Skip to content

M
matrix
Commit 4cf0013f by 郑冰晶
Options

数据库加密组件

parent b554ed75
Showing with 83 additions and 61 deletions
matrix-datasource/matrix-datasource-security/matrix-datasource-security-druid/src/main/java/com/secoo/mall/datasource/security/visitor/MySqlSecurityParameterVisitor.java
......@@ -98,90 +98,112 @@ public class MySqlSecurityParameterVisitor extends MySqlSchemaStatVisitor {
return true;
}
this.encryptColumnParameters.add(new Parameter(column.getTableName(),column.getColumnAlias(), column.getColumnName(), x.getIndex(),x.getName(),columnRule));
this.encryptColumnParameters.add(new Parameter(column,x.getName(), x.getIndex(),columnRule, null));
return true;
}
public boolean visit(SQLInsertStatement x) {
String tableName = x.getTableName().getSimpleName();
public boolean visit(MySqlInsertStatement x) {
if (repository != null
&& x.getParent() == null) {
repository.resolve(x);
}
accept(x.getColumns());
accept(x.getValuesList());
accept(x.getQuery());
accept(x.getDuplicateKeyUpdate());
List<SQLExpr> columns = x.getColumns();
Map<Integer, Column> columnMap = new HashMap<>();
// 插入sql不能省略列名
if(!columns.isEmpty()){
for(int i=0;i<columns.size();i++){
SQLExpr columnSQLExpr = columns.get(i);
String columnName = null;
if(columnSQLExpr instanceof SQLIdentifierExpr){
SQLIdentifierExpr columnSQLIdentifierExpr = (SQLIdentifierExpr) columnSQLExpr;
columnName = columnSQLIdentifierExpr.getName();
}
else if(columnSQLExpr instanceof SQLPropertyExpr){
SQLPropertyExpr columnSQLPropertyExpr = (SQLPropertyExpr) columnSQLExpr;
columnName = columnSQLPropertyExpr.getName();
}
List<SQLExpr> columns = x.getColumns();
if(columns.isEmpty()){
return true;
}
Column column = new Column(tableName,"",columnName);
columnMap.put(i,column);
String tableName = x.getTableName().getSimpleName();
// columns
Map<Integer, Column> columnMap = new HashMap<>();
for(int i=0;i<columns.size();i++){
SQLExpr columnSQLExpr = columns.get(i);
String columnName = null;
if(columnSQLExpr instanceof SQLIdentifierExpr){
SQLIdentifierExpr columnSQLIdentifierExpr = (SQLIdentifierExpr) columnSQLExpr;
columnName = columnSQLIdentifierExpr.getName();
}
else if(columnSQLExpr instanceof SQLPropertyExpr){
SQLPropertyExpr columnSQLPropertyExpr = (SQLPropertyExpr) columnSQLExpr;
columnName = columnSQLPropertyExpr.getName();
}
List<MySqlInsertStatement.ValuesClause> valuesClauses = x.getValuesList();
for(SQLInsertStatement.ValuesClause valuesClause:valuesClauses){
List<SQLExpr> values = valuesClause.getValues();
for(int columnIndex=0; columnIndex < values.size();columnIndex++){
SQLExpr valueSQLExpr = values.get(columnIndex);
if (!(valueSQLExpr instanceof SQLVariantRefExpr)) {// ?
continue;
}
SQLVariantRefExpr variantRefExpr = (SQLVariantRefExpr) valueSQLExpr;
if(!Token.QUES.name.equals(variantRefExpr.getName())){
continue;
}
Column column = new Column(tableName,"",columnName,"",null);
columnMap.put(i,column);
}
Column column = columnMap.get(columnIndex);
if(column == null){
continue;
}
// values
List<MySqlInsertStatement.ValuesClause> valuesClauses = x.getValuesList();
for(SQLInsertStatement.ValuesClause valuesClause:valuesClauses){
List<SQLExpr> values = valuesClause.getValues();
for(int columnIndex=0; columnIndex < values.size();columnIndex++){
SQLExpr valueSQLExpr = values.get(columnIndex);
if (!(valueSQLExpr instanceof SQLVariantRefExpr)) {// ?
continue;
}
SQLVariantRefExpr variantRefExpr = (SQLVariantRefExpr) valueSQLExpr;
if(!Token.QUES.name.equals(variantRefExpr.getName())){
continue;
}
ColumnRule columnRule = this.getColumnRule(column.getTableName(),column.getColumnName());
if(columnRule == null){
return true;
}
Parameter parameter = new Parameter(column.getTableName(),column.getColumnAlias(),column.getColumnName(),variantRefExpr.getIndex(),variantRefExpr.getName(),columnRule);
this.encryptColumnParameters.add(parameter);
Column column = columnMap.get(columnIndex);
if(column == null){
continue;
}
ColumnRule columnRule = this.getColumnRule(column.getTableName(),column.getColumnName());
if(columnRule == null){
return true;
}
Parameter parameter = new Parameter(column,variantRefExpr.getName(),variantRefExpr.getIndex(),columnRule,null);
this.encryptColumnParameters.add(parameter);
}
}
return true;
}
// duplicateKeyUpdate
List<SQLExpr> duplicateKeyUpdate = x.getDuplicateKeyUpdate();
for(int i=0;i<duplicateKeyUpdate.size();i++){
SQLExpr sqlExpr = duplicateKeyUpdate.get(i);
if(!(sqlExpr instanceof SQLBinaryOpExpr)){
sqlExpr.accept(this);
continue;
}
SQLBinaryOpExpr sqlBinaryOpExpr = (SQLBinaryOpExpr) sqlExpr;
public void endVisit(SQLInsertStatement x) {
// TODO 根据待增加的明文参数信息,增加明文列
SQLExpr left = sqlBinaryOpExpr.getLeft();
SQLExpr right = sqlBinaryOpExpr.getRight();
if (!(right instanceof SQLVariantRefExpr)) {// ?
continue;
}
SQLVariantRefExpr variantRefExpr = (SQLVariantRefExpr) right;
if(!Token.QUES.name.equals(variantRefExpr.getName())){
continue;
}
}
Column column = this.getMySqlColumn(left);
if(column == null){
continue;
}
public boolean visit(SQLSelectItem x) {
SQLExpr sqlExpr = x.getExpr();
return true;
}
ColumnRule columnRule = this.getColumnRule(column.getTableName(),column.getColumnName());
if(columnRule == null){
continue;
}
this.encryptColumnParameters.add(new Parameter(column,variantRefExpr.getName(), variantRefExpr.getIndex(),columnRule, null));
}
public boolean visit(SQLUpdateSetItem x) {
// TODO 如果是逻辑列,替换为加密列,修改加密参数;如果有明文列,同时记录增加的明文参数信息
return true;
}
/**
* 增加明文列
* @param x
*/
public void endVisit(SQLUpdateStatement x) {
// TODO 根据待增加的明文参数信息,增加明文列
}
/**
* 加密规则
* @param tableName
* @param columnName
......@@ -261,7 +283,7 @@ public class MySqlSecurityParameterVisitor extends MySqlSchemaStatVisitor {
return null;
}
return new Column(tableName.toString(),"",columnName);
return new Column(tableName,"",columnName,"",null);
}
private SQLExpr unwrapExpr(SQLExpr expr) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment