最近HR要求把公司的HRMS一些关键数据加密,加密的数据应该包括两方面,一个是当然Spring读取的属性文件(e.g :System.properties),还有一个是数据库的关键字段(不知道当初设计时为什么没有实现加密,我真是搞不懂,现在扔给我,恶改ing)。
关于加密properties文件,原理就是写一个新的类如EncryptPropertyPlaceholderConfigurer继承PropertyPlaceholderConfigurer类,然后在applicationContext-resources.xml的“propertyConfig”中的class改成你新写的这个类,如下所示:
<bean id="propertyConfig"
class="org.kylixlu.framework.spring.bean.ReadEncryptedPropertyPlaceholderConfigurer">
<property name="locations">
<list>
<value>classpath:system.properties</value>
</list>
</property>
<property name="keyLocation" value="classpath:key.dat"/>
<property name="fileEncoding" value="utf-8"/>
</bean>
这个EncryptPropertyPlaceholderConfigurer的代码如下:
1package org.kylixlu.framework.spring.bean;
2
3import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
4import org.springframework.core.io.Resource;
5import org.springframework.util.PropertiesPersister;
6import org.springframework.util.DefaultPropertiesPersister;
7
8import java.util.Properties;
9import java.io.IOException;
10import java.io.InputStream;
11import java.io.InputStreamReader;
12import java.security.Key;
13
14import org.kylixlu.component.crypto.DESEncryptUtil;
15
16//import org.kylixlu.component.crypto.DESEncryptUtil;
17
18/** *//**
19 * Created by IntelliJ IDEA.
20 * User: Lu Yuxiang
21 * Date: 2008-1-2
22 * Time: 17:53:25
23 * To change this template use File | Settings | File Templates.
24 */
25
26public class ReadEncryptedPropertyPlaceholderConfigurer
27 extends
28 PropertyPlaceholderConfigurer {
29 private Resource[] locations;
30 private Resource keyLocation;
31 private String fileEncoding;
32
33 public void setFileEncoding(String fileEncoding) {
34 this.fileEncoding = fileEncoding;
35 }
36
37 public void setKeyLocation(Resource keyLocation) {
38 this.keyLocation = keyLocation;
39 }
40
41 public void setLocations(Resource[] locations) {
42 this.locations = locations;
43 }
44
45 public void loadProperties(Properties props) throws IOException {
46 if (this.locations != null) {
47 PropertiesPersister propertiesPersister = new DefaultPropertiesPersister();
48 for (int i = 0; i < this.locations.length; i++) {
49 Resource location = this.locations[i];
50 InputStream is = null;
51
52 try {
53 is = location.getInputStream();
54 Key key = DESEncryptUtil.getKey(keyLocation
55 .getInputStream());
56 is = DESEncryptUtil.doDecrypt(key, is);
57 if (fileEncoding != null) {
58 propertiesPersister.load(props, new InputStreamReader(is,
59 fileEncoding));
60 } else {
61 propertiesPersister.load(props, is);
62 }
63 } finally {
64 if (is != null)
65 is.close();
66 }
67 }
68 }
69 }
70}
71
下面再给出加密类的代码(这个加密类网上很多,直接down了一个,DES算法的)
package org.kylixlu.component.crypto;
///**
// * Created by IntelliJ IDEA.
// * User: Lu Yuxiang
// * Date: 2008-1-2
// * Time: 18:36:23
// * To change this template use File | Settings | File Templates.
// */
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
public class DESEncryptUtil {
public static Key createKey() throws NoSuchAlgorithmException {
Security.insertProviderAt(new com.sun.crypto.provider.SunJCE(), 1);
KeyGenerator generator = KeyGenerator.getInstance("DES");
generator.init(new SecureRandom());
Key key = generator.generateKey();
return key;
}
public static Key getKey(InputStream is) {
try {
ObjectInputStream ois = new ObjectInputStream(is);
return (Key) ois.readObject();
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException(e);
}
}
private static byte[] doEncrypt(Key key, byte[] data) {
try {
Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] raw = cipher.doFinal(data);
return raw;
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException(e);
}
}
public static InputStream doDecrypt(Key key, InputStream in) {
try {
Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, key);
ByteArrayOutputStream bout = new ByteArrayOutputStream();
byte[] tmpbuf = new byte[1024];
int count = 0;
while ((count = in.read(tmpbuf)) != -1) {
bout.write(tmpbuf, 0, count);
tmpbuf = new byte[1024];
}
in.close();
byte[] orgData = bout.toByteArray();
byte[] raw = cipher.doFinal(orgData);
ByteArrayInputStream bin = new ByteArrayInputStream(raw);
return bin;
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException(e);
}
}
public static void main(String[] args) throws Exception {
// args = new String[]{
// "decrypt",
// "f:\\en_system.properties",
// "f:\\key.dat"};
args = new String[]{
"encrypt",
"f:\\system.properties",
"f:\\key.dat"};
// args = new String[]{
// "key",
// "f:\\key.dat"};
if (args.length == 2 && args[0].equals("key")) {// 生成密钥文件
Key key = DESEncryptUtil.createKey();
ObjectOutputStream oos = new ObjectOutputStream(
new FileOutputStream(args[1]));
oos.writeObject(key);
oos.close();
System.out.println("成功生成密钥文件。");
} else if (args.length == 3 && args[0].equals("encrypt")) {//对文件进行加密
File file = new File(args[1]);
FileInputStream in = new FileInputStream(file);
ByteArrayOutputStream bout = new ByteArrayOutputStream();
byte[] tmpbuf = new byte[1024];
int count = 0;
while ((count = in.read(tmpbuf)) != -1) {
bout.write(tmpbuf, 0, count);
tmpbuf = new byte[1024];
}
in.close();
byte[] orgData = bout.toByteArray();
Key key = getKey(new FileInputStream(args[2]));
byte[] raw = DESEncryptUtil.doEncrypt(key, orgData);
file = new File("\\en_" + file.getName());
FileOutputStream out = new FileOutputStream(file);
out.write(raw);
out.close();
System.out.println("成功加密,加密文件位于:"+file.getAbsolutePath());
}
else if (args.length == 3 && args[0].equals("decrypt")) {
File file = new File(args[1]);
FileInputStream fis = new FileInputStream(file);
Key key = getKey(new FileInputStream(args[2]));
InputStream raw = DESEncryptUtil.doDecrypt(key, fis);
ByteArrayOutputStream bout = new ByteArrayOutputStream();
byte[] tmpbuf = new byte[1024];
int count = 0;
while ((count = raw.read(tmpbuf)) != -1) {
bout.write(tmpbuf, 0, count);
tmpbuf = new byte[1024];
}
raw.close();
byte[] orgData = bout.toByteArray();
file = new File(file.getParent() + "\\rs_" + file.getName());
FileOutputStream fos = new FileOutputStream(file);
fos.write(orgData);
System.out.println("成功解密,解密文件位于:"+file.getAbsolutePath());
}
}
}
MSN:
posted on 2008-01-13 13:18
kylixlu 阅读(2281)
评论(2) 编辑 收藏 所属分类:
Spring