一、前言
由于项目需求,需要用到前后端数据的加解密操作。在网上查找了了相关资料,但在实际应用中遇到了一些问题,不能完全满足我的要求。
以此为基础(前后端接口AES+RSA混合加解密详解(vue+SpringBoot)附完整源码)进行了定制化的改造,以提高代码的效率和易用性
二、工具类
请参考前言中引入的链接,复制
后端加密工具类:AESUtils、RSAUtils、MD5Util、ApiSecurityUtils
替换Base64,使用jdk内置的
AESUtils、ApiSecurityUtils
Base64.getEncoder().encodeToString
Base64.getDecoder().decode
RSAUtils,之所以这个工具类使用以下方法,因为它会报Illegal base64 character a
Base64.getMimeEncoder().encodeToString
Base64.getMimeDecoder().decode
前端加密工具类
三、后端实现代码
3.1、请求返回
import lombok.Data;
import org.springframework.stereotype.Component;/*** @author Mr.Jie* @version v1.0* @description 用于返回前端解密返回体的aeskey和返回体* @date 2024/8/11 下午4:12**/
@Data
@Component
public class ApiEncryptResult {private String aesKeyByRsa;private String data;private String frontPublicKey;
}
3.2、注解
import org.springframework.web.bind.annotation.Mapping;import java.lang.annotation.*;/*** @author Mr.Jie* @version v1.0* @description 加解密算法* @date 2024/8/12 上午9:19**/
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Mapping
@Documented
public @interface SecurityParameter {/*** 入参是否解密,默认解密*/boolean isDecode() default true;/*** 输出参数是否加密,默认加密**/boolean isOutEncode() default true;
}
3.3、异常处理
/*** @author Mr.Jie* @version v1.0* @description 解密数据失败异常* @date 2024/8/12 上午9:43**/
public class DecryptBodyFailException extends RuntimeException {private String code;public DecryptBodyFailException() {super("Decrypting data failed. (解密数据失败)");}public DecryptBodyFailException(String message, String errorCode) {super(message);code = errorCode;}public DecryptBodyFailException(String message) {super(message);}public String getCode() {return code;}
}
3.4、解密信息输入流
import lombok.AllArgsConstructor;
import lombok.NoArgsConstructor;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpInputMessage;import java.io.IOException;
import java.io.InputStream;/*** @author Mr.Jie* @version v1.0* @description 解密信息输入流* @date 2024/8/12 上午9:43**/
@NoArgsConstructor
@AllArgsConstructor
public class DecryptHttpInputMessage implements HttpInputMessage {private InputStream body;private HttpHeaders headers;@Overridepublic InputStream getBody() throws IOException {return body;}@Overridepublic HttpHeaders getHeaders() {return headers;}
}
3.5、接口数据解密
import cn.hutool.core.convert.Convert;
import com.alibaba.fastjson.JSONObject;
import com.longsec.encrypt.exception.DecryptBodyFailException;
import com.longsec.encrypt.utils.ApiSecurityUtils;
import com.longsec.encrypt.utils.MD5Util;
import com.longsec.common.redis.RedisUtils;
import com.longsec.common.utils.StringUtils;
import com.longsec.encrypt.annotation.SecurityParameter;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.io.IOUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.MethodParameter;
import org.springframework.http.HttpInputMessage;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.RestControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice;import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Type;
import java.nio.charset.StandardCharsets;import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;/*** @author Mr.Jie* @version v1.0* @description 接口数据解密 核心的方法就是 supports,该方法返回的boolean值,* 决定了是要执行 beforeBodyRead 方法。而我们主要的逻辑就是在beforeBodyRead方法中,对客户端的请求体进行解密。* RequestBodyAdvice这个接口定义了一系列的方法,它可以在请求体数据被HttpMessageConverter转换前后,执行一些逻辑代码。通常用来做解密* 本类只对控制器参数中含有<strong>{@link org.springframework.web.bind.annotation.RequestBody}</strong>* @date 2024/8/12 上午9:43**/
@Slf4j
@RestControllerAdvice
@Component
public class DecodeRequestBodyAdvice implements RequestBodyAdvice {@Autowiredprivate RedisUtils redisUtils;protected static String jsPublicKey = "";@Overridepublic boolean supports(MethodParameter methodParameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {//如果等于false则不执行return methodParameter.getMethod().isAnnotationPresent(SecurityParameter.class);}@Overridepublic HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) throws IOException {// 定义是否解密boolean encode = false;SecurityParameter serializedField = parameter.getMethodAnnotation(SecurityParameter.class);//入参是否需要解密if (serializedField != null) {encode = serializedField.isDecode();}log.info("对方法method :【" + parameter.getMethod().getName() + "】数据进行解密!");inputMessage.getBody();String body;try {body = IOUtils.toString(inputMessage.getBody(), StandardCharsets.UTF_8);} catch (Exception e) {throw new DecryptBodyFailException("无法获取请求正文数据,请检查发送数据体或请求方法是否符合规范。");}if (StringUtils.isEmpty(body)) {throw new DecryptBodyFailException("请求正文为NULL或为空字符串,因此解密失败。");}//解密if (encode) {try {// 获取当前的ServletRequestAttributesServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();if (attributes != null) {// 获取原始的HttpServletRequest对象HttpServletRequest request = attributes.getRequest();// 从请求头中获取X-Access-TokenString token = request.getHeader("X-Access-Token");if (StringUtils.isEmpty(token)) {throw new DecryptBodyFailException("无法获取请求头中的token");}// 使用token进行进一步操作JSONObject jsonBody = JSONObject.parseObject(body);if (null != jsonBody) {String dataEncrypt = jsonBody.getString("data");String aeskey = jsonBody.getString("aeskey");jsPublicKey = jsonBody.getString("frontPublicKey");String md5Token = MD5Util.md5(token);String privateKey = Convert.toStr(redisUtils.getCacheObject(md5Token + "privateKey"));body = ApiSecurityUtils.decrypt(aeskey, dataEncrypt, privateKey);}}InputStream inputStream = IOUtils.toInputStream(body, StandardCharsets.UTF_8);return new DecryptHttpInputMessage(inputStream, inputMessage.getHeaders());} catch (DecryptBodyFailException e) {throw new DecryptBodyFailException(e.getMessage(), e.getCode());} catch (Exception e) {throw new RuntimeException(e);}}InputStream inputStream = IOUtils.toInputStream(body, StandardCharsets.UTF_8);return new DecryptHttpInputMessage(inputStream, inputMessage.getHeaders());}@Overridepublic Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {return body;}@Overridepublic Object handleEmptyBody(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {return body;}//这个方法为获取前端给后端用于加密aeskey的rsa公钥public static String getJsPublicKey() {return jsPublicKey;}
}
3.6、响应数据的加密处理
import com.alibaba.fastjson.JSON;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.longsec.encrypt.annotation.SecurityParameter;
import com.longsec.encrypt.utils.ApiEncryptResult;
import com.longsec.encrypt.utils.ApiSecurityUtils;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.core.MethodParameter;
import org.springframework.core.annotation.Order;
import org.springframework.http.MediaType;
import org.springframework.http.server.ServerHttpRequest;
import org.springframework.http.server.ServerHttpResponse;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;/*** @author Mr.Jie* @version v1.0* @description 响应数据的加密处理* 本类只对控制器参数中含有<strong>{@link org.springframework.web.bind.annotation.ResponseBody}</strong>* 或者控制类上含有<strong>{@link org.springframework.web.bind.annotation.RestController}</strong>* @date 2024/8/12 上午9:43**/
@Order(1)
@ControllerAdvice
@Slf4j
public class EncryptResponseBodyAdvice implements ResponseBodyAdvice {private final ObjectMapper objectMapper;public EncryptResponseBodyAdvice(ObjectMapper objectMapper) {this.objectMapper = objectMapper;}@Overridepublic boolean supports(MethodParameter methodParameter, Class aClass) {//这里设置成false 它就不会再走这个类了return methodParameter.getMethod().isAnnotationPresent(SecurityParameter.class);}@Overridepublic Object beforeBodyWrite(Object body, MethodParameter methodParameter, MediaType mediaType, Class aClass, ServerHttpRequest serverHttpRequest, ServerHttpResponse serverHttpResponse) {if (body == null) {return null;}serverHttpResponse.getHeaders().setContentType(MediaType.TEXT_PLAIN);String formatStringBody = null;try {formatStringBody = objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(body);} catch (JsonProcessingException e) {e.printStackTrace();}log.info("开始对返回值进行加密操作!");// 定义是否解密boolean encode = false;//获取注解配置的包含和去除字段SecurityParameter serializedField = methodParameter.getMethodAnnotation(SecurityParameter.class);//入参是否需要解密if (serializedField != null) {encode = serializedField.isOutEncode();}log.info("对方法method :【" + methodParameter.getMethod().getName() + "】数据进行加密!");if (encode) {String jsPublicKey = DecodeRequestBodyAdvice.getJsPublicKey();if (StringUtils.isNotBlank(jsPublicKey)) {ApiEncryptResult apiEncryptRes;try {apiEncryptRes = ApiSecurityUtils.encrypt(JSON.toJSONString(formatStringBody), jsPublicKey);} catch (Exception e) {throw new RuntimeException(e);}return apiEncryptRes;}}return body;}
}
3.7、获取RSA公钥接口
import lombok.RequiredArgsConstructor;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;import java.util.Map;/*** @author Mr.Jie* @version v1.0* @description 获取RSA公钥接口* @date 2024/8/11 下午4:04**/
@CrossOrigin
@RestController
@RequestMapping("api/encrypt")
@RequiredArgsConstructor
public class EncryptApi {private final RedisUtils redisUtil;@GetMapping("/getPublicKey")public Object getPublicKey() throws Exception {//获取当前登陆账号对应的token,这行代码就不贴了。String token = "42608991";String publicKey = "";if (StringUtils.isNotBlank(token)) {Map<String, String> stringStringMap = RSAUtils.genKeyPair();publicKey = stringStringMap.get("publicKey");String privateKey = stringStringMap.get("privateKey");String md5Token = MD5Util.md5(token);//这个地方的存放时间根据你的token存放时间走redisUtil.setCacheObject(md5Token + "publicKey", publicKey);redisUtil.setCacheObject(md5Token + "privateKey", privateKey);}return R.ok(publicKey);}
}
3.8、对外接口调用
import com.alibaba.fastjson.JSONObject;
import com.l.api.param.ApiParam;
import com.l.common.annotation.Log;
import com.l.common.core.controller.BaseController;
import com.l.common.enums.BusinessType;
import com.l.common.encrypt.annotation.SecurityParameter;
import com.l.tools.HttpClientUtil;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;/*** @author Mr.Jie* @version v1.0* @description 统一对外接口* @date 2024/8/1 下午3:59**/
@Api(tags = "统一对外接口")
@CrossOrigin
@Controller
@RequiredArgsConstructor
@RequestMapping("/api/uniformInterface")
public class UniformInterfaceApi extends BaseController {private final HttpClientUtil httpClientUtil;@PostMapping("/invoke")@ResponseBody@Log(title = "统一接口", businessType = BusinessType.API)@ApiOperation(value = "统一接口", produces = "application/json")@SecurityParameterpublic Object invoke(@RequestBody ApiParam dto) {try {JSONObject param = JSONObject.parseObject(dto.getJsonParam());Object obj = httpClientUtil.getDubboService(dto.getServiceKey(), param, true);return success(obj);} catch (Exception e) {return error("服务调用异常:" + e.getMessage());}}
}
四、前端实现代码
4.1、axios请求统一处理
import Axios from 'axios'
import {getRsaKeys, rsaEncrypt, rsaDecrypt, aesDecrypt, aesEncrypt, get16RandomNum} from '../utii/encrypt'/*** axios实例* @type {AxiosInstance}*/
const instance = Axios.create({headers: {x_requested_with: 'XMLHttpRequest'}
})
let frontPrivateKey
/*** axios请求过滤器*/
instance.interceptors.request.use(async config => {if (sessionStorage.getItem('X-Access-Token')) {// 判断是否存在token,如果存在的话,则每个http header都加上tokenconfig.headers['X-Access-Token'] = sessionStorage.getItem('X-Access-Token')}if (config.headers['isEncrypt']) {// config.headers['Content-Type'] = 'application/json;charset=utf-8'if (config.method === 'post' || config.method === 'put') {const {privateKey, publicKey} = await getRsaKeys()let afterPublicKey = sessionStorage.getItem('afterPublicKey')frontPrivateKey = privateKey//每次请求生成aeskeylet aesKey = get16RandomNum()//用登陆后后端生成并返回给前端的的RSA密钥对的公钥将AES16位密钥进行加密let aesKeyByRsa = rsaEncrypt(aesKey, afterPublicKey)//使用AES16位的密钥将请求报文加密(使用的是加密前的aes密钥)if (config.data) {let data = aesEncrypt(aesKey, JSON.stringify(config.data))config.data = {data: data,aeskey: aesKeyByRsa,frontPublicKey: publicKey}}if (config.params) {let data = aesEncrypt(aesKey, JSON.stringify(config.params))config.params = {params: data,aeskey: aesKeyByRsa,frontPublicKey: publicKey}}}}return config},err => {return Promise.reject(err)}
)
/*** axios响应过滤器*/
instance.interceptors.response.use(response => {//后端返回的通过rsa加密后的aes密钥let aesKeyByRsa = response.data.aesKeyByRsaif (aesKeyByRsa) {//通过rsa的私钥对后端返回的加密的aeskey进行解密let aesKey = rsaDecrypt(aesKeyByRsa, frontPrivateKey)//使用解密后的aeskey对加密的返回报文进行解密var result = response.data.data;result = JSON.parse(JSON.parse(aesDecrypt(aesKey, result)))return result} else {return response.data}}
)export default instance
4.2、调用示例
export const saveStudent = (data) => {return axios.request({url: api.invoke,method: 'post',headers: {//需要加密的请求在头部塞入标识isEncrypt: 1},data})
}
五、实现效果
请求加密数据
返回加密数据