数据库加密组件

fe5bec17 · 郑冰晶 · 16693fb4 · fe5bec17
Commit fe5bec17 authored Sep 08, 2021 by 郑冰晶
Hide whitespace changes
Inline Side-by-side

Showing with 49 additions and 9 deletions

SecurityFilter.java matrix-datasource/matrix-datasource-security/matrix-datasource-security-druid/src/main/java/com/secoo/mall/datasource/security/filter/SecurityFilter.java +49 -9

No files found.
--- a/matrix-datasource/matrix-datasource-security/matrix-datasource-security-druid/src/main/java/com/secoo/mall/datasource/security/filter/SecurityFilter.java
+++ b/matrix-datasource/matrix-datasource-security/matrix-datasource-security-druid/src/main/java/com/secoo/mall/datasource/security/filter/SecurityFilter.java
@@ -251,6 +251,10 @@ public class SecurityFilter extends SecurityFilterEventAdapter {
    }
    public Object decryptObject(ColumnRule columnRule, Object object) {
+        if(object == null){
+            return null;
+        }
        if (object instanceof String) {
            return decrypt(columnRule, (String) object);
        }
@@ -271,6 +275,10 @@ public class SecurityFilter extends SecurityFilterEventAdapter {
     * @return
     */
    public String decrypt(ColumnRule columnRule, String cipherText) {
+        if(cipherText == null || cipherText.length() == 0){
+            return cipherText;
+        }
        try {
            String plainText = columnRule.getEncryptAlgorithm().decrypt(cipherText);
            log.debug("字段解密：columnRule={},cipherText={},plainText={}", columnRule, cipherText, plainText);
@@ -328,7 +336,7 @@ public class SecurityFilter extends SecurityFilterEventAdapter {
            return sql;
        }
-        // 重写
+        // 重写sql
        StringBuilder newSql = new StringBuilder();
        stmtList.forEach(e -> newSql.append(e.toString()));
        String newSqlStr = newSql.toString();
@@ -373,8 +381,9 @@ public class SecurityFilter extends SecurityFilterEventAdapter {
            });
            Map<Integer,Parameter> allEncryptParameterMap = allEncryptParameters.stream().collect(Collectors.toMap(Parameter::getParameterIndex, e -> e));
-            // 重建jdbc参数列表
+            // 新增参数个数
            long addJdbcParameterCount = allEncryptParameters.stream().filter(e -> e.getAddParameterIndex() != null && e.getAddParameterIndex() >= 0).count();
+            // 重建jdbc参数列表
            List<JdbcParameter> newJdbcParameters = new ArrayList<>(jdbcParameters.size() + Long.valueOf(addJdbcParameterCount).intValue());
            for(Map.Entry<Integer,JdbcParameter> jdbcParameterEntry:jdbcParameters.entrySet()){
                Integer index = jdbcParameterEntry.getKey();
@@ -397,18 +406,31 @@ public class SecurityFilter extends SecurityFilterEventAdapter {
            }
            // 新增明文参数
-            for(int i=0; i<allEncryptParameters.size(); i++){
+            if(addJdbcParameterCount > 0){
-                Parameter parameter = allEncryptParameters.get(i);
+                for(int i=0; i<allEncryptParameters.size(); i++){
-                if(parameter.getAddParameterIndex() != null && parameter.getAddParameterIndex() >= 0){
+                    Parameter parameter = allEncryptParameters.get(i);
+                    if(parameter.getAddParameterIndex() == null || parameter.getAddParameterIndex() < 0){
+                        continue;
+                    }
                    newJdbcParameters.add(parameter.getParameterIndex() + i, jdbcParameters.get(parameter.getParameterIndex()));
                }
+            }
+            if(log.isDebugEnabled()){
                String sql = ((PreparedStatementProxyImpl) statement).getSql();
-                log.debug("加密sql={}\n加密参数={}",sql,newJdbcParameters);
+                log.debug("加密sql={}\n加密参数={}",sql, formatJdbcParameters(newJdbcParameters));
            }
-            // 重写jdbc参数列表
+            // 重置jdbc参数列表
            for(int i=0; i<newJdbcParameters.size(); i++){
-                preparedStatement.setParameter(i + 1,newJdbcParameters.get(i));
+                JdbcParameter newJdbcParameter = newJdbcParameters.get(i);
+                try {
+                    preparedStatement.setObject(i + 1,newJdbcParameter.getValue(),newJdbcParameter.getSqlType());
+                } catch (SQLException ex) {
+                    String errorMsg = "重置加密参数异常：value=" + newJdbcParameter.getValue()+",sqlType=" + newJdbcParameter.getSqlType();
+                    log.error(errorMsg);
+                    throw new SecurityBizException(errorMsg,ex);
+                }
            }
        } finally {
            this.clearEncryptParameters();
@@ -423,8 +445,13 @@ public class SecurityFilter extends SecurityFilterEventAdapter {
            return null;
        }
+        String plainTextStr = String.valueOf(plainText);
+        if(plainTextStr.length() == 0){
+            return plainTextStr;
+        }
        try {
-            String cipherText = columnRule.getEncryptAlgorithm().encrypt(plainText);
+            String cipherText = columnRule.getEncryptAlgorithm().encrypt(plainTextStr);
            log.debug("字段加密：columnRule={},plainText={},cipherText={}", columnRule, plainText, cipherText);
            return cipherText;
        } catch (Exception e) {
@@ -434,4 +461,17 @@ public class SecurityFilter extends SecurityFilterEventAdapter {
        }
    }
+    private String formatJdbcParameters(List<JdbcParameter> jdbcParameters){
+        if(jdbcParameters == null){
+            return null;
+        }
+        StringBuilder jdbcParametersSb = new StringBuilder();
+        jdbcParameters.forEach(e -> {
+            jdbcParametersSb.append(",").append(e.getValue()).append("(").append(e.getSqlType()).append(")");
+        });
+        return jdbcParametersSb.length() <= 0?jdbcParametersSb.toString():jdbcParametersSb.substring(1);
+    }
 }