Merge remote-tracking branch 'remotes/origin/dev_bugfix_ljj' into dev_temp

# Conflicts:
#	epmet-auth/src/main/java/com/epmet/controller/GovWebController.java
#	epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/utils/RSASignature.java

epmet-auth/src/main/java/com/epmet/controller/GovWebController.java

@@ -1,19 +1,22 @@
 package com.epmet.controller;
 
+import com.epmet.commons.tools.utils.RSASignature;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.commons.tools.validator.ValidatorUtils;
 import com.epmet.dto.form.GovWebLoginFormDTO;
 import com.epmet.dto.result.UserTokenResultDTO;
 import com.epmet.service.GovWebService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+
 /**
- * @Description PC工作端-登陆服务
  * @author sun
+ * @Description PC工作端-登陆服务
  */
 @RestController
 @RequestMapping("govweb")
@@ -21,7 +24,10 @@ public class GovWebController {
 
     @Autowired
     private GovWebService govWebService;
-
+    @Value("${epmet.login.publicKey}")
+    private String publicKey;
+    @Value("${epmet.login.privateKey}")
+    private String privateKey;
 
     /**
      * @param formDTO
@@ -32,8 +38,30 @@ public class GovWebController {
     @PostMapping("login")
     public Result<UserTokenResultDTO> workLogin(@RequestBody GovWebLoginFormDTO formDTO) {
         ValidatorUtils.validateEntity(formDTO);
+
+        try {
+            if (formDTO.getPassword().length() > 50) {
+                String newPassword = RSASignature.decryptByPrivateKey(formDTO.getPassword(), privateKey);
+                formDTO.setPassword(newPassword);
+            }
+
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
         return new Result<UserTokenResultDTO>().ok(govWebService.login(formDTO));
     }
 
+    /**
+     * desc: 获取前端密码加密 公钥
+     *
+     * @return com.epmet.commons.tools.utils.Result
+     * @author LiuJanJun
+     * @date 2021/3/8 5:07 下午
+     */
+    @PostMapping("getKey")
+    public Result<String> getPubKey() {
+        return new Result().ok(publicKey);
+    }
+
 
 }

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/utils/RSASignature.java

@@ -0,0 +1,251 @@
+package com.epmet.commons.tools.utils;
+
+import javax.crypto.Cipher;
+import java.security.*;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.Base64;
+
+/**
+ * @author jianjun liu
+ * @date 2020-06-05 16:48
+ **/
+
+public class RSASignature {
+
+
+    //非对称密钥算法
+    private static final String KEY_ALGORITHM = "RSA";
+    //密钥长度，在512到65536位之间，建议不要太长，否则速度很慢，生成的加密数据很长
+    private static final int KEY_SIZE = 512;
+    //字符编码
+    private static final String CHARSET = "UTF-8";
+
+    /**
+     * 生成密钥对
+     *
+     * @return KeyPair 密钥对
+     */
+    public static KeyPair getKeyPair() throws Exception {
+        return getKeyPair(null);
+    }
+
+    /**
+     * 生成密钥对
+     *
+     * @param password 生成密钥对的密码
+     * @return
+     * @throws Exception
+     */
+    public static KeyPair getKeyPair(String password) throws Exception {
+        //实例化密钥生成器
+        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM);
+        //初始化密钥生成器
+        if (password == null) {
+            keyPairGenerator.initialize(KEY_SIZE);
+        } else {
+            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
+            secureRandom.setSeed(password.getBytes(CHARSET));
+            keyPairGenerator.initialize(KEY_SIZE, secureRandom);
+        }
+        //生成密钥对
+        return keyPairGenerator.generateKeyPair();
+    }
+
+    /**
+     * 取得私钥
+     *
+     * @param keyPair 密钥对
+     * @return byte[] 私钥
+     */
+    public static byte[] getPrivateKeyBytes(KeyPair keyPair) {
+        return keyPair.getPrivate().getEncoded();
+    }
+
+    /**
+     * 取得Base64编码的私钥
+     *
+     * @param keyPair 密钥对
+     * @return String Base64编码的私钥
+     */
+    public static String getPrivateKey(KeyPair keyPair) {
+        return Base64.getEncoder().encodeToString(getPrivateKeyBytes(keyPair));
+    }
+
+    /**
+     * 取得公钥
+     *
+     * @param keyPair 密钥对
+     * @return byte[] 公钥
+     */
+    public static byte[] getPublicKeyBytes(KeyPair keyPair) {
+        return keyPair.getPublic().getEncoded();
+    }
+
+    /**
+     * 取得Base64编码的公钥
+     *
+     * @param keyPair 密钥对
+     * @return String Base64编码的公钥
+     */
+    public static String getPublicKey(KeyPair keyPair) {
+        return Base64.getEncoder().encodeToString(getPublicKeyBytes(keyPair));
+    }
+
+    /**
+     * 私钥加密
+     *
+     * @param data       待加密数据
+     * @param privateKey 私钥字节数组
+     * @return byte[] 加密数据
+     */
+    public static byte[] encryptByPrivateKey(byte[] data, byte[] privateKey) throws Exception {
+        //实例化密钥工厂
+        KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
+        //生成私钥
+        PrivateKey key = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(privateKey));
+        //数据加密
+        Cipher cipher = Cipher.getInstance(KEY_ALGORITHM);
+        cipher.init(Cipher.ENCRYPT_MODE, key);
+        return cipher.doFinal(data);
+    }
+
+    /**
+     * 私钥加密
+     *
+     * @param data       待加密数据
+     * @param privateKey Base64编码的私钥
+     * @return String Base64编码的加密数据
+     */
+    public static String encryptByPrivateKey(String data, String privateKey) throws Exception {
+        byte[] key = Base64.getDecoder().decode(privateKey);
+        return Base64.getEncoder().encodeToString(encryptByPrivateKey(data.getBytes(CHARSET), key));
+    }
+
+    /**
+     * 公钥加密
+     *
+     * @param data      待加密数据
+     * @param publicKey 公钥字节数组
+     * @return byte[] 加密数据
+     */
+    public static byte[] encryptByPublicKey(byte[] data, byte[] publicKey) throws Exception {
+        //实例化密钥工厂
+        KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
+        //生成公钥
+        PublicKey key = keyFactory.generatePublic(new X509EncodedKeySpec(publicKey));
+        //数据加密
+        Cipher cipher = Cipher.getInstance(KEY_ALGORITHM);
+        cipher.init(Cipher.ENCRYPT_MODE, key);
+        return cipher.doFinal(data);
+    }
+
+    /**
+     * 公钥加密
+     *
+     * @param data      待加密数据
+     * @param publicKey Base64编码的公钥
+     * @return String Base64编码的加密数据
+     */
+    public static String encryptByPublicKey(String data, String publicKey) throws Exception {
+        byte[] key = Base64.getDecoder().decode(publicKey);
+        return Base64.getEncoder().encodeToString(encryptByPublicKey(data.getBytes(CHARSET), key));
+    }
+
+    /**
+     * 私钥解密
+     *
+     * @param data       待解密数据
+     * @param privateKey 私钥字节数组
+     * @return byte[] 解密数据
+     */
+    public static byte[] decryptByPrivateKey(byte[] data, byte[] privateKey) throws Exception {
+        //实例化密钥工厂
+        KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
+        //生成私钥
+        PrivateKey key = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(privateKey));
+        //数据解密
+        Cipher cipher = Cipher.getInstance(KEY_ALGORITHM);
+        cipher.init(Cipher.DECRYPT_MODE, key);
+        return cipher.doFinal(data);
+    }
+
+    /**
+     * 私钥解密
+     *
+     * @param data       Base64编码的待解密数据
+     * @param privateKey Base64编码的私钥
+     * @return String 解密数据
+     */
+    public static String decryptByPrivateKey(String data, String privateKey) throws Exception {
+        byte[] key = Base64.getDecoder().decode(privateKey);
+        return new String(decryptByPrivateKey(Base64.getDecoder().decode(data), key), CHARSET);
+    }
+
+    /**
+     * 公钥解密
+     *
+     * @param data      待解密数据
+     * @param publicKey 公钥字节数组
+     * @return byte[] 解密数据
+     */
+    public static byte[] decryptByPublicKey(byte[] data, byte[] publicKey) throws Exception {
+        //实例化密钥工厂
+        KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
+        //产生公钥
+        PublicKey key = keyFactory.generatePublic(new X509EncodedKeySpec(publicKey));
+        //数据解密
+        Cipher cipher = Cipher.getInstance(KEY_ALGORITHM);
+        cipher.init(Cipher.DECRYPT_MODE, key);
+        return cipher.doFinal(data);
+    }
+
+    /**
+     * 公钥解密
+     *
+     * @param data      Base64编码的待解密数据
+     * @param publicKey Base64编码的公钥
+     * @return String 解密数据
+     */
+    public static String decryptByPublicKey(String data, String publicKey) throws Exception {
+        byte[] key = Base64.getDecoder().decode(publicKey);
+        return new String(decryptByPublicKey(Base64.getDecoder().decode(data), key), CHARSET);
+    }
+
+    /**
+     * 测试加解密方法
+     *
+     * @param args
+     * @throws Exception
+     */
+    public static void main(String[] args) throws Exception {
+        //生成密钥对，一般生成之后可以放到配置文件中
+        KeyPair keyPair = RSASignature.getKeyPair();
+        //公钥
+        String publicKey = RSASignature.getPublicKey(keyPair);
+        //私钥
+        String privateKey = RSASignature.getPrivateKey(keyPair);
+
+        System.out.println("公钥：\n" + publicKey);
+        System.out.println("私钥：\n" + privateKey);
+
+        String data = "RSA 加解密测试!";
+        {
+            System.out.println("\n===========私钥加密，公钥解密==============");
+            String s1 = RSASignature.encryptByPrivateKey(data, privateKey);
+            System.out.println("加密后的数据:" + s1);
+            String s2 = RSASignature.decryptByPublicKey(s1, publicKey);
+            System.out.println("解密后的数据:" + s2 + "\n\n");
+        }
+        //=====
+        {
+            System.out.println("\n===========公钥加密，私钥解密==============");
+            String s1 = RSASignature.encryptByPublicKey(data, publicKey);
+            System.out.println("加密后的数据:" + s1);
+            String s2 = RSASignature.decryptByPrivateKey(s1, privateKey);
+            System.out.println("解密后的数据:" + s2 + "\n\n");
+        }
+
+    }
+
+}