Skip to content

增加对nacos-aes-encryption-plugin插件的支持 #592

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
KricYi wants to merge 1 commit into from
Closed

增加对nacos-aes-encryption-plugin插件的支持 #592

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 56 additions & 0 deletions clients/config_client/config_client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,10 @@ package config_client

import (
"context"
"crypto/aes"
"crypto/cipher"
"encoding/base64"
"encoding/hex"
"fmt"
"math"
"os"
Expand Down Expand Up @@ -224,9 +228,61 @@ func (client *ConfigClient) getConfigInner(param vo.ConfigParam) (content string
}
return content, nil
}
if strings.HasPrefix(param.DataId, constant.CipherPrefix) {
return decryptAes(response.EncryptedDataKey, response.Content), nil
}
return response.Content, nil
}

func decryptAes(secretKey string, content string) string {
if secretKey == "" || content == "" {
return content
}

secretKeyBytesTmp, err := base64.StdEncoding.DecodeString(secretKey)
if err != nil {
return content
}
secretKey = string(secretKeyBytesTmp)
secretKeyBytes, err := hex.DecodeString(secretKey)
if err != nil {
return content
}

key, err := aes.NewCipher(secretKeyBytes)
if err != nil {
return content
}
var iv []byte
if secretKey == "" || len(secretKey) < constant.IvLength {
iv = []byte(constant.IvParameter)
} else {
iv = make([]byte, constant.IvLength)
copy(iv, secretKey[:constant.IvLength])
}

contentBytes, err := hex.DecodeString(content)
if err != nil {
return content
}

mode := cipher.NewCBCDecrypter(key, iv)
mode.CryptBlocks(contentBytes, contentBytes)
return string(unPaddingPKCS5(contentBytes))
}

func unPaddingPKCS5(data []byte) []byte {
length := len(data)
if length == 0 {
return data
}
unPadding := int(data[length-1])
if unPadding > length {
return data
}
return data[:(length - unPadding)]
}

func (client *ConfigClient) PublishConfig(param vo.ConfigParam) (published bool, err error) {
if len(param.DataId) <= 0 {
err = errors.New("[client.PublishConfig] param.dataId can not be empty")
Expand Down
3 changes: 3 additions & 0 deletions common/constant/const.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,4 +98,7 @@ const (
HTTPS_SERVER_PORT = 443
GRPC = "grpc"
FAILOVER_FILE_SUFFIX = "_failover"
CipherPrefix = "cipher-"
IvParameter = "fa6fa5207b3286b2"
IvLength = 16
)