From 9e2bb4f3ceef7dc96026eae7351743003b5e66da Mon Sep 17 00:00:00 2001 From: jiang Date: Fri, 8 Nov 2024 14:59:29 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E7=94=A8=E6=88=B7=E7=99=BB=E5=BD=95?= =?UTF-8?q?=E9=97=AE=E9=A2=98=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/bonus/auth/service/EmailOtpLoginStrategy.java | 3 ++- .../com/bonus/auth/service/EmailPasswordLoginStrategy.java | 3 ++- .../java/com/bonus/auth/service/PhoneOtpLoginStrategy.java | 3 ++- .../com/bonus/auth/service/PhonePasswordLoginStrategy.java | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/bonus-auth/src/main/java/com/bonus/auth/service/EmailOtpLoginStrategy.java b/bonus-auth/src/main/java/com/bonus/auth/service/EmailOtpLoginStrategy.java index 0bc3579..16b789d 100644 --- a/bonus-auth/src/main/java/com/bonus/auth/service/EmailOtpLoginStrategy.java +++ b/bonus-auth/src/main/java/com/bonus/auth/service/EmailOtpLoginStrategy.java @@ -3,6 +3,7 @@ package com.bonus.auth.service; import com.bonus.common.core.constant.SecurityConstants; import com.bonus.common.core.domain.R; import com.bonus.common.core.exception.ServiceException; +import com.bonus.common.core.utils.encryption.Sm4Utils; import com.bonus.config.SystemConfig; import com.bonus.system.api.RemoteUserService; import com.bonus.system.api.domain.SysUser; @@ -30,7 +31,7 @@ public class EmailOtpLoginStrategy implements LoginStrategy { throw new ServiceException("用户不存在/密码错误"); } passwordValidatorService.checkPhoneCaptcha(email, otp); - R userResult = remoteUserService.getUserInfoByEmail(email, SecurityConstants.INNER); + R userResult = remoteUserService.getUserInfoByEmail(Sm4Utils.encrypt(email), SecurityConstants.INNER); //验证用户是否存在 passwordValidatorService.validateUserResult(email, userResult); LoginUser userInfo = userResult.getData(); diff --git a/bonus-auth/src/main/java/com/bonus/auth/service/EmailPasswordLoginStrategy.java b/bonus-auth/src/main/java/com/bonus/auth/service/EmailPasswordLoginStrategy.java index 70b5af4..5c5b9a2 100644 --- a/bonus-auth/src/main/java/com/bonus/auth/service/EmailPasswordLoginStrategy.java +++ b/bonus-auth/src/main/java/com/bonus/auth/service/EmailPasswordLoginStrategy.java @@ -3,6 +3,7 @@ package com.bonus.auth.service; import com.bonus.common.core.constant.SecurityConstants; import com.bonus.common.core.domain.R; import com.bonus.common.core.exception.ServiceException; +import com.bonus.common.core.utils.encryption.Sm4Utils; import com.bonus.config.SystemConfig; import com.bonus.system.api.RemoteUserService; import com.bonus.system.api.domain.SysUser; @@ -33,7 +34,7 @@ public class EmailPasswordLoginStrategy implements LoginStrategy { throw new ServiceException("用户不存在/密码错误"); } //通过手机号获取用户信息 - R userResult = remoteUserService.getUserInfoByEmail(email, SecurityConstants.INNER); + R userResult = remoteUserService.getUserInfoByEmail(Sm4Utils.encrypt(email), SecurityConstants.INNER); //验证用户是否存在 passwordValidatorService.validateUserResult(email, userResult); //获取用户信息 diff --git a/bonus-auth/src/main/java/com/bonus/auth/service/PhoneOtpLoginStrategy.java b/bonus-auth/src/main/java/com/bonus/auth/service/PhoneOtpLoginStrategy.java index dd62c5f..fb511d3 100644 --- a/bonus-auth/src/main/java/com/bonus/auth/service/PhoneOtpLoginStrategy.java +++ b/bonus-auth/src/main/java/com/bonus/auth/service/PhoneOtpLoginStrategy.java @@ -3,6 +3,7 @@ package com.bonus.auth.service; import com.bonus.common.core.constant.SecurityConstants; import com.bonus.common.core.domain.R; import com.bonus.common.core.exception.ServiceException; +import com.bonus.common.core.utils.encryption.Sm4Utils; import com.bonus.config.SystemConfig; import com.bonus.system.api.RemoteUserService; import com.bonus.system.api.domain.SysUser; @@ -32,7 +33,7 @@ public class PhoneOtpLoginStrategy implements LoginStrategy { throw new ServiceException("用户不存在/验证码错误"); } passwordValidatorService.checkPhoneCaptcha(phone, otp); - R userResult = remoteUserService.getUserInfoByPhone(phone, SecurityConstants.INNER); + R userResult = remoteUserService.getUserInfoByPhone(Sm4Utils.encrypt(phone), SecurityConstants.INNER); //验证用户是否存在 passwordValidatorService.validateUserResult(phone, userResult); LoginUser userInfo = userResult.getData(); diff --git a/bonus-auth/src/main/java/com/bonus/auth/service/PhonePasswordLoginStrategy.java b/bonus-auth/src/main/java/com/bonus/auth/service/PhonePasswordLoginStrategy.java index d6d819a..8ec2b93 100644 --- a/bonus-auth/src/main/java/com/bonus/auth/service/PhonePasswordLoginStrategy.java +++ b/bonus-auth/src/main/java/com/bonus/auth/service/PhonePasswordLoginStrategy.java @@ -3,6 +3,7 @@ package com.bonus.auth.service; import com.bonus.common.core.constant.SecurityConstants; import com.bonus.common.core.domain.R; import com.bonus.common.core.exception.ServiceException; +import com.bonus.common.core.utils.encryption.Sm4Utils; import com.bonus.config.SystemConfig; import com.bonus.system.api.RemoteUserService; import com.bonus.system.api.domain.SysUser; @@ -35,7 +36,7 @@ public class PhonePasswordLoginStrategy implements LoginStrategy { throw new ServiceException("用户不存在/密码错误"); } //通过手机号获取用户信息 - R userResult = remoteUserService.getUserInfoByPhone(phone, SecurityConstants.INNER); + R userResult = remoteUserService.getUserInfoByPhone(Sm4Utils.encrypt(phone), SecurityConstants.INNER); //验证用户是否存在 passwordValidatorService.validateUserResult(phone, userResult); //获取用户信息 From 3fde9294aca0ce5564ced59e12e5a156dfd7ffe0 Mon Sep 17 00:00:00 2001 From: jiang Date: Fri, 8 Nov 2024 14:59:49 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E7=94=A8=E6=88=B7=E7=99=BB=E5=BD=95?= =?UTF-8?q?=E9=97=AE=E9=A2=98=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/core/utils/encryption/Sm3Util.java | 5 ---- .../core/utils/encryption/Sm4Utils.java | 24 +++++++------------ 2 files changed, 8 insertions(+), 21 deletions(-) diff --git a/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/encryption/Sm3Util.java b/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/encryption/Sm3Util.java index 514463c..b600d62 100644 --- a/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/encryption/Sm3Util.java +++ b/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/encryption/Sm3Util.java @@ -15,11 +15,6 @@ public class Sm3Util { static SM3 sm3 = SmUtil.sm3WithSalt("2cc0c5f9f1749f1632efa9f63e902323".getBytes(StandardCharsets.UTF_8)); -// public static void main(String[] args) { -// -// String msg= encrypt("1234567890"); -// System.err.println(msg); -// } public static String encrypt(String data) { return Sm3Util.sm3.digestHex(data); diff --git a/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/encryption/Sm4Utils.java b/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/encryption/Sm4Utils.java index 1fc47b3..d3825c5 100644 --- a/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/encryption/Sm4Utils.java +++ b/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/encryption/Sm4Utils.java @@ -4,7 +4,6 @@ import cn.hutool.core.util.HexUtil; import cn.hutool.crypto.Mode; import cn.hutool.crypto.Padding; import cn.hutool.crypto.symmetric.SM4; -import com.bonus.common.core.utils.StringUtils; /** * @author bonus @@ -14,6 +13,8 @@ public class Sm4Utils { * 必须是16字节 */ private static final String KEY = "78d1295afa99449b99d6f83820e6965c"; + + private static final String IV = "f555adf6c01d0ab0761e626a2dae34a2"; /** * 加密数据,使用固定盐 * @@ -22,13 +23,11 @@ public class Sm4Utils { */ public static String encrypt(String plainText) { try { - String salt = StringUtils.randomUUID(); - // 初始化SM4加密工具 - SM4 sm4 = new SM4(Mode.CBC, Padding.PKCS5Padding, HexUtil.decodeHex(KEY),HexUtil.decodeHex(salt)); + SM4 sm4 = new SM4(Mode.CBC, Padding.PKCS5Padding, HexUtil.decodeHex(KEY),HexUtil.decodeHex(IV)); // 加密带盐的明文 byte[] encryptedData = sm4.encrypt(plainText); // 返回带盐的加密结果(Hex编码) - return HexUtil.encodeHexStr(encryptedData)+salt; + return HexUtil.encodeHexStr(encryptedData); } catch (Exception e) { e.printStackTrace(); return null; // 发生异常时返回null @@ -43,17 +42,10 @@ public class Sm4Utils { */ public static String decrypt(String cipherText) { try { - // 提取盐,后32个字符 - String salt = cipherText.length() > 32 ? - cipherText.substring(cipherText.length() - 32) : - cipherText; // 如果字符串长度小于32,返回整个字符串 - - // 去掉盐,获取原始的密文部分 - String originalHex = cipherText.substring(0, cipherText.length() - 32); // 初始化SM4解密工具 - SM4 sm4 = new SM4(Mode.CBC, Padding.PKCS5Padding, HexUtil.decodeHex(KEY), HexUtil.decodeHex(salt)); + SM4 sm4 = new SM4(Mode.CBC, Padding.PKCS5Padding, HexUtil.decodeHex(KEY),HexUtil.decodeHex(IV)); // 解密数据 - byte[] decryptedData = sm4.decrypt(originalHex); + byte[] decryptedData = sm4.decrypt(cipherText); return new String(decryptedData); } catch (Exception e) { e.printStackTrace(); @@ -63,7 +55,7 @@ public class Sm4Utils { // 测试方法,演示加密和解密过程 public static void main(String[] args) { - String plainText = "Hello, SM4 encryption with fixed salt!"; + String plainText = "15398187429"; System.out.println("原文: " + plainText); // 加密明文 @@ -71,7 +63,7 @@ public class Sm4Utils { System.out.println("加密后: " + encryptedText); // 解密密文 - String decryptedText = Sm4Utils.decrypt("224c59bb4aa36a42d6639cf31986521d8fc838bc299483ffef95ae38c7d16e43d8bc9862b0f9dc94c88ed69b4575f1b3"); + String decryptedText = Sm4Utils.decrypt(encryptedText); System.out.println("解密后: " + decryptedText); } }