詳解如何利用jasypt實現(xiàn)配置文件加密

更新時間：2022年07月05日 14:00:02 作者：步爾斯特

Jasypt?(Java?Simplified?Encryption)?是一個?java?庫，它允許開發(fā)人員以最小的成本將基本的加密功能添加到項目中，而無需深入了解密碼學(xué)的工作原理。本文將利用jasypt實現(xiàn)配置文件加密，感興趣的可以學(xué)習(xí)一下

引入依賴

 <dependency>
     <groupId>com.github.ulisesbocchio</groupId>
     <artifactId>jasypt-spring-boot-starter</artifactId>
     <version>3.0.4</version>
 </dependency>

生效

如果是為spring boot項目的配置文件加密，則無需額外配置，啟動類上的@SpringBootApplication自動會將其注入程序，使其生效。

作用域

指定配置文件的作用域，其他配置文件不受jasypt影響

@Configuration
@EncryptablePropertySources({
    @EncryptablePropertySource("classpath:sentinel-1.properties"),                          
    @EncryptablePropertySource("classpath:sentinel-2.properties")
    })

應(yīng)用

工具類

import org.jasypt.encryption.StringEncryptor;
import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;

/**
 * @author issavior
 */
public class JasyptUtil {
    /**
     * org.jasypt.encryption.StringEncryptor對象
     */
    private static StringEncryptor stringEncryptor = null;

    public static StringEncryptor getInstance(String secretKey) throws Exception {
        if (secretKey == null || secretKey.trim().equals("")) {
            System.out.println("秘鑰不能為空！");
            throw new Exception("org.jasypt.encryption.StringEncryptor秘鑰不能為空！");
        }
        if (stringEncryptor == null) {
            PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
            SimpleStringPBEConfig config = new SimpleStringPBEConfig();
            // 這個秘鑰必須是我們自己定義
            config.setPassword(secretKey);
            config.setAlgorithm("PBEWITHHMACSHA512ANDAES_256");
            config.setKeyObtentionIterations("1000");
            config.setPoolSize("1");
            config.setProviderName("SunJCE");
            config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
            config.setIvGeneratorClassName("org.jasypt.iv.RandomIvGenerator");
            config.setStringOutputType("base64");
            encryptor.setConfig(config);

            stringEncryptor = encryptor;
        }
        return stringEncryptor;
    }

    public static void main(final String[] args) {

        // 秘鑰字符串
        String secretKey = "123!@#";

        // 待加密的明文密碼
        String pass = "123456";
        try {
            StringEncryptor stringEncryptor = JasyptUtil.getInstance(secretKey);
            String encryptPass = stringEncryptor.encrypt(pass);
            System.out.println("【" + pass + "】被加密成【" + encryptPass + "】");

            String clearPass = stringEncryptor.decrypt(encryptPass);
            System.out.println("【" + encryptPass + "】被解密成【" + clearPass + "】");

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

}

配置

jasypt:
  encryptor:
    password: 123!@#
my:
  # 必須用ENC()包起來，這樣jasypt才能識別出來這個密碼需要解密再傳給應(yīng)用程序
  msg: ENC(PwyGulNOC9YERAC9A6zpH8Da1tn50dtgJ1XBqygkdNoBTkjmENd+F5yJJMp4sthf)