基于 SpringBoot2.0 和 Druid1.1.16 使用数据库密码密文
基于 SpringBoot2.0 和 Druid1.1.16 使用数据库密码密文
- 前言
- 环境概述
- pom.xml
- 创建秘钥对
- 创建密码密文
- 配置 application.yml
前言
1.数据库密码为什么加密?
答:加密归根结底就是为了安全,加密需要公钥和私钥。
2.公钥和私钥的用途?
答:私钥用于加密,然而公钥用于解密。
环境概述
- SpringBoot 2.0
- Druid 1.1.16
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0modelVersion>
<groupId>testgroupId>
<artifactId>my-appartifactId>
<version>0.0.2-SNAPSHOTversion>
<packaging>jarpackaging>
<parent>
<groupId>org.springframework.bootgroupId>
<artifactId>spring-boot-starter-parentartifactId>
<version>2.0.1.RELEASEversion>
parent>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>joda-timegroupId>
<artifactId>joda-timeartifactId>
<version>${joda-time.version}version>
dependency>
<dependency>
<groupId>org.springframework.cloudgroupId>
<artifactId>spring-cloud-dependenciesartifactId>
<version>Finchley.M7version>
<type>pomtype>
<scope>importscope>
dependency>
dependencies>
dependencyManagement>
<repositories>
<repository>
<id>spring-milestonesid>
<name>Spring Milestonesname>
<url>https://repo.spring.io/libs-milestoneurl>
<snapshots>
<enabled>falseenabled>
snapshots>
repository>
repositories>
<dependencies>
<dependency>
<groupId>org.springframework.bootgroupId>
<artifactId>spring-boot-starterartifactId>
dependency>
<dependency>
<groupId>org.springframework.bootgroupId>
<artifactId>spring-boot-starter-testartifactId>
<scope>testscope>
dependency>
<dependency>
<groupId>org.springframework.bootgroupId>
<artifactId>spring-boot-starter-webartifactId>
dependency>
<dependency>
<groupId>org.springframework.bootgroupId>
<artifactId>spring-boot-starter-tomcatartifactId>
dependency>
<dependency>
<groupId>org.springframework.bootgroupId>
<artifactId>spring-boot-configuration-processorartifactId>
<optional>trueoptional>
dependency>
<dependency>
<groupId>org.springframework.bootgroupId>
<artifactId>spring-boot-starter-aopartifactId>
dependency>
<dependency>
<groupId>com.alibabagroupId>
<artifactId>fastjsonartifactId>
<version>1.2.58version>
dependency>
<dependency>
<groupId>com.alibabagroupId>
<artifactId>druid-spring-boot-starterartifactId>
<version>1.1.16version>
dependency>
dependencies>
project>
创建秘钥对
package test.service.util;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.HashMap;
import java.util.Map;
public class RSAKeysUtil {
private static final String KEY_ALGORITHM = "RSA";
private static final String SIGNATURE_ALGORITHM = "MD5withRSA";
private static final String PUBLIC_KEY = "RSAPublicKey";
private static final String PRIVATE_KEY = "RSAPrivateKey";
/**
* 构建公钥私钥
*
* @param args
*/
public static void main(String[] args) {
Map<String, Object> keyMap;
try {
//初始化密码
keyMap = initKey();
String publicKey = getPublicKey(keyMap);
System.out.println("公钥");
System.out.println(publicKey);
String privateKey = getPrivateKey(keyMap);
System.out.println("私钥");
System.out.println(privateKey);
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* 获取公钥
*
* @param keyMap 秘钥Map集合
* @return 公钥
* @throws Exception 抛出所有可能产生的异常
*/
public static String getPublicKey(Map<String, Object> keyMap) throws Exception {
Key key = (Key) keyMap.get(PUBLIC_KEY);
return encodeBASE64(key.getEncoded());
}
/**
* 获取私钥
*
* @param keyMap 秘钥Map集合
* @return 私钥
* @throws Exception 抛出所有可能产生的异常
*/
public static String getPrivateKey(Map<String, Object> keyMap) throws Exception {
Key key = (Key) keyMap.get(PRIVATE_KEY);
return encodeBASE64(key.getEncoded());
}
/**
* 初始化公钥和私钥,并放入Map集合
*
* @return 公钥和私钥的Map集合
* @throws Exception 抛出所有可能产生的异常
*/
public static Map<String, Object> initKey() throws Exception {
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(KEY_ALGORITHM);
keyPairGen.initialize(1024);
KeyPair keyPair = keyPairGen.generateKeyPair();
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
Map<String, Object> keyMap = new HashMap<String, Object>(2);
keyMap.put(PUBLIC_KEY, publicKey);
keyMap.put(PRIVATE_KEY, privateKey);
return keyMap;
}
/**
* 将字符串秘钥转化为字节数组
*
* @param key 秘钥
* @return 字节数组秘钥
* @throws Exception 抛出所有可能产生的异常
*/
public static byte[] decodeBASE64(String key) throws Exception {
return (new BASE64Decoder()).decodeBuffer(key);
}
/**
* 将字节数组秘钥转化为字符串
*
* @param key 秘钥
* @return String字符串秘钥
* @throws Exception 抛出所有可能产生的异常
*/
public static String encodeBASE64(byte[] key) throws Exception {
return (new BASE64Encoder()).encodeBuffer(key);
}
}
RSAKeysUtil 运行结果
创建密码密文
注意公钥私钥中不要出现转义符号 \n,也就是不要出现回车换行。
package test.service.util;
import com.alibaba.druid.filter.config.ConfigTools;
/**
* Druid工具类
*/
public final class DruidUtils {
/**
* Druid数据库密码加密
*
* @param password 密码
* @param privateKey 私钥
* @return 密码密文
*/
public static String encryption(String password, String privateKey) throws Exception {
return ConfigTools.encrypt(privateKey, password);
}
/**
* Druid数据库密码解密
*
* @param cipherText 密码密文
* @param publicKey 公钥
* @return 密码密文
*/
public static String decrypt(String cipherText, String publicKey) throws Exception {
return ConfigTools.decrypt(publicKey, cipherText);
}
public static void main(String[] args) throws Exception {
//公钥
String publicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDuIDZNLE5pfxtmuDstBHwE73i5mmJT6lD/FoO+" +
"VhW1luyRsxpLfEK9XIy8Gc2S805s2o2KyC16L9DMI/wLe/wM/9MFuy5aXGaZ/8ktaR2miju42tkO" +
"vaVztOyQSsEE3MusYoYanxub8f9E7WeRv2WuimEbTjTJyyDHkgvNuw3hmwIDAQAB";
//私钥
String privateKey = "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAO4gNk0sTml/G2a4Oy0EfATveLma" +
"YlPqUP8Wg75WFbWW7JGzGkt8Qr1cjLwZzZLzTmzajYrILXov0Mwj/At7/Az/0wW7LlpcZpn/yS1p" +
"HaaKO7ja2Q69pXO07JBKwQTcy6xihhqfG5vx/0TtZ5G/Za6KYRtONMnLIMeSC827DeGbAgMBAAEC" +
"gYEAok2IVW92fodpKMk3ZEajNUX3tiHZFTMnQ8aXwxqvr1aQJfq6WGr4nlK/hdHcgWWetaj9QnOQ" +
"M7D1kr6QI0+9idoNI/Kz+tpe8xNEegz7PFQx0Eof3L6MxZPpQY43SgQ5vB08zL9sH7kmSG+fGbDO" +
"lfSwL8kh93JgMXctlk5JUsECQQD7zCRSC023JE3i05WMzIWqxqMjZMkbO1vC+FN/sOiMbzFFMGXH" +
"husGcVLV0i2Tz3TbnVYGHRCRvxKBQ/bLWSl7AkEA8hmnyTN6JA84Pgqf0vq5tLVsqxpY0dGUCRda" +
"yWtEarPavjG4pXDO5czrtsn0YwQRX+qMxY1oPhbDafj5i/5eYQJAbcOS/bTxvulzjnK/2a36gvSu" +
"fypbRKS+nqKT+7EJ3tZF+yxa4fzdjWRvQMirl6iy/11595ZJ9878aR9QgVqv6wJBAJ3To9JCwMlp" +
"Mp0fh/meghoQe/s/fc+q9PrIQuM0DrIQ9fUvrNQNqpOc971+AtfZ+wmwenz/JonzhQk8ylI9TYEC" +
"QGP1wbiEonEGmCfD54JoBA3LqAdVwDitnll0eoiDDxanPukxuBKnBkvnkhUItvDt/xX5Dw/drJLi" +
"s07MqcxOPrs=";
//明文密码
String password = "d@efaX4Wp10";
String encryption = DruidUtils.encryption(password, privateKey);
//打印密文密码
System.out.println(encryption);
//解密密文密码
System.out.println(DruidUtils.decrypt(encryption, publicKey));
}
}
DruidUtils 运行结果
配置 application.yml
druid 密文解密的必要配置参数
1.开启 druid 密码解密功能
spring.datasource.druid.filter.config.enabled = true
2.配置公钥
spring.datasource.druid.connection-properties = config.decrypt=true;config.decrypt.key=公钥
3.配置密文密码
spring.datasource.password = 密文密码
4.配置 Druid 数据源
spring.datasource.type = com.alibaba.druid.pool.DruidDataSource
server:
port: 8000
spring:
application:
name: my-app
datasource:
type: com.alibaba.druid.pool.DruidDataSource
druid:
filter:
config:
enabled: true
connection-properties: config.decrypt=true;config.decrypt.key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDuIDZNLE5pfxtmuDstBHwE73i5mmJT6lD/FoO+VhW1luyRsxpLfEK9XIy8Gc2S805s2o2KyC16L9DMI/wLe/wM/9MFuy5aXGaZ/8ktaR2miju42tkOvaVztOyQSsEE3MusYoYanxub8f9E7WeRv2WuimEbTjTJyyDHkgvNuw3hmwIDAQAB
url: jdbc:sqlserver://192.168.14.137:1433;DatabaseName=mydb
username: SA
password: s1n57TUqudJM2hGu/OtdoVOFNmA93aIUf5W4hjFm2EvMEmrVONCMJ/TDFOIPXBuESzmooOBvtBdii2aTOoVwLEMwKsRR5It/RT9Y1XZsL/QVVCLvh6wBLalHGoM2FyyHPwOxwRuu9Aa6xCw6hHRJvSaQiDe01iUymlg2JuzFyqo=
driver-class-name: com.microsoft.sqlserver.jdbc.SQLServerDriver