spring-boot-interface-crypto-starter
介紹
springboot實現對RESTful API接口進行統一加解密
實現思路
- 設置啟動加解密API請求或響應(請求解密,響應加密)
- 編寫
RequestBodyAdvice及ResponseBodyAdvice實現,RequestBodyAdvice可以在方法入參前攔截請求,
ResponseBodyAdvice可以在請求后攔截響應內容 - supports引入是否加解密
- 實現
beforeBodyReadbeforeBodyWrite - 不同方式實現加解密(動態key)
說明:由于利用了RequestBodyAdvice及ResponseBodyAdvice攔截請求前后,所以請求參數必須有@RequestBody注解,請求方法上的注解必須包含@ResponseBody
注解,原因是RequestBodyAdvice和ResponseBodyAdvice,前者攔截不到無@RequestBody的方法,后者攔截不到無@ResponseBody的方法
加密解密支持
- 可進行加密的方式有:
- AES
- DES
- RSA
- BASE64
- SM2
- SM4
- 可進行解密的方式有:
- AES
- DES
- RSA
- BASE64
- SM2
- SM4
使用方法
- 依賴
maven倉庫
<repositories>
<repository>
<id>jitpack.io</id>
<url>https://jitpack.io</url>
</repository>
</repositories>
依賴
<dependency>
<groupId>com.gitee.hzhh123</groupId>
<artifactId>spring-boot-interface-crypto-starter</artifactId>
<version>1.0.1</version>
</dependency>
- 參數配置
在項目的application.yml或application.properties文件中進行參數配置,例如:
crypto:
configs:
- type: aes
key: 2691b31aa11bee4b62c05537aa67558a
- type: des
key: 9e07b5136216fd6b
- type: rsa
public-key: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgQq2HopByR9b5Pcj4IMSzF5F7YUeq0RGd/oIlzkyNHxUqV6FXEzTCPmSA+P0r6b9zSF2fVwXdDIy2kTTNffFQvUfP/eEUBw9ULFl4BhEygkQCInCTISkQs8Sx24jDQyY1P0IzkWjjjYtka2/bWcu9euPDAagZl6/KPMM8kI9RPwIDAQAB
private-key: MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKBCrYeikHJH1vk9yPggxLMXkXthR6rREZ3+giXOTI0fFSpXoVcTNMI+ZID4/Svpv3NIXZ9XBd0MjLaRNM198VC9R8/94RQHD1QsWXgGETKCRAIicJMhKRCzxLHbiMNDJjU/QjORaOONi2Rrb9tZy71648MBqBmXr8o8wzyQj1E/AgMBAAECgYAaH/SA3V/VuV9Sfx9xT4oxNcDaD5gqwO0xx8j4l8JD6RK+tc1P0Ao0Ng6VNcGztGWoyd21OW7zw3V214H3k7XQNQdm1xYFbYuzTN9YokQrEc7zjUSDdxh/f2QuH8N0Btr7FkOT+7vba5f/keim2IcmWNYVrTdCkAOtQnsJvYqBMQJBANQHkG34dTtiSBmTgTAg/1hwCOUSPy8f0Kf57TeHAWC+Pzm4tmYrg9aqU9fvppZaFTiHnmJGvP4AXwExeoHH0m8CQQDBfr6rewFEQCeaqMpDag0vE0LVljCutxsG8ouEIqN0/pzXKpGc99T5eNZZrLvVf+TP3sjaKTxREvaUvM0BrZYxAkEAgcATQUi/LNTq/EPI1dQLjmoY911gLw1QGcsWwFksnbAubrs7W3CboDzhTA5Kqk18GPjdEpTpSKKfgNJvfoXynwJAZvYDjYn5hZDBwjlYz4CKHWeZY7/0jbOfbRX5CUnJQsMNQC1FqInzyP/0x2jz1kqkvbvlkrjogJefoEvKpr7wsQJAPNg/cc71wB4MEUJPJopxR2yr1yS1kO0491iwh21cvR3W8fQMYW59fl6LvwGVfO/BhukZ16+KEnQVvcm2yD/rHQ==
- type: sm2
public-key: MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEilivBGPrnunZqZL9Coa+Ir4p63nPgAS95oYFaKYPd+BKHbouiqRMd/WPgwFnZSdPZ1IRrM3TNlHdO65plFwNDw==
private-key: MIGTAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBHkwdwIBAQQggz7cN/iSujCLHhGaW8PPHuHiFWHgQJwIVtth/85zQ5GgCgYIKoEcz1UBgi2hRANCAASKWK8EY+ue6dmpkv0Khr4ivinrec+ABL3mhgVopg934Eodui6KpEx39Y+DAWdlJ09nUhGszdM2Ud07rmmUXA0P
resultType: HEX #設置響應結果加密后是轉為HEX還是BASE64,默認轉為BASE64
- type: sm4
key: ea3f9e5432e4f21d4b01a4e6a6ee95be
- type: rc2
key: N1KBLtE9GzFqcEvuyDjBAA==
scan-outer-package: com.hzhh123.sample.crypto #外部掃描加密類
加密key的生成使用Sm2Utils.java、Sm4Utils.java、RsaUtils.java、AesUtils.java、DesUtils.java生成,生成的key轉base64或hex值,key是hex值的加密后的
值也是hex值,key是base64的則加密后的值也是base64值,其中AES、DES、SM4是對稱加密,加解密直接設置key值,publicKey和privateKey值不用設置,非對稱加密RSA、SM2需要設置公私鑰,key不用設置。
scan-outer-package是擴展加密方式所掃描的外部包,實現原理是繼承了EnvironmentAware,BeanFactoryPostProcessor接口environment通過scan-outer-package獲取外部加解密掃描包,代碼如下:
//掃描包的實現,實際使用不需要實現這個類,這個類是spring-boot-interface-crypto-starter中的類
package com.hzhh123.crypto.processor;
import com.hzhh123.crypto.annotation.CryptoType;
import com.hzhh123.crypto.handle.CryptoContext;
import com.hzhh123.crypto.utils.spring.ClassScanner;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.context.EnvironmentAware;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.core.env.Environment;
import java.util.HashMap;
import java.util.Map;
/**
* @author hzhh123
* @version 1.0
* @date 2022/4/15 17:00
* @des
*/
@Slf4j
public class CryptoBeanFactoryPostProcessor implements EnvironmentAware,BeanFactoryPostProcessor {
private final static String HANDLE_PACKAGE = "com.hzhh123.crypto.handle";
@Override
public void postProcessBeanFactory(ConfigurableListableBeanFactory configurableListableBeanFactory) throws BeansException {
Map<String, Class<?>> handleMap = new HashMap<>(8);
ClassScanner.scan(HANDLE_PACKAGE, CryptoType.class).forEach(clazz -> {
String value = clazz.getAnnotation(CryptoType.class).value();
handleMap.put(value, clazz);
});
//掃描外部包,直接從CryptoProperties中獲取不到屬性
String scanOuterCryptoPackage = environment.getProperty("crypto.scan-outer-package");
if(StringUtils.isNotBlank(scanOuterCryptoPackage)){
log.info("掃描加解密外部包(crypto.scan-outer-package){}",scanOuterCryptoPackage);
String[] scanOuterCryptoPackages = scanOuterCryptoPackage.split(",");
ClassScanner.scan(scanOuterCryptoPackages, CryptoType.class).forEach(clazz -> {
String value = clazz.getAnnotation(CryptoType.class).value();
handleMap.put(value, clazz);
});
}
log.info("默認支持加解密方式:{}",handleMap.keySet());
CryptoContext cryptoContext = new CryptoContext(handleMap);
configurableListableBeanFactory.registerSingleton(CryptoContext.class.getName(), cryptoContext);
}
private ConfigurableEnvironment environment;
@Override
public void setEnvironment(Environment environment) {
this.environment = (ConfigurableEnvironment) environment;
}
}
- 擴展加解密類,繼承AbstractCrypto類,實現encryot和decrypt方法
package com.hzhh123.sample.crypto;
import com.hzhh123.crypto.annotation.CryptoType;
import com.hzhh123.crypto.config.CryptoProperties;
import com.hzhh123.crypto.exception.EncryptException;
import com.hzhh123.crypto.handle.AbstractCrypto;
import com.hzhh123.crypto.utils.CryptoPropertiesUtils;
import com.hzhh123.crypto.utils.RC2Utils;
import lombok.RequiredArgsConstructor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
/**
* @author hzhh123
* @version 1.0
* @date 2022/4/15 21:40
* @des
*/
@RequiredArgsConstructor(onConstructor_ = @Autowired)
@Component
@CryptoType("RC2")
public class RC2CryptoHandle extends AbstractCrypto {
private final CryptoProperties cryptoProperties;
@Override
public String encrypt(String str) {
CryptoProperties.PairKey cryptoPropertiesPairKey = getCryptoPropertiesPairKey();
return RC2Utils.encrypt(str,cryptoPropertiesPairKey.getKey());
}
@Override
public String decrypt(String str) {
CryptoProperties.PairKey cryptoPropertiesPairKey = getCryptoPropertiesPairKey();
return RC2Utils.decrypt(str,cryptoPropertiesPairKey.getKey());
}
private CryptoProperties.PairKey getCryptoPropertiesPairKey() {
CryptoProperties.PairKey cryptoPropertiesPairKey = CryptoPropertiesUtils.getCryptoPropertiesPairKey("RC2", cryptoProperties);
if (cryptoPropertiesPairKey == null) {
throw new EncryptException("RC2加密KEY不能為空");
}
if (cryptoPropertiesPairKey.getKey() == null) {
throw new EncryptException("RC2加密KEY不能為空");
}
return cryptoPropertiesPairKey;
}
}
- 啟用接口加解密
啟動入口類添加@EnableEncryptDecrypt注解開啟加解密
- 注解
@AesEncrypt和@AesDecrypt是AES算法加密響應報文,解密請求報文
@Base64Encrypt和@Base64Decrypt是BASE64算法加密響應報文,解密請求報文
@Base64Encrypt和@Base64Decrypt是BASE64算法加密響應報文,解密請求報文
@DesEncrypt和@DesDecrypt是DES算法加密響應報文,解密請求報文
@RsaEncrypt和@RsaDecrypt是RSA算法加密響應報文,解密請求報文
@Encrypt和@Decrypt加密響應報文,解密請求報文,可通過value屬性設置要加密的算法和要解密的算法,starter主要實現了DES,AES,RSA,BASE64,SM2,SM4幾種算法,
如果要實現其他算法,可繼承AbstractCrypto實現新的算法,注意大小寫
@EncryptDecrypt加密響應報文和解密請求報文是同一個加密算法,可通過value屬性設置要加密的算法和要解密的算法,starter主要實現了DES,AES,RSA,BASE64,SM2,SM4幾種算法,
如果要實現其他算法,可繼承AbstractCrypto實現新的算法,注意大小寫
其他參考
測試
測試1
[GET]http://localhost:8080/test1
json請求參數:
{
"data":"1b400e753dc2cfa01d98caeb23b07172509226bbf24749972486bf44cf35d2b476bb627708ccf9b140f527dd570d3a3e7a0cb9f469a917be229d8181956aef9f"
}
響應:
{
"code": "200",
"data": "cUpvgQrr2elOOnVFvsqhn6vrxHJWpE7xr5oeoEyVyDy/eQbeosO8g1mDz6WsgVNCWNCpNZdPd7GYy586GwCVFdIUN9N5SICVOTHErgPeqHLGR3fdvjbL6feGrUNbxHTGJhVgwhBq8ljEUoaXXqTpfkwKznBUakgzKlTBa/yZ4bM=",
"success": true,
"message": "成功",
"timestamp": 1650008249034
}
請求代碼
/**
* 請求參數{"data":"AES加密User實例json數據"},響應結果RSA加密
*/
@Slf4j
@RestController
@Decrypt(type = EncrptyTypeEnum.AES)
@Encrypt(type = EncrptyTypeEnum.RSA)
public class Test1Controller implements ResultBuilder {
@GetMapping("/test1")
public ResponseEntity<Result<?>> test1(@RequestBody User user){
log.info("{}",user);
return success(user);
}
}
/**
* @author hzhh123
* @version 1.0
* @date 2022/4/13 14:47
* @des
*
*
*/
@Slf4j
@RestController
@Decrypt(type = EncrptyTypeEnum.AES)
@Encrypt("SM2")
//@Base64Encrypt
public class Test1Controller implements ResultBuilder {
@GetMapping("/test1")
public ResponseEntity<Result<?>> test1(@RequestBody User user){
log.info("{}",user);
return success(user);
}
}
測試2
測試采用SM2加解密
[GET]http://localhost:8080/test2/test1
json請求參數:
{
"data":"BEAgW2lQD7uZjqk5TKgbF7yH0/nk+zBlUSOlrlQgkHLfB0mkcm7iWBVyno18gGIw6YXzw4x+GdZ+51kzT4bAaGYCmkgdoID/VrySn4l48S3uux7OQjllEuleZmsGIxx5FRgsNu1wZwn2SJUj+H0c1CW96E2JtddGt5VBcX8Mgo3bmV9O2BM="
}
響應:
{
"code": "200",
"data": "BBcDxUJtokuugJ2lIYXe5YuQ7aOTnBa9o8EW5Bu6SnPFdgm7cEiXXHTrZJHElDTSFEGcvT0wbIXbVetkN8mEFwM4X57cm5JzejYaglVFiHuC5CU+wp6bp/QxoAnoRldFboNovA44C7po+AVWFMJI9WucYAOgJuqHKlxFme6X0U6RKRCJAMI=",
"success": true,
"message": "成功",
"timestamp": 1679380118561
}
代碼
@Slf4j
@RequestMapping("/test2")
@RestController
@EncryptDecrypt(value = "SM2")
public class Test2Controller implements ResultBuilder {
@GetMapping("/test1")
public ResponseEntity<Result<?>> test1(@RequestBody User user){
log.info("{}",user);
return success(user);
}
@EncryptDecrypt
@GetMapping("/test2")
public ResponseEntity<Result<?>> test2(@RequestBody User user){
log.info("{}",user);
return success(user);
}
}
