TencentBlueKing · jsonwan · Aug 1, 2023 · May 12, 2023 · May 25, 2023 · Jun 8, 2023
diff --git a/src/backend/build.gradle b/src/backend/build.gradle
@@ -43,6 +43,17 @@ buildscript {
     }
     repositories {
         mavenLocal()
+        def extraMavenRepoUrls = System.getProperty("extraMavenRepoUrls")
+        if (extraMavenRepoUrls == null) {
+            extraMavenRepoUrls = System.getenv("extraMavenRepoUrls")
+        }
+        if (extraMavenRepoUrls != null) {
+            String[] repoUrls = extraMavenRepoUrls.trim().replace(" ", "").split(",")
+            for (String repoUrl : repoUrls) {
+                println("Add extra maven repo:" + repoUrl)
+                maven { url repoUrl }
+            }
+        }
         maven { url mavenRepoUrl }
         maven { url "https://plugins.gradle.org/m2/" }
         mavenCentral()
@@ -119,6 +130,7 @@ ext {
     set('jcommanderVersion', "1.71")
     set('kubernetesJavaClientVersion', "11.0.4")
     set('springCloudKubernetesVersion', "2.0.6")
+    set('cryptoJavaSDKVersion', "1.0.1")
     if (System.getProperty("bkjobVersion")) {
         set('bkjobVersion', System.getProperty("bkjobVersion"))
         println "bkjobVersion:" + bkjobVersion
@@ -161,6 +173,17 @@ allprojects {
 
     repositories {
         mavenLocal()
+        def extraMavenRepoUrls = System.getProperty("extraMavenRepoUrls")
+        if (extraMavenRepoUrls == null) {
+            extraMavenRepoUrls = System.getenv("extraMavenRepoUrls")
+        }
+        if (extraMavenRepoUrls != null) {
+            String[] repoUrls = extraMavenRepoUrls.trim().replace(" ", "").split(",")
+            for (String repoUrl : repoUrls) {
+                println("Add extra maven repo:" + repoUrl)
+                maven { url repoUrl }
+            }
+        }
         maven { url mavenRepoUrl }
         maven { url "https://plugins.gradle.org/m2/" }
         maven {
@@ -298,6 +321,7 @@ subprojects {
                 entry "hibernate-validator"
             }
             dependency "com.beust:jcommander:$jcommanderVersion"
+            dependency "com.tencent.bk.sdk:crypto-java-sdk:$cryptoJavaSDKVersion"
         }
     }
     dependencies {

diff --git a/src/backend/commons/common-crypto/build.gradle b/src/backend/commons/common-crypto/build.gradle
@@ -0,0 +1,31 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-JOB蓝鲸智云作业平台 available.
+ *
+ * Copyright (C) 2021 THL A29 Limited, a Tencent company.  All rights reserved.
+ *
+ * BK-JOB蓝鲸智云作业平台 is licensed under the MIT License.
+ *
+ * License for BK-JOB蓝鲸智云作业平台:
+ * --------------------------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and
+ * to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+ * THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
+ * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+
+dependencies {
+    api project(':commons:common')
+    api project(':commons:common-utils')
+    api 'com.tencent.bk.sdk:crypto-java-sdk'
+    testImplementation 'org.junit.jupiter:junit-jupiter'
+    testImplementation 'org.springframework.boot:spring-boot-starter-test'
+}
diff --git a/...kend/commons/common-crypto/src/main/java/com/tencent/bk/job/common/crypto/AESCryptor.java b/...kend/commons/common-crypto/src/main/java/com/tencent/bk/job/common/crypto/AESCryptor.java
@@ -0,0 +1,114 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-JOB蓝鲸智云作业平台 available.
+ *
+ * Copyright (C) 2021 THL A29 Limited, a Tencent company.  All rights reserved.
+ *
+ * BK-JOB蓝鲸智云作业平台 is licensed under the MIT License.
+ *
+ * License for BK-JOB蓝鲸智云作业平台:
+ * --------------------------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and
+ * to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+ * THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
+ * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+
+package com.tencent.bk.job.common.crypto;
+
+import com.tencent.bk.job.common.crypto.util.AESUtils;
+import com.tencent.bk.sdk.crypto.annotation.Cryptor;
+import com.tencent.bk.sdk.crypto.annotation.CryptorTypeEnum;
+import com.tencent.bk.sdk.crypto.cryptor.AbstractSymmetricCryptor;
+import com.tencent.bk.sdk.crypto.exception.CryptoException;
+import org.slf4j.helpers.FormattingTuple;
+import org.slf4j.helpers.MessageFormatter;
+
+import java.io.InputStream;
+import java.io.OutputStream;
+
+/**
+ * 使用AES/CBC/PKCS5Padding的加密实现
+ */
+@Cryptor(name = JobCryptorNames.AES_CBC, type = CryptorTypeEnum.SYMMETRIC)
+public class AESCryptor extends AbstractSymmetricCryptor {
+
+    @Override
+    public String getName() {
+        return JobCryptorNames.AES_CBC;
+    }
+
+    @Override
+    public byte[] encryptIndeed(byte[] key, byte[] message) {
+        try {
+            return AESUtils.encrypt(message, key);
+        } catch (Exception e) {
+            FormattingTuple msg = MessageFormatter.arrayFormat(
+                "Fail to encrypt using {}, key.len={}, message.len={}",
+                new Object[]{
+                    getName(),
+                    key.length,
+                    message.length
+                }
+            );
+            throw new CryptoException(msg.getMessage(), e);
+        }
+    }
+
+    @Override
+    public byte[] decryptIndeed(byte[] key, byte[] encryptedMessage) {
+        try {
+            return AESUtils.decrypt(encryptedMessage, key);
+        } catch (Exception e) {
+            FormattingTuple msg = MessageFormatter.arrayFormat(
+                "Fail to decrypt using {}, key.len={}, encryptedMessage.len={}",
+                new Object[]{
+                    getName(),
+                    key.length,
+                    encryptedMessage.length
+                }
+            );
+            throw new CryptoException(msg.getMessage(), e);
+        }
+    }
+
+    @Override
+    public void encryptIndeed(String key, InputStream in, OutputStream out) {
+        try {
+            AESUtils.encrypt(in, out, key);
+        } catch (Exception e) {
+            FormattingTuple msg = MessageFormatter.arrayFormat(
+                "Fail to encrypt using {}, key.len={}",
+                new Object[]{
+                    getName(),
+                    key.length()
+                }
+            );
+            throw new CryptoException(msg.getMessage(), e);
+        }
+    }
+
+    @Override
+    public void decryptIndeed(String key, InputStream in, OutputStream out) {
+        try {
+            AESUtils.decrypt(in, out, key);
+        } catch (Exception e) {
+            FormattingTuple msg = MessageFormatter.arrayFormat(
+                "Fail to decrypt using {}, key.len={}",
+                new Object[]{
+                    getName(),
+                    key.length()
+                }
+            );
+            throw new CryptoException(msg.getMessage(), e);
+        }
+    }
+}
diff --git a/...ons/common-crypto/src/main/java/com/tencent/bk/job/common/crypto/CryptoConfigService.java b/...ons/common-crypto/src/main/java/com/tencent/bk/job/common/crypto/CryptoConfigService.java
@@ -0,0 +1,103 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-JOB蓝鲸智云作业平台 available.
+ *
+ * Copyright (C) 2021 THL A29 Limited, a Tencent company.  All rights reserved.
+ *
+ * BK-JOB蓝鲸智云作业平台 is licensed under the MIT License.
+ *
+ * License for BK-JOB蓝鲸智云作业平台:
+ * --------------------------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and
+ * to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+ * THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
+ * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+
+package com.tencent.bk.job.common.crypto;
+
+import com.tencent.bk.sdk.crypto.cryptor.consts.CryptorNames;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * 加密配置服务
+ */
+@SuppressWarnings("unused")
+@Slf4j
+@Service
+public class CryptoConfigService {
+
+    private final EncryptConfig encryptConfig;
+    private final Map<String, String> scenarioAlgorithms;
+
+    public CryptoConfigService(@Autowired(required = false) EncryptConfig encryptConfig) {
+        this.encryptConfig = encryptConfig;
+        if (encryptConfig != null) {
+            this.scenarioAlgorithms = trimKeyValues(encryptConfig.getScenarioAlgorithms());
+        } else {
+            this.scenarioAlgorithms = null;
+        }
+    }
+
+    private Map<String, String> trimKeyValues(Map<String, String> map) {
+        if (map == null) {
+            return null;
+        }
+        Map<String, String> resultMap = new HashMap<>();
+        map.forEach((key, value) -> {
+            if (key != null) {
+                key = key.trim();
+            }
+            if (value != null) {
+                value = value.trim();
+            }
+            resultMap.put(key, value);
+        });
+        return resultMap;
+    }
+
+    /**
+     * 获取对称加密密钥
+     *
+     * @return 对称加密密钥
+     */
+    public String getSymmetricPassword() {
+        return encryptConfig.getPassword();
+    }
+
+    /**
+     * 根据加密场景获取需要使用的加密算法
+     *
+     * @param cryptoScenarioEnum 加密场景枚举值
+     * @return 加密算法标识
+     */
+    public String getSymmetricAlgorithmByScenario(CryptoScenarioEnum cryptoScenarioEnum) {
+        if (cryptoScenarioEnum == null) {
+            return getDefaultSymmetricAlgorithm();
+        }
+        if (scenarioAlgorithms != null && scenarioAlgorithms.containsKey(cryptoScenarioEnum.getValue())) {
+            return scenarioAlgorithms.get(cryptoScenarioEnum.getValue());
+        }
+        return getDefaultSymmetricAlgorithm();
+    }
+
+    private String getDefaultSymmetricAlgorithm() {
+        if (encryptConfig.getType() == CryptoTypeEnum.SHANGMI) {
+            return CryptorNames.SM4;
+        }
+        return JobCryptorNames.AES_CBC;
+    }
+}
diff --git a/...mons/common-crypto/src/main/java/com/tencent/bk/job/common/crypto/CryptoScenarioEnum.java b/...mons/common-crypto/src/main/java/com/tencent/bk/job/common/crypto/CryptoScenarioEnum.java
@@ -0,0 +1,61 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-JOB蓝鲸智云作业平台 available.
+ *
+ * Copyright (C) 2021 THL A29 Limited, a Tencent company.  All rights reserved.
+ *
+ * BK-JOB蓝鲸智云作业平台 is licensed under the MIT License.
+ *
+ * License for BK-JOB蓝鲸智云作业平台:
+ * --------------------------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and
+ * to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+ * THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
+ * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+
+package com.tencent.bk.job.common.crypto;
+
+/**
+ * 加密场景枚举值
+ */
+public enum CryptoScenarioEnum {
+    // 脚本敏感参数
+    SCRIPT_SENSITIVE_PARAM((byte) 0, "scriptSensitiveParam"),
+    // 密文变量
+    CIPHER_VARIABLE((byte) 0, "cipherVariable"),
+    // DB账号的密码
+    DATABASE_PASSWORD((byte) 0, "databasePassword"),
+    // 凭证信息
+    CREDENTIAL((byte) 0, "credential"),
+    // 导出作业的密码
+    EXPORT_JOB_PASSWORD((byte) 0, "exportJobPassword"),
+    // 导出作业的备份文件
+    BACKUP_FILE((byte) 0, "backupFile");
+
+    // 加密类型：0为对称加密，1为非对称加密
+    private final byte type;
+    // 场景标识
+    private final String value;
+
+    CryptoScenarioEnum(byte type, String value) {
+        this.type = type;
+        this.value = value;
+    }
+
+    public String getValue() {
+        return value;
+    }
+
+    public byte getType() {
+        return type;
+    }
+}
diff --git a/...b/common/encrypt/AsymmetricEncryptor.java → .../bk/job/common/crypto/CryptoTypeEnum.java b/...b/common/encrypt/AsymmetricEncryptor.java → .../bk/job/common/crypto/CryptoTypeEnum.java
@@ -22,19 +22,16 @@
  * IN THE SOFTWARE.
  */
 
-package com.tencent.bk.job.common.encrypt;
+package com.tencent.bk.job.common.crypto;
 
 /**
- * 非对称加密器
+ * 加密类型枚举值
  */
-public interface AsymmetricEncryptor extends Encryptor {
+public enum CryptoTypeEnum {
+
+    // 经典密码算法（RSA、AES等）
+    CLASSIC,
+    // 国家商用密码算法（SM2、SM4等）
+    SHANGMI
 
-    /**
-     * 校验消息的签名是否一致 通过公钥对消息内容进行校验signature内容（由私钥加签名）
-     *
-     * @param message   原消息内容
-     * @param signature 消息的签名
-     * @return 是否签名一致
-     */
-    boolean verify(String message, String signature);
 }