Skip to content

Commit

Permalink
feat: 支持国密存储 #1057 (#1061)
Browse files Browse the repository at this point in the history
* feat: 支持国密存储 #1057

* feat: 支持国密存储 #1057

* feat: 支持国密存储 #1057

* feat: 支持国密存储 #1057
  • Loading branch information
owenlxu authored Aug 14, 2023
1 parent 9fdfb62 commit 8c538df
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 10 deletions.
1 change: 1 addition & 0 deletions src/backend/auth/biz-auth/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,5 @@ dependencies {
implementation(project(":common:common-operate:operate-service"))
api(project(":common:common-redis"))
implementation("org.apache.httpcomponents:httpclient")
implementation("com.tencent.bk.sdk:crypto-java-sdk")
}
Original file line number Diff line number Diff line change
Expand Up @@ -281,13 +281,15 @@ class UserServiceImpl constructor(
// conv time
expiredTime = expiredTime!!.plusHours(8)
}
val sm3Id = DataDigestUtils.sm3FromStr(id)
val userToken = Token(name = name, id = id, createdAt = createdTime, expiredAt = expiredTime)
update.addToSet(TUser::tokens.name, userToken)
val dataToken = Token(name = name, id = sm3Id, createdAt = createdTime, expiredAt = expiredTime)
update.addToSet(TUser::tokens.name, dataToken)
mongoTemplate.upsert(query, update, TUser::class.java)
val userInfo = userRepository.findFirstByUserId(userId)
val tokens = userInfo!!.tokens
tokens.forEach {
if (it.name == name) return it
if (it.name == name) return userToken
}
return null
} catch (ignored: DateTimeParseException) {
Expand Down Expand Up @@ -325,8 +327,10 @@ class UserServiceImpl constructor(
return null
}
}
logger.debug("find user userId : [$userId]")
val hashPwd = DataDigestUtils.md5FromStr(pwd)
val query = UserQueryHelper.buildUserPasswordCheck(userId, pwd, hashPwd)
val sm3HashPwd = DataDigestUtils.sm3FromStr(pwd)
val query = UserQueryHelper.buildUserPasswordCheck(userId, pwd, hashPwd, sm3HashPwd)
val result = mongoTemplate.findOne(query, TUser::class.java) ?: run {
return null
}
Expand All @@ -338,9 +342,9 @@ class UserServiceImpl constructor(
// token 匹配成功
result.tokens.forEach {
// 永久token,校验通过,临时token校验有效期
if (UserRequestUtil.matchToken(pwd, hashPwd, it.id) && it.expiredAt == null) {
if (UserRequestUtil.matchToken(pwd, sm3HashPwd, it.id) && it.expiredAt == null) {
return UserRequestUtil.convToUser(result)
} else if (UserRequestUtil.matchToken(pwd, hashPwd, it.id) &&
} else if (UserRequestUtil.matchToken(pwd, sm3HashPwd, it.id) &&
it.expiredAt != null && it.expiredAt!!.isAfter(LocalDateTime.now())
) {
return UserRequestUtil.convToUser(result)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
package com.tencent.bkrepo.auth.util

import java.security.MessageDigest
import com.tencent.bk.sdk.crypto.util.SM3Util

object DataDigestUtils {

Expand All @@ -46,6 +47,11 @@ object DataDigestUtils {
return toHex(result)
}

fun sm3FromStr(str: String): String {
val digest = SM3Util.digest(str.toByteArray())
return toHex(digest)
}

fun md5FromByteArray(byteArr: ByteArray): String {
val digest = MessageDigest.getInstance("MD5")
val result = digest.digest(byteArr)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,14 @@ import org.springframework.data.mongodb.core.query.and

object UserQueryHelper {

fun buildUserPasswordCheck(userId: String, pwd: String, hashPwd: String): Query {
fun buildUserPasswordCheck(userId: String, pwd: String, hashPwd: String, sm3HashPwd: String): Query {
val criteria = Criteria()
criteria.orOperator(
Criteria.where(TUser::pwd.name).`is`(hashPwd),
Criteria.where("tokens.id").`is`(pwd),
Criteria.where("tokens.id").`is`(hashPwd)
Criteria.where("tokens.id").`is`(sm3HashPwd)
).and(TUser::userId.name).`is`(userId)
return Query.query(criteria)
return query(criteria)
}

fun filterNotLockedUser(): Query {
Expand All @@ -30,7 +30,7 @@ object UserQueryHelper {
}

fun getUserByIdAndPwd(userId: String, oldPwd: String): Query {
return Query.query(
return query(
Criteria().andOperator(
Criteria.where(TUser::userId.name).`is`(userId),
Criteria.where(TUser::pwd.name).`is`(DataDigestUtils.md5FromStr(oldPwd))
Expand Down Expand Up @@ -75,7 +75,7 @@ object UserQueryHelper {
)
}
userId.let {
criteria.and(TUser::asstUsers.name).`in`( *arrayOf(userId))
criteria.and(TUser::asstUsers.name).`in`(*arrayOf(userId))
criteria.and(TUser::group.name).`is`(true)
}
return Query(criteria)
Expand Down

0 comments on commit 8c538df

Please sign in to comment.