diff --git a/src/backend/build.gradle b/src/backend/build.gradle index 0dfeef6537..cd9c4d043d 100644 --- a/src/backend/build.gradle +++ b/src/backend/build.gradle @@ -43,6 +43,17 @@ buildscript { } repositories { mavenLocal() + def extraMavenRepoUrls = System.getProperty("extraMavenRepoUrls") + if (extraMavenRepoUrls == null) { + extraMavenRepoUrls = System.getenv("extraMavenRepoUrls") + } + if (extraMavenRepoUrls != null) { + String[] repoUrls = extraMavenRepoUrls.trim().replace(" ", "").split(",") + for (String repoUrl : repoUrls) { + println("Add extra maven repo:" + repoUrl) + maven { url repoUrl } + } + } maven { url mavenRepoUrl } maven { url "https://plugins.gradle.org/m2/" } mavenCentral() @@ -119,6 +130,7 @@ ext { set('jcommanderVersion', "1.71") set('kubernetesJavaClientVersion', "11.0.4") set('springCloudKubernetesVersion', "2.0.6") + set('gmJavaSDKVersion', "0.0.1") if (System.getProperty("bkjobVersion")) { set('bkjobVersion', System.getProperty("bkjobVersion")) println "bkjobVersion:" + bkjobVersion @@ -161,6 +173,17 @@ allprojects { repositories { mavenLocal() + def extraMavenRepoUrls = System.getProperty("extraMavenRepoUrls") + if (extraMavenRepoUrls == null) { + extraMavenRepoUrls = System.getenv("extraMavenRepoUrls") + } + if (extraMavenRepoUrls != null) { + String[] repoUrls = extraMavenRepoUrls.trim().replace(" ", "").split(",") + for (String repoUrl : repoUrls) { + println("Add extra maven repo:" + repoUrl) + maven { url repoUrl } + } + } maven { url mavenRepoUrl } maven { url "https://plugins.gradle.org/m2/" } maven { @@ -297,6 +320,7 @@ subprojects { entry "hibernate-validator" } dependency "com.beust:jcommander:$jcommanderVersion" + dependency "com.tencent.bk.sdk:gm-java-sdk:$gmJavaSDKVersion" } } dependencies { diff --git a/src/backend/commons/common/build.gradle b/src/backend/commons/common/build.gradle index 107785c0a8..0349556dbc 100644 --- a/src/backend/commons/common/build.gradle +++ b/src/backend/commons/common/build.gradle @@ -44,6 +44,7 @@ dependencies { implementation 'io.micrometer:micrometer-registry-prometheus' implementation 'com.cronutils:cron-utils' implementation 'commons-validator:commons-validator' + implementation 'com.tencent.bk.sdk:gm-java-sdk' compileOnly 'org.springframework:spring-web' compileOnly 'org.projectlombok:lombok' annotationProcessor 'org.projectlombok:lombok' diff --git a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/AESCryptor.java b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/AESCryptor.java new file mode 100644 index 0000000000..a2ba337f02 --- /dev/null +++ b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/AESCryptor.java @@ -0,0 +1,53 @@ +/* + * Tencent is pleased to support the open source community by making BK-JOB蓝鲸智云作业平台 available. + * + * Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-JOB蓝鲸智云作业平台 is licensed under the MIT License. + * + * License for BK-JOB蓝鲸智云作业平台: + * -------------------------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and + * to permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO + * THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF + * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +package com.tencent.bk.job.common.encrypt; + +import com.tencent.bk.job.common.util.crypto.AESUtils; +import com.tencent.bk.sdk.gm.annotation.CryptoPriority; +import com.tencent.bk.sdk.gm.cryptor.Cryptor; + +/** + * 使用AES/CBC/PKCS5Padding的加密实现 + */ +@CryptoPriority(name = "AES") +public class AESCryptor implements Cryptor { + @Override + public byte[] encrypt(byte[] key, byte[] message) { + try { + return AESUtils.encrypt(message, key); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + @Override + public byte[] decrypt(byte[] key, byte[] encryptedMessage) { + try { + return AESUtils.decrypt(encryptedMessage, key); + } catch (Exception e) { + throw new RuntimeException(e); + } + } +} diff --git a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/NoneCryptor.java b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/NoneCryptor.java new file mode 100644 index 0000000000..a5f010792d --- /dev/null +++ b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/NoneCryptor.java @@ -0,0 +1,44 @@ +/* + * Tencent is pleased to support the open source community by making BK-JOB蓝鲸智云作业平台 available. + * + * Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-JOB蓝鲸智云作业平台 is licensed under the MIT License. + * + * License for BK-JOB蓝鲸智云作业平台: + * -------------------------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and + * to permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO + * THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF + * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +package com.tencent.bk.job.common.encrypt; + +import com.tencent.bk.sdk.gm.annotation.CryptoPriority; +import com.tencent.bk.sdk.gm.cryptor.Cryptor; + +/** + * 不做任何加密操作,直接返回明文的加密实现 + */ +@CryptoPriority(name = "None") +public class NoneCryptor implements Cryptor { + @Override + public byte[] encrypt(byte[] key, byte[] message) { + return message; + } + + @Override + public byte[] decrypt(byte[] key, byte[] encryptedMessage) { + return encryptedMessage; + } +} diff --git a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/SymmetricCryptoService.java b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/SymmetricCryptoService.java new file mode 100644 index 0000000000..9d662eb720 --- /dev/null +++ b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/SymmetricCryptoService.java @@ -0,0 +1,106 @@ +/* + * Tencent is pleased to support the open source community by making BK-JOB蓝鲸智云作业平台 available. + * + * Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-JOB蓝鲸智云作业平台 is licensed under the MIT License. + * + * License for BK-JOB蓝鲸智云作业平台: + * -------------------------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and + * to permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO + * THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF + * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +package com.tencent.bk.job.common.encrypt; + +import com.google.common.base.Charsets; +import com.tencent.bk.job.common.util.Base64Util; +import com.tencent.bk.sdk.gm.cryptor.Cryptor; +import com.tencent.bk.sdk.gm.cryptor.CryptorFactory; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.stereotype.Service; + +import java.util.HashMap; +import java.util.Map; + +/** + * 对称加密服务 + */ +@SuppressWarnings("unused") +@Slf4j +@Service +public class SymmetricCryptoService { + + private final Map cryptorMap = new HashMap<>(); + + @Value("${job.encrypt.password:}") + private String encryptPassword; + + @Value("${job.encrypt.default-symmetric-algorithm:None}") + private String defaultSymmetricAlgorithm; + + /** + * 对明文信息加密,返回Base64编码的加密后的密文信息,使用默认加密算法 + * + * @param message 要加密的明文信息 + * @return Base64编码的加密后的密文信息 + */ + public String encryptToBase64Str(String message) { + return encryptToBase64Str(message, defaultSymmetricAlgorithm); + } + + /** + * 对明文信息加密,返回Base64编码的加密后的密文信息 + * + * @param message 要加密的明文信息 + * @param algorithm 加密算法 + * @return Base64编码的加密后的密文信息 + */ + public String encryptToBase64Str(String message, String algorithm) { + Cryptor cryptor = cryptorMap.computeIfAbsent(algorithm, CryptorFactory::getCryptor); + byte[] encryptedMessage = cryptor.encrypt( + encryptPassword.getBytes(Charsets.UTF_8), + message.getBytes(Charsets.UTF_8) + ); + return Base64Util.encodeContentToStr(encryptedMessage); + } + + /** + * 对Base64编码的加密后的密文信息解密,返回解密后的明文,使用默认加密算法 + * + * @param base64EncryptedMessage Base64编码的加密后的密文信息 + * @return 解密后的明文信息 + */ + public String decrypt(String base64EncryptedMessage) { + return decrypt(base64EncryptedMessage, defaultSymmetricAlgorithm); + } + + /** + * 对Base64编码的加密后的密文信息解密,返回解密后的明文 + * + * @param base64EncryptedMessage Base64编码的加密后的密文信息 + * @param algorithm 加密算法 + * @return 解密后的明文信息 + */ + public String decrypt(String base64EncryptedMessage, String algorithm) { + Cryptor cryptor = cryptorMap.computeIfAbsent(algorithm, CryptorFactory::getCryptor); + byte[] rawEncryptedMessage = Base64Util.decodeContentToByte(base64EncryptedMessage); + byte[] decryptedMessage = cryptor.decrypt( + encryptPassword.getBytes(Charsets.UTF_8), + rawEncryptedMessage + ); + return new String(decryptedMessage, Charsets.UTF_8); + } +} diff --git a/src/backend/commons/common/src/main/resources/META-INF/services/com.tencent.bk.sdk.gm.cryptor.Cryptor b/src/backend/commons/common/src/main/resources/META-INF/services/com.tencent.bk.sdk.gm.cryptor.Cryptor new file mode 100644 index 0000000000..a5b8855774 --- /dev/null +++ b/src/backend/commons/common/src/main/resources/META-INF/services/com.tencent.bk.sdk.gm.cryptor.Cryptor @@ -0,0 +1,2 @@ +com.tencent.bk.job.common.encrypt.NoneCryptor +com.tencent.bk.job.common.encrypt.AESCryptor