diff --git a/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/config/RsaUtil.java b/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/config/RsaUtil.java new file mode 100644 index 00000000..dc11bb47 --- /dev/null +++ b/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/config/RsaUtil.java @@ -0,0 +1,136 @@ +package com.bonus.sgzb.system.config; + +/** + * @Author ma_sh + * @create 2024/5/24 19:08 + */ + +import javax.crypto.Cipher; +import java.security.KeyFactory; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; +import java.util.Base64; + +public class RsaUtil { + + //签名算法名称 + private static final String RSA_KEY_ALGORITHM = "RSA"; + + //RSA密钥长度,默认密钥长度是1024,密钥长度必须是64的倍数,在512到65536位之间,不管是RSA还是RSA2长度推荐使用2048 + private static final int KEY_SIZE = 2048; + + /** + * 公钥加密(用于数据加密) + * + * @param data 加密前的字符串 + * @param publicKeyStr base64编码后的公钥 + * @return base64编码后的字符串 + * @throws Exception + */ + public static String encryptByPublicKey(String data, String publicKeyStr) throws Exception { + //Java原生base64解码 + byte[] pubKey = Base64.getDecoder().decode(publicKeyStr); + //创建X509编码密钥规范 + X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(pubKey); + //返回转换指定算法的KeyFactory对象 + KeyFactory keyFactory = KeyFactory.getInstance(RSA_KEY_ALGORITHM); + //根据X509编码密钥规范产生公钥对象 + PublicKey publicKey = keyFactory.generatePublic(x509KeySpec); + //根据转换的名称获取密码对象Cipher(转换的名称:算法/工作模式/填充模式) + Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); + //用公钥初始化此Cipher对象(加密模式) + cipher.init(Cipher.ENCRYPT_MODE, publicKey); + //对数据加密 + byte[] encrypt = cipher.doFinal(data.getBytes()); + //返回base64编码后的字符串 + return Base64.getEncoder().encodeToString(encrypt); + } + + + /** + * 私钥解密(用于数据解密) + * + * @param data 解密前的字符串 + * @param privateKeyStr 私钥 + * @return 解密后的字符串 + * @throws Exception + */ + public static String decryptByPrivateKey(String data, String privateKeyStr) throws Exception { + //Java原生base64解码 + byte[] priKey = Base64.getDecoder().decode(privateKeyStr); + //创建PKCS8编码密钥规范 + PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(priKey); + //返回转换指定算法的KeyFactory对象 + KeyFactory keyFactory = KeyFactory.getInstance(RSA_KEY_ALGORITHM); + //根据PKCS8编码密钥规范产生私钥对象 + PrivateKey privateKey = keyFactory.generatePrivate(pkcs8KeySpec); + //根据转换的名称获取密码对象Cipher(转换的名称:算法/工作模式/填充模式) + Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); + //用私钥初始化此Cipher对象(解密模式) + cipher.init(Cipher.DECRYPT_MODE, privateKey); + //对数据解密 + byte[] decrypt = cipher.doFinal(Base64.getDecoder().decode(data)); + //返回字符串 + return new String(decrypt); + } + + + + /** + * 私钥加密(用于数据签名) + * + * @param data 加密前的字符串 + * @param privateKeyStr base64编码后的私钥 + * @return base64编码后后的字符串 + * @throws Exception + */ + public static String encryptByPrivateKey(String data, String privateKeyStr) throws Exception { + //Java原生base64解码 + byte[] priKey = Base64.getDecoder().decode(privateKeyStr); + //创建PKCS8编码密钥规范 + PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(priKey); + //返回转换指定算法的KeyFactory对象 + KeyFactory keyFactory = KeyFactory.getInstance(RSA_KEY_ALGORITHM); + //根据PKCS8编码密钥规范产生私钥对象 + PrivateKey privateKey = keyFactory.generatePrivate(pkcs8KeySpec); + //根据转换的名称获取密码对象Cipher(转换的名称:算法/工作模式/填充模式) + Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); + //用私钥初始化此Cipher对象(加密模式) + cipher.init(Cipher.ENCRYPT_MODE, privateKey); + //对数据加密 + byte[] encrypt = cipher.doFinal(data.getBytes()); + //返回base64编码后的字符串 + return Base64.getEncoder().encodeToString(encrypt); + } + + /** + * 公钥解密(用于数据验签) + * + * @param data 解密前的字符串 + * @param publicKeyStr base64编码后的公钥 + * @return 解密后的字符串 + * @throws Exception + */ + public static String decryptByPublicKey(String data, String publicKeyStr) throws Exception { + //Java原生base64解码 + byte[] pubKey = Base64.getDecoder().decode(publicKeyStr); + //创建X509编码密钥规范 + X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(pubKey); + //返回转换指定算法的KeyFactory对象 + KeyFactory keyFactory = KeyFactory.getInstance(RSA_KEY_ALGORITHM); + //根据X509编码密钥规范产生公钥对象 + PublicKey publicKey = keyFactory.generatePublic(x509KeySpec); + //根据转换的名称获取密码对象Cipher(转换的名称:算法/工作模式/填充模式) + Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); + //用公钥初始化此Cipher对象(解密模式) + cipher.init(Cipher.DECRYPT_MODE, publicKey); + //对数据解密 + byte[] decrypt = cipher.doFinal(Base64.getDecoder().decode(data)); + //返回字符串 + return new String(decrypt); + } + +} + diff --git a/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysConfigController.java b/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysConfigController.java index 9ef74998..f5b101b4 100644 --- a/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysConfigController.java +++ b/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysConfigController.java @@ -8,6 +8,7 @@ import javax.crypto.spec.SecretKeySpec; import javax.servlet.http.HttpServletResponse; import com.bonus.sgzb.common.core.utils.StringUtils; +import com.bonus.sgzb.system.config.RsaUtil; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.DeleteMapping; @@ -38,6 +39,7 @@ import com.bonus.sgzb.system.service.ISysConfigService; @RequestMapping("/config") public class SysConfigController extends BaseController { + private final String publicKey = "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKoR8mX0rGKLqzcWmOzbfj64K8ZIgOdHnzkXSOVOZbFu/TJhZ7rFAN+eaGkl3C4buccQd/EjEsj9ir7ijT7h96MCAwEAAQ=="; private final String CONFIG_KEY = "sys.user.initPassword"; @Autowired private ISysConfigService configService; @@ -52,15 +54,7 @@ public class SysConfigController extends BaseController List list = configService.selectConfigList(config); for (SysConfig sysConfig : list) { if (CONFIG_KEY.equals(sysConfig.getConfigKey()) && StringUtils.isNotBlank(sysConfig.getConfigValue())) { - // 定义密钥 - String key = "CCNWrpassWordKey"; - SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "AES"); - // 使用ECB模式简化示例,实际推荐CBC - Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); - cipher.init(Cipher.ENCRYPT_MODE, keySpec); - String data = sysConfig.getConfigValue(); - byte[] encryptedBytes = cipher.doFinal(data.getBytes(StandardCharsets.UTF_8)); - String configValue = Base64.getEncoder().encodeToString(encryptedBytes); + String configValue = RsaUtil.encryptByPublicKey(sysConfig.getConfigValue(), publicKey); sysConfig.setConfigValue(configValue); } } @@ -94,14 +88,7 @@ public class SysConfigController extends BaseController { String configByKey = configService.selectConfigByKey(configKey); if (CONFIG_KEY.equals(configKey) && StringUtils.isNotBlank(configByKey)) { - // 定义密钥 - String key = "CCNWrpassWordKey"; - SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "AES"); - // 使用ECB模式简化示例,实际推荐CBC - Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); - cipher.init(Cipher.ENCRYPT_MODE, keySpec); - byte[] encryptedBytes = cipher.doFinal(configByKey.getBytes(StandardCharsets.UTF_8)); - String configValue = Base64.getEncoder().encodeToString(encryptedBytes); + String configValue = RsaUtil.encryptByPublicKey(configByKey, publicKey); return AjaxResult.success(configValue); } return AjaxResult.success(configByKey);