryptoConst.AES_KEY_LENGTH;
/**
* 向量 长度为 16bytes
* 除 ECB/GCM 外的工作模式
*/
private String iv;
/**
* GCM 模式参数 长度为 96 104 112 120 128bytes
*/
private String gcm;
/**
* GCM 模式 aad
*/
private String aad;
}

106
orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/aes/AesCryptoProcessor.java Normal file
View File

@@ -0,0 +1,106 @@
package com.orion.ops.framework.security.core.crypto.aes;
import com.orion.lang.utils.Strings;
import com.orion.lang.utils.crypto.Keys;
import com.orion.lang.utils.crypto.enums.CipherAlgorithm;
import com.orion.lang.utils.crypto.enums.WorkingMode;
import com.orion.lang.utils.crypto.symmetric.SymmetricBuilder;
import com.orion.lang.utils.crypto.symmetric.SymmetricCrypto;
import com.orion.ops.framework.security.core.crypto.CryptoProcessor;
import javax.crypto.SecretKey;
import java.security.spec.AlgorithmParameterSpec;
/**
* aes 加密器
*
* @author Jiahang Li
* @version 1.0.0
* @since 2023/7/8 0:05
*/
public class AesCryptoProcessor extends CryptoProcessor<AesCryptoConfig> {
/**
* 加密器
*/
private SymmetricCrypto crypto;
/**
* 加密器构建器
*/
private SymmetricBuilder builder;
public AesCryptoProcessor(AesCryptoConfig config) {
super(config);
}
@Override
public void init() {
// 创建构建器
this.builder = SymmetricBuilder.aes()
.workingMode(config.getWorkingMode())
.paddingMode(config.getPaddingMode());
// 初始化秘钥
this.initSecretKey();
// 初始化参数规格
this.initParamSpec();
// 创建加密器
this.builderCrypto();
}
@Override
protected void initSecretKey() {
SecretKey secretKey;
if (config.isUseGeneratorKey()) {
// 生成秘钥
secretKey = Keys.generatorKey(config.getSecretKey(), config.getGeneratorKeyLength(), CipherAlgorithm.AES);
} else {
// 获取秘钥
secretKey = Keys.getSecretKey(config.getSecretKey(), CipherAlgorithm.AES);
}
builder.secretKey(secretKey);
}
@Override
protected void initParamSpec() {
String iv = config.getIv();
String gcm = config.getGcm();
if (!Strings.isEmpty(iv)) {
// 向量
AlgorithmParameterSpec ivSpec = Keys.getIvSpec(CipherAlgorithm.AES, Strings.bytes(iv));
builder.paramSpec(ivSpec);
} else if (!Strings.isEmpty(gcm)) {
// gcm
AlgorithmParameterSpec gcmSpec = Keys.getGcmSpec(CipherAlgorithm.AES, Strings.bytes(gcm));
builder.paramSpec(gcmSpec);
}
}
@Override
protected void builderCrypto() {
// 设置 aad
String aad = config.getAad();
if (!Strings.isEmpty(aad)) {
builder.aad(aad);
}
// 构建加密器
if (WorkingMode.ECB.equals(config.getWorkingMode())) {
// 无参数 ECB 模式
this.crypto = builder.buildEcb();
} else {
// 有参数规格模式
this.crypto = builder.buildParam();
}
}
@Override
public byte[] encrypt(byte[] plain) {
return crypto.encrypt(plain);
}
@Override
public byte[] decrypt(byte[] text) {
return crypto.decrypt(text);
}
}

60
orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/resources/META-INF/spring-configuration-metadata.json
View File

@@ -4,6 +4,16 @@
"name": "orion.security",
"type": "com.orion.ops.framework.security.config.SecurityConfig",
"sourceType": "com.orion.ops.framework.security.config.SecurityConfig"
},
{
"name": "orion.crypto",
"type": "com.orion.ops.framework.security.config.CryptoConfig",
"sourceType": "com.orion.ops.framework.security.config.CryptoConfig"
},
{
"name": "orion.crypto.aes",
"type": "com.orion.ops.framework.security.core.crypto.aes.AesCryptoConfig",
"sourceType": "com.orion.ops.framework.security.core.crypto.aes.AesCryptoConfig"
}
],
"properties": [
@@ -17,6 +27,56 @@
"name": "orion.security.permit-url",
"type": "java.util.List",
"description": "匿名接口."
},
{
"name": "orion.crypto.aes.enabled",
"type": "java.lang.Boolean",
"description": "是否启用.",
"defaultValue": "false"
},
{
"name": "orion.crypto.aes.working-mode",
"type": "com.orion.lang.utils.crypto.enums.WorkingMode",
"description": "加密模式.",
"defaultValue": "ECB"
},
{
"name": "orion.crypto.aes.padding-mode",
"type": "com.orion.lang.utils.crypto.enums.PaddingMode",
"description": "填充模式.",
"defaultValue": "PKCS5_PADDING"
},
{
"name": "orion.crypto.aes.secret-key",
"type": "java.lang.String",
"description": "加密秘钥."
},
{
"name": "orion.crypto.aes.use-generator-key",
"type": "java.lang.Boolean",
"description": "是否生成秘钥.",
"defaultValue": "true"
},
{
"name": "orion.crypto.aes.generator-key-length",
"type": "java.lang.Integer",
"description": "生成的秘钥长度 128 192 256bytes.",
"defaultValue": "128"
},
{
"name": "orion.crypto.aes.iv",
"type": "java.lang.String",
"description": "向量 长度为 16bytes."
},
{
"name": "orion.crypto.aes.gcm",
"type": "java.lang.String",
"description": "GCM 模式参数 长度为 96 104 112 120 128bytes."
},
{
"name": "orion.crypto.aes.aad",
"type": "java.lang.String",
"description": "GCM 模式 aad."
}
]
}

3
orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
View File

@@ -1 +1,2 @@
com.orion.ops.framework.security.config.OrionSecurityAutoConfiguration
com.orion.ops.framework.security.config.OrionSecurityAutoConfiguration
com.orion.ops.framework.security.config.OrionCryptoAutoConfiguration

10
orion-ops-launch/src/main/resources/application-prod.yaml
View File

@@ -36,3 +36,13 @@ knife4j:
logging:
printer:
mode: ROW
orion:
crypto:
aes:
enabled: true
working-mode: ECB
padding-mode: PKCS5_PADDING
# 加密秘钥
secret-key: uQeacXV8b3isvKLK
generator-key: true

20
orion-ops-launch/src/main/resources/application.yaml
View File

@@ -133,7 +133,7 @@ orion:
cors: true
swagger:
title: orion-ops-pro 运维平台
description: 一站式提供运维功能
description: 一站式运维服务平台
version: ${orion.version}
url: https://github.com/lijiahangmax/orion-ops-pro
email: ljh1553488six@139.com
@@ -141,10 +141,22 @@ orion:
license-url: https://github.com/lijiahangmax/orion-ops-pro/blob/main/LICENSE
storage:
local:
nameAppendTraceId: true
storagePath: ${user.home}
basePath: /orion/storage/orion-ops-pro
enabled: true
name-append-trace-id: true
storage-path: ${user.home}
base-path: /orion/storage/orion-ops-pro
security:
password-encoder-length: 4
# 匿名接口
permit-url:
- ${orion.api.prefix}/server/bootstrap/health
crypto:
# aes加密器
aes:
enabled: true
working-mode: ECB
padding-mode: PKCS5_PADDING
# 加密秘钥
secret-key: I66AndrKWrwXjtBL
use-generator-key: true
generator-key-length: 128