3.SpringBoot+数据库加密连接__springboot 连接数据库

相关文章推荐

至今单身的保温杯 · 微软宣布 Xbox Series X 和 ...· 9 月前 ·

英俊的大象 · 如果你穿越成了病娇反派的白月光怎么办? - 知乎· 1 年前 ·

坚强的啄木鸟 · 阅读器选购篇二：掌阅iReader ...· 1 年前 ·

直爽的开水瓶 · 山东朋克啦啦4s店大全 ...· 1 年前 ·

失落的啄木鸟 · 英媒：特朗普集团长期合作会计公司“临阵倒戈” ...· 1 年前 ·

1.引入依赖

<commons-io.version>2.8.0</commons-io.version>

<dependency>
    <groupId>commons-io</groupId>
    <artifactId>commons-io</artifactId>
    <version>${commons-io.version}</version>
</dependency>

2. 写RSAUtil工具类, 包括3个方法

generateKeyToFile
decryptRSA
encryptRSA

import java.io.File;
import java.nio.charset.Charset;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;

import javax.crypto.Cipher;

import org.apache.commons.io.FileUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;

public class RSAUtil {

  static Logger logger = LoggerFactory.getLogger(RSAUtil.class);

  private static String algorithm = "RSA"; // 加密算法

  /**
   * 生成密钥对并保存在本地文件中
   *
   * @param algorithm : 算法
   * @param pubPath   : 公钥保存路径
   * @param priPath   : 私钥保存路径
   * @throws Exception
   */
  public static void generateKeyToFile(String algorithm, String pubPath, String priPath) {

    try {
      KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(algorithm);

      KeyPair keyPair = keyPairGenerator.generateKeyPair();

      PublicKey publicKey = keyPair.getPublic();
      PrivateKey privateKey = keyPair.getPrivate();

      byte[] publicKeyEncoded = publicKey.getEncoded();
      byte[] privateKeyEncoded = privateKey.getEncoded();

      String publicKeyString = Base64.getEncoder().encodeToString(publicKeyEncoded);
      String privateKeyString = Base64.getEncoder().encodeToString(privateKeyEncoded);
      // 保存公私钥到文件

      FileUtils.writeStringToFile(new File(pubPath), publicKeyString, Charset.forName("UTF-8"));
      FileUtils.writeStringToFile(new File(priPath), privateKeyString, Charset.forName("UTF-8"));
    } catch (Exception e) {
      logger.warn(e.getMessage(), e);
    }

  }

  /**
   * @param privateKey
   * @param encrypted  : 密文
   * @return : 明文
   * @throws Exception
   */
  public static String decryptRSA(String privateKey, String encrypted) {
    try {
      if (!StringUtils.hasText(encrypted)) {
        return "";
      }
      KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
      PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKey));
      // 生成私钥
      PrivateKey key = keyFactory.generatePrivate(spec);

      // 加密
      Cipher cipher = Cipher.getInstance(algorithm);
      cipher.init(Cipher.DECRYPT_MODE, key);
      byte[] decode = Base64.getDecoder().decode(encrypted);
      byte[] bytes1 = cipher.doFinal(decode);
      return new String(bytes1);
    } catch (Exception e) {
      logger.warn(e.getMessage(), e);
      return "";
    }
  }

  /**
   * @param publicKey
   * @param input     : 明文
   * @return :密文
   * @throws Exception
   */
  public static String encryptRSA(String publicKey, String input) throws Exception {
    try {
      if (!StringUtils.hasText(input)) {
        return "";
      }
      KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
      X509EncodedKeySpec spec = new X509EncodedKeySpec(Base64.getDecoder().decode(publicKey));

      PublicKey key = keyFactory.generatePublic(spec);

      // 加密
      Cipher cipher = Cipher.getInstance(algorithm);
      cipher.init(Cipher.ENCRYPT_MODE, key);
      byte[] bytes = cipher.doFinal(input.getBytes());
      return Base64.getEncoder().encodeToString(bytes);
    } catch (Exception e) {
      logger.warn(e.getMessage(), e);
      return "";
    }
  }
}

3. 生成private key, public key,加密url， username, password

调用 RSAUtil.generateKeyToFile() 方法生成private key, public key
调用 RSAUtil.encryptRSA() 把配置文件中的明文url， username, password加密

4.把pulic key, private key 和加密后的url, username, password 写入配置文件

spring.datasource.url=encrypturl
spring.datasource.username=encryptusername
spring.datasource.password=encryptpassword


# RSA public key, private key
encrypt.private-key=        
encrypt.public-key=

5.配置类

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.jdbc.DataSourceBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class DataSourceConfig {

  @Value("${encrypt.private-key}")
  private String privateKey;

  @Value("${spring.datasource.url}")
  String jdbcUrl;

  @Value("${spring.datasource.username}")
  String username;

  @Value("${spring.datasource.password}")
  String password;

  @Bean
  public DataSource getDataSource() throws Exception {
    DataSourceBuilder<?> dataSourceBuilder = DataSourceBuilder.create();

    dataSourceBuilder.url(RSAUtil.decryptRSA(privateKey, jdbcUrl));
    dataSourceBuilder.username(RSAUtil.decryptRSA(privateKey, username));
    dataSourceBuilder.password(RSAUtil.decryptRSA(privateKey, password));

    return dataSourceBuilder.build();
  }
}