diff --git a/pom.xml b/pom.xml
index 2075f725..8e8160a2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
4.0.0
fateboard
fateboard
- 1.11.1
+ 1.11.3
org.springframework.boot
@@ -36,13 +36,19 @@
org.springframework.boot
spring-boot-starter-web
+
+
+
+
+
+
-
- org.springframework
- spring-webmvc
- 5.3.26
- compile
-
+
+
+
+
+
+
@@ -154,6 +160,12 @@
org.springframework.cloud
spring-cloud-starter-openfeign
+
+ org.yaml
+ snakeyaml
+ 2.0
+ compile
+
diff --git a/src/main/java/com/webank/ai/fate/board/services/UserService.java b/src/main/java/com/webank/ai/fate/board/services/UserService.java
index 60e60233..003050d3 100644
--- a/src/main/java/com/webank/ai/fate/board/services/UserService.java
+++ b/src/main/java/com/webank/ai/fate/board/services/UserService.java
@@ -16,6 +16,7 @@
package com.webank.ai.fate.board.services;
import com.webank.ai.fate.board.pojo.UserDTO;
+import com.webank.ai.fate.board.utils.AESUtil;
import com.webank.ai.fate.board.utils.StandardRSAUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
@@ -69,6 +70,7 @@ public boolean checkUser(String username, String password) {
String encrypted = getValue("server.board.encrypt.enable");
if (StringUtils.isNotBlank(privateKey) && "true".equalsIgnoreCase(encrypted)) {
try {
+ privateKey = AESUtil.aesDecrypt(privateKey, AESUtil.aesKey);
passwordValue = StandardRSAUtils.decryptByPrivateKey(passwordValue, privateKey);
} catch (Exception e) {
logger.error("decrypt password error");
diff --git a/src/main/java/com/webank/ai/fate/board/utils/AESUtil.java b/src/main/java/com/webank/ai/fate/board/utils/AESUtil.java
new file mode 100644
index 00000000..6e03093c
--- /dev/null
+++ b/src/main/java/com/webank/ai/fate/board/utils/AESUtil.java
@@ -0,0 +1,92 @@
+package com.webank.ai.fate.board.utils;
+
+
+import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
+import org.apache.commons.lang3.StringUtils;
+import sun.misc.BASE64Decoder;
+import sun.misc.BASE64Encoder;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+
+
+public class AESUtil {
+
+
+ public static String aesKey = "94kl35k25d3t2rk1";
+
+
+ // 加密
+ public static String encrypt(String sSrc, String encryptKey) throws Exception {
+ Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+ byte[] raw = encryptKey.getBytes();
+ SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
+ IvParameterSpec iv = new IvParameterSpec(encryptKey.getBytes());// 使用CBC模式,需要一个向量iv,可增加加密算法的强度
+ cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
+ byte[] encrypted = cipher.doFinal(sSrc.getBytes("utf-8"));
+ // 此处使用BASE64做转码。
+ return new BASE64Encoder().encode(encrypted).replaceAll("[\\s*\t\n\r]", "");
+ }
+
+
+ /**
+ * base 64 encode
+ *
+ * @param bytes 待编码的byte[]
+ * @return 编码后的base 64 code
+ */
+ public static String base64Encode(byte[] bytes) {
+ return Base64.encode(bytes);
+ }
+
+ /**
+ * base 64 decode
+ *
+ * @param base64Code 待解码的base 64 code
+ * @return 解码后的byte[]
+ * @throws Exception
+ */
+ public static byte[] base64Decode(String base64Code) throws Exception {
+ return StringUtils.isEmpty(base64Code) ? null : new BASE64Decoder().decodeBuffer(base64Code);
+ }
+
+
+ /**
+ * AES解密
+ *
+ * @param encryptBytes 待解密的byte[]
+ * @param decryptKey 解密密钥
+ * @return 解密后的String
+ * @throws Exception
+ */
+ public static String aesDecryptByBytes(byte[] encryptBytes, String decryptKey) throws Exception {
+ IvParameterSpec iv = new IvParameterSpec(decryptKey.getBytes("UTF-8"));
+ SecretKeySpec skeySpec = new SecretKeySpec(decryptKey.getBytes("UTF-8"), "AES");
+
+ Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+ cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
+ byte[] decryptBytes = cipher.doFinal(encryptBytes);
+ return new String(decryptBytes);
+ }
+
+
+ /**
+ * 将base 64 code AES解密
+ *
+ * @param encryptStr 待解密的base 64 code
+ * @param decryptKey 解密密钥
+ * @return 解密后的string
+ * @throws Exception
+ */
+ public static String aesDecrypt(String encryptStr, String decryptKey) throws Exception {
+ return StringUtils.isEmpty(encryptStr) ? null : aesDecryptByBytes(base64Decode(encryptStr), decryptKey);
+ }
+
+ public static void main(String[] args) throws Exception {
+ String t = "test";
+ String encrypt = AESUtil.encrypt(t, AESUtil.aesKey);
+ System.out.println(encrypt);
+ System.out.println(AESUtil.aesDecrypt(encrypt, AESUtil.aesKey));
+ }
+}
\ No newline at end of file