package com.csw.encryptiontechnology.utils.mapperRSA;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target({ElementType.FIELD})
@Retention(RetentionPolicy.RUNTIME)
@Inherited
@Documented
public @interface SensitiveField {
}
package com.csw.encryptiontechnology.utils.mapperRSA;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target({ElementType.TYPE, ElementType.PARAMETER})
@Retention(RetentionPolicy.RUNTIME)
@Inherited
@Documented
public @interface SensitiveEntity {
}
package com.csw.encryptiontechnology.utils.mapperRSA;
import java.lang.reflect.Field;
public interface Sm4Service {
<T> T encrypt(Field[] declaredFields, T paramsObject) throws Exception;
<T> T decrypt(T result) throws Exception;
}
package com.csw.encryptiontechnology.utils.mapperRSA;
import cn.hutool.core.util.ReflectUtil;
import org.apache.commons.lang3.StringUtils;
import org.springframework.stereotype.Service;
import java.lang.reflect.Field;
import java.util.Objects;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@Service
public class Sm4ServiceImpl implements Sm4Service {
@Override
public <T> T encrypt(Field[] declaredFields, T paramsObject) throws Exception {
for (Field field : declaredFields) {
//取出所有被EncryptDecryptField注解的字段
SensitiveField sensitiveField = field.getAnnotation(SensitiveField.class);
if (Objects.isNull(sensitiveField)) {
continue;
}
field.setAccessible(true);
Object object = field.get(paramsObject);
//暫時(shí)只實(shí)現(xiàn)String類型的加密
if (object instanceof String) {
String value = (String) object;
//如果映射字段值為空,并且以==結(jié)尾則跳過不進(jìn)行加密
if (StringUtils.isEmpty(value) || isBase64(value)) {
continue;
}
//加密 這里我使用自定義的AES加密工具
field.set(paramsObject, Sm4Util.encrypt(value));
}
}
return paramsObject;
}
@Override
public <T> T decrypt(T result) throws Exception {
//取出resultType的類
Class<?> resultClass = result.getClass();
Field[] allFields = ReflectUtil.getFields(resultClass);
//Field[] declaredFields = resultClass.getDeclaredFields();
for (Field field : allFields) {
//取出所有被EncryptDecryptField注解的字段
SensitiveField sensitiveField = field.getAnnotation(SensitiveField.class);
if (Objects.isNull(sensitiveField)) {
continue;
}
field.setAccessible(true);
Object object = field.get(result);
//只支持String的解密
if (object instanceof String) {
String value = (String) object;
//如果映射字段值為空,并且不已==結(jié)尾則跳過不進(jìn)行解密/之前加密方式不一樣,所以注掉
if (StringUtils.isBlank(value)/* || !EncryptUtil.isBase64(value)*/) {
continue;
}
//對(duì)注解的字段進(jìn)行逐一解密
field.set(result, Sm4Util.decrypt(value));
}
}
return result;
}
/**
* base64驗(yàn)證規(guī)則
*/
private static final String BASE64_RULE = "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)=?$";
/**
* 正則驗(yàn)證對(duì)象
*/
private static final Pattern PATTERN = Pattern.compile(BASE64_RULE);
/**
* 判斷是否為 base64加密
*
* @param str 參數(shù)
* @return 結(jié)果
*/
public static boolean isBase64(String str) {
Matcher matcher = PATTERN.matcher(str);
return matcher.matches();
}
}
package com.csw.encryptiontechnology.utils.mapperRSA;
import cn.hutool.crypto.symmetric.SymmetricCrypto;
import org.bouncycastle.util.encoders.Hex;
public class Sm4Util {
public static final String key = "0123456789abcdeffedcba9876543210";
public static void main(String arg[]) throws Exception {
String paramStr = "pass$123";
String arfter = encrypt(paramStr);
String brfore = decrypt(arfter);
arfter = arfter.toLowerCase();
System.out.println("明文:---------------------" + paramStr);
System.out.println("加密后密文:---------------------" + arfter);
System.out.println("解密后明文:---------------------" + brfore);
}
/**
* 加密
*/
public static String encrypt(String data) {
byte[] sm4KeyBytes = Hex.decode(key);
SymmetricCrypto sm4 = new SymmetricCrypto("SM4/ECB/PKCS5Padding", sm4KeyBytes);
return sm4.encryptHex(data).toUpperCase();
}
/**
* 解密
*/
public static String decrypt(String data) {
try {
byte[] sm4KeyBytes = Hex.decode(key);
SymmetricCrypto sm4 = new SymmetricCrypto("SM4/ECB/PKCS5Padding", sm4KeyBytes);
return sm4.decryptStr(data);
} catch (Exception e) {
return data;
}
}
}
package com.rd.common.interceptor;
import cn.hutool.core.util.ReflectUtil;
import com.csw.encryptiontechnology.utils.mapperRSA.SensitiveEntity;
import com.csw.encryptiontechnology.utils.mapperRSA.Sm4Service;
import lombok.extern.slf4j.Slf4j;
import org.apache.ibatis.binding.MapperMethod;
import org.apache.ibatis.executor.parameter.ParameterHandler;
import org.apache.ibatis.executor.resultset.ResultSetHandler;
import org.apache.ibatis.executor.statement.StatementHandler;
import org.apache.ibatis.mapping.BoundSql;
import org.apache.ibatis.plugin.Interceptor;
import org.apache.ibatis.plugin.Intercepts;
import org.apache.ibatis.plugin.Invocation;
import org.apache.ibatis.plugin.Plugin;
import org.apache.ibatis.plugin.Signature;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;
import javax.annotation.Resource;
import java.lang.reflect.Field;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.Objects;
import java.util.Properties;
@Component
@Intercepts({
@Signature(type = StatementHandler.class, method = "prepare", args = {Connection.class, Integer.class}),
@Signature(type = ParameterHandler.class, method = "setParameters", args = PreparedStatement.class),
@Signature(type = ResultSetHandler.class, method = "handleResultSets", args = {Statement.class})
})
@Slf4j
public class MyBatisInterceptor implements Interceptor {
@Resource
private Sm4Service sm4Service;
@Override
public Object intercept(Invocation invocation) throws Throwable {
Object target = invocation.getTarget();
//攔截sql結(jié)果處理器
if (target instanceof ResultSetHandler) {
return resultDecrypt(invocation);
}
//攔截sql參數(shù)處理器
if (target instanceof ParameterHandler) {
return parameterEncrypt(invocation);
}
//攔截sql語句處理器
if (target instanceof StatementHandler) {
return replaceSql(invocation);
}
return invocation.proceed();
}
/**
* 對(duì)mybatis映射結(jié)果進(jìn)行字段解密
*
* @param invocation 參數(shù)
* @return 結(jié)果
* @throws Throwable 異常
*/
private Object resultDecrypt(Invocation invocation) throws Throwable {
//取出查詢的結(jié)果
Object resultObject = invocation.proceed();
if (Objects.isNull(resultObject)) {
return null;
}
//基于selectList
if (resultObject instanceof ArrayList) {
ArrayList resultList = (ArrayList) resultObject;
if (CollectionUtils.isEmpty(resultList)) {
return resultObject;
}
for (Object result : resultList) {
if (needToDecrypt(result)) {
//逐一解密
sm4Service.decrypt(result);
}
}
//基于selectOne
} else {
if (needToDecrypt(resultObject)) {
sm4Service.decrypt(resultObject);
}
}
return resultObject;
}
/**
* mybatis映射參數(shù)進(jìn)行加密
*
* @param invocation 參數(shù)
* @return 結(jié)果
* @throws Throwable 異常
*/
private Object parameterEncrypt(Invocation invocation) throws Throwable {
//@Signature 指定了 type= parameterHandler 后呐芥,這里的 invocation.getTarget() 便是parameterHandler
//若指定ResultSetHandler 硫狞,這里則能強(qiáng)轉(zhuǎn)為ResultSetHandler
ParameterHandler parameterHandler = (ParameterHandler) invocation.getTarget();
// 獲取參數(shù)對(duì)像重抖,即 mapper 中 paramsType 的實(shí)例
Field parameterField = parameterHandler.getClass().getDeclaredField("parameterObject");
parameterField.setAccessible(true);
//取出實(shí)例
Object parameterObject = parameterField.get(parameterHandler);
if (parameterHandler.getParameterObject() instanceof MapperMethod.ParamMap) {
MapperMethod.ParamMap paramMap = (MapperMethod.ParamMap) parameterHandler.getParameterObject();
try {
boolean b = paramMap.containsKey("param1");
if (b == true) {
parameterObject = paramMap.get("param1");
} else {
b = paramMap.containsKey("et");
if (b) {
parameterObject = paramMap.get("et");
} else {
parameterObject = null;
}
}
} catch (Exception e) {
parameterObject = null;
}
}
if (null == parameterObject) {
return invocation.proceed();
}
Class<?> parameterObjectClass = parameterObject.getClass();
//校驗(yàn)該實(shí)例的類是否被@SensitiveEntity所注解
SensitiveEntity sensitiveEntity = AnnotationUtils.findAnnotation(parameterObjectClass, SensitiveEntity.class);
//未被@SensitiveEntity所注解 則為null
if (Objects.isNull(sensitiveEntity)) {
return invocation.proceed();
}
//取出當(dāng)前當(dāng)前類所有字段,傳入加密方法
//Field[] declaredFields = parameterObjectClass.getDeclaredFields();
Field[] allFields = ReflectUtil.getFields(parameterObjectClass);
sm4Service.encrypt(allFields, parameterObject);
return invocation.proceed();
}
/**
* 替換mybatis Sql中的加密Key
*
* @param invocation 參數(shù)
* @return 結(jié)果
* @throws Throwable 異常
*/
private Object replaceSql(Invocation invocation) throws Throwable {
StatementHandler statementHandler = (StatementHandler) invocation.getTarget();
BoundSql boundSql = statementHandler.getBoundSql();
//獲取到原始sql語句
String sql = boundSql.getSql();
if (null == sql) {
return invocation.proceed();
}
//通過反射修改sql語句
Field field = boundSql.getClass().getDeclaredField("sql");
field.setAccessible(true);
field.set(boundSql, sql);
return invocation.proceed();
}
/**
* 判斷是否包含需要加解密對(duì)象
*
* @param object 參數(shù)
* @return 結(jié)果
*/
private boolean needToDecrypt(Object object) {
if (Objects.isNull(object)) {
return false;
}
Class<?> objectClass = object.getClass();
//Class<?> parentClass = objectClass.getSuperclass();
SensitiveEntity sensitiveEntity = AnnotationUtils.findAnnotation(objectClass, SensitiveEntity.class);
//SensitiveEntity parentSensitiveEntity = AnnotationUtils.findAnnotation(parentClass, SensitiveEntity.class);
return Objects.nonNull(sensitiveEntity);/*|| Objects.nonNull(parentSensitiveEntity);*/
}
@Override
public Object plugin(Object target) {
return Plugin.wrap(target, this);
}
@Override
public void setProperties(Properties properties) {
}
}
