采用DES加密方式对properties配置文件敏感信息加密处理
由于项目的需要,要求对配置文件中的敏感信息进行加密处理,例如数据库用户名密码之类的
处理方式如下:
MyWebConstant
/**
* 对外接口,管理公共常量
* 对应properties中的key值
* @author Administrator
*
*/
public class MyWebConstant {
public static final String JDBC_DATASOURCE_DRIVERCLASSNAME_KEY = "jdbc.driverClassName";
public static final String JDBC_DATASOURCE_URL_KEY = "jdbc.url";
public static final String JDBC_DATASOURCE_USERNAME_KEY = "jdbc.username";
public static final String JDBC_DATASOURCE_PASSWORD_KEY = "jdbc.password";
}EncryptablePropertyPlaceholderConfigurer.java
import java.util.Properties;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.BeanInitializationException;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
/**
* 配置文件解密核心类
* 作为自定义类加到配置文件中,解密使用
* @author Administrator
*
*/
public class EncryptablePropertyPlaceholderConfigurer extends PropertyPlaceholderConfigurer {
protected void processProperties(ConfigurableListableBeanFactory beanFactory, Properties props)
throws BeansException {
try {
// DesEncrypt des = new DesEncrypt();
String username = props.getProperty(MyWebConstant.JDBC_DATASOURCE_USERNAME_KEY);
if (username != null) {
props.setProperty(MyWebConstant.JDBC_DATASOURCE_USERNAME_KEY,
DesEncrypt.decrypt(username, DesEncrypt.PASSWORD_CRYPT_KEY));
}
String password = props.getProperty(MyWebConstant.JDBC_DATASOURCE_PASSWORD_KEY);
if (password != null) {
props.setProperty(MyWebConstant.JDBC_DATASOURCE_PASSWORD_KEY,
DesEncrypt.decrypt(password, DesEncrypt.PASSWORD_CRYPT_KEY));
}
String url = props.getProperty(MyWebConstant.JDBC_DATASOURCE_URL_KEY);
if (url != null) {
props.setProperty(MyWebConstant.JDBC_DATASOURCE_URL_KEY,
DesEncrypt.decrypt(url, DesEncrypt.PASSWORD_CRYPT_KEY));
}
String driverClassName = props.getProperty(MyWebConstant.JDBC_DATASOURCE_DRIVERCLASSNAME_KEY);
if (driverClassName != null) {
props.setProperty(MyWebConstant.JDBC_DATASOURCE_DRIVERCLASSNAME_KEY,
DesEncrypt.decrypt(driverClassName, DesEncrypt.PASSWORD_CRYPT_KEY));
}
super.processProperties(beanFactory, props);
} catch (Exception e) {
e.printStackTrace();
throw new BeanInitializationException(e.getMessage());
}
}
}
DesEncrypt.java
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
/**
* 加密解密核心类
* @author Administrator
*
*/
public class DesEncrypt {
/** 加密、解密key. */
public static final String PASSWORD_CRYPT_KEY = "kEHrDooxWHCWtfeSxvDvgqZq";
/** 加密算法,可用 DES,DESede,Blowfish. */
private final static String ALGORITHM = "DES";
/** 工具,用于加密字符串
* @throws Exception */
public static void main(String[] args) throws Exception {
String md5Password = "jdbc:oracle:thin:@localhost:1521:orcl";
String str = DesEncrypt.encrypt(md5Password);
System.out.println("加密str: " + str);
str = DesEncrypt.decrypt(str,PASSWORD_CRYPT_KEY);
System.out.println("解密str: " + str);
}
/**
* 对用DES加密过的数据进行解密.
* @param data DES加密数据
* @return 返回解密后的数据
* @throws Exception
*/
public final static String decrypt(String data,String key) throws Exception {
return new String(decrypt(hex2byte(data.getBytes()),key.getBytes()));
}
/**
* 对数据进行DES加密.
* @param data 待进行DES加密的数据
* @param key DES加密的key
* @return 返回经过DES加密后的数据
* @throws Exception
*/
public final static String encrypt(String data) throws Exception {
return byte2hex(encrypt(data.getBytes(), PASSWORD_CRYPT_KEY.getBytes()));
}
/**
* 加密.
*/
private static byte[] encrypt(byte[] data, byte[] key) throws Exception {
// DES算法要求有一个可信任的随机数源
SecureRandom sr = new SecureRandom();
// 从原始密匙数据创建DESKeySpec对象
DESKeySpec dks = new DESKeySpec(key);
// 创建一个密匙工厂,然后用它把DESKeySpec转换成
// 一个SecretKey对象
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(ALGORITHM);
SecretKey securekey = keyFactory.generateSecret(dks);
// Cipher对象实际完成加密操作
Cipher cipher = Cipher.getInstance(ALGORITHM);
// 用密匙初始化Cipher对象
cipher.init(Cipher.ENCRYPT_MODE, securekey, sr);
// 现在,获取数据并加密
// 正式执行加密操作
return cipher.doFinal(data);
}
/**
* 解密.
*/
private static byte[] decrypt(byte[] data, byte[] key) throws Exception {
// DES算法要求有一个可信任的随机数源
SecureRandom sr = new SecureRandom();
// 从原始密匙数据创建一个DESKeySpec对象
DESKeySpec dks = new DESKeySpec(key);
// 创建一个密匙工厂,然后用它把DESKeySpec对象转换成
// 一个SecretKey对象
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(ALGORITHM);
SecretKey securekey = keyFactory.generateSecret(dks);
// Cipher对象实际完成解密操作
Cipher cipher = Cipher.getInstance(ALGORITHM);
// 用密匙初始化Cipher对象
cipher.init(Cipher.DECRYPT_MODE, securekey, sr);
// 现在,获取数据并解密
// 正式执行解密操作
return cipher.doFinal(data);
}
public static byte[] hex2byte(byte[] b) {
if ((b.length % 2) != 0)
throw new IllegalArgumentException("长度不是偶数");
byte[] b2 = new byte[b.length / 2];
for (int n = 0; n < b.length; n += 2) {
String item = new String(b, n, 2);
b2[n / 2] = (byte) Integer.parseInt(item, 16);
}
return b2;
}
public static String byte2hex(byte[] b) {
String hs = "";
String stmp = "";
for (int n = 0; n < b.length; n++) {
stmp = (java.lang.Integer.toHexString(b[n] & 0XFF));
if (stmp.length() == 1)
hs = hs + "0" + stmp;
else
hs = hs + stmp;
}
return hs.toUpperCase();
}
}
使用方式:
applicationContext.xml
classpath:jdbc.properties
${jdbc.driverClassName}
${jdbc.url}
${jdbc.username}
${jdbc.password}
则配置文件内容如下
jdbc.properties
databaseType=oracle
jdbc.driverClassName=EEA5BC6768D58CD1D4FD13AFAB68FF8C0175E46D44CF8CB3D8201139F32A6A31
#localhost
#jdbc.url=96B8431EF61A243F563E61B9FB74AB72D3C70E0FE22E09447234A79C0B4BE729C6FC1ABA62E71130
#172.0.0.1
jdbc.url=96B8431EF61A243F563E61B9FB74AB726464B1BB2C5D174A9514EEE48015A87BC6FC1ABA62E71130
jdbc.username=24DDF3AB7770F8A7
jdbc.password=9E81A937B272BB92F3C11AB9447D7D3D