spring aop 实践sql query 解密，sql update 加密11111111111111111111

sql query 解密，sql update 加密


@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface RailWayAccountKmsUpdateMethod {
}

@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface RailWayAccountKmsQueryMethod {
}

@Aspect
@Service
public class RailwayAccountMapperQueryAspect {

    private static final Logger logger = LoggerFactory.getLogger(RailwayAccountMapperQueryAspect.class);


    @Pointcut("@annotation(com.hellobike.hermes.ticketing.kms.RailWayAccountKmsQueryMethod)")
    private void queryPoint() {
    }

    @Around("queryPoint()")
    public Object doAround(ProceedingJoinPoint joinPoint) throws Throwable {
        //默认都不走中间件，全部接入kms-sdk 自定义实现;
        SQLTagHelper.autoCrypt(false);
        //if return null。
        RailwayAccount response = (RailwayAccount) joinPoint.proceed();
        //ThreadLocal
        SQLTagHelper.clear();
        doKmsResponse(response);
        return response;
    }


    private void doKmsResponse(RailwayAccount response) {
        try {
            if (response != null) {
                //kms 解密 方法;
                if (org.apache.commons.lang3.StringUtils.isNotEmpty(response.getEncryptAccount())) {
                    String plainAccount = Kms.decryptField(KmsConstant.KMS_DB_TYPE, KmsConstant.KMS_DB_NAME, KmsConstant.KMS_TABLE_RAILWAY_ACCOUNT, KmsConstant.KMS_FIELD_ACCOUNT, response.getEncryptAccount());
                    response.setAccount(plainAccount);
                }

                //kms
                if (org.apache.commons.lang3.StringUtils.isNotEmpty(response.getEncryptPassword())) {
                    String plainPassword = Kms.decryptField(KmsConstant.KMS_DB_TYPE, KmsConstant.KMS_DB_NAME, KmsConstant.KMS_TABLE_RAILWAY_ACCOUNT, KmsConstant.KMS_FIELD_PASSWORD, response.getEncryptPassword());
                    response.setPwd(plainPassword);
                }
            }

        } catch (Exception e) {
            logger.error("doKms exception,e=", ExceptionUtil.stacktraceToString(e));
        }
    }

}

@Aspect
@Service
public class RailwayAccountMapperUpdateAspect {

    private static final Logger logger = LoggerFactory.getLogger(RailwayAccountMapperUpdateAspect.class);


    @Pointcut("@annotation(com.hellobike.hermes.ticketing.kms.RailWayAccountKmsUpdateMethod)")
    private void updatePoint() {
    }

    @Around("updatePoint()")
    public Object doAround(ProceedingJoinPoint joinPoint) throws Throwable {
        //参数检查;
        Object[] args = joinPoint.getArgs();
        if (args == null || args.length == 0) {
            throw new RuntimeException("Invalid request");
        }

        SQLTagHelper.autoCrypt(false);
        if (args[0] instanceof RailwayAccount) {
            RailwayAccount account = (RailwayAccount) args[0];
            doKmsRequest(account);
        }
        Object obj = joinPoint.proceed();
        //ThreadLocal
        SQLTagHelper.clear();
        return obj;
    }


    private void doKmsRequest(RailwayAccount account) {
        try {
            if (account != null) {
                //kms-sdk加密 方法;
                if (org.apache.commons.lang3.StringUtils.isNotEmpty(account.getAccount())) {
                    String encryptAccount = Kms.encryptField(KmsConstant.KMS_DB_TYPE, KmsConstant.KMS_DB_NAME, KmsConstant.KMS_TABLE_RAILWAY_ACCOUNT, KmsConstant.KMS_FIELD_ACCOUNT, account.getAccount());
                    String hashAccount = Kms.hashField(KmsConstant.KMS_FIELD_ACCOUNT, account.getAccount());
                    account.setEncryptAccount(encryptAccount);
                    account.setHashAccount(hashAccount);
                }

                if (org.apache.commons.lang3.StringUtils.isNotEmpty(account.getPwd())) {
                    String encryptPassword = Kms.encryptField(KmsConstant.KMS_DB_TYPE, KmsConstant.KMS_DB_NAME, KmsConstant.KMS_TABLE_RAILWAY_ACCOUNT, KmsConstant.KMS_FIELD_PASSWORD, account.getPwd());
                    String hashPassword = Kms.hashField(KmsConstant.KMS_FIELD_PASSWORD, account.getPwd());
                    account.setEncryptPassword(encryptPassword);
                    account.setHashPassword(hashPassword);
                }
            }

        } catch (Exception e) {
            logger.error("doKms exception,e=", ExceptionUtil.stacktraceToString(e));
        }
    }

}

public interface RailwayAccountMapper {

    @RailWayAccountKmsQueryMethod
    RailwayAccount findEnabledByUserId(@Param("userId") long userId);

    @RailWayAccountKmsQueryMethod
    RailwayAccount findByGuid(@Param("guid") long guid);

    @RailWayAccountKmsUpdateMethod
    int insert(RailwayAccount account);

    int disableAccounts(@Param("userId") long userId);

    int ableAccounts(@Param("userId") long userId, @Param("account") String account);

    @RailWayAccountKmsQueryMethod
    RailwayAccount findByUserId(@Param("userId") Long userNewId);

    @RailWayAccountKmsQueryMethod
    RailwayAccount findByUserIdAndAcct(@Param("userId") long userId, @Param("account") String account);

    @RailWayAccountKmsUpdateMethod
    void updatePassword(RailwayAccount account);

    List<RailwayAccount> selectListByPage(@Param("pageSize") Long pageSize);

    int updateByPrimaryKeySelective(RailwayAccount account);


}