fixup ConfigEncryptionFilter bug & do reverse Filter when handle Config response in ConfigFilterChainManager (#11346)

* fixup ConfigEncryptionFilter bug & do reverse Filter when handle response in ConfigFilterChainManager

* tiny fix

* add java doc

* add java doc

* add java doc

* tiny fix

* tiny fix

* add java doc

* add java doc

* add java doc

* set encryptionDataKey="" by default instand of null

* fixup NPE in encryptionFilter

* fixup some test cases of ConfigEncryptionFilter

* reverse changes

client/src/main/java/com/alibaba/nacos/client/config/filter/impl/ConfigEncryptionFilter.java

@@ -22,6 +22,7 @@ import com.alibaba.nacos.api.config.filter.IConfigRequest;
 import com.alibaba.nacos.api.config.filter.IConfigResponse;
 import com.alibaba.nacos.api.exception.NacosException;
 import com.alibaba.nacos.common.utils.Pair;
+import com.alibaba.nacos.common.utils.StringUtils;
 import com.alibaba.nacos.plugin.encryption.handler.EncryptionHandler;
 
 import java.util.Objects;
@@ -54,9 +55,14 @@ public class ConfigEncryptionFilter extends AbstractConfigFilter {
             Pair<String, String> pair = EncryptionHandler.encryptHandler(dataId, content);
             String secretKey = pair.getFirst();
             String encryptContent = pair.getSecond();
-            
-            ((ConfigRequest) request).setContent(encryptContent);
-            ((ConfigRequest) request).setEncryptedDataKey(secretKey);
+            if (!StringUtils.isBlank(encryptContent) && !encryptContent.equals(content)) {
+                ((ConfigRequest) request).setContent(encryptContent);
+            }
+            if (!StringUtils.isBlank(secretKey) && !secretKey.equals(((ConfigRequest) request).getEncryptedDataKey())) {
+                ((ConfigRequest) request).setEncryptedDataKey(secretKey);
+            } else if (StringUtils.isBlank(((ConfigRequest) request).getEncryptedDataKey()) && StringUtils.isBlank(secretKey)) {
+                ((ConfigRequest) request).setEncryptedDataKey("");
+            }
         }
         if (Objects.nonNull(response) && response instanceof ConfigResponse && Objects.isNull(request)) {
             
@@ -68,8 +74,16 @@ public class ConfigEncryptionFilter extends AbstractConfigFilter {
             String content = configResponse.getContent();
             
             Pair<String, String> pair = EncryptionHandler.decryptHandler(dataId, encryptedDataKey, content);
+            String secretKey = pair.getFirst();
             String decryptContent = pair.getSecond();
-            ((ConfigResponse) response).setContent(decryptContent);
+            if (!StringUtils.isBlank(decryptContent) && !decryptContent.equals(content)) {
+                ((ConfigResponse) response).setContent(decryptContent);
+            }
+            if (!StringUtils.isBlank(secretKey) && !secretKey.equals(((ConfigResponse) response).getEncryptedDataKey())) {
+                ((ConfigResponse) response).setEncryptedDataKey(secretKey);
+            } else if (StringUtils.isBlank(((ConfigResponse) response).getEncryptedDataKey()) && StringUtils.isBlank(secretKey)) {
+                ((ConfigResponse) response).setEncryptedDataKey("");
+            }
         }
         filterChain.doFilter(request, response);
     }

client/src/main/java/com/alibaba/nacos/client/config/filter/impl/ConfigFilterChainManager.java

@@ -80,7 +80,7 @@ public class ConfigFilterChainManager implements IConfigFilterChain {
     public void doFilter(IConfigRequest request, IConfigResponse response) throws NacosException {
         new VirtualFilterChain(this.filters).doFilter(request, response);
     }
-    
+
     private static class VirtualFilterChain implements IConfigFilterChain {
         
         private final List<? extends IConfigFilter> additionalFilters;
@@ -100,5 +100,5 @@ public class ConfigFilterChainManager implements IConfigFilterChain {
             }
         }
     }
-    
+
 }

client/src/test/java/com/alibaba/nacos/client/config/filter/impl/ConfigEncryptionFilterTest.java

@@ -61,14 +61,14 @@ public class ConfigEncryptionFilterTest {
     public void testDoFilter() throws NacosException {
         configEncryptionFilter.doFilter(configRequest, null, iConfigFilterChain);
         
-        Mockito.verify(configRequest).getDataId();
-        Mockito.verify(configRequest).getContent();
+        Mockito.verify(configRequest, Mockito.atLeast(1)).getDataId();
+        Mockito.verify(configRequest, Mockito.atLeast(1)).getContent();
         
         configEncryptionFilter.doFilter(null, configResponse, iConfigFilterChain);
         
-        Mockito.verify(configResponse).getDataId();
-        Mockito.verify(configResponse).getContent();
-        Mockito.verify(configResponse).getEncryptedDataKey();
+        Mockito.verify(configResponse, Mockito.atLeast(1)).getDataId();
+        Mockito.verify(configResponse, Mockito.atLeast(1)).getContent();
+        Mockito.verify(configResponse, Mockito.atLeast(1)).getEncryptedDataKey();
     }
     
     @Test