update:加密解密改为AES加密

2024-12-20 16:33:00 +08:00 · 2024-12-20 16:33:00 +08:00 · 57f1af9a4b
parent 59f51df67f
commit 57f1af9a4b
4 changed files with 206 additions and 30 deletions
--- a/sys/shkd-sys-sys/src/main/java/shkd/sys/sys/eoss/SSOPluginLogin.java
+++ b/sys/shkd-sys-sys/src/main/java/shkd/sys/sys/eoss/SSOPluginLogin.java
@ -2,22 +2,17 @@ package shkd.sys.sys.eoss;

 import kd.bos.cache.CacheFactory;
 import kd.bos.cache.DistributeSessionlessCache;
-import kd.bos.dataentity.entity.DynamicObject;
 import kd.bos.exception.ErrorCode;
 import kd.bos.exception.KDBizException;
 import kd.bos.exception.KDException;
-import kd.bos.krpc.container.page.pages.SystemPageHandler;
 import kd.bos.logging.Log;
 import kd.bos.logging.LogFactory;
 import kd.bos.login.thirdauth.ThirdSSOAuthHandler;
 import kd.bos.login.thirdauth.UserAuthResult;
 import kd.bos.login.thirdauth.UserProperType;
-import kd.bos.servicehelper.parameter.SystemParamServiceHelper;
 import kd.bos.servicehelper.user.UserServiceHelper;
-import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.lang3.StringUtils;
-import shkd.sys.sys.utils.RSAUtil;
-import shkd.sys.sys.utils.RSAUtils;
+import shkd.sys.sys.utils.AesUtils;

 import javax.servlet.http.*;
 import java.io.IOException;
@ -115,14 +110,12 @@ public class SSOPluginLogin implements ThirdSSOAuthHandler {

 //                Object o = SystemParamServiceHelper.loadPublicParameterFromCache("shkd_privatekeystring_tag");
 //                logger.info("获取公共参数shkd_privatekeystring_tag："+o);
-                logger.info("加密后user：" + userName);
-                String privateKeyString = "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVcEZaQoPn+qado8nw5ZvKlbxEh/xQ9AiBMRUFpY0XibkrCa1T2A7bTWztoAkTaBby1ynOOX4q1BSTGiDVOcXkCZgMteqAlvg3y9YZTlV/6MkbPLNPZTuWgNMa2C6bMkkHfJJqkDI8IZbe3IUxNk4Rz6JWsLDaI6PNhSKbRIq3MHj/emsmkQN+ePAz0Elh4b/bD2L63lmJJEtoK9Ira2b/gl+VwqOiaZb8iZ4PrvCKQJucAPkdQAb2Etcv0Clb/VnzdgzzcR+gU5Ak2hJns29IFMS4jOGhAJkdLQX+fW1KS0Am9gsvYznIbv8R0Bv/PDz+jHrd36a9sMr/ixzOy3QBAgMBAAECggEAXOVc+XPxzUm+suXSwtJsmCPLqVg2bVWJThF6wNZpLlF3ElBH7DIhZTmxq0r4KEYpltAnFebYDvP3cH7yw1s90h6K2x1iT01mA4LoUGNTuzQqM3yb3naFFOBFAW4N+uZL+sIxR8gy1REZhS4dmmm0WPQyB+EnWAojBRRpF4MhjND0ncSRJhWLTg3SiOSidedaVuI9AncwXlsH3hvJTM9xrL86tGIuFZe1JDCbg5zCU0Scz6LFnSc4UISajPEy0u7v8l74k2Tqr+XXOCAbG4gSr12BazQ7c7pT0hnwE1t/WKdeu033dbTfz+FkZ/ARFgfsjuGBrc2LA7A/FbOD28mTcQKBgQDrC41Z14Iz4N+hr4fvilCqou/GcF7T5CP//tKqj3RRgCYu3XF1btQ+iXMRc40NzdCdxmH+BMJ9lS51Soi0dzvHuQTn/A/3cviBfmzptqTMp0T2RpXQ0bSe4wqUT3fdenFm39xbw9p+b+eknZ8lrGM6fn06GBP6mQ+USMvZAnkdawKBgQDod5hasx8rMveJsNdqp/vGOFVtCh6RVX0rV8vlJ1tLGAhxBQbPbbmB/H773Fqyhc7NOWPFbSuHXtZtArgTY5wHwHcBZ41nB7E5Y40wMql8eNFhBFAb1M8xy7o+cX5gIsphrBRiGGM9MBhQNea2cH3flKW9NPKdvH3dF0sv/OGDQwKBgQClV60JpDZtdCUcwjPn5+6y+oedmnK6r+Q7MvDTFrMGmhVCJnin2Vzo2RvfDOAO89drBaDtZj/Cw+y4icP831toNdkjsAczVOdHgL3w8pCffpNeg2zkRoC+vIw2pGh3nqija5rB2taa1vGmtVK817W98jj5YvK6+G0jLMppT/oPHQKBgQC7S3Ai02Jvabbq5uIIeqNtxwF8wsRyD9CzVR9f11/Elu5mMMiV4y+tPQQKZDVm1EwUKQLrk9OYU56rYZ9xb7XMwRKgvQ++TQJK3JxqksbfFHCNm+33HnR5CE1b9hD938ny+7PIfSGnsNJF/ceOgf/IXXlTgg9favh1Y0ketr3zBQKBgFKWHvw/i1j4F/6vQIBn4ke22Ja8qXDNLfIUEcgqqvIx5N6Imv8DLyvu56CWveThVzk810VHRqoJ3aIgA8oTs/mQyd8G/S8jbyufl2GeoHap9azSr63HZh4v8ZBMQuA6xP2CEUByEyIWknwo7pp9yj8gJZUFmvTthY6SvkYrqg1H";
-                logger.info("私钥string：" + privateKeyString);
-                String cleanedBase64String = privateKeyString.replaceAll("[^A-Za-z0-9+/=]", "");
+            logger.info("加密后user：" + userName);
+            String privateKeyString = "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVcEZaQoPn+qado8nw5ZvKlbxEh/xQ9AiBMRUFpY0XibkrCa1T2A7bTWztoAkTaBby1ynOOX4q1BSTGiDVOcXkCZgMteqAlvg3y9YZTlV/6MkbPLNPZTuWgNMa2C6bMkkHfJJqkDI8IZbe3IUxNk4Rz6JWsLDaI6PNhSKbRIq3MHj/emsmkQN+ePAz0Elh4b/bD2L63lmJJEtoK9Ira2b/gl+VwqOiaZb8iZ4PrvCKQJucAPkdQAb2Etcv0Clb/VnzdgzzcR+gU5Ak2hJns29IFMS4jOGhAJkdLQX+fW1KS0Am9gsvYznIbv8R0Bv/PDz+jHrd36a9sMr/ixzOy3QBAgMBAAECggEAXOVc+XPxzUm+suXSwtJsmCPLqVg2bVWJThF6wNZpLlF3ElBH7DIhZTmxq0r4KEYpltAnFebYDvP3cH7yw1s90h6K2x1iT01mA4LoUGNTuzQqM3yb3naFFOBFAW4N+uZL+sIxR8gy1REZhS4dmmm0WPQyB+EnWAojBRRpF4MhjND0ncSRJhWLTg3SiOSidedaVuI9AncwXlsH3hvJTM9xrL86tGIuFZe1JDCbg5zCU0Scz6LFnSc4UISajPEy0u7v8l74k2Tqr+XXOCAbG4gSr12BazQ7c7pT0hnwE1t/WKdeu033dbTfz+FkZ/ARFgfsjuGBrc2LA7A/FbOD28mTcQKBgQDrC41Z14Iz4N+hr4fvilCqou/GcF7T5CP//tKqj3RRgCYu3XF1btQ+iXMRc40NzdCdxmH+BMJ9lS51Soi0dzvHuQTn/A/3cviBfmzptqTMp0T2RpXQ0bSe4wqUT3fdenFm39xbw9p+b+eknZ8lrGM6fn06GBP6mQ+USMvZAnkdawKBgQDod5hasx8rMveJsNdqp/vGOFVtCh6RVX0rV8vlJ1tLGAhxBQbPbbmB/H773Fqyhc7NOWPFbSuHXtZtArgTY5wHwHcBZ41nB7E5Y40wMql8eNFhBFAb1M8xy7o+cX5gIsphrBRiGGM9MBhQNea2cH3flKW9NPKdvH3dF0sv/OGDQwKBgQClV60JpDZtdCUcwjPn5+6y+oedmnK6r+Q7MvDTFrMGmhVCJnin2Vzo2RvfDOAO89drBaDtZj/Cw+y4icP831toNdkjsAczVOdHgL3w8pCffpNeg2zkRoC+vIw2pGh3nqija5rB2taa1vGmtVK817W98jj5YvK6+G0jLMppT/oPHQKBgQC7S3Ai02Jvabbq5uIIeqNtxwF8wsRyD9CzVR9f11/Elu5mMMiV4y+tPQQKZDVm1EwUKQLrk9OYU56rYZ9xb7XMwRKgvQ++TQJK3JxqksbfFHCNm+33HnR5CE1b9hD938ny+7PIfSGnsNJF/ceOgf/IXXlTgg9favh1Y0ketr3zBQKBgFKWHvw/i1j4F/6vQIBn4ke22Ja8qXDNLfIUEcgqqvIx5N6Imv8DLyvu56CWveThVzk810VHRqoJ3aIgA8oTs/mQyd8G/S8jbyufl2GeoHap9azSr63HZh4v8ZBMQuA6xP2CEUByEyIWknwo7pp9yj8gJZUFmvTthY6SvkYrqg1H";
+            logger.info("私钥string：" + privateKeyString);
+            String cleanedBase64String = privateKeyString.replaceAll("[^A-Za-z0-9+/=]", "");
            try {
-                PrivateKey privateKey = RSAUtil.getPrivateKeyFromString(cleanedBase64String);
-                logger.info("通过私钥获取获取秘钥：{}", privateKey);
-                String user = RSAUtil.decrypt(userName, privateKey);
+                String user = AesUtils.aesDecryptString(userName);
                logger.info("SSO用户名：" + user);
                result.setUser(user);
                result.setSucess(true);
--- a/sys/shkd-sys-sys/src/main/java/shkd/sys/sys/midservice/backlogTack/ToDoResendTack.java
+++ b/sys/shkd-sys-sys/src/main/java/shkd/sys/sys/midservice/backlogTack/ToDoResendTack.java
@ -17,13 +17,11 @@ import kd.bos.schedule.executor.AbstractTask;
 import kd.bos.servicehelper.QueryServiceHelper;
 import kd.bos.servicehelper.parameter.SystemParamServiceHelper;
 import kd.bos.util.StringUtils;
-import org.apache.commons.codec.binary.Base64;
 import shkd.sys.sys.midservice.handler.CreateToDoHandler;
 import shkd.sys.sys.midservice.handler.DealToDoHandler;
 import shkd.sys.sys.midservice.handler.deleteToDoHandler;
 import shkd.sys.sys.midservice.utils.GetUrlUtils;
-import shkd.sys.sys.utils.RSAUtil;
-import shkd.sys.sys.utils.RSAUtils;
+import shkd.sys.sys.utils.AesUtils;

 import java.util.*;

@ -177,12 +175,10 @@ public class ToDoResendTack extends AbstractTask {
                        "phone,username", new QFilter[]{new QFilter("id", "=", next.getString("freceiveuserid"))});
                String userName;
                try {
-                    Object o = SystemParamServiceHelper.loadPublicParameterFromCache("shkd_publickeystring");
-                    logger.info("公钥："+o);
-                    userName = RSAUtil.encrypt(dynamicObject.getString("username"),RSAUtil.getPublicKeyFromString(String.valueOf(o)));
-                    logger.info("公钥加密后user："+userName);
+                    userName = AesUtils.aesEncryptString(dynamicObject.getString("username"));
+                    logger.info("AES加密后user："+userName);
                }catch (Exception e){
-                    ErrorCode errorCode = new ErrorCode("error_code", "公钥加密出现异常，请联系运维人员排查！");
+                    ErrorCode errorCode = new ErrorCode("error_code", "AES加密出现异常，请联系运维人员排查！");
                    throw new KDException(errorCode, e);
                }
                switch (t_status) {
--- a/sys/shkd-sys-sys/src/main/java/shkd/sys/sys/midservice/servicehandler/BacklogServiceHandle.java
+++ b/sys/shkd-sys-sys/src/main/java/shkd/sys/sys/midservice/servicehandler/BacklogServiceHandle.java
@ -12,12 +12,10 @@ import kd.bos.servicehelper.parameter.SystemParamServiceHelper;
 import kd.bos.workflow.engine.msg.ctx.MessageContext;
 import kd.bos.workflow.engine.msg.handler.AbstractServiceHandler;
 import kd.bos.workflow.engine.msg.info.ToDoInfo;
-import org.apache.commons.codec.binary.Base64;
 import shkd.sys.sys.midservice.handler.CreateToDoHandler;
 import shkd.sys.sys.midservice.handler.DealToDoHandler;
 import shkd.sys.sys.midservice.handler.deleteToDoHandler;
-import shkd.sys.sys.utils.RSAUtil;
-import shkd.sys.sys.utils.RSAUtils;
+import shkd.sys.sys.utils.AesUtils;

 import java.util.List;

@ -47,13 +45,11 @@ public class BacklogServiceHandle extends AbstractServiceHandler {
        for (DynamicObject query_one : query) {
            String userName;
            try {
-                Object o = SystemParamServiceHelper.loadPublicParameterFromCache("shkd_publickeystring");
-                logger.info("公钥："+o);
-                userName = RSAUtil.encrypt(query_one.getString("username"),RSAUtil.getPublicKeyFromString(String.valueOf(o)));
-                logger.info("公钥加密后user："+userName);
+                userName = AesUtils.aesEncryptString(query_one.getString("username"));
+                logger.info("AES加密后user："+userName);
            }catch (Exception e){
-                logger.info("####公钥加密出现异常，请联系运维人员排查！");
-                ErrorCode errorCode = new ErrorCode("error_code", "公钥加密出现异常，请联系运维人员排查！");
+                logger.info("####AES加密出现异常，请联系运维人员排查！");
+                ErrorCode errorCode = new ErrorCode("error_code", "AES加密出现异常，请联系运维人员排查！");
                throw new KDException(errorCode, e);
            }
            StringBuilder form = new StringBuilder();
--- a/sys/shkd-sys-sys/src/main/java/shkd/sys/sys/utils/AesUtils.java
+++ b/sys/shkd-sys-sys/src/main/java/shkd/sys/sys/utils/AesUtils.java
@ -0,0 +1,191 @@
+package shkd.sys.sys.utils;
+
+import kd.bos.exception.ErrorCode;
+import kd.bos.exception.KDException;
+import kd.bos.logging.Log;
+import kd.bos.logging.LogFactory;
+import shkd.sys.sys.eoss.SSOPluginLogin;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.UnsupportedEncodingException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
+import java.util.Base64.Decoder;
+import java.util.Base64.Encoder;
+
+/**
+ * 提供AES加密和解密的工具类。
+ */
+public class AesUtils {
+
+    // 定义加密使用的初始向量IV
+    public static final String IV_STRING = "-o@g*m,%0!si^fo1";
+    // 定义加密使用的密钥KEY
+    public static final String KEY = "a@e@skeY;useRName$eOssMsg99!@$@!";
+    // 定义字符编码
+    public static final String CHARSET = "UTF-8";
+    // 日志对象，用于记录日志信息
+    private final static Log logger = LogFactory.getLog(SSOPluginLogin.class);
+
+    // 私有构造函数，防止类被实例化
+    private AesUtils() {
+    }
+
+    /**
+     * 使用默认密钥对字符串进行AES加密。
+     *
+     * @param content 待加密的内容
+     * @return 加密后的字符串
+     */
+    public static String aesEncryptString(String content) {
+        return aesEncryptString(content, KEY);
+    }
+
+    /**
+     * 使用指定密钥对字符串进行AES加密。
+     *
+     * @param content 待加密的内容
+     * @param key     16位密钥
+     * @return 加密后的字符串
+     */
+    public static String aesEncryptString(String content, String key) {
+        if (null == content) {
+            return null;
+        }
+        byte[] encryptedBytes;
+        try {
+            // 将内容和密钥转换为字节数组
+            byte[] contentBytes = content.getBytes(CHARSET);
+            byte[] keyBytes = key.getBytes(CHARSET);
+            // 进行AES加密操作
+            encryptedBytes = aesEncryptBytes(contentBytes, keyBytes);
+        } catch (Exception e) {
+            // 记录加密失败的日志，并抛出异常
+            logger.info("加密失败,异常信息：{}", e);
+            ErrorCode errorCode = new ErrorCode("error_code", "加密出现异常，请联系运维人员排查！");
+            throw new KDException(errorCode, e);
+        }
+        // 使用Base64编码加密后的字节数组，并返回结果
+        Encoder encoder = Base64.getEncoder();
+        return encoder.encodeToString(encryptedBytes);
+    }
+
+    /**
+     * 使用默认密钥对字符串进行AES解密。
+     *
+     * @param content 待解密的内容
+     * @return 解密后的字符串
+     */
+    public static String aesDecryptString(String content) {
+        if (null == content) {
+            return null;
+        }
+        return aesDecryptString(content, KEY);
+    }
+
+    /**
+     * 使用指定密钥对字符串进行AES解密。
+     *
+     * @param content 待解密的内容
+     * @param key     16位密钥
+     * @return 解密后的字符串
+     */
+    public static String aesDecryptString(String content, String key) {
+        Decoder decoder = Base64.getDecoder();
+        try {
+            // 使用Base64解码待解密的内容
+            byte[] encryptedBytes = decoder.decode(content);
+            // 将密钥转换为字节数组
+            byte[] keyBytes = key.getBytes(CHARSET);
+            // 进行AES解密操作
+            byte[] decryptedBytes = aesDecryptBytes(encryptedBytes, keyBytes);
+            // 将解密后的字节数组转换为字符串，并返回结果
+            return new String(decryptedBytes, CHARSET);
+        } catch (Exception e) {
+            // 记录解密失败的日志，并抛出异常
+            logger.info("解密失败,异常信息：{}", e);
+            ErrorCode errorCode = new ErrorCode("error_code", "解密出现异常，请联系运维人员排查！");
+            throw new KDException(errorCode, e);
+        }
+
+    }
+
+    /**
+     * 对字节数组进行AES加密。
+     *
+     * @param contentBytes 待加密的字节数组
+     * @param keyBytes     密钥的字节数组
+     * @return 加密后的字节数组
+     * @throws NoSuchAlgorithmException e
+     * @throws NoSuchPaddingException e
+     * @throws InvalidKeyException e
+     * @throws InvalidAlgorithmParameterException e
+     * @throws IllegalBlockSizeException e
+     * @throws BadPaddingException e
+     * @throws UnsupportedEncodingException e
+     */
+    private static byte[] aesEncryptBytes(byte[] contentBytes, byte[] keyBytes) throws NoSuchAlgorithmException,
+            NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException,
+            BadPaddingException, UnsupportedEncodingException {
+        return cipherOperation(contentBytes, keyBytes, Cipher.ENCRYPT_MODE);
+    }
+
+    /**
+     * 对字节数组进行AES解密。
+     *
+     * @param contentBytes 待解密的字节数组
+     * @param keyBytes     密钥的字节数组
+     * @return 解密后的字节数组
+     * @throws NoSuchAlgorithmException e
+     * @throws NoSuchPaddingException e
+     * @throws InvalidKeyException e
+     * @throws InvalidAlgorithmParameterException e
+     * @throws IllegalBlockSizeException e
+     * @throws BadPaddingException e
+     * @throws UnsupportedEncodingException e
+     */
+    private static byte[] aesDecryptBytes(byte[] contentBytes, byte[] keyBytes) throws NoSuchAlgorithmException,
+            NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException,
+            BadPaddingException, UnsupportedEncodingException {
+        return cipherOperation(contentBytes, keyBytes, Cipher.DECRYPT_MODE);
+    }
+
+    /**
+     * 执行AES加密或解密操作。
+     *
+     * @param contentBytes 待加密或解密的字节数组
+     * @param keyBytes     密钥的字节数组
+     * @param mode         加密(Cipher.ENCRYPT_MODE)或解密(Cipher.DECRYPT_MODE)模式
+     * @return 加密或解密后的字节数组
+     * @throws UnsupportedEncodingException e
+     * @throws NoSuchAlgorithmException e
+     * @throws NoSuchPaddingException e
+     * @throws InvalidKeyException e
+     * @throws InvalidAlgorithmParameterException e
+     * @throws IllegalBlockSizeException e
+     * @throws BadPaddingException e
+     */
+    private static byte[] cipherOperation(byte[] contentBytes, byte[] keyBytes, int mode)
+            throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,
+            InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
+        // 创建AES密钥
+        SecretKeySpec secretKey = new SecretKeySpec(keyBytes, "AES");
+        // 创建初始向量IV
+        byte[] initParam = IV_STRING.getBytes(CHARSET);
+        IvParameterSpec ivParameterSpec = new IvParameterSpec(initParam);
+        // 获取AES/CFB/PKCS5Padding模式的Cipher对象
+        Cipher cipher = Cipher.getInstance("AES/CFB/PKCS5Padding");
+        // 初始化Cipher对象
+        cipher.init(mode, secretKey, ivParameterSpec);
+        // 执行加密或解密操作，并返回结果
+        return cipher.doFinal(contentBytes);
+    }
+
+}