SuperMap iServer 提供了 SecretKeyProvider 接口,用于扩展开发符合用户需求的应用于各种加密场景的自定义外置密钥。

1、SecretKeyProvider 接口介绍

com.supermap.services.util.encryption.SecretKeyProvider 接口有如下方法:

  • public void loadSecretKey(List<CipherKeySetting> cipherSettings, EncryptionScenario scenario)

该方法用于根据配置加载密钥。

  • public void unloadSecretKey(List<CipherKeySetting> cipherSettings, EncryptionScenario scenario)

该方法用于卸载密钥。

  • public Optional<SecretKeySpec> getSecretKeySpec(String keyID, EncryptionScenario scenario)

该方法用于根据场景和id获取密钥,返回Optional.empty代表不支持此场景的密钥获取。

  • public Optional<SecretKeyInfo> getSecretKeyInfo(String keyID, EncryptionScenario scenario)

该方法用于根据场景和id获取密钥描述信息,返回Optional.empty代表不支持此场景的密钥获取。

2、SecretKeyProvider接口实现示例

如下以继承 SecretKeyProvider 接口来实现外置国密密钥 SM4SecretKeyProvider 类举例,说明具体的代码实现方式:

package com.supermap.model.util;

import cn.hutool.core.util.RandomUtil;

import com.supermap.server.config.CipherKeySetting;

import com.supermap.services.util.encryption.EncryptionScenario;

import com.supermap.services.util.encryption.SecretKeyInfo;

import com.supermap.services.util.encryption.SecretKeyProvider;

import lombok.extern.slf4j.Slf4j;

import org.apache.commons.lang3.StringUtils;

import javax.crypto.spec.SecretKeySpec;

import java.io.BufferedReader;

import java.io.FileReader;

import java.io.IOException;

import java.util.Base64;

import java.util.List;

import java.util.Optional;

public class SM4SecretKeyProvider implements SecretKeyProvider {

    private static final String SM4_KEY_PATH = "D:\\SM4_keyStore\\SM4KEY.txt";

    @Override

    public void loadSecretKey(List<CipherKeySetting> list, EncryptionScenario encryptionScenario) {

    }

    @Override

    public void unloadSecretKey(List<CipherKeySetting> list, EncryptionScenario encryptionScenario) {

    }

    @Override

    public Optional<SecretKeySpec> getSecretKeySpec(String keyID, EncryptionScenario encryptionScenario) {

        Optional<SecretKeySpec> optional = Optional.empty();

        String keyPath = null;

        String algorithm = "";

        if ("keyID1".equals(keyID)) {

            keyPath = SM4_KEY_PATH;

            algorithm = "SM4";

        }

        if (StringUtils.isNotBlank(keyPath)) {

            int lineNumber = RandomUtil.randomInt(1,11);

            BufferedReader reader = null;

            try {

                reader = new BufferedReader(new FileReader(keyPath));

                String line;

                int currentLine = 1;

                optional = Optional.of(new SecretKeySpec(Base64.getDecoder().decode(line), algorithm));

            } catch (IOException e) {

                e.printStackTrace();

                log.error("获取密钥失败!");

            } finally {

                if (reader != null) {

                    try {

                        reader.close();

                    } catch (IOException e) {

                        throw new RuntimeException(e);

                    }

                }

            }

        }

        return optional;

    }

    @Override

    public Optional<SecretKeyInfo> getSecretKeyInfo(String keyID, EncryptionScenario encryptionScenario) {

        return Optional.empty();

    }