diff --git a/common/common-core/src/main/java/com/tacit/common/utils/AesPasswordEncoder.java b/common/common-core/src/main/java/com/tacit/common/utils/AesPasswordEncoder.java new file mode 100644 index 0000000..7df45ec --- /dev/null +++ b/common/common-core/src/main/java/com/tacit/common/utils/AesPasswordEncoder.java @@ -0,0 +1,17 @@ +package com.tacit.common.utils; + +import org.springframework.security.crypto.password.PasswordEncoder; + +public class AesPasswordEncoder implements PasswordEncoder { + + @Override + public String encode(CharSequence rawPassword) { + return AesUtils.encrypt(rawPassword.toString()); + } + + @Override + public boolean matches(CharSequence rawPassword, String encodedPassword) { + String decrypted = AesUtils.decrypt(encodedPassword); + return rawPassword.toString().equals(decrypted); + } +} diff --git a/common/common-core/src/main/java/com/tacit/common/utils/AesUtils.java b/common/common-core/src/main/java/com/tacit/common/utils/AesUtils.java new file mode 100644 index 0000000..8f60051 --- /dev/null +++ b/common/common-core/src/main/java/com/tacit/common/utils/AesUtils.java @@ -0,0 +1,62 @@ +package com.tacit.common.utils; + +import javax.crypto.Cipher; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import java.nio.charset.StandardCharsets; +import java.security.SecureRandom; +import java.util.Base64; + +public class AesUtils { + + private static final String ALGORITHM = "AES/GCM/NoPadding"; + private static final int GCM_IV_LENGTH = 12; + private static final int GCM_TAG_LENGTH = 128; + + private static final String SECRET_KEY = "tacit123456789012"; + + public static String encrypt(String plainText) { + try { + byte[] iv = new byte[GCM_IV_LENGTH]; + SecureRandom random = new SecureRandom(); + random.nextBytes(iv); + + SecretKeySpec secretKey = new SecretKeySpec(SECRET_KEY.getBytes(StandardCharsets.UTF_8), "AES"); + Cipher cipher = Cipher.getInstance(ALGORITHM); + GCMParameterSpec parameterSpec = new GCMParameterSpec(GCM_TAG_LENGTH, iv); + cipher.init(Cipher.ENCRYPT_MODE, secretKey, parameterSpec); + + byte[] encryptedText = cipher.doFinal(plainText.getBytes(StandardCharsets.UTF_8)); + + byte[] combined = new byte[iv.length + encryptedText.length]; + System.arraycopy(iv, 0, combined, 0, iv.length); + System.arraycopy(encryptedText, 0, combined, iv.length, encryptedText.length); + + return Base64.getEncoder().encodeToString(combined); + } catch (Exception e) { + throw new RuntimeException("AES加密失败", e); + } + } + + public static String decrypt(String encryptedText) { + try { + byte[] combined = Base64.getDecoder().decode(encryptedText); + + byte[] iv = new byte[GCM_IV_LENGTH]; + System.arraycopy(combined, 0, iv, 0, GCM_IV_LENGTH); + + byte[] encryptedData = new byte[combined.length - GCM_IV_LENGTH]; + System.arraycopy(combined, GCM_IV_LENGTH, encryptedData, 0, encryptedData.length); + + SecretKeySpec secretKey = new SecretKeySpec(SECRET_KEY.getBytes(StandardCharsets.UTF_8), "AES"); + Cipher cipher = Cipher.getInstance(ALGORITHM); + GCMParameterSpec parameterSpec = new GCMParameterSpec(GCM_TAG_LENGTH, iv); + cipher.init(Cipher.DECRYPT_MODE, secretKey, parameterSpec); + + byte[] decryptedText = cipher.doFinal(encryptedData); + return new String(decryptedText, StandardCharsets.UTF_8); + } catch (Exception e) { + throw new RuntimeException("AES解密失败", e); + } + } +} diff --git a/tacit-app-api/src/main/java/com/tacit/app/config/AppSecurityConfig.java b/tacit-app-api/src/main/java/com/tacit/app/config/AppSecurityConfig.java new file mode 100644 index 0000000..bd3a501 --- /dev/null +++ b/tacit-app-api/src/main/java/com/tacit/app/config/AppSecurityConfig.java @@ -0,0 +1,15 @@ +package com.tacit.app.config; + +import com.tacit.common.utils.AesPasswordEncoder; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.crypto.password.PasswordEncoder; + +@Configuration +public class AppSecurityConfig { + + @Bean + public PasswordEncoder passwordEncoder() { + return new AesPasswordEncoder(); + } +}