mybatis plus 實現敏感數據的加密
- 2019 年 12 月 19 日
- 筆記
最近在做項目,需要實現對身份證,密碼等敏感數據的加密,即不能以明文存儲密碼到資料庫。 上網查了一下資料,解決辦法如下:
- 寫加密解密的工具類
import org.apache.commons.codec.binary.Base64; import javax.crypto.Cipher; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; public class AES { // 密鑰 public static String key = "AD42F6697B035B7580E4FEF93BE20BAD"; private static String charset = "utf-8"; // 偏移量 private static int offset = 16; private static String transformation = "AES/CBC/PKCS5Padding"; private static String algorithm = "AES"; /** * 加密 * * @param content * @return */ public static String encrypt(String content) { return encrypt(content, key); } /** * 解密 * * @param content * @return */ public static String decrypt(String content) { return decrypt(content, key); } /** * 加密 * * @param content 需要加密的內容 * @param key 加密密碼 * @return */ public static String encrypt(String content, String key) { try { SecretKeySpec skey = new SecretKeySpec(key.getBytes(), algorithm); IvParameterSpec iv = new IvParameterSpec(key.getBytes(), 0, offset); Cipher cipher = Cipher.getInstance(transformation); byte[] byteContent = content.getBytes(charset); cipher.init(Cipher.ENCRYPT_MODE, skey, iv);// 初始化 byte[] result = cipher.doFinal(byteContent); return new Base64().encodeToString(result); // 加密 } catch (Exception e) { // LogUtil.exception(e); } return null; } /** * AES(256)解密 * * @param content 待解密內容 * @param key 解密密鑰 * @return 解密之後 * @throws Exception */ public static String decrypt(String content, String key) { try { SecretKeySpec skey = new SecretKeySpec(key.getBytes(), algorithm); IvParameterSpec iv = new IvParameterSpec(key.getBytes(), 0, offset); Cipher cipher = Cipher.getInstance(transformation); cipher.init(Cipher.DECRYPT_MODE, skey, iv);// 初始化 byte[] result = cipher.doFinal(new Base64().decode(content)); return new String(result); // 解密 } catch (Exception e) { //LogUtil.exception(e); } return null; } public static void main(String[] args) throws Exception { String s = "hello world"; // 加密 System.out.println("加密前:" + s); String encryptResultStr = encrypt(s); System.out.println("加密後:" + encryptResultStr); // 解密 System.out.println("解密後:" + decrypt(encryptResultStr)); } }
- 繼承BaseTypeHandler ,實現對數據的轉換
import org.apache.ibatis.type.BaseTypeHandler; import org.apache.ibatis.type.JdbcType; import java.sql.CallableStatement; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; /** * @author starmark * @date 19-12-17 下午8:38 */ public class AESEncryptHandler extends BaseTypeHandler { @Override public void setNonNullParameter(PreparedStatement ps, int i, Object parameter, JdbcType jdbcType) throws SQLException { ps.setString(i, AES.encrypt((String)parameter)); } @Override public String getNullableResult(ResultSet rs, String columnName) throws SQLException { String columnValue = rs.getString(columnName); return AES.decrypt(columnValue); } @Override public String getNullableResult(ResultSet rs, int columnIndex) throws SQLException { String columnValue = rs.getString(columnIndex); return AES.decrypt(columnValue); } @Override public String getNullableResult(CallableStatement cs, int columnIndex) throws SQLException { String columnValue = cs.getString(columnIndex); return AES.decrypt(columnValue); } }
- 有po類中,實現相關類型註解,
/** * 用戶管理 */ @Data @EqualsAndHashCode(callSuper = false) @TableName(autoResultMap = true) public class SysOrgUser extends BaseUpdateModel { /** * 登陸帳戶 */ private String loginName; /** * 密碼 */ @TableField(typeHandler = AESEncryptHandler.class) private String password;
至此,密碼等敏感資訊已處理好。
