diff --git a/bonus-common/src/main/java/com/bonus/common/constant/Constants.java b/bonus-common/src/main/java/com/bonus/common/constant/Constants.java index 686bbc9..baf4dfb 100644 --- a/bonus-common/src/main/java/com/bonus/common/constant/Constants.java +++ b/bonus-common/src/main/java/com/bonus/common/constant/Constants.java @@ -5,7 +5,7 @@ import io.jsonwebtoken.Claims; /** * 通用常量信息 - * + * * @author ruoyi */ public class Constants @@ -170,4 +170,16 @@ public class Constants */ public static final String[] JOB_ERROR_STR = { "java.net.URL", "javax.naming.InitialContext", "org.yaml.snakeyaml", "org.springframework", "org.apache", "com.ruoyi.common.utils.file", "com.ruoyi.common.config", "com.ruoyi.generator" }; + + /** + * 加密公钥 + */ + public static final String publicKey = "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKoR8mX0rGKLqzcWmOzbfj64K8ZIgOdHnzkXSOVOZbFu/TJhZ7rFAN+eaGkl3C4buccQd/EjEsj9ir7ijT7h96MCAwEAAQ=="; + + /** + * 解密私钥 + */ + public static final String privateKey = "MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAqhHyZfSsYourNxaY7Nt+PrgrxkiA50efORdI5U5lsW79MmFnusUA355oaSXcLhu5xxB38SMSyP2KvuKNPuH3owIDAQABAkAfoiLyL+Z4lf4Myxk6xUDgLaWGximj20CUf+5BKKnlrK+Ed8gAkM0HqoTt2UZwA5E2MzS4EI2gjfQhz5X28uqxAiEA3wNFxfrCZlSZHb0gn2zDpWowcSxQAgiCstxGUoOqlW8CIQDDOerGKH5OmCJ4Z21v+F25WaHYPxCFMvwxpcw99EcvDQIgIdhDTIqD2jfYjPTY8Jj3EDGPbH2HHuffvflECt3Ek60CIQCFRlCkHpi7hthhYhovyloRYsM+IS9h/0BzlEAuO0ktMQIgSPT3aFAgJYwKpqRYKlLDVcflZFCKY7u3UP8iWi1Qw0Y="; + + } diff --git a/bonus-common/src/main/java/com/bonus/common/utils/RsaUtil.java b/bonus-common/src/main/java/com/bonus/common/utils/RsaUtil.java new file mode 100644 index 0000000..518e2e1 --- /dev/null +++ b/bonus-common/src/main/java/com/bonus/common/utils/RsaUtil.java @@ -0,0 +1,133 @@ +package com.bonus.common.utils; + +import javax.crypto.Cipher; +import java.security.KeyFactory; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; +import java.util.Base64; + +/** + * @Author ma_sh + * @create 2024/5/25 16:07 + */ +public class RsaUtil { + //签名算法名称 + private static final String RSA_KEY_ALGORITHM = "RSA"; + + //RSA密钥长度,默认密钥长度是1024,密钥长度必须是64的倍数,在512到65536位之间,不管是RSA还是RSA2长度推荐使用2048 + private static final int KEY_SIZE = 2048; + + /** + * 公钥加密(用于数据加密) + * + * @param data 加密前的字符串 + * @param publicKeyStr base64编码后的公钥 + * @return base64编码后的字符串 + * @throws Exception + */ + public static String encryptByPublicKey(String data, String publicKeyStr) throws Exception { + //Java原生base64解码 + byte[] pubKey = Base64.getDecoder().decode(publicKeyStr); + //创建X509编码密钥规范 + X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(pubKey); + //返回转换指定算法的KeyFactory对象 + KeyFactory keyFactory = KeyFactory.getInstance(RSA_KEY_ALGORITHM); + //根据X509编码密钥规范产生公钥对象 + PublicKey publicKey = keyFactory.generatePublic(x509KeySpec); + //根据转换的名称获取密码对象Cipher(转换的名称:算法/工作模式/填充模式) + Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); + //用公钥初始化此Cipher对象(加密模式) + cipher.init(Cipher.ENCRYPT_MODE, publicKey); + //对数据加密 + byte[] encrypt = cipher.doFinal(data.getBytes()); + //返回base64编码后的字符串 + return Base64.getEncoder().encodeToString(encrypt); + } + + + /** + * 私钥解密(用于数据解密) + * + * @param data 解密前的字符串 + * @param privateKeyStr 私钥 + * @return 解密后的字符串 + * @throws Exception + */ + public static String decryptByPrivateKey(String data, String privateKeyStr) throws Exception { + //Java原生base64解码 + byte[] priKey = Base64.getDecoder().decode(privateKeyStr); + //创建PKCS8编码密钥规范 + PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(priKey); + //返回转换指定算法的KeyFactory对象 + KeyFactory keyFactory = KeyFactory.getInstance(RSA_KEY_ALGORITHM); + //根据PKCS8编码密钥规范产生私钥对象 + PrivateKey privateKey = keyFactory.generatePrivate(pkcs8KeySpec); + //根据转换的名称获取密码对象Cipher(转换的名称:算法/工作模式/填充模式) + Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); + //用私钥初始化此Cipher对象(解密模式) + cipher.init(Cipher.DECRYPT_MODE, privateKey); + //对数据解密 + byte[] decrypt = cipher.doFinal(Base64.getDecoder().decode(data)); + //返回字符串 + return new String(decrypt); + } + + + + /** + * 私钥加密(用于数据签名) + * + * @param data 加密前的字符串 + * @param privateKeyStr base64编码后的私钥 + * @return base64编码后后的字符串 + * @throws Exception + */ + public static String encryptByPrivateKey(String data, String privateKeyStr) throws Exception { + //Java原生base64解码 + byte[] priKey = Base64.getDecoder().decode(privateKeyStr); + //创建PKCS8编码密钥规范 + PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(priKey); + //返回转换指定算法的KeyFactory对象 + KeyFactory keyFactory = KeyFactory.getInstance(RSA_KEY_ALGORITHM); + //根据PKCS8编码密钥规范产生私钥对象 + PrivateKey privateKey = keyFactory.generatePrivate(pkcs8KeySpec); + //根据转换的名称获取密码对象Cipher(转换的名称:算法/工作模式/填充模式) + Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); + //用私钥初始化此Cipher对象(加密模式) + cipher.init(Cipher.ENCRYPT_MODE, privateKey); + //对数据加密 + byte[] encrypt = cipher.doFinal(data.getBytes()); + //返回base64编码后的字符串 + return Base64.getEncoder().encodeToString(encrypt); + } + + /** + * 公钥解密(用于数据验签) + * + * @param data 解密前的字符串 + * @param publicKeyStr base64编码后的公钥 + * @return 解密后的字符串 + * @throws Exception + */ + public static String decryptByPublicKey(String data, String publicKeyStr) throws Exception { + //Java原生base64解码 + byte[] pubKey = Base64.getDecoder().decode(publicKeyStr); + //创建X509编码密钥规范 + X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(pubKey); + //返回转换指定算法的KeyFactory对象 + KeyFactory keyFactory = KeyFactory.getInstance(RSA_KEY_ALGORITHM); + //根据X509编码密钥规范产生公钥对象 + PublicKey publicKey = keyFactory.generatePublic(x509KeySpec); + //根据转换的名称获取密码对象Cipher(转换的名称:算法/工作模式/填充模式) + Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); + //用公钥初始化此Cipher对象(解密模式) + cipher.init(Cipher.DECRYPT_MODE, publicKey); + //对数据解密 + byte[] decrypt = cipher.doFinal(Base64.getDecoder().decode(data)); + //返回字符串 + return new String(decrypt); + } + +} diff --git a/search-tool/src/main/java/com/bonus/tool/controller/system/SysLoginController.java b/search-tool/src/main/java/com/bonus/tool/controller/system/SysLoginController.java index 04f2ffe..1f89330 100644 --- a/search-tool/src/main/java/com/bonus/tool/controller/system/SysLoginController.java +++ b/search-tool/src/main/java/com/bonus/tool/controller/system/SysLoginController.java @@ -2,6 +2,8 @@ package com.bonus.tool.controller.system; import java.util.List; import java.util.Set; + +import com.bonus.common.utils.RsaUtil; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; @@ -21,7 +23,7 @@ import com.bonus.system.service.ISysMenuService; /** * 登录验证 - * + * * @author ruoyi */ @RestController @@ -41,16 +43,16 @@ public class SysLoginController /** * 登录方法 - * + * * @param loginBody 登录信息 * @return 结果 */ @PostMapping("/login") - public AjaxResult login(@RequestBody LoginBody loginBody) - { + public AjaxResult login(@RequestBody LoginBody loginBody) throws Exception { + String decryptedData = RsaUtil.decryptByPrivateKey(loginBody.getPassword(), Constants.privateKey); AjaxResult ajax = AjaxResult.success(); // 生成令牌 - String token = loginService.login(loginBody.getUsername(), loginBody.getPassword(), loginBody.getCode(), + String token = loginService.login(loginBody.getUsername(), decryptedData, loginBody.getCode(), loginBody.getUuid()); ajax.put(Constants.TOKEN, token); return ajax; @@ -58,7 +60,7 @@ public class SysLoginController /** * 获取用户信息 - * + * * @return 用户信息 */ @GetMapping("getInfo") @@ -84,7 +86,7 @@ public class SysLoginController /** * 获取路由信息 - * + * * @return 路由信息 */ @GetMapping("getRouters")