zhuyijun/nacos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixup ConfigEncryptionFilter bug & do reverse Filter when handle Config response in ConfigFilterChainManager (#11346)

Browse Source 
* fixup ConfigEncryptionFilter bug & do reverse Filter when handle response in ConfigFilterChainManager

* tiny fix

* add java doc

* add java doc

* add java doc

* tiny fix

* tiny fix

* add java doc

* add java doc

* add java doc

* set encryptionDataKey="" by default instand of null

* fixup NPE in encryptionFilter

* fixup some test cases of ConfigEncryptionFilter

* reverse changes
This commit is contained in:
brother-戎 2023-11-17 14:06:45 +08:00 committed by GitHub
parent 753a30b37d
commit 5994e37394
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
client/src/main/java/com/alibaba/nacos/client/config/filter/impl/ConfigEncryptionFilter.java
View File

@ -22,6 +22,7 @@ import com.alibaba.nacos.api.config.filter.IConfigRequest;
import com.alibaba.nacos.api.config.filter.IConfigResponse; import com.alibaba.nacos.api.config.filter.IConfigResponse;
import com.alibaba.nacos.api.exception.NacosException; import com.alibaba.nacos.api.exception.NacosException;
import com.alibaba.nacos.common.utils.Pair; import com.alibaba.nacos.common.utils.Pair;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.plugin.encryption.handler.EncryptionHandler; import com.alibaba.nacos.plugin.encryption.handler.EncryptionHandler;
import java.util.Objects; import java.util.Objects;
@ -54,9 +55,14 @@ public class ConfigEncryptionFilter extends AbstractConfigFilter {
Pair<String, String> pair = EncryptionHandler.encryptHandler(dataId, content); Pair<String, String> pair = EncryptionHandler.encryptHandler(dataId, content);
String secretKey = pair.getFirst(); String secretKey = pair.getFirst();
String encryptContent = pair.getSecond(); String encryptContent = pair.getSecond();
if (!StringUtils.isBlank(encryptContent) && !encryptContent.equals(content)) {
((ConfigRequest) request).setContent(encryptContent); ((ConfigRequest) request).setContent(encryptContent);
}
if (!StringUtils.isBlank(secretKey) && !secretKey.equals(((ConfigRequest) request).getEncryptedDataKey())) {
((ConfigRequest) request).setEncryptedDataKey(secretKey); ((ConfigRequest) request).setEncryptedDataKey(secretKey);
} else if (StringUtils.isBlank(((ConfigRequest) request).getEncryptedDataKey()) && StringUtils.isBlank(secretKey)) {
((ConfigRequest) request).setEncryptedDataKey("");
}
} }
if (Objects.nonNull(response) && response instanceof ConfigResponse && Objects.isNull(request)) { if (Objects.nonNull(response) && response instanceof ConfigResponse && Objects.isNull(request)) {
@ -68,9 +74,17 @@ public class ConfigEncryptionFilter extends AbstractConfigFilter {
String content = configResponse.getContent(); String content = configResponse.getContent();
Pair<String, String> pair = EncryptionHandler.decryptHandler(dataId, encryptedDataKey, content); Pair<String, String> pair = EncryptionHandler.decryptHandler(dataId, encryptedDataKey, content);
String secretKey = pair.getFirst();
String decryptContent = pair.getSecond(); String decryptContent = pair.getSecond();
if (!StringUtils.isBlank(decryptContent) && !decryptContent.equals(content)) {
((ConfigResponse) response).setContent(decryptContent); ((ConfigResponse) response).setContent(decryptContent);
} }
if (!StringUtils.isBlank(secretKey) && !secretKey.equals(((ConfigResponse) response).getEncryptedDataKey())) {
((ConfigResponse) response).setEncryptedDataKey(secretKey);
} else if (StringUtils.isBlank(((ConfigResponse) response).getEncryptedDataKey()) && StringUtils.isBlank(secretKey)) {
((ConfigResponse) response).setEncryptedDataKey("");
}
}
filterChain.doFilter(request, response); filterChain.doFilter(request, response);
} }

10
client/src/test/java/com/alibaba/nacos/client/config/filter/impl/ConfigEncryptionFilterTest.java
View File

@ -61,14 +61,14 @@ public class ConfigEncryptionFilterTest {
public void testDoFilter() throws NacosException { public void testDoFilter() throws NacosException {
configEncryptionFilter.doFilter(configRequest, null, iConfigFilterChain); configEncryptionFilter.doFilter(configRequest, null, iConfigFilterChain);
Mockito.verify(configRequest).getDataId(); Mockito.verify(configRequest, Mockito.atLeast(1)).getDataId();
Mockito.verify(configRequest).getContent(); Mockito.verify(configRequest, Mockito.atLeast(1)).getContent();
configEncryptionFilter.doFilter(null, configResponse, iConfigFilterChain); configEncryptionFilter.doFilter(null, configResponse, iConfigFilterChain);
Mockito.verify(configResponse).getDataId(); Mockito.verify(configResponse, Mockito.atLeast(1)).getDataId();
Mockito.verify(configResponse).getContent(); Mockito.verify(configResponse, Mockito.atLeast(1)).getContent();
Mockito.verify(configResponse).getEncryptedDataKey(); Mockito.verify(configResponse, Mockito.atLeast(1)).getEncryptedDataKey();
} }
@Test @Test