posts - 66,comments - 41,trackbacks - 0
        最近HR要求把公司的HRMS一些关键数据加密,加密的数据应该包括两方面,一个是当然Spring读取的属性文件(e.g :System.properties),还有一个是数据库的关键字段(不知道当初设计时为什么没有实现加密,我真是搞不懂,现在扔给我,恶改ing)。
       关于加密properties文件,原理就是写一个新的类如EncryptPropertyPlaceholderConfigurer继承PropertyPlaceholderConfigurer类,然后在applicationContext-resources.xml的“propertyConfig”中的class改成你新写的这个类,如下所示:

 

 <bean id="propertyConfig"
          class
="org.kylixlu.framework.spring.bean.ReadEncryptedPropertyPlaceholderConfigurer">
        
<property name="locations">
            
<list>
                
<value>classpath:system.properties</value>
            
</list>
        
</property>
        
<property name="keyLocation" value="classpath:key.dat"/>
        
<property name="fileEncoding" value="utf-8"/>

    
</bean>

     这个EncryptPropertyPlaceholderConfigurer的代码如下:
 1package org.kylixlu.framework.spring.bean;
 2
 3import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
 4import org.springframework.core.io.Resource;
 5import org.springframework.util.PropertiesPersister;
 6import org.springframework.util.DefaultPropertiesPersister;
 7
 8import java.util.Properties;
 9import java.io.IOException;
10import java.io.InputStream;
11import java.io.InputStreamReader;
12import java.security.Key;
13
14import org.kylixlu.component.crypto.DESEncryptUtil;
15
16//import org.kylixlu.component.crypto.DESEncryptUtil;
17
18/**
19 * Created by IntelliJ IDEA.
20 * User: Lu Yuxiang
21 * Date: 2008-1-2
22 * Time: 17:53:25
23 * To change this template use File | Settings | File Templates.
24 */

25
26public class ReadEncryptedPropertyPlaceholderConfigurer
27        extends
28        PropertyPlaceholderConfigurer {
29    private Resource[] locations;
30    private Resource keyLocation;
31    private String fileEncoding;
32
33    public void setFileEncoding(String fileEncoding) {
34        this.fileEncoding = fileEncoding;
35    }

36
37    public void setKeyLocation(Resource keyLocation) {
38        this.keyLocation = keyLocation;
39    }

40
41    public void setLocations(Resource[] locations) {
42        this.locations = locations;
43    }

44
45    public void loadProperties(Properties props) throws IOException {
46        if (this.locations != null{
47            PropertiesPersister propertiesPersister = new DefaultPropertiesPersister();
48            for (int i = 0; i < this.locations.length; i++{
49                Resource location = this.locations[i];
50                InputStream is = null;
51
52                try {
53                    is = location.getInputStream();
54                    Key key = DESEncryptUtil.getKey(keyLocation
55                            .getInputStream());
56                    is = DESEncryptUtil.doDecrypt(key, is);
57                    if (fileEncoding != null{
58                        propertiesPersister.load(props, new InputStreamReader(is,
59                                fileEncoding));
60                    }
 else {
61                        propertiesPersister.load(props, is);
62                    }

63                }
 finally {
64                    if (is != null)
65                        is.close();
66                }

67            }

68        }

69    }

70}

71
下面再给出加密类的代码(这个加密类网上很多,直接down了一个,DES算法的)
package org.kylixlu.component.crypto;

///**
// * Created by IntelliJ IDEA.
// * User: Lu Yuxiang
// * Date: 2008-1-2
// * Time: 18:36:23
// * To change this template use File | Settings | File Templates.
// */
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;

public class DESEncryptUtil {
    public static Key createKey() throws NoSuchAlgorithmException {
        Security.insertProviderAt(new com.sun.crypto.provider.SunJCE(), 1);
        KeyGenerator generator = KeyGenerator.getInstance("DES");
        generator.init(new SecureRandom());
        Key key = generator.generateKey();
        return key;
    }

    public static Key getKey(InputStream is) {
        try {
            ObjectInputStream ois = new ObjectInputStream(is);
            return (Key) ois.readObject();
        } catch (Exception e) {
            e.printStackTrace();
            throw new RuntimeException(e);
        }
    }


    private static byte[] doEncrypt(Key key, byte[] data) {
        try {
            Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
            cipher.init(Cipher.ENCRYPT_MODE, key);
            byte[] raw = cipher.doFinal(data);
            return raw;
        } catch (Exception e) {
            e.printStackTrace();
            throw new RuntimeException(e);
        }
    }

    public static InputStream doDecrypt(Key key, InputStream in) {
        try {
            Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
            cipher.init(Cipher.DECRYPT_MODE, key);

            ByteArrayOutputStream bout = new ByteArrayOutputStream();
            byte[] tmpbuf = new byte[1024];
            int count = 0;
            while ((count = in.read(tmpbuf)) != -1) {
                bout.write(tmpbuf, 0, count);
                tmpbuf = new byte[1024];
            }
            in.close();

            byte[] orgData = bout.toByteArray();
            byte[] raw = cipher.doFinal(orgData);

            ByteArrayInputStream bin = new ByteArrayInputStream(raw);
            return bin;
        } catch (Exception e) {
            e.printStackTrace();
            throw new RuntimeException(e);
        }
    }

    public static void main(String[] args) throws Exception {
//        args = new String[]{
//                "decrypt",
//                "f:\\en_system.properties",
//                "f:\\key.dat"};
        args = new String[]{
                "encrypt",
                "f:\\system.properties",
                "f:\\key.dat"};
//        args = new String[]{
//                "key",
//                "f:\\key.dat"};
        if (args.length == 2 && args[0].equals("key")) {// 生成密钥文件
            Key key = DESEncryptUtil.createKey();
            ObjectOutputStream oos = new ObjectOutputStream(
                    new FileOutputStream(args[1]));
            oos.writeObject(key);
            oos.close();
            System.out.println("成功生成密钥文件。");
        } else if (args.length == 3 && args[0].equals("encrypt")) {//对文件进行加密
            File file = new File(args[1]);
            FileInputStream in = new FileInputStream(file);
            ByteArrayOutputStream bout = new ByteArrayOutputStream();
            byte[] tmpbuf = new byte[1024];
            int count = 0;
            while ((count = in.read(tmpbuf)) != -1) {
                bout.write(tmpbuf, 0, count);
                tmpbuf = new byte[1024];
            }
            in.close();
            byte[] orgData = bout.toByteArray();
            Key key = getKey(new FileInputStream(args[2]));
            byte[] raw = DESEncryptUtil.doEncrypt(key, orgData);
            file = new File("\\en_" + file.getName());

            FileOutputStream out = new FileOutputStream(file);
            out.write(raw);
            out.close();
            System.out.println("成功加密,加密文件位于:"+file.getAbsolutePath());
        }
  else if (args.length == 3 && args[0].equals("decrypt")) {

            File file = new File(args[1]);
            FileInputStream fis = new FileInputStream(file);
            Key key = getKey(new FileInputStream(args[2]));
            InputStream raw = DESEncryptUtil.doDecrypt(key, fis);

            ByteArrayOutputStream bout = new ByteArrayOutputStream();
            byte[] tmpbuf = new byte[1024];
            int count = 0;
            while ((count = raw.read(tmpbuf)) != -1) {
                bout.write(tmpbuf, 0, count);
                tmpbuf = new byte[1024];
            }
            raw.close();
            byte[] orgData = bout.toByteArray();
            file = new File(file.getParent() + "\\rs_" + file.getName());
            FileOutputStream fos = new FileOutputStream(file);
            fos.write(orgData);
            System.out.println("成功解密,解密文件位于:"+file.getAbsolutePath());
        }
    }
}




MSN:
posted on 2008-01-13 13:18 kylixlu 阅读(2284) 评论(2)  编辑  收藏 所属分类: Spring

FeedBack:
# re: 给Spring的.properties文件加密
2008-01-14 10:13 | honeyjava
有这样开源工具  回复  更多评论
  
# re: 给Spring的.properties文件加密[未登录]
2008-01-14 14:37 | 陆昱相
楼上应该说的是jasypt吧,HOHO,不会用啊  回复  更多评论
  

只有注册用户登录后才能发表评论。


网站导航: