公司漏洞检测,检测到 线上的jar包中配置文件里面数据库密码 ,redis密码等等配置都是明文,所以需要在配置文件中加密。所以为了实现该功能直接贴代码
贴一下原作者的git(原文章忘记在哪里了),感谢大佬

https://gitee.com/pychfarm_admin/encryption/tree/main

这里定义加密,解密方法,同时配置公钥,私钥
public class MyEncryptUtil {public static final String PUBLIC_KEY = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCBOkkkvjbOQ6UTCo8U4bRC/EcEtxz8haHg6lueM3NBbH3eIT7kfwQFOqj1h1qPGcQNeyn4vxzMWBAKzSQehjqVBL7/8GN7EZ7TEaUuWO+8qsuZnOdrztX7bNKACnks+SelmtbrbnFKUMAq2c2mS0o1V6iwyRxJYLGaHGXnz4KSkwIDAQAB";public static final String PRIVATE_KEY = "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAIE6SSS+Ns5DpRMKjxThtEL8RwS3HPyFoeDqW54zc0Fsfd4hPuR/BAU6qPWHWo8ZxA17Kfi/HMxYEArNJB6GOpUEvv/wY3sRntMRpS5Y77yqy5mc52vO1fts0oAKeSz5J6Wa1utucUpQwCrZzaZLSjVXqLDJHElgsZocZefPgpKTAgMBAAECgYAFaCDjTqoQWzgu4cQ2xXK7Ur7N7bNixVyOgn+u0MxDsnxZrN5qxP2wElI7Y5xgXF2diseoxqY3zn9tVEPsmwUcY73naoosx9V8oExgT/BUkZYIzj1ei08zOr984zl3dbFcxOCRvqywXj9FAAGx1mhmCzFCIauJg3aX0S9mt5/CwQJBAMYZsmMQ9owoXZuSclKVRfMHFpAPhQlcBM4xadhX0IRYATgNTxpESmcCoGWvyw3bvieNJyC9Njx6X4FJ2EZUzhECQQCm/2IM5MlsCwyKtME5RPFna2hSqYU80UzkNfDIyMokcU2JUI4Fhigog4ol0GFMiMBsHIjS+cJiAwNbIsq5rsJjAkA94yVBobkETFACHBwvBIdXxy0bUF3lcKPnrrQ8bCKuVbf7xNyjfhYoXD+zxNmQuMeNH6HLrpDVD/3qLCGuxyuhAkAiLPl/8gJWnhw+9qbkdXuB0rVS1WZy/9JgkblpHc5gjt9zTo0CDGaDhAftnSuMYiAe/+fwZTSmoj85k3ExdtZJAkEArJuG/NWY9HP4p7jtZX9rMokyB3517v7HQdJKBDIlOzseRC/roCvU8LQ/URDFBUqXCRgedxgW+0ZmKFf4xeawqw==";public static void main(String[] args) throws Exception {String message = "jfyt_1234";System.out.println("原始字符串: " + message);String messageEn = encrypt(message, PUBLIC_KEY);System.out.println("加密后的字符串为: " + messageEn);String messageDe = decrypt(messageEn, PRIVATE_KEY);System.out.println("还原后的字符串为: " + messageDe);}public static void generateKey() throws NoSuchAlgorithmException {KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");keyPairGen.initialize(1024, new SecureRandom());KeyPair keyPair = keyPairGen.generateKeyPair();RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();  // 得到私钥RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); // 得到公钥String publicKeyString = new String(Base64.encodeBase64(publicKey.getEncoded()));String privateKeyString = new String(Base64.encodeBase64((privateKey.getEncoded())));System.out.println("当前生成的公钥= " + publicKeyString);System.out.println("当前生成的私钥= " + privateKeyString);}public static String encrypt(String str, String publicKey) throws NoSuchAlgorithmException, BadPaddingException, IllegalBlockSizeException, NoSuchPaddingException, InvalidKeyException, InvalidKeySpecException {byte[] decoded = Base64.decodeBase64(publicKey);RSAPublicKey pubKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(decoded));Cipher cipher = Cipher.getInstance("RSA");cipher.init(Cipher.ENCRYPT_MODE, pubKey);return Base64.encodeBase64String(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8)));}public static String decrypt(String str, String privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, BadPaddingException, IllegalBlockSizeException, InvalidKeyException {byte[] inputByte = Base64.decodeBase64(str.getBytes(StandardCharsets.UTF_8));byte[] decoded = Base64.decodeBase64(privateKey);RSAPrivateKey priKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(decoded));Cipher cipher = Cipher.getInstance("RSA");cipher.init(Cipher.DECRYPT_MODE, priKey);return new String(cipher.doFinal(inputByte));}}

这里定义异常信息
public class PrivateKeyFindError extends Exception{public PrivateKeyFindError() {super();}public PrivateKeyFindError(String message) {super(message);}public PrivateKeyFindError(String message, Throwable cause) {super(message, cause);}public PrivateKeyFindError(Throwable cause) {super(cause);}protected PrivateKeyFindError(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {super(message, cause, enableSuppression, writableStackTrace);}
}

这里 我们获取配置文件中的加密配置,然后解密,主要通过前缀后缀的修改
public class EnableEncryptionData implements BeanFactoryPostProcessor, Ordered {public static final String PREFIX_PROPERTY = "encryption.prefix";public static final String SUFFIX_PROPERTY = "encryption.suffix";public static final String RSA_PUBLIC_KEY_PROPERTY = "encryption.rsa.publicKey";public static final String RSA_PRIVATE_KEY_PROPERTY = "encryption.rsa.privateKey";public static final String DEFAULT_PREFIX = "PWD[";public static final String DEFAULT_SUFFIX = "]";public static final String HF_PRIVATE_KEY_PATH = "hf_private_key";private static final Logger LOG = LoggerFactory.getLogger(EnableEncryptionData.class);private static final Properties properties = new Properties();private final ConfigurableEnvironment environment;private String prefix;private String suffix;private String privateKey;public EnableEncryptionData(ConfigurableEnvironment environment) {this.environment = environment;}@SneakyThrows@Overridepublic void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {MutablePropertySources propertySources = environment.getPropertySources();for (PropertySource<?> propertySource : propertySources) {if (propertySource.getSource() instanceof Map) {Map<String, Object> source = (Map) propertySource.getSource();for (String key : source.keySet()){String property = environment.getProperty(key);if(hasPreAndSuf(property)) {Map<String, Object> properties = new HashMap<>();String relay = splitPreAndSuf(property, this.prefix, this.suffix);String decrypt = MyEncryptUtil.decrypt(relay, getPrivateKey(environment));properties.put(key, decrypt);propertySources.addFirst(new MapPropertySource(getRandStr(5),properties));}}这里是原博客作者代码块,但是我在实际使用时发现  source.put(k, decrypt) 将解密后的配置进行写入时候,
出现了map java.lang.UnsupportedOperationException异常,主要原因是
,从配置文件中读取到的参数是只读的,不可修改,所以source.put()会抛异常,
所以改成了propertySources.addFirst(new MapPropertySource(getRandStr(5),properties));
//                source.forEach((k, v) -> {//                    String property = environment.getProperty(k);
//                    if (hasPreAndSuf(property)) {//                        LOG.info("开始处理 k = [{}]", k);
//                        try {//                            String relay = splitPreAndSuf(property, this.prefix, this.suffix);
//                            String decrypt = MyEncryptUtil.decrypt(relay, getPrivateKey(environment));
//                            source.put(k, decrypt);
//                        }
//                        catch (Exception e) {//                            LOG.error("e = ", e);
//                        }
//                    }
//                });}}}public static String getRandStr(int num){String strs = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";StringBuffer buff = new StringBuffer();for(int i=1;i<=num;i++){char str = strs.charAt((int)(Math.random() * 26));buff.append(str);}return buff.toString();}private String getPrivateKey(ConfigurableEnvironment environment) throws PrivateKeyFindError {return MyEncryptUtil.PRIVATE_KEY;//        throw new PrivateKeyFindError("rsa private key is null!");}
判断配置文件中的参数是否以我们定义的前缀后缀结尾private boolean hasPreAndSuf(String property) {return property.startsWith(getPrefix(environment)) && property.endsWith(getSuffix(environment));}protected String splitPreAndSuf(String str, String prefix, String suffix) {return str.replace(prefix, "").replace(suffix, "");}private String getSuffix(ConfigurableEnvironment environment) {this.suffix = environment.getProperty(SUFFIX_PROPERTY);if (StringUtils.hasLength(suffix)) {return this.suffix;}this.suffix = DEFAULT_SUFFIX;return DEFAULT_SUFFIX;}private String getPrefix(ConfigurableEnvironment environment) {this.prefix = environment.getProperty(PREFIX_PROPERTY);if (StringUtils.hasLength(prefix)) {return this.prefix;}this.prefix = DEFAULT_PREFIX;return DEFAULT_PREFIX;}@Overridepublic int getOrder() {return Ordered.LOWEST_PRECEDENCE - 100;}static {InputStream resource = Thread.currentThread().getContextClassLoader().getResourceAsStream(HF_PRIVATE_KEY_PATH);try {if (resource != null) {properties.load(resource);}}catch (IOException e) {e.printStackTrace();}}
}
进行启动配置
@Configuration
public class CustomerBean {@Beanpublic static EnableEncryptionData enableEncryptionData(final ConfigurableEnvironment environment) {return new EnableEncryptionData(environment);}
}

到这里已经完成了,接下来看一下配置文件如何使用

以PWD[为前缀,]为后缀
app.db.password=PWD[baII5Yc8yLoBudUwYI5OlclhZ41Qz34Z1b/MjEuKuhbFVlXKQ65fZQgdwMiSR+CXp/1j3aLHpAN16857H7fZxWz+iT/ldiBVNk4kn+VKQ2mBZVXnvRclXKqJ7/9YSecg1JCkmLRaHFyVjudmMXJikjtvKVIimKstYY5sdHFUqTY=]

有一点小问题,需要先将密码加密然后再进行配置,

spring boot配置文件自定义加密配置相关推荐

  1. Spring Boot 配置文件密码加密方法

    参考:https://github.com/ulisesbocchio/jasypt-spring-boot Spring Boot 配置文件密码加密两种方案 - ken007 - 博客园 1.引入j ...

  2. Spring Boot 配置文件这样加密,才足够安全!

    1. 前景 在使用Springboot时,通常很多信息都是在application.yml中直接明文配置的,比如数据库链接信息,redis链接信息等等.但是这样是不安全的. 所以需要对敏感数据进行加密 ...

  3. Spring Boot配置文件---约定大于配置

       Spring Boot 默认全局配置文件,分别是properties文件和yml文件.他们主要作用是修改Spring Boot的自动配置的默认值,相对于properties文件而言,更多人喜欢使 ...

  4. springboot 读取配置文件_使用 @ConfigurationProperties 在 Spring Boot 中加载配置

    本文地址: 使用 @ConfigurationProperties 在 Spring Boot 中加载配置 使用 Spring Boot 加载配置文件的配置非常便利,我们只需要使用一些注解配置一下就能 ...

  5. springboot跳转html_畅游Spring Boot系列 — 自定义配置

    这里要说的自定义配置主要是两类:一类是关于Spring MVC的扩展配置,一类是Spring Boot自身通过配置文件的自定义配置 首先,我们来看一下SpringBoot中关于Spring MVC的相 ...

  6. spring boot使用jasypt加密原理解析

    目录 版本对应的坑 关键技术点 源码解析 将jar包引入到spring boot中 @EnableAutoConfiguration原理 JasyptSpringBootAutoConfigurati ...

  7. Spring Boot配置文件学习记录【1】

    [1]Spring Boot配置文件 Spring Boot配置层面的知识已学习完.总结一下本周的学习内容,一切都需要从@SpringBootApplication谈起,因为它,做到了真正配置文件的简 ...

  8. Spring Boot配置文件放在jar外部

    Spring Boot配置文件放在jar外部 2018年03月16日 10:09:17 qq_37334435 阅读数:1488 Spring Boot程序默认从application.propert ...

  9. Spring Boot 配置文件中的花样,看这一篇足矣!

    点击蓝色"程序猿DD"关注我哟 加个"星标",不忘签到哦 关注我,回复口令获取可获取独家整理的学习资料: - 001 :领取<Spring Boot基础教 ...

最新文章

  1. c语言让数组地址对齐,C语言实现比特位数组在目标空间左右居中对齐三种方式...
  2. 韶关无线电厂台式计算机,中国芯片30年的历史 它背后有哪些不为人知的故事?...
  3. 单页vue路由router
  4. theoretical-零基础学Qt4编程之Qt核心机制与原理之信号与槽-
  5. 设计模式---状态模式(C++实现)
  6. 【人民币识别】基于matlab GUI人民币序列号识别【含Matlab源码 908期】
  7. 第16章 Tomcat配置
  8. 非线性光纤光学_多模光纤中的非线性光学
  9. ICTCLAS 汉语词性标注
  10. 4-2 jmu-java-m04-Person、Teacher与Student (10分)
  11. 每日一篇系列---CSS3实现下雨动效
  12. 使用STM32F4浮点运算(FPU)功能开启+使用DSP库
  13. 数据仓库 Inmon
  14. JAVA--多对多关系
  15. 剑指offer每日六题---------day five
  16. 计算机基础中如何属性隐藏,-XP系统如何显示隐藏的文件夹
  17. 激活MDI中已经打开过的文件
  18. avahi-daemon启动失败-解决方法-linux
  19. 亲身实践已解决:Mysql Row size too large ( 8126). Changing some columns to TEXT or BLOB or using ROW_FORMAT
  20. 求推荐一款带日历的电脑桌面记事便签

热门文章

  1. 政采云测试工程师校招面经
  2. 计算机组成原理教材广西大学,2017年广西大学计算机与电子信息学院408计算机学科专业基础综合之计算机组成原理考研仿真模拟题...
  3. Developing with Visual Studio Code 使用Visual Studio代码进行开发 Lynda课程中文字幕
  4. 刚刚热乎的Win11该如何配置
  5. DockerCompose MongoDB 副本集(集群) (客户端验证密码 - 集群内部使用mongodbKeyfile验证 ) 部署
  6. Django 修改superuser密码
  7. 读《Google工作整理术》
  8. 电脑电源输出电压的色线代表多少伏
  9. 【机器学习】时间序列 ACF 和 PACF 理解、代码、可视化
  10. 5年匠心之作,深度探索Linux虚拟化