MyBatis-Plus数据安全保护(加密解密)

项目创建

POM依赖

<dependency><!--MyBatis-Plus 企业级模块-->
    <groupId>com.baomidou</groupId>
    <artifactId>mybatis-mate-starter</artifactId>
    <version>1.2.8</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.bouncycastle/bctls-jdk15on -->
<dependency><!--SM2 SM3 SM4 加密算法依赖-->
    <groupId>org.bouncycastle</groupId>
    <artifactId>bctls-jdk15on</artifactId>
    <version>1.70</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.jasypt/jasypt -->
<dependency><!--混合加密算法依赖-->
    <groupId>org.jasypt</groupId>
    <artifactId>jasypt</artifactId>
    <version>1.9.3</version>
</dependency>

YML配置

spring:
  datasource:
    # 配置安全:https://blog.csdn.net/tongxin_tongmeng/article/details/128664932
    url: mpw:IlcV2VrLIr+z3ruf0oHP1sV3JuEvntw9QZDEYhQWDNHJ9Xkm7qZokxkEeTCPNqma
    username: mpw:aoVz0lDJNymnmrhw6LkQow==
    password: mpw:StRVtLG7vB6iKVt83du7fw==
    driver-class-name: com.mysql.cj.jdbc.Driver

# Mybatis Mate 配置
mybatis-mate:
  cert:
    # 请添加微信wx153666购买授权，不白嫖从我做起！ 测试证书会失效，请勿正式环境使用
    grant: thisIsTestLicense
    license: TtY9GC88CzSkEmUhzIyvM2MJKvsgPyxoNCExH4/GhaBwuTQ93aeLaR6/dM49wMSk+oQdmqUibCM8b5H74s1Nx+2C5V3U1gKiLtddVc8Eg8oC1F2nLxOiDKDvPpdxWFGsPW6mQE2LDr+tK8GXpFS3N8xwmYy/gHCwQ4Avqp9JqBbke7pZzL2adIlxYHmCYpfNTN+NRHIEFaGFTBlzZHDb3UfJaeqLaAtWBol0QOPEM69Kz3JSemxBHnEO1ID75bwwmkgqC7Ps4z9iYAK9GLzzaPwSiFELNCmIvwa5YSJLxP9NMQUWbVGIRqehxnVqfgx/68+yIfpByqGTMxLR33yeEQ==
  # 全局配置加密算法密钥
  encryptor:
    # MD5_32 MD5_16 BASE64 AES SM2 SM3 SM4 需要 password，其他加密算法需要 password publicKey privateKey
    password: mybatis-mate-encryptor-password-666
    publicKey: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCEOCMScPeNaJ0DP9N9vd/fXwPGUVnuxeGPpRePXfWuX/X/Yk5IMhwEfYLXictxQk/oAqGnqtDuS/PCL/7mqL+8wFSYnWWErCSkDdT6LjyD07l9dWv+Xj1UTEjP24sEgYA92f4AZyvhsw8I/Bj6a9a30r+kVOGoEZgGMf2c2xK4CQIDAQAB
    privateKey: MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAIQ4IxJw941onQM/0329399fA8ZRWe7F4Y+lF49d9a5f9f9iTkgyHAR9gteJy3FCT+gCoaeq0O5L88Iv/uaov7zAVJidZYSsJKQN1PouPIPTuX11a/5ePVRMSM/biwSBgD3Z/gBnK+GzDwj8GPpr1rfSv6RU4agRmAYx/ZzbErgJAgMBAAECgYBAlFK9DSQ8k14tWh1oizcvmO71DIMKluhHCvHo+pGnLAOxS0jFBoScxNkFga42kZcJ0U8337zQx5Q1ws+TxdRwHxQO889ZGQH3kOFB0ErUMTgFrTOakZhV0dMWzebkYitNcduSKZ1yfgM5ekF9k3owPIQhUNy8eXjagiLLb9/woQJBALwofOx+fuanQLC1yotFqYAx0XED9EpVPhS/G8mc4dZSNWZ548bIyq3ozP0CoHqriQo/X3NVzIJOU3rhn92fwj0CQQCz5FaeHzSqe1H4bTxzwgR5BUHttxrAPtktwfgCRgaSrZByjFldtP/dGaJmjR2Vzp848WcusJZlSlaLTfndm6W9AkEAoSxlZgctGNKn3Ta7mvU/Lmp+J7rlZU8DcK4LVXYnFXkx+OfsLvkMdE/4V7oKUUnih36lepxCJFSHubjPQf55WQJBAIUa8yxUkreCQAi9avmMGZsiVMH7tgOBfVjqKQQlpD9rxXG8f3Nitd93VD7lM3rhQ9byaBKX/vA7rQWuUK+0t1ECQDTGhLRJFZK4J7UGklTX94pknM/5rO3N/JPkFJcGilbgzkqy0s13D1K+8cR0qTn2DPW8vPoLQpVGuaATTTmMdvg=

@SpringBootTest
class MybatisPlusApplicationTests {

    @Test
    void contextLoads() throws Exception {
        Map<String, Key> keyMap = RSA.genKeyPair();
        String publicKey = RSA.getPublicKey(keyMap);
        String privateKey = RSA.getPrivateKey(keyMap);
        System.out.println("publicKey========="+publicKey);
        System.out.println("privateKey========="+privateKey);
    }

}

注意：password为任意字符串，publicKey和privateKey通过如上方法生成

SQL脚本

CREATE TABLE `encrypt` (
  `id` bigint NOT NULL COMMENT '主键ID',
  `MD5_32` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'MD5_32',
  `MD5_16` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'MD5_16',
  `BASE64` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'BASE64',
  `AES` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'AES',
  `RSA` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'RSA',
  `SM2` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'SM2',
  `SM3` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'SM3',
  `SM4` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'SM4',
  `PBEWithMD5AndDES` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'PBEWithMD5AndDES',
  `PBEWithMD5AndTripleDES` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'PBEWithMD5AndTripleDES',
  `PBEWithHMACSHA512AndAES_256` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'PBEWithHMACSHA512AndAES_256',
  `PBEWithSHA1AndDESede` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'PBEWithSHA1AndDESede',
  `PBEWithSHA1AndRC2_40` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'PBEWithSHA1AndRC2_40',
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;

代码生成(MybatisX)

@RestController
@RequestMapping("/encrypt")
public class EncryptController {

    @Autowired
    private EncryptService encrtptService;

    @PostMapping("/create")
    public Boolean create(@RequestBody Encrypt encrypt) {
        return encrtptService.save(encrypt);
    }

    @GetMapping("/get")
    public Encrypt get(@RequestBody Encrypt encrypt) {
        return encrtptService.getById(encrypt.getId());
    }

    @GetMapping("/getAll")
    public List<Encrypt> getAll() {
        return encrtptService.list();
    }

    @PutMapping("/update")
    public Boolean update(@RequestBody Encrypt encrypt) {
        return encrtptService.updateById(encrypt);
    }

    @DeleteMapping("/delete")
    public Boolean delete(@RequestBody Encrypt encrypt) {
        return encrtptService.removeById(encrypt);
    }

    @DeleteMapping("/deleteAll")
    public Boolean deleteAll() {
        return encrtptService.remove(new QueryWrapper<>());
    }

}

加密算法

字段加密(@FieldEncrypt)

/**
 *
 * @TableName encrypt
 */
@TableName(value ="encrypt")
@Data
public class Encrypt implements Serializable {
    /**
     * 主键ID
     */
    @TableId(value = "id")
    private Long id;

    /**
     * MD5_32
     */
    @FieldEncrypt(algorithm = Algorithm.MD5_32)
    @TableField(value = "MD5_32")
    private String md532;

    /**
     * MD5_16
     */
    @FieldEncrypt(algorithm = Algorithm.MD5_16)
    @TableField(value = "MD5_16")
    private String md516;

    /**
     * BASE64
     */
    @FieldEncrypt(algorithm = Algorithm.BASE64)
    @TableField(value = "BASE64")
    private String base64;

    /**
     * AES
     */
    @FieldEncrypt(algorithm = Algorithm.AES)
    @TableField(value = "AES")
    private String aes;

    /**
     * RSA
     */
    @FieldEncrypt(algorithm = Algorithm.RSA)
    @TableField(value = "RSA")
    private String rsa;

    /**
     * SM2
     */
    @FieldEncrypt(algorithm = Algorithm.SM2)
    @TableField(value = "SM2")
    private String sm2;

    /**
     * SM3
     */
    @FieldEncrypt(algorithm = Algorithm.SM3)
    @TableField(value = "SM3")
    private String sm3;

    /**
     * SM4
     */
    @FieldEncrypt(algorithm = Algorithm.SM4)
    @TableField(value = "SM4")
    private String sm4;

    /**
     * PBEWithMD5AndDES
     */
    @FieldEncrypt(algorithm = Algorithm.PBEWithMD5AndDES)
    @TableField(value = "PBEWithMD5AndDES")
    private String pbewithmd5anddes;

    /**
     * PBEWithMD5AndTripleDES
     */
    @FieldEncrypt(algorithm = Algorithm.PBEWithMD5AndTripleDES)
    @TableField(value = "PBEWithMD5AndTripleDES")
    private String pbewithmd5andtripledes;

    /**
     * PBEWithHMACSHA512AndAES_256
     */
    @FieldEncrypt(algorithm = Algorithm.PBEWithHMACSHA512AndAES_256)
    @TableField(value = "PBEWithHMACSHA512AndAES_256")
    private String pbewithhmacsha512andaes256;

    /**
     * PBEWithSHA1AndDESede
     */
    @FieldEncrypt(algorithm = Algorithm.PBEWithSHA1AndDESede)
    @TableField(value = "PBEWithSHA1AndDESede")
    private String pbewithsha1anddesede;

    /**
     * PBEWithSHA1AndRC2_40
     */
    @FieldEncrypt(algorithm = Algorithm.PBEWithSHA1AndRC2_40)
    @TableField(value = "PBEWithSHA1AndRC2_40")
    private String pbewithsha1andrc240;

    @TableField(exist = false)
    private static final long serialVersionUID = 1L;

    @Override
    public boolean equals(Object that) {
        if (this == that) {
            return true;
        }
        if (that == null) {
            return false;
        }
        if (getClass() != that.getClass()) {
            return false;
        }
        Encrypt other = (Encrypt) that;
        return (this.getId() == null ? other.getId() == null : this.getId().equals(other.getId()))
            && (this.getMd532() == null ? other.getMd532() == null : this.getMd532().equals(other.getMd532()))
            && (this.getMd516() == null ? other.getMd516() == null : this.getMd516().equals(other.getMd516()))
            && (this.getBase64() == null ? other.getBase64() == null : this.getBase64().equals(other.getBase64()))
            && (this.getAes() == null ? other.getAes() == null : this.getAes().equals(other.getAes()))
            && (this.getRsa() == null ? other.getRsa() == null : this.getRsa().equals(other.getRsa()))
            && (this.getSm2() == null ? other.getSm2() == null : this.getSm2().equals(other.getSm2()))
            && (this.getSm3() == null ? other.getSm3() == null : this.getSm3().equals(other.getSm3()))
            && (this.getSm4() == null ? other.getSm4() == null : this.getSm4().equals(other.getSm4()))
            && (this.getPbewithmd5anddes() == null ? other.getPbewithmd5anddes() == null : this.getPbewithmd5anddes().equals(other.getPbewithmd5anddes()))
            && (this.getPbewithmd5andtripledes() == null ? other.getPbewithmd5andtripledes() == null : this.getPbewithmd5andtripledes().equals(other.getPbewithmd5andtripledes()))
            && (this.getPbewithhmacsha512andaes256() == null ? other.getPbewithhmacsha512andaes256() == null : this.getPbewithhmacsha512andaes256().equals(other.getPbewithhmacsha512andaes256()))
            && (this.getPbewithsha1anddesede() == null ? other.getPbewithsha1anddesede() == null : this.getPbewithsha1anddesede().equals(other.getPbewithsha1anddesede()))
            && (this.getPbewithsha1andrc240() == null ? other.getPbewithsha1andrc240() == null : this.getPbewithsha1andrc240().equals(other.getPbewithsha1andrc240()));
    }

    @Override
    public int hashCode() {
        final int prime = 31;
        int result = 1;
        result = prime * result + ((getId() == null) ? 0 : getId().hashCode());
        result = prime * result + ((getMd532() == null) ? 0 : getMd532().hashCode());
        result = prime * result + ((getMd516() == null) ? 0 : getMd516().hashCode());
        result = prime * result + ((getBase64() == null) ? 0 : getBase64().hashCode());
        result = prime * result + ((getAes() == null) ? 0 : getAes().hashCode());
        result = prime * result + ((getRsa() == null) ? 0 : getRsa().hashCode());
        result = prime * result + ((getSm2() == null) ? 0 : getSm2().hashCode());
        result = prime * result + ((getSm3() == null) ? 0 : getSm3().hashCode());
        result = prime * result + ((getSm4() == null) ? 0 : getSm4().hashCode());
        result = prime * result + ((getPbewithmd5anddes() == null) ? 0 : getPbewithmd5anddes().hashCode());
        result = prime * result + ((getPbewithmd5andtripledes() == null) ? 0 : getPbewithmd5andtripledes().hashCode());
        result = prime * result + ((getPbewithhmacsha512andaes256() == null) ? 0 : getPbewithhmacsha512andaes256().hashCode());
        result = prime * result + ((getPbewithsha1anddesede() == null) ? 0 : getPbewithsha1anddesede().hashCode());
        result = prime * result + ((getPbewithsha1andrc240() == null) ? 0 : getPbewithsha1andrc240().hashCode());
        return result;
    }

    @Override
    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append(getClass().getSimpleName());
        sb.append(" [");
        sb.append("Hash = ").append(hashCode());
        sb.append(", id=").append(id);
        sb.append(", md532=").append(md532);
        sb.append(", md516=").append(md516);
        sb.append(", base64=").append(base64);
        sb.append(", aes=").append(aes);
        sb.append(", rsa=").append(rsa);
        sb.append(", sm2=").append(sm2);
        sb.append(", sm3=").append(sm3);
        sb.append(", sm4=").append(sm4);
        sb.append(", pbewithmd5anddes=").append(pbewithmd5anddes);
        sb.append(", pbewithmd5andtripledes=").append(pbewithmd5andtripledes);
        sb.append(", pbewithhmacsha512andaes256=").append(pbewithhmacsha512andaes256);
        sb.append(", pbewithsha1anddesede=").append(pbewithsha1anddesede);
        sb.append(", pbewithsha1andrc240=").append(pbewithsha1andrc240);
        sb.append(", serialVersionUID=").append(serialVersionUID);
        sb.append("]");
        return sb.toString();
    }
}

加密测试

加密前：
{
	"md532": "md532",
	"md516": "md516",
	"base64": "base64",
	"aes": "aes",
	"rsa": "rsa",
	"sm2": "sm2",
	"sm3": "sm3",
	"sm4": "sm4",
	"pbewithmd5anddes": "pbewithmd5anddes",
	"pbewithmd5andtripledes": "pbewithmd5andtripledes",
	"pbewithhmacsha512andaes256": "pbewithhmacsha512andaes256",
	"pbewithsha1anddesede": "pbewithsha1anddesede",
	"pbewithsha1andrc240": "pbewithsha1andrc240"
}

注意：调用控制器接口向数据库插入数据

加密后：
{
    "id": "1614832069533679617",
	"md532": "0ed5449e148dfaac16d1247667d62554",
	"md516": "838026c17d7ac626",
	"base64": "YmFzZTY0",
	"aes": "3420e2d91b8f913bb035258e5013cc6f",
	"rsa": "FqVQIe05Q/usNmZZWA9omCf63WYbhT7z4Qsrpvr+RsWv70vV3hVK5sV1/HZvQL6uI9pU0dkdPDEwIzn0DCJIoVKCW3l7fubdOkjOgaqxv5tIdcLmZFl9XivzA6sDhSIzitFLAj4OJu2HgbF1fNDoVEdYqAD7BEMeNeCyQYyjNQk=",
	"sm2": "sm2",
	"sm3": "d0c7f21dc640a69786764d688920d4d968a103a437a6159b9e7cc7c4b826b8ac",
	"sm4": "sm4",
	"pbewithmd5anddes": "q30eLvs6615ATdqtscdIpSdZLgC+vg1/+8mLzeD2INo=",
	"pbewithmd5andtripledes": "PjjKX2OkRE2D/mz3UZLTXXAsLkjuAk6rF8l4WVz/CaE=",
	"pbewithhmacsha512andaes256": "N5GESK0bGjLsJGO4DadbUMNzPo6ov/svzNHCZg0S4gmrsMLSDMLHDO/6ZrPNsYhpBTR53Xmksi9fxwSU5ScshQ==",
	"pbewithsha1anddesede": "1kGvVHNUKDbwYG1ZnLhaK2QPre3jFddM3tB6MQETzwE=",
	"pbewithsha1andrc240": "my9MZrkBSRtwgV6/MjAjwug7HB/lKHTMzmZJeUOrCQY="
}

注意：数据库存储内容为密文，其中SM2与SM4加密失败，其他算法加密成功

解密后：
{
    "id": 1614832069533679617,
    "md532": "0ed5449e148dfaac16d1247667d62554",
    "md516": "838026c17d7ac626",
    "base64": "base64",
    "aes": "aes",
    "rsa": "rsa",
    "sm2": "sm2",
    "sm3": "d0c7f21dc640a69786764d688920d4d968a103a437a6159b9e7cc7c4b826b8ac",
    "sm4": "sm4",
    "pbewithmd5anddes": "pbewithmd5anddes",
    "pbewithmd5andtripledes": "pbewithmd5andtripledes",
    "pbewithhmacsha512andaes256": "pbewithhmacsha512andaes256",
    "pbewithsha1anddesede": "pbewithsha1anddesede",
    "pbewithsha1andrc240": "pbewithsha1andrc240"
}

注意：调用控制器接口查询数据，查询结果为加密前数据，其中MD5_32 MD5_16 SM3仍是密文，说明这三种算法不可逆

自定义算法

注意：自定义加密算法需实现IEncryptor接口，IEncryptor接口可有多个实现类，但只能有一个实现类添加@Component注解，添加
@Component注解便启用自定义加密算法，一旦启用自定义加密算法，那么项目中所有@FieldEncrypt加密的字段都将使用自定义加密
算法进行加密，其他算法均不再生效，如下CustomEncryptor自定义加密算法，加密时"##$$##=="+plaintext+"--&&$$&&"实现加密，
解密时encrypt.replace("##$$##==", "").replace("--&&$$&&", "")实现解密

// 自定义加密算法，这里为开启使用默认加密库
@Component
public class CustomEncryptor implements IEncryptor {
    /**
     * 加密
     *
     * @param algorithm  算法
     * @param password   密码（对称加密算法密钥）
     * @param plaintext  明文
     * @param publicKey  非对称加密算法（公钥）
     * @param metaObject {@link MetaObject}
     * @return
     */
    @Override
    public String encrypt(Algorithm algorithm, String password, String publicKey, String plaintext, Object metaObject) {
        if (metaObject instanceof MetaObject) {
            // _metaObject为加密字段所属对象,可通过已知属性名获取属性值，_metaObject.getValue("属性名")
            MetaObject _metaObject = ((MetaObject) metaObject);
        }
        return "##$$##=="+plaintext+"--&&$$&&";
    }


    /**
     * 解密
     *
     * @param algorithm  算法
     * @param password   密码（对称加密算法密钥）
     * @param encrypt    密文
     * @param privateKey 非对称加密算法（私钥）
     * @param metaObject {@link MetaObject}
     * @return
     */
    @Override
    public String decrypt(Algorithm algorithm, String password, String privateKey, String encrypt, Object metaObject) {
        if (metaObject instanceof MetaObject) {
            // _metaObject为加密字段所属对象,可通过已知属性名获取属性值，_metaObject.getValue("属性名")
            MetaObject _metaObject = ((MetaObject) metaObject);
        }
        return encrypt.replace("##$$##==", "").replace("--&&$$&&", "");
    }
}