Skip to content

S
secure
Commit 01cd2faf by 胡懿
Options

加密jar配合修改

parent 33eaad09
Showing with 254 additions and 28 deletions
gt-club/gt-club-biz/src/main/java/cn/gintone/controller/DesCorporationController.java
......@@ -15,6 +15,7 @@ import io.swagger.v3.oas.annotations.tags.Tag;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.Operation;
import javax.annotation.security.PermitAll;
import javax.validation.*;
import javax.servlet.http.*;
import java.io.IOException;
......@@ -109,6 +110,7 @@ public class DesCorporationController {
return CommonResult.success(str);
}
@PermitAll
@PostMapping("/corporationRuleDesMap")
@Operation(summary = "法人脱敏")
public CommonResult<Map<String, Object>> corporationRuleDesMap(@RequestBody Map<String, Object> map) {
......@@ -124,6 +126,7 @@ public class DesCorporationController {
}
@PermitAll
@PostMapping("/corporationRuleDesListMap")
@Operation(summary = "法人批量脱敏")
public CommonResult<List<Map<String, Object>>> corporationRuleDesListMap(@RequestBody List<Map<String, Object>> lisetMap) {
......
gt-club/gt-club-biz/src/main/java/cn/gintone/controller/KeyCodeController.java
......@@ -12,6 +12,7 @@ import cn.gintone.iotdbUtils.FileIotDbUtil;
import cn.gintone.iotdbUtils.SpecialPeopleIotDbUtils;
import cn.gintone.service.KeyCodeService;
import cn.iocoder.yudao.framework.common.pojo.PageResult;
import cn.iocoder.yudao.module.system.service.auth.AdminAuthService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import javax.annotation.Resource;
......@@ -21,6 +22,7 @@ import io.swagger.v3.oas.annotations.tags.Tag;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.Operation;
import javax.annotation.security.PermitAll;
import javax.validation.*;
import javax.servlet.http.*;
import java.io.IOException;
......@@ -31,6 +33,8 @@ import java.util.Map;
import cn.iocoder.yudao.framework.common.pojo.PageParam;
import cn.iocoder.yudao.framework.common.pojo.CommonResult;
import cn.iocoder.yudao.framework.common.util.object.BeanUtils;
import static cn.iocoder.yudao.framework.common.pojo.CommonResult.error;
import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
import cn.iocoder.yudao.framework.excel.core.util.ExcelUtils;
......@@ -50,6 +54,9 @@ public class KeyCodeController {
@Autowired
private IotDbConfig iotDbConfig;
@Resource
private AdminAuthService authService;
@PostMapping("/create")
@Operation(summary = "创建公钥私钥管理")
@PreAuthorize("@ss.hasPermission('gintone:key-code:create')")
......@@ -110,17 +117,36 @@ public class KeyCodeController {
return success(keyCodeService.initKey());
}
@PermitAll
@PostMapping("/rasEncryption")
@Operation(summary = "RAS加密")
@Operation(summary = "外部RAS加密")
public CommonResult<EncInfo> rasEncryption(@RequestBody Map<String, Object> requestMap) {
EncInfo encInfo = keyCodeService.rasEncryption(requestMap);
return success(encInfo);
}
@PermitAll
@PostMapping("/rasDecrypt")
@Operation(summary = "RAS解密")
public CommonResult<Map<String, Object>> rasDecrypt(@RequestBody EncInfo encInfo) {
Map<String, Object> map = keyCodeService.rasDecrypt(encInfo);
@Operation(summary = "外部RAS解密")
public CommonResult<Map<String, Object>> rasDecrypt(@RequestBody EncInfo encInfo, HttpServletRequest request) {
String pdToken = request.getHeader("pdToken");
String ip = request.getHeader("X-Forwarded-For");
if (isInvalidIp(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if (isInvalidIp(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if (isInvalidIp(ip)) {
ip = request.getHeader("HTTP_CLIENT_IP");
}
if (isInvalidIp(ip)) {
ip = request.getHeader("HTTP_X_FORWARDED_FOR");
}
if (isInvalidIp(ip)) {
ip = request.getRemoteAddr();
}
Map<String, Object> map = keyCodeService.rasDecrypt(encInfo, ip, pdToken, true);
return success(map);
}
@PostMapping("/smTwoEncryption")
......@@ -133,6 +159,7 @@ public class KeyCodeController {
@PostMapping("/smTwoDecrypt")
@Operation(summary = "sm2解密")
public CommonResult<Map<String, Object>> smTwoDecrypt(@RequestBody EncInfo encInfo, HttpServletRequest request) {
String pdToken = request.getHeader("pdToken");
String ip = request.getHeader("X-Forwarded-For");
if (isInvalidIp(ip)) {
ip = request.getHeader("Proxy-Client-IP");
......@@ -159,7 +186,7 @@ public class KeyCodeController {
.orElse(request.getRemoteAddr());
}
Map<String, Object> map = keyCodeService.smTwoDecrypt(encInfo, ip);
Map<String, Object> map = keyCodeService.smTwoDecrypt(encInfo, ip, pdToken);
return success(map);
}
......
gt-club/gt-club-biz/src/main/java/cn/gintone/controller/MyFileController.java
......@@ -48,6 +48,7 @@ public class MyFileController {
@PostMapping("/fileRasDecrypt")
@Operation(summary = "文件解密接口")
public CommonResult<Map<String, Object>> rasDecrypt(@RequestBody ImportantFileSaveReqVO createReqVO, HttpServletRequest request) throws Exception {
String pdToken = request.getHeader("pdToken");
String ip = request.getHeader("X-Forwarded-For");
if (isInvalidIp(ip)) {
ip = request.getHeader("Proxy-Client-IP");
......@@ -73,7 +74,7 @@ public class MyFileController {
.findFirst()
.orElse(request.getRemoteAddr());
}
Map<String, Object> map = keyCodeService.fileRasDecrypt(createReqVO, ip);
Map<String, Object> map = keyCodeService.fileRasDecrypt(createReqVO, ip, pdToken);
return success(map);
}
......
gt-club/gt-club-biz/src/main/java/cn/gintone/controller/UserDesRuleController.java
......@@ -14,6 +14,7 @@ import io.swagger.v3.oas.annotations.tags.Tag;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.Operation;
import javax.annotation.security.PermitAll;
import javax.validation.*;
import javax.servlet.http.*;
import java.io.IOException;
......@@ -102,7 +103,7 @@ public class UserDesRuleController {
return success(userDesRuleService.checkName(name, id));
}
@PermitAll
@PostMapping("/userRuleDes")
@Operation(summary = "人员脱敏")
public CommonResult<String> userRuleDes(@RequestBody DesInfo desInfo) {
......@@ -110,13 +111,14 @@ public class UserDesRuleController {
return CommonResult.success(str);
}
@PermitAll
@PostMapping("/userRuleDesMap")
@Operation(summary = "人员脱敏")
public CommonResult<Map<String, Object>> userRuleDesMap(@RequestBody Map<String, Object> map) {
Map<String, Object> resultMap = userDesRuleService.userRuleDesMap(map);
return CommonResult.success(resultMap);
}
@PermitAll
@PostMapping("/userRuleDesList")
@Operation(summary = "人员批量脱敏")
public CommonResult<String> userRuleDesList(@RequestBody DesInfo desInfo) {
......@@ -124,7 +126,7 @@ public class UserDesRuleController {
return CommonResult.success(str);
}
@PermitAll
@PostMapping("/userRuleDesListMap")
@Operation(summary = "人员批量脱敏")
public CommonResult<List<Map<String, Object>>> userRuleDesListMap(@RequestBody List<Map<String, Object>> lisetMap) {
......
gt-club/gt-club-biz/src/main/java/cn/gintone/controller/WebLogInfoController.java
......@@ -4,10 +4,7 @@ import cn.gintone.config.IotDbConfig;
import cn.gintone.dto.WebIllLogInfo;
import cn.gintone.dto.WebLogInfo;
import cn.gintone.dto.WebLogInfoVo;
import cn.gintone.iotdbUtils.FileIotDbUtil;
import cn.gintone.iotdbUtils.MyDateUtils;
import cn.gintone.iotdbUtils.MyIotDbUtils;
import cn.gintone.iotdbUtils.SpecialPeopleIotDbUtils;
import cn.gintone.iotdbUtils.*;
import cn.iocoder.yudao.framework.common.pojo.CommonResult;
import com.alibaba.fastjson.JSON;
import io.swagger.v3.oas.annotations.Operation;
......@@ -61,6 +58,13 @@ public class WebLogInfoController {
return CommonResult.success("初始化成功");
}
@PostMapping("/initJarDecLogIotDBTable")
@Operation(summary = "初始化jar加密时间序列")
public CommonResult<String> initJarDecLogIotDBTable() {
JarDecLogIotDbUtil.createJarDecLogInfoTimeseries(iotDbConfig);
return CommonResult.success("初始化成功");
}
@PostMapping("/saveWebLogInfo")
@Operation(summary = "外部性请求保存日志")
public CommonResult<String> saveWebLogInfo(@RequestBody WebLogInfo webLogInfo) {
......
gt-club/gt-club-biz/src/main/java/cn/gintone/dto/JarDecLogInfo.java 0 → 100644
package cn.gintone.dto;
/**
* 外部jar解密记录
*/
public class JarDecLogInfo {
private Long timesta;
private String timestaStr;
private String sysAbbre; // 系统简称
private String content; // 解密内容
private String privateKey; // 私钥
private String clientIp; // 访问端ip
private String userId; // 用户id
private String username; // 用户名
private String type; // 解密方式
private Long beginTime;
private Long endTime;
private Integer pageSize;
private Integer pageNum;
public Long getTimesta() {
return timesta;
}
public void setTimesta(Long timesta) {
this.timesta = timesta;
}
public String getTimestaStr() {
return timestaStr;
}
public void setTimestaStr(String timestaStr) {
this.timestaStr = timestaStr;
}
public String getSysAbbre() {
return sysAbbre;
}
public void setSysAbbre(String sysAbbre) {
this.sysAbbre = sysAbbre;
}
public String getContent() {
return content;
}
public void setContent(String content) {
this.content = content;
}
public String getPrivateKey() {
return privateKey;
}
public void setPrivateKey(String privateKey) {
this.privateKey = privateKey;
}
public String getClientIp() {
return clientIp;
}
public void setClientIp(String clientIp) {
this.clientIp = clientIp;
}
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getType() {
return type;
}
public void setType(String type) {
this.type = type;
}
public Long getBeginTime() {
return beginTime;
}
public void setBeginTime(Long beginTime) {
this.beginTime = beginTime;
}
public Long getEndTime() {
return endTime;
}
public void setEndTime(Long endTime) {
this.endTime = endTime;
}
public Integer getPageSize() {
return pageSize;
}
public void setPageSize(Integer pageSize) {
this.pageSize = pageSize;
}
public Integer getPageNum() {
return pageNum;
}
public void setPageNum(Integer pageNum) {
this.pageNum = pageNum;
}
@Override
public String toString() {
return "JarDecLogInfo{" +
"timesta=" + timesta +
", timestaStr='" + timestaStr + '\'' +
", sysAbbre='" + sysAbbre + '\'' +
", content='" + content + '\'' +
", privateKey='" + privateKey + '\'' +
", clientIp='" + clientIp + '\'' +
", userId='" + userId + '\'' +
", username='" + username + '\'' +
", type='" + type + '\'' +
", beginTime=" + beginTime +
", endTime=" + endTime +
", pageSize=" + pageSize +
", pageNum=" + pageNum +
'}';
}
}
gt-club/gt-club-biz/src/main/java/cn/gintone/service/KeyCodeService.java
......@@ -73,7 +73,7 @@ public interface KeyCodeService {
* @param encInfo
* @return
*/
Map<String, Object> rasDecrypt(EncInfo encInfo);
Map<String, Object> rasDecrypt(EncInfo encInfo, String clientIp, String pdToken, boolean isWai);
/**
* 使用sm2加密
......@@ -87,12 +87,14 @@ public interface KeyCodeService {
* @param encInfo
* @return
*/
Map<String, Object> smTwoDecrypt(EncInfo encInfo, String clientIp);
Map<String, Object> smTwoDecrypt(EncInfo encInfo, String clientIp, String pdToken);
/**
* 文件解密接口
* @param encInfo
* @return
*/
Map<String, Object> fileRasDecrypt(ImportantFileSaveReqVO fileSaveReqVO, String clientIp);
Map<String, Object> fileRasDecrypt(ImportantFileSaveReqVO fileSaveReqVO, String clientIp, String pdToken);
KeyCodeDO getByType(Integer type);
}
\ No newline at end of file
gt-club/gt-club-biz/src/main/java/cn/gintone/service/KeyCodeServiceImpl.java
......@@ -8,10 +8,12 @@ import cn.gintone.controller.vo.KeyCodeSaveReqVO;
import cn.gintone.dal.KeyCodeMapper;
import cn.gintone.dto.EncInfo;
import cn.gintone.dto.FileDecLogInfo;
import cn.gintone.dto.JarDecLogInfo;
import cn.gintone.dto.SpePeoLogInfo;
import cn.gintone.encryptionUtils.*;
import cn.gintone.entity.KeyCodeDO;
import cn.gintone.iotdbUtils.FileIotDbUtil;
import cn.gintone.iotdbUtils.JarDecLogIotDbUtil;
import cn.gintone.iotdbUtils.SpecialPeopleIotDbUtils;
import cn.iocoder.yudao.framework.common.pojo.PageResult;
import cn.iocoder.yudao.module.system.dal.dataobject.user.AdminUserDO;
......@@ -154,9 +156,14 @@ public class KeyCodeServiceImpl implements KeyCodeService {
}
@Override
public Map<String, Object> rasDecrypt(EncInfo encInfo) {
public Map<String, Object> rasDecrypt(EncInfo encInfo, String clientIp, String pdToken, boolean isWai) {
try {
PrivateKey privateKey = SecureHybridDecryptor.loadPrivateKey(encInfo.getPrivateKey());
PrivateKey pteKey = null;
if (!isWai) {
pteKey = SecureHybridDecryptor.loadPrivateKey(encInfo.getPrivateKey());
} else {
pteKey = SecureHybridDecryptor.loadPrivateKey(encInfo.getPrivateKey());
}
// 解密
Map<String, Object> resultMap = new HashMap<>();
Map<String, Object> infoMap = encInfo.getInfo();
......@@ -164,9 +171,24 @@ public class KeyCodeServiceImpl implements KeyCodeService {
for (Map.Entry<String, Object> entry : entries) {
String key = entry.getKey();
String info = entry.getValue().toString();
String decrypted = SecureHybridDecryptor.decrypt(info, privateKey);
String decrypted = SecureHybridDecryptor.decrypt(info, pteKey);
resultMap.put(key, decrypted);
}
if (isWai) {
AdminUserDO user = authService.getPdUserByToken(pdToken);
JarDecLogInfo jarDecLogInfo = new JarDecLogInfo();
jarDecLogInfo.setClientIp(clientIp);
jarDecLogInfo.setSysAbbre(encInfo.getSysAbbre());
jarDecLogInfo.setContent(JSON.toJSONString(infoMap));
jarDecLogInfo.setPrivateKey(encInfo.getPrivateKey());
jarDecLogInfo.setUserId(user.getId() + "");
jarDecLogInfo.setUsername(user.getUsername());
jarDecLogInfo.setType("ras");
JarDecLogIotDbUtil.inserOne(iotDbConfig, jarDecLogInfo);
}
return resultMap;
} catch (Exception e) {
e.printStackTrace();
......@@ -202,7 +224,7 @@ public class KeyCodeServiceImpl implements KeyCodeService {
}
@Override
public Map<String, Object> smTwoDecrypt(EncInfo encInfo, String clientIp) {
public Map<String, Object> smTwoDecrypt(EncInfo encInfo, String clientIp, String pdToken) {
try {
PrivateKey privateKey = SM2KeyUtils.stringToPrivateKey(encInfo.getPrivateKey());
// 解密
......@@ -218,8 +240,7 @@ public class KeyCodeServiceImpl implements KeyCodeService {
resultMap.put(key, decrypted);
}
AdminUserDO user = authService.getPdUserByToken("123");
AdminUserDO user = authService.getPdUserByToken(pdToken);
SpePeoLogInfo spePeoLogInfo = new SpePeoLogInfo();
spePeoLogInfo.setClientIp(clientIp);
spePeoLogInfo.setSysAbbre(encInfo.getSysAbbre());
......@@ -235,16 +256,15 @@ public class KeyCodeServiceImpl implements KeyCodeService {
}
@Override
public Map<String, Object> fileRasDecrypt(ImportantFileSaveReqVO saveReqVO, String clientIp) {
public Map<String, Object> fileRasDecrypt(ImportantFileSaveReqVO saveReqVO, String clientIp, String pdToken) {
EncInfo encInfo = new EncInfo();
Map<String, Object> map = new HashMap<>();
map.put("url", saveReqVO.getUrl());
encInfo.setInfo(map);
encInfo.setPrivateKey(saveReqVO.getPrivateKey());
Map<String, Object> resultMap = rasDecrypt(encInfo);
AdminUserDO user = authService.getPdUserByToken("123");
Map<String, Object> resultMap = rasDecrypt(encInfo, clientIp, pdToken, false);
AdminUserDO user = authService.getPdUserByToken(pdToken);
FileDecLogInfo fileDecLogInfo = new FileDecLogInfo();
fileDecLogInfo.setClientIp(clientIp);
fileDecLogInfo.setSysAbbre("sec");
......@@ -258,4 +278,10 @@ public class KeyCodeServiceImpl implements KeyCodeService {
return resultMap;
}
@Override
public KeyCodeDO getByType(Integer type) {
KeyCodeDO keyCodeDO = keyCodeMapper.selectOne(new QueryWrapper<KeyCodeDO>().lambda().eq(KeyCodeDO::getType, type));
return keyCodeDO;
}
}
\ No newline at end of file
yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoWebSecurityConfigurerAdapter.java
......@@ -130,7 +130,6 @@ public class YudaoWebSecurityConfigurerAdapter {
.authorizeHttpRequests(c -> c
// 1.1 静态资源,可匿名访问
.requestMatchers(HttpMethod.GET, "/*.html", "/*.css", "/*.js").permitAll()
.requestMatchers(HttpMethod.GET, "/admin-api/pdTokenCheck/**").permitAll()
// 1.2 设置 @PermitAll 无需认证
.requestMatchers(HttpMethod.GET, permitAllUrls.get(HttpMethod.GET).toArray(new String[0])).permitAll()
.requestMatchers(HttpMethod.POST, permitAllUrls.get(HttpMethod.POST).toArray(new String[0])).permitAll()
......
yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/auth/AuthController.java
......@@ -74,7 +74,7 @@ public class AuthController {
@Operation(summary = "验证平台token")
public CommonResult<Boolean> checkPdToken(String pdToken) {
if (null != pdToken && !"".equals(pdToken)) {
return CommonResult.success(true);
return CommonResult.success(authService.checkPdToken(pdToken));
}
return CommonResult.success(false);
......
yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/auth/AdminAuthService.java
......@@ -91,4 +91,6 @@ public interface AdminAuthService {
* @return
*/
public AdminUserDO getPdUserByToken(String token);
boolean checkPdToken(String pdToken);
}
yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/auth/AdminAuthServiceImpl.java
......@@ -307,7 +307,21 @@ public class AdminAuthServiceImpl implements AdminAuthService {
@Override
public AdminUserDO getPdUserByToken(String token) {
LoginUser loginUser = SecurityFrameworkUtils.getLoginUser();
if (null == loginUser) {
AdminUserDO user = new AdminUserDO();
user.setId(-1l);
user.setUsername("非法用户");
return user;
}
AdminUserDO user = userService.getUserById(loginUser.getId());
return user;
}
@Override
public boolean checkPdToken(String pdToken) {
if (null != pdToken && !"".equals(pdToken)) {
return true;
}
return false;
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment