:rocket: 登录时密码动态非对称加解密

airport-vue/src/views/user/LoginAccount.vue

@@ -33,6 +33,7 @@
   import { getAction } from '@/api/manage'
   import Vue from 'vue'
   import { mapActions } from 'vuex'
+  import * as forge from 'node-forge';
 
   export default {
     name: 'LoginAccount',
@@ -58,12 +59,15 @@
           inputCode: [{
             required: true, message: '请输入验证码!'
           }]
-        }
+        },
+        publicKey:""
 
       }
     },
     created() {
       this.handleChangeCheckCode();
+      // 获取公钥
+      this.getPublicKey();
     },
     methods:{
       ...mapActions(['Login']),
@@ -121,15 +125,27 @@
       acceptUsername(username){
         this.model['username'] = username
       },
+      getPublicKey(){
+        getAction(`/sys/getKey`).then(res=>{
+          if(res.success){
+            this.publicKey = res.result
+          }else{
+            console.error("未获取到公钥")
+          }
+        }).catch(()=>{
+        })
+      },
       //账号密码登录
       handleLogin(rememberMe){
         this.validateFields([ 'username', 'password', 'inputCode' ], (err)=>{
+          let password = this.passwordEncyrpt();
           if(!err){
             let loginParams = {
               username: this.model.username,
-              password: this.model.password,
+              password: password,
               captcha: this.model.inputCode,
               checkKey: this.currdatetime,
+              publicKey: this.publicKey,
               remember_me: rememberMe,
             }
             console.log("登录参数", loginParams)
@@ -142,6 +158,13 @@
             this.$emit('validateFail')
           }
         })
+      },
+      passwordEncyrpt() {
+        const pki = forge.pki;
+        // 规定格式：publicKey之前需要加'-----BEGIN PUBLIC KEY-----\n'，之后需要加'\n-----END PUBLIC KEY-----'
+        const publicK = pki.publicKeyFromPem('-----BEGIN PUBLIC KEY-----\n' + this.publicKey + '\n-----END PUBLIC KEY-----');
+        // forge通过公钥加密后一般会是乱码格式，可进行base64编码操作再进行传输，相应的，后台获取到密文的密码后需要先进行base64解码操作再进行解密
+        return forge.util.encode64(publicK.encrypt(this.model.password));
       }
 
 

airport/jeecg-boot-base/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java

@@ -85,6 +85,7 @@ public class ShiroConfig {
         filterChainDefinitionMap.put("/sys/login", "anon"); //登录接口排除
         filterChainDefinitionMap.put("/sys/mLogin", "anon"); //登录接口排除
         filterChainDefinitionMap.put("/sys/logout", "anon"); //登出接口排除
+        filterChainDefinitionMap.put("/sys/getKey", "anon"); //获取公钥接口排除
         filterChainDefinitionMap.put("/sys/thirdLogin/**", "anon"); //第三方登录
         filterChainDefinitionMap.put("/sys/getEncryptedString", "anon"); //获取加密串
         filterChainDefinitionMap.put("/sys/sms", "anon");//短信验证码

airport/jeecg-boot-module-system/src/main/java/org/jeecg/modules/api/imf/ImfMqListener.java

@@ -46,9 +46,9 @@ import java.util.Date;
  * @Description:
  * @date 2023/7/17 11:57
  */
-//@Profile("prod")
+@Profile("prod")
 @Slf4j
-//@RabbitComponent(value = "ImfMqListener")
+@RabbitComponent(value = "ImfMqListener")
 public class ImfMqListener extends BaseRabbiMqHandler<Object> {
 
     public ImfMqListener() {

airport/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/LoginController.java

@@ -1,15 +1,21 @@
 package org.jeecg.modules.system.controller;
 
+import cn.hutool.core.util.CharsetUtil;
 import cn.hutool.core.util.RandomUtil;
+import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.asymmetric.KeyType;
+import cn.hutool.crypto.asymmetric.RSA;
 import com.alibaba.fastjson.JSONObject;
 import com.aliyuncs.exceptions.ClientException;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
-import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.IdWorker;
+import com.google.common.base.Strings;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.subject.Subject;
 import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.constant.CacheConstant;
 import org.jeecg.common.constant.CommonConstant;
@@ -25,12 +31,12 @@ import org.jeecg.modules.system.service.*;
 import org.jeecg.modules.system.util.RandImageUtil;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.scheduling.annotation.Async;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 import java.util.*;
 
 /**
@@ -64,7 +70,13 @@ public class LoginController {
     public Result<JSONObject> login(@RequestBody SysLoginModel sysLoginModel) {
         Result<JSONObject> result = new Result<JSONObject>();
         String username = sysLoginModel.getUsername();
-        String password = sysLoginModel.getPassword();
+        if (Strings.isNullOrEmpty(sysLoginModel.getPublicKey())) {
+            result.error500("未获取到公钥！请刷新重试");
+        }
+        String password = checkPassword(sysLoginModel.getPassword(),sysLoginModel.getPublicKey());
+        if (Strings.isNullOrEmpty(password)) {
+            result.error500("私钥失效！请刷新重试");
+        }
         //update-begin--Author:scott  Date:20190805 for：暂时注释掉密码加密逻辑，有点问题
         //前端密码加密，后端进行密码解密
         //password = AesEncryptUtil.desEncrypt(sysLoginModel.getPassword().replaceAll("%2B", "\\+")).trim();//密码解密
@@ -112,6 +124,8 @@ public class LoginController {
         //update-begin--Author:liusq  Date:20210126  for：登录成功，删除redis中的验证码
         redisUtil.del(realKey);
         //update-begin--Author:liusq  Date:20210126  for：登录成功，删除redis中的验证码
+        // 删除公钥私钥
+        redisUtil.del(sysLoginModel.getPublicKey());
         LoginUser loginUser = new LoginUser();
         BeanUtils.copyProperties(sysUser, loginUser);
         baseCommonService.addLog("用户名: " + username + ",登录成功！", CommonConstant.LOG_TYPE_1, null, loginUser);
@@ -123,6 +137,51 @@ public class LoginController {
     }
 
     /**
+     * 获取秘钥-RSA
+     * @return
+     */
+    @GetMapping(value = "/getKey")
+    public Result<String> getKeyOfRSA() {
+        Result<String> result = new Result<>();
+
+        RSA rsa = new RSA();
+        String privateKeyBase64 = rsa.getPrivateKeyBase64();
+        String publicKeyBase64 = rsa.getPublicKeyBase64();
+
+        // 使用当前用户的session进行保存公钥私钥对
+        Subject currentUser = SecurityUtils.getSubject();
+        // 最多缓存两天
+        redisUtil.set(publicKeyBase64, privateKeyBase64, 86400 * 2);
+        result.setResult(publicKeyBase64);
+        return result;
+    }
+
+
+    /**
+     * 解密password
+     *
+     * @param password
+     * @param publicKey
+     * @return
+     * @throws Exception
+     */
+    private String checkPassword(String password, String publicKey) {
+        // publicKey需要前端返回
+        String privateKey = (String) redisUtil.get(publicKey);
+        if(privateKey ==null){
+            log.error("session中私钥失效.publickey={},password={}",publicKey,password);
+            return null;
+        }
+        // 构建，当只用私钥进行构造对象时，只允许使用该私钥进行加密和解密操作，前端只用公钥加密，所以这里只用私钥解密
+        RSA rsa = new RSA(privateKey, null);
+        // 密码的密文先进行base64解码，之后再进行解密
+        byte[] decrypt = rsa.decrypt(Base64.getDecoder().decode(password), KeyType.PrivateKey);
+        String decryptStr = StrUtil.str(decrypt, CharsetUtil.CHARSET_UTF_8);
+
+        return decryptStr;
+    }
+
+    /**
      * 【vue3专用】获取用户信息
      */
     @GetMapping("/user/getUserInfo")

airport/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/model/SysLoginModel.java

@@ -19,6 +19,8 @@ public class SysLoginModel {
     private String captcha;
 	@ApiModelProperty(value = "验证码key")
     private String checkKey;
+    @ApiModelProperty(value = "公钥")
+    private String publicKey;
 
     public String getUsername() {
         return username;
@@ -51,5 +53,12 @@ public class SysLoginModel {
 	public void setCheckKey(String checkKey) {
 		this.checkKey = checkKey;
 	}
-    
+
+    public String getPublicKey() {
+        return publicKey;
+    }
+
+    public void setPublicKey(String publicKey) {
+        this.publicKey = publicKey;
+    }
 }

airport/jeecg-boot-module-system/src/main/resources/application-prod.yml

@@ -22,7 +22,7 @@ management:
 
 airport:
   mq:
-    msgHandlerEvent: true
+    msgHandlerEvent: false
 
 spring:
 #  thymeleaf: