feat:support partial configuration encrypt. (#566)

Author: SkyeBeFreeman

polaris-assembly/polaris-assembly-client/src/main/java/com/tencent/polaris/assembly/client/flow/DefaultAssemblyFlow.java

@@ -17,21 +17,13 @@
 
 package com.tencent.polaris.assembly.client.flow;
 
-import java.util.Collections;
-import java.util.List;
-
 import com.tencent.polaris.api.config.Configuration;
 import com.tencent.polaris.api.config.global.FlowConfig;
 import com.tencent.polaris.api.plugin.compose.Extensions;
 import com.tencent.polaris.api.plugin.loadbalance.LoadBalancer;
 import com.tencent.polaris.api.plugin.route.RouteInfo;
 import com.tencent.polaris.api.plugin.stat.TraceReporter;
-import com.tencent.polaris.api.pojo.Instance;
-import com.tencent.polaris.api.pojo.ServiceEventKey;
-import com.tencent.polaris.api.pojo.ServiceInfo;
-import com.tencent.polaris.api.pojo.ServiceInstances;
-import com.tencent.polaris.api.pojo.ServiceKey;
-import com.tencent.polaris.api.pojo.SourceService;
+import com.tencent.polaris.api.pojo.*;
 import com.tencent.polaris.api.rpc.RequestBaseEntity;
 import com.tencent.polaris.api.rpc.ServiceCallResult;
 import com.tencent.polaris.api.utils.CollectionUtils;
@@ -46,6 +38,9 @@
 import com.tencent.polaris.client.flow.ResourcesResponse;
 import com.tencent.polaris.discovery.client.flow.CommonInstancesRequest;
 
+import java.util.Collections;
+import java.util.List;
+
 public class DefaultAssemblyFlow implements AssemblyFlow {
 
     private SDKContext sdkContext;

polaris-assembly/polaris-assembly-factory/pom.xml

@@ -84,6 +84,11 @@
             <artifactId>event-logger</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>
+            <groupId>com.tencent.polaris</groupId>
+            <artifactId>event-tsf</artifactId>
+            <version>${project.version}</version>
+        </dependency>
 
         <!--测试依赖插件-->
         <dependency>

polaris-auth/polaris-auth-factory/pom.xml

@@ -20,6 +20,11 @@
             <artifactId>polaris-auth-client</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>
+            <groupId>com.tencent.polaris</groupId>
+            <artifactId>auth-block-allow-list</artifactId>
+            <version>${project.version}</version>
+        </dependency>
         <dependency>
             <groupId>com.tencent.polaris</groupId>
             <artifactId>polaris-client</artifactId>

polaris-circuitbreaker/polaris-circuitbreaker-factory/pom.xml

@@ -106,6 +106,11 @@
             <artifactId>event-logger</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>
+            <groupId>com.tencent.polaris</groupId>
+            <artifactId>event-tsf</artifactId>
+            <version>${project.version}</version>
+        </dependency>
 
         <!--健康检查插件-->
         <dependency>

polaris-common/polaris-client/src/main/java/com/tencent/polaris/client/flow/BaseFlow.java

@@ -297,7 +297,7 @@ private static boolean loadLocalResources(ServiceEventKey svcEventKey, Resources
     }
 
     public static Instance processLoadBalance(LoadBalancer loadBalancer, Criteria criteria,
-            ServiceInstances dstInstances, List<WeightAdjuster> weightAdjusters) throws PolarisException {
+                                              ServiceInstances dstInstances, List<WeightAdjuster> weightAdjusters) throws PolarisException {
         if (criteria == null) {
             criteria = new Criteria();
         }
@@ -357,6 +357,9 @@ public static void reportFlowEvent(Extensions extensions, FlowEvent flowEvent) {
         }
         for (EventReporter eventReporter : eventReporterList) {
             try {
+                if (!eventReporter.isEnabled()) {
+                    continue;
+                }
                 if (!eventReporter.reportEvent(flowEvent)) {
                     LOG.warn("Report event by {} failed. Flow event detail: {}", eventReporter.getName(), flowEvent);
                 }

polaris-common/polaris-config-default/src/main/resources/conf/default-config.yml

@@ -86,6 +86,12 @@ global:
     #描述: 事件上报插件名列表
     reporters:
       - logger
+    # 描述：事件上报插件配置
+    plugin:
+      # 描述：TSF 事件上报插件配置
+      tsf:
+        # 描述：TSF 事件上报开关
+        enable: false
   # 描述：Admin相关的配置
   admin:
     # 描述：Admin的监听的IP
@@ -286,7 +292,7 @@ consumer:
   weightAdjust:
     enable: true
     chain:
-      # 开启了服务预热插件，可以支持多个动态权重调整插件同时生效
+    # 开启了服务预热插件，可以支持多个动态权重调整插件同时生效
 #      - warmup
 # 被调方配置
 provider:

polaris-common/polaris-encrypt/pom.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>polaris-common</artifactId>
+        <groupId>com.tencent.polaris</groupId>
+        <version>${revision}</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>polaris-encrypt</artifactId>
+    <name>Polaris Common Encrypt</name>
+    <description>Polaris Common Encrypt JAR</description>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.tencent.polaris</groupId>
+            <artifactId>polaris-model</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>${slf4j.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcpkix-jdk15to18</artifactId>
+            <version>${bouncycastle.version}</version>
+        </dependency>
+    </dependencies>
+</project>

polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/ConfigEncryptProvider.java

@@ -0,0 +1,44 @@
+/*
+ * Tencent is pleased to support the open source community by making Polaris available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.polaris.encrypt;
+
+/**
+ * TSF 配置加密提供器接口
+ *
+ * @author hongweizhu
+ */
+public abstract class ConfigEncryptProvider {
+
+    /**
+     * 加密
+     *
+     * @param content  明文
+     * @param password 密码
+     * @return 密文
+     */
+    public abstract String encrypt(String content, String password);
+
+    /**
+     * 解密
+     *
+     * @param encryptedContent 密文
+     * @param password         密码
+     * @return 明文
+     */
+    public abstract String decrypt(String encryptedContent, String password);
+}

polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/ConfigEncryptProviderFactory.java

@@ -0,0 +1,40 @@
+/*
+ * Tencent is pleased to support the open source community by making Polaris available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.polaris.encrypt;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class ConfigEncryptProviderFactory {
+
+    private static final Logger log = LoggerFactory.getLogger(ConfigEncryptProviderFactory.class);
+
+    private static ConfigEncryptProvider configEncryptProvider = null;
+
+    public static ConfigEncryptProvider getInstance() {
+        if (null == configEncryptProvider) {
+            try {
+                Class<?> providerClass = Class.forName(EncryptConfig.getProviderClass());
+                configEncryptProvider = (ConfigEncryptProvider) providerClass.newInstance();
+            } catch (ClassNotFoundException | InstantiationException | IllegalAccessException e) {
+                log.error("get config encrypt provider error", e);
+            }
+        }
+        return configEncryptProvider;
+    }
+}

polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/EncryptConfig.java

@@ -0,0 +1,122 @@
+/*
+ * Tencent is pleased to support the open source community by making Polaris available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.polaris.encrypt;
+
+import com.tencent.polaris.api.utils.ClassUtils;
+import com.tencent.polaris.api.utils.StringUtils;
+
+public class EncryptConfig {
+
+    private static final String TSF_PASSWORD_KEY = "tsf_config_encrypt_password";
+
+    private static final String PASSWORD_KEY = "config_encrypt_password";
+
+    static {
+        // TSF 环境变量
+        if (null != System.getenv(TSF_PASSWORD_KEY)) {
+            password = System.getenv(TSF_PASSWORD_KEY);
+        }
+        // TSF JVM参数
+        if (null != System.getProperty(TSF_PASSWORD_KEY)) {
+            password = System.getProperty(TSF_PASSWORD_KEY);
+        }
+        // 环境变量
+        if (null != System.getenv(PASSWORD_KEY)) {
+            password = System.getenv(PASSWORD_KEY);
+        }
+        // JVM参数
+        if (null != System.getProperty(PASSWORD_KEY)) {
+            password = System.getProperty(PASSWORD_KEY);
+        }
+    }
+
+    /**
+     * 加密前缀
+     */
+    public static String ENCRYPT_PREFIX = "ENC(";
+    /**
+     * 加密后缀
+     */
+    public static String ENCRYPT_SUFFIX = ")";
+
+    /**
+     * 密码
+     */
+    private static String password;
+
+    /**
+     * 加解密提供器类名
+     */
+    private static String providerClass = "com.tencent.polaris.encrypt.impl.ConfigEncryptAESProvider";
+
+    /**
+     * 是否开启配置，判断 password 是否为空
+     */
+    public static Boolean getEnabled() {
+        return StringUtils.isNotBlank(password);
+    }
+
+    public static String getPassword() {
+        return EncryptConfig.password;
+    }
+
+    public static void setPassword(String password) {
+        EncryptConfig.password = password;
+    }
+
+    public static ConfigEncryptProvider getProvider() {
+        return ConfigEncryptProviderFactory.getInstance();
+    }
+
+    public static String getProviderClass() {
+        return providerClass;
+    }
+
+    public static void setProviderClass(String providerClass) {
+        EncryptConfig.providerClass = providerClass;
+    }
+
+    /**
+     * 是否需要进行解密
+     *
+     * @param content 判断对象
+     * @return true：需要解密；false：不需要解密
+     */
+    public static Boolean needDecrypt(Object content) {
+        if (null == content || !ClassUtils.isClassPresent("org.bouncycastle.jce.provider.BouncyCastleProvider")) {
+            return false;
+        } else {
+            String stringValue = String.valueOf(content);
+            return stringValue.startsWith(ENCRYPT_PREFIX) && stringValue.endsWith(ENCRYPT_SUFFIX);
+        }
+    }
+
+    /**
+     * 获取真实密文
+     *
+     * @param content 原始配置值
+     * @return 真实密文
+     */
+    public static String realContent(Object content) {
+        if (null != content) {
+            String stringValue = String.valueOf(content);
+            return stringValue.substring(ENCRYPT_PREFIX.length(), stringValue.length() - ENCRYPT_SUFFIX.length());
+        }
+        return null;
+    }
+}