MyException - 我的异常网
当前位置:我的异常网» 互联网 » java项目中,怎么加密配置文件中的敏感信息

java项目中,怎么加密配置文件中的敏感信息

www.MyException.Cn  网友分享于:2013-01-25  浏览:0次
java项目中,如何加密配置文件中的敏感信息

在日常开发中,我们常常会把一些敏感信息写进*.properties配置文件中,比如数据库密码、redis密码、admin用户的密码甚至系统用户的密码等。

我在某银行做运维时,经常会遇到这样的情况:

银行的系统都是通过堡垒机管理的,应用管理人员理论上不应该知道任何系统用户的密码,只需通过堡垒机,使用只读key或可写key即可登录相应的用户。但在一次偶尔查看应用的配置文件时,我发现应用在调用CD时需要登录系统用户,而用户名和密码均使用明文写在了配置文件中。知道了用户名密码,就可以使用su命令随意切换用户了。诸如此类的还有数据库密码等,均可在配置文件中找到,这在信息安全和权限控制等方面有很大的隐患。

所以出于安全考虑,对配置文件中敏感信息的加密就很有必要了。

不多说了,直接上方法:

  1. 重写PropertyPlaceholderConfigurer 
    import java.io.IOException;
    import java.util.HashMap;
    import java.util.List;
    import java.util.Map;
    import java.util.MissingResourceException;
    import java.util.Properties;
    
    import org.apache.commons.lang3.StringUtils;
    import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
    
    
    public final class PropertiesUtil extends PropertyPlaceholderConfigurer {
        private static final byte[] KEY = {9, -1, 0, 5, 39, 8, 6, 19};
        private static Map<String, String> ctxPropertiesMap;
        private List<String> decryptProperties;
    
        @Override
        protected void loadProperties(Properties props) throws IOException {
            super.loadProperties(props);
            ctxPropertiesMap = new HashMap<String, String>();
            for (Object key : props.keySet()) {
                String keyStr = key.toString();
                String value = props.getProperty(keyStr);
                if (decryptProperties != null && decryptProperties.contains(keyStr)) {
                    value = SecurityUtil.decryptDes(value, KEY);
                    props.setProperty(keyStr, value);
                }
                ctxPropertiesMap.put(keyStr, value);
            }
        }
    
        /**
         * @param decryptPropertiesMap the decryptPropertiesMap to set
         */
        public void setDecryptProperties(List<String> decryptProperties) {
            this.decryptProperties = decryptProperties;
        }
    
        /**
         * Get a value based on key , if key does not exist , null is returned
         * 
         * @param key
         * @return
         */
        public static String getString(String key) {
            try {
                return ctxPropertiesMap.get(key);
            } catch (MissingResourceException e) {
                return null;
            }
        }
    
        /**
         * 根据key获取值
         * 
         * @param key
         * @return
         */
        public static int getInt(String key) {
            return Integer.parseInt(ctxPropertiesMap.get(key));
        }
    
        /**
         * 根据key获取值
         * 
         * @param key
         * @param defaultValue
         * @return
         */
        public static int getInt(String key, int defaultValue) {
            String value = ctxPropertiesMap.get(key);
            if (StringUtils.isBlank(value)) {
                return defaultValue;
            }
            return Integer.parseInt(value);
        }
    
        /**
         * 根据key获取值
         * @param key
         * @param defaultValue
         * @return
         */
        public static boolean getBoolean(String key, boolean defaultValue) {
            String value = ctxPropertiesMap.get(key);
            if (StringUtils.isBlank(value)) {
                return defaultValue;
            }
            return new Boolean(value);
        }
    
        public static void main(String[] args) {
            String encrypt = SecurityUtil.encryptDes("ROOT", KEY);
            System.out.println(encrypt);
            System.out.println(SecurityUtil.decryptDes(encrypt, KEY));
        }
    }
    
     
    public final class SecurityUtil {
    	private SecurityUtil() {
    	}
    
    	public static final String CHARSET = "UTF-8";
    
    	/**
    	 * BASE64解码
    	 * 
    	 * @param key
    	 * @return
    	 * @throws Exception
    	 */
    	public static final byte[] decryptBASE64(String key) {
    		try {
    			return new BASE64Encoder().decode(key);
    		} catch (Exception e) {
    			throw new RuntimeException("解密错误,错误信息:", e);
    		}
    	}
    
    	/**
    	 * BASE64编码
    	 * 
    	 * @param key
    	 * @return
    	 * @throws Exception
    	 */
    	public static final String encryptBASE64(byte[] key) {
    		try {
    			return new BASE64Encoder().encode(key);
    		} catch (Exception e) {
    			throw new RuntimeException("加密错误,错误信息:", e);
    		}
    	}
    
    
    	/**
    	 * 数据解密,算法(DES)
    	 * 
    	 * @param cryptData
    	 *            加密数据
    	 * @return 解密后的数据
    	 */
    	public static final String decryptDes(String cryptData, byte[] key) {
    		String decryptedData = null;
    		try {
    			// 把字符串解码为字节数组,并解密
    			decryptedData = new String(DESCoder.decrypt(decryptBASE64(cryptData), key));
    		} catch (Exception e) {
    			throw new RuntimeException("解密错误,错误信息:", e);
    		}
    		return decryptedData;
    	}
    
    	/**
    	 * 数据加密,算法(DES)
    	 * 
    	 * @param data
    	 *            要进行加密的数据
    	 * @return 加密后的数据
    	 */
    	public static final String encryptDes(String data, byte[] key) {
    		String encryptedData = null;
    		try {
    			// 加密,并把字节数组编码成字符串
    			encryptedData = encryptBASE64(DESCoder.encrypt(data.getBytes(), key));
    		} catch (Exception e) {
    			throw new RuntimeException("加密错误,错误信息:", e);
    		}
    		return encryptedData;
    	}
    
    
    }
     
    import java.io.UnsupportedEncodingException;
    
    /**
     * Hex encoder and decoder. The charset used for certain operation can be set,
     * the default is set in
     * 
     * @author ShenHuaJie
     * @version $Id: Hex.java, v 0.1 2014年3月25日 上午9:39:07 ShenHuaJie Exp $
     */
    public class Hex {
    
    	/***
    	 * Default charset name is {@link CharEncoding#UTF_8}
    	 */
    	public static final String DEFAULT_CHARSET_NAME = "UTF-8";
    
    	/***
    	 * Used to build output as Hex
    	 */
    	private static final char[] DIGITS_LOWER = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd',
    			'e', 'f' };
    
    	/***
    	 * Used to build output as Hex
    	 */
    	private static final char[] DIGITS_UPPER = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D',
    			'E', 'F' };
    
    	/***
    	 * Converts an array of characters representing hexadecimal values into an
    	 * array of bytes of those same values. The returned array will be half the
    	 * length of the passed array, as it takes two characters to represent any
    	 * given byte. An exception is thrown if the passed char array has an odd
    	 * number of elements.
    	 * 
    	 * @param data An array of characters containing hexadecimal digits
    	 * @return A byte array containing binary data decoded from the supplied
    	 *         char array.
    	 * @throws Exception Thrown if an odd number or illegal of characters is
    	 *             supplied
    	 */
    	public static byte[] decodeHex(char[] data) throws Exception {
    
    		int len = data.length;
    
    		if ((len & 0x01) != 0) {
    			throw new Exception("Odd number of characters.");
    		}
    
    		byte[] out = new byte[len >> 1];
    
    		// two characters form the hex value.
    		for (int i = 0, j = 0; j < len; i++) {
    			int f = toDigit(data[j], j) << 4;
    			j++;
    			f = f | toDigit(data[j], j);
    			j++;
    			out[i] = (byte) (f & 0xFF);
    		}
    
    		return out;
    	}
    
    	/***
    	 * Converts an array of bytes into an array of characters representing the
    	 * hexadecimal values of each byte in order. The returned array will be
    	 * double the length of the passed array, as it takes two characters to
    	 * represent any given byte.
    	 * 
    	 * @param data a byte[] to convert to Hex characters
    	 * @return A char[] containing hexadecimal characters
    	 */
    	public static char[] encodeHex(byte[] data) {
    		return encodeHex(data, true);
    	}
    
    	/***
    	 * Converts an array of bytes into an array of characters representing the
    	 * hexadecimal values of each byte in order. The returned array will be
    	 * double the length of the passed array, as it takes two characters to
    	 * represent any given byte.
    	 * 
    	 * @param data a byte[] to convert to Hex characters
    	 * @param toLowerCase <code>true</code> converts to lowercase,
    	 *            <code>false</code> to uppercase
    	 * @return A char[] containing hexadecimal characters
    	 * @since 1.4
    	 */
    	public static char[] encodeHex(byte[] data, boolean toLowerCase) {
    		return encodeHex(data, toLowerCase ? DIGITS_LOWER : DIGITS_UPPER);
    	}
    
    	/***
    	 * Converts an array of bytes into an array of characters representing the
    	 * hexadecimal values of each byte in order. The returned array will be
    	 * double the length of the passed array, as it takes two characters to
    	 * represent any given byte.
    	 * 
    	 * @param data a byte[] to convert to Hex characters
    	 * @param toDigits the output alphabet
    	 * @return A char[] containing hexadecimal characters
    	 * @since 1.4
    	 */
    	protected static char[] encodeHex(byte[] data, char[] toDigits) {
    		int l = data.length;
    		char[] out = new char[l << 1];
    		// two characters form the hex value.
    		for (int i = 0, j = 0; i < l; i++) {
    			out[j++] = toDigits[(0xF0 & data[i]) >>> 4];
    			out[j++] = toDigits[0x0F & data[i]];
    		}
    		return out;
    	}
    
    	/***
    	 * Converts an array of bytes into a String representing the hexadecimal
    	 * values of each byte in order. The returned String will be double the
    	 * length of the passed array, as it takes two characters to represent any
    	 * given byte.
    	 * 
    	 * @param data a byte[] to convert to Hex characters
    	 * @return A String containing hexadecimal characters
    	 * @since 1.4
    	 */
    	public static String encodeHexString(byte[] data) {
    		return new String(encodeHex(data));
    	}
    
    	/***
    	 * Converts a hexadecimal character to an integer.
    	 * 
    	 * @param ch A character to convert to an integer digit
    	 * @param index The index of the character in the source
    	 * @return An integer
    	 * @throws Exception Thrown if ch is an illegal hex character
    	 */
    	protected static int toDigit(char ch, int index) throws Exception {
    		int digit = Character.digit(ch, 16);
    		if (digit == -1) {
    			throw new Exception("Illegal hexadecimal charcter " + ch + " at index " + index);
    		}
    		return digit;
    	}
    
    	private static String charsetName = DEFAULT_CHARSET_NAME;
    
    	/***
    	 * Creates a new codec with the default charset name
    	 * {@link #DEFAULT_CHARSET_NAME}
    	 */
    	public Hex() {
    	}
    
    	/***
    	 * Creates a new codec with the given charset name.
    	 * 
    	 * @param csName the charset name.
    	 * @since 1.4
    	 */
    	public Hex(String csName) {
    		charsetName = csName;
    	}
    
    	/***
    	 * Converts an array of character bytes representing hexadecimal values into
    	 * an array of bytes of those same values. The returned array will be half
    	 * the length of the passed array, as it takes two characters to represent
    	 * any given byte. An exception is thrown if the passed char array has an
    	 * odd number of elements.
    	 * 
    	 * @param array An array of character bytes containing hexadecimal digits
    	 * @return A byte array containing binary data decoded from the supplied
    	 *         byte array (representing characters).
    	 * @throws Exception Thrown if an odd number of characters is supplied to
    	 *             this function
    	 * @see #decodeHex(char[])
    	 */
    	public byte[] decode(byte[] array) throws Exception {
    		try {
    			return decodeHex(new String(array, getCharsetName()).toCharArray());
    		} catch (Exception e) {
    			throw new Exception(e.getMessage(), e);
    		}
    	}
    
    	/***
    	 * Converts a String or an array of character bytes representing hexadecimal
    	 * values into an array of bytes of those same values. The returned array
    	 * will be half the length of the passed String or array, as it takes two
    	 * characters to represent any given byte. An exception is thrown if the
    	 * passed char array has an odd number of elements.
    	 * 
    	 * @param object A String or, an array of character bytes containing
    	 *            hexadecimal digits
    	 * @return A byte array containing binary data decoded from the supplied
    	 *         byte array (representing characters).
    	 * @throws Exception Thrown if an odd number of characters is supplied to
    	 *             this function or the object is not a String or char[]
    	 * @see #decodeHex(char[])
    	 */
    	public Object decode(Object object) throws Exception {
    		try {
    			char[] charArray = object instanceof String ? ((String) object).toCharArray() : (char[]) object;
    			return decodeHex(charArray);
    		} catch (ClassCastException e) {
    			throw new Exception(e.getMessage(), e);
    		}
    	}
    
    	/***
    	 * Converts an array of bytes into an array of bytes for the characters
    	 * representing the hexadecimal values of each byte in order. The returned
    	 * array will be double the length of the passed array, as it takes two
    	 * characters to represent any given byte.
    	 * <p>
    	 * The conversion from hexadecimal characters to the returned bytes is
    	 * performed with the charset named by {@link #getCharsetName()}.
    	 * </p>
    	 * 
    	 * @param array a byte[] to convert to Hex characters
    	 * @return A byte[] containing the bytes of the hexadecimal characters
    	 * @throws IllegalStateException if the charsetName is invalid. This API
    	 *             throws {@link IllegalStateException} instead of
    	 *             {@link Exception} for backward compatibility.
    	 * @see #encodeHex(byte[])
    	 */
    	public static byte[] encode(byte[] array) throws UnsupportedEncodingException {
    		String string = encodeHexString(array);
    		if (string == null) {
    			return null;
    		}
    		return string.getBytes(charsetName);
    	}
    
    	/***
    	 * Converts a String or an array of bytes into an array of characters
    	 * representing the hexadecimal values of each byte in order. The returned
    	 * array will be double the length of the passed String or array, as it
    	 * takes two characters to represent any given byte.
    	 * <p>
    	 * The conversion from hexadecimal characters to bytes to be encoded to
    	 * performed with the charset named by {@link #getCharsetName()}.
    	 * </p>
    	 * 
    	 * @param object a String, or byte[] to convert to Hex characters
    	 * @return A char[] containing hexadecimal characters
    	 * @throws Exception Thrown if the given object is not a String or byte[]
    	 * @see #encodeHex(byte[])
    	 */
    	public Object encode(Object object) throws Exception {
    		try {
    			byte[] byteArray = object instanceof String ? ((String) object).getBytes(getCharsetName())
    					: (byte[]) object;
    			return encodeHex(byteArray);
    		} catch (ClassCastException e) {
    			throw new Exception(e.getMessage(), e);
    		} catch (Exception e) {
    			throw new Exception(e.getMessage(), e);
    		}
    	}
    
    	/***
    	 * Gets the charset name.
    	 * 
    	 * @return the charset name.
    	 * @since 1.4
    	 */
    	public String getCharsetName() {
    		return charsetName;
    	}
    
    	/***
    	 * Returns a string representation of the object, which includes the charset
    	 * name.
    	 * 
    	 * @return a string representation of the object.
    	 */
    	@Override
    	public String toString() {
    		return super.toString() + "[charsetName=" + charsetName + "]";
    	}
    }
    
     
    import java.security.MessageDigest;
    
    /**
     * MD加密组件
     * 
     * @author du
     * @version 1.0
     * @since 1.0
     */
    public abstract class MDCoder {
    
    	/**
    	 * MD2加密
    	 * 
    	 * @param data 待加密数据
    	 * @return byte[] 消息摘要
    	 * @throws Exception
    	 */
    	public static byte[] encodeMD2(byte[] data) throws Exception {
    		// 初始化MessageDigest
    		MessageDigest md = MessageDigest.getInstance("MD2");
    		// 执行消息摘要
    		return md.digest(data);
    	}
    
    	/**
    	 * MD4加密
    	 * 
    	 * @param data 待加密数据
    	 * @return byte[] 消息摘要
    	 * @throws Exception
    	 */
    	public static byte[] encodeMD4(byte[] data) throws Exception {
    		// 初始化MessageDigest
    		MessageDigest md = MessageDigest.getInstance("MD4");
    		// 执行消息摘要
    		return md.digest(data);
    	}
    
    	/**
    	 * MD5加密
    	 * 
    	 * @param data 待加密数据
    	 * @return byte[] 消息摘要
    	 * @throws Exception
    	 */
    	public static byte[] encodeMD5(byte[] data) throws Exception {
    		// 初始化MessageDigest
    		MessageDigest md = MessageDigest.getInstance("MD5");
    		// 执行消息摘要
    		return md.digest(data);
    	}
    
    	/**
    	 * Tiger加密
    	 * 
    	 * @param data 待加密数据
    	 * @return byte[] 消息摘要
    	 * @throws Exception
    	 */
    	public static byte[] encodeTiger(byte[] data) throws Exception {
    		// 初始化MessageDigest
    		MessageDigest md = MessageDigest.getInstance("Tiger");
    		// 执行消息摘要
    		return md.digest(data);
    	}
    
    	/**
    	 * TigerHex加密
    	 * 
    	 * @param data 待加密数据
    	 * @return byte[] 消息摘要
    	 * @throws Exception
    	 */
    	public static String encodeTigerHex(byte[] data) throws Exception {
    		// 执行消息摘要
    		byte[] b = encodeTiger(data);
    		// 做十六进制编码处理
    		return new String(Hex.encode(b));
    	}
    
    	/**
    	 * Whirlpool加密
    	 * 
    	 * @param data 待加密数据
    	 * @return byte[] 消息摘要
    	 * @throws Exception
    	 */
    	public static byte[] encodeWhirlpool(byte[] data) throws Exception {
    		// 初始化MessageDigest
    		MessageDigest md = MessageDigest.getInstance("Whirlpool");
    		// 执行消息摘要
    		return md.digest(data);
    	}
    
    	/**
    	 * WhirlpoolHex加密
    	 * 
    	 * @param data 待加密数据
    	 * @return byte[] 消息摘要
    	 * @throws Exception
    	 */
    	public static String encodeWhirlpoolHex(byte[] data) throws Exception {
    		// 执行消息摘要
    		byte[] b = encodeWhirlpool(data);
    		// 做十六进制编码处理
    		return new String(Hex.encode(b));
    	}
    
    	/**
    	 * GOST3411加密
    	 * 
    	 * @param data 待加密数据
    	 * @return byte[] 消息摘要
    	 * @throws Exception
    	 */
    	public static byte[] encodeGOST3411(byte[] data) throws Exception {
    		// 初始化MessageDigest
    		MessageDigest md = MessageDigest.getInstance("GOST3411");
    		// 执行消息摘要
    		return md.digest(data);
    	}
    
    	/**
    	 * GOST3411Hex加密
    	 * 
    	 * @param data 待加密数据
    	 * @return byte[] 消息摘要
    	 * @throws Exception
    	 */
    	public static String encodeGOST3411Hex(byte[] data) throws Exception {
    		// 执行消息摘要
    		byte[] b = encodeGOST3411(data);
    		// 做十六进制编码处理
    		return new String(Hex.encode(b));
    	}
    }
    
     
    import java.security.InvalidKeyException;
    import java.security.Key;
    import java.security.NoSuchAlgorithmException;
    import java.security.SecureRandom;
    import java.security.spec.InvalidKeySpecException;
    
    import javax.crypto.BadPaddingException;
    import javax.crypto.Cipher;
    import javax.crypto.IllegalBlockSizeException;
    import javax.crypto.KeyGenerator;
    import javax.crypto.NoSuchPaddingException;
    import javax.crypto.SecretKey;
    import javax.crypto.SecretKeyFactory;
    import javax.crypto.spec.DESKeySpec;
    
    /**
     * DES安全编码组件
     * 
     * @author du
     * @version 1.0
     * @since 1.0
     */
    public abstract class DESCoder {
    
    	/**
    	 * 密钥算法 <br>
    	 * Java 6 只支持56bit密钥 <br>
    	 * Bouncy Castle 支持64bit密钥
    	 */
    	public static final String KEY_ALGORITHM = "DES";
    
    	/**
    	 * 加密/解密算法 / 工作模式 / 填充方式
    	 */
    	public static final String CIPHER_ALGORITHM = "DES/ECB/PKCS5PADDING";
    
    	/**
    	 * 转换密钥
    	 * 
    	 * @param key 二进制密钥
    	 * @return Key 密钥
    	 * @throws InvalidKeyException
    	 * @throws NoSuchAlgorithmException
    	 * @throws InvalidKeySpecException
    	 * @throws Exception
    	 */
    	private static Key toKey(byte[] key) throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException {
    		// 实例化DES密钥材料
    		DESKeySpec dks = new DESKeySpec(key);
    		// 实例化秘密密钥工厂
    		SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(KEY_ALGORITHM);
    		// 生成秘密密钥
    		SecretKey secretKey = keyFactory.generateSecret(dks);
    		return secretKey;
    	}
    
    	/**
    	 * 解密
    	 * 
    	 * @param data 待解密数据
    	 * @param key 密钥
    	 * @return byte[] 解密数据
    	 * @throws InvalidKeySpecException
    	 * @throws NoSuchAlgorithmException
    	 * @throws InvalidKeyException
    	 * @throws NoSuchPaddingException
    	 * @throws BadPaddingException
    	 * @throws IllegalBlockSizeException
    	 * @throws Exception
    	 */
    	public static byte[] decrypt(byte[] data, byte[] key) throws InvalidKeyException, NoSuchAlgorithmException,
    			InvalidKeySpecException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException {
    		// 还原密钥
    		Key k = toKey(key);
    		// 实例化
    		Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
    		// 初始化,设置为解密模式
    		cipher.init(Cipher.DECRYPT_MODE, k);
    		// 执行操作
    		return cipher.doFinal(data);
    	}
    
    	/**
    	 * 加密
    	 * 
    	 * @param data 待加密数据
    	 * @param key 密钥
    	 * @return byte[] 加密数据
    	 * @throws NoSuchPaddingException
    	 * @throws NoSuchAlgorithmException
    	 * @throws InvalidKeyException
    	 * @throws BadPaddingException
    	 * @throws IllegalBlockSizeException
    	 * @throws InvalidKeySpecException
    	 * @throws Exception
    	 */
    	public static byte[] encrypt(byte[] data, byte[] key) throws NoSuchAlgorithmException, NoSuchPaddingException,
    			InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidKeySpecException {
    		// 还原密钥
    		Key k = toKey(key);
    		// 实例化
    		Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
    		// 初始化,设置为加密模式
    		cipher.init(Cipher.ENCRYPT_MODE, k);
    		// 执行操作
    		return cipher.doFinal(data);
    	}
    
    	/**
    	 * 生成密钥 <br>
    	 * Java 6 只支持56bit密钥 <br>
    	 * Bouncy Castle 支持64bit密钥 <br>
    	 * 
    	 * @return byte[] 二进制密钥
    	 * @throws NoSuchAlgorithmException
    	 * @throws Exception
    	 */
    	public static byte[] initKey() throws NoSuchAlgorithmException {
    		/*
    		 * 实例化密钥生成器
    		 * 
    		 * 若要使用64bit密钥注意替换 将下述代码中的KeyGenerator.getInstance(CIPHER_ALGORITHM);
    		 * 替换为KeyGenerator.getInstance(CIPHER_ALGORITHM, "BC");
    		 */
    		KeyGenerator kg = KeyGenerator.getInstance(KEY_ALGORITHM);
    		/*
    		 * 初始化密钥生成器 若要使用64bit密钥注意替换 将下述代码kg.init(56); 替换为kg.init(64);
    		 */
    		kg.init(56, new SecureRandom());
    		// 生成秘密密钥
    		SecretKey secretKey = kg.generateKey();
    		// 获得密钥的二进制编码形式
    		return secretKey.getEncoded();
    	}
    }
    
     
    import java.io.ByteArrayInputStream;
    import java.io.ByteArrayOutputStream;
    import java.io.IOException;
    import java.io.InputStream;
    import java.io.OutputStream;
    import java.io.PushbackInputStream;
    
    /**
     * 密码器类
     * 
     * @author du
     * @since 2017-11-19
     */
    public class BASE64Encoder {
    
        /**
         * 译码数据源
         */
        private static final char[] PEM_ARRAY = {
            // 0  1   2   3    4    5    6    7
            'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', // 0
            'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', // 1
            'q', 'r', 's', 't', 'u', 'v', 'w', 'x', // 2
            'y', 'z', '1', '2', '3', '4', '5', '6', // 3
            '7', '8', '9', '0', 'A', 'B', 'C', 'D', // 4
            'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', // 5
            'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', // 6
            'U', 'V', 'W', 'X', 'Y', 'Z', '+', '/' // 7
        };
    
        private static final byte[] pem_convert_array = new byte[256];
    
        private byte[] decode_buffer = new byte[4];
    
        public BASE64Encoder() {
        }
    
        /**
         * 编码
         */
        public String encode(byte[] bt) {
            int totalBits = bt.length * 8;
            int nn = totalBits % 6;
            int curPos = 0;// process bits
            StringBuilder toReturn = new StringBuilder(32);
            while (curPos < totalBits) {
                int bytePos = curPos / 8;
                switch (curPos % 8) {
                case 0:
                    toReturn.append(PEM_ARRAY[(bt[bytePos] & 0xfc) >> 2]);
                    break;
                case 2:
                    toReturn.append(PEM_ARRAY[(bt[bytePos] & 0x3f)]);
                    break;
                case 4:
                    if (bytePos == bt.length - 1) {
                        toReturn.append(PEM_ARRAY[((bt[bytePos] & 0x0f) << 2) & 0x3f]);
                    } else {
                        int pos = (((bt[bytePos] & 0x0f) << 2) | ((bt[bytePos + 1] & 0xc0) >> 6)) & 0x3f;
                        toReturn.append(PEM_ARRAY[pos]);
                    }
                    break;
                case 6:
                    if (bytePos == bt.length - 1) {
                        toReturn.append(PEM_ARRAY[((bt[bytePos] & 0x03) << 4) & 0x3f]);
                    } else {
                        int pos = (((bt[bytePos] & 0x03) << 4) | ((bt[bytePos + 1] & 0xf0) >> 4)) & 0x3f;
                        toReturn.append(PEM_ARRAY[pos]);
                    }
                    break;
                default:
                    break;
                }
                curPos += 6;
            }
            if (nn == 2) {
                toReturn.append("==");
            } else if (nn == 4) {
                toReturn.append("=");
            }
            return toReturn.toString();
        }
    
        /**
         * 解码
         */
        public byte[] decode(String str) throws IOException {
            byte[] arrayOfByte = str.getBytes();
            ByteArrayInputStream inputStream = new ByteArrayInputStream(arrayOfByte);
            ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
            decodeBuffer(inputStream, outputStream);
            return outputStream.toByteArray();
        }
    
        private void decodeBuffer(InputStream paramInputStream, OutputStream paramOutputStream) throws IOException {
            PushbackInputStream localPushbackInputStream = new PushbackInputStream(paramInputStream);
            int j = 0;
            while (true) {
                try {
                    int k = bytesPerLine();
                    int i = 0;
                    if (i + bytesPerAtom() < k) {
                        decodeAtom(localPushbackInputStream, paramOutputStream, bytesPerAtom());
                        j += bytesPerAtom();
                        i += bytesPerAtom();
                        continue;
                    }
    
                    if (i + bytesPerAtom() == k) {
                        decodeAtom(localPushbackInputStream, paramOutputStream, bytesPerAtom());
                        j += bytesPerAtom();
                    } else {
                        decodeAtom(localPushbackInputStream, paramOutputStream, k - i);
                        j += k - i;
                    }
                } catch (RuntimeException e) {
                    String.valueOf(j);
                    break;
                }
            }
        }
    
        private int bytesPerAtom() {
            return 4;
        }
    
        private int bytesPerLine() {
            return 72;
        }
    
        private void decodeAtom(PushbackInputStream paramPushbackInputStream, OutputStream paramOutputStream, int paramInt)
            throws IOException {
            int i;
            int j = -1;
            int k = -1;
            int m = -1;
            int n = -1;
    
            if (paramInt < 2) {
                throw new java.lang.ArrayStoreException("BASE64Decoder: Not enough bytes for an atom.");
            }
            do {
                i = paramPushbackInputStream.read();
                if (i == -1) {
                    throw new RuntimeException();
                }
            } while ((i == 10) || (i == 13));
            this.decode_buffer[0] = (byte)i;
    
            i = readFully(paramPushbackInputStream, this.decode_buffer, 1, paramInt - 1);
            if (i == -1) {
                throw new RuntimeException();
            }
    
            if ((paramInt > 3) && (this.decode_buffer[3] == 61)) {
                paramInt = 3;
            }
            if ((paramInt > 2) && (this.decode_buffer[2] == 61)) {
                paramInt = 2;
            }
            switch (paramInt) {
            case 4:
                n = pem_convert_array[(this.decode_buffer[3] & 0xFF)];
            case 3:
                m = pem_convert_array[(this.decode_buffer[2] & 0xFF)];
            case 2:
                k = pem_convert_array[(this.decode_buffer[1] & 0xFF)];
                j = pem_convert_array[(this.decode_buffer[0] & 0xFF)];
            }
    
            switch (paramInt) {
            case 2:
                paramOutputStream.write((byte)(j << 2 & 0xFC | k >>> 4 & 0x3));
                break;
            case 3:
                paramOutputStream.write((byte)(j << 2 & 0xFC | k >>> 4 & 0x3));
                paramOutputStream.write((byte)(k << 4 & 0xF0 | m >>> 2 & 0xF));
                break;
            case 4:
                paramOutputStream.write((byte)(j << 2 & 0xFC | k >>> 4 & 0x3));
                paramOutputStream.write((byte)(k << 4 & 0xF0 | m >>> 2 & 0xF));
                paramOutputStream.write((byte)(m << 6 & 0xC0 | n & 0x3F));
            }
        }
    
        private int readFully(InputStream paramInputStream, byte[] paramArrayOfByte, int paramInt1, int paramInt2)
            throws IOException {
            for (int i = 0; i < paramInt2; i++) {
                int j = paramInputStream.read();
                if (j == -1) {
                    return i == 0 ? -1 : i;
                }
                paramArrayOfByte[(i + paramInt1)] = (byte)j;
            }
            return paramInt2;
        }
    
        static {
            for (int i = 0; i < 255; i++) {
                pem_convert_array[i] = -1;
            }
            for (int i = 0; i < PEM_ARRAY.length; i++)
                pem_convert_array[PEM_ARRAY[i]] = (byte)i;
        }
    }
    
     
  2. 加密敏感信息:

    执行PropertiesUtil类中的main方法:

        public static void main(String[] args) {//ROOT为要加密的明文
            String encrypt = SecurityUtil.encryptDes("ROOT", KEY);
            System.out.println(encrypt);
            System.out.println(SecurityUtil.decryptDes(encrypt, KEY));
        }
     此处加密数据库密码,假设数据库密码为ROOT

     

  3. 配置文件中该明文为密文:
    db.writer.username=root
    db.writer.password=9u7x63ZJmcy=
     
  4. 在spring配置文件中引入配置:
    	<!-- 引入属性文件 -->
    	<bean class="com.ds.core.util.PropertiesUtil">
    		<property name="systemPropertiesModeName" value="SYSTEM_PROPERTIES_MODE_OVERRIDE" />
    		<property name="ignoreResourceNotFound" value="true" />
    		<property name="locations">
    			<list>
    				<value>classpath:config/jdbc.properties</value>
    			</list>
    		</property>
    		<property name="decryptProperties">
    			<array>
    				<!-- 需要解密的配置 -->
    				<value>db.writer.password</value>
    			</array>
    		</property>
    	</bean>
     

 搞定!酷

文章评论

Java程序员必看电影
Java程序员必看电影
如何区分一个程序员是“老手“还是“新手“?
如何区分一个程序员是“老手“还是“新手“?
Java 与 .NET 的平台发展之争
Java 与 .NET 的平台发展之争
那些争议最大的编程观点
那些争议最大的编程观点
为啥Android手机总会越用越慢?
为啥Android手机总会越用越慢?
Web开发者需具备的8个好习惯
Web开发者需具备的8个好习惯
初级 vs 高级开发者 哪个性价比更高?
初级 vs 高级开发者 哪个性价比更高?
当下全球最炙手可热的八位少年创业者
当下全球最炙手可热的八位少年创业者
“懒”出效率是程序员的美德
“懒”出效率是程序员的美德
2013年美国开发者薪资调查报告
2013年美国开发者薪资调查报告
十大编程算法助程序员走上高手之路
十大编程算法助程序员走上高手之路
程序员都该阅读的书
程序员都该阅读的书
老美怎么看待阿里赴美上市
老美怎么看待阿里赴美上市
中美印日四国程序员比较
中美印日四国程序员比较
科技史上最臭名昭著的13大罪犯
科技史上最臭名昭著的13大罪犯
10个调试和排错的小建议
10个调试和排错的小建议
什么才是优秀的用户界面设计
什么才是优秀的用户界面设计
5款最佳正则表达式编辑调试器
5款最佳正则表达式编辑调试器
代码女神横空出世
代码女神横空出世
程序员最害怕的5件事 你中招了吗?
程序员最害怕的5件事 你中招了吗?
程序员应该关注的一些事儿
程序员应该关注的一些事儿
程序员的一天:一寸光阴一寸金
程序员的一天:一寸光阴一寸金
写给自己也写给你 自己到底该何去何从
写给自己也写给你 自己到底该何去何从
旅行,写作,编程
旅行,写作,编程
程序员周末都喜欢做什么?
程序员周末都喜欢做什么?
程序猿的崛起——Growth Hacker
程序猿的崛起——Growth Hacker
10个帮程序员减压放松的网站
10个帮程序员减压放松的网站
Google伦敦新总部 犹如星级庄园
Google伦敦新总部 犹如星级庄园
亲爱的项目经理,我恨你
亲爱的项目经理,我恨你
老程序员的下场
老程序员的下场
看13位CEO、创始人和高管如何提高工作效率
看13位CEO、创始人和高管如何提高工作效率
如何成为一名黑客
如何成为一名黑客
团队中“技术大拿”并非越多越好
团队中“技术大拿”并非越多越好
程序员的鄙视链
程序员的鄙视链
我的丈夫是个程序员
我的丈夫是个程序员
一个程序员的时间管理
一个程序员的时间管理
程序员必看的十大电影
程序员必看的十大电影
那些性感的让人尖叫的程序员
那些性感的让人尖叫的程序员
程序员眼里IE浏览器是什么样的
程序员眼里IE浏览器是什么样的
我是如何打败拖延症的
我是如何打败拖延症的
程序员和编码员之间的区别
程序员和编码员之间的区别
2013年中国软件开发者薪资调查报告
2013年中国软件开发者薪资调查报告
60个开发者不容错过的免费资源库
60个开发者不容错过的免费资源库
鲜为人知的编程真相
鲜为人知的编程真相
编程语言是女人
编程语言是女人
要嫁就嫁程序猿—钱多话少死的早
要嫁就嫁程序猿—钱多话少死的早
每天工作4小时的程序员
每天工作4小时的程序员
聊聊HTTPS和SSL/TLS协议
聊聊HTTPS和SSL/TLS协议
不懂技术不要对懂技术的人说这很容易实现
不懂技术不要对懂技术的人说这很容易实现
软件开发程序错误异常ExceptionCopyright © 2009-2015 MyException 版权所有