最近经手一个项目,不允许明文存储敏感数据(例如车架号、车牌等),可以通过自定义注解和spring-boot切面来实现敏感字段加解密。
用法大致如下:
1、自定义注解
package com.zzz.yyy.annotation;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import java.lang.annotation.*;
/**
* @author: zxy
* @desc: 加在敏感字段字段上,实现自动解密/加密
* @date: 2020/4/29 9:30
*/
@Documented
@Target({
ElementType.FIELD})
@Retention(RetentionPolicy.RUNTIME)
@Order(Ordered.HIGHEST_PRECEDENCE)
public @interface SensitiveField {
}
2、加密解密工具类
package com.zzz.yyy.util
import com.jn.ssr.oms.order.annotation.SensitiveField;
import lombok.extern.slf4j.Slf4j;
import org.springframework.core.annotation.AnnotationUtils;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.lang.reflect.Field;
import java.lang.reflect.ParameterizedType;
import java.lang.reflect.Type;
import java.security.SecureRandom;
import java.util.List;
/**
* AES加密解密工具类
*/
@Slf4j
public class AESUtil {
private static final String defaultCharset = "UTF-8";
private static final String KEY_AES = "AES";
public static final String KEY = "something4u";
/**
* 加密
*
* @param data 需要加密的内容
* @param key 加密密码
* @return
*/
public static String encrypt(String data, String key) {
return doAES(data, key, Cipher.ENCRYPT_MODE);
}
/**
* 解密
*
* @param data 待解密内容
* @param key 解密密钥
* @return
*/
public static String decrypt(String data, String key) {
return doAES(data, key, Cipher.DECRYPT_MODE);
}
/**
* 加解密
*
* @param data 待处理数据
* @param mode 加解密mode
* @return
*/
private static String doAES(String data, String key, int mode) {
try {
if (data == null || "".equals(data) || key == null || "".equals(key)) {
return null;
}
boolean encrypt = mode == Cipher.ENCRYPT_MODE;
byte[] content;
if (encrypt) {
content = data.getBytes(defaultCharset);
} else {
content = parseHexStr2Byte(data);
}
KeyGenerator kgen = KeyGenerator.getInstance(KEY_AES);
kgen.init(128