添加加密器配置.

orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/config/CryptoConfig.java

@@ -0,0 +1,23 @@
+package com.orion.ops.framework.security.config;
+
+import com.orion.ops.framework.security.core.crypto.aes.AesCryptoConfig;
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+/**
+ * 加密配置
+ *
+ * @author Jiahang Li
+ * @version 1.0.0
+ * @since 2023/7/8 0:01
+ */
+@Data
+@ConfigurationProperties("orion.crypto")
+public class CryptoConfig {
+
+    /**
+     * aes 加密器配置
+     */
+    private AesCryptoConfig aes;
+
+}

orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/config/OrionCryptoAutoConfiguration.java

@@ -0,0 +1,42 @@
+package com.orion.ops.framework.security.config;
+
+import com.orion.ops.framework.common.utils.CryptoUtils;
+import com.orion.ops.framework.security.core.crypto.ValueCrypto;
+import com.orion.ops.framework.security.core.crypto.aes.AesCryptoProcessor;
+import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Primary;
+
+import javax.annotation.Resource;
+
+/**
+ * 项目加密解密配置
+ *
+ * @author Jiahang Li
+ * @version 1.0.0
+ * @since 2023/7/7 23:59
+ */
+@AutoConfiguration
+@EnableConfigurationProperties(CryptoConfig.class)
+public class OrionCryptoAutoConfiguration {
+
+    @Resource
+    private CryptoConfig config;
+
+    /**
+     * @return aes 加密器
+     */
+    @Primary
+    @Bean(initMethod = "init")
+    @ConditionalOnProperty(value = "orion.crypto.aes.enabled", havingValue = "true")
+    public ValueCrypto aes() {
+        AesCryptoProcessor processor = new AesCryptoProcessor(config.getAes());
+        processor.init();
+        // 设置工具委托类 委托需要与 @Primary 相同, 否则会导致工具类和bean的结果不同
+        CryptoUtils.delegate = processor;
+        return processor;
+    }
+
+}

orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/CryptoConfig.java

@@ -0,0 +1,20 @@
+package com.orion.ops.framework.security.core.crypto;
+
+import lombok.Data;
+
+/**
+ * 加密配置
+ *
+ * @author Jiahang Li
+ * @version 1.0.0
+ * @since 2023/7/8 0:14
+ */
+@Data
+public class CryptoConfig {
+
+    /**
+     * 是否启用
+     */
+    protected boolean enabled;
+
+}

orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/CryptoProcessor.java

@@ -0,0 +1,33 @@
+package com.orion.ops.framework.security.core.crypto;
+
+/**
+ * 数据加密器
+ *
+ * @author Jiahang Li
+ * @version 1.0.0
+ * @since 2023/7/7 22:48
+ */
+public abstract class CryptoProcessor<Config extends CryptoConfig> implements ValueCrypto {
+
+    protected final Config config;
+
+    protected CryptoProcessor(Config config) {
+        this.config = config;
+    }
+
+    /**
+     * 初始化秘钥
+     */
+    protected abstract void initSecretKey();
+
+    /**
+     * 初始化参数规格
+     */
+    protected abstract void initParamSpec();
+
+    /**
+     * 构建加密器
+     */
+    protected abstract void builderCrypto();
+
+}

orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/ValueCrypto.java

@@ -0,0 +1,19 @@
+package com.orion.ops.framework.security.core.crypto;
+
+import com.orion.lang.utils.crypto.symmetric.SymmetricCrypto;
+
+/**
+ * 数据加密器
+ *
+ * @author Jiahang Li
+ * @version 1.0.0
+ * @since 2023/7/8 0:20
+ */
+public interface ValueCrypto extends SymmetricCrypto {
+
+    /**
+     * 初始化
+     */
+    void init();
+
+}

orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/aes/AesCryptoConfig.java

@@ -0,0 +1,62 @@
+package com.orion.ops.framework.security.core.crypto.aes;
+
+import com.orion.lang.utils.crypto.CryptoConst;
+import com.orion.lang.utils.crypto.enums.PaddingMode;
+import com.orion.lang.utils.crypto.enums.WorkingMode;
+import com.orion.ops.framework.security.core.crypto.CryptoConfig;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+/**
+ * aes 加密器配置
+ *
+ * @author Jiahang Li
+ * @version 1.0.0
+ * @since 2023/7/7 22:22
+ */
+@Data
+@EqualsAndHashCode(callSuper = true)
+public class AesCryptoConfig extends CryptoConfig {
+
+    /**
+     * 加密模式
+     */
+    private WorkingMode workingMode = WorkingMode.ECB;
+
+    /**
+     * 填充模式
+     */
+    private PaddingMode paddingMode = PaddingMode.PKCS5_PADDING;
+
+    /**
+     * 加密秘钥
+     */
+    private String secretKey;
+
+    /**
+     * 是否生成秘钥
+     */
+    private boolean useGeneratorKey = true;
+
+    /**
+     * 生成的秘钥长度 128 192 256bytes
+     */
+    private int generatorKeyLength = CryptoConst.AES_KEY_LENGTH;
+
+    /**
+     * 向量 长度为 16bytes
+     * 除 ECB/GCM 外的工作模式
+     */
+    private String iv;
+
+    /**
+     * GCM 模式参数 长度为 96 104 112 120 128bytes
+     */
+    private String gcm;
+
+    /**
+     * GCM 模式 aad
+     */
+    private String aad;
+
+}

orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/crypto/aes/AesCryptoProcessor.java

@@ -0,0 +1,106 @@
+package com.orion.ops.framework.security.core.crypto.aes;
+
+import com.orion.lang.utils.Strings;
+import com.orion.lang.utils.crypto.Keys;
+import com.orion.lang.utils.crypto.enums.CipherAlgorithm;
+import com.orion.lang.utils.crypto.enums.WorkingMode;
+import com.orion.lang.utils.crypto.symmetric.SymmetricBuilder;
+import com.orion.lang.utils.crypto.symmetric.SymmetricCrypto;
+import com.orion.ops.framework.security.core.crypto.CryptoProcessor;
+
+import javax.crypto.SecretKey;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * aes 加密器
+ *
+ * @author Jiahang Li
+ * @version 1.0.0
+ * @since 2023/7/8 0:05
+ */
+public class AesCryptoProcessor extends CryptoProcessor<AesCryptoConfig> {
+
+    /**
+     * 加密器
+     */
+    private SymmetricCrypto crypto;
+
+    /**
+     * 加密器构建器
+     */
+    private SymmetricBuilder builder;
+
+    public AesCryptoProcessor(AesCryptoConfig config) {
+        super(config);
+    }
+
+    @Override
+    public void init() {
+        // 创建构建器
+        this.builder = SymmetricBuilder.aes()
+                .workingMode(config.getWorkingMode())
+                .paddingMode(config.getPaddingMode());
+        // 初始化秘钥
+        this.initSecretKey();
+        // 初始化参数规格
+        this.initParamSpec();
+        // 创建加密器
+        this.builderCrypto();
+    }
+
+    @Override
+    protected void initSecretKey() {
+        SecretKey secretKey;
+        if (config.isUseGeneratorKey()) {
+            // 生成秘钥
+            secretKey = Keys.generatorKey(config.getSecretKey(), config.getGeneratorKeyLength(), CipherAlgorithm.AES);
+        } else {
+            // 获取秘钥
+            secretKey = Keys.getSecretKey(config.getSecretKey(), CipherAlgorithm.AES);
+        }
+        builder.secretKey(secretKey);
+    }
+
+    @Override
+    protected void initParamSpec() {
+        String iv = config.getIv();
+        String gcm = config.getGcm();
+        if (!Strings.isEmpty(iv)) {
+            // 向量
+            AlgorithmParameterSpec ivSpec = Keys.getIvSpec(CipherAlgorithm.AES, Strings.bytes(iv));
+            builder.paramSpec(ivSpec);
+        } else if (!Strings.isEmpty(gcm)) {
+            // gcm
+            AlgorithmParameterSpec gcmSpec = Keys.getGcmSpec(CipherAlgorithm.AES, Strings.bytes(gcm));
+            builder.paramSpec(gcmSpec);
+        }
+    }
+
+    @Override
+    protected void builderCrypto() {
+        // 设置 aad
+        String aad = config.getAad();
+        if (!Strings.isEmpty(aad)) {
+            builder.aad(aad);
+        }
+        // 构建加密器
+        if (WorkingMode.ECB.equals(config.getWorkingMode())) {
+            // 无参数 ECB 模式
+            this.crypto = builder.buildEcb();
+        } else {
+            // 有参数规格模式
+            this.crypto = builder.buildParam();
+        }
+    }
+
+    @Override
+    public byte[] encrypt(byte[] plain) {
+        return crypto.encrypt(plain);
+    }
+
+    @Override
+    public byte[] decrypt(byte[] text) {
+        return crypto.decrypt(text);
+    }
+
+}

orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/resources/META-INF/spring-configuration-metadata.json

@@ -4,6 +4,16 @@
       "name": "orion.security",
       "type": "com.orion.ops.framework.security.config.SecurityConfig",
       "sourceType": "com.orion.ops.framework.security.config.SecurityConfig"
+    },
+    {
+      "name": "orion.crypto",
+      "type": "com.orion.ops.framework.security.config.CryptoConfig",
+      "sourceType": "com.orion.ops.framework.security.config.CryptoConfig"
+    },
+    {
+      "name": "orion.crypto.aes",
+      "type": "com.orion.ops.framework.security.core.crypto.aes.AesCryptoConfig",
+      "sourceType": "com.orion.ops.framework.security.core.crypto.aes.AesCryptoConfig"
     }
   ],
   "properties": [
@@ -17,6 +27,56 @@
       "name": "orion.security.permit-url",
       "type": "java.util.List",
       "description": "匿名接口."
+    },
+    {
+      "name": "orion.crypto.aes.enabled",
+      "type": "java.lang.Boolean",
+      "description": "是否启用.",
+      "defaultValue": "false"
+    },
+    {
+      "name": "orion.crypto.aes.working-mode",
+      "type": "com.orion.lang.utils.crypto.enums.WorkingMode",
+      "description": "加密模式.",
+      "defaultValue": "ECB"
+    },
+    {
+      "name": "orion.crypto.aes.padding-mode",
+      "type": "com.orion.lang.utils.crypto.enums.PaddingMode",
+      "description": "填充模式.",
+      "defaultValue": "PKCS5_PADDING"
+    },
+    {
+      "name": "orion.crypto.aes.secret-key",
+      "type": "java.lang.String",
+      "description": "加密秘钥."
+    },
+    {
+      "name": "orion.crypto.aes.use-generator-key",
+      "type": "java.lang.Boolean",
+      "description": "是否生成秘钥.",
+      "defaultValue": "true"
+    },
+    {
+      "name": "orion.crypto.aes.generator-key-length",
+      "type": "java.lang.Integer",
+      "description": "生成的秘钥长度 128 192 256bytes.",
+      "defaultValue": "128"
+    },
+    {
+      "name": "orion.crypto.aes.iv",
+      "type": "java.lang.String",
+      "description": "向量 长度为 16bytes."
+    },
+    {
+      "name": "orion.crypto.aes.gcm",
+      "type": "java.lang.String",
+      "description": "GCM 模式参数 长度为 96 104 112 120 128bytes."
+    },
+    {
+      "name": "orion.crypto.aes.aad",
+      "type": "java.lang.String",
+      "description": "GCM 模式 aad."
     }
   ]
 }

orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports

@@ -1 +1,2 @@
-com.orion.ops.framework.security.config.OrionSecurityAutoConfiguration
+com.orion.ops.framework.security.config.OrionSecurityAutoConfiguration
+com.orion.ops.framework.security.config.OrionCryptoAutoConfiguration

orion-ops-launch/src/main/resources/application-prod.yaml

@@ -36,3 +36,13 @@ knife4j:
 logging:
   printer:
     mode: ROW
+
+orion:
+  crypto:
+    aes:
+      enabled: true
+      working-mode: ECB
+      padding-mode: PKCS5_PADDING
+      # 加密秘钥
+      secret-key: uQeacXV8b3isvKLK
+      generator-key: true

orion-ops-launch/src/main/resources/application.yaml

@@ -133,7 +133,7 @@ orion:
     cors: true
   swagger:
     title: orion-ops-pro 运维平台
-    description: 一站式提供运维功能
+    description: 一站式运维服务平台
     version: ${orion.version}
     url: https://github.com/lijiahangmax/orion-ops-pro
     email: ljh1553488six@139.com
@@ -141,10 +141,22 @@ orion:
     license-url: https://github.com/lijiahangmax/orion-ops-pro/blob/main/LICENSE
   storage:
     local:
-      nameAppendTraceId: true
+      enabled: true
-      storagePath: ${user.home}
+      name-append-trace-id: true
-      basePath: /orion/storage/orion-ops-pro
+      storage-path: ${user.home}
+      base-path: /orion/storage/orion-ops-pro
   security:
     password-encoder-length: 4
     # 匿名接口
     permit-url:
+      - ${orion.api.prefix}/server/bootstrap/health
+  crypto:
+    # aes加密器
+    aes:
+      enabled: true
+      working-mode: ECB
+      padding-mode: PKCS5_PADDING
+      # 加密秘钥
+      secret-key: I66AndrKWrwXjtBL
+      use-generator-key: true
+      generator-key-length: 128