新增kafka用户名密码加密 TSG-8835

author: qidaijie <[email protected]> 2022-03-16 17:46:39 +0800
committer: qidaijie <[email protected]> 2022-03-16 17:46:39 +0800
commit: 3f6af58d788e82d49a14703dce6186f7a0d8ccd1 (patch)
tree: 07060fe10eacfa2c1395cb4bffdeadddf3328f07
parent: d663e4b5ce776725a09ad075a35e1b19f77c01a5 (diff)
5 files changed, 36 insertions, 14 deletions
diff --git a/pom.xml b/pom.xml
index 69d563f..068ad0d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>com.zdjizhi</groupId>
     <artifactId>log-completion-schema</artifactId>
-    <version>220308-IngestionTime</version>
+    <version>220316-encryption</version>
 
     <name>log-completion-schema</name>
     <url>http://www.example.com</url>
@@ -37,6 +37,7 @@
         <hadoop.version>2.7.1</hadoop.version>
         <kafka.version>1.0.0</kafka.version>
         <hbase.version>2.2.3</hbase.version>
+        <nacos.version>1.4.1</nacos.version>
         <scope.type>provided</scope.type>
         <!--<scope.type>compile</scope.type>-->
     </properties>
@@ -287,6 +288,20 @@
             <scope>test</scope>
         </dependency>
 
+        <!-- https://mvnrepository.com/artifact/com.alibaba.nacos/nacos-client -->
+        <dependency>
+            <groupId>com.alibaba.nacos</groupId>
+            <artifactId>nacos-client</artifactId>
+            <version>${nacos.version}</version>
+        </dependency>
+
+        <!-- https://mvnrepository.com/artifact/org.jasypt/jasypt -->
+        <dependency>
+            <groupId>org.jasypt</groupId>
+            <artifactId>jasypt</artifactId>
+            <version>1.9.3</version>
+        </dependency>
+
     </dependencies>
 </project>
 
diff --git a/properties/default_config.properties b/properties/default_config.properties
index 6a01de4..cee5c76 100644
--- a/properties/default_config.properties
+++ b/properties/default_config.properties
@@ -28,11 +28,11 @@ buffer.memory=134217728
 #10M
 max.request.size=10485760
 #====================kafka default====================#
-#kafka SASL验证用户名
-kafka.user=admin
+#kafka SASL验证用户名-加密
+kafka.user=nsyGpHKGFA4KW0zro9MDdw==
 
-#kafka SASL及SSL验证密码
-kafka.pin=galaxy2019
+#kafka SASL及SSL验证密码-加密
+kafka.pin=6MleDyA3Z73HSaXiKsDJ2k7Ys8YWLhEJ
 #====================Topology Default====================#
 
 #hbase table name
@@ -42,7 +42,7 @@ hbase.table.name=tsg_galaxy:relation_framedip_account
 mail.default.charset=UTF-8
 
 #0不做任何校验，1弱类型校验
-log.transform.type=0
+log.transform.type=1
 
 #两个输出之间的最大时间(单位milliseconds)
 buffer.timeout=5000
 \ No newline at end of file
diff --git a/properties/service_flow_config.properties b/properties/service_flow_config.properties
index df12fa7..3640a70 100644
--- a/properties/service_flow_config.properties
+++ b/properties/service_flow_config.properties
@@ -17,7 +17,7 @@ hbase.zookeeper.servers=192.168.44.12:2181
 tools.library=D:\\workerspace\\dat\\
 
 #网关的schema位置
-schema.http=http://192.168.44.12:9999/metadata/schema/v1/fields/session_record
+schema.http=http://192.168.44.67:9999/metadata/schema/v1/fields/session_record
 
 #网关APP_ID 获取接口
 app.id.http=http://192.168.44.67:9999/open-api/appDicList
diff --git a/src/main/java/com/zdjizhi/common/FlowWriteConfig.java b/src/main/java/com/zdjizhi/common/FlowWriteConfig.java
index ebc8eeb..eab9f06 100644
--- a/src/main/java/com/zdjizhi/common/FlowWriteConfig.java
+++ b/src/main/java/com/zdjizhi/common/FlowWriteConfig.java
@@ -2,12 +2,19 @@ package com.zdjizhi.common;
 
 
 import com.zdjizhi.utils.system.FlowWriteConfigurations;
+import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
 
 /**
  * @author Administrator
  */
 public class FlowWriteConfig {
 
+    private static StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
+
+    static {
+        encryptor.setPassword("galaxy");
+    }
+
     public static final int IF_PARAM_LENGTH = 3;
     public static final String VISIBILITY = "disabled";
     public static final String FORMAT_SPLITTER = ",";
@@ -52,8 +59,9 @@ public class FlowWriteConfig {
     public static final String PRODUCER_ACK = FlowWriteConfigurations.getStringProperty(0, "producer.ack");
     public static final String TOOLS_LIBRARY = FlowWriteConfigurations.getStringProperty(0, "tools.library");
     public static final String PRODUCER_KAFKA_COMPRESSION_TYPE = FlowWriteConfigurations.getStringProperty(0, "producer.kafka.compression.type");
-    public static final String KAFKA_USER = FlowWriteConfigurations.getStringProperty(1, "kafka.user");
-    public static final String KAFKA_PIN = FlowWriteConfigurations.getStringProperty(1, "kafka.pin");
+    public static final String KAFKA_SASL_JAAS_USER = encryptor.decrypt(FlowWriteConfigurations.getStringProperty(1, "kafka.user"));
+    public static final String KAFKA_SASL_JAAS_PIN = encryptor.decrypt(FlowWriteConfigurations.getStringProperty(1, "kafka.pin"));
+
 
     /**
      * connection kafka
@@ -71,5 +79,4 @@ public class FlowWriteConfig {
     public static final String SCHEMA_HTTP = FlowWriteConfigurations.getStringProperty(0, "schema.http");
     public static final String APP_ID_HTTP = FlowWriteConfigurations.getStringProperty(0, "app.id.http");
 
-
 }
 \ No newline at end of file
diff --git a/src/main/java/com/zdjizhi/utils/kafka/CertUtils.java b/src/main/java/com/zdjizhi/utils/kafka/CertUtils.java
index fe86fe7..ce059f8 100644
--- a/src/main/java/com/zdjizhi/utils/kafka/CertUtils.java
+++ b/src/main/java/com/zdjizhi/utils/kafka/CertUtils.java
@@ -33,15 +33,15 @@ class CertUtils {
             properties.put("security.protocol", "SASL_PLAINTEXT");
             properties.put("sasl.mechanism", "PLAIN");
             properties.put("sasl.jaas.config", "org.apache.kafka.common.security.plain.PlainLoginModule required username="
-                    + FlowWriteConfig.KAFKA_USER + " password=" + FlowWriteConfig.KAFKA_PIN + ";");
+                    + FlowWriteConfig.KAFKA_SASL_JAAS_USER + " password=" + FlowWriteConfig.KAFKA_SASL_JAAS_PIN + ";");
         } else if (servers.contains(SSL_PORT)) {
             properties.put("security.protocol", "SSL");
             properties.put(SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG, "");
             properties.put("ssl.keystore.location", FlowWriteConfig.TOOLS_LIBRARY + "keystore.jks");
-            properties.put("ssl.keystore.password", FlowWriteConfig.KAFKA_PIN);
+            properties.put("ssl.keystore.password", FlowWriteConfig.KAFKA_SASL_JAAS_PIN);
             properties.put("ssl.truststore.location", FlowWriteConfig.TOOLS_LIBRARY + "truststore.jks");
-            properties.put("ssl.truststore.password", FlowWriteConfig.KAFKA_PIN);
-            properties.put("ssl.key.password", FlowWriteConfig.KAFKA_PIN);
+            properties.put("ssl.truststore.password", FlowWriteConfig.KAFKA_SASL_JAAS_PIN);
+            properties.put("ssl.key.password", FlowWriteConfig.KAFKA_SASL_JAAS_PIN);
         }
 
     }
author	qidaijie <[email protected]>	2022-03-16 17:46:39 +0800
committer	qidaijie <[email protected]>	2022-03-16 17:46:39 +0800
commit	3f6af58d788e82d49a14703dce6186f7a0d8ccd1 (patch)
tree	07060fe10eacfa2c1395cb4bffdeadddf3328f07
parent	d663e4b5ce776725a09ad075a35e1b19f77c01a5 (diff)