feat:登录国密sm4改造

4 months ago · d8388e0513
parent 11667d7a94
commit d8388e0513
9 changed files with 229 additions and 41 deletions
--- a/hyp-admin/pom.xml
+++ b/hyp-admin/pom.xml
@ -68,6 +68,13 @@
            <version>2.1.0</version>
        </dependency>

+        <!--sm4加密算法依赖-->
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+            <version>1.59</version>
+        </dependency>
+
        <!--单元测试-->
        <dependency>
            <groupId>org.springframework.boot</groupId>
--- a/hyp-admin/src/main/java/com/hyp/web/controller/system/SysLoginController.java
+++ b/hyp-admin/src/main/java/com/hyp/web/controller/system/SysLoginController.java
@ -4,6 +4,7 @@ import java.util.List;
 import java.util.Set;

 import com.hyp.common.utils.sign.RsaUtils;
+import com.hyp.common.utils.sign.Sm4Util;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
@ -47,7 +48,7 @@ public class SysLoginController
        AjaxResult ajax = AjaxResult.success();
        // 生成令牌
        String token = loginService.login(loginBody.getUsername(),
-                RsaUtils.decryptByPrivateKey(loginBody.getPassword()), loginBody.getCode());
+                Sm4Util.decryptEcb(loginBody.getPassword()), loginBody.getCode());
        ajax.put(Constants.TOKEN, token);
        return ajax;
    }
@ -85,4 +86,14 @@ public class SysLoginController
        List<SysMenu> menus = menuService.selectMenuTreeByUserId(userId);
        return AjaxResult.success(menuService.buildMenus(menus));
    }
+
+    /**
+     * 获取公钥 前端用来密码加密
+     *
+     * @return
+     */
+    @GetMapping("/publicKey")
+    public String  publicKey() throws Exception {
+        return Sm4Util.hexKey;
+    }
 }
--- a/hyp-admin/src/main/java/com/hyp/web/controller/system/SysProfileController.java
+++ b/hyp-admin/src/main/java/com/hyp/web/controller/system/SysProfileController.java
@ -1,5 +1,6 @@
 package com.hyp.web.controller.system;

+import com.hyp.common.utils.sign.Sm4Util;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
@ -25,13 +26,12 @@ import com.hyp.system.service.ISysUserService;

 /**
 * 个人信息 业务处理
- * 
+ *
 * @author ruoyi
 */
@RestController
@RequestMapping("/system/user/profile")
-public class SysProfileController extends BaseController
-{
+public class SysProfileController extends BaseController {
    @Autowired
    private ISysUserService userService;

@ -42,8 +42,7 @@ public class SysProfileController extends BaseController
     * 个人信息
     */
    @GetMapping
-    public AjaxResult profile()
-    {
+    public AjaxResult profile() {
        LoginUser loginUser = getLoginUser();
        SysUser user = loginUser.getUser();
        AjaxResult ajax = AjaxResult.success(user);
@ -57,24 +56,20 @@ public class SysProfileController extends BaseController
     */
    @Log(title = "个人信息", businessType = BusinessType.UPDATE)
    @PutMapping
-    public AjaxResult updateProfile(@RequestBody SysUser user)
-    {
+    public AjaxResult updateProfile(@RequestBody SysUser user) {
        LoginUser loginUser = getLoginUser();
        SysUser currentUser = loginUser.getUser();
        currentUser.setNickName(user.getNickName());
        currentUser.setEmail(user.getEmail());
        currentUser.setPhonenumber(user.getPhonenumber());
        currentUser.setSex(user.getSex());
-        if (StringUtils.isNotEmpty(user.getPhonenumber()) && !userService.checkPhoneUnique(currentUser))
-        {
+        if (StringUtils.isNotEmpty(user.getPhonenumber()) && !userService.checkPhoneUnique(currentUser)) {
            return error("修改用户'" + loginUser.getUsername() + "'失败，手机号码已存在");
        }
-        if (StringUtils.isNotEmpty(user.getEmail()) && !userService.checkEmailUnique(currentUser))
-        {
+        if (StringUtils.isNotEmpty(user.getEmail()) && !userService.checkEmailUnique(currentUser)) {
            return error("修改用户'" + loginUser.getUsername() + "'失败，邮箱账号已存在");
        }
-        if (userService.updateUserProfile(currentUser) > 0)
-        {
+        if (userService.updateUserProfile(currentUser) > 0) {
            // 更新缓存用户信息
            tokenService.setLoginUser(loginUser);
            return success();
@ -87,24 +82,22 @@ public class SysProfileController extends BaseController
     */
    @Log(title = "个人信息", businessType = BusinessType.UPDATE)
    @PutMapping("/updatePwd")
-    public AjaxResult updatePwd(String oldPassword, String newPassword)
-    {
+    public AjaxResult updatePwd(String oldPassword, String newPassword) throws Exception {
        LoginUser loginUser = getLoginUser();
        String userName = loginUser.getUsername();
        String password = loginUser.getPassword();
-        if (!SecurityUtils.matchesPassword(oldPassword, password))
-        {
+        //解密
+        oldPassword = Sm4Util.decryptEcb(oldPassword);
+        newPassword = Sm4Util.decryptEcb(newPassword);
+        if (!SecurityUtils.matchesPassword(oldPassword, password)) {
            return error("修改密码失败，旧密码错误");
        }
-        if (SecurityUtils.matchesPassword(newPassword, password))
-        {
+        if (SecurityUtils.matchesPassword(newPassword, password)) {
            return error("新密码不能与旧密码相同");
        }
-        newPassword = SecurityUtils.encryptPassword(newPassword);
-        if (userService.resetUserPwd(userName, newPassword) > 0)
-        {
+        if (userService.resetUserPwd(userName, SecurityUtils.encryptPassword(newPassword)) > 0) {
            // 更新缓存用户密码
-            loginUser.getUser().setPassword(newPassword);
+            loginUser.getUser().setPassword(SecurityUtils.encryptPassword(newPassword));
            tokenService.setLoginUser(loginUser);
            return success();
        }
@ -116,14 +109,11 @@ public class SysProfileController extends BaseController
     */
    @Log(title = "用户头像", businessType = BusinessType.UPDATE)
    @PostMapping("/avatar")
-    public AjaxResult avatar(@RequestParam("avatarfile") MultipartFile file) throws Exception
-    {
-        if (!file.isEmpty())
-        {
+    public AjaxResult avatar(@RequestParam("avatarfile") MultipartFile file) throws Exception {
+        if (!file.isEmpty()) {
            LoginUser loginUser = getLoginUser();
            String avatar = FileUploadUtils.upload(HypConfig.getAvatarPath(), file, MimeTypeUtils.IMAGE_EXTENSION);
-            if (userService.updateUserAvatar(loginUser.getUsername(), avatar))
-            {
+            if (userService.updateUserAvatar(loginUser.getUsername(), avatar)) {
                AjaxResult ajax = AjaxResult.success();
                ajax.put("imgUrl", avatar);
                // 更新缓存用户头像
--- a/hyp-admin/src/main/java/com/hyp/web/controller/system/SysRegisterController.java
+++ b/hyp-admin/src/main/java/com/hyp/web/controller/system/SysRegisterController.java
@ -13,12 +13,11 @@ import com.hyp.system.service.ISysConfigService;

 /**
 * 注册验证
- * 
+ *
 * @author ruoyi
 */
@RestController
-public class SysRegisterController extends BaseController
-{
+public class SysRegisterController extends BaseController {
    @Autowired
    private SysRegisterService registerService;

@ -26,10 +25,8 @@ public class SysRegisterController extends BaseController
    private ISysConfigService configService;

    @PostMapping("/register")
-    public AjaxResult register(@RequestBody RegisterBody user)
-    {
-        if (!("true".equals(configService.selectConfigByKey("sys.account.registerUser"))))
-        {
+    public AjaxResult register(@RequestBody RegisterBody user) throws Exception {
+        if (!("true".equals(configService.selectConfigByKey("sys.account.registerUser")))) {
            return error("当前系统没有开启注册功能！");
        }
        String msg = registerService.register(user);
--- a/hyp-common/pom.xml
+++ b/hyp-common/pom.xml
@ -143,6 +143,13 @@
            <version>2.5.1</version>
        </dependency>

+        <!--sm4加密算法依赖-->
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+            <version>1.59</version>
+        </dependency>
+
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
--- a/hyp-common/src/main/java/com/hyp/common/constant/UserConstants.java
+++ b/hyp-common/src/main/java/com/hyp/common/constant/UserConstants.java
@ -74,5 +74,5 @@ public class UserConstants
     * 密码长度限制
     */
    public static final int PASSWORD_MIN_LENGTH = 5;
-    public static final int PASSWORD_MAX_LENGTH = 20;
+    public static final int PASSWORD_MAX_LENGTH = 20000;
 }
--- a/hyp-common/src/main/java/com/hyp/common/utils/sign/Sm4Util.java
+++ b/hyp-common/src/main/java/com/hyp/common/utils/sign/Sm4Util.java
@ -0,0 +1,175 @@
+package com.hyp.common.utils.sign;
+
+import java.security.*;
+import java.util.Arrays;
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.spec.SecretKeySpec;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.pqc.math.linearalgebra.ByteUtils;
+
+/**
+ * ClassName: Sm4Util
+ * Package: com.hyp.common.utils.sign
+ * sm4加密算法工具类
+ * @explain sm4加密、解密与加密结果验证 可逆算法
+ *
+ * @Author wangxy
+ * @Create 2024/11/28 14:44
+ * @Version 1.0
+ */
+public class Sm4Util {
+
+    static {
+        Security.addProvider(new BouncyCastleProvider());
+    }
+    private static final String ENCODING = "UTF-8";
+    public static final String ALGORITHM_NAME = "SM4";
+    // 加密算法/分组加密模式/分组填充方式
+    // PKCS5Padding-以8个字节为一组进行分组加密
+    // 定义分组加密模式使用：PKCS5Padding
+    public static final String ALGORITHM_NAME_ECB_PADDING = "SM4/ECB/PKCS5Padding";
+    // 128-32位16进制；256-64位16进制
+    public static final int DEFAULT_KEY_SIZE = 128;
+
+    /**
+     * 当时用ECB模式的时候，和前端key一致
+     */
+    public static final String hexKey = "6fb7b3dcaa041c798c3798abe6f9575c";
+
+    /**
+     * 生成ECB暗号
+     * @explain ECB模式（电子密码本模式：Electronic codebook）
+     * @param algorithmName 算法名称
+     * @param mode 模式
+     * @param key
+     * @return
+     * @throws Exception
+     */
+    private static Cipher generateEcbCipher(String algorithmName, int mode, byte[] key) throws Exception {
+        Cipher cipher = Cipher.getInstance(algorithmName, BouncyCastleProvider.PROVIDER_NAME);
+        Key sm4Key = new SecretKeySpec(key, ALGORITHM_NAME);
+        cipher.init(mode, sm4Key);
+        return cipher;
+    }
+
+    /**
+     * 自动生成密钥
+     * @explain
+     * @return
+     * @throws NoSuchAlgorithmException
+     * @throws NoSuchProviderException
+     */
+    public static byte[] generateKey() throws Exception {
+        return generateKey(DEFAULT_KEY_SIZE);
+    }
+
+
+    //加密******************************************
+    /**
+     * @explain 系统产生秘钥
+     * @param keySize
+     * @return
+     * @throws Exception
+     */
+    public static byte[] generateKey(int keySize) throws Exception {
+        KeyGenerator kg = KeyGenerator.getInstance(ALGORITHM_NAME, BouncyCastleProvider.PROVIDER_NAME);
+        kg.init(keySize, new SecureRandom());
+        return kg.generateKey().getEncoded();
+    }
+
+    /**
+     * sm4加密
+     * @explain 加密模式：ECB 密文长度不固定，会随着被加密字符串长度的变化而变化
+     * @param
+     * @param paramStr 待加密字符串
+     * @return 返回16进制的加密字符串
+     * @throws Exception
+     */
+    public static String encryptEcb(String paramStr) throws Exception {
+        String cipherText = "";
+        // 16进制字符串-->byte[]
+        byte[] keyData = ByteUtils.fromHexString(hexKey);
+        // String-->byte[]
+        byte[] srcData = paramStr.getBytes(ENCODING);
+        // 加密后的数组
+        byte[] cipherArray = encrypt_Ecb_Padding(keyData, srcData);
+        // byte[]-->hexString
+        cipherText = ByteUtils.toHexString(cipherArray);
+        return cipherText;
+    }
+
+    /**
+     * 加密模式之Ecb
+     * @param key
+     * @param data
+     * @return
+     * @throws Exception
+     */
+    public static byte[] encrypt_Ecb_Padding(byte[] key, byte[] data) throws Exception {
+        Cipher cipher = generateEcbCipher(ALGORITHM_NAME_ECB_PADDING, Cipher.ENCRYPT_MODE, key);//声称Ecb暗号,通过第二个参数判断加密还是解密
+        return cipher.doFinal(data);
+    }
+
+    //解密****************************************
+    /**
+     * sm4解密
+     * @explain 解密模式：采用ECB
+     * @param
+     * @param cipherText 16进制的加密字符串（忽略大小写）
+     * @return 解密后的字符串
+     * @throws Exception
+     */
+    public static String decryptEcb(String cipherText) throws Exception {
+        // 用于接收解密后的字符串
+        String decryptStr = "";
+        // hexString-->byte[]
+        byte[] keyData = ByteUtils.fromHexString(hexKey);
+        // hexString-->byte[]
+        byte[] cipherData = ByteUtils.fromHexString(cipherText);
+        // 解密
+        byte[] srcData = decrypt_Ecb_Padding(keyData, cipherData);
+        // byte[]-->String
+        decryptStr = new String(srcData, ENCODING);
+        return decryptStr;
+    }
+
+    /**
+     * 解密
+     * @explain
+     * @param key
+     * @param cipherText
+     * @return
+     * @throws Exception
+     */
+    public static byte[] decrypt_Ecb_Padding(byte[] key, byte[] cipherText) throws Exception {
+        Cipher cipher = generateEcbCipher(ALGORITHM_NAME_ECB_PADDING, Cipher.DECRYPT_MODE, key);//生成Ecb暗号,通过第二个参数判断加密还是解密
+        return cipher.doFinal(cipherText);
+    }
+
+    /**
+     * 校验加密前后的字符串是否为同一数据
+     * @explain
+     * @param
+     * @param cipherText 16进制加密后的字符串
+     * @param paramStr 加密前的字符串
+     * @return 是否为同一数据
+     * @throws Exception
+     */
+    public static boolean verifyEcb(String cipherText, String paramStr) throws Exception {
+        // 用于接收校验结果
+        boolean flag = false;
+        // hexString-->byte[]
+        byte[] keyData = ByteUtils.fromHexString(hexKey);
+        // 将16进制字符串转换成数组
+        byte[] cipherData = ByteUtils.fromHexString(cipherText);
+        // 解密
+        byte[] decryptData = decrypt_Ecb_Padding(keyData, cipherData);
+        // 将原字符串转换成byte[]
+        byte[] srcData = paramStr.getBytes(ENCODING);
+        // 判断2个数组是否一致
+        flag = Arrays.equals(decryptData, srcData);
+        return flag;
+    }
+
+}
--- a/hyp-framework/src/main/java/com/hyp/framework/config/SecurityConfig.java
+++ b/hyp-framework/src/main/java/com/hyp/framework/config/SecurityConfig.java
@ -111,7 +111,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
                // 过滤请求
                .authorizeRequests()
                // 对于登录login 注册register 滑块验证码/captcha/get /captcha/check 获取验证码开关 /captchaEnabled 允许匿名访问
-                .antMatchers("/login", "/register", "/captcha/get", "/captcha/check", "/captchaEnabled","/system/dict/data/type/**").permitAll()
+                .antMatchers("/login", "/register", "/captcha/get", "/captcha/check", "/captchaEnabled","/publicKey","/system/dict/data/type/**").permitAll()
                // 静态资源，可匿名访问
                .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
                .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
--- a/hyp-framework/src/main/java/com/hyp/framework/web/service/SysRegisterService.java
+++ b/hyp-framework/src/main/java/com/hyp/framework/web/service/SysRegisterService.java
@ -1,6 +1,7 @@
 package com.hyp.framework.web.service;

 import com.hyp.common.core.domain.entity.SysRole;
+import com.hyp.common.utils.sign.Sm4Util;
 import com.hyp.system.domain.SysUserRole;
 import com.hyp.system.mapper.SysUserRoleMapper;
 import com.hyp.system.service.ISysRoleService;
@ -55,8 +56,8 @@ public class SysRegisterService
     * 注册
     */
    @Transactional(rollbackFor = Exception.class)
-    public String register(RegisterBody registerBody) {
-        String msg = "", username = registerBody.getUsername(), password = registerBody.getPassword();
+    public String register(RegisterBody registerBody) throws Exception {
+        String msg = "", username = registerBody.getUsername(), password = Sm4Util.decryptEcb(registerBody.getPassword());
        SysUser sysUser = new SysUser();
        sysUser.setUserName(username);