前端加解密
基于axios的请求响应做拦截处理,需要安装:
yarn add crypto-jsyarn add jsencrypt
import axios from "axios";
import { loadStart, loadEnd } from "../util/Load.js";
import { sysStore } from "../store/index.js";
import CryptoJS from "crypto-js";
import JSEncrypt from "jsencrypt";
const store = sysStore();
// 接口地址
let api = import.meta.env.vite_http_base_url;
// 服务端 RSA 公钥
let publicKey =
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3dNyA26jkX/FTmNuY+1QwcvuJThsgKRbnPB91J3uw0YdabVNQy5swyPlON2E/FnH/VKRd8tCntZFIfeeQXtBrB5kim0iG4Wnz/3n83D0aUzvdBI2LXtCdf09iVu3bzrEbFTwqWqPufgcrrhavT1K57cQNQ5ZoO/dnkyP+/AgCojPmpx2QBMtG4BpVf7Fq21y4DpeWNRehgb6fMKqbBvDe+5sivplK6bDh2/4xTA9yBlJ690DvichBSZwVeSXHpPww8BiHw9ualUHwfLtbZv+ddVDCNSOAqPONgjIUKZVKNsLq4nWu3eu71PKX/FojeU8e5Lk/st8ubSUUvb+SPNlvwIDAQAB";
// 随机生成AES密钥
let aesKey = generateAesKey();
// axios配置
const http = axios.create({
baseURL: api,
timeout: 1000 * 10, // 请求超时,秒
// 携带cookie
withCredentials: true,
// headers: {'content-type': 'application/x-www-form-urlencoded'} // 请求数据类型 默认application/json
headers: { "content-type": "application/json" }, // 请求数据类型 默认application/json
});
let reqRecord = {};
// 请求拦截器
http.interceptors.request.use(
(config) => {
loadStart();
if (
new Date().getTime() - reqRecord[encodeURI(config.url)] < 1000 &&
config.url != "/sysDict/listAll"
) {
// 排除菜单列表
return Promise.reject(new Error("请勿重复请求"));
} else {
reqRecord[encodeURI(config.url)] = new Date().getTime();
}
// 如果要携带头部数据,如token,在此写,不要写在create中,create启动就会创建,需要刷新才会更新
config.headers["token"] = store.token;
// 加密
if (config.method === "post") {
// console.log('请求参数:' + JSON.stringify(config.data))
// 将 AES 密钥进行 RSA 加密
let aesKeyEn = encryptByJavaPublicKey(aesKey);
// 从请求头给到服务端
config.headers["aesKey"] = aesKeyEn;
// 请求体进行内容加密
config.data = encryptedCom(JSON.stringify(config.data));
}
return config;
},
function (error) {
// 请求错误的执行
return Promise.reject(error);
},
);
// 响应拦截器
http.interceptors.response.use(
(response) => {
loadEnd();
// 解密
if (response.config.method === "post") {
// 响应内容进行解密
response.data = JSON.parse(decryptedCom(response.data));
// console.log(response.data)
}
if (response.status === 200) {
return response.data;
} else {
ElMessage.error("服务异常");
}
},
function (error) {
loadEnd();
if (error.toString().indexOf("请勿重复请求") > -1) {
ElMessage.error("请勿重复请求");
} else {
ElMessage.error("服务异常");
}
return Promise.reject(error);
},
);
/**
* 生成随机的 AES 密钥 (Base64 格式) 24位字符
*/
function generateAesKey(keySize = 128) {
const byteLength = keySize / 8;
const wordArray = CryptoJS.lib.WordArray.random(byteLength);
return wordArray.toString(CryptoJS.enc.Base64);
}
/**
* 使用 RSA 公钥加密数据 (兼容 Java RsaUtil.encryptAesKey)
*/
function encryptByJavaPublicKey(data) {
const encryptor = new JSEncrypt();
let key = publicKey;
if (!key.includes("BEGIN")) {
key = `-----BEGIN PUBLIC KEY-----\n${publicKey}\n-----END PUBLIC KEY-----`;
}
encryptor.setPublicKey(key);
const encrypted = encryptor.encrypt(data);
if (!encrypted) {
throw new Error("加密失败,请检查密钥长度或数据长度是否超过限制");
}
return encrypted;
}
/**
* 加密Aes
*/
export const encryptedCom = (data) => {
let key = CryptoJS.enc.Base64.parse(aesKey);
let encrypted = CryptoJS.AES.encrypt(data, key, {
mode: CryptoJS.mode.ECB,
padding: CryptoJS.pad.Pkcs7,
});
return encrypted.ciphertext.toString(CryptoJS.enc.Base64);
};
/**
* 解密Aes
*/
export const decryptedCom = (data) => {
let key = CryptoJS.enc.Base64.parse(aesKey);
let decrypted = CryptoJS.AES.decrypt(data, key, {
mode: CryptoJS.mode.ECB,
padding: CryptoJS.pad.Pkcs7,
});
return decrypted.toString(CryptoJS.enc.Utf8);
};
export default http;
后端处理
RSA加解密工具类
package com.fan.util;
import lombok.extern.slf4j.Slf4j;
import javax.crypto.Cipher;
import java.security.*;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
/**
* 加解密
*/
@Slf4j
public class RsaUtil {
// 定义返回结果的键名常量
public static final String PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3dNyA26jkX/FTmNuY+1QwcvuJThsgKRbnPB91J3uw0YdabVNQy5swyPlON2E/FnH/VKRd8tCntZFIfeeQXtBrB5kim0iG4Wnz/3n83D0aUzvdBI2LXtCdf09iVu3bzrEbFTwqWqPufgcrrhavT1K57cQNQ5ZoO/dnkyP+/AgCojPmpx2QBMtG4BpVf7Fq21y4DpeWNRehgb6fMKqbBvDe+5sivplK6bDh2/4xTA9yBlJ690DvichBSZwVeSXHpPww8BiHw9ualUHwfLtbZv+ddVDCNSOAqPONgjIUKZVKNsLq4nWu3eu71PKX/FojeU8e5Lk/st8ubSUUvb+SPNlvwIDAQAA";
public static final String PRIVATE_KEY = "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDd03IDbqORf8VOY25j7VDBy+4lOGyApFuc8H3Une7DRh1ptU1DLmzDI+U43YT8Wcf9UpF3y0Ke1kUh955Be0GsHmSKbSIbhafP/efzcPRpTO90EjYte0J1/T2JW7dvOsRsVPCpao+5+ByuuFq9PUrntxA1Dlmg792eTI/78CAKiM+anHZAEy0bgGlV/sWrbXLgOl5Y1F6GBvp8wqpsG8N77myK+mUrpsOHb/jFMD3IGUnr3QO+JyEFJnBV5Jcek/DDwGIfD25qVQfB8u1tm/511UMI1I4Co842CMhQplUo2wurida7d67vU8pf8WiN5Tx7kuT+y3y5tJRS9v5I82W/AgMBAAECggEAAj4joyjYmuov/eV/3AWUateVL83zPHwgHphIqjNykrzZvUdDYbaz2M4H5w97GB+pDis28OW4MoNRRzejfPjL2cg9rslnR+BaqWRHlqy0rxl2oYJk09VKmO2Xh3tkgZZjHmlGPNN1lb7BcEhi4N9TkfL5RSzakSFiHAcDVnVZQMhk5VwGz4iKR7dtTy2CO//lR5TQ4JWcHowMq0z3aO5k6wG6Q1RX41pEJebH/JzY9H92K3ZErpRZG5p+8ejy5DJvBzrOrCPqeDe0RQPd6CKRYhH5hfWIA9yMvXJNnBEU000Qk/4PEatT+ZSDAmvSWexxdSlQ5r15at4Pa7LggKIGoQKBgQDhGlWylfZRXBl1gAZJs0tKtrBaKFKCO0RPwrg/LaJIto2dceUiPwcymJsT3VQcLxtiNE5kQIhpguaur7N4eQXwv9KR85jWRV/MQGmFroRaD4Qz0TBgT/3LzdCImZMJWUlJfHCbPk6e0zL+N8ynWCmv0o7vSnXzXJ0ahvFMvMxw8QKBgQD8RfdrDLrfgxbP5x4wH8z5Jsw3HHXX53qRA75rIQhV1b34pd54IJE7Z/FzUbVafY3V5Zic2FMwYUC0H9uoNe0wSRK1m9IApBRW0GDKa9edqY8cYQmlURF+RkfpzRAD4MQb37oCpRxflI+IB4XlPU6ubRAk+QmsKIRk8xV02NVBrwKBgEDAdo5cnPJib+Bg524j6TCgxLHqj3Fu4wOem6lw0xHfkXUM4kCrqMJhK5rXO+6vjkz9ht9HwPW49eqiGBo7lf3e8A+T5w8b/aafkLsnrGLLu9e8ARJzcCpEFgx1QNqbmH1PEoVVsv/0+OIv4urwbW1qQDuNS8iph3euAZN1a8nBAoGAL8Un9tNwR4bROQkwxDghXkSkgwMWpY2lvfQRiMO2ilpxILZ4DBNOrQsfw5CDYOFJjGlvnrOv/QdNc05dD9s2UOBldJJPD+QCHfZTfcEyER7chKkzZGSXhWvVjkZQdAuJ1yVkWb/eQZMmIsIZ7rDPR2RLnFS0Ki958ou9UmUE7O0CgYBuFYNyD/E++FeR+gLvuJ8fYE0RZfkC26uAW5gQCx8MLvwgBu1zyGkDc513fmjYw8bMvOIibyG4uhtpiz2gEWF6lGFDFpb7VV8CfKfWSth6CcOODrNefM/yg136IGQC+RTiRvGHXxIRSaSmXO7V5K91kGwj6kD69aTYE1ysM/ZrzA==";
/**
* 生成 RSA 密钥对
*
* @param keySize 密钥长度,推荐 2048 或 4096
* @return 包含公钥和私钥的 Map,key 为 "publicKey" 和 "privateKey",value 为 Base64 编码的字符串
* @throws NoSuchAlgorithmException 如果 RSA 算法不可用
*/
public static Map<String, String> generateKeyPair(int keySize) throws NoSuchAlgorithmException {
// 1. 创建 KeyPairGenerator 实例,指定算法为 RSA
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
// 2. 初始化,设置密钥长度 (1024, 2048, 4096 等),2048 是目前的安全标准
keyPairGenerator.initialize(keySize);
// 3. 生成密钥对
KeyPair keyPair = keyPairGenerator.generateKeyPair();
// 4. 获取公钥和私钥对象
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
// 5. 将公钥和私钥编码为 Base64 字符串
String publicKeyStr = Base64.getEncoder().encodeToString(publicKey.getEncoded());
String privateKeyStr = Base64.getEncoder().encodeToString(privateKey.getEncoded());
log.info("RSA 密钥对生成成功,长度: {} bits", keySize);
// 6. 放入 Map 返回
Map<String, String> keyMap = new HashMap<>(2);
keyMap.put(PUBLIC_KEY, publicKeyStr);
keyMap.put(PRIVATE_KEY, privateKeyStr);
return keyMap;
}
/**
* RSA加密AES密钥
*/
public static String encryptAesKey(String aesKey, String rsaPublicKey) throws Exception {
PublicKey publicKey = getPublicKey(rsaPublicKey);
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] encrypted = cipher.doFinal(aesKey.getBytes());
return Base64.getEncoder().encodeToString(encrypted);
}
/**
* RSA解密AES密钥
*/
public static String decryptAesKey(String encryptedAesKey, String rsaPrivateKey) throws Exception {
PrivateKey privateKey = getPrivateKey(rsaPrivateKey);
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] decrypted = cipher.doFinal(Base64.getDecoder().decode(encryptedAesKey));
return new String(decrypted);
}
/**
* 获取公钥
*/
private static PublicKey getPublicKey(String key) throws Exception {
byte[] keyBytes = Base64.getDecoder().decode(key);
X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return keyFactory.generatePublic(spec);
}
/**
* 获取私钥
*/
private static PrivateKey getPrivateKey(String key) throws Exception {
byte[] keyBytes = Base64.getDecoder().decode(key);
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return keyFactory.generatePrivate(spec);
}
// --- 生成密钥对 ---
public static void main(String[] args) {
try {
// 生成密钥对
Map<String, String> keys = generateKeyPair(2048);
String pubKey = keys.get(PUBLIC_KEY);
String priKey = keys.get(PRIVATE_KEY);
System.out.println("公钥: " + pubKey);
System.out.println("私钥: " + priKey);
} catch (Exception e) {
e.printStackTrace();
}
}
}
AES加解密工具类
package com.fan.util;
import lombok.extern.slf4j.Slf4j;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
/**
* 加解密
*/
@Slf4j
public class AesUtil {
private static final String ALGORITHM = "AES/ECB/PKCS5Padding";
/**
* AES 加密
*/
public static String encrypt(String key, String plaintext) {
try {
byte[] keyBytes = Base64.getDecoder().decode(key);
SecretKeySpec keySpec = new SecretKeySpec(keyBytes, "AES");
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, keySpec);
byte[] encryptedBytes = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8));
return Base64.getEncoder().encodeToString(encryptedBytes);
} catch (Exception e) {
log.error(e.getMessage());
return null;
}
}
/**
* AES 解密
*/
public static String decrypt(String key, String cipherText) {
try {
byte[] keyBytes = Base64.getDecoder().decode(key);
SecretKeySpec keySpec = new SecretKeySpec(keyBytes, "AES");
byte[] cipherBytes = Base64.getDecoder().decode(cipherText);
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, keySpec);
byte[] decryptedBytes = cipher.doFinal(cipherBytes);
return new String(decryptedBytes, StandardCharsets.UTF_8);
} catch (Exception e) {
log.error(e.getMessage());
return null;
}
}
}
重写请求类
package com.fan.config;
import jakarta.servlet.ReadListener;
import jakarta.servlet.ServletInputStream;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletRequestWrapper;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
/**
* 重写请求体,方便进行数据解密,防止读取一次后数据丢失问题
*/
public class WrapperRequest extends HttpServletRequestWrapper {
private final String requestBody;
HttpServletRequest req;
public WrapperRequest(HttpServletRequest request, String requestBody) {
super(request);
this.requestBody = requestBody;
this.req = request;
}
@Override
public BufferedReader getReader() {
return new BufferedReader(new StringReader(requestBody));
}
@Override
public ServletInputStream getInputStream() throws IOException {
return new ServletInputStream() {
private final InputStream in = new ByteArrayInputStream(requestBody.getBytes(req.getCharacterEncoding()));
@Override
public int read() throws IOException {
return in.read();
}
@Override
public boolean isFinished() {
return false;
}
@Override
public boolean isReady() {
return false;
}
@Override
public void setReadListener(ReadListener readListener) {
}
};
}
}
重写响应类
package com.fan.config;
import io.micrometer.common.lang.NonNullApi;
import jakarta.servlet.ServletOutputStream;
import jakarta.servlet.WriteListener;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletResponseWrapper;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
/**
* 重写响应体,方便数据加密
*/
@NonNullApi
public class WrapperResponse extends HttpServletResponseWrapper {
private final ByteArrayOutputStream buffer;
private final ServletOutputStream out;
private final PrintWriter writer;
public WrapperResponse(HttpServletResponse resp) throws IOException {
super(resp);
// 真正存储数据的流
buffer = new ByteArrayOutputStream();
out = new WrapperOutputStream(buffer);
writer = new PrintWriter(new OutputStreamWriter(buffer, this.getCharacterEncoding()));
}
@Override
public ServletOutputStream getOutputStream() {
return out;
}
@Override
public PrintWriter getWriter() {
return writer;
}
@Override
public void flushBuffer() throws IOException {
if (out != null) {
out.flush();
}
if (writer != null) {
writer.flush();
}
}
@Override
public void reset() {
buffer.reset();
}
public byte[] getResponseData() throws IOException {
flushBuffer();
return buffer.toByteArray();
}
private static class WrapperOutputStream extends ServletOutputStream {
private final ByteArrayOutputStream bos;
public WrapperOutputStream(ByteArrayOutputStream stream) {
bos = stream;
}
@Override
public void write(int b) {
bos.write(b);
}
@Override
public void write(byte[] b) {
bos.write(b, 0, b.length);
}
@Override
public boolean isReady() {
return false;
}
@Override
public void setWriteListener(WriteListener writeListener) {
}
}
}
基于过滤器进行拦截
package com.fan.config;
import com.fan.util.AesUtil;
import com.fan.util.RsaUtil;
import jakarta.servlet.*;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import java.io.BufferedReader;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Objects;
/**
* 响应数据过滤器
*/
@Slf4j
public class ResponseDataFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest requests = (HttpServletRequest) request;
String uri = requests.getRequestURI();
// 请求方式
String method = requests.getMethod();
log.debug("uri: {}, method: {}, type: {}", uri, method, request.getContentType());
// 只对POST、put请求加解密
if ((Objects.equals("POST", method) || Objects.equals("PUT", method)) && requests.getContentType().contains("application/json")) {
// 先判断是否已经有密钥
Object aesKeyObj = requests.getAttribute("aesKey");
String aesKey = "";
if (Objects.isNull(aesKeyObj)) {
// 密钥不存在, 则从请求头中获取,并进行解密
try {
aesKey = RsaUtil.decryptAesKey(requests.getHeader("aesKey"), RsaUtil.PRIVATE_KEY);
} catch (Exception e) {
throw new RuntimeException(e);
}
if (aesKey.length() != 24) {
throw new RuntimeException("密钥长度错误");
}
} else {
aesKey = String.valueOf(aesKeyObj);
}
if (aesKey.isEmpty()) {
throw new RuntimeException("密钥不存在");
}
String requestBody = getRequestBody(requests).replaceAll("\"", "");
String requestBodyMw = AesUtil.decrypt(aesKey, requestBody);
log.debug("请求参数: {}", requestBodyMw);
WrapperRequest wrapRequest = new WrapperRequest((HttpServletRequest) request, requestBodyMw);
WrapperResponse wrapResponse = new WrapperResponse((HttpServletResponse) response);
chain.doFilter(wrapRequest, wrapResponse);
byte[] data = wrapResponse.getResponseData();
if (data.length == 0) {
data = "{}".getBytes();
}
log.debug("返回参数:{}", new String(data, StandardCharsets.UTF_8));
String responseBodyMw = AesUtil.encrypt(aesKey, new String(data, StandardCharsets.UTF_8));
assert responseBodyMw != null;
response.getOutputStream().write(responseBodyMw.getBytes());
} else {
chain.doFilter(request, response);
}
}
@Override
public void destroy() {
}
private String getRequestBody(HttpServletRequest req) {
try {
BufferedReader reader = req.getReader();
StringBuilder sb = new StringBuilder();
String line;
while ((line = reader.readLine()) != null) {
sb.append(line);
}
return sb.toString();
} catch (IOException e) {
log.error("请求体读取失败, {}", e.getMessage());
}
return "";
}
}
注册
在启动类中注册
@Bean
public FilterRegistrationBean requestDataFilter() {
FilterRegistrationBean registration = new FilterRegistrationBean();
//自己的过滤器叫什么名字就写上什么名字
registration.setFilter(new ResponseDataFilter());
registration.addUrlPatterns("/*");
registration.setName("responseDataFilter");
//过滤器的顺序,数字越小,越先执行,反之亦然
registration.setOrder(FilterRegistrationBean.LOWEST_PRECEDENCE);
return registration;
}