fixup ConfigEncryptionFilter bug & do reverse Filter when handle Config response in ConfigFilterChainManager (#11346)
* fixup ConfigEncryptionFilter bug & do reverse Filter when handle response in ConfigFilterChainManager * tiny fix * add java doc * add java doc * add java doc * tiny fix * tiny fix * add java doc * add java doc * add java doc * set encryptionDataKey="" by default instand of null * fixup NPE in encryptionFilter * fixup some test cases of ConfigEncryptionFilter * reverse changes
This commit is contained in:
brother-戎
GitHub
parent
753a30b37d
commit
5994e37394
@ -22,6 +22,7 @@ import com.alibaba.nacos.api.config.filter.IConfigRequest;
|
||||
import com.alibaba.nacos.api.config.filter.IConfigResponse;
|
||||
import com.alibaba.nacos.api.exception.NacosException;
|
||||
import com.alibaba.nacos.common.utils.Pair;
|
||||
import com.alibaba.nacos.common.utils.StringUtils;
|
||||
import com.alibaba.nacos.plugin.encryption.handler.EncryptionHandler;
|
||||
|
||||
import java.util.Objects;
|
||||
@ -54,9 +55,14 @@ public class ConfigEncryptionFilter extends AbstractConfigFilter {
|
||||
Pair<String, String> pair = EncryptionHandler.encryptHandler(dataId, content);
|
||||
String secretKey = pair.getFirst();
|
||||
String encryptContent = pair.getSecond();
|
||||
|
||||
if (!StringUtils.isBlank(encryptContent) && !encryptContent.equals(content)) {
|
||||
((ConfigRequest) request).setContent(encryptContent);
|
||||
}
|
||||
if (!StringUtils.isBlank(secretKey) && !secretKey.equals(((ConfigRequest) request).getEncryptedDataKey())) {
|
||||
((ConfigRequest) request).setEncryptedDataKey(secretKey);
|
||||
} else if (StringUtils.isBlank(((ConfigRequest) request).getEncryptedDataKey()) && StringUtils.isBlank(secretKey)) {
|
||||
((ConfigRequest) request).setEncryptedDataKey("");
|
||||
}
|
||||
}
|
||||
if (Objects.nonNull(response) && response instanceof ConfigResponse && Objects.isNull(request)) {
|
||||
|
||||
@ -68,9 +74,17 @@ public class ConfigEncryptionFilter extends AbstractConfigFilter {
|
||||
String content = configResponse.getContent();
|
||||
|
||||
Pair<String, String> pair = EncryptionHandler.decryptHandler(dataId, encryptedDataKey, content);
|
||||
String secretKey = pair.getFirst();
|
||||
String decryptContent = pair.getSecond();
|
||||
if (!StringUtils.isBlank(decryptContent) && !decryptContent.equals(content)) {
|
||||
((ConfigResponse) response).setContent(decryptContent);
|
||||
}
|
||||
if (!StringUtils.isBlank(secretKey) && !secretKey.equals(((ConfigResponse) response).getEncryptedDataKey())) {
|
||||
((ConfigResponse) response).setEncryptedDataKey(secretKey);
|
||||
} else if (StringUtils.isBlank(((ConfigResponse) response).getEncryptedDataKey()) && StringUtils.isBlank(secretKey)) {
|
||||
((ConfigResponse) response).setEncryptedDataKey("");
|
||||
}
|
||||
}
|
||||
filterChain.doFilter(request, response);
|
||||
}
|
||||
|
||||
|
||||
@ -61,14 +61,14 @@ public class ConfigEncryptionFilterTest {
|
||||
public void testDoFilter() throws NacosException {
|
||||
configEncryptionFilter.doFilter(configRequest, null, iConfigFilterChain);
|
||||
|
||||
Mockito.verify(configRequest).getDataId();
|
||||
Mockito.verify(configRequest).getContent();
|
||||
Mockito.verify(configRequest, Mockito.atLeast(1)).getDataId();
|
||||
Mockito.verify(configRequest, Mockito.atLeast(1)).getContent();
|
||||
|
||||
configEncryptionFilter.doFilter(null, configResponse, iConfigFilterChain);
|
||||
|
||||
Mockito.verify(configResponse).getDataId();
|
||||
Mockito.verify(configResponse).getContent();
|
||||
Mockito.verify(configResponse).getEncryptedDataKey();
|
||||
Mockito.verify(configResponse, Mockito.atLeast(1)).getDataId();
|
||||
Mockito.verify(configResponse, Mockito.atLeast(1)).getContent();
|
||||
Mockito.verify(configResponse, Mockito.atLeast(1)).getEncryptedDataKey();
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
Loading…
Reference in New Issue
Block a user