fix: password 对称加密

src/main/java/com/ichaoj/ams/constant/AmsConstant.java

@@ -1,12 +1,18 @@
 package com.ichaoj.ams.constant;
 
+import cn.hutool.core.util.HexUtil;
 import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.SecureUtil;
+import cn.hutool.crypto.symmetric.SymmetricAlgorithm;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.catalina.security.SecurityUtil;
 
 import java.io.File;
 
 /**
  * @author cjwen
  */
+@Slf4j
 public class AmsConstant {
 
     /**
@@ -14,6 +20,23 @@ public class AmsConstant {
      */
     public static final String CACHE_ADDRESS_PREFIX = "ams:address";
 
+    public static String aesKey = HexUtil.encodeHexStr(SecureUtil.generateKey(SymmetricAlgorithm.AES.getValue()).getEncoded());
+    public static long aesUpdateTime = System.currentTimeMillis();
+
+    public static void reloadAesKey() {
+        int updateKeySplit = 1000 * 60 * 30;
+        String currentKey = AmsConstant.aesKey;
+        if (System.currentTimeMillis() - aesUpdateTime > updateKeySplit) {
+            synchronized (AmsConstant.class) {
+                if (AmsConstant.aesKey.equals(currentKey)) {
+                    AmsConstant.aesKey = HexUtil.encodeHexStr(SecureUtil.generateKey(SymmetricAlgorithm.AES.getValue()).getEncoded());
+                    aesUpdateTime = System.currentTimeMillis();
+                    log.info("update aes key : {}", AmsConstant.aesKey);
+                }
+            }
+        }
+    }
+
     public static final String WALLET_FILE_PATH =
             StrUtil.format("{}home{}ams{}wallet{}", File.separator, File.separator, File.separator, File.separator);
 

src/main/java/com/ichaoj/ams/controller/UserController.java

@@ -1,5 +1,6 @@
 package com.ichaoj.ams.controller;
 
+import com.ichaoj.ams.constant.AmsConstant;
 import com.ichaoj.common.annotation.AuthResource;
 import com.ichaoj.common.model.PublicPage;
 import com.ichaoj.common.model.PublicResult;
@@ -10,10 +11,7 @@ import com.ichaoj.web.bean.SystemId;
 import com.ichaoj.web.context.SuperWhaleContext;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
 
@@ -38,4 +36,12 @@ public class UserController {
         return userFeignClient.queryUserInfoPage(publicPage);
     }
 
+    @GetMapping("/aes-key")
+    @Operation(summary = "获取对称加密密钥")
+    @AuthResource
+    public PublicResult<String> generateKey() {
+        AmsConstant.reloadAesKey();
+        return PublicResult.success(AmsConstant.aesKey);
+    }
+
 }

src/main/java/com/ichaoj/ams/service/impl/AmsAddressAccountServiceImpl.java

@@ -2,13 +2,18 @@ package com.ichaoj.ams.service.impl;
 
 import cn.hutool.core.bean.BeanUtil;
 import cn.hutool.core.collection.CollectionUtil;
+import cn.hutool.core.util.HexUtil;
 import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.SecureUtil;
+import cn.hutool.crypto.symmetric.SymmetricAlgorithm;
+import cn.hutool.crypto.symmetric.SymmetricCrypto;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.ichaoj.ams.common.bean.Wallet;
 import com.ichaoj.ams.common.util.WalletUtil;
 import com.ichaoj.ams.common.util.ZipUtil;
+import com.ichaoj.ams.constant.AmsConstant;
 import com.ichaoj.ams.entity.AmsAddressAccount;
 import com.ichaoj.ams.mapper.AmsAddressAccountMapper;
 import com.ichaoj.ams.request.address.BatchAddressRequest;
@@ -54,11 +59,15 @@ public class AmsAddressAccountServiceImpl extends SuperWhaleServiceImpl<AmsAddre
 
     @Override
     public List<String> batchCreateAddress(BatchAddressRequest batchAddressRequest) {
+        String password = batchAddressRequest.getPassword();
+        SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, HexUtil.decodeHex(AmsConstant.aesKey));
+        batchAddressRequest.setPassword(aes.decryptStr(password));
         String userId = SuperWhaleContext.getContext(PublicUserInfo.class).getUserId();
         List<AmsAddressAccount> addresses = this.getByGroupNameAndUserId(batchAddressRequest.getGroupName(), userId);
         if (CollectionUtil.isNotEmpty(addresses)) {
             throw new ErrorServiceException("Please change the groupName because you have created");
         }
+
         long start = System.currentTimeMillis();
         List<Wallet> wallets = WalletUtil.batchCreateWallet(
                 userId, batchAddressRequest.getNumWallet(),

src/main/java/com/ichaoj/ams/service/impl/AmsExecuteRecordServiceImpl.java

@@ -3,12 +3,16 @@ package com.ichaoj.ams.service.impl;
 import cn.hutool.core.bean.BeanUtil;
 import cn.hutool.core.collection.CollectionUtil;
 import cn.hutool.core.thread.ThreadUtil;
+import cn.hutool.core.util.HexUtil;
 import cn.hutool.core.util.RandomUtil;
 import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.symmetric.SymmetricAlgorithm;
+import cn.hutool.crypto.symmetric.SymmetricCrypto;
 import com.alibaba.fastjson2.JSON;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import com.ichaoj.ams.constant.AmsConstant;
 import com.ichaoj.ams.entity.*;
 import com.ichaoj.ams.mapper.AmsExecuteRecordMapper;
 import com.ichaoj.ams.request.execute.CreateExecute;
@@ -97,6 +101,9 @@ public class AmsExecuteRecordServiceImpl extends SuperWhaleServiceImpl<AmsExecut
     @Override
     @Transactional(rollbackFor = Exception.class)
     public void createExecute(CreateExecute createExecute) {
+        String password = createExecute.getPassword();
+        SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, HexUtil.decodeHex(AmsConstant.aesKey));
+        createExecute.setPassword(aes.decryptStr(password));
         String userId = SuperWhaleContext.getContext(PublicUserInfo.class).getUserId();
         if (StrUtil.isBlank(createExecute.getGroupName())) {
             throw new ErrorServiceException("地址组名称不能为空！");

src/main/java/com/ichaoj/ams/task/NotifyTask.java

@@ -1,12 +1,18 @@
 package com.ichaoj.ams.task;
 
 import cn.hutool.core.collection.ListUtil;
+import cn.hutool.core.convert.Convert;
 import cn.hutool.core.date.DatePattern;
 import cn.hutool.core.date.DateUtil;
 import cn.hutool.core.date.LocalDateTimeUtil;
 import cn.hutool.core.thread.ThreadUtil;
+import cn.hutool.core.util.CharsetUtil;
+import cn.hutool.core.util.HexUtil;
 import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.SecureUtil;
+import cn.hutool.crypto.symmetric.SymmetricAlgorithm;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.ichaoj.ams.constant.AmsConstant;
 import com.ichaoj.ams.entity.AmsAddressAccount;
 import com.ichaoj.ams.entity.AmsTradeRecord;
 import com.ichaoj.ams.response.statistics.NotifyTaskResponse;
@@ -18,9 +24,14 @@ import com.xxl.job.core.handler.annotation.XxlJob;
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.CharSet;
+import org.apache.commons.lang3.CharSetUtils;
 import org.jetbrains.annotations.NotNull;
+import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.stereotype.Component;
 
+import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
 import java.time.LocalDateTime;
 import java.util.Date;
 import java.util.HashSet;
@@ -42,6 +53,8 @@ public class NotifyTask {
     private final IEmailProvider emailProvider;
     private final ParamTemplate paramTemplate;
 
+
+
     @XxlJob("ams_weekly_report")
     @SuppressWarnings("all")
     public void statisticsWeeklyReport() {

src/test/java/com/ichaoj/ams/script/zksync2/swap/ZksyncMuteSwapEthForUsdcScriptTest.java

@@ -1,5 +1,11 @@
 package com.ichaoj.ams.script.zksync2.swap;
 
+import cn.hutool.core.util.CharsetUtil;
+import cn.hutool.core.util.HexUtil;
+import cn.hutool.crypto.SecureUtil;
+import cn.hutool.crypto.symmetric.SymmetricAlgorithm;
+import cn.hutool.crypto.symmetric.SymmetricCrypto;
+import com.ichaoj.ams.constant.AmsConstant;
 import com.ichaoj.ams.script.JavaScript;
 import com.ichaoj.ams.script.JsScript;
 import com.ichaoj.ams.script.model.SResult;
@@ -40,4 +46,20 @@ class ZksyncMuteSwapEthForUsdcScriptTest {
         System.out.println(sResult);
     }
 
+
+    @Test
+    void hexTest() {
+        AmsConstant.aesKey = HexUtil.encodeHexStr(SecureUtil.generateKey(SymmetricAlgorithm.AES.getValue()).getEncoded());
+        byte[] encoded = SecureUtil.generateKey(SymmetricAlgorithm.AES.getValue()).getEncoded();
+        SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, HexUtil.decodeHex(AmsConstant.aesKey));
+//        SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, encoded);
+        String content = "password";
+        //加密为16进制表示
+        String encryptHex = aes.encryptHex(content);
+//解密为字符串
+        String decryptStr = aes.decryptStr(encryptHex, CharsetUtil.CHARSET_UTF_8);
+        System.out.println("encryptHex : " + encryptHex);
+        System.out.println("decryptStr : " + decryptStr);
+    }
+
 }