feat: 암호화모듈 프레임워크 신규 구현
- CryptoModuleExtension 인터페이스: BC 프로바이더, AAD, 편의 메서드 오버로드 추가 - AESCryptoModuleExtension: CBC/GCM/ECB/FF1 지원, GCM 랜덤 nonce, AAD 처리 - ARIACryptoModuleExtension: ARIA 알고리즘 지원 - CryptoModuleConfigVO: JPA Entity 분리를 위한 Lombok VO - CryptoModuleManager: VO 패턴 적용, FQCN 기반 전략 동적 로딩(Class.forName) - CryptoModuleService: STATIC/DYNAMIC × AAD 조합 8가지 오버로드 - CryptoModuleConfigMapper: MapStruct Entity→VO 매퍼 - KeyDerivationStrategy 인터페이스 및 DerivedKey - HsmContextXorKeyDerivationStrategy: HSM 마스터키 XOR 컨텍스트값 전략 - ReloadCryptoModuleCommand: 설정 런타임 재로드 커맨드 - build.gradle: BouncyCastle bcprov-jdk15on:1.70 의존성 추가 - 단위 테스트 전체 추가 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,77 @@
|
||||
package com.eactive.eai.common.security;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import com.eactive.eai.common.util.ApplicationContextProvider;
|
||||
|
||||
/**
|
||||
* 어댑터 필터 등에서 암복호화를 위임하는 진입점.
|
||||
*
|
||||
* STATIC 키 방식:
|
||||
* service.encrypt("MODULE_NAME", plainBytes);
|
||||
*
|
||||
* DYNAMIC 키 방식 (런타임 컨텍스트 전달):
|
||||
* Map<String,String> ctx = Map.of("X-Api-Enc-Key", request.getHeader("X-Api-Enc-Key"));
|
||||
* service.encrypt("MODULE_NAME", ctx, plainBytes);
|
||||
*
|
||||
* AAD 명시 방식 (GCM 인증 데이터 전달):
|
||||
* byte[] aad = request.getHeader("X-Api-Request-Id").getBytes(StandardCharsets.UTF_8);
|
||||
* service.encrypt("MODULE_NAME", ctx, aad, plainBytes);
|
||||
*/
|
||||
@Service
|
||||
public class CryptoModuleService {
|
||||
|
||||
public static CryptoModuleService getInstance() {
|
||||
return ApplicationContextProvider.getContext().getBean(CryptoModuleService.class);
|
||||
}
|
||||
|
||||
// ------------------------------------------------------------------
|
||||
// STATIC 키
|
||||
// ------------------------------------------------------------------
|
||||
|
||||
public byte[] encrypt(String cryptoName, byte[] plainBytes) throws Exception {
|
||||
CryptoModuleExtension ext = CryptoModuleManager.getInstance().createExtension(cryptoName);
|
||||
return ext.encrypt(plainBytes, 0, plainBytes.length);
|
||||
}
|
||||
|
||||
public byte[] encrypt(String cryptoName, byte[] aad, byte[] plainBytes) throws Exception {
|
||||
CryptoModuleExtension ext = CryptoModuleManager.getInstance().createExtension(cryptoName);
|
||||
return ext.encrypt(plainBytes, 0, plainBytes.length, aad);
|
||||
}
|
||||
|
||||
public byte[] decrypt(String cryptoName, byte[] cipherBytes) throws Exception {
|
||||
CryptoModuleExtension ext = CryptoModuleManager.getInstance().createExtension(cryptoName);
|
||||
return ext.decrypt(cipherBytes, 0, cipherBytes.length);
|
||||
}
|
||||
|
||||
public byte[] decrypt(String cryptoName, byte[] aad, byte[] cipherBytes) throws Exception {
|
||||
CryptoModuleExtension ext = CryptoModuleManager.getInstance().createExtension(cryptoName);
|
||||
return ext.decrypt(cipherBytes, 0, cipherBytes.length, aad);
|
||||
}
|
||||
|
||||
// ------------------------------------------------------------------
|
||||
// DYNAMIC 키
|
||||
// ------------------------------------------------------------------
|
||||
|
||||
public byte[] encrypt(String cryptoName, Map<String, String> runtimeContext, byte[] plainBytes) throws Exception {
|
||||
CryptoModuleExtension ext = CryptoModuleManager.getInstance().createExtension(cryptoName, runtimeContext);
|
||||
return ext.encrypt(plainBytes, 0, plainBytes.length);
|
||||
}
|
||||
|
||||
public byte[] encrypt(String cryptoName, Map<String, String> runtimeContext, byte[] aad, byte[] plainBytes) throws Exception {
|
||||
CryptoModuleExtension ext = CryptoModuleManager.getInstance().createExtension(cryptoName, runtimeContext);
|
||||
return ext.encrypt(plainBytes, 0, plainBytes.length, aad);
|
||||
}
|
||||
|
||||
public byte[] decrypt(String cryptoName, Map<String, String> runtimeContext, byte[] cipherBytes) throws Exception {
|
||||
CryptoModuleExtension ext = CryptoModuleManager.getInstance().createExtension(cryptoName, runtimeContext);
|
||||
return ext.decrypt(cipherBytes, 0, cipherBytes.length);
|
||||
}
|
||||
|
||||
public byte[] decrypt(String cryptoName, Map<String, String> runtimeContext, byte[] aad, byte[] cipherBytes) throws Exception {
|
||||
CryptoModuleExtension ext = CryptoModuleManager.getInstance().createExtension(cryptoName, runtimeContext);
|
||||
return ext.decrypt(cipherBytes, 0, cipherBytes.length, aad);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user