登录密码进行加密

bonus-common/src/main/java/com/bonus/common/constant/Constants.java

@@ -5,7 +5,7 @@ import io.jsonwebtoken.Claims;
 
 /**
  * 通用常量信息
- * 
+ *
  * @author ruoyi
  */
 public class Constants
@@ -170,4 +170,16 @@ public class Constants
      */
     public static final String[] JOB_ERROR_STR = { "java.net.URL", "javax.naming.InitialContext", "org.yaml.snakeyaml",
             "org.springframework", "org.apache", "com.ruoyi.common.utils.file", "com.ruoyi.common.config", "com.ruoyi.generator" };
+
+    /**
+     * 加密公钥
+     */
+    public static final String publicKey = "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKoR8mX0rGKLqzcWmOzbfj64K8ZIgOdHnzkXSOVOZbFu/TJhZ7rFAN+eaGkl3C4buccQd/EjEsj9ir7ijT7h96MCAwEAAQ==";
+
+    /**
+     * 解密私钥
+     */
+    public static final String privateKey = "MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAqhHyZfSsYourNxaY7Nt+PrgrxkiA50efORdI5U5lsW79MmFnusUA355oaSXcLhu5xxB38SMSyP2KvuKNPuH3owIDAQABAkAfoiLyL+Z4lf4Myxk6xUDgLaWGximj20CUf+5BKKnlrK+Ed8gAkM0HqoTt2UZwA5E2MzS4EI2gjfQhz5X28uqxAiEA3wNFxfrCZlSZHb0gn2zDpWowcSxQAgiCstxGUoOqlW8CIQDDOerGKH5OmCJ4Z21v+F25WaHYPxCFMvwxpcw99EcvDQIgIdhDTIqD2jfYjPTY8Jj3EDGPbH2HHuffvflECt3Ek60CIQCFRlCkHpi7hthhYhovyloRYsM+IS9h/0BzlEAuO0ktMQIgSPT3aFAgJYwKpqRYKlLDVcflZFCKY7u3UP8iWi1Qw0Y=";
+
+
 }

bonus-common/src/main/java/com/bonus/common/utils/RsaUtil.java

@@ -0,0 +1,133 @@
+package com.bonus.common.utils;
+
+import javax.crypto.Cipher;
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.Base64;
+
+/**
+ * @Author ma_sh
+ * @create 2024/5/25 16:07
+ */
+public class RsaUtil {
+    //签名算法名称
+    private static final String RSA_KEY_ALGORITHM = "RSA";
+
+    //RSA密钥长度,默认密钥长度是1024,密钥长度必须是64的倍数，在512到65536位之间,不管是RSA还是RSA2长度推荐使用2048
+    private static final int KEY_SIZE = 2048;
+
+    /**
+     * 公钥加密(用于数据加密)
+     *
+     * @param data         加密前的字符串
+     * @param publicKeyStr base64编码后的公钥
+     * @return base64编码后的字符串
+     * @throws Exception
+     */
+    public static String encryptByPublicKey(String data, String publicKeyStr) throws Exception {
+        //Java原生base64解码
+        byte[] pubKey = Base64.getDecoder().decode(publicKeyStr);
+        //创建X509编码密钥规范
+        X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(pubKey);
+        //返回转换指定算法的KeyFactory对象
+        KeyFactory keyFactory = KeyFactory.getInstance(RSA_KEY_ALGORITHM);
+        //根据X509编码密钥规范产生公钥对象
+        PublicKey publicKey = keyFactory.generatePublic(x509KeySpec);
+        //根据转换的名称获取密码对象Cipher（转换的名称：算法/工作模式/填充模式）
+        Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
+        //用公钥初始化此Cipher对象（加密模式）
+        cipher.init(Cipher.ENCRYPT_MODE, publicKey);
+        //对数据加密
+        byte[] encrypt = cipher.doFinal(data.getBytes());
+        //返回base64编码后的字符串
+        return Base64.getEncoder().encodeToString(encrypt);
+    }
+
+
+    /**
+     * 私钥解密(用于数据解密)
+     *
+     * @param data          解密前的字符串
+     * @param privateKeyStr 私钥
+     * @return 解密后的字符串
+     * @throws Exception
+     */
+    public static String decryptByPrivateKey(String data, String privateKeyStr) throws Exception {
+        //Java原生base64解码
+        byte[] priKey = Base64.getDecoder().decode(privateKeyStr);
+        //创建PKCS8编码密钥规范
+        PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(priKey);
+        //返回转换指定算法的KeyFactory对象
+        KeyFactory keyFactory = KeyFactory.getInstance(RSA_KEY_ALGORITHM);
+        //根据PKCS8编码密钥规范产生私钥对象
+        PrivateKey privateKey = keyFactory.generatePrivate(pkcs8KeySpec);
+        //根据转换的名称获取密码对象Cipher（转换的名称：算法/工作模式/填充模式）
+        Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
+        //用私钥初始化此Cipher对象（解密模式）
+        cipher.init(Cipher.DECRYPT_MODE, privateKey);
+        //对数据解密
+        byte[] decrypt = cipher.doFinal(Base64.getDecoder().decode(data));
+        //返回字符串
+        return new String(decrypt);
+    }
+
+
+
+    /**
+     * 私钥加密(用于数据签名)
+     *
+     * @param data          加密前的字符串
+     * @param privateKeyStr base64编码后的私钥
+     * @return base64编码后后的字符串
+     * @throws Exception
+     */
+    public static String encryptByPrivateKey(String data, String privateKeyStr) throws Exception {
+        //Java原生base64解码
+        byte[] priKey = Base64.getDecoder().decode(privateKeyStr);
+        //创建PKCS8编码密钥规范
+        PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(priKey);
+        //返回转换指定算法的KeyFactory对象
+        KeyFactory keyFactory = KeyFactory.getInstance(RSA_KEY_ALGORITHM);
+        //根据PKCS8编码密钥规范产生私钥对象
+        PrivateKey privateKey = keyFactory.generatePrivate(pkcs8KeySpec);
+        //根据转换的名称获取密码对象Cipher（转换的名称：算法/工作模式/填充模式）
+        Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
+        //用私钥初始化此Cipher对象（加密模式）
+        cipher.init(Cipher.ENCRYPT_MODE, privateKey);
+        //对数据加密
+        byte[] encrypt = cipher.doFinal(data.getBytes());
+        //返回base64编码后的字符串
+        return Base64.getEncoder().encodeToString(encrypt);
+    }
+
+    /**
+     * 公钥解密(用于数据验签)
+     *
+     * @param data         解密前的字符串
+     * @param publicKeyStr base64编码后的公钥
+     * @return 解密后的字符串
+     * @throws Exception
+     */
+    public static String decryptByPublicKey(String data, String publicKeyStr) throws Exception {
+        //Java原生base64解码
+        byte[] pubKey = Base64.getDecoder().decode(publicKeyStr);
+        //创建X509编码密钥规范
+        X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(pubKey);
+        //返回转换指定算法的KeyFactory对象
+        KeyFactory keyFactory = KeyFactory.getInstance(RSA_KEY_ALGORITHM);
+        //根据X509编码密钥规范产生公钥对象
+        PublicKey publicKey = keyFactory.generatePublic(x509KeySpec);
+        //根据转换的名称获取密码对象Cipher（转换的名称：算法/工作模式/填充模式）
+        Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
+        //用公钥初始化此Cipher对象（解密模式）
+        cipher.init(Cipher.DECRYPT_MODE, publicKey);
+        //对数据解密
+        byte[] decrypt = cipher.doFinal(Base64.getDecoder().decode(data));
+        //返回字符串
+        return new String(decrypt);
+    }
+
+}

search-tool/src/main/java/com/bonus/tool/controller/system/SysLoginController.java

@@ -2,6 +2,8 @@ package com.bonus.tool.controller.system;
 
 import java.util.List;
 import java.util.Set;
+
+import com.bonus.common.utils.RsaUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -21,7 +23,7 @@ import com.bonus.system.service.ISysMenuService;
 
 /**
  * 登录验证
- * 
+ *
  * @author ruoyi
  */
 @RestController
@@ -41,16 +43,16 @@ public class SysLoginController
 
     /**
      * 登录方法
-     * 
+     *
      * @param loginBody 登录信息
      * @return 结果
      */
     @PostMapping("/login")
-    public AjaxResult login(@RequestBody LoginBody loginBody)
-    {
+    public AjaxResult login(@RequestBody LoginBody loginBody) throws Exception {
+        String decryptedData = RsaUtil.decryptByPrivateKey(loginBody.getPassword(), Constants.privateKey);
         AjaxResult ajax = AjaxResult.success();
         // 生成令牌
-        String token = loginService.login(loginBody.getUsername(), loginBody.getPassword(), loginBody.getCode(),
+        String token = loginService.login(loginBody.getUsername(), decryptedData, loginBody.getCode(),
                 loginBody.getUuid());
         ajax.put(Constants.TOKEN, token);
         return ajax;
@@ -58,7 +60,7 @@ public class SysLoginController
 
     /**
      * 获取用户信息
-     * 
+     *
      * @return 用户信息
      */
     @GetMapping("getInfo")
@@ -84,7 +86,7 @@ public class SysLoginController
 
     /**
      * 获取路由信息
-     * 
+     *
      * @return 路由信息
      */
     @GetMapping("getRouters")