chore: 修复sonar漏洞

abi-cloud-qr-platform-common/src/main/java/com/abi/task/common/utils/AESEncodeTwoUtil.java

@@ -1,91 +1,91 @@
-/**
- * com Inc.
- * Copyright (c) 2016-2021 All Rights Reserved.
- */
-package com.abi.task.common.utils;
-
-import org.apache.commons.codec.binary.Base64;
-import org.springframework.stereotype.Component;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.DESKeySpec;
-import java.security.SecureRandom;
-
-/**
- * @description: AESEncodeTwoUtil
- * <p></p>
- * @author: Yerik Stone
- * @create: at 2021-03-30 10:30
- * @version: 1.0.0
- * @history: modify history
- * <author>              <time>              <version>              <desc>
- */
-@Component
-public class AESEncodeTwoUtil {
-    private String key = "";
-    private static final String DES = "DES";
-
-    public AESEncodeTwoUtil() {
-    }
-
-    public static String encrypt(String src) {
-        try {
-            SecureRandom sr = new SecureRandom();
-            DESKeySpec dks = new DESKeySpec("CPnb66hrzjgzKfGoTbXgndWG".getBytes());
-            SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
-            SecretKey securekey = keyFactory.generateSecret(dks);
-            Cipher cipher = Cipher.getInstance("DES");
-            cipher.init(1, securekey, sr);
-            return Base64.encodeBase64String(cipher.doFinal(src.getBytes()));
-        } catch (Exception var6) {
-            return null;
-        }
-    }
-
-    public static String decrypt(String src) {
-        try {
-            SecureRandom sr = new SecureRandom();
-            DESKeySpec dks = new DESKeySpec("CPnb66hrzjgzKfGoTbXgndWG".getBytes());
-            SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
-            SecretKey securekey = keyFactory.generateSecret(dks);
-            Cipher cipher = Cipher.getInstance("DES");
-            cipher.init(2, securekey, sr);
-            return new String(Base64.decodeBase64(cipher.doFinal(src.getBytes())), "UTF-8");
-        } catch (Exception var6) {
-            return null;
-        }
-    }
-
-    public static String byte2hex(byte[] b) {
-        String hs = "";
-        String stmp = "";
-
-        for (int n = 0; n < b.length; ++n) {
-            stmp = Integer.toHexString(b[n] & 255);
-            if (stmp.length() == 1) {
-                hs = hs + "0" + stmp;
-            } else {
-                hs = hs + stmp;
-            }
-        }
-
-        return hs.toUpperCase();
-    }
-
-    public static byte[] hex2byte(byte[] b) {
-        if (b.length % 2 != 0) {
-            throw new IllegalArgumentException("长度不是偶数");
-        } else {
-            byte[] b2 = new byte[b.length / 2];
-
-            for (int n = 0; n < b.length; n += 2) {
-                String item = new String(b, n, 2);
-                b2[n / 2] = (byte) Integer.parseInt(item, 16);
-            }
-
-            return b2;
-        }
-    }
-}
+///**
+// * com Inc.
+// * Copyright (c) 2016-2021 All Rights Reserved.
+// */
+//package com.abi.task.common.utils;
+//
+//import org.apache.commons.codec.binary.Base64;
+//import org.springframework.stereotype.Component;
+//
+//import javax.crypto.Cipher;
+//import javax.crypto.SecretKey;
+//import javax.crypto.SecretKeyFactory;
+//import javax.crypto.spec.DESKeySpec;
+//import java.security.SecureRandom;
+//
+///**
+// * @description: AESEncodeTwoUtil
+// * <p></p>
+// * @author: Yerik Stone
+// * @create: at 2021-03-30 10:30
+// * @version: 1.0.0
+// * @history: modify history
+// * <author>              <time>              <version>              <desc>
+// */
+//@Component
+//public class AESEncodeTwoUtil {
+//    private String key = "";
+//    private static final String DES = "DES";
+//
+//    public AESEncodeTwoUtil() {
+//    }
+//
+//    public static String encrypt(String src) {
+//        try {
+//            SecureRandom sr = new SecureRandom();
+//            DESKeySpec dks = new DESKeySpec("CPnb66hrzjgzKfGoTbXgndWG".getBytes());
+//            SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
+//            SecretKey securekey = keyFactory.generateSecret(dks);
+//            Cipher cipher = Cipher.getInstance("DES");
+//            cipher.init(1, securekey, sr);
+//            return Base64.encodeBase64String(cipher.doFinal(src.getBytes()));
+//        } catch (Exception var6) {
+//            return null;
+//        }
+//    }
+//
+//    public static String decrypt(String src) {
+//        try {
+//            SecureRandom sr = new SecureRandom();
+//            DESKeySpec dks = new DESKeySpec("CPnb66hrzjgzKfGoTbXgndWG".getBytes());
+//            SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
+//            SecretKey securekey = keyFactory.generateSecret(dks);
+//            Cipher cipher = Cipher.getInstance("DES");
+//            cipher.init(2, securekey, sr);
+//            return new String(Base64.decodeBase64(cipher.doFinal(src.getBytes())), "UTF-8");
+//        } catch (Exception var6) {
+//            return null;
+//        }
+//    }
+//
+//    public static String byte2hex(byte[] b) {
+//        String hs = "";
+//        String stmp = "";
+//
+//        for (int n = 0; n < b.length; ++n) {
+//            stmp = Integer.toHexString(b[n] & 255);
+//            if (stmp.length() == 1) {
+//                hs = hs + "0" + stmp;
+//            } else {
+//                hs = hs + stmp;
+//            }
+//        }
+//
+//        return hs.toUpperCase();
+//    }
+//
+//    public static byte[] hex2byte(byte[] b) {
+//        if (b.length % 2 != 0) {
+//            throw new IllegalArgumentException("长度不是偶数");
+//        } else {
+//            byte[] b2 = new byte[b.length / 2];
+//
+//            for (int n = 0; n < b.length; n += 2) {
+//                String item = new String(b, n, 2);
+//                b2[n / 2] = (byte) Integer.parseInt(item, 16);
+//            }
+//
+//            return b2;
+//        }
+//    }
+//}

abi-cloud-qr-platform-server/src/main/java/com/abi/qms/platform/infrastructure/util/RSAUtils.java

@@ -37,16 +37,16 @@ public class RSAUtils {
     private  final static String publicKeyPath = "static/publicKey.txt";
     private  final static String privateKeyPath = "static/cxs-jwt.jks";
 
-
-    private static String getKey(String filename) throws IOException {
-        ClassPathResource resourcePublicKey = new ClassPathResource(filename);
-        try {
-            return FileUtil.readString(resourcePublicKey.getFile(), Charset.defaultCharset());
-        } catch (IOException e) {
-            log.warn("读取文件失败",e);
-            throw e;
-        }
-    }
+    //
+//    private static String getKey(String filename) throws IOException {
+//        ClassPathResource resourcePublicKey = new ClassPathResource(filename);
+//        try {
+//            return FileUtil.readString(resourcePublicKey.getFile(), Charset.defaultCharset());
+//        } catch (IOException e) {
+//            log.warn("读取文件失败",e);
+//            throw e;
+//        }
+//    }
     public static Map<String, RSAKey> getKey() throws IOException, GeneralSecurityException {
         Map<String,RSAKey> map = Maps.newHashMap();
         ClassPathResource resource = new ClassPathResource(privateKeyPath);
@@ -58,20 +58,20 @@ public class RSAUtils {
         return map;
     }
 
-    public static RSAPrivateKey getPrivateKeyFromString(String key) throws IOException, GeneralSecurityException {
-        String privateKeyPEM = key;
-        privateKeyPEM = privateKeyPEM.replace("-----BEGIN PRIVATE KEY-----\n", "");
-        privateKeyPEM = privateKeyPEM.replace("-----END PRIVATE KEY-----", "");
-        byte[] encoded = Base64.decodeBase64(privateKeyPEM);
-        KeyFactory kf = KeyFactory.getInstance("RSA");
-        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
-        return (RSAPrivateKey) kf.generatePrivate(keySpec);
-    }
+//    public static RSAPrivateKey getPrivateKeyFromString(String key) throws IOException, GeneralSecurityException {
+//        String privateKeyPEM = key;
+//        privateKeyPEM = privateKeyPEM.replace("-----BEGIN PRIVATE KEY-----\n", "");
+//        privateKeyPEM = privateKeyPEM.replace("-----END PRIVATE KEY-----", "");
+//        byte[] encoded = Base64.decodeBase64(privateKeyPEM);
+//        KeyFactory kf = KeyFactory.getInstance("RSA");
+//        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
+//        return (RSAPrivateKey) kf.generatePrivate(keySpec);
+//    }
 
 
-    public static RSAPublicKey getPublicKey() throws IOException, GeneralSecurityException {
-        return getPublicKeyFromString(getKey(publicKeyPath));
-    }
+//    public static RSAPublicKey getPublicKey() throws IOException, GeneralSecurityException {
+//        return getPublicKeyFromString(getKey(publicKeyPath));
+//    }
 
     public static RSAPublicKey getPublicKeyFromString(String key) throws IOException, GeneralSecurityException {
         String publicKeyPEM = key;
@@ -84,35 +84,35 @@ public class RSAUtils {
 
 
 
-    public static String sign(PrivateKey privateKey, String message) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, UnsupportedEncodingException {
-        Signature sign = Signature.getInstance("SHA1withRSA");
-        sign.initSign(privateKey);
-        sign.update(message.getBytes("UTF-8"));
-        return new String(Base64.encodeBase64(sign.sign()), "UTF-8");
-    }
-
-
-    public static boolean verify(PublicKey publicKey, String message, String signature) throws SignatureException, NoSuchAlgorithmException, UnsupportedEncodingException, InvalidKeyException {
-        Signature sign = Signature.getInstance("SHA1withRSA");
-        sign.initVerify(publicKey);
-        try {
-            sign.update(message.getBytes("UTF-8"));
-        } catch (UnsupportedEncodingException e) {
-            e.printStackTrace();
-        }
-        return sign.verify(Base64.decodeBase64(signature.getBytes("UTF-8")));
-    }
-
-    public static String encrypt(String rawText, PublicKey publicKey) throws IOException, GeneralSecurityException {
-        Cipher cipher = Cipher.getInstance("RSA");
-        cipher.init(Cipher.ENCRYPT_MODE, publicKey);
-        return Base64.encodeBase64String(cipher.doFinal(rawText.getBytes("UTF-8")));
-    }
-
-    public static String decrypt(String cipherText, PrivateKey privateKey) throws IOException, GeneralSecurityException {
-        Cipher cipher = Cipher.getInstance("RSA");
-        cipher.init(Cipher.DECRYPT_MODE, privateKey);
-        return new String(cipher.doFinal(Base64.decodeBase64(cipherText)), "UTF-8");
-    }
+//    public static String sign(PrivateKey privateKey, String message) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, UnsupportedEncodingException {
+//        Signature sign = Signature.getInstance("SHA1withRSA");
+//        sign.initSign(privateKey);
+//        sign.update(message.getBytes("UTF-8"));
+//        return new String(Base64.encodeBase64(sign.sign()), "UTF-8");
+//    }
+//
+//
+//    public static boolean verify(PublicKey publicKey, String message, String signature) throws SignatureException, NoSuchAlgorithmException, UnsupportedEncodingException, InvalidKeyException {
+//        Signature sign = Signature.getInstance("SHA1withRSA");
+//        sign.initVerify(publicKey);
+//        try {
+//            sign.update(message.getBytes("UTF-8"));
+//        } catch (UnsupportedEncodingException e) {
+//            e.printStackTrace();
+//        }
+//        return sign.verify(Base64.decodeBase64(signature.getBytes("UTF-8")));
+//    }
+
+//    public static String encrypt(String rawText, PublicKey publicKey) throws IOException, GeneralSecurityException {
+//        Cipher cipher = Cipher.getInstance("RSA");
+//        cipher.init(Cipher.ENCRYPT_MODE, publicKey);
+//        return Base64.encodeBase64String(cipher.doFinal(rawText.getBytes("UTF-8")));
+//    }
+
+//    public static String decrypt(String cipherText, PrivateKey privateKey) throws IOException, GeneralSecurityException {
+//        Cipher cipher = Cipher.getInstance("RSA");
+//        cipher.init(Cipher.DECRYPT_MODE, privateKey);
+//        return new String(cipher.doFinal(Base64.decodeBase64(cipherText)), "UTF-8");
+//    }
 
 }

abi-cloud-qr-platform-server/src/main/java/com/abi/qms/platform/service/impl/LoginServiceImpl.java

@@ -17,7 +17,6 @@ import com.abi.qms.platform.infrastructure.util.UserUtil;
 import com.abi.qms.platform.service.LoginService;
 import com.abi.qms.platform.service.RoleManagerService;
 import com.abi.task.common.api.exception.BusinessException;
-import com.abi.task.common.utils.AESEncodeTwoUtil;
 import com.abi.task.common.utils.PojoConverterUtils;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;