首页 > 其他分享 >SpringBoot集成数据传输加密

SpringBoot集成数据传输加密

时间:2022-12-04 15:32:25浏览次数:32  
标签:加密 SpringBoot privateKey return new Override 数据传输 public String

前言

近期在对开发框架安全策略方面进行升级优化,提供一些通用场景的解决方案,本文针对前后端数据传输加密进行简单的分享,处理流程设计如下图所示,本加密方法对原有项目兼容性较好,只需要更换封装好的加密Ajax请求方法,后端统一拦截判断是否需要解密即可

TransferEncrypt1.png

生成DESKey

生成的DES加密密钥一定是8的整数倍的位数

function getRandomStr() {
    let str = ""
    let array = [
        "0",
        "1",
        "2",
        "3",
        "4",
        "5",
        "6",
        "7",
        "8",
        "9",
        "a",
        "b",
        "c",
        "d",
        "e",
        "f",
        "g",
        "h",
        "i",
        "j",
        "k",
        "l",
        "m",
        "n",
        "o",
        "p",
        "q",
        "r",
        "s",
        "t",
        "u",
        "v",
        "w",
        "x",
        "y",
        "z",
        "A",
        "B",
        "C",
        "D",
        "E",
        "F",
        "G",
        "H",
        "I",
        "J",
        "K",
        "L",
        "M",
        "N",
        "O",
        "P",
        "Q",
        "R",
        "S",
        "T",
        "U",
        "V",
        "W",
        "X",
        "Y",
        "Z",
    ];
    for (let i = 0; i < 8; i++) {
        str +=  array[Math.round(Math.random() * (array.length - 1))];
    }
    return str;
}

生成RSA密钥对

RSA密钥对有很多种格式,因为需要和前端算法库互联互通,这里选择的是1024位,Padding方式为PKSC1

    public static Map<String, String> createKeysPKSC1(int keySize) {
        // map装载公钥和私钥
        Map<String, String> keyPairMap = new HashMap<String, String>();
        try {
            Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
            SecureRandom random = new SecureRandom();
            KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "BC");
            generator.initialize(keySize, random);
            KeyPair keyPair = generator.generateKeyPair();
            RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
            RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
            String publicKeyStr = new String(Base64.encodeBase64(publicKey.getEncoded()));
            String privateKeyStr = new String(Base64.encodeBase64(privateKey.getEncoded()));
            keyPairMap.put("publicKey", publicKeyStr);
            keyPairMap.put("privateKey", privateKeyStr);
        } catch (Exception e) {
            e.printStackTrace();
        }
        // 返回map
        return keyPairMap;
    }

前端DES加密

引入crypto.js第三方库

    function encryptByDES(message, key) {
        var keyHex = CryptoJS.enc.Utf8.parse(key);
        var encrypted = CryptoJS.DES.encrypt(message, keyHex, {
            mode: CryptoJS.mode.ECB,
            padding: CryptoJS.pad.Pkcs7
        });
        return encrypted.toString();
    }

前端RSA加密

引入jsencrypt,js第三方库

    function encryptByRSA(data, publicKey) {
        var encryptor = new JSEncrypt()
        encryptor.setPublicKey(publicKey)
        return encryptor.encrypt(data);;
    }

后端RSA解密

    public static String decryptPKSC1(String data, String privateKeyStr) {
        try {
            Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
            Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
            RSAPrivateKey privateKey = getPrivateKeyPKSC1(privateKeyStr);
            cipher.init(Cipher.DECRYPT_MODE, privateKey);
            return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.decodeBase64(data), privateKey.getModulus().bitLength()), CHARSET);
        } catch (Exception e) {
            throw new RuntimeException("解密字符串[" + data + "]时遇到异常", e);
        }
    }

后端DES解密

    public static String decrypt(String data, String key) throws IOException,
            Exception {
        if (data == null)
            return null;
        BASE64Decoder decoder = new BASE64Decoder();
        byte[] buf = decoder.decodeBuffer(data);
        byte[] bt = decrypt(buf, key.getBytes("UTF-8"));
        return new String(bt, "UTF-8");
    }

后端自定义拦截器

public class XSSFilter implements Filter, Ordered {

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void destroy() {
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        String contentType = request.getContentType();
        if (StringUtils.isNotBlank(contentType) && contentType.contains("application/json")) {
            XSSBodyRequestWrapper xssBodyRequestWrapper = new XSSBodyRequestWrapper((HttpServletRequest) request);
            chain.doFilter(xssBodyRequestWrapper, response);
        } else {
            chain.doFilter(request, response);
        }
    }

    @Override
    public int getOrder() {
        return 9;
    }
}
public class XSSBodyRequestWrapper extends HttpServletRequestWrapper {

    private String body;

    public XSSBodyRequestWrapper(HttpServletRequest request) {
        super(request);
        try{
            body = XSSScriptUtil.handleString(CommonUtil.getBodyString(request));
            String encrypt = request.getHeader("encrypt");
            if (!StringUtil.isEmpty(encrypt)) {
                String privateKey = RSAEncryptUtil.getSystemDefaultRSAPrivateKey();
                String desEncryptStr = RSAEncryptUtil.decryptPKSC1(encrypt, privateKey);
                JSONObject obj = JSONObject.parseObject(body);
                String encryptParam = obj.getString("encryptParam");
                body = DESEncryptUtil.decrypt(encryptParam, desEncryptStr);
            }
        }catch (Exception e){
            e.printStackTrace();
        }
    }

    @Override
    public BufferedReader getReader() throws IOException {
        return new BufferedReader(new InputStreamReader(getInputStream()));
    }

    @Override
    public ServletInputStream getInputStream() throws IOException {

        final ByteArrayInputStream bais = new ByteArrayInputStream(body.getBytes(Charset.forName("UTF-8")));

        return new ServletInputStream() {

            @Override
            public int read() throws IOException {
                return bais.read();
            }

            @Override
            public boolean isFinished() {
                return false;
            }

            @Override
            public boolean isReady() {
                return false;
            }

            @Override
            public void setReadListener(ReadListener readListener) {

            }
        };
    }

}

标签:加密,SpringBoot,privateKey,return,new,Override,数据传输,public,String
From: https://blog.51cto.com/u_11284240/5909986

相关文章

  • springboot+spring-session
    1.实现背景  测试环境上部署了一个单机项目,项目的context-path为空,之后再经过nginx的转发进行部署,项目可以正常进行登录等等一系列操作;生产环境跟测试环境代码完全相......
  • SpringBoot集成数据传输加密
    前言近期在对开发框架安全策略方面进行升级优化,提供一些通用场景的解决方案,本文针对前后端数据传输加密进行简单的分享,处理流程设计如下图所示,本加密方法对原有项目兼容性......
  • springboot中如何向redis缓存中存入数据
    packagecom.hope;importcom.fasterxml.jackson.core.JsonProcessingException;importcom.fasterxml.jackson.databind.ObjectMapper;importcom.hope.domain.User;impor......
  • Springboot学习——路径参数
    一、场景输入不同的路径,调用不同的方法。例如,视频网站中,路径输入不同的模块,调用不同的视频二、使用方法@PathVariable参数表示该参数要从路径中获取//将需要输入的......
  • Java:SpringBoot统一异常处理和404异常
    原理@ControllerAdvice+@ExceptionHandler统一处理应用级别的异常自定义ErrorController处理容器级别的异常,例如:404异常统一返回格式packagecom.github.mouday.c......
  • Nacos 中的配置文件如何实现加密传输
    小伙伴们知道,SpringCloudConfig很早就提供了配置文件的加解密功能,并且支持对称加密和非对称加密两种不同的模式。Nacos作为分布式配置中心+服务注册中心的合体,在配置文......
  • Springboot整合策略模式概念->使用场景->优缺点->企业级实战
    一、前言策略模式可能是在工作中使用最多的,也是在面试中最常提到的,代码重构和优化的必备!小编之前也是一直说,其实没有真正的实战;最近有了机会实战了一下,来分享一下使用心得......
  • springboot03(请求和响应)
    一、@RequestMapping("/user"):请求映射路径的解析:总结:一个"公共"的请求路径"前缀"1.1代码块解析:有@RequestMapping("/user")和@RequestMapping("/save")/@Reques......
  • Springboot 使用 Async (内置线程池)执行异步任务(对比WebAsyncTask的使用)
    使用Async执行异步任务@SpringBootApplication@EnableAsyncpublicclassApplication{publicstaticvoidmain(String[]args){SpringApplication.run(Applicati......
  • SpringBoot集成DingTalk钉钉机器人实现消息同步/异步预警推送1.0版本
    V2.0版本新增支持以下功能新增Dinger层对消息对象配置指定钉钉机器人新增Dinger层统一管理消息对象,​​仅支持text和markdown格式​​支持xml方式配置支持注解方式配置新增......