fix crypto package

Author: xlorne

springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/crypto/MyAES.java

@@ -0,0 +1,45 @@
+package com.codingapi.springboot.security.crypto;
+
+import com.codingapi.springboot.framework.crypto.AES;
+import lombok.SneakyThrows;
+import org.springframework.util.Base64Utils;
+
+import java.nio.charset.StandardCharsets;
+
+public class MyAES {
+
+    private final static MyAES instance = new MyAES();
+
+    private AES aes;
+
+    private MyAES() {
+    }
+
+    void init(AES aes) {
+        this.aes = aes;
+    }
+
+    public static MyAES getInstance() {
+        return instance;
+    }
+
+    @SneakyThrows
+    public String encode(String input)  {
+        return Base64Utils.encodeToString(aes.encrypt(input.getBytes(StandardCharsets.UTF_8)));
+    }
+
+    @SneakyThrows
+    public String decode(String input)  {
+        return new String(aes.decrypt(Base64Utils.decodeFromString(input)),StandardCharsets.UTF_8);
+    }
+
+    @SneakyThrows
+    public byte[] encode(byte[] input)  {
+        return aes.encrypt(input);
+    }
+
+    @SneakyThrows
+    public byte[] decode(byte[] input){
+        return aes.decrypt(input);
+    }
+}

springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/crypto/MyCryptoConfiguration.java

@@ -0,0 +1,21 @@
+package com.codingapi.springboot.security.crypto;
+
+import com.codingapi.springboot.framework.crypto.AES;
+import com.codingapi.springboot.security.properties.SecurityJwtProperties;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.util.Base64Utils;
+
+@Configuration
+public class MyCryptoConfiguration {
+
+    @Bean
+    @ConditionalOnMissingBean
+    public AES aes(SecurityJwtProperties properties) throws Exception {
+        AES aes = new AES(Base64Utils.decodeFromString(properties.getAseKey()), Base64Utils.decodeFromString(properties.getAseIv()));
+        MyAES.getInstance().init(aes);
+        return aes;
+    }
+
+}

springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/filter/MyAuthenticationFilter.java

@@ -43,7 +43,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 
         Token token = jwt.parser(sign);
         if (token.canRestToken()) {
-            Token newSign = jwt.create(token.getUsername(), token.getDecodePassword(), token.getAuthorities());
+            Token newSign = jwt.create(token.getUsername(), token.getDecodeIv(), token.getAuthorities());
             log.info("reset token ");
             response.setHeader(TOKEN_KEY, newSign.getToken());
         }

springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/jwt/Jwt.java

@@ -7,7 +7,6 @@
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.security.Keys;
 
-import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.security.Key;
 import java.util.List;
@@ -24,8 +23,8 @@ public Jwt(String secretKey, int jwtTime, int jwtRestTime) {
         this.jwtRestTime = jwtRestTime;
     }
 
-    public Token create(String username, String password, List<String> authorities) throws IOException {
-        Token token = new Token(username, password, authorities, jwtTime, jwtRestTime);
+    public Token create(String username, String iv, List<String> authorities){
+        Token token = new Token(username, iv, authorities, jwtTime, jwtRestTime);
         String jwt = Jwts.builder().setSubject(token.toJson()).signWith(key).compact();
         token.setToken(jwt);
         return token;

springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/jwt/Token.java

@@ -1,15 +1,14 @@
 package com.codingapi.springboot.security.jwt;
 
-import com.codingapi.springboot.framework.crypto.AESUtils;
 import com.codingapi.springboot.framework.serializable.JsonSerializable;
+import com.codingapi.springboot.security.crypto.MyAES;
 import com.codingapi.springboot.security.exception.TokenExpiredException;
 import lombok.Getter;
 import lombok.Setter;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
 import java.beans.Transient;
-import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
@@ -19,7 +18,7 @@
 public class Token implements JsonSerializable {
 
     private String username;
-    private String certificate;
+    private String iv;
     private String token;
     private List<String> authorities;
     private long expireTime;
@@ -29,9 +28,9 @@ public class Token implements JsonSerializable {
     public Token() {
     }
 
-    public Token(String username, String certificate, List<String> authorities, int expireValue, int remindValue) throws IOException {
+    public Token(String username, String iv, List<String> authorities, int expireValue, int remindValue){
         this.username = username;
-        this.certificate = AESUtils.getInstance().encode(certificate);
+        this.iv = MyAES.getInstance().encode(iv);
         this.authorities = authorities;
         this.expireTime = System.currentTimeMillis() + expireValue;
         this.remindTime = System.currentTimeMillis() + remindValue;
@@ -49,13 +48,13 @@ public boolean isExpire() {
     }
 
 
-    public String getCertificate() {
-        return certificate;
+    public String getIv() {
+        return iv;
     }
 
     @Transient
-    public String getDecodePassword() throws IOException {
-        return AESUtils.getInstance().decode(certificate);
+    public String getDecodeIv(){
+        return MyAES.getInstance().decode(iv);
     }
 
     public boolean canRestToken() {
@@ -69,7 +68,7 @@ public UsernamePasswordAuthenticationToken getAuthenticationToken() {
         for (String authority : authorities) {
             simpleGrantedAuthorities.add(new SimpleGrantedAuthority(authority));
         }
-        return new UsernamePasswordAuthenticationToken(this, certificate, simpleGrantedAuthorities);
+        return new UsernamePasswordAuthenticationToken(this, iv, simpleGrantedAuthorities);
     }
 
 

springboot-starter-security-jwt/src/main/java/com/codingapi/springboot/security/properties/SecurityJwtProperties.java

@@ -7,13 +7,24 @@
 @Getter
 public class SecurityJwtProperties {
 
-
     /**
      * JWT密钥
      * 需大于32位的字符串
      */
     private String jwtSecretKey = "codingapi.security.jwt.secretkey";
 
+
+    /**
+     * aes key
+     */
+    private String aseKey = "QUNEWCQlXiYqJCNYQ1phc0FDRFgkJV4mKiQjWENaYXM=";
+
+    /**
+     * aes iv
+     */
+    private String aseIv = "QUNYRkdIQEVEUyNYQ1phcw==";
+
+
     /**
      * JWT 有效时间(毫秒)
      * 15分钟有效期 1000*60*15=900000

springboot-starter-security-jwt/src/main/resources/META-INF/spring.factories

@@ -1,3 +1,4 @@
 org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
 com.codingapi.springboot.security.configurer.WebSecurityConfigurer,\
+com.codingapi.springboot.security.crypto.MyCryptoConfiguration,\
 com.codingapi.springboot.security.AutoConfiguration

springboot-starter-security-jwt/src/test/java/com/codingapi/springboot/security/jwt/TokenTest.java

@@ -0,0 +1,31 @@
+package com.codingapi.springboot.security.jwt;
+
+import com.codingapi.springboot.security.exception.TokenExpiredException;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+
+import java.util.Collections;
+import java.util.List;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+@SpringBootTest
+class TokenTest {
+
+    @Autowired
+    private Jwt jwt;
+
+    @Test
+    void verify() throws TokenExpiredException {
+        String username = "admin";
+        String iv = "123456";
+        List<String> authorities = Collections.singletonList("ADMIN");
+
+        Token token =jwt.create(username,iv,authorities);
+        token.verify();
+
+        Token data = jwt.parser(token.getToken());
+        assertEquals(data.getDecodeIv(),iv);
+    }
+}

springboot-starter/src/main/java/com/codingapi/springboot/framework/AutoConfiguration.java

@@ -1,26 +1,9 @@
 package com.codingapi.springboot.framework;
 
-import com.codingapi.springboot.framework.crypto.AES;
-import com.codingapi.springboot.framework.properties.BootProperties;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
 @Configuration
 public class AutoConfiguration {
 
 
-    @Bean
-    @ConfigurationProperties(prefix = "codingapi.boot")
-    public BootProperties bootProperties() {
-        return new BootProperties();
-    }
-
-    @Bean
-    @ConditionalOnMissingBean
-    public AES aes(BootProperties properties) {
-        return new AES(properties.getAseKey(), properties.getAseIv());
-    }
-
 }

springboot-starter/src/main/java/com/codingapi/springboot/framework/crypto/AES.java

@@ -1,63 +1,110 @@
 package com.codingapi.springboot.framework.crypto;
 
-import org.apache.commons.crypto.stream.CryptoInputStream;
-import org.apache.commons.crypto.stream.CryptoOutputStream;
-import org.apache.commons.io.IOUtils;
-import org.springframework.util.Base64Utils;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
 import java.io.IOException;
-import java.io.InputStream;
 import java.nio.charset.StandardCharsets;
-import java.util.Properties;
+import java.security.AlgorithmParameters;
+import java.security.Key;
+import java.security.Security;
+import java.util.Random;
 
 public class AES {
 
-    private final SecretKeySpec key;
-    private final IvParameterSpec iv;
-    private final Properties properties;
-    private final String transform;
+    public static final String KEY_ALGORITHM = "AES";
 
-    public AES(String transform, byte[] keys, byte[] iv) {
-        this.key = new SecretKeySpec(keys, "AES");
-        this.iv = new IvParameterSpec(iv);
-        this.properties = new Properties();
-        this.transform = transform;
-        AESUtils.getInstance().init(this);
+    public static final String CIPHER_ALGORITHM = "AES/CBC/PKCS7Padding";
+
+    private final Key key;
+    private final AlgorithmParameters iv;
+    private final String algorithm;
+
+    public AES(String algorithm,Key key,AlgorithmParameters iv){
+        Security.addProvider(new BouncyCastleProvider());
+        this.algorithm = algorithm;
+        this.key = key;
+        this.iv = iv;
+    }
+
+    public AES(String algorithm, int generateKeySize) throws Exception {
+        Security.addProvider(new BouncyCastleProvider());
+        this.algorithm = algorithm;
+        this.key = generateKey(generateKeySize);
+        this.iv = generateIV(randomIv());
+    }
+
+    public AES(String algorithm, byte[] keys, byte[] ivs) throws Exception{
+        Security.addProvider(new BouncyCastleProvider());
+        this.algorithm = algorithm;
+        this.key = convertToKey(keys);
+        this.iv = generateIV(ivs);
+    }
+
+    public AES() throws Exception {
+        this(CIPHER_ALGORITHM,256);
+    }
+
+
+    public AES(int generateKeySize) throws Exception {
+        this(CIPHER_ALGORITHM,generateKeySize);
+    }
+
+    public AES(byte[] keys, byte[] ivs) throws Exception{
+        this(CIPHER_ALGORITHM,keys,ivs);
+    }
+
+    public AES(String key, String iv) throws Exception{
+        this(CIPHER_ALGORITHM,key.getBytes(StandardCharsets.UTF_8),iv.getBytes(StandardCharsets.UTF_8));
     }
 
+    private byte[] randomIv(){
+        Random random = new Random();
+        byte[] bytes = new byte[16];
+        random.nextBytes(bytes);
+        return  bytes;
+    }
 
-    public AES(String key, String iv) {
-        this("AES/CBC/PKCS5Padding", key.getBytes(StandardCharsets.UTF_8), iv.getBytes(StandardCharsets.UTF_8));
+    private SecretKey generateKey(int keySize) throws Exception {
+        KeyGenerator keyGenerator = KeyGenerator.getInstance(KEY_ALGORITHM);
+        keyGenerator.init(keySize);
+        return keyGenerator.generateKey();
     }
 
 
-    public String encode(String input) throws IOException {
-        return Base64Utils.encodeToString(encode(input.getBytes(StandardCharsets.UTF_8)));
+    private AlgorithmParameters generateIV(byte[] ivs) throws Exception {
+        AlgorithmParameters params = AlgorithmParameters.getInstance(KEY_ALGORITHM);
+        params.init(new IvParameterSpec(ivs));
+        return params;
     }
 
-    public String decode(String input) throws IOException {
-        return new String(decode(Base64Utils.decodeFromString(input)), StandardCharsets.UTF_8);
+    private Key convertToKey(byte[] keyBytes){
+        return new SecretKeySpec(keyBytes, KEY_ALGORITHM);
     }
 
+    public byte[] getKey(){
+        return key.getEncoded();
+    }
 
-    public byte[] encode(byte[] input) throws IOException {
-        final ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
-        try (CryptoOutputStream cos = new CryptoOutputStream(transform, properties, outputStream, key, iv)) {
-            cos.write(input);
-            cos.flush();
-        }
-        return outputStream.toByteArray();
+    public byte[] getIv() throws IOException {
+        return iv.getEncoded();
     }
 
-    public byte[] decode(byte[] input) throws IOException {
-        final InputStream inputStream = new ByteArrayInputStream(input);
-        try (CryptoInputStream cis = new CryptoInputStream(transform, properties, inputStream, key, iv)) {
-            return IOUtils.toByteArray(cis);
-        }
+    public byte[] encrypt(byte[] data) throws Exception {
+        Cipher cipher = Cipher.getInstance(algorithm);
+        cipher.init(Cipher.ENCRYPT_MODE, key, iv);
+        return cipher.doFinal(data);
+    }
+
+
+    public byte[] decrypt(byte[] encryptedData) throws Exception {
+        Cipher cipher = Cipher.getInstance(algorithm);
+        cipher.init(Cipher.DECRYPT_MODE, key, iv);
+        return cipher.doFinal(encryptedData);
     }
 
 }