Browse Source

Pull request #9626: REPORT-72595 FR源码中存在加密密钥硬编码,建议放到配置文件中

Merge in DESIGN/design from ~LANLAN/design:release/10.0 to release/10.0

* commit '78218164b4ac454458eabefc7efe5c3be07538df':
  单独写一个 DefaultLoginKeys
  REPORT-72595 FR源码中存在加密密钥硬编码,建议放到配置文件中
security/10.0
Lanlan 2 years ago
parent
commit
39c52d2dc2
  1. 48
      designer-base/src/main/java/com/fr/design/login/config/DefaultLoginKeys.java
  2. 9
      designer-base/src/main/java/com/fr/design/login/utils/DesignerLoginUtils.java
  3. 1
      designer-base/src/main/resources/com/fr/design/config/default

48
designer-base/src/main/java/com/fr/design/login/config/DefaultLoginKeys.java

@ -0,0 +1,48 @@
package com.fr.design.login.config;
import com.fr.log.FineLoggerFactory;
import java.io.IOException;
import java.io.InputStream;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
/**
* @author Lanlan
* @version 10.0
* Created by Lanlan on 2022/6/20
*/
public class DefaultLoginKeys {
private static final String FILENAME = "com/fr/design/config/default";
private static final DefaultLoginKeys INSTANCE = new DefaultLoginKeys();
public static DefaultLoginKeys getInstance() {
return INSTANCE;
}
private final Map<String, String> keys = new HashMap<>();
private DefaultLoginKeys() {
Properties properties = load();
for (Map.Entry<Object, Object> entry : properties.entrySet()) {
String name = entry.getKey().toString();
keys.put(name, entry.getValue().toString());
}
}
public String getKey(String name) {
return keys.get(name);
}
private Properties load() {
Properties properties = new Properties();
try (InputStream inputStream = DefaultLoginKeys.class.getClassLoader().getResourceAsStream(FILENAME)) {
properties.load(inputStream);
} catch (IOException e) {
FineLoggerFactory.getLogger().error(e.getMessage(), e);
}
return properties;
}
}

9
designer-base/src/main/java/com/fr/design/login/utils/DesignerLoginUtils.java

@ -1,6 +1,7 @@
package com.fr.design.login.utils; package com.fr.design.login.utils;
import com.fr.design.DesignerEnvManager; import com.fr.design.DesignerEnvManager;
import com.fr.design.login.config.DefaultLoginKeys;
import com.fr.design.mainframe.toast.DesignerToastMsgUtil; import com.fr.design.mainframe.toast.DesignerToastMsgUtil;
import com.fr.general.CloudCenter; import com.fr.general.CloudCenter;
import com.fr.general.CloudCenterConfig; import com.fr.general.CloudCenterConfig;
@ -28,8 +29,6 @@ public class DesignerLoginUtils {
private static final String PRODUCT_FINEREPORT = "product-finereport"; private static final String PRODUCT_FINEREPORT = "product-finereport";
private static final String KEY = "i7hP48WAcuTrmxfN";
public static Map<String, String> renderMap() { public static Map<String, String> renderMap() {
Map<String, String> map4Tpl = new HashMap<>(); Map<String, String> map4Tpl = new HashMap<>();
map4Tpl.put("language", GeneralContext.getLocale().toString()); map4Tpl.put("language", GeneralContext.getLocale().toString());
@ -86,7 +85,11 @@ public class DesignerLoginUtils {
jo.put("username", manager.getDesignerLoginUsername()); jo.put("username", manager.getDesignerLoginUsername());
jo.put("source", PRODUCT_FINEREPORT); jo.put("source", PRODUCT_FINEREPORT);
byte[] iv = randomIv(); byte[] iv = randomIv();
return new String(Hex.encode(iv)) + encrypt(jo.toString(), KEY.getBytes(), iv); return new String(Hex.encode(iv)) + encrypt(
jo.toString(),
DefaultLoginKeys.getInstance().getKey("Fine-Designer_Login").getBytes(),
iv
);
} }
private static byte[] randomIv() { private static byte[] randomIv() {

1
designer-base/src/main/resources/com/fr/design/config/default

@ -0,0 +1 @@
Fine-Designer_Login=i7hP48WAcuTrmxfN
Loading…
Cancel
Save