From d8388e0513d4826a721110771204427c568f69c8 Mon Sep 17 00:00:00 2001
From: wangxy <1481820854@qq.com>
Date: Thu, 28 Nov 2024 15:58:39 +0800
Subject: [PATCH] =?UTF-8?q?feat:=E7=99=BB=E5=BD=95=E5=9B=BD=E5=AF=86sm4?=
 =?UTF-8?q?=E6=94=B9=E9=80=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 hyp-admin/pom.xml                             |   7 +
 .../controller/system/SysLoginController.java |  13 +-
 .../system/SysProfileController.java          |  48 ++---
 .../system/SysRegisterController.java         |  11 +-
 hyp-common/pom.xml                            |   7 +
 .../hyp/common/constant/UserConstants.java    |   2 +-
 .../com/hyp/common/utils/sign/Sm4Util.java    | 175 ++++++++++++++++++
 .../hyp/framework/config/SecurityConfig.java  |   2 +-
 .../web/service/SysRegisterService.java       |   5 +-
 9 files changed, 229 insertions(+), 41 deletions(-)
 create mode 100644 hyp-common/src/main/java/com/hyp/common/utils/sign/Sm4Util.java

diff --git a/hyp-admin/pom.xml b/hyp-admin/pom.xml
index 10c1199..b092b09 100644
--- a/hyp-admin/pom.xml
+++ b/hyp-admin/pom.xml
@@ -68,6 +68,13 @@
             <version>2.1.0</version>
         </dependency>
 
+        <!--sm4加密算法依赖-->
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+            <version>1.59</version>
+        </dependency>
+
         <!--单元测试-->
         <dependency>
             <groupId>org.springframework.boot</groupId>
diff --git a/hyp-admin/src/main/java/com/hyp/web/controller/system/SysLoginController.java b/hyp-admin/src/main/java/com/hyp/web/controller/system/SysLoginController.java
index e5109fd..cddd900 100644
--- a/hyp-admin/src/main/java/com/hyp/web/controller/system/SysLoginController.java
+++ b/hyp-admin/src/main/java/com/hyp/web/controller/system/SysLoginController.java
@@ -4,6 +4,7 @@ import java.util.List;
 import java.util.Set;
 
 import com.hyp.common.utils.sign.RsaUtils;
+import com.hyp.common.utils.sign.Sm4Util;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -47,7 +48,7 @@ public class SysLoginController
         AjaxResult ajax = AjaxResult.success();
         // 生成令牌
         String token = loginService.login(loginBody.getUsername(),
-                RsaUtils.decryptByPrivateKey(loginBody.getPassword()), loginBody.getCode());
+                Sm4Util.decryptEcb(loginBody.getPassword()), loginBody.getCode());
         ajax.put(Constants.TOKEN, token);
         return ajax;
     }
@@ -85,4 +86,14 @@ public class SysLoginController
         List<SysMenu> menus = menuService.selectMenuTreeByUserId(userId);
         return AjaxResult.success(menuService.buildMenus(menus));
     }
+
+    /**
+     * 获取公钥 前端用来密码加密
+     *
+     * @return
+     */
+    @GetMapping("/publicKey")
+    public String  publicKey() throws Exception {
+        return Sm4Util.hexKey;
+    }
 }
diff --git a/hyp-admin/src/main/java/com/hyp/web/controller/system/SysProfileController.java b/hyp-admin/src/main/java/com/hyp/web/controller/system/SysProfileController.java
index d19400d..3bac90d 100644
--- a/hyp-admin/src/main/java/com/hyp/web/controller/system/SysProfileController.java
+++ b/hyp-admin/src/main/java/com/hyp/web/controller/system/SysProfileController.java
@@ -1,5 +1,6 @@
 package com.hyp.web.controller.system;
 
+import com.hyp.common.utils.sign.Sm4Util;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -25,13 +26,12 @@ import com.hyp.system.service.ISysUserService;
 
 /**
  * 个人信息 业务处理
- * 
+ *
  * @author ruoyi
  */
 @RestController
 @RequestMapping("/system/user/profile")
-public class SysProfileController extends BaseController
-{
+public class SysProfileController extends BaseController {
     @Autowired
     private ISysUserService userService;
 
@@ -42,8 +42,7 @@ public class SysProfileController extends BaseController
      * 个人信息
      */
     @GetMapping
-    public AjaxResult profile()
-    {
+    public AjaxResult profile() {
         LoginUser loginUser = getLoginUser();
         SysUser user = loginUser.getUser();
         AjaxResult ajax = AjaxResult.success(user);
@@ -57,24 +56,20 @@ public class SysProfileController extends BaseController
      */
     @Log(title = "个人信息", businessType = BusinessType.UPDATE)
     @PutMapping
-    public AjaxResult updateProfile(@RequestBody SysUser user)
-    {
+    public AjaxResult updateProfile(@RequestBody SysUser user) {
         LoginUser loginUser = getLoginUser();
         SysUser currentUser = loginUser.getUser();
         currentUser.setNickName(user.getNickName());
         currentUser.setEmail(user.getEmail());
         currentUser.setPhonenumber(user.getPhonenumber());
         currentUser.setSex(user.getSex());
-        if (StringUtils.isNotEmpty(user.getPhonenumber()) && !userService.checkPhoneUnique(currentUser))
-        {
+        if (StringUtils.isNotEmpty(user.getPhonenumber()) && !userService.checkPhoneUnique(currentUser)) {
             return error("修改用户'" + loginUser.getUsername() + "'失败，手机号码已存在");
         }
-        if (StringUtils.isNotEmpty(user.getEmail()) && !userService.checkEmailUnique(currentUser))
-        {
+        if (StringUtils.isNotEmpty(user.getEmail()) && !userService.checkEmailUnique(currentUser)) {
             return error("修改用户'" + loginUser.getUsername() + "'失败，邮箱账号已存在");
         }
-        if (userService.updateUserProfile(currentUser) > 0)
-        {
+        if (userService.updateUserProfile(currentUser) > 0) {
             // 更新缓存用户信息
             tokenService.setLoginUser(loginUser);
             return success();
@@ -87,24 +82,22 @@ public class SysProfileController extends BaseController
      */
     @Log(title = "个人信息", businessType = BusinessType.UPDATE)
     @PutMapping("/updatePwd")
-    public AjaxResult updatePwd(String oldPassword, String newPassword)
-    {
+    public AjaxResult updatePwd(String oldPassword, String newPassword) throws Exception {
         LoginUser loginUser = getLoginUser();
         String userName = loginUser.getUsername();
         String password = loginUser.getPassword();
-        if (!SecurityUtils.matchesPassword(oldPassword, password))
-        {
+        //解密
+        oldPassword = Sm4Util.decryptEcb(oldPassword);
+        newPassword = Sm4Util.decryptEcb(newPassword);
+        if (!SecurityUtils.matchesPassword(oldPassword, password)) {
             return error("修改密码失败，旧密码错误");
         }
-        if (SecurityUtils.matchesPassword(newPassword, password))
-        {
+        if (SecurityUtils.matchesPassword(newPassword, password)) {
             return error("新密码不能与旧密码相同");
         }
-        newPassword = SecurityUtils.encryptPassword(newPassword);
-        if (userService.resetUserPwd(userName, newPassword) > 0)
-        {
+        if (userService.resetUserPwd(userName, SecurityUtils.encryptPassword(newPassword)) > 0) {
             // 更新缓存用户密码
-            loginUser.getUser().setPassword(newPassword);
+            loginUser.getUser().setPassword(SecurityUtils.encryptPassword(newPassword));
             tokenService.setLoginUser(loginUser);
             return success();
         }
@@ -116,14 +109,11 @@ public class SysProfileController extends BaseController
      */
     @Log(title = "用户头像", businessType = BusinessType.UPDATE)
     @PostMapping("/avatar")
-    public AjaxResult avatar(@RequestParam("avatarfile") MultipartFile file) throws Exception
-    {
-        if (!file.isEmpty())
-        {
+    public AjaxResult avatar(@RequestParam("avatarfile") MultipartFile file) throws Exception {
+        if (!file.isEmpty()) {
             LoginUser loginUser = getLoginUser();
             String avatar = FileUploadUtils.upload(HypConfig.getAvatarPath(), file, MimeTypeUtils.IMAGE_EXTENSION);
-            if (userService.updateUserAvatar(loginUser.getUsername(), avatar))
-            {
+            if (userService.updateUserAvatar(loginUser.getUsername(), avatar)) {
                 AjaxResult ajax = AjaxResult.success();
                 ajax.put("imgUrl", avatar);
                 // 更新缓存用户头像
diff --git a/hyp-admin/src/main/java/com/hyp/web/controller/system/SysRegisterController.java b/hyp-admin/src/main/java/com/hyp/web/controller/system/SysRegisterController.java
index 55fa340..f64a30f 100644
--- a/hyp-admin/src/main/java/com/hyp/web/controller/system/SysRegisterController.java
+++ b/hyp-admin/src/main/java/com/hyp/web/controller/system/SysRegisterController.java
@@ -13,12 +13,11 @@ import com.hyp.system.service.ISysConfigService;
 
 /**
  * 注册验证
- * 
+ *
  * @author ruoyi
  */
 @RestController
-public class SysRegisterController extends BaseController
-{
+public class SysRegisterController extends BaseController {
     @Autowired
     private SysRegisterService registerService;
 
@@ -26,10 +25,8 @@ public class SysRegisterController extends BaseController
     private ISysConfigService configService;
 
     @PostMapping("/register")
-    public AjaxResult register(@RequestBody RegisterBody user)
-    {
-        if (!("true".equals(configService.selectConfigByKey("sys.account.registerUser"))))
-        {
+    public AjaxResult register(@RequestBody RegisterBody user) throws Exception {
+        if (!("true".equals(configService.selectConfigByKey("sys.account.registerUser")))) {
             return error("当前系统没有开启注册功能！");
         }
         String msg = registerService.register(user);
diff --git a/hyp-common/pom.xml b/hyp-common/pom.xml
index a24d821..bf31cf4 100644
--- a/hyp-common/pom.xml
+++ b/hyp-common/pom.xml
@@ -143,6 +143,13 @@
             <version>2.5.1</version>
         </dependency>
 
+        <!--sm4加密算法依赖-->
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+            <version>1.59</version>
+        </dependency>
+
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
diff --git a/hyp-common/src/main/java/com/hyp/common/constant/UserConstants.java b/hyp-common/src/main/java/com/hyp/common/constant/UserConstants.java
index aebf442..8e68c7a 100644
--- a/hyp-common/src/main/java/com/hyp/common/constant/UserConstants.java
+++ b/hyp-common/src/main/java/com/hyp/common/constant/UserConstants.java
@@ -74,5 +74,5 @@ public class UserConstants
      * 密码长度限制
      */
     public static final int PASSWORD_MIN_LENGTH = 5;
-    public static final int PASSWORD_MAX_LENGTH = 20;
+    public static final int PASSWORD_MAX_LENGTH = 20000;
 }
diff --git a/hyp-common/src/main/java/com/hyp/common/utils/sign/Sm4Util.java b/hyp-common/src/main/java/com/hyp/common/utils/sign/Sm4Util.java
new file mode 100644
index 0000000..ba63544
--- /dev/null
+++ b/hyp-common/src/main/java/com/hyp/common/utils/sign/Sm4Util.java
@@ -0,0 +1,175 @@
+package com.hyp.common.utils.sign;
+
+import java.security.*;
+import java.util.Arrays;
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.spec.SecretKeySpec;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.pqc.math.linearalgebra.ByteUtils;
+
+/**
+ * ClassName: Sm4Util
+ * Package: com.hyp.common.utils.sign
+ * sm4加密算法工具类
+ * @explain sm4加密、解密与加密结果验证 可逆算法
+ *
+ * @Author wangxy
+ * @Create 2024/11/28 14:44
+ * @Version 1.0
+ */
+public class Sm4Util {
+
+    static {
+        Security.addProvider(new BouncyCastleProvider());
+    }
+    private static final String ENCODING = "UTF-8";
+    public static final String ALGORITHM_NAME = "SM4";
+    // 加密算法/分组加密模式/分组填充方式
+    // PKCS5Padding-以8个字节为一组进行分组加密
+    // 定义分组加密模式使用：PKCS5Padding
+    public static final String ALGORITHM_NAME_ECB_PADDING = "SM4/ECB/PKCS5Padding";
+    // 128-32位16进制；256-64位16进制
+    public static final int DEFAULT_KEY_SIZE = 128;
+
+    /**
+     * 当时用ECB模式的时候，和前端key一致
+     */
+    public static final String hexKey = "6fb7b3dcaa041c798c3798abe6f9575c";
+
+    /**
+     * 生成ECB暗号
+     * @explain ECB模式（电子密码本模式：Electronic codebook）
+     * @param algorithmName 算法名称
+     * @param mode 模式
+     * @param key
+     * @return
+     * @throws Exception
+     */
+    private static Cipher generateEcbCipher(String algorithmName, int mode, byte[] key) throws Exception {
+        Cipher cipher = Cipher.getInstance(algorithmName, BouncyCastleProvider.PROVIDER_NAME);
+        Key sm4Key = new SecretKeySpec(key, ALGORITHM_NAME);
+        cipher.init(mode, sm4Key);
+        return cipher;
+    }
+
+    /**
+     * 自动生成密钥
+     * @explain
+     * @return
+     * @throws NoSuchAlgorithmException
+     * @throws NoSuchProviderException
+     */
+    public static byte[] generateKey() throws Exception {
+        return generateKey(DEFAULT_KEY_SIZE);
+    }
+
+
+    //加密******************************************
+    /**
+     * @explain 系统产生秘钥
+     * @param keySize
+     * @return
+     * @throws Exception
+     */
+    public static byte[] generateKey(int keySize) throws Exception {
+        KeyGenerator kg = KeyGenerator.getInstance(ALGORITHM_NAME, BouncyCastleProvider.PROVIDER_NAME);
+        kg.init(keySize, new SecureRandom());
+        return kg.generateKey().getEncoded();
+    }
+
+    /**
+     * sm4加密
+     * @explain 加密模式：ECB 密文长度不固定，会随着被加密字符串长度的变化而变化
+     * @param
+     * @param paramStr 待加密字符串
+     * @return 返回16进制的加密字符串
+     * @throws Exception
+     */
+    public static String encryptEcb(String paramStr) throws Exception {
+        String cipherText = "";
+        // 16进制字符串-->byte[]
+        byte[] keyData = ByteUtils.fromHexString(hexKey);
+        // String-->byte[]
+        byte[] srcData = paramStr.getBytes(ENCODING);
+        // 加密后的数组
+        byte[] cipherArray = encrypt_Ecb_Padding(keyData, srcData);
+        // byte[]-->hexString
+        cipherText = ByteUtils.toHexString(cipherArray);
+        return cipherText;
+    }
+
+    /**
+     * 加密模式之Ecb
+     * @param key
+     * @param data
+     * @return
+     * @throws Exception
+     */
+    public static byte[] encrypt_Ecb_Padding(byte[] key, byte[] data) throws Exception {
+        Cipher cipher = generateEcbCipher(ALGORITHM_NAME_ECB_PADDING, Cipher.ENCRYPT_MODE, key);//声称Ecb暗号,通过第二个参数判断加密还是解密
+        return cipher.doFinal(data);
+    }
+
+    //解密****************************************
+    /**
+     * sm4解密
+     * @explain 解密模式：采用ECB
+     * @param
+     * @param cipherText 16进制的加密字符串（忽略大小写）
+     * @return 解密后的字符串
+     * @throws Exception
+     */
+    public static String decryptEcb(String cipherText) throws Exception {
+        // 用于接收解密后的字符串
+        String decryptStr = "";
+        // hexString-->byte[]
+        byte[] keyData = ByteUtils.fromHexString(hexKey);
+        // hexString-->byte[]
+        byte[] cipherData = ByteUtils.fromHexString(cipherText);
+        // 解密
+        byte[] srcData = decrypt_Ecb_Padding(keyData, cipherData);
+        // byte[]-->String
+        decryptStr = new String(srcData, ENCODING);
+        return decryptStr;
+    }
+
+    /**
+     * 解密
+     * @explain
+     * @param key
+     * @param cipherText
+     * @return
+     * @throws Exception
+     */
+    public static byte[] decrypt_Ecb_Padding(byte[] key, byte[] cipherText) throws Exception {
+        Cipher cipher = generateEcbCipher(ALGORITHM_NAME_ECB_PADDING, Cipher.DECRYPT_MODE, key);//生成Ecb暗号,通过第二个参数判断加密还是解密
+        return cipher.doFinal(cipherText);
+    }
+
+    /**
+     * 校验加密前后的字符串是否为同一数据
+     * @explain
+     * @param
+     * @param cipherText 16进制加密后的字符串
+     * @param paramStr 加密前的字符串
+     * @return 是否为同一数据
+     * @throws Exception
+     */
+    public static boolean verifyEcb(String cipherText, String paramStr) throws Exception {
+        // 用于接收校验结果
+        boolean flag = false;
+        // hexString-->byte[]
+        byte[] keyData = ByteUtils.fromHexString(hexKey);
+        // 将16进制字符串转换成数组
+        byte[] cipherData = ByteUtils.fromHexString(cipherText);
+        // 解密
+        byte[] decryptData = decrypt_Ecb_Padding(keyData, cipherData);
+        // 将原字符串转换成byte[]
+        byte[] srcData = paramStr.getBytes(ENCODING);
+        // 判断2个数组是否一致
+        flag = Arrays.equals(decryptData, srcData);
+        return flag;
+    }
+
+}
diff --git a/hyp-framework/src/main/java/com/hyp/framework/config/SecurityConfig.java b/hyp-framework/src/main/java/com/hyp/framework/config/SecurityConfig.java
index d824481..389ca33 100644
--- a/hyp-framework/src/main/java/com/hyp/framework/config/SecurityConfig.java
+++ b/hyp-framework/src/main/java/com/hyp/framework/config/SecurityConfig.java
@@ -111,7 +111,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
                 // 过滤请求
                 .authorizeRequests()
                 // 对于登录login 注册register 滑块验证码/captcha/get /captcha/check 获取验证码开关 /captchaEnabled 允许匿名访问
-                .antMatchers("/login", "/register", "/captcha/get", "/captcha/check", "/captchaEnabled","/system/dict/data/type/**").permitAll()
+                .antMatchers("/login", "/register", "/captcha/get", "/captcha/check", "/captchaEnabled","/publicKey","/system/dict/data/type/**").permitAll()
                 // 静态资源，可匿名访问
                 .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
                 .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
diff --git a/hyp-framework/src/main/java/com/hyp/framework/web/service/SysRegisterService.java b/hyp-framework/src/main/java/com/hyp/framework/web/service/SysRegisterService.java
index ad67523..520e9a9 100644
--- a/hyp-framework/src/main/java/com/hyp/framework/web/service/SysRegisterService.java
+++ b/hyp-framework/src/main/java/com/hyp/framework/web/service/SysRegisterService.java
@@ -1,6 +1,7 @@
 package com.hyp.framework.web.service;
 
 import com.hyp.common.core.domain.entity.SysRole;
+import com.hyp.common.utils.sign.Sm4Util;
 import com.hyp.system.domain.SysUserRole;
 import com.hyp.system.mapper.SysUserRoleMapper;
 import com.hyp.system.service.ISysRoleService;
@@ -55,8 +56,8 @@ public class SysRegisterService
      * 注册
      */
     @Transactional(rollbackFor = Exception.class)
-    public String register(RegisterBody registerBody) {
-        String msg = "", username = registerBody.getUsername(), password = registerBody.getPassword();
+    public String register(RegisterBody registerBody) throws Exception {
+        String msg = "", username = registerBody.getUsername(), password = Sm4Util.decryptEcb(registerBody.getPassword());
         SysUser sysUser = new SysUser();
         sysUser.setUserName(username);