1. 传输存储加密解密

046c4b10 · Shen · a01b5284 · 046c4b10 · 046c4b10 · 046c4b10
Commit 046c4b10 authored Sep 27, 2022 by Shen
8 changed files
--- a/hmit-admin/src/main/java/io/hmit/modules/appointment/controller/AppointmentOrderController.java
+++ b/hmit-admin/src/main/java/io/hmit/modules/appointment/controller/AppointmentOrderController.java
@@ -5,6 +5,7 @@ import io.hmit.common.constant.Constant;
 import io.hmit.common.page.PageData;
 import io.hmit.common.utils.ExcelUtils;
 import io.hmit.common.utils.Result;
+import io.hmit.common.utils.sm.SMUtil;
 import io.hmit.common.validator.AssertUtils;
 import io.hmit.common.validator.ValidatorUtils;
 import io.hmit.common.validator.group.AddGroup;
@@ -52,7 +53,10 @@ public class AppointmentOrderController {
    @RequiresPermissions("appointment:appointmentorder:page")
    public Result<PageData<AppointmentOrderDTO>> page(@ApiIgnore @RequestParam Map<String, Object> params){
        PageData<AppointmentOrderDTO> page = appointmentOrderService.page(params);
+        page.getList().forEach(item -> {
+            item.setAppointmentPhone(SMUtil.SM4Decrypt(item.getAppointmentPhone()));
+            item.setAppointmentIdCard(SMUtil.SM4Decrypt(item.getAppointmentIdCard()));
+        });
        return new Result<PageData<AppointmentOrderDTO>>().ok(page);
    }
@@ -61,7 +65,8 @@ public class AppointmentOrderController {
    @RequiresPermissions("appointment:appointmentorder:info")
    public Result<AppointmentOrderDTO> get(@PathVariable("id") Long id){
        AppointmentOrderDTO data = appointmentOrderService.get(id);
+        data.setAppointmentPhone(SMUtil.SM4Decrypt(data.getAppointmentPhone()));
+        data.setAppointmentIdCard(SMUtil.SM4Decrypt(data.getAppointmentIdCard()));
        return new Result<AppointmentOrderDTO>().ok(data);
    }
@@ -73,6 +78,9 @@ public class AppointmentOrderController {
        //校验数据
        ValidatorUtils.validateEntity(dto, AddGroup.class, DefaultGroup.class);
+        dto.setAppointmentPhone(SMUtil.SM4Encrypt(dto.getAppointmentPhone()));
+        dto.setAppointmentIdCard(SMUtil.SM4Encrypt(dto.getAppointmentIdCard()));
        appointmentOrderService.save(dto);
        return new Result();

--- a/hmit-admin/src/main/java/io/hmit/modules/appointment/service/AppointmentOrderService.java
+++ b/hmit-admin/src/main/java/io/hmit/modules/appointment/service/AppointmentOrderService.java
@@ -12,4 +12,6 @@ import io.hmit.modules.appointment.entity.AppointmentOrderEntity;
 */
 public interface AppointmentOrderService extends CrudService<AppointmentOrderEntity, AppointmentOrderDTO> {
+    void encryptOneTime();
 }
\ No newline at end of file
--- a/hmit-admin/src/main/java/io/hmit/modules/appointment/service/impl/AppointmentOrderServiceImpl.java
+++ b/hmit-admin/src/main/java/io/hmit/modules/appointment/service/impl/AppointmentOrderServiceImpl.java
@@ -2,6 +2,7 @@ package io.hmit.modules.appointment.service.impl;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import io.hmit.common.service.impl.CrudServiceImpl;
+import io.hmit.common.utils.sm.SMUtil;
 import io.hmit.modules.appointment.dao.AppointmentOrderDao;
 import io.hmit.modules.appointment.dto.AppointmentOrderDTO;
 import io.hmit.modules.appointment.entity.AppointmentOrderEntity;
@@ -9,6 +10,7 @@ import io.hmit.modules.appointment.service.AppointmentOrderService;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Service;
+import java.util.List;
 import java.util.Map;
 /**
@@ -33,4 +35,18 @@ public class AppointmentOrderServiceImpl extends CrudServiceImpl<AppointmentOrde
    }
+    /**
+     * <h2>对原始数据进行加密，请勿执行</h2>
+     */
+    @Override
+    @Deprecated
+    public void encryptOneTime() {
+        List<AppointmentOrderEntity> appointmentList =
+                baseDao.selectList(new QueryWrapper<AppointmentOrderEntity>().isNotNull("appointment_phone"));
+        for (AppointmentOrderEntity appointmentOrderEntity : appointmentList) {
+            appointmentOrderEntity.setAppointmentPhone(SMUtil.SM4Encrypt(appointmentOrderEntity.getAppointmentPhone()));
+            appointmentOrderEntity.setAppointmentIdCard(SMUtil.SM4Encrypt(appointmentOrderEntity.getAppointmentIdCard()));
+            baseDao.updateById(appointmentOrderEntity);
+        }
+    }
 }
--- a/hmit-admin/src/test/java/io/hmit/modules/appointment/service/impl/AppointmentOrderServiceImplTest.java
+++ b/hmit-admin/src/test/java/io/hmit/modules/appointment/service/impl/AppointmentOrderServiceImplTest.java
+package io.hmit.modules.appointment.service.impl;
+import io.hmit.modules.appointment.service.AppointmentOrderService;
+import lombok.extern.slf4j.Slf4j;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.transaction.annotation.Transactional;
+import static org.junit.Assert.*;
+/**
+ * TODO
+ *
+ * @author Shen && syf0412@vip.qq.com
+ * @since 2022/9/27 10:17
+ */
+@RunWith(SpringRunner.class)
+@SpringBootTest
+@Slf4j
+public class AppointmentOrderServiceImplTest {
+    @Autowired
+    private AppointmentOrderService appointmentOrderService;
+    @Test
+    @Transactional
+    public void encryptOneTime() {
+        appointmentOrderService.encryptOneTime();
+    }
+}
\ No newline at end of file
--- a/hmit-api/src/main/java/io/hmit/modules/appointment/controller/AppointmentOrderController.java
+++ b/hmit-api/src/main/java/io/hmit/modules/appointment/controller/AppointmentOrderController.java
@@ -11,6 +11,7 @@ import io.hmit.common.utils.DateUtils;
 import io.hmit.common.utils.HttpRequestUtil;
 import io.hmit.common.utils.MD5;
 import io.hmit.common.utils.Result;
+import io.hmit.common.utils.sm.SMUtil;
 import io.hmit.common.validator.AssertUtils;
 import io.hmit.common.validator.ValidatorUtils;
 import io.hmit.common.validator.group.AddGroup;
@@ -65,8 +66,9 @@ public class AppointmentOrderController {
    })
    public Result<PageData<AppointmentOrderDTO>> page(@ApiIgnore @RequestParam Map<String, Object> params,
                                                      @ApiIgnore @LoginUser UserEntity userEntity){
-        params.put("appointmentIdCard",userEntity.getIdCardNo());
+        // 对数据进行加密
-        params.put("appointmentPhone",userEntity.getMobile());
+        params.put("appointmentIdCard", SMUtil.SM4Encrypt(userEntity.getIdCardNo()));
+        params.put("appointmentPhone",  SMUtil.SM4Encrypt(userEntity.getMobile()));
        PageData<AppointmentOrderDTO> page = appointmentOrderService.page(params);
         page.getList().forEach(l->{
             //获取当前时间段事项预约总人数
@@ -90,6 +92,9 @@ public class AppointmentOrderController {
        if(null!=data.getStatus() && Constant.ReservationStatus.GET_NUM.getValue()<=data.getStatus() ) {
            data.setYynumberDTO(appointmentOrderService.findByYuNumber(data.getAppointmentNum()));
        }
+        // 返回信息解密
+        data.setAppointmentPhone(SMUtil.SM4Decrypt(data.getAppointmentPhone()));
+        data.setAppointmentIdCard(SMUtil.SM4Decrypt(data.getAppointmentIdCard()));
        return new Result<AppointmentOrderDTO>().ok(data);
    }
@@ -117,7 +122,8 @@ public class AppointmentOrderController {
        ValidatorUtils.validateEntity(dto, AddGroup.class, DefaultGroup.class);
        AppointmentOrderDTO appointmentOrderDTO =  new AppointmentOrderDTO().assembleAppointmentOrderDTO(dto,userEntity);
+        appointmentOrderDTO.setAppointmentPhone(SMUtil.SM4Encrypt(appointmentOrderDTO.getAppointmentPhone()));
+        appointmentOrderDTO.setAppointmentIdCard(SMUtil.SM4Encrypt(appointmentOrderDTO.getAppointmentIdCard()));
        appointmentOrderService.save(appointmentOrderDTO);
        ReservationSuccessDTO successData = ConvertUtils.sourceToTarget(appointmentOrderDTO,ReservationSuccessDTO.class);
@@ -161,7 +167,6 @@ public class AppointmentOrderController {
        data.setStatus(Constant.ReservationStatus.CANCEL.getValue());
        data.setStatusName(Constant.ReservationStatus.CANCEL.getMsg());
        data.setUpdateDate(new Date());
-        data.setUpdateDate(new Date());
        data.setUpdater(user.getId());
        appointmentOrderService.update(data);
@@ -191,8 +196,8 @@ public class AppointmentOrderController {
        //根据appointmentOrderId获取到订单实体
        AppointmentOrderDTO appointmentOrderDTO = appointmentOrderService.get(appointmentOrderId);
-            String appointmentIdCard = appointmentOrderDTO.getAppointmentIdCard();
+            String appointmentIdCard = SMUtil.SM4Decrypt(appointmentOrderDTO.getAppointmentIdCard());
-            String appointmentPhone = appointmentOrderDTO.getAppointmentPhone();
+            String appointmentPhone = SMUtil.SM4Decrypt(appointmentOrderDTO.getAppointmentPhone());
            String serviceId = appointmentOrderDTO.getServiceId().toString();
            String appointmentPerson = appointmentOrderDTO.getAppointmentPerson();
            String nowtime = String.valueOf(System.currentTimeMillis()/1000);
@@ -248,6 +253,8 @@ public class AppointmentOrderController {
        //校验数据
        ValidatorUtils.validateEntity(dto, UpdateGroup.class, DefaultGroup.class);
+        dto.setAppointmentPhone(SMUtil.SM4Encrypt(dto.getAppointmentPhone()));
+        dto.setAppointmentIdCard(SMUtil.SM4Encrypt(dto.getAppointmentIdCard()));
        appointmentOrderService.update(dto);
        return new Result();

--- a/hmit-api/src/main/java/io/hmit/modules/appointment/service/impl/AppointmentOrderServiceImpl.java
+++ b/hmit-api/src/main/java/io/hmit/modules/appointment/service/impl/AppointmentOrderServiceImpl.java
@@ -10,6 +10,7 @@ import io.hmit.common.utils.ConvertUtils;
 import io.hmit.common.utils.DateUtils;
 import io.hmit.common.utils.HttpRequestUtil;
 import io.hmit.common.utils.MD5;
+import io.hmit.common.utils.sm.SMUtil;
 import io.hmit.entity.UserEntity;
 import io.hmit.modules.appointment.dao.AppointmentOrderDao;
 import io.hmit.modules.appointment.dto.AppointmentOrderDTO;
@@ -20,6 +21,7 @@ import io.hmit.modules.appointment.service.AppointmentOrderService;
 import io.hmit.modules.appointment.service.AppointmentServiceService;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Service;
+import org.springframework.util.ObjectUtils;
 import org.springframework.web.bind.annotation.RequestParam;
 import springfox.documentation.annotations.ApiIgnore;
@@ -62,6 +64,16 @@ public class AppointmentOrderServiceImpl extends CrudServiceImpl<AppointmentOrde
        String phone = (String)params.get("appointmentPhone");
        String idCard = (String)params.get("appointmentIdCard");
+        /*
+         * 如果传进的 phone 和 idCard 值为为加密，则此处进行加密
+         */
+        if (!ObjectUtils.isEmpty(phone) && phone.matches(VALIDATE_PHONE)) {
+            phone = SMUtil.SM4Encrypt(phone);
+        }
+        if (!ObjectUtils.isEmpty(idCard) && idCard.matches(ID_NUMBER)) {
+            idCard = SMUtil.SM4Encrypt(idCard);
+        }
        QueryWrapper<AppointmentOrderEntity> wrapper = new QueryWrapper<>();
        wrapper.eq(StringUtils.isNotBlank(id), "id", id);
        wrapper.le(StringUtils.isNotBlank(flag) && "Y".equals(flag), "status", 2);
@@ -93,8 +105,8 @@ public class AppointmentOrderServiceImpl extends CrudServiceImpl<AppointmentOrde
        List<AppointmentOrderEntity> appointmentOrderEntities = new ArrayList<>();
        List<AppointmentOrderEntity> appointmentOrders = baseDao.selectList(new QueryWrapper<AppointmentOrderEntity>()
-                .eq(StringUtils.isNotBlank(phone), "appointment_phone", phone)
+                .eq(StringUtils.isNotBlank(phone), "appointment_phone", SMUtil.SM4Encrypt(phone))
-                .eq(StringUtils.isNotBlank(idCard), "appointment_id_card", idCard)
+                .eq(StringUtils.isNotBlank(idCard), "appointment_id_card", SMUtil.SM4Encrypt(idCard))
                .eq("status",Constant.ReservationStatus.RESERVATION.getValue())
                .like("appointment_time",now));

--- a/hmit-common/src/main/java/io/hmit/common/utils/sm/SMUtil.java
+++ b/hmit-common/src/main/java/io/hmit/common/utils/sm/SMUtil.java
@@ -24,7 +24,7 @@ import io.hmit.common.utils.sm.sm4.SM4Utils;
 */
 public class SMUtil {
-    public static final String SM4_KEY = "1946c9950c06b773a232abc866deaa920d0862fe1fdce3ea6ce963222068d3eb";
+    public static final String SM4_KEY = "Hpm8hpBIYd1EnC+A";
    public static final String SM2_PRIVATE_KEY_HEX = "1946c9950c06b773a232abc866deaa920d0862fe1fdce3ea6ce963222068d3eb";
    public static final String SM2_PUBLIC_KEY_HEX = "047b11abb349f69cc6bb099446aedf1faee1114fbcb5ad49493c39b12296e7ceb3919b3dfc3833af6383c7aa35bb01409641611e1ed894cd28e46984bb97bbc5a0c96a3ccbb9a2c939b1b005d2a51c9346e1b5a903cd61dac624784c6e8d19e5c4fcee348c3a45a2b04cbf8b47cc54e564";

--- a/hmit-common/src/main/java/io/hmit/common/utils/sm/sm4/SM4Utils.java
+++ b/hmit-common/src/main/java/io/hmit/common/utils/sm/sm4/SM4Utils.java
@@ -41,7 +41,7 @@ public class SM4Utils {
    /**
     * 当时用ECB模式的时候，和前端key一致
     */
-    private static final String secretKey = "123456789abcdefg";
+    private static final String secretKey = "Hpm8hpBIYd1EnC+A";
    /**
     * 当时用CBC模式的时候，和前端iv一致