diff --git a/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/config/CryptoConfig.java b/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/config/CryptoConfig.java new file mode 100644 index 00000000..08e49663 --- /dev/null +++ b/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/config/CryptoConfig.java @@ -0,0 +1,23 @@ +package com.orion.ops.framework.security.config; + +import com.orion.ops.framework.security.core.crypto.aes.AesCryptoConfig; +import lombok.Data; +import org.springframework.boot.context.properties.ConfigurationProperties; + +/** + * 加密配置 + * + * @author Jiahang Li + * @version 1.0.0 + * @since 2023/7/8 0:01 + */ +@Data +@ConfigurationProperties("orion.crypto") +public class CryptoConfig { + + /** + * aes 加密器配置 + */ + private AesCryptoConfig aes; + +} diff --git a/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/config/OrionCryptoAutoConfiguration.java b/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/config/OrionCryptoAutoConfiguration.java new file mode 100644 index 00000000..19ff0856 --- /dev/null +++ b/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/config/OrionCryptoAutoConfiguration.java @@ -0,0 +1,42 @@ +package com.orion.ops.framework.security.config; + +import com.orion.ops.framework.common.utils.CryptoUtils; +import com.orion.ops.framework.security.core.crypto.ValueCrypto; +import com.orion.ops.framework.security.core.crypto.aes.AesCryptoProcessor; +import org.springframework.boot.autoconfigure.AutoConfiguration; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; +import org.springframework.boot.context.properties.EnableConfigurationProperties; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Primary; + +import javax.annotation.Resource; + +/** + * 项目加密解密配置 + * + * @author Jiahang Li + * @version 1.0.0 + * @since 2023/7/7 23:59 + */ +@AutoConfiguration +@EnableConfigurationProperties(CryptoConfig.class) +public class OrionCryptoAutoConfiguration { + + @Resource + private CryptoConfig config; + + /** + * @return aes 加密器 + */ + @Primary + @Bean(initMethod = "init") + @ConditionalOnProperty(value = "orion.crypto.aes.enabled", havingValue = "true") + public ValueCrypto aes() { + AesCryptoProcessor processor = new AesCryptoProcessor(config.getAes()); + processor.init(); + // 设置工具委托类 委托需要与 @Primary 相同, 否则会导致工具类和bean的结果不同 + CryptoUtils.delegate = processor; + return processor; + } + +} diff --git a/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/CryptoConfig.java b/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/CryptoConfig.java new file mode 100644 index 00000000..c15a2f2b --- /dev/null +++ b/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/CryptoConfig.java @@ -0,0 +1,20 @@ +package com.orion.ops.framework.security.core.crypto; + +import lombok.Data; + +/** + * 加密配置 + * + * @author Jiahang Li + * @version 1.0.0 + * @since 2023/7/8 0:14 + */ +@Data +public class CryptoConfig { + + /** + * 是否启用 + */ + protected boolean enabled; + +} diff --git a/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/CryptoProcessor.java b/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/CryptoProcessor.java new file mode 100644 index 00000000..d935c594 --- /dev/null +++ b/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/CryptoProcessor.java @@ -0,0 +1,33 @@ +package com.orion.ops.framework.security.core.crypto; + +/** + * 数据加密器 + * + * @author Jiahang Li + * @version 1.0.0 + * @since 2023/7/7 22:48 + */ +public abstract class CryptoProcessor implements ValueCrypto { + + protected final Config config; + + protected CryptoProcessor(Config config) { + this.config = config; + } + + /** + * 初始化秘钥 + */ + protected abstract void initSecretKey(); + + /** + * 初始化参数规格 + */ + protected abstract void initParamSpec(); + + /** + * 构建加密器 + */ + protected abstract void builderCrypto(); + +} diff --git a/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/ValueCrypto.java b/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/ValueCrypto.java new file mode 100644 index 00000000..883d4565 --- /dev/null +++ b/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/ValueCrypto.java @@ -0,0 +1,19 @@ +package com.orion.ops.framework.security.core.crypto; + +import com.orion.lang.utils.crypto.symmetric.SymmetricCrypto; + +/** + * 数据加密器 + * + * @author Jiahang Li + * @version 1.0.0 + * @since 2023/7/8 0:20 + */ +public interface ValueCrypto extends SymmetricCrypto { + + /** + * 初始化 + */ + void init(); + +} diff --git a/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/aes/AesCryptoConfig.java b/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/aes/AesCryptoConfig.java new file mode 100644 index 00000000..2428fb59 --- /dev/null +++ b/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/aes/AesCryptoConfig.java @@ -0,0 +1,62 @@ +package com.orion.ops.framework.security.core.crypto.aes; + +import com.orion.lang.utils.crypto.CryptoConst; +import com.orion.lang.utils.crypto.enums.PaddingMode; +import com.orion.lang.utils.crypto.enums.WorkingMode; +import com.orion.ops.framework.security.core.crypto.CryptoConfig; +import lombok.Data; +import lombok.EqualsAndHashCode; + +/** + * aes 加密器配置 + * + * @author Jiahang Li + * @version 1.0.0 + * @since 2023/7/7 22:22 + */ +@Data +@EqualsAndHashCode(callSuper = true) +public class AesCryptoConfig extends CryptoConfig { + + /** + * 加密模式 + */ + private WorkingMode workingMode = WorkingMode.ECB; + + /** + * 填充模式 + */ + private PaddingMode paddingMode = PaddingMode.PKCS5_PADDING; + + /** + * 加密秘钥 + */ + private String secretKey; + + /** + * 是否生成秘钥 + */ + private boolean useGeneratorKey = true; + + /** + * 生成的秘钥长度 128 192 256bytes + */ + private int generatorKeyLength = CryptoConst.AES_KEY_LENGTH; + + /** + * 向量 长度为 16bytes + * 除 ECB/GCM 外的工作模式 + */ + private String iv; + + /** + * GCM 模式参数 长度为 96 104 112 120 128bytes + */ + private String gcm; + + /** + * GCM 模式 aad + */ + private String aad; + +} diff --git a/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/aes/AesCryptoProcessor.java b/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/aes/AesCryptoProcessor.java new file mode 100644 index 00000000..f9ca7d85 --- /dev/null +++ b/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/aes/AesCryptoProcessor.java @@ -0,0 +1,106 @@ +package com.orion.ops.framework.security.core.crypto.aes; + +import com.orion.lang.utils.Strings; +import com.orion.lang.utils.crypto.Keys; +import com.orion.lang.utils.crypto.enums.CipherAlgorithm; +import com.orion.lang.utils.crypto.enums.WorkingMode; +import com.orion.lang.utils.crypto.symmetric.SymmetricBuilder; +import com.orion.lang.utils.crypto.symmetric.SymmetricCrypto; +import com.orion.ops.framework.security.core.crypto.CryptoProcessor; + +import javax.crypto.SecretKey; +import java.security.spec.AlgorithmParameterSpec; + +/** + * aes 加密器 + * + * @author Jiahang Li + * @version 1.0.0 + * @since 2023/7/8 0:05 + */ +public class AesCryptoProcessor extends CryptoProcessor { + + /** + * 加密器 + */ + private SymmetricCrypto crypto; + + /** + * 加密器构建器 + */ + private SymmetricBuilder builder; + + public AesCryptoProcessor(AesCryptoConfig config) { + super(config); + } + + @Override + public void init() { + // 创建构建器 + this.builder = SymmetricBuilder.aes() + .workingMode(config.getWorkingMode()) + .paddingMode(config.getPaddingMode()); + // 初始化秘钥 + this.initSecretKey(); + // 初始化参数规格 + this.initParamSpec(); + // 创建加密器 + this.builderCrypto(); + } + + @Override + protected void initSecretKey() { + SecretKey secretKey; + if (config.isUseGeneratorKey()) { + // 生成秘钥 + secretKey = Keys.generatorKey(config.getSecretKey(), config.getGeneratorKeyLength(), CipherAlgorithm.AES); + } else { + // 获取秘钥 + secretKey = Keys.getSecretKey(config.getSecretKey(), CipherAlgorithm.AES); + } + builder.secretKey(secretKey); + } + + @Override + protected void initParamSpec() { + String iv = config.getIv(); + String gcm = config.getGcm(); + if (!Strings.isEmpty(iv)) { + // 向量 + AlgorithmParameterSpec ivSpec = Keys.getIvSpec(CipherAlgorithm.AES, Strings.bytes(iv)); + builder.paramSpec(ivSpec); + } else if (!Strings.isEmpty(gcm)) { + // gcm + AlgorithmParameterSpec gcmSpec = Keys.getGcmSpec(CipherAlgorithm.AES, Strings.bytes(gcm)); + builder.paramSpec(gcmSpec); + } + } + + @Override + protected void builderCrypto() { + // 设置 aad + String aad = config.getAad(); + if (!Strings.isEmpty(aad)) { + builder.aad(aad); + } + // 构建加密器 + if (WorkingMode.ECB.equals(config.getWorkingMode())) { + // 无参数 ECB 模式 + this.crypto = builder.buildEcb(); + } else { + // 有参数规格模式 + this.crypto = builder.buildParam(); + } + } + + @Override + public byte[] encrypt(byte[] plain) { + return crypto.encrypt(plain); + } + + @Override + public byte[] decrypt(byte[] text) { + return crypto.decrypt(text); + } + +} diff --git a/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/resources/META-INF/spring-configuration-metadata.json b/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/resources/META-INF/spring-configuration-metadata.json index a82ef10d..1be76a84 100644 --- a/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/resources/META-INF/spring-configuration-metadata.json +++ b/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/resources/META-INF/spring-configuration-metadata.json @@ -4,6 +4,16 @@ "name": "orion.security", "type": "com.orion.ops.framework.security.config.SecurityConfig", "sourceType": "com.orion.ops.framework.security.config.SecurityConfig" + }, + { + "name": "orion.crypto", + "type": "com.orion.ops.framework.security.config.CryptoConfig", + "sourceType": "com.orion.ops.framework.security.config.CryptoConfig" + }, + { + "name": "orion.crypto.aes", + "type": "com.orion.ops.framework.security.core.crypto.aes.AesCryptoConfig", + "sourceType": "com.orion.ops.framework.security.core.crypto.aes.AesCryptoConfig" } ], "properties": [ @@ -17,6 +27,56 @@ "name": "orion.security.permit-url", "type": "java.util.List", "description": "匿名接口." + }, + { + "name": "orion.crypto.aes.enabled", + "type": "java.lang.Boolean", + "description": "是否启用.", + "defaultValue": "false" + }, + { + "name": "orion.crypto.aes.working-mode", + "type": "com.orion.lang.utils.crypto.enums.WorkingMode", + "description": "加密模式.", + "defaultValue": "ECB" + }, + { + "name": "orion.crypto.aes.padding-mode", + "type": "com.orion.lang.utils.crypto.enums.PaddingMode", + "description": "填充模式.", + "defaultValue": "PKCS5_PADDING" + }, + { + "name": "orion.crypto.aes.secret-key", + "type": "java.lang.String", + "description": "加密秘钥." + }, + { + "name": "orion.crypto.aes.use-generator-key", + "type": "java.lang.Boolean", + "description": "是否生成秘钥.", + "defaultValue": "true" + }, + { + "name": "orion.crypto.aes.generator-key-length", + "type": "java.lang.Integer", + "description": "生成的秘钥长度 128 192 256bytes.", + "defaultValue": "128" + }, + { + "name": "orion.crypto.aes.iv", + "type": "java.lang.String", + "description": "向量 长度为 16bytes." + }, + { + "name": "orion.crypto.aes.gcm", + "type": "java.lang.String", + "description": "GCM 模式参数 长度为 96 104 112 120 128bytes." + }, + { + "name": "orion.crypto.aes.aad", + "type": "java.lang.String", + "description": "GCM 模式 aad." } ] } \ No newline at end of file diff --git a/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports index 023efb97..9fc64f7b 100644 --- a/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports +++ b/orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports @@ -1 +1,2 @@ -com.orion.ops.framework.security.config.OrionSecurityAutoConfiguration \ No newline at end of file +com.orion.ops.framework.security.config.OrionSecurityAutoConfiguration +com.orion.ops.framework.security.config.OrionCryptoAutoConfiguration \ No newline at end of file diff --git a/orion-ops-launch/src/main/resources/application-prod.yaml b/orion-ops-launch/src/main/resources/application-prod.yaml index f0b27f9c..2c8700a9 100644 --- a/orion-ops-launch/src/main/resources/application-prod.yaml +++ b/orion-ops-launch/src/main/resources/application-prod.yaml @@ -36,3 +36,13 @@ knife4j: logging: printer: mode: ROW + +orion: + crypto: + aes: + enabled: true + working-mode: ECB + padding-mode: PKCS5_PADDING + # 加密秘钥 + secret-key: uQeacXV8b3isvKLK + generator-key: true diff --git a/orion-ops-launch/src/main/resources/application.yaml b/orion-ops-launch/src/main/resources/application.yaml index e2169be5..feca6a35 100644 --- a/orion-ops-launch/src/main/resources/application.yaml +++ b/orion-ops-launch/src/main/resources/application.yaml @@ -133,7 +133,7 @@ orion: cors: true swagger: title: orion-ops-pro 运维平台 - description: 一站式提供运维功能 + description: 一站式运维服务平台 version: ${orion.version} url: https://github.com/lijiahangmax/orion-ops-pro email: ljh1553488six@139.com @@ -141,10 +141,22 @@ orion: license-url: https://github.com/lijiahangmax/orion-ops-pro/blob/main/LICENSE storage: local: - nameAppendTraceId: true - storagePath: ${user.home} - basePath: /orion/storage/orion-ops-pro + enabled: true + name-append-trace-id: true + storage-path: ${user.home} + base-path: /orion/storage/orion-ops-pro security: password-encoder-length: 4 # 匿名接口 permit-url: + - ${orion.api.prefix}/server/bootstrap/health + crypto: + # aes加密器 + aes: + enabled: true + working-mode: ECB + padding-mode: PKCS5_PADDING + # 加密秘钥 + secret-key: I66AndrKWrwXjtBL + use-generator-key: true + generator-key-length: 128