Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
ghsby
o2oa
提交
67d6ca76
o2oa
项目概览
ghsby
/
o2oa
落后 Fork 源项目 2880 个版本
Fork自
浙江兰德纵横网络技术股份有限公司 / o2oa
通知
1
Star
1
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
o2oa
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
67d6ca76
编写于
6月 16, 2020
作者:
hlwwx
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
'修改了服务器起动时config.json增加了publicKey,修改密码增加RSA功能'
上级
b7e93988
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
105 addition
and
66 deletion
+105
-66
o2server/x_base_core_project/src/main/java/com/x/base/core/project/tools/Crypto.java
...t/src/main/java/com/x/base/core/project/tools/Crypto.java
+55
-0
o2server/x_console/src/main/java/com/x/server/console/server/web/WebServerTools.java
.../java/com/x/server/console/server/web/WebServerTools.java
+8
-1
o2server/x_organization_assemble_authentication/src/main/java/com/x/organization/assemble/authentication/jaxrs/authentication/ActionCaptchaLogin.java
...thentication/jaxrs/authentication/ActionCaptchaLogin.java
+1
-58
o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/person/ActionSetPassword.java
...ion/assemble/personal/jaxrs/person/ActionSetPassword.java
+41
-7
未找到文件。
o2server/x_base_core_project/src/main/java/com/x/base/core/project/tools/Crypto.java
浏览文件 @
67d6ca76
...
...
@@ -20,6 +20,8 @@ import org.apache.commons.codec.binary.Base64;
import
org.apache.commons.lang3.ArrayUtils
;
import
org.apache.commons.lang3.StringUtils
;
import
com.x.base.core.project.config.Config
;
public
class
Crypto
{
private
static
final
String
utf8
=
"UTF-8"
;
...
...
@@ -116,6 +118,59 @@ public class Crypto {
}
}
//用户登入解密 转成Base64
public
static
String
decryptRSA
(
String
strDecrypt
)
{
String
privateKey
;
String
decrypt
=
null
;
try
{
privateKey
=
getPrivateKey
();
decrypt
=
Crypto
.
rsaDecrypt
(
strDecrypt
,
privateKey
);
}
catch
(
Exception
e
)
{
e
.
printStackTrace
();
}
return
decrypt
;
}
//转成Base64
public
static
String
encryptRSA
(
String
strEncrypt
)
{
String
encrypt
=
null
;
try
{
String
publicKey
=
Config
.
publicKey
();
byte
[]
publicKeyB
=
Base64
.
decodeBase64
(
publicKey
);
encrypt
=
Crypto
.
rsaEncrypt
(
strEncrypt
,
new
String
(
Base64
.
encodeBase64
(
publicKeyB
)));
}
catch
(
Exception
e
)
{
e
.
printStackTrace
();
}
return
encrypt
;
}
//转成Base64
public
static
String
getPublicKey
()
{
String
publicKey
=
""
;
try
{
publicKey
=
Config
.
publicKey
();
byte
[]
publicKeyB
=
Base64
.
decodeBase64
(
publicKey
);
publicKey
=
new
String
(
Base64
.
encodeBase64
(
publicKeyB
));
}
catch
(
Exception
e
)
{
e
.
printStackTrace
();
}
return
publicKey
;
}
//转成Base64
public
static
String
getPrivateKey
()
{
String
privateKey
=
""
;
try
{
privateKey
=
Config
.
privateKey
();
byte
[]
privateKeyB
=
Base64
.
decodeBase64
(
privateKey
);
privateKey
=
new
String
(
Base64
.
encodeBase64
(
privateKeyB
));
}
catch
(
Exception
e
)
{
e
.
printStackTrace
();
}
return
privateKey
;
}
public
static
final
String
TEST_PUBLIC_KEY
=
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWcVZIS57VeOUzi8c01WKvwJK9uRe6hrGTUYmF6J/pI6/UvCbdBWCoErbzsBZOElOH8Sqal3vsNMVLjPYClfoDyYDaUlakP3ldfnXJzAFJVVubF53KadG+fwnh9ZMvxdh7VXVqRL3IQBDwGgzX4rmSK+qkUJjc3OkrNJPB7LLD8QIDAQAB"
;
public
static
final
String
TEST_PRIVATE_KEY
=
"MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAJZxVkhLntV45TOLxzTVYq/Akr25F7qGsZNRiYXon+kjr9S8Jt0FYKgStvOwFk4SU4fxKpqXe+w0xUuM9gKV+gPJgNpSVqQ/eV1+dcnMAUlVW5sXncpp0b5/CeH1ky/F2HtVdWpEvchAEPAaDNfiuZIr6qRQmNzc6Ss0k8HsssPxAgMBAAECgYAWtRy05NUgm5Lc6Og0jVDL/mEnydxPBy2ectwzHh2k7wIHNi8XhUxFki2TMqzrM9Dv3/LySpMl4AE3mhs34LNPy6F+MwyF5X7j+2Y6MflJyeb9HNyT++viysQneoOEiOk3ghxF2/GPjpiEF79wSp+1YKTxRAyq7ypV3t35fGOOEQJBANLDPWl8b5c3lrcz/dTamMjHbVamEyX43yzQOphzkhYsz4pruATzTxU+z8/zPdEqHcWWV39CP3xu3EYNcAhxJW8CQQC2u7PF5Xb1xYRCsmIPssFxil64vvdUadSxl7GLAgjQ9ULyYWB24KObCEzLnPcT8Pf2Q0YQOixxa/78FuzmgbyfAkA7ZFFV/H7lugB6t+f7p24OhkRFep9CwBMD6dnZRBgSr6X8d8ZvfrD2Z7DgBMeSva+OEoOtlNmXExZ3lynO9zN5AkAVczEmIMp3DSl6XtAuAZC9kD2QODJ2QToLYsAfjiyUwsWKCC43piTuVOoW2KUUPSwOR1VZIEsJQWEcHGDQqhgHAkAeZ7a6dVRZFdBwKA0ADjYCufAW2cIYiVDQBJpgB+kiLQflusNOCBK0FT3lg8BdUSy2D253Ih6l3lbaM/4M7DFQ"
;
...
...
o2server/x_console/src/main/java/com/x/server/console/server/web/WebServerTools.java
浏览文件 @
67d6ca76
...
...
@@ -193,7 +193,14 @@ public class WebServerTools extends JettySeverTools {
/* 密码规则 */
map
.
put
(
"passwordRegex"
,
Config
.
person
().
getPasswordRegex
()
);
map
.
put
(
"passwordRegexHint"
,
Config
.
person
().
getPasswordRegexHint
());
/*RSA*/
File
publicKeyFile
=
new
File
(
Config
.
base
(),
"config/public.key"
);
if
(
publicKeyFile
.
exists
()
&&
publicKeyFile
.
isFile
())
{
String
publicKey
=
FileUtils
.
readFileToString
(
publicKeyFile
,
"utf-8"
);
map
.
put
(
"publicKey"
,
publicKey
);
}
FileUtils
.
writeStringToFile
(
file
,
gson
.
toJson
(
map
),
DefaultCharset
.
charset
);
}
}
...
...
o2server/x_organization_assemble_authentication/src/main/java/com/x/organization/assemble/authentication/jaxrs/authentication/ActionCaptchaLogin.java
浏览文件 @
67d6ca76
...
...
@@ -42,7 +42,7 @@ class ActionCaptchaLogin extends BaseAction {
//RSA解秘
if
(!
StringUtils
.
isEmpty
(
isEncrypted
))
{
if
(
isEncrypted
.
trim
().
equalsIgnoreCase
(
"y"
))
{
password
=
decryptRSA
(
password
);
password
=
Crypto
.
decryptRSA
(
password
);
}
}
...
...
@@ -115,63 +115,6 @@ class ActionCaptchaLogin extends BaseAction {
}
}
//加密
public
String
encryptRSA
(
String
strEncrypt
)
{
String
encrypt
=
null
;
try
{
String
publicKey
=
Config
.
publicKey
();
byte
[]
publicKeyB
=
Base64
.
decodeBase64
(
publicKey
);
encrypt
=
Crypto
.
rsaEncrypt
(
strEncrypt
,
new
String
(
Base64
.
encodeBase64
(
publicKeyB
)));
}
catch
(
Exception
e
)
{
e
.
printStackTrace
();
}
return
encrypt
;
}
//解密
public
String
decryptRSA
(
String
strDecrypt
)
{
String
privateKey
;
String
decrypt
=
null
;
try
{
privateKey
=
getPrivateKey
();
decrypt
=
Crypto
.
rsaDecrypt
(
strDecrypt
,
privateKey
);
}
catch
(
Exception
e
)
{
e
.
printStackTrace
();
}
return
decrypt
;
}
//获取PublicKey
public
String
getPublicKey
()
{
String
publicKey
=
""
;
try
{
publicKey
=
Config
.
publicKey
();
byte
[]
publicKeyB
=
Base64
.
decodeBase64
(
publicKey
);
publicKey
=
new
String
(
Base64
.
encodeBase64
(
publicKeyB
));
}
catch
(
Exception
e
)
{
e
.
printStackTrace
();
}
return
publicKey
;
}
//获取privateKey
public
String
getPrivateKey
()
{
String
privateKey
=
""
;
try
{
privateKey
=
Config
.
privateKey
();
byte
[]
privateKeyB
=
Base64
.
decodeBase64
(
privateKey
);
privateKey
=
new
String
(
Base64
.
encodeBase64
(
privateKeyB
));
}
catch
(
Exception
e
)
{
e
.
printStackTrace
();
}
return
privateKey
;
}
public
static
class
Wi
extends
GsonPropertyObject
{
@FieldDescribe
(
"凭证"
)
...
...
o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/person/ActionSetPassword.java
浏览文件 @
67d6ca76
...
...
@@ -8,6 +8,7 @@ import org.apache.commons.lang3.StringUtils;
import
com.google.gson.JsonElement
;
import
com.x.base.core.container.EntityManagerContainer
;
import
com.x.base.core.container.factory.EntityManagerContainerFactory
;
import
com.x.base.core.project.annotation.FieldDescribe
;
import
com.x.base.core.project.cache.ApplicationCache
;
import
com.x.base.core.project.config.Config
;
import
com.x.base.core.project.gson.GsonPropertyObject
;
...
...
@@ -59,20 +60,38 @@ class ActionSetPassword extends BaseAction {
if
(
StringUtils
.
equals
(
wi
.
getNewPassword
(),
wi
.
getOldPassword
()))
{
throw
new
ExceptionNewPasswordSameAsOldPassword
();
}
String
oldPassword
=
wi
.
getOldPassword
();
String
newPassword
=
wi
.
getNewPassword
();
String
confirmPassword
=
wi
.
getConfirmPassword
();
String
isEncrypted
=
wi
.
getIsEncrypted
();
//RSA解秘
if
(!
StringUtils
.
isEmpty
(
isEncrypted
))
{
if
(
isEncrypted
.
trim
().
equalsIgnoreCase
(
"y"
))
{
oldPassword
=
Crypto
.
decryptRSA
(
oldPassword
);
newPassword
=
Crypto
.
decryptRSA
(
newPassword
);
confirmPassword
=
Crypto
.
decryptRSA
(
confirmPassword
);
}
}
if
(
BooleanUtils
.
isTrue
(
Config
.
person
().
getSuperPermission
())
&&
StringUtils
.
equals
(
Config
.
token
().
getPassword
(),
wi
.
getOldPassword
()
))
{
&&
StringUtils
.
equals
(
Config
.
token
().
getPassword
(),
oldPassword
))
{
logger
.
info
(
"user{name:"
+
person
.
getName
()
+
"} use superPermission."
);
}
else
{
if
(!
StringUtils
.
equals
(
Crypto
.
encrypt
(
wi
.
getOldPassword
()
,
Config
.
token
().
getKey
()),
if
(!
StringUtils
.
equals
(
Crypto
.
encrypt
(
oldPassword
,
Config
.
token
().
getKey
()),
person
.
getPassword
()))
{
throw
new
ExceptionOldPasswordNotMatch
();
}
if
(!
wi
.
getNewPassword
()
.
matches
(
Config
.
person
().
getPasswordRegex
()))
{
if
(!
newPassword
.
matches
(
Config
.
person
().
getPasswordRegex
()))
{
throw
new
ExceptionInvalidPassword
(
Config
.
person
().
getPasswordRegexHint
());
}
}
emc
.
beginTransaction
(
Person
.
class
);
person
.
setPassword
(
Crypto
.
encrypt
(
wi
.
getNewPassword
()
,
Config
.
token
().
getKey
()));
person
.
setPassword
(
Crypto
.
encrypt
(
newPassword
,
Config
.
token
().
getKey
()));
person
.
setChangePasswordTime
(
new
Date
());
emc
.
commit
();
ApplicationCache
.
notify
(
Person
.
class
);
...
...
@@ -86,11 +105,19 @@ class ActionSetPassword extends BaseAction {
}
public
static
class
Wi
extends
GsonPropertyObject
{
@FieldDescribe
(
"原密码"
)
private
String
oldPassword
;
@FieldDescribe
(
"新密码"
)
private
String
newPassword
;
private
String
confirmPassword
;
@FieldDescribe
(
"确认新密码"
)
private
String
confirmPassword
;
@FieldDescribe
(
"是否启用加密,默认不加密,启用(y)。注意:使用加密先要在服务器运行 create encrypt key"
)
private
String
isEncrypted
;
public
String
getOldPassword
()
{
return
oldPassword
;
}
...
...
@@ -115,6 +142,13 @@ class ActionSetPassword extends BaseAction {
this
.
newPassword
=
newPassword
;
}
public
String
getIsEncrypted
()
{
return
isEncrypted
;
}
public
void
setIsEncrypted
(
String
isEncrypted
)
{
this
.
isEncrypted
=
isEncrypted
;
}
}
public
static
class
Wo
extends
WrapBoolean
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录