One dedicated line one crypto key
This commit is contained in:
hongqiaowei
@@ -126,7 +126,7 @@ fizz:
|
||||
timeout: 0 # default no timeout
|
||||
retry-count: 0 # default no retry
|
||||
retry-interval: 0 # default no retry interval
|
||||
secret-key: # if key configured, client will encrypt request body and decrypt response body
|
||||
crypto: true # if true, client will encrypt request body and decrypt response body
|
||||
# service-registration:
|
||||
# type: eureka # service registration type, can be eureka or nacos
|
||||
# application: ax # register the name of this application to server
|
||||
|
||||
@@ -114,8 +114,8 @@ public class SystemConfig {
|
||||
@Value("${fizz.dedicated-line.client.request.retry-interval:0}")
|
||||
private int fizzDedicatedLineClientRequestRetryInterval = 0; // mills
|
||||
|
||||
@Value("${fizz.dedicated-line.client.request.secret-key:}")
|
||||
private String fizzDedicatedLineClientRequestSecretkey;
|
||||
@Value("${fizz.dedicated-line.client.request.crypto:true}")
|
||||
private boolean fizzDedicatedLineClientRequestCrypto;
|
||||
|
||||
public int fizzDedicatedLineClientRequestTimeout() {
|
||||
return fizzDedicatedLineClientRequestTimeout;
|
||||
@@ -133,8 +133,8 @@ public class SystemConfig {
|
||||
return fizzDedicatedLineClientRequestTimeliness;
|
||||
}
|
||||
|
||||
public String fizzDedicatedLineClientRequestSecretkey() {
|
||||
return fizzDedicatedLineClientRequestSecretkey;
|
||||
public boolean fizzDedicatedLineClientRequestCrypto() {
|
||||
return fizzDedicatedLineClientRequestCrypto;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -29,15 +29,17 @@ import java.util.*;
|
||||
|
||||
public class DedicatedLine {
|
||||
|
||||
public boolean isDeleted = false;
|
||||
public boolean isDeleted = false;
|
||||
|
||||
public String pairCodeId;
|
||||
|
||||
public String secretKey;
|
||||
|
||||
public String requestCryptoKey;
|
||||
|
||||
public String customConfig;
|
||||
|
||||
public List<ApiDoc> apiDocs = Collections.emptyList();
|
||||
public List<ApiDoc> apiDocs = Collections.emptyList();
|
||||
|
||||
@JsonIgnore
|
||||
public Map<String/*service*/,
|
||||
@@ -53,6 +55,12 @@ public class DedicatedLine {
|
||||
}
|
||||
}
|
||||
|
||||
public void setSecretKey(String sk) {
|
||||
secretKey = sk;
|
||||
int len = secretKey.length() / 2;
|
||||
requestCryptoKey = secretKey.substring(0, len);
|
||||
}
|
||||
|
||||
public void setDocs(List<ApiDoc> docs) {
|
||||
apiDocs = docs;
|
||||
if (CollectionUtils.isEmpty(apiDocs)) {
|
||||
|
||||
@@ -96,7 +96,7 @@ public class DedicatedLineController {
|
||||
return Result.fail("no sign in request");
|
||||
}
|
||||
|
||||
String pairCodeSecretKey = dedicatedLineService.getPairCodeSecretKey(dedicatedLineId);
|
||||
String pairCodeSecretKey = dedicatedLineService.getSignSecretKey(dedicatedLineId);
|
||||
boolean equals = DedicatedLineUtils.checkSign(dedicatedLineId, timestamp, pairCodeSecretKey, sign);
|
||||
if (!equals) {
|
||||
String traceId = WebUtils.getTraceId(exchange);
|
||||
|
||||
@@ -128,8 +128,8 @@ class DedicatedLineHttpHandler implements HttpHandler {
|
||||
try {
|
||||
Flux<DataBuffer> dataBufferFlux = request.getBody();
|
||||
Flux<DataBuffer> bodyFlux = dataBufferFlux;
|
||||
if (StringUtils.hasLength(systemConfig.fizzDedicatedLineClientRequestSecretkey()) && request.getMethod() != HttpMethod.GET) {
|
||||
bodyFlux = encrypt(dataBufferFlux);
|
||||
if (systemConfig.fizzDedicatedLineClientRequestCrypto() && request.getMethod() != HttpMethod.GET) {
|
||||
bodyFlux = encrypt(dataBufferFlux, dedicatedLineInfo.requestCryptoKey);
|
||||
writableHttpHeaders.remove(HttpHeaders.CONTENT_LENGTH);
|
||||
}
|
||||
|
||||
@@ -148,9 +148,9 @@ class DedicatedLineHttpHandler implements HttpHandler {
|
||||
log.debug(sb.toString());
|
||||
}
|
||||
Flux<DataBuffer> remoteRespBody = remoteResp.body(BodyExtractors.toDataBuffers());
|
||||
if (StringUtils.hasLength(systemConfig.fizzDedicatedLineClientRequestSecretkey())) {
|
||||
if (systemConfig.fizzDedicatedLineClientRequestCrypto()) {
|
||||
respHeaders.remove(HttpHeaders.CONTENT_LENGTH);
|
||||
return response.writeWith (decrypt(remoteRespBody));
|
||||
return response.writeWith (decrypt(remoteRespBody, dedicatedLineInfo.requestCryptoKey));
|
||||
} else {
|
||||
return response.writeWith (remoteRespBody)
|
||||
.doOnError ( throwable -> cleanup(remoteResp) )
|
||||
@@ -169,7 +169,7 @@ class DedicatedLineHttpHandler implements HttpHandler {
|
||||
}
|
||||
}
|
||||
|
||||
private Flux<DataBuffer> encrypt(Flux<DataBuffer> bodyFlux) {
|
||||
private Flux<DataBuffer> encrypt(Flux<DataBuffer> bodyFlux, String cryptoKey) {
|
||||
return NettyDataBufferUtils.join(bodyFlux).defaultIfEmpty(NettyDataBufferUtils.EMPTY_DATA_BUFFER)
|
||||
.flatMap(
|
||||
body -> {
|
||||
@@ -186,7 +186,6 @@ class DedicatedLineHttpHandler implements HttpHandler {
|
||||
} else {
|
||||
bytes = body.asByteBuffer().array();
|
||||
}
|
||||
String cryptoKey = systemConfig.fizzDedicatedLineClientRequestSecretkey();
|
||||
SymmetricEncryptor encryptor = (SymmetricEncryptor) ThreadContext.get(symmetricEncryptor);
|
||||
if (encryptor == null) {
|
||||
encryptor = new SymmetricEncryptor(SymmetricAlgorithm.AES, cryptoKey);
|
||||
@@ -205,7 +204,7 @@ class DedicatedLineHttpHandler implements HttpHandler {
|
||||
.flux();
|
||||
}
|
||||
|
||||
private Flux<DataBuffer> decrypt(Flux<DataBuffer> bodyFlux) {
|
||||
private Flux<DataBuffer> decrypt(Flux<DataBuffer> bodyFlux, String cryptoKey) {
|
||||
return NettyDataBufferUtils.join(bodyFlux).defaultIfEmpty(NettyDataBufferUtils.EMPTY_DATA_BUFFER)
|
||||
.flatMap(
|
||||
body -> {
|
||||
@@ -222,7 +221,6 @@ class DedicatedLineHttpHandler implements HttpHandler {
|
||||
} else {
|
||||
bytes = body.asByteBuffer().array();
|
||||
}
|
||||
String cryptoKey = systemConfig.fizzDedicatedLineClientRequestSecretkey();
|
||||
SymmetricDecryptor decryptor = (SymmetricDecryptor) ThreadContext.get(symmetricDecryptor);
|
||||
if (decryptor == null) {
|
||||
decryptor = new SymmetricDecryptor(SymmetricAlgorithm.AES, cryptoKey);
|
||||
|
||||
@@ -38,6 +38,8 @@ public class DedicatedLineInfo {
|
||||
|
||||
public String secretKey;
|
||||
|
||||
public String requestCryptoKey;
|
||||
|
||||
public List<String> services = Collections.emptyList();
|
||||
|
||||
public void setDeleted(int v) {
|
||||
@@ -46,6 +48,12 @@ public class DedicatedLineInfo {
|
||||
}
|
||||
}
|
||||
|
||||
public void setSecretKey(String sk) {
|
||||
secretKey = sk;
|
||||
int len = secretKey.length() / 2;
|
||||
requestCryptoKey = secretKey.substring(0, len);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return JacksonUtils.writeValueAsString(this);
|
||||
|
||||
@@ -178,11 +178,27 @@ public class DedicatedLineService {
|
||||
return false;
|
||||
}
|
||||
|
||||
public String getPairCodeSecretKey(String pairCodeId) {
|
||||
public String getSignSecretKey(String pairCodeId) {
|
||||
DedicatedLine dedicatedLine = dedicatedLineMap.get(pairCodeId);
|
||||
if (dedicatedLine != null) {
|
||||
return dedicatedLine.secretKey;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public String getRequestCryptoKey(String pairCodeId) {
|
||||
DedicatedLine dedicatedLine = dedicatedLineMap.get(pairCodeId);
|
||||
if (dedicatedLine != null) {
|
||||
return dedicatedLine.requestCryptoKey;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public String getCustomConfig(String pairCodeId) {
|
||||
DedicatedLine dedicatedLine = dedicatedLineMap.get(pairCodeId);
|
||||
if (dedicatedLine != null) {
|
||||
return dedicatedLine.customConfig;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -73,15 +73,11 @@ public class DedicatedLineCodecPluginFilter extends RequestBodyPlugin {
|
||||
try {
|
||||
LogService.setBizId(traceId);
|
||||
String dedicatedLineId = WebUtils.getDedicatedLineId(exchange);
|
||||
// String secretKey = dedicatedLineService.getPairCodeSecretKey(dedicatedLineId);
|
||||
String cryptoKey = dedicatedLineService.getRequestCryptoKey(dedicatedLineId);
|
||||
|
||||
FizzServerHttpRequestDecorator request = (FizzServerHttpRequestDecorator) exchange.getRequest();
|
||||
return request.getBody().defaultIfEmpty(NettyDataBufferUtils.EMPTY_DATA_BUFFER).single().flatMap(body -> {
|
||||
/*String reqBody = body.toString(StandardCharsets.UTF_8);
|
||||
request.setBody(decrypt(reqBody, secretKey));*/
|
||||
|
||||
String cryptoKey = systemConfig.fizzDedicatedLineClientRequestSecretkey();
|
||||
if (body != NettyDataBufferUtils.EMPTY_DATA_BUFFER && StringUtils.isNotBlank(cryptoKey)) {
|
||||
if (body != NettyDataBufferUtils.EMPTY_DATA_BUFFER && systemConfig.fizzDedicatedLineClientRequestCrypto()) {
|
||||
byte[] bodyBytes = request.getBodyBytes();
|
||||
request.setBody(decrypt(bodyBytes, cryptoKey));
|
||||
request.getHeaders().remove(HttpHeaders.CONTENT_LENGTH);
|
||||
@@ -91,12 +87,6 @@ public class DedicatedLineCodecPluginFilter extends RequestBodyPlugin {
|
||||
FizzServerHttpResponseDecorator fizzServerHttpResponseDecorator = new FizzServerHttpResponseDecorator(original) {
|
||||
@Override
|
||||
public Publisher<? extends DataBuffer> writeWith(DataBuffer remoteResponseBody) {
|
||||
/*String respBody = remoteResponseBody.toString(StandardCharsets.UTF_8);
|
||||
HttpHeaders headers = getDelegate().getHeaders();
|
||||
headers.setContentType(MediaType.TEXT_PLAIN);
|
||||
headers.remove(HttpHeaders.CONTENT_LENGTH);
|
||||
NettyDataBuffer from = NettyDataBufferUtils.from(encrypt(respBody, secretKey));
|
||||
return Mono.just(from);*/
|
||||
if (remoteResponseBody == NettyDataBufferUtils.EMPTY_DATA_BUFFER) {
|
||||
return Mono.empty();
|
||||
} else {
|
||||
@@ -123,14 +113,14 @@ public class DedicatedLineCodecPluginFilter extends RequestBodyPlugin {
|
||||
}
|
||||
}
|
||||
|
||||
public String encrypt(String data, String secretKey) {
|
||||
/*public String encrypt(String data, String secretKey) {
|
||||
if (StringUtils.isBlank(data)) {
|
||||
return data;
|
||||
}
|
||||
byte[] key = SecureUtil.decode(secretKey);
|
||||
SymmetricCrypto symmetric = new SymmetricCrypto(SymmetricAlgorithm.AES, key);
|
||||
return symmetric.encryptBase64(data);
|
||||
}
|
||||
}*/
|
||||
|
||||
public byte[] encrypt(byte[] data, String secretKey) {
|
||||
byte[] key = SecureUtil.decode(secretKey);
|
||||
@@ -138,14 +128,14 @@ public class DedicatedLineCodecPluginFilter extends RequestBodyPlugin {
|
||||
return symmetric.encrypt(data);
|
||||
}
|
||||
|
||||
public String decrypt(String data, String secretKey) {
|
||||
/*public String decrypt(String data, String secretKey) {
|
||||
if (StringUtils.isBlank(data)) {
|
||||
return data;
|
||||
}
|
||||
byte[] key = SecureUtil.decode(secretKey);
|
||||
SymmetricCrypto symmetric = new SymmetricCrypto(SymmetricAlgorithm.AES, key);
|
||||
return symmetric.decryptStr(data);
|
||||
}
|
||||
}*/
|
||||
|
||||
public byte[] decrypt(byte[] data, String secretKey) {
|
||||
byte[] key = SecureUtil.decode(secretKey);
|
||||
|
||||
@@ -62,7 +62,7 @@ public class DedicatedLinePairingPluginFilter implements FizzPluginFilter {
|
||||
try {
|
||||
LogService.setBizId(traceId);
|
||||
String dedicatedLineId = WebUtils.getDedicatedLineId(exchange);
|
||||
String secretKey = dedicatedLineService.getPairCodeSecretKey(dedicatedLineId);
|
||||
String secretKey = dedicatedLineService.getSignSecretKey(dedicatedLineId);
|
||||
String ts = WebUtils.getDedicatedLineTimestamp(exchange);
|
||||
String sign = WebUtils.getDedicatedLineSign(exchange);
|
||||
if (validateSign(dedicatedLineId, ts, sign, secretKey)) {
|
||||
|
||||
Reference in New Issue
Block a user