1、完善推送kafka 的消息进行SM4加密

2、新增探针侧进行IP联动封禁的功能
2026-05-06 17:28:16 +08:00
parent c0063a5a44
commit 206985a65e
17 changed files with 650 additions and 6 deletions
@@ -11,10 +11,13 @@ import com.netty.SyslogServer;
 import  com.haobang.config.AppConfig;
 import org.springframework.cache.annotation.EnableCaching;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.scheduling.annotation.EnableScheduling;
 import com.netty.SyslogServerBoth;

+
@MapperScan("com.common.mapper")
@SpringBootApplication
+@EnableScheduling
 public class SyslogServeMainApp {

    private static final Logger logger = LoggerFactory.getLogger(SyslogServeMainApp.class);
@@ -0,0 +1,22 @@
+package com.common.controller;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.*;
+import com.common.entity.BlockResponse;
+import com.common.service.BlacklistApiService;
+
+
+@RestController
+@RequestMapping("/api/blacklist")
+public class BlacklistController {
+
+    @Autowired
+    private BlacklistApiService blacklistApiService;
+
+    @PostMapping("/add")
+    public BlockResponse addIp(@RequestParam String ip,
+                                   @RequestParam(defaultValue = "300") String age,
+                                   @RequestParam(defaultValue = "1") String enable) {
+        return blacklistApiService.addToBlacklist(ip, age, enable);
+    }
+}
@@ -0,0 +1,18 @@
+package com.common.entity;
+
+public class BlacklistApiProperties {
+    private final String url;
+    private final String username;
+    private final String password;
+
+    public BlacklistApiProperties(String url, String username, String password) {
+        this.url = url;
+        this.username = username;
+        this.password = password;
+    }
+
+    // getters
+    public String getUrl() { return url; }
+    public String getUsername() { return username; }
+    public String getPassword() { return password; }
+}
@@ -0,0 +1,22 @@
+package com.common.entity;
+
+public class BlacklistRequest {
+    private String blist;
+    private String age;
+    private String enable;
+
+    // 构造器、getter/setter
+    public BlacklistRequest() {}
+    public BlacklistRequest(String blist, String age, String enable) {
+        this.blist = blist;
+        this.age = age;
+        this.enable = enable;
+    }
+
+    public String getBlist() { return blist; }
+    public void setBlist(String blist) { this.blist = blist; }
+    public String getAge() { return age; }
+    public void setAge(String age) { this.age = age; }
+    public String getEnable() { return enable; }
+    public void setEnable(String enable) { this.enable = enable; }
+}
@@ -0,0 +1,19 @@
+package com.common.entity;
+import lombok.Data;
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.Pattern;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+@Data
+@JsonIgnoreProperties(ignoreUnknown = true)
+@JsonTypeInfo(use = JsonTypeInfo.Id.NONE)  // 强制禁用类型标识
+public class BlockRequest {
+    @NotBlank(message = "IP不能为空")
+    @Pattern(regexp = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",
+            message = "无效的IPv4地址")
+    private String ip;
+
+    private String reason;  // 可选：封堵原因
+
+    // getters & setters
+}
@@ -0,0 +1,21 @@
+package com.common.entity;
+
+import lombok.Data;
+@Data
+public class BlockResponse {
+
+
+    private int code;
+    private String message;
+    private Object data;
+
+
+    // 全参构造器
+    public BlockResponse(int code, String message, Object data) {
+        this.code = code;
+        this.message = message;
+        this.data = data;
+    }
+
+    // 构造器、getters & setters
+}
@@ -0,0 +1,46 @@
+package com.common.service;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.*;
+import org.springframework.stereotype.Service;
+import org.springframework.web.client.RestTemplate;
+
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import com.common.entity.BlacklistApiProperties;
+import com.common.entity.BlacklistRequest;
+import com.common.entity.BlockResponse;
+@Service
+public class BlacklistApiService {
+
+    @Autowired
+    private RestTemplate restTemplate;
+
+    @Autowired
+    private BlacklistApiProperties apiProperties;
+
+    public BlockResponse addToBlacklist(String ip, String age, String enable) {
+        String url = apiProperties.getUrl();
+
+        // 构建请求体
+        BlacklistRequest requestBody = new BlacklistRequest(ip, age, enable);
+
+        // 设置请求头
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.APPLICATION_JSON);
+
+        // Basic Auth 编码（密码含特殊字符 % 无需额外处理，Base64 直接编码字节）
+        String auth = apiProperties.getUsername() + ":" + apiProperties.getPassword();
+        byte[] encodedAuth = Base64.getEncoder().encode(auth.getBytes(StandardCharsets.ISO_8859_1));
+        String authHeader = "Basic " + new String(encodedAuth, StandardCharsets.ISO_8859_1);
+        headers.set("Authorization", authHeader);
+
+        HttpEntity<BlacklistRequest> entity = new HttpEntity<>(requestBody, headers);
+
+        // 发送 POST 请求
+        ResponseEntity<BlockResponse> response = restTemplate.exchange(
+                url, HttpMethod.POST, entity, BlockResponse.class);
+
+        return response.getBody();
+    }
+}
@@ -0,0 +1,50 @@
+package com.config;
+
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+import org.springframework.web.client.RestTemplate;
+import com.common.entity.BlacklistApiProperties;
+import javax.net.ssl.SSLContext;
+
+@Configuration
+public class RestTemplateConfig {
+
+    @Value("${blacklist.api.url}")
+    private String apiUrl;
+
+    @Value("${blacklist.api.username}")
+    private String username;
+
+    @Value("${blacklist.api.password}")
+    private String password;
+
+    @Bean
+    public RestTemplate restTemplate() throws Exception {
+        // 忽略 SSL 证书验证（仅用于内网/测试环境，生产环境建议使用真实证书）
+        SSLContext sslContext = SSLContextBuilder.create()
+                .loadTrustMaterial((chain, authType) -> true)
+                .build();
+
+        SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
+                sslContext, NoopHostnameVerifier.INSTANCE);
+
+        CloseableHttpClient httpClient = HttpClients.custom()
+                .setSSLSocketFactory(socketFactory)
+                .build();
+
+        HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
+        return new RestTemplate(factory);
+    }
+
+    @Bean
+    public BlacklistApiProperties blacklistApiProperties() {
+        return new BlacklistApiProperties(apiUrl, username, password);
+    }
+}
@@ -128,5 +128,8 @@ public class AppConfig {
        return config.getInt("app.service.device_collect_id");
    }

+    public static String  getSM4Key() {
+        return config.getString("syslog.sm4.generateKey");
+    }

 }
@@ -0,0 +1,137 @@
+package com.haobang.util;
+
+import cn.hutool.core.util.HexUtil;
+import cn.hutool.crypto.Mode;
+import cn.hutool.crypto.Padding;
+import cn.hutool.crypto.SmUtil;
+import cn.hutool.crypto.symmetric.SM4;
+import cn.hutool.crypto.symmetric.SymmetricCrypto;
+import javax.crypto.spec.IvParameterSpec;
+import java.nio.charset.StandardCharsets;
+import java.security.Security;
+import java.util.Base64;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+import cn.hutool.core.util.HexUtil;
+import cn.hutool.core.util.RandomUtil;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+
+/**
+ * 国密SM4加解密工具类
+ * 基于 Hutool + Bouncy Castle 实现，支持 ECB 和 CBC 模式
+ */
+public class Sm4Util {
+
+    /**
+     * 生成 SM4 密钥（16字节，128位）
+     * @return 十六进制字符串格式的密钥
+     */
+    public static String generateKey() {
+        byte[] key = SmUtil.sm4().getSecretKey().getEncoded();
+        return HexUtil.encodeHexStr(key);
+    }
+
+    // ==================== ECB 模式（电子密码本模式） ====================
+    // 注意：ECB 模式不需要 IV，但安全性较低，不适合加密大量数据
+
+    /**
+     * 使用 ECB 模式加密
+     * @param plainText 明文
+     * @param hexKey    十六进制字符串格式的密钥
+     * @return Base64 编码的密文
+     */
+    public static String encryptEcb(String plainText, String hexKey) {
+        SM4 sm4 = new SM4(HexUtil.decodeHex(hexKey));
+        return sm4.encryptBase64(plainText);
+    }
+
+    /**
+     * 使用 ECB 模式解密
+     * @param cipherText Base64 编码的密文
+     * @param hexKey     十六进制字符串格式的密钥
+     * @return 明文
+     */
+    public static String decryptEcb(String cipherText, String hexKey) {
+        SM4 sm4 = new SM4(HexUtil.decodeHex(hexKey));
+        return sm4.decryptStr(cipherText);
+    }
+
+    // ==================== CBC 模式（密码分组链接模式） ====================
+    // 推荐使用：需要 IV（初始化向量），安全性更高
+
+
+    static {
+        // 静态代码块中统一注册 Provider，确保全局生效
+        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
+            Security.addProvider(new BouncyCastleProvider());
+        }
+    }
+
+    /**
+     * CBC 模式加密（推荐）
+     * @param plainText 明文
+     * @param hexKey    十六进制字符串格式的密钥
+     * @return 格式为 "Base64(IV):Base64(密文)" 的字符串
+     */
+    public static String encryptCbc(String plainText, String hexKey) {
+        // 1. 随机生成16字节 IV
+        byte[] iv = RandomUtil.randomBytes(16);
+        // 2. 将 IV 包装为 AlgorithmParameterSpec
+        IvParameterSpec ivSpec = new IvParameterSpec(iv);
+        // 3. 将十六进制密钥转为字节数组并包装为 SecretKey
+        byte[] keyBytes = HexUtil.decodeHex(hexKey);
+        SecretKey secretKey = new SecretKeySpec(keyBytes, "SM4");
+        // 4. 创建加解密器
+        SymmetricCrypto sm4 = new SymmetricCrypto("SM4/CBC/PKCS5Padding", secretKey, ivSpec);
+        // 5. 执行加密
+        String encryptedBase64 = sm4.encryptBase64(plainText);
+        String ivBase64 = Base64.getEncoder().encodeToString(iv);
+        return ivBase64 + ":" + encryptedBase64;
+    }
+
+    /**
+     * CBC 模式解密
+     * @param cipherTextWithIv 由 encryptCbc 生成的字符串
+     * @param hexKey           十六进制密钥
+     * @return 明文
+     */
+    public static String decryptCbc(String cipherTextWithIv, String hexKey) {
+        String[] parts = cipherTextWithIv.split(":");
+        if (parts.length != 2) {
+            throw new IllegalArgumentException("无效的密文格式，应为 'IV:密文'");
+        }
+        // 1. 解析 IV
+        byte[] iv = Base64.getDecoder().decode(parts[0]);
+        IvParameterSpec ivSpec = new IvParameterSpec(iv);
+        // 2. 解析密钥
+        byte[] keyBytes = HexUtil.decodeHex(hexKey);
+        SecretKey secretKey = new SecretKeySpec(keyBytes, "SM4");
+        // 3. 创建解密器（算法参数必须与加密时完全一致）
+        SymmetricCrypto sm4 = new SymmetricCrypto("SM4/CBC/PKCS5Padding", secretKey, ivSpec);
+        // 4. 解密
+        return sm4.decryptStr(parts[1]);
+    }
+    public static void main(String[] args) {
+        // 1. 生成 SM4 密钥（128位，十六进制字符串）
+        String hexKey = Sm4Util.generateKey();
+        System.out.println("生成的密钥（十六进制）: " + hexKey);
+        System.out.println("密钥长度: " + HexUtil.decodeHex(hexKey).length + " 字节");
+
+        // 2. 原始明文（包含中文和英文，测试字符集兼容性）
+        String plainText = "Hello 国密算法！SM4 加解密测试。123456";
+        System.out.println("原始明文: " + plainText);
+
+        // 3. 使用 CBC 模式加密
+        String encryptedWithIv = Sm4Util.encryptCbc(plainText, hexKey);
+        System.out.println("加密结果（IV:密文）: " + encryptedWithIv);
+
+        // 4. 使用 CBC 模式解密
+        String decryptedText = Sm4Util.decryptCbc(encryptedWithIv, hexKey);
+        System.out.println("解密后的明文: " + decryptedText);
+
+        // 5. 验证加解密是否一致
+        boolean success = plainText.equals(decryptedText);
+        System.out.println("加解密验证结果: " + (success ? "成功" : " 失败"));
+    }
+}
@@ -1,5 +1,6 @@
 package com.kafka;
 import com.common.entity.DeviceDevice;
+import com.haobang.util.Sm4Util;
 import org.apache.kafka.clients.producer.*;
 import org.apache.kafka.common.serialization.StringSerializer;

@@ -17,7 +18,7 @@ import com.haobang.util.DeviceInfoUtil;
 public class kafkaProducer {

    private static final Logger logger = LoggerFactory.getLogger(kafkaProducer.class);
-
+    private static String strhexKey=AppConfig.getSM4Key();
    public static void main(String[] args) {
       // System.out.println(getFullLogString("syslogmessage"));

@@ -100,9 +101,14 @@ public class kafkaProducer {
                //String value = DeviceInfoUtil.getFullLogString(strSyslog);
                //采用动态获取Syslog 请求的设备信息
                String value = DeviceInfoUtil.getFullLogString(deviceDevice,strSyslog,strReceiveTime);
+
+                //Message进行SM4加密写入kafka
+                String Sm4message= Sm4Util.encryptCbc(value, strhexKey);
+                System.out.println("Sm4message:"+Sm4message);
+
                // 创建生产者记录
                ProducerRecord<String, String> record =
-                        new ProducerRecord<>(AppConfig.getKafkaProducerTopic(), key, value);
+                        new ProducerRecord<>(AppConfig.getKafkaProducerTopic(), key, Sm4message);

                // 发送消息（异步方式）
                producer.send(record, new Callback() {
@@ -9,6 +9,8 @@ import org.slf4j.LoggerFactory;
 import java.net.InetSocketAddress;
 import com.kafka.kafkaProducer;
 import com.Modules.Device.DeviceProcess;
+import com.haobang.util.Sm4Util;
+import com.haobang.config.AppConfig;
 /**
 * Syslog 消息处理器
 */