diff --git a/auth/api/src/main/java/com/tencent/supersonic/auth/api/authentication/config/AuthenticationConfig.java b/auth/api/src/main/java/com/tencent/supersonic/auth/api/authentication/config/AuthenticationConfig.java index f1a9db1fa..2a652380c 100644 --- a/auth/api/src/main/java/com/tencent/supersonic/auth/api/authentication/config/AuthenticationConfig.java +++ b/auth/api/src/main/java/com/tencent/supersonic/auth/api/authentication/config/AuthenticationConfig.java @@ -1,12 +1,13 @@ package com.tencent.supersonic.auth.api.authentication.config; +import lombok.Data; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Configuration; + import java.util.Arrays; import java.util.Map; import java.util.stream.Collectors; -import lombok.Data; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Configuration; @Data @Configuration @@ -24,7 +25,8 @@ public class AuthenticationConfig { @Value("${authentication.token.default.appKey:supersonic}") private String tokenDefaultAppKey; - @Value("${authentication.token.appSecret:supersonic:secret}") + @Value("${authentication.token.appSecret:supersonic:WIaO9YRRVt+7QtpPvyWsARFngnEcbaKBk" + + "783uGFwMrbJBaochsqCH62L4Kijcb0sZCYoSsiKGV/zPml5MnZ3uQ==}") private String tokenAppSecret; @Value("${authentication.token.http.header.key:Authorization}") diff --git a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/adaptor/DefaultUserAdaptor.java b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/adaptor/DefaultUserAdaptor.java index 902ae155c..8251ca5a7 100644 --- a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/adaptor/DefaultUserAdaptor.java +++ b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/adaptor/DefaultUserAdaptor.java @@ -12,9 +12,10 @@ import com.tencent.supersonic.auth.authentication.persistence.repository.UserRep import com.tencent.supersonic.auth.authentication.utils.AESEncryptionUtil; import com.tencent.supersonic.auth.authentication.utils.UserTokenUtils; import com.tencent.supersonic.common.util.ContextUtils; -import javax.servlet.http.HttpServletRequest; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.BeanUtils; + +import javax.servlet.http.HttpServletRequest; import java.util.List; import java.util.Set; import java.util.stream.Collectors; @@ -94,6 +95,7 @@ public class DefaultUserAdaptor implements UserAdaptor { UserWithPassword user = getUserWithPassword(userReq); return userTokenUtils.generateToken(user, request); } catch (Exception e) { + log.error("", e); throw new RuntimeException("password encrypt error, please try again"); } } diff --git a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/utils/AESEncryptionUtil.java b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/utils/AESEncryptionUtil.java index 718e3819b..924793083 100644 --- a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/utils/AESEncryptionUtil.java +++ b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/utils/AESEncryptionUtil.java @@ -1,14 +1,17 @@ package com.tencent.supersonic.auth.authentication.utils; +import lombok.extern.slf4j.Slf4j; + import javax.crypto.Cipher; import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; -import javax.crypto.spec.IvParameterSpec; import java.security.MessageDigest; import java.security.spec.KeySpec; import java.util.Base64; +@Slf4j public class AESEncryptionUtil { private static final String ALGORITHM = "AES/CBC/PKCS5Padding"; @@ -28,24 +31,29 @@ public class AESEncryptionUtil { } public static String encrypt(String password, byte[] salt) throws Exception { - // TODO 固定IV,确保每次加密时使用相同的IV,该值应该安全保管 - byte[] iv = "supersonic@bicom".getBytes(ENCODE); - IvParameterSpec ivParameterSpec = new IvParameterSpec(iv); + try { + // TODO 固定IV,确保每次加密时使用相同的IV,该值应该安全保管 + byte[] iv = "supersonic@bicom".getBytes(ENCODE); + IvParameterSpec ivParameterSpec = new IvParameterSpec(iv); - KeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt, ITERATIONS, KEY_LENGTH); - SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(SECRET_KEY_ALGORITHM); - byte[] keyBytes = keyFactory.generateSecret(keySpec).getEncoded(); - SecretKeySpec secretKeySpec = new SecretKeySpec(keyBytes, "AES"); + KeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt, ITERATIONS, KEY_LENGTH); + SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(SECRET_KEY_ALGORITHM); + byte[] keyBytes = keyFactory.generateSecret(keySpec).getEncoded(); + SecretKeySpec secretKeySpec = new SecretKeySpec(keyBytes, "AES"); - Cipher cipher = Cipher.getInstance(ALGORITHM); - cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivParameterSpec); + Cipher cipher = Cipher.getInstance(ALGORITHM); + cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivParameterSpec); - byte[] encrypted = cipher.doFinal(password.getBytes(ENCODE)); - byte[] combined = new byte[iv.length + encrypted.length]; - System.arraycopy(iv, 0, combined, 0, iv.length); - System.arraycopy(encrypted, 0, combined, iv.length, encrypted.length); + byte[] encrypted = cipher.doFinal(password.getBytes(ENCODE)); + byte[] combined = new byte[iv.length + encrypted.length]; + System.arraycopy(iv, 0, combined, 0, iv.length); + System.arraycopy(encrypted, 0, combined, iv.length, encrypted.length); - return Base64.getEncoder().encodeToString(combined); + return Base64.getEncoder().encodeToString(combined); + } catch (Throwable e) { + log.error("encrypt", e); + throw e; + } } public static String getStringFromBytes(byte[] salt) { diff --git a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/utils/UserTokenUtils.java b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/utils/UserTokenUtils.java index 7b037e824..3e56971d4 100644 --- a/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/utils/UserTokenUtils.java +++ b/auth/authentication/src/main/java/com/tencent/supersonic/auth/authentication/utils/UserTokenUtils.java @@ -12,13 +12,13 @@ import org.apache.commons.lang3.StringUtils; import org.jetbrains.annotations.NotNull; import org.springframework.stereotype.Component; +import javax.crypto.spec.SecretKeySpec; import javax.servlet.http.HttpServletRequest; import java.nio.charset.StandardCharsets; import java.util.Date; import java.util.HashMap; import java.util.Map; -import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_ALGORITHM; import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_CREATE_TIME; import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_IS_ADMIN; import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_PREFIX; @@ -122,6 +122,7 @@ public class UserTokenUtils { .setSigningKey(tokenSecret.getBytes(StandardCharsets.UTF_8)) .build().parseClaimsJws(getTokenString(token)).getBody(); } catch (Exception e) { + log.error("getClaims", e); throw new AccessException("parse user info from token failed :" + token); } return claims; @@ -143,13 +144,12 @@ public class UserTokenUtils { Date expirationDate = new Date(expiration); String tokenSecret = getTokenSecret(appKey); - SignatureAlgorithm.valueOf(TOKEN_ALGORITHM); return Jwts.builder() .setClaims(claims) .setSubject(claims.get(TOKEN_USER_NAME).toString()) .setExpiration(expirationDate) - .signWith(SignatureAlgorithm.valueOf(TOKEN_ALGORITHM), - tokenSecret.getBytes(StandardCharsets.UTF_8)) + .signWith(new SecretKeySpec(tokenSecret.getBytes(StandardCharsets.UTF_8), + SignatureAlgorithm.HS512.getJcaName()), SignatureAlgorithm.HS512) .compact(); } diff --git a/common/src/test/java/com/tencent/supersonic/common/DateUtilsTest.java b/common/src/test/java/com/tencent/supersonic/common/DateUtilsTest.java index f1075bf79..0823a18e6 100644 --- a/common/src/test/java/com/tencent/supersonic/common/DateUtilsTest.java +++ b/common/src/test/java/com/tencent/supersonic/common/DateUtilsTest.java @@ -7,6 +7,7 @@ import org.assertj.core.util.Lists; import org.junit.Assert; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; + import java.util.List; class DateUtilsTest {