Merge remote-tracking branch 'origin/main'

bonus-auth/src/main/java/com/bonus/auth/service/EmailOtpLoginStrategy.java

@@ -3,6 +3,7 @@ package com.bonus.auth.service;
 import com.bonus.common.core.constant.SecurityConstants;
 import com.bonus.common.core.domain.R;
 import com.bonus.common.core.exception.ServiceException;
+import com.bonus.common.core.utils.encryption.Sm4Utils;
 import com.bonus.config.SystemConfig;
 import com.bonus.system.api.RemoteUserService;
 import com.bonus.system.api.domain.SysUser;
@@ -30,7 +31,7 @@ public class EmailOtpLoginStrategy implements LoginStrategy {
             throw new ServiceException("用户不存在/密码错误");
         }
         passwordValidatorService.checkPhoneCaptcha(email, otp);
-        R<LoginUser> userResult = remoteUserService.getUserInfoByEmail(email, SecurityConstants.INNER);
+        R<LoginUser> userResult = remoteUserService.getUserInfoByEmail(Sm4Utils.encrypt(email), SecurityConstants.INNER);
         //验证用户是否存在
         passwordValidatorService.validateUserResult(email, userResult);
         LoginUser userInfo = userResult.getData();

bonus-auth/src/main/java/com/bonus/auth/service/EmailPasswordLoginStrategy.java

@@ -3,6 +3,7 @@ package com.bonus.auth.service;
 import com.bonus.common.core.constant.SecurityConstants;
 import com.bonus.common.core.domain.R;
 import com.bonus.common.core.exception.ServiceException;
+import com.bonus.common.core.utils.encryption.Sm4Utils;
 import com.bonus.config.SystemConfig;
 import com.bonus.system.api.RemoteUserService;
 import com.bonus.system.api.domain.SysUser;
@@ -33,7 +34,7 @@ public class EmailPasswordLoginStrategy implements LoginStrategy {
             throw new ServiceException("用户不存在/密码错误");
         }
         //通过手机号获取用户信息
-        R<LoginUser> userResult = remoteUserService.getUserInfoByEmail(email, SecurityConstants.INNER);
+        R<LoginUser> userResult = remoteUserService.getUserInfoByEmail(Sm4Utils.encrypt(email), SecurityConstants.INNER);
         //验证用户是否存在
         passwordValidatorService.validateUserResult(email, userResult);
         //获取用户信息

bonus-auth/src/main/java/com/bonus/auth/service/PhoneOtpLoginStrategy.java

@@ -3,6 +3,7 @@ package com.bonus.auth.service;
 import com.bonus.common.core.constant.SecurityConstants;
 import com.bonus.common.core.domain.R;
 import com.bonus.common.core.exception.ServiceException;
+import com.bonus.common.core.utils.encryption.Sm4Utils;
 import com.bonus.config.SystemConfig;
 import com.bonus.system.api.RemoteUserService;
 import com.bonus.system.api.domain.SysUser;
@@ -32,7 +33,7 @@ public class PhoneOtpLoginStrategy implements LoginStrategy {
             throw new ServiceException("用户不存在/验证码错误");
         }
         passwordValidatorService.checkPhoneCaptcha(phone, otp);
-        R<LoginUser> userResult = remoteUserService.getUserInfoByPhone(phone, SecurityConstants.INNER);
+        R<LoginUser> userResult = remoteUserService.getUserInfoByPhone(Sm4Utils.encrypt(phone), SecurityConstants.INNER);
         //验证用户是否存在
         passwordValidatorService.validateUserResult(phone, userResult);
         LoginUser userInfo = userResult.getData();

bonus-auth/src/main/java/com/bonus/auth/service/PhonePasswordLoginStrategy.java

@@ -3,6 +3,7 @@ package com.bonus.auth.service;
 import com.bonus.common.core.constant.SecurityConstants;
 import com.bonus.common.core.domain.R;
 import com.bonus.common.core.exception.ServiceException;
+import com.bonus.common.core.utils.encryption.Sm4Utils;
 import com.bonus.config.SystemConfig;
 import com.bonus.system.api.RemoteUserService;
 import com.bonus.system.api.domain.SysUser;
@@ -35,7 +36,7 @@ public class PhonePasswordLoginStrategy implements LoginStrategy {
             throw new ServiceException("用户不存在/密码错误");
         }
         //通过手机号获取用户信息
-        R<LoginUser> userResult = remoteUserService.getUserInfoByPhone(phone, SecurityConstants.INNER);
+        R<LoginUser> userResult = remoteUserService.getUserInfoByPhone(Sm4Utils.encrypt(phone), SecurityConstants.INNER);
         //验证用户是否存在
         passwordValidatorService.validateUserResult(phone, userResult);
         //获取用户信息

bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/encryption/Sm3Util.java

@@ -15,11 +15,6 @@ public class Sm3Util {
 
     static SM3 sm3 = SmUtil.sm3WithSalt("2cc0c5f9f1749f1632efa9f63e902323".getBytes(StandardCharsets.UTF_8));
 
-//    public static void main(String[] args) {
-//
-//            String msg= encrypt("1234567890");
-//            System.err.println(msg);
-//    }
 
     public static String encrypt(String data) {
         return Sm3Util.sm3.digestHex(data);

bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/encryption/Sm4Utils.java

@@ -4,7 +4,6 @@ import cn.hutool.core.util.HexUtil;
 import cn.hutool.crypto.Mode;
 import cn.hutool.crypto.Padding;
 import cn.hutool.crypto.symmetric.SM4;
-import com.bonus.common.core.utils.StringUtils;
 
 /**
  * @author bonus
@@ -14,6 +13,8 @@ public class Sm4Utils {
      * 必须是16字节
      */
     private static final String KEY = "78d1295afa99449b99d6f83820e6965c";
+
+    private static final String IV = "f555adf6c01d0ab0761e626a2dae34a2";
     /**
      * 加密数据，使用固定盐
      *
@@ -22,13 +23,11 @@ public class Sm4Utils {
      */
     public static String encrypt(String plainText) {
         try {
-            String salt = StringUtils.randomUUID();
+            SM4 sm4 = new SM4(Mode.CBC, Padding.PKCS5Padding, HexUtil.decodeHex(KEY),HexUtil.decodeHex(IV));
-            // 初始化SM4加密工具
-            SM4 sm4 = new SM4(Mode.CBC, Padding.PKCS5Padding, HexUtil.decodeHex(KEY),HexUtil.decodeHex(salt));
             // 加密带盐的明文
             byte[] encryptedData = sm4.encrypt(plainText);
             // 返回带盐的加密结果（Hex编码）
-            return HexUtil.encodeHexStr(encryptedData)+salt;
+            return HexUtil.encodeHexStr(encryptedData);
         } catch (Exception e) {
             e.printStackTrace();
             return null; // 发生异常时返回null
@@ -43,17 +42,10 @@ public class Sm4Utils {
      */
     public static String decrypt(String cipherText) {
         try {
-            // 提取盐，后32个字符
-            String salt = cipherText.length() > 32 ?
-                    cipherText.substring(cipherText.length() - 32) :
-                    cipherText; // 如果字符串长度小于32，返回整个字符串
-
-            // 去掉盐，获取原始的密文部分
-            String originalHex = cipherText.substring(0, cipherText.length() - 32);
             // 初始化SM4解密工具
-            SM4 sm4 = new SM4(Mode.CBC, Padding.PKCS5Padding, HexUtil.decodeHex(KEY), HexUtil.decodeHex(salt));
+            SM4 sm4 = new SM4(Mode.CBC, Padding.PKCS5Padding, HexUtil.decodeHex(KEY),HexUtil.decodeHex(IV));
             // 解密数据
-            byte[] decryptedData = sm4.decrypt(originalHex);
+            byte[] decryptedData = sm4.decrypt(cipherText);
             return new String(decryptedData);
         } catch (Exception e) {
             e.printStackTrace();
@@ -63,7 +55,7 @@ public class Sm4Utils {
 
     // 测试方法，演示加密和解密过程
     public static void main(String[] args) {
-        String plainText = "Hello, SM4 encryption with fixed salt!";
+        String plainText = "15398187429";
         System.out.println("原文: " + plainText);
 
         // 加密明文
@@ -71,7 +63,7 @@ public class Sm4Utils {
         System.out.println("加密后: " + encryptedText);
 
         // 解密密文
-        String decryptedText = Sm4Utils.decrypt("224c59bb4aa36a42d6639cf31986521d8fc838bc299483ffef95ae38c7d16e43d8bc9862b0f9dc94c88ed69b4575f1b3");
+        String decryptedText = Sm4Utils.decrypt(encryptedText);
         System.out.println("解密后: " + decryptedText);
     }
 }