业务场景
敏感信息(姓名、身份证)存入数据库时应当需要加密,防止被恶意访问数据库时暴露信息。
解决方案
由于项目数据库中间件使用的是Mybatis,所以使用Mybatis中的BaseTypeHandler的一个类型处理器,对数据进行AES加密存入数据
加密方法
package com.cdyl.utils;
import org.apache.commons.lang.StringUtils;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
/**
* @Author: jmx
* @Description: 数据脱敏
* @DateTime: 2021/11/15 16:25
*/
public class DataDesensitizationUtils {
private static final String OTHER_LOGIN_KEY = "8ce87b8ec346ff4c80635f667d1592ae";
/**
* 加密
* @param text
* @return
* @throws Exception
*/
public static String encrypt(String text) {
try {
byte[] plaintext = text.getBytes();
IvParameterSpec ivspec = new IvParameterSpec(OTHER_LOGIN_KEY.substring(16).getBytes());
SecretKeySpec keyspec = new SecretKeySpec(OTHER_LOGIN_KEY.substring(0, 16).getBytes(), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, keyspec, ivspec);
byte[] encrypted = cipher.doFinal(plaintext);
return new BASE64Encoder().encode(encrypted).trim();
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
/**
* 解密
* @param text
* @return
*/
public static String decrypt(String text) {
try {
byte[] encrypted1 = new BASE64Decoder().decodeBuffer(text);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKeySpec keyspec = new SecretKeySpec(OTHER_LOGIN_KEY.substring(0, 16).getBytes(), "AES");
IvParameterSpec ivspec = new IvParameterSpec(OTHER_LOGIN_KEY.substring(16).getBytes());
cipher.init(Cipher.DECRYPT_MODE, keyspec, ivspec);
byte[] original = cipher.doFinal(encrypted1);
String originalString = new String(original);
return originalString.trim();
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
// 手机号码前三后四脱敏
public static String mobileEncrypt(String mobile) {
if (StringUtils.isEmpty(mobile) || (mobile.length() != 11)) {
return mobile;
}
return mobile.replaceAll("(\\d{3})\\d{4}(\\d{4})", "$1****$2");
}
}
实现BaseTypeHandler
package com.cdyl.utils;
import org.apache.commons.lang.StringUtils;
import org.apache.ibatis.type.BaseTypeHandler;
import org.apache.ibatis.type.JdbcType;
import java.sql.CallableStatement;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
/**
* @Author: jmx
* @Description:
* @DateTime: 2021/11/16 14:59
*/
public class AESTypeHandler extends BaseTypeHandler<Object> {
/**
* 非空字段加密
*/
@Override
public void setNonNullParameter(PreparedStatement ps, int i, Object parameter, JdbcType jdbcType) {
try {
if (StringUtils.isBlank((String) parameter)) return;
ps.setString(i, DataDesensitizationUtils.encrypt((String) parameter));
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* 非空字段解密
*/
@Override
public Object getNullableResult(ResultSet rs, String columnName) throws SQLException {
String col = rs.getString(columnName);
try {
if (StringUtils.isBlank(col)) return col;
return DataDesensitizationUtils.decrypt(col);
} catch (Exception e) {
e.printStackTrace();
}
return col;
}
/**
* 可空字段加密
*/
@Override
public Object getNullableResult(ResultSet rs, int columnIndex) throws SQLException {
String col = rs.getString(columnIndex);
try {
if (StringUtils.isBlank(col)) return col;
return DataDesensitizationUtils.encrypt(col);
} catch (Exception e) {
e.printStackTrace();
}
return col;
}
/**
* 可空字段解密
*/
@Override
public Object getNullableResult(CallableStatement cs, int columnIndex) throws SQLException {
String col = cs.getString(columnIndex);
try {
if (StringUtils.isBlank(col)) return col;
return DataDesensitizationUtils.decrypt(col);
} catch (Exception e) {
e.printStackTrace();
}
return col;
}
}
Mapper中使用
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.cx.merchant.data.mapper.sharding.MerchantDetailInfoMapper">
<!--返回模型-->
<resultMap id="BaseResultMap" type="com.jmx.entity.TestEntity">
<result column="real_name" jdbcType="VARCHAR" property="realName" typeHandler="AESTypeHandler"/>
</resultMap>
<!--插入-->
<insert id="insertSelective" parameterType="com.jmx.entity.TestEntity" useGeneratedKeys="true" keyProperty="id">
insert into info
<trim prefix="(" suffix=")" suffixOverrides=",">
real_name,
</trim>
<trim prefix="values (" suffix=")" suffixOverrides=",">
<if test="realName != null">
#{realName,jdbcType=VARCHAR,typeHandler=com.jmx.utils.AESTypeHandler},
</if>
</trim>
</insert>
<!-- 查询 -->
<select id="selectByEntity" parameterType="info" resultMap="BaseResultMap">
select
<include refid="Base_Column_List" />
from info
where 1 = 1
<if test="realName!= null" >
and real_name= #{realName,jdbcType=VARCHAR,typeHandler=com.jmx.utils.AESTypeHandler}
</if>
limit 1
</select>