[Fix][util] 修改 encryption_algorithm 默认值(TSG-22652)

author: wangwei <[email protected]> 2024-11-06 17:25:35 +0800
committer: wangwei <[email protected]> 2024-11-06 17:25:35 +0800
commit: ba87cc078d726fbe8715258061efe573ff408628 (patch)
tree: 3a4a5cf1a4dba96b58fc803c8cba6c55bcc6f9ec
parent: ad32855bd20e5792303215e6e04829cc27f3c21f (diff)
4 files changed, 33 insertions, 17 deletions
diff --git a/config/nacos/config/fixed-127.0.0.1_8848-cn_nacos/data/config-data-tenant/cn/Galaxy/galaxy-qgw-service.yml b/config/nacos/config/fixed-127.0.0.1_8848-cn_nacos/data/config-data-tenant/cn/Galaxy/galaxy-qgw-service.yml
index 081b4808..41603c87 100644
--- a/config/nacos/config/fixed-127.0.0.1_8848-cn_nacos/data/config-data-tenant/cn/Galaxy/galaxy-qgw-service.yml
+++ b/config/nacos/config/fixed-127.0.0.1_8848-cn_nacos/data/config-data-tenant/cn/Galaxy/galaxy-qgw-service.yml
@@ -132,10 +132,11 @@ knowledge:
     builtIn: 64af7077-eb9b-4b8f-80cf-2ceebc89bea9_latest
     asn: f9f6bc91-2142-4673-8249-e097c00fe1ea_latest
 vault:
-  url: https://192.168.40.223:8200
-  username: tsg_olap
-  password: tsg_olap
+  url: https://192.168.44.12:8200
+  username: ENC(kBsLwvQvA/y2bh2fErd19A==)
+  password: ENC(FEqlbg59V9EIt+SYZJt1HC8o3GKo0Md0)
   keyPath: tsg_olap/transit
+  identifier: aes-128-gcm
   ssl: ## SSL/TLS 客户端链接配置
     skipVerification: true                      # 忽略SSL证书校验
     privateKeyPath: /path/to/certs/worker.key   # 客户端私钥文件路径
@@ -151,7 +152,7 @@ http:
       per:
         route: 200
     request:
-      timeout: 10000
+      timeout: 30000
     response:
       timeout: 120000
 ## job cfg
diff --git a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/galaxy-qgw-service.yml b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/galaxy-qgw-service.yml
index b35b6036..6d9774f2 100644
--- a/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/galaxy-qgw-service.yml
+++ b/config/nacos/config/fixed-127.0.0.1_8848-tsg_nacos/data/config-data-tenant/tsg/Galaxy/galaxy-qgw-service.yml
@@ -132,10 +132,11 @@ knowledge:
     builtIn: 64af7077-eb9b-4b8f-80cf-2ceebc89bea9_latest
     asn: f9f6bc91-2142-4673-8249-e097c00fe1ea_latest
 vault:
-  url: https://192.168.40.223:8200
-  username: tsg_olap
-  password: tsg_olap
+  url: https://192.168.44.12:8200
+  username: ENC(kBsLwvQvA/y2bh2fErd19A==)
+  password: ENC(FEqlbg59V9EIt+SYZJt1HC8o3GKo0Md0)
   keyPath: tsg_olap/transit
+  identifier: aes-128-gcm
   ssl: ## SSL/TLS 客户端链接配置
     skipVerification: true                      # 忽略SSL证书校验
     privateKeyPath: /path/to/certs/worker.key   # 客户端私钥文件路径
diff --git a/src/main/java/com/mesalab/common/configuration/VaultConfiguration.java b/src/main/java/com/mesalab/common/configuration/VaultConfiguration.java
index 5a4ea3ee..3903948a 100644
--- a/src/main/java/com/mesalab/common/configuration/VaultConfiguration.java
+++ b/src/main/java/com/mesalab/common/configuration/VaultConfiguration.java
@@ -12,27 +12,30 @@ import org.springframework.context.annotation.Configuration;
 @Data
 @Configuration
 public class VaultConfiguration {
-    @NacosValue("${vault.url}")
+    @NacosValue(value = "${vault.url}", autoRefreshed = true)
     private String url;
 
-    @NacosValue("${vault.username}")
+    @NacosValue(value = "${vault.username}", autoRefreshed = true)
     private String username;
 
-    @NacosValue("${vault.password}")
+    @NacosValue(value = "${vault.password}", autoRefreshed = true)
     private String password;
 
-    @NacosValue("${vault.keyPath}")
+    @NacosValue(value = "${vault.keyPath}", autoRefreshed = true)
     private String keyPath;
 
-    @NacosValue("${vault.ssl.skipVerification}")
+    @NacosValue(value = "${vault.identifier}", autoRefreshed = true)
+    private String identifier;
+
+    @NacosValue(value = "${vault.ssl.skipVerification}", autoRefreshed = true)
     private boolean sslSkipVerification;
 
-    @NacosValue("${vault.ssl.privateKeyPath}")
+    @NacosValue(value = "${vault.ssl.privateKeyPath}", autoRefreshed = true)
     private String sslPrivateKeyPath;
 
-    @NacosValue("${vault.ssl.certificatePath}")
+    @NacosValue(value = "${vault.ssl.certificatePath}", autoRefreshed = true)
     private String sslCertificatePath;
 
-    @NacosValue("${vault.ssl.caCertificatePath}")
+    @NacosValue(value = "${vault.ssl.caCertificatePath}", autoRefreshed = true)
     private String sslCaCertificatePath;
 }
diff --git a/src/main/java/com/mesalab/qgw/controller/UtilController.java b/src/main/java/com/mesalab/qgw/controller/UtilController.java
index 376c31dc..7c6cdf88 100644
--- a/src/main/java/com/mesalab/qgw/controller/UtilController.java
+++ b/src/main/java/com/mesalab/qgw/controller/UtilController.java
@@ -3,6 +3,7 @@ package com.mesalab.qgw.controller;
 import cn.hutool.log.Log;
 import cn.hutool.log.LogFactory;
 import com.geedgenetworks.utils.StringUtil;
+import com.mesalab.common.configuration.VaultConfiguration;
 import com.mesalab.common.entity.BaseResult;
 import com.mesalab.common.enums.EncryptionAlgorithm;
 import com.mesalab.common.enums.HttpStatusCodeEnum;
@@ -22,8 +23,8 @@ public class UtilController {
 
     private static final Log log = LogFactory.get();
     private final static int CIPHERTEXT_LIST_MAX_SIZE = 100;
-    @Autowired
     private UtilService utilService;
+    private VaultConfiguration vaultConfiguration;
 
     @GetMapping(value = "/sql-parser", consumes = "application/x-www-form-urlencoded")
     @AuditLog("UtilController.getSQLSyntaxTree")
@@ -51,7 +52,7 @@ public class UtilController {
                     String.format(CommonErrorCode.PARAMETER_ERROR.getMessage(), "This ciphertext_list cannot be empty and must contain at most 100 items."));
         }
         if (StringUtil.isEmpty(param.getEncryptionAlgorithm())) {
-            param.setEncryptionAlgorithm(EncryptionAlgorithm.AES_128_GCM96.getValue());
+            param.setEncryptionAlgorithm(vaultConfiguration.getIdentifier());
         }
         if (!EncryptionAlgorithm.isValid(param.getEncryptionAlgorithm())) {
             throw new QGWBusinessException(HttpStatusCodeEnum.BAD_REQUEST.getCode(), CommonErrorCode.PARAMETER_ERROR.getCode(),
@@ -60,4 +61,14 @@ public class UtilController {
         return utilService.decryptWithKMS(param);
     }
 
+    @Autowired
+    public void setVaultConfiguration(VaultConfiguration vaultConfiguration) {
+        this.vaultConfiguration = vaultConfiguration;
+    }
+
+    @Autowired
+    public void setUtilService(UtilService utilService) {
+        this.utilService = utilService;
+    }
+
 }
author	wangwei <[email protected]>	2024-11-06 17:25:35 +0800
committer	wangwei <[email protected]>	2024-11-06 17:25:35 +0800
commit	ba87cc078d726fbe8715258061efe573ff408628 (patch)
tree	3a4a5cf1a4dba96b58fc803c8cba6c55bcc6f9ec
parent	ad32855bd20e5792303215e6e04829cc27f3c21f (diff)