feat: 支持国密存储 TencentBlueKing#1057 (TencentBlueKing#1061)

* feat: 支持国密存储 TencentBlueKing#1057 * feat: 支持国密存储 TencentBlueKing#1057 * feat: 支持国密存储 TencentBlueKing#1057 * feat: 支持国密存储 TencentBlueKing#1057
yaoxuwan · Aug 14, 2023 · 8c538df · 8c538df
1 parent 9fdfb62
commit 8c538df
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 10 deletions.
diff --git a/src/backend/auth/biz-auth/build.gradle.kts b/src/backend/auth/biz-auth/build.gradle.kts
@@ -39,4 +39,5 @@ dependencies {
     implementation(project(":common:common-operate:operate-service"))
     api(project(":common:common-redis"))
     implementation("org.apache.httpcomponents:httpclient")
+    implementation("com.tencent.bk.sdk:crypto-java-sdk")
 }
diff --git a/...nd/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/UserServiceImpl.kt b/...nd/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/UserServiceImpl.kt
@@ -281,13 +281,15 @@ class UserServiceImpl constructor(
                 // conv time
                 expiredTime = expiredTime!!.plusHours(8)
             }
+            val sm3Id = DataDigestUtils.sm3FromStr(id)
             val userToken = Token(name = name, id = id, createdAt = createdTime, expiredAt = expiredTime)
-            update.addToSet(TUser::tokens.name, userToken)
+            val dataToken = Token(name = name, id = sm3Id, createdAt = createdTime, expiredAt = expiredTime)
+            update.addToSet(TUser::tokens.name, dataToken)
             mongoTemplate.upsert(query, update, TUser::class.java)
             val userInfo = userRepository.findFirstByUserId(userId)
             val tokens = userInfo!!.tokens
             tokens.forEach {
-                if (it.name == name) return it
+                if (it.name == name) return userToken
             }
             return null
         } catch (ignored: DateTimeParseException) {
@@ -325,8 +327,10 @@ class UserServiceImpl constructor(
                 return null
             }
         }
+        logger.debug("find user userId : [$userId]")
         val hashPwd = DataDigestUtils.md5FromStr(pwd)
-        val query = UserQueryHelper.buildUserPasswordCheck(userId, pwd, hashPwd)
+        val sm3HashPwd = DataDigestUtils.sm3FromStr(pwd)
+        val query = UserQueryHelper.buildUserPasswordCheck(userId, pwd, hashPwd, sm3HashPwd)
         val result = mongoTemplate.findOne(query, TUser::class.java) ?: run {
             return null
         }
@@ -338,9 +342,9 @@ class UserServiceImpl constructor(
         // token 匹配成功
         result.tokens.forEach {
             // 永久token，校验通过，临时token校验有效期
-            if (UserRequestUtil.matchToken(pwd, hashPwd, it.id) && it.expiredAt == null) {
+            if (UserRequestUtil.matchToken(pwd, sm3HashPwd, it.id) && it.expiredAt == null) {
                 return UserRequestUtil.convToUser(result)
-            } else if (UserRequestUtil.matchToken(pwd, hashPwd, it.id) &&
+            } else if (UserRequestUtil.matchToken(pwd, sm3HashPwd, it.id) &&
                 it.expiredAt != null && it.expiredAt!!.isAfter(LocalDateTime.now())
             ) {
                 return UserRequestUtil.convToUser(result)

diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/util/DataDigestUtils.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/util/DataDigestUtils.kt
@@ -32,6 +32,7 @@
 package com.tencent.bkrepo.auth.util
 
 import java.security.MessageDigest
+import com.tencent.bk.sdk.crypto.util.SM3Util
 
 object DataDigestUtils {
 
@@ -46,6 +47,11 @@ object DataDigestUtils {
         return toHex(result)
     }
 
+    fun sm3FromStr(str: String): String {
+        val digest = SM3Util.digest(str.toByteArray())
+        return toHex(digest)
+    }
+
     fun md5FromByteArray(byteArr: ByteArray): String {
         val digest = MessageDigest.getInstance("MD5")
         val result = digest.digest(byteArr)

diff --git a/...ckend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/util/query/UserQueryHelper.kt b/...ckend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/util/query/UserQueryHelper.kt
@@ -10,14 +10,14 @@ import org.springframework.data.mongodb.core.query.and
 
 object UserQueryHelper {
 
-    fun buildUserPasswordCheck(userId: String, pwd: String, hashPwd: String): Query {
+    fun buildUserPasswordCheck(userId: String, pwd: String, hashPwd: String, sm3HashPwd: String): Query {
         val criteria = Criteria()
         criteria.orOperator(
             Criteria.where(TUser::pwd.name).`is`(hashPwd),
             Criteria.where("tokens.id").`is`(pwd),
-            Criteria.where("tokens.id").`is`(hashPwd)
+            Criteria.where("tokens.id").`is`(sm3HashPwd)
         ).and(TUser::userId.name).`is`(userId)
-        return Query.query(criteria)
+        return query(criteria)
     }
 
     fun filterNotLockedUser(): Query {
@@ -30,7 +30,7 @@ object UserQueryHelper {
     }
 
     fun getUserByIdAndPwd(userId: String, oldPwd: String): Query {
-        return Query.query(
+        return query(
             Criteria().andOperator(
                 Criteria.where(TUser::userId.name).`is`(userId),
                 Criteria.where(TUser::pwd.name).`is`(DataDigestUtils.md5FromStr(oldPwd))
@@ -75,7 +75,7 @@ object UserQueryHelper {
             )
         }
         userId.let {
-            criteria.and(TUser::asstUsers.name).`in`( *arrayOf(userId))
+            criteria.and(TUser::asstUsers.name).`in`(*arrayOf(userId))
             criteria.and(TUser::group.name).`is`(true)
         }
         return Query(criteria)