- make a solution for using encrypted fields as query criteria

Author: Weasley

mybatis-encrypt-spring-boot-starter/pom.xml

@@ -13,7 +13,9 @@
     <artifactId>mybatis-encrypt-spring-boot-starter</artifactId>
     <version>1.0.0</version>
     <name>mybatis-encrypt-spring-boot-starter</name>
-    <description>A spring-boot starter make it easy to encrypt and decrypt some column of database tables, support for user custom encryption algorithms</description>
+    <description>A spring-boot starter make it easy to encrypt and decrypt some column of database tables, support for
+        user custom encryption algorithms
+    </description>
     <url>https://github.com/Weasley-J/mybatis-encrypt-spring-boot-parent</url>
 
     <licenses>

mybatis-encrypt-spring-boot-starter/src/main/java/io/github/weasleyj/mybatis/encrypt/config/MybatisEncryptConfigurer.java

@@ -46,7 +46,7 @@ public class MybatisEncryptConfigurer implements InitializingBean {
     /**
      * The clients of encrypt strategies
      */
-    public static final Map<EncryptType, EncryptStrategy> STRATEGIES_CLIENTS = new ConcurrentHashMap<>(6);
+    public static final Map<EncryptType, EncryptStrategy> STRATEGY_CLIENTS = new ConcurrentHashMap<>(6);
     private final Logger logger = LoggerFactory.getLogger(this.getClass());
     private final DiyProperties diyProperties;
     private final AesProperties aesProperties;
@@ -63,7 +63,6 @@ public MybatisEncryptConfigurer(DiyProperties diyProperties, AesProperties aesPr
         this.defaultMybatisEncryptInterceptor = defaultMybatisEncryptInterceptor;
     }
 
-
     @Override
     public void afterPropertiesSet() throws Exception {
         sqlSessionFactories.forEach(sqlSessionFactory -> {
@@ -73,9 +72,9 @@ public void afterPropertiesSet() throws Exception {
             }
         });
         if (null != diyProperties.getEncryptStrategy()) {
-            STRATEGIES_CLIENTS.put(DIY, ClassUtils.newInstance(diyProperties.getEncryptStrategy()));
+            STRATEGY_CLIENTS.put(DIY, ClassUtils.newInstance(diyProperties.getEncryptStrategy()));
         }
-        STRATEGIES_CLIENTS.put(BASE64, new DefaultBase64EncryptStrategyImpl());
-        STRATEGIES_CLIENTS.put(AES, new DefaultAesEncryptStrategyImpl(aesProperties));
+        STRATEGY_CLIENTS.put(BASE64, new DefaultBase64EncryptStrategyImpl());
+        STRATEGY_CLIENTS.put(AES, new DefaultAesEncryptStrategyImpl(aesProperties));
     }
 }

mybatis-encrypt-spring-boot-starter/src/main/java/io/github/weasleyj/mybatis/encrypt/core/EncryptStrategy.java

@@ -1,12 +1,52 @@
 package io.github.weasleyj.mybatis.encrypt.core;
 
+import io.github.weasleyj.mybatis.encrypt.annotation.Encryption;
+import io.github.weasleyj.mybatis.encrypt.constant.EncryptType;
+import io.github.weasleyj.mybatis.encrypt.exception.MybatisEncryptException;
+import org.apache.commons.lang3.reflect.FieldUtils;
+import org.springframework.util.Assert;
+import org.springframework.util.CollectionUtils;
+
+import java.lang.reflect.Field;
+import java.util.List;
+
+import static io.github.weasleyj.mybatis.encrypt.config.MybatisEncryptConfigurer.STRATEGY_CLIENTS;
+
 /**
  * The interface for encrypt strategy
  *
  * @author weasley
  * @version 1.0.0
  */
 public interface EncryptStrategy {
+    /**
+     * When using encrypted fields as query fields, you may need to encrypt plaintext fields before they can be recognized by the database as query parameters
+     *
+     * @param plainBean The bean to encrypt its fields to ciphertext which annotated by {@link Encryption}
+     * @param <E>       The type of raw bean
+     * @return The bean with fields encrypt to ciphertext
+     */
+    static <E> E covert(E plainBean, EncryptType encryptType) {
+        Assert.notNull(plainBean, "Plain bean must be not null");
+        Assert.notNull(encryptType, "Encrypt type must be not null");
+        if (plainBean.getClass() == Object.class) return plainBean;
+        List<Field> encryptionFields = FieldUtils.getFieldsListWithAnnotation(plainBean.getClass(), Encryption.class);
+        if (CollectionUtils.isEmpty(encryptionFields)) return plainBean;
+        EncryptStrategy encryptStrategy = STRATEGY_CLIENTS.get(encryptType);
+        if (null == encryptStrategy) return plainBean;
+        for (Field field : encryptionFields) {
+            try {
+                Object plaintextFieldValue = FieldUtils.readField(field, plainBean, true);
+                if (null == plaintextFieldValue) continue;
+                String encrypt = encryptStrategy.encrypt(plaintextFieldValue);
+                FieldUtils.writeField(field, plainBean, encrypt, true);
+            } catch (IllegalAccessException e) {
+                throw new MybatisEncryptException("Covert plain bean to cipher bean error:", e);
+            }
+        }
+        return plainBean;
+    }
+
     /**
      * To encrypt a raw text that human-readable
      *
@@ -26,5 +66,4 @@ default String encrypt(Object plaintext) {
     default String decrypt(Object ciphertext) {
         return null;
     }
-
 }

mybatis-encrypt-spring-boot-starter/src/main/java/io/github/weasleyj/mybatis/encrypt/interceptor/DefaultMybatisEncryptInterceptor.java

@@ -143,7 +143,7 @@ public Object processSelectCommandType(Invocation invocation) throws IllegalAcce
      * @return The instance of {@link EncryptStrategy}
      */
     public EncryptStrategy deduceEncryptStrategy() {
-        return MybatisEncryptConfigurer.STRATEGIES_CLIENTS.get(mybatisEncryptProperties.getEncryptType());
+        return MybatisEncryptConfigurer.STRATEGY_CLIENTS.get(mybatisEncryptProperties.getEncryptType());
     }
 
 }

mybatis-encrypt-spring-boot-tests/h2.mv.db

@@ -10,6 +10,8 @@
 import com.example.demain.DttMember;
 import com.example.service.MemberService;
 import com.github.pagehelper.page.PageMethod;
+import io.github.weasleyj.mybatis.encrypt.config.MybatisEncryptProperties;
+import io.github.weasleyj.mybatis.encrypt.core.EncryptStrategy;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
@@ -35,6 +37,8 @@ public class MemberController {
 
     @Autowired
     private MemberService memberService;
+    @Autowired
+    private MybatisEncryptProperties mybatisEncryptProperties;
 
     /**
      * 用户信息分页查询(Pagehelper写法)
@@ -77,6 +81,19 @@ public ResponseEntity<Page<DttMember>> pageByMmp(@ModelAttribute("pageParam") Pa
         return ResponseEntity.ok(page);
     }
 
+    /**
+     * Use encrypted fields as query criteria
+     */
+    @GetMapping("/lis/encrypted/fields")
+    public ResponseEntity<List<DttMember>> selectByEncryptedFields(@ModelAttribute("member") DttMember member) {
+        log.info("{}", JacksonUtil.toPrettyJson(member));
+        DttMember dttMember = EncryptStrategy.covert(member, mybatisEncryptProperties.getEncryptType());
+        log.info("EncryptStrategy.covert {}", JacksonUtil.toPrettyJson(dttMember));
+        List<DttMember> members = this.memberService.list(Wrappers.lambdaQuery(DttMember.class)
+                .eq(DttMember::getNickname, dttMember.getNickname()));
+        return ResponseEntity.ok(members);
+    }
+
     /**
      * 获取用户信息详情
      *

mybatis-encrypt-spring-boot-tests/src/main/java/com/example/controller/MemberController.java

@@ -10,7 +10,7 @@ spring:
     name: mybatis-encrypt-spring-boot-tests
 
   profiles:
-    active: oracle
+    active: h2
 
   jackson:
     date-format: yyyy-MM-dd HH:mm:ss

mybatis-encrypt-spring-boot-tests/src/main/resources/application.yml

@@ -7,6 +7,9 @@
 import com.example.demain.DttMember;
 import com.example.service.MemberService;
 import com.fasterxml.jackson.core.type.TypeReference;
+import io.github.weasleyj.mybatis.encrypt.config.MybatisEncryptProperties;
+import io.github.weasleyj.mybatis.encrypt.core.EncryptStrategy;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.junit.jupiter.api.Test;
@@ -19,11 +22,14 @@
 import java.util.ArrayList;
 import java.util.List;
 
+@Slf4j
 @SpringBootTest
 class EncryptionTestsAppTests {
 
     @Autowired
     private MemberService memberService;
+    @Autowired
+    private MybatisEncryptProperties mybatisEncryptProperties;
 
     @Test
     void contextLoads() {
@@ -58,15 +64,6 @@ void testBatchInsert() throws IOException {
         Assert.isTrue(batch);
     }
 
-    @Test
-    void testSelectByEncryptFiled() {
-        List<DttMember> members = this.memberService.list(Wrappers.lambdaQuery(DttMember.class)
-                .eq(DttMember::getNickname, "蒋震南1005")
-                .eq(DttMember::getOpenId, "fawezOE5sT")
-        );
-        System.out.println(JacksonUtil.toPrettyJson(members));
-    }
-
     @Test
     void testUpdateSingle() {
         DttMember member = JacksonUtil.readValue("{\n" +
@@ -95,4 +92,20 @@ void testUpdateSingle() {
         );
         Assert.isTrue(update2, "update must be success");
     }
+
+
+    /**
+     * Use an encrypted field to query for data
+     */
+    @Test
+    void testSelectByEncryptedFields() {
+        DttMember member = new DttMember().setNickname("蒋震南1005");
+        log.info("before {}", JacksonUtil.toJson(member));
+        DttMember dttMember = EncryptStrategy.covert(member, mybatisEncryptProperties.getEncryptType());
+        log.info("after {}", JacksonUtil.toJson(member));
+        List<DttMember> members = this.memberService.list(Wrappers.lambdaQuery(DttMember.class)
+                .eq(DttMember::getNickname, dttMember.getNickname()));
+        log.info("select by encrypt filed: {}", JacksonUtil.toJson(members));
+    }
+
 }