From 8c538dfb8b598418efaa4a7934ac2257392f930a Mon Sep 17 00:00:00 2001 From: owen Date: Mon, 14 Aug 2023 15:36:36 +0800 Subject: [PATCH] =?UTF-8?q?=20feat:=20=E6=94=AF=E6=8C=81=E5=9B=BD=E5=AF=86?= =?UTF-8?q?=E5=AD=98=E5=82=A8=20#1057=20(#1061)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: 支持国密存储 #1057 * feat: 支持国密存储 #1057 * feat: 支持国密存储 #1057 * feat: 支持国密存储 #1057 --- src/backend/auth/biz-auth/build.gradle.kts | 1 + .../bkrepo/auth/service/local/UserServiceImpl.kt | 14 +++++++++----- .../tencent/bkrepo/auth/util/DataDigestUtils.kt | 6 ++++++ .../bkrepo/auth/util/query/UserQueryHelper.kt | 10 +++++----- 4 files changed, 21 insertions(+), 10 deletions(-) diff --git a/src/backend/auth/biz-auth/build.gradle.kts b/src/backend/auth/biz-auth/build.gradle.kts index f18f3f0e4c..38f6ca1e21 100644 --- a/src/backend/auth/biz-auth/build.gradle.kts +++ b/src/backend/auth/biz-auth/build.gradle.kts @@ -39,4 +39,5 @@ dependencies { implementation(project(":common:common-operate:operate-service")) api(project(":common:common-redis")) implementation("org.apache.httpcomponents:httpclient") + implementation("com.tencent.bk.sdk:crypto-java-sdk") } diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/UserServiceImpl.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/UserServiceImpl.kt index e9ff2ae042..9470772f9d 100644 --- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/UserServiceImpl.kt +++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/UserServiceImpl.kt @@ -281,13 +281,15 @@ class UserServiceImpl constructor( // conv time expiredTime = expiredTime!!.plusHours(8) } + val sm3Id = DataDigestUtils.sm3FromStr(id) val userToken = Token(name = name, id = id, createdAt = createdTime, expiredAt = expiredTime) - update.addToSet(TUser::tokens.name, userToken) + val dataToken = Token(name = name, id = sm3Id, createdAt = createdTime, expiredAt = expiredTime) + update.addToSet(TUser::tokens.name, dataToken) mongoTemplate.upsert(query, update, TUser::class.java) val userInfo = userRepository.findFirstByUserId(userId) val tokens = userInfo!!.tokens tokens.forEach { - if (it.name == name) return it + if (it.name == name) return userToken } return null } catch (ignored: DateTimeParseException) { @@ -325,8 +327,10 @@ class UserServiceImpl constructor( return null } } + logger.debug("find user userId : [$userId]") val hashPwd = DataDigestUtils.md5FromStr(pwd) - val query = UserQueryHelper.buildUserPasswordCheck(userId, pwd, hashPwd) + val sm3HashPwd = DataDigestUtils.sm3FromStr(pwd) + val query = UserQueryHelper.buildUserPasswordCheck(userId, pwd, hashPwd, sm3HashPwd) val result = mongoTemplate.findOne(query, TUser::class.java) ?: run { return null } @@ -338,9 +342,9 @@ class UserServiceImpl constructor( // token 匹配成功 result.tokens.forEach { // 永久token,校验通过,临时token校验有效期 - if (UserRequestUtil.matchToken(pwd, hashPwd, it.id) && it.expiredAt == null) { + if (UserRequestUtil.matchToken(pwd, sm3HashPwd, it.id) && it.expiredAt == null) { return UserRequestUtil.convToUser(result) - } else if (UserRequestUtil.matchToken(pwd, hashPwd, it.id) && + } else if (UserRequestUtil.matchToken(pwd, sm3HashPwd, it.id) && it.expiredAt != null && it.expiredAt!!.isAfter(LocalDateTime.now()) ) { return UserRequestUtil.convToUser(result) diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/util/DataDigestUtils.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/util/DataDigestUtils.kt index fba7dde967..d8fd061473 100644 --- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/util/DataDigestUtils.kt +++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/util/DataDigestUtils.kt @@ -32,6 +32,7 @@ package com.tencent.bkrepo.auth.util import java.security.MessageDigest +import com.tencent.bk.sdk.crypto.util.SM3Util object DataDigestUtils { @@ -46,6 +47,11 @@ object DataDigestUtils { return toHex(result) } + fun sm3FromStr(str: String): String { + val digest = SM3Util.digest(str.toByteArray()) + return toHex(digest) + } + fun md5FromByteArray(byteArr: ByteArray): String { val digest = MessageDigest.getInstance("MD5") val result = digest.digest(byteArr) diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/util/query/UserQueryHelper.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/util/query/UserQueryHelper.kt index 259fc0ad3e..30d7f50a11 100644 --- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/util/query/UserQueryHelper.kt +++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/util/query/UserQueryHelper.kt @@ -10,14 +10,14 @@ import org.springframework.data.mongodb.core.query.and object UserQueryHelper { - fun buildUserPasswordCheck(userId: String, pwd: String, hashPwd: String): Query { + fun buildUserPasswordCheck(userId: String, pwd: String, hashPwd: String, sm3HashPwd: String): Query { val criteria = Criteria() criteria.orOperator( Criteria.where(TUser::pwd.name).`is`(hashPwd), Criteria.where("tokens.id").`is`(pwd), - Criteria.where("tokens.id").`is`(hashPwd) + Criteria.where("tokens.id").`is`(sm3HashPwd) ).and(TUser::userId.name).`is`(userId) - return Query.query(criteria) + return query(criteria) } fun filterNotLockedUser(): Query { @@ -30,7 +30,7 @@ object UserQueryHelper { } fun getUserByIdAndPwd(userId: String, oldPwd: String): Query { - return Query.query( + return query( Criteria().andOperator( Criteria.where(TUser::userId.name).`is`(userId), Criteria.where(TUser::pwd.name).`is`(DataDigestUtils.md5FromStr(oldPwd)) @@ -75,7 +75,7 @@ object UserQueryHelper { ) } userId.let { - criteria.and(TUser::asstUsers.name).`in`( *arrayOf(userId)) + criteria.and(TUser::asstUsers.name).`in`(*arrayOf(userId)) criteria.and(TUser::group.name).`is`(true) } return Query(criteria)