fg重构项目
parent: b5ed8467 | 补丁 | 提交 | ignore whitespace
whycxzp
2023-10-24 7056443947be01e7a986187a2e2c08f4d632b436 
中等级缺陷8-1
5个文件已修改
81 ■■■■ 已修改文件
src/main/java/com/whyc/listener/ApplicationListener.java 25 ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史
src/main/java/com/whyc/mapper/UserMapper.java 2 ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史
src/main/java/com/whyc/service/UserService.java 6 ●●●● 补丁 | 查看 | 原始文档 | blame | 历史
src/main/java/com/whyc/util/RSAUtil.java 43 ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史
src/main/resources/mapper/UserMapper.xml 5 ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 
 src/main/java/com/whyc/listener/ApplicationListener.java


@@ -4,10 +4,13 @@


import com.whyc.factory.FaceEngineFactory;


import com.whyc.mapper.CommonMapper;


import com.whyc.mapper.PageParamUserMapper;


import com.whyc.pojo.UserInf;


import com.whyc.service.InterfaceService;


import com.whyc.service.ProcessSurveyService;


import com.whyc.service.UserService;


import com.whyc.util.ActionUtil;


import com.whyc.util.HttpUtil;


import com.whyc.util.RSAUtil;


import org.springframework.beans.factory.annotation.Autowired;




import javax.annotation.Resource;


@@ -15,6 +18,8 @@


import javax.servlet.ServletContextEvent;


import javax.servlet.ServletContextListener;


import javax.servlet.annotation.WebListener;


import java.util.LinkedList;


import java.util.List;


import java.util.Map;




/**


@@ -40,6 +45,8 @@




    //Thread thread_calculateTimeInUse = new Thread(new CalculateTimeInUse(),"Thread_calculateTimeInUse");




    @Autowired


    private UserService userService;




    @Override


    public void contextInitialized(ServletContextEvent servletContextEvent) {


@@ -65,6 +72,24 @@


        application.setAttribute("alarmMap",alarmMap);


        //更新平台版本号和启动时间


        processSurveyService.updateWebStartTimeAndVersion();


        //密码结构更新到3 0 72


        UserInf sysAdmin = userService.getById(1);


        String uSnId = sysAdmin.getUSnId();


        if(RSAUtil.decrypt(uSnId,RSAUtil.getPrivateKey()) == null){ //最新结构解码失败


            //为旧版密码,采用旧版解码并转为新版


            List<UserInf> all = userService.getAll();


            List<UserInf> userListWithNewPwd = new LinkedList<>();


            for (int i = 1; i < all.size(); i++) { //第一条记录非密码,跳过


                UserInf userInf = all.get(i);


                String pwdOldEncrypt = userInf.getUSnId();


                String pwd = RSAUtil.decrypt(pwdOldEncrypt, RSAUtil.getPrivateKeyOld());


                String pwdNewEncrypt = RSAUtil.encrypt(pwd, RSAUtil.getPublicKey());


                userInf.setUSnId(pwdNewEncrypt);


                userListWithNewPwd.add(userInf);


            }


            userService.updatePasswordsTo3072(userListWithNewPwd);


            System.out.println("password system renewed");


        }




    }






 src/main/java/com/whyc/mapper/UserMapper.java


@@ -18,4 +18,6 @@


    List<UserInf> getUserInfAndPermitInf();






    void updatePasswordsTo3072(List<UserInf> userListWithNewPwd);




}




 src/main/java/com/whyc/service/UserService.java


@@ -122,7 +122,7 @@


                return new Response<>().set(1, false, "手机号已存在");


            }


            String password = URLDecoder.decode(user.getUpassword(), "utf-8");


            




            String[] dataArr = RSAUtil.decryptFront(password, RSAUtil.fontSeparator);


            String pwd = RSAUtil.encrypt(dataArr[0],RSAUtil.getPublicKey());


            user.setUpassword(pwd);


@@ -450,4 +450,8 @@


        }


        return response;


    }




    public void updatePasswordsTo3072(List<UserInf> userListWithNewPwd) {


        userMapper.updatePasswordsTo3072(userListWithNewPwd);


    }


}




 src/main/java/com/whyc/util/RSAUtil.java


@@ -18,10 +18,11 @@


    /**


     * 固定公私钥


     */


    private static final  String publicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPpJ3j+SHQ69lqq+ShV7deA40Y+8rYra6rr4ReOJ+UE7ek8tsJJrcy1xMO1SophJdHXXwSNbZWhnJW9GlIq1Um6IplkwFc/AtyoeJDP3EJtUZgI5H6fSz0BPLFHn18C0Nxz1Br109U07DqQdMsarcBmKXYQw+2oZOz0KpA5b0FawIDAQAB";


    private static final  String privateKey = "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAI+kneP5IdDr2Wqr5KFXt14DjRj7ytitrquvhF44n5QTt6Ty2wkmtzLXEw7VKimEl0ddfBI1tlaGclb0aUirVSboimWTAVz8C3Kh4kM/cQm1RmAjkfp9LPQE8sUefXwLQ3HPUGvXT1TTsOpB0yxqtwGYpdhDD7ahk7PQqkDlvQVrAgMBAAECgYA8ASdX4W2n6a4kKnRSleLqqg8aHazqAPvTinmAJqU65VW02SJ42yxyV3gFnTSErXfIfxviO3/U+0ruWiFVEwV5oDEh0dOd+HHGm4YzFXIRglMeRBgLuVJ+owzoVDwZstiIBa69DIjaJtmpSf5FjwxAth+gtCv3e11IXHraKN720QJBAMPMB1WtmpRGYHxWVYjKSL+RGw+h3gMQLk3exZjhmYRlXuqfVZ2Zol+NazDc59K5f+geMdJ0/X2kKnKLVjWzYHMCQQC7z1cFYswtLemxGfj+dwlVC01VL4pKa7HGHl/FAQ2UNYZY2d5hE/nXYbTpfI0gMowX926/aFpia7NbAUJO7WEpAkAyUFa+LJthaOhYazMVsK2bFKW4kabkcJ8Fga6TR73UaNxIPGOa2SUBmuylpM6ptuNoeYHiDBAr3ijOQIIJ0KuDAkBy9fPahCNe9F+73J4hhVPdDtIDdto7u7hSAX215XMeabUW5iXNXqDsSg6nbWolb0t50CemWoYZALwE1Lx1+7AhAkEAoZtFt+2skjAxHEqNUye4vKBqB2Ng/wmfitCfT34lXWQsxs4BGk/8eQMzkam9bcB7FcinolxHF/1UjsUYpI+AgA==";


    private static final  String publicKeyOld = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPpJ3j+SHQ69lqq+ShV7deA40Y+8rYra6rr4ReOJ+UE7ek8tsJJrcy1xMO1SophJdHXXwSNbZWhnJW9GlIq1Um6IplkwFc/AtyoeJDP3EJtUZgI5H6fSz0BPLFHn18C0Nxz1Br109U07DqQdMsarcBmKXYQw+2oZOz0KpA5b0FawIDAQAB";


    private static final  String privateKeyOld = "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAI+kneP5IdDr2Wqr5KFXt14DjRj7ytitrquvhF44n5QTt6Ty2wkmtzLXEw7VKimEl0ddfBI1tlaGclb0aUirVSboimWTAVz8C3Kh4kM/cQm1RmAjkfp9LPQE8sUefXwLQ3HPUGvXT1TTsOpB0yxqtwGYpdhDD7ahk7PQqkDlvQVrAgMBAAECgYA8ASdX4W2n6a4kKnRSleLqqg8aHazqAPvTinmAJqU65VW02SJ42yxyV3gFnTSErXfIfxviO3/U+0ruWiFVEwV5oDEh0dOd+HHGm4YzFXIRglMeRBgLuVJ+owzoVDwZstiIBa69DIjaJtmpSf5FjwxAth+gtCv3e11IXHraKN720QJBAMPMB1WtmpRGYHxWVYjKSL+RGw+h3gMQLk3exZjhmYRlXuqfVZ2Zol+NazDc59K5f+geMdJ0/X2kKnKLVjWzYHMCQQC7z1cFYswtLemxGfj+dwlVC01VL4pKa7HGHl/FAQ2UNYZY2d5hE/nXYbTpfI0gMowX926/aFpia7NbAUJO7WEpAkAyUFa+LJthaOhYazMVsK2bFKW4kabkcJ8Fga6TR73UaNxIPGOa2SUBmuylpM6ptuNoeYHiDBAr3ijOQIIJ0KuDAkBy9fPahCNe9F+73J4hhVPdDtIDdto7u7hSAX215XMeabUW5iXNXqDsSg6nbWolb0t50CemWoYZALwE1Lx1+7AhAkEAoZtFt+2skjAxHEqNUye4vKBqB2Ng/wmfitCfT34lXWQsxs4BGk/8eQMzkam9bcB7FcinolxHF/1UjsUYpI+AgA==";






    private static final  String publicKey = "MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAu7CdCMIoWXUX584JpmE1bTE1r1MtmZGswsSbsm4s9zqETQ4BmUT2kz/wvvGsI8T3ZvTT4KIyKP4Ez+yNVejMM5XwR95KF4e3UwMc724buWKl4pVL09kvkCZt8ZKf359VAvhyHHz80wIiVmJs6xbho7OBsv/s7Hwho0n4HPL4u/eNR5vWa2rtgQG1+fi1XP0UiSRKKW15Va9R2CI3zB+sffquhyX5fi+06NibWzk7OPU+EGvAwkaJtrmfLAvpwr4+G0MBLIsPVFV17Sgpoj62rtfbhHwmLSo1JTw+/JskDQOjxXfw+w3uHAZgPTlEmn2Ya9ssIljqCBfvM9nbGUWcnmppKlPm6kECa4RsgPiRgPFV+nT/Q98kfUTb798Sy63x4NIZkLQn1DDbmcAgUqLR6y1r0fD8Ne3vVtuZlVR/8ZlcRAfb+th2cNN0rytrnUreJo7kPtTFdkNtmj0KdUkRO8ea0YymEQal+b0tCl3V8osSy+qO2OVRd7yCvpOWEYOBAgMBAAE=";


    private static final  String privateKey = "MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQC7sJ0IwihZdRfnzgmmYTVtMTWvUy2ZkazCxJuybiz3OoRNDgGZRPaTP/C+8awjxPdm9NPgojIo/gTP7I1V6MwzlfBH3koXh7dTAxzvbhu5YqXilUvT2S+QJm3xkp/fn1UC+HIcfPzTAiJWYmzrFuGjs4Gy/+zsfCGjSfgc8vi7941Hm9Zrau2BAbX5+LVc/RSJJEopbXlVr1HYIjfMH6x9+q6HJfl+L7To2JtbOTs49T4Qa8DCRom2uZ8sC+nCvj4bQwEsiw9UVXXtKCmiPrau19uEfCYtKjUlPD78myQNA6PFd/D7De4cBmA9OUSafZhr2ywiWOoIF+8z2dsZRZyeamkqU+bqQQJrhGyA+JGA8VX6dP9D3yR9RNvv3xLLrfHg0hmQtCfUMNuZwCBSotHrLWvR8Pw17e9W25mVVH/xmVxEB9v62HZw03SvK2udSt4mjuQ+1MV2Q22aPQp1SRE7x5rRjKYRBqX5vS0KXdXyixLL6o7Y5VF3vIK+k5YRg4ECAwEAAQKCAYEAsVBm6pFSwUCn9uxlnXOUn7WvvBTerYg8KDzJwsXnYSE9P/aNeBj4wZ/Udu+l6pz4BaIiUMOqk6N3NF+MHq8xy0JJn/vXD2e9v4TfXysssfUKNodI/bjfAFXt5BzbQM4r6ASC+Xry9v27JtURhP826Ap763lwgPG8baFB70dzyVBTfmUxKoX4HrpZCvD1lgXZ0r4f+gdca6CXt5KMGCGMOfAL1c4AaD/1r0yDaKkm0+aMXcMOdfthuuieAWS30K0cK7A2GIHmWWwvNrGW/EqIHUKLBIdrXo9bDq5X1vMnw9FoCfjEwgCtlsGHMbgoVt6Zd3ziNjcNQ/nVQZEBLmyz1pVL+RixxZN/RCEyQSM+0EBeJ4VV75unTvz+qT05r6Lv07L66pAt7VPfW5705e6SU1IPUezZhAqh+fY33szloFCEWVP+n2szEZYSYM8ZZW+ctdzjyj3SNJc6Z0eh6MPBQzTTz4Rk+NXpHnyqBONRsIFvbihewO+7j97Ct/RshhYBAoHBAO84WM29k7Aqochn6TUZC7rmwtmJNNRFIkkxVSj0NTe8cHvl+qWDooSHnTJSMm/xyvzYa3KOaKEviegPXuVMYLkZD1i4Wd58YzcC2fuAHcL6F41ZhrbD+GOpitQhmaud2RCm6gxWlylzuuUPtubnLipoy0WRb3X+C9ub+GMmAP+KLsEeWZUxAv806MsTqNJqagHLmvIcshnaKrxbReCorvQfIotQ/NdSw6/tJfHSPAG0KrccB9KSUxjLmHaOYLIHkQKBwQDI2vGAzHqTypoL47I7cOLDzVZ2KammhJg2wwyJdCWSy2OzJvnrgJaqOrQtVNUO8EJn5cLMlJDBFz7rbMvoO76oF/22CMNb8bhv3wh1yQfZ/IKGunrSSFH0jtTO2bfSQJM9sgJzMYLiOEy1yaPXZ43QeoVsoDQOKHGh3dF8Y6aTkA5FC9x4pmPzpRAgH5/X3THj6BIWbEI5BRiywZHWSboymF+DkT2NDDPoMQ9zML/04O30Tuy8DbFf9xTw3wroJPECgcBAJdX6ZcnCxcvYV7T7nhm9JsA9YUOfYGKPSgFSGBplNczcDJGn7KKZ81u98LjBuA78unQlpfZ8sqjCZ8zEpDSTrhqladn/hU99ovAdNv/EFxhVuRoczHRBFWe69r+ke5GHm5rLcDTc0sHdRtd/F6MTkEJiB1viQhuf6jUzMS+3VrCu7JqNHTV2hhOe0UjGE+8VSCnmnrdLo2suUzNryRAROoAi57bFbtY2yNsR+5RHyK5jp8qZNs+9qGrb79YSJ2ECgcAHZTBRKrY0rNgBKhAM6jofNXdCgIQzklw8X/AdO36KqhxwozW+ewyRFfo+VQpHM4duZeJHQA0YXu+9IVNcqJ57d+6qfiYbQ4oj7FVWaOF2IDr6FPGivnDuDTg+qXuALUp+kghPD3qfM613YAY9Tx3EmE5DUp64CrssV4t4Bf9DHaG43xfuBUpW1TQDysZK32UP3CKWWsQRb2OaaVAiULKfXEbgBD/86n8axHuqJRhcPs/kF+fVgLeQLfvCZqPzKjECgcEAvBdzAp/vK/C8FYa3JVU1zcQKAIzv5HLyjLMCYYDkz5z7YcscJ3JUp+euIYem0i1hE3a3JpB5iqy92CauF1zZTb7Kqom8kes4fPf3PnDllIS2wMagPAMPubO7nuN9fa6KOoX//vwqvq+WnbLIXtPoOlaxLdUud5gIRgVTz+0qc+8e5CUvv4+EQ2dUDkZLNFHPgvCFTD2ylEC3DXC0q4vWLZ7o14zniuhE3M3Kpf3UIIAFdzRlUv2n38kbXOUTxuZm";


    /**


     * RSA最大加密明文大小


     */


@@ -29,7 +30,7 @@


    /**


     * RSA最大解密密文大小


     */


    private static final int MAX_DECRYPT_BLOCK = 128;


    private static final int MAX_DECRYPT_BLOCK = 384;




    public static final String fontSeparator = "&&&&&&&&&&";


    /**


@@ -40,7 +41,7 @@


    public static List<String> getKeyPair() throws Exception {


        LinkedList<String> list = new LinkedList<>();


        KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");


        generator.initialize(1024);


        generator.initialize(3072);


        KeyPair keyPair = generator.generateKeyPair();


        String publicKey = Base64.encodeBase64String(keyPair.getPublic().getEncoded());


        String privateKey = Base64.encodeBase64String(keyPair.getPrivate().getEncoded());


@@ -86,6 +87,25 @@


            return null;


        }


    }




    /**


     * 获取私钥-旧版


     *


     * @return


     */


    public static PrivateKey getPrivateKeyOld() {


        try {


            KeyFactory keyFactory = null;


            keyFactory = KeyFactory.getInstance("RSA");




            byte[] decodedKey = Base64.decodeBase64(privateKeyOld.getBytes());


            PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(decodedKey);


            return keyFactory.generatePrivate(keySpec);


        }catch (NoSuchAlgorithmException | InvalidKeySpecException e){


            return null;


        }


    }




    /**


     * 获取公钥


     *


@@ -223,19 +243,14 @@


        return dataArr;


    }




    public static void main(String[] args) {


    public static void main(String[] args) throws Exception {


        try {


            String word = "123456";


            String publicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPpJ3j+SHQ69lqq+ShV7deA40Y+8rYra6rr4ReOJ+UE7ek8tsJJrcy1xMO1SophJdHXXwSNbZWhnJW9GlIq1Um6IplkwFc/AtyoeJDP3EJtUZgI5H6fSz0BPLFHn18C0Nxz1Br109U07DqQdMsarcBmKXYQw+2oZOz0KpA5b0FawIDAQAB";


            String privateKey = "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAI+kneP5IdDr2Wqr5KFXt14DjRj7ytitrquvhF44n5QTt6Ty2wkmtzLXEw7VKimEl0ddfBI1tlaGclb0aUirVSboimWTAVz8C3Kh4kM/cQm1RmAjkfp9LPQE8sUefXwLQ3HPUGvXT1TTsOpB0yxqtwGYpdhDD7ahk7PQqkDlvQVrAgMBAAECgYA8ASdX4W2n6a4kKnRSleLqqg8aHazqAPvTinmAJqU65VW02SJ42yxyV3gFnTSErXfIfxviO3/U+0ruWiFVEwV5oDEh0dOd+HHGm4YzFXIRglMeRBgLuVJ+owzoVDwZstiIBa69DIjaJtmpSf5FjwxAth+gtCv3e11IXHraKN720QJBAMPMB1WtmpRGYHxWVYjKSL+RGw+h3gMQLk3exZjhmYRlXuqfVZ2Zol+NazDc59K5f+geMdJ0/X2kKnKLVjWzYHMCQQC7z1cFYswtLemxGfj+dwlVC01VL4pKa7HGHl/FAQ2UNYZY2d5hE/nXYbTpfI0gMowX926/aFpia7NbAUJO7WEpAkAyUFa+LJthaOhYazMVsK2bFKW4kabkcJ8Fga6TR73UaNxIPGOa2SUBmuylpM6ptuNoeYHiDBAr3ijOQIIJ0KuDAkBy9fPahCNe9F+73J4hhVPdDtIDdto7u7hSAX215XMeabUW5iXNXqDsSg6nbWolb0t50CemWoYZALwE1Lx1+7AhAkEAoZtFt+2skjAxHEqNUye4vKBqB2Ng/wmfitCfT34lXWQsxs4BGk/8eQMzkam9bcB7FcinolxHF/1UjsUYpI+AgA==";


            //List<String> keyPair = getKeyPair();


            //String encryptWord = encrypt(word, getPublicKey(keyPair.get(0)));


            //System.out.println("加密后的字符串:"+encryptWord);


            String encryptWord = "T8JGNiTKjeGxsy1klDEP6sgEbRIVrbC6KJt06RTY+KuK27SFU+Ch6fCE4wDsJRjfm0mr5DiHb1DZUOtEG6g4gv8F+5S7hTRtoaQkSxCCmnY7NMQKmkMl71Yvr9grx1KOrFUZCCymfcJGv0Dat7DPF/cDebnPN6IHpx+CS9u5pXI=";


            String originWord = decrypt(encryptWord, getPrivateKey(privateKey));


            String encryptWord ="jFr3/n7JBhwxVE+uiMzC9LapSjDb97x1P7s8npTTLepabMucHcgVPwU/rkiG4tLlEICjYJKINQzoZQ0bqGxhwASe9vT2KukOOHJAEmBjs1uWkJoK0GLMZtNt7oiRoQzVSzPCfmtlc64gplUCSH6UTqqkMu//pEn/67W4sTLzUzg=";


            String originWord = decrypt(encryptWord, getPrivateKey());


            System.out.println("解密后的字符串:"+originWord);


        } catch (Exception e) {


            e.printStackTrace();


        }




    }


}




 src/main/resources/mapper/UserMapper.xml


@@ -1,6 +1,11 @@


<?xml version="1.0" encoding="UTF-8"?>


<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">


<mapper namespace="com.whyc.mapper.UserMapper" >


    <update id="updatePasswordsTo3072">


        <foreach collection="list" item="item" separator=";">


            update db_user.tb_user_inf set uSnId = #{item.uSnId} where uId = #{item.uId}


        </foreach>


    </update>




    <select id="addJudge" resultType="int">


        select count(uid) as nums from db_user.tb_user_inf where uname=#{uName} or uMobilephone=#{uPhoneNumber} limit 1