更新iam密码加密方式

2020-02-04 09:58:39 +08:00 · 2020-02-04 09:58:39 +08:00 · 2b38427d97
parent 52e6b9bdf8
commit 2b38427d97
3 changed files with 42 additions and 23 deletions
--- a/iam-base-starter/src/main/java/com/diboot/iam/auth/impl/PwdAuthServiceImpl.java
+++ b/iam-base-starter/src/main/java/com/diboot/iam/auth/impl/PwdAuthServiceImpl.java
@ -101,8 +101,10 @@ public class PwdAuthServiceImpl implements AuthService {
     */
    private static boolean isPasswordMatched(IamAccount account, BaseJwtAuthToken jwtToken){
        //加密后比较
-        String encryptedStr = Encryptor.encrypt(jwtToken.getAuthSecret(), account.getSecretSalt());
-        return encryptedStr.equals(account.getAuthSecret());
+        String encryptedStr = IamSecurityUtils.encryptPwd(jwtToken.getAuthSecret(), account.getSecretSalt());
+        // 暂时兼容RC2版本，后期移除
+        String oldEncryptedStr = Encryptor.encrypt(jwtToken.getAuthSecret(), account.getSecretSalt());
+        return encryptedStr.equals(account.getAuthSecret()) || oldEncryptedStr.equals(account.getAuthSecret());
    }

    /**
--- a/iam-base-starter/src/main/java/com/diboot/iam/service/impl/IamAccountServiceImpl.java
+++ b/iam-base-starter/src/main/java/com/diboot/iam/service/impl/IamAccountServiceImpl.java
@ -1,14 +1,12 @@
 package com.diboot.iam.service.impl;

 import com.diboot.core.exception.BusinessException;
-import com.diboot.core.util.Encryptor;
-import com.diboot.core.util.S;
 import com.diboot.core.util.V;
 import com.diboot.core.vo.Status;
-import com.diboot.iam.config.Cons;
 import com.diboot.iam.entity.IamAccount;
 import com.diboot.iam.mapper.IamAccountMapper;
 import com.diboot.iam.service.IamAccountService;
+import com.diboot.iam.util.IamSecurityUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
@ -28,7 +26,7 @@ public class IamAccountServiceImpl extends BaseIamServiceImpl<IamAccountMapper,
    @Override
    public boolean createEntity(IamAccount iamAccount) {
        // 生成加密盐并加密
-        encryptSecret(iamAccount);
+        IamSecurityUtils.encryptPwd(iamAccount);
        // 保存
        try{
            return super.createEntity(iamAccount);
@ -45,7 +43,7 @@ public class IamAccountServiceImpl extends BaseIamServiceImpl<IamAccountMapper,
        if(V.notEmpty(accountList)){
            accountList.stream().forEach(account->{
                // 生成加密盐并加密
-                encryptSecret(account);
+                IamSecurityUtils.encryptPwd(account);
            });
        }
        // 保存
@ -57,20 +55,4 @@ public class IamAccountServiceImpl extends BaseIamServiceImpl<IamAccountMapper,
            throw new BusinessException(Status.FAIL_VALIDATION, "账号中可能包含已存在账号，请检查！");
        }
    }
-
-    /**
-     * 加密账号密码
-     * @param iamAccount
-     */
-    private void encryptSecret(IamAccount iamAccount){
-        if(Cons.DICTCODE_AUTH_TYPE.PWD.name().equals(iamAccount.getAuthType())){
-            if(V.isEmpty(iamAccount.getSecretSalt())){
-                // 生成加密盐并加密
-                String salt = S.cut(S.newUuid(), 8);
-                iamAccount.setSecretSalt(salt);
-            }
-            String encryptedStr = Encryptor.encrypt(iamAccount.getAuthSecret(), iamAccount.getSecretSalt());
-            iamAccount.setAuthSecret(encryptedStr);
-        }
-    }
 }
--- a/iam-base-starter/src/main/java/com/diboot/iam/util/IamSecurityUtils.java
+++ b/iam-base-starter/src/main/java/com/diboot/iam/util/IamSecurityUtils.java
@ -1,9 +1,13 @@
 package com.diboot.iam.util;

+import com.diboot.core.util.S;
 import com.diboot.core.util.V;
 import com.diboot.iam.config.Cons;
+import com.diboot.iam.entity.IamAccount;
 import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.crypto.hash.SimpleHash;
 import org.apache.shiro.subject.Subject;
+import org.apache.shiro.util.ByteSource;

 import javax.servlet.http.HttpServletRequest;

@ -15,6 +19,12 @@ import javax.servlet.http.HttpServletRequest;
 */
 public class IamSecurityUtils extends SecurityUtils {

+    /**
+     * 加密算法与hash次数
+     */
+    private static final String ALGORITHM = "md5";
+    private static final int ITERATIONS = 2;
+
    /**
     * 获取当前用户类型和id信息
     * @return
@ -37,6 +47,31 @@ public class IamSecurityUtils extends SecurityUtils {
        }
    }

+    /***
+     * 对用户密码加密
+     * @param iamAccount
+     */
+    public static void encryptPwd(IamAccount iamAccount){
+        if(Cons.DICTCODE_AUTH_TYPE.PWD.name().equals(iamAccount.getAuthType())){
+            if(iamAccount.getSecretSalt() == null){
+                String salt = S.cut(S.newUuid(), 8);
+                iamAccount.setSecretSalt(salt);
+            }
+            String encryptedPwd = encryptPwd(iamAccount.getAuthSecret(), iamAccount.getSecretSalt());
+            iamAccount.setAuthSecret(encryptedPwd);
+        }
+    }
+
+    /***
+     * 对用户密码加密
+     * @param password
+     * @param salt
+     */
+    public static String encryptPwd(String password, String salt){
+        String encryptedPassword = new SimpleHash(ALGORITHM, password, ByteSource.Util.bytes(salt), ITERATIONS).toHex();
+        return encryptedPassword;
+    }
+
    private static final String[] HEADER_IP_KEYWORDS = {"X-Forwarded-For", "Proxy-Client-IP",
            "WL-Proxy-Client-IP", "HTTP_CLIENT_IP", "X-Real-IP"};
    /***