背景:很多时候我们的数据库连接的配置都是明文放在配置文件中,这样缺乏安全性,所以数据库密码就需要加密保存。
准备工作
在druid jar 包所在的文件夹下运行druid jar包,获取加密后的密码(password), 数据库密码公钥(publickey)
打开命令窗口,执行:java -cp druid-1.1.2.jar com.alibaba.druid.filter.config.ConfigTools XXXXXX (数据库明文密码
获得公钥,秘钥,以及加密后的密码
privateKey:MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAhOqfy7HmtKUQmrpLkwYTnSM+4Mogi6LBMkNAbAF7Tzi1G7jXCn2skAxSOI2TRRVLuWKtpETdRYWxb/ih2vSGdwIDAQABAkAipnvEAXvQahu7Cof7KyFf3LleprL3VBWjgc7AmV5JF3IiR7CF+Q4x6TqrhRKI55ONb0I69EHsvrKaX8GauhwBAiEAwzsL32nQad5zgHqj2svMy+QoO9WKd+AGbCLqbR2+qHcCIQCuShM4bFB6SNaPLBBCJW593q+b1Y2vmMNDL+vg0m6SAQIgI1SILYIkqUQMeu+2v12qTiuX7FwUluT/xIn9CooberkCIDcH8putL5f86apZOmT4VrPtnTsyKcOZE4ZiWjMpnnoBAiEAvAyGK2r6Y6HMoPCQZkIyligNPcqcbim+X6RcsSozplk=
publicKey:MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAITqn8ux5rSlEJq6S5MGE50jPuDKIIuiwTJDQGwBe084tRu41wp9rJAMUjiNk0UVS7liraRE3UWFsW/4odr0hncCAwEAAQ==
password:SqL21NMwvmIf8lN9g88rEnr73x3v0TVVr6FfvWiO77O8yBHDIhSorZCgIq+P3Rfww+3u14wIN4h11X1DnfGTYg==
此时已经获取到加密后的密码,准备工作完成,直接上代码。
注意!!!!!!!!
当密码明文中出现了 "^" 符号时, 不可用命令行进行加密!!!会导致 "^" 符号缺失!!!!!
解决方案:直接通过代码进行加密
try {
//密码明文
String password = "1234^56";
String [] keyPair = ConfigTools.genKeyPair(512);
//私钥
String privateKey = keyPair[0];
//公钥
String publicKey = keyPair[1];
//用私钥加密后的密文
password = ConfigTools.encrypt(privateKey, password);
//验证原名
String decryptPassword=ConfigTools.decrypt(publicKey, password);
System.out.println("[原密码]:"+password);
System.out.println("privateKey:"+privateKey);
System.out.println("publicKey:"+publicKey);
System.out.println("password:"+password);
System.out.println("[检验密码]:"+decryptPassword);
} catch (Exception e) {
e.printStackTrace();
}
代码实现
注意:实现数据库加密功能需要自定义注入Bean,若直接构建DruidDataSource会直接根据配置文件进行构建,跳过解密过程。
配置文件:
publicKey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAITqn8ux5rSlEJq6S5MGE50jPuDKIIuiwTJDQGwBe084tRu41wp9rJAMUjiNk0UVS7liraRE3UWFsW/4odr0hncCAwEAAQ==
spring.datasource.druid.one.url=jdbc:mysql://192.168.5.6:3306/test?useUnicode=true&characterEncoding=UTF-8
spring.datasource.druid.one.username=root
spring.datasource.druid.one.password=SqL21NMwvmIf8lN9g88rEnr73x3v0TVVr6FfvWiO77O8yBHDIhSorZCgIq+P3Rfww+3u14wIN4h11X1DnfGTYg==
spring.datasource.druid.one.initialSize=5
spring.datasource.druid.one.minIdle=5
spring.datasource.druid.one.maxActive=20
spring.datasource.druid.one.maxWait=60000
spring.datasource.druid.one.driverClassName=com.mysql.jdbc.Driver
spring.datasource.druid.one.connectionProperties=config.decrypt=true;config.decrypt.key=${publicKey}
spring.datasource.druid.one.filters=config,stat,wall,log4j
实现代码:
@Data
@Configuration
@MapperScan(basePackageClasses = OneAydenPayRequestLogMapper.class, sqlSessionTemplateRef = "oneTpl")
@ConfigurationProperties("spring.datasource.druid.one")
public class DataSourceOneConf {
private String url;
private String driverClassName;
private String username;
private String password;
private Integer initialSize;
private Integer minIdle;
private Integer maxActive;
private Integer maxWait;
private String connectionProperties;
private String filters;
@Bean("oneDs")
@Primary
public DataSource dataSourceOne(){
DruidDataSource ds = new DruidDataSource();
ds.setUrl(url);
ds.setUsername(username);
ds.setPassword(password);
ds.setDriverClassName(driverClassName);
ds.setInitialSize(initialSize);
ds.setMaxActive(maxActive);
ds.setMaxWait(maxWait);
ds.setMinIdle(minIdle);
ds.setConnectionProperties(connectionProperties);
try {
ds.setFilters(filters);
} catch (SQLException e) {
e.printStackTrace();
}
return ds;
}
}
配置完成!数据库加密保存已经实现。