거래데이터 DB 암호화 DAMO 모듈 적용
- DB 거래로그 : EAILogDAO.java - FILE 거래로그 : EAIFileLogger.java - 미확인(Unkown) 로그 : InboundErrorInfoDAO.java
This commit is contained in:
Binary file not shown.
@@ -1,5 +1,6 @@
|
||||
package com.eactive.eai.agent.encryption;
|
||||
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import com.eactive.eai.common.exception.ExceptionUtil;
|
||||
@@ -11,6 +12,8 @@ import com.eactive.eai.common.property.PropManager;
|
||||
import com.eactive.eai.common.server.Keys;
|
||||
import com.eactive.eai.common.util.ApplicationContextProvider;
|
||||
import com.eactive.eai.common.util.Logger;
|
||||
import com.eactive.ext.kjb.safedb.KjbSafedbWrapper;
|
||||
import com.eactive.ext.kjb.safedb.Utils;
|
||||
|
||||
@Component
|
||||
public class EncryptionManager implements Lifecycle {
|
||||
@@ -18,6 +21,8 @@ public class EncryptionManager implements Lifecycle {
|
||||
private static final String GROUP_NAME = "ENCRYPTION";
|
||||
|
||||
private String encryptYN = "";
|
||||
private String dbEncryptSolutionName = "DAMO";
|
||||
|
||||
private boolean started;
|
||||
private LifecycleSupport lifecycle = new LifecycleSupport(this);
|
||||
|
||||
@@ -55,8 +60,15 @@ public class EncryptionManager implements Lifecycle {
|
||||
encryptYN = "N";
|
||||
}
|
||||
}
|
||||
|
||||
logger.warn("EncryptionManager] init :: encryption YN [ " + encryptYN + " ]");
|
||||
dbEncryptSolutionName = PropManager.getInstance().getProperty(GROUP_NAME, "dbEncryptSolutionName");
|
||||
if (dbEncryptSolutionName == null) {
|
||||
dbEncryptSolutionName = "DAMO";
|
||||
} else {
|
||||
if (dbEncryptSolutionName.trim().length() == 0) {
|
||||
dbEncryptSolutionName = "DAMO";
|
||||
}
|
||||
}
|
||||
logger.warn("EncryptionManager] init :: encryption YN [ " + encryptYN + " ], dbEncryptSolutionName [ " + dbEncryptSolutionName + " ]");
|
||||
}
|
||||
|
||||
public synchronized void reload() throws Exception {
|
||||
@@ -99,4 +111,102 @@ public class EncryptionManager implements Lifecycle {
|
||||
public String getEncryptYN() {
|
||||
return encryptYN;
|
||||
}
|
||||
|
||||
public String getDBEncryptSolutionName() {
|
||||
return dbEncryptSolutionName;
|
||||
}
|
||||
|
||||
public boolean isEncrypt() {
|
||||
return "Y".equalsIgnoreCase(encryptYN);
|
||||
}
|
||||
|
||||
public String encryptDBData(String plainText) {
|
||||
if(isEncrypt()) {
|
||||
// diamo
|
||||
if ("DAMO".equals(dbEncryptSolutionName)) {
|
||||
com.eactive.ext.djb.DamoManager damoManager = new com.eactive.ext.djb.DamoManager();
|
||||
return damoManager.encrypt(plainText);
|
||||
} else if ("SAFEDB".equals(dbEncryptSolutionName)) {
|
||||
String originalAttribute = plainText;
|
||||
if (StringUtils.isNotEmpty(plainText)) {
|
||||
KjbSafedbWrapper wrapper = KjbSafedbWrapper.getInstance();
|
||||
plainText = wrapper.encryptNotRnnoString(plainText);
|
||||
|
||||
if (logger.isInfo()) {
|
||||
// originalAttribute 홀수 글자 마스킹
|
||||
StringBuilder sb = new StringBuilder();
|
||||
for (int i = 0; i < originalAttribute.length(); i++) {
|
||||
if (i % 2 == 0) {
|
||||
sb.append(originalAttribute.charAt(i));
|
||||
} else {
|
||||
sb.append("*");
|
||||
}
|
||||
}
|
||||
|
||||
originalAttribute = sb.toString();
|
||||
// System.out.println("DB 암호화 #2 : {"+ originalAttribute +"} ->
|
||||
// {"+attribute+"}");
|
||||
// logger.debug("DB 암호화 #2 : {} -> {}", originalAttribute, attribute);
|
||||
}
|
||||
}
|
||||
return plainText;
|
||||
} else {
|
||||
return plainText;
|
||||
}
|
||||
} else {
|
||||
return plainText;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public String decryptDBData(String dbData) {
|
||||
if (StringUtils.isNotEmpty(dbData)) {
|
||||
if (this.isEncrypted(dbData)) {
|
||||
KjbSafedbWrapper safeDBWrapper = KjbSafedbWrapper.getInstance();
|
||||
try {
|
||||
dbData = safeDBWrapper.decryptNotRnno(dbData);
|
||||
} catch (Exception e) {
|
||||
// 복호화 실패시 원본 반환
|
||||
String logData = dbData.length() <= 3 ? dbData : dbData.substring(0, 3) + "...";
|
||||
logger.warn("DB 복호화 실패: 복호화하지 않고 원본 반환. dbData={} (Length : {})", logData, dbData.length());
|
||||
return dbData;
|
||||
}
|
||||
} else {
|
||||
logger.debug("DB 복호화 경고: Base64 형식이 아님. 복호화하지 않고 원본 반환. dbData={}", dbData);
|
||||
}
|
||||
}
|
||||
// logger.debug("DB 복호화 #2 : {} -> {}", dbDataOriginal, dbData);
|
||||
return dbData;
|
||||
}
|
||||
|
||||
/**
|
||||
* 암호화 여부 확인(base64 인코딩 여부로 판단, 또는 0-9, - 로 구성된 경우 암호화 되지 않은 걸로 판단(연락처))
|
||||
*
|
||||
* @param data
|
||||
* @return
|
||||
*/
|
||||
private boolean isEncrypted(String data) {
|
||||
if (StringUtils.isEmpty(data)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// 숫자, - 로만 구성된 경우 암호화 되지 않은 걸로 판단 (ex: 연락처)
|
||||
if (data.matches("^[0-9-]+$")) {
|
||||
return false;
|
||||
}
|
||||
|
||||
data = data.trim();
|
||||
|
||||
// Base64 형식 체크
|
||||
if (!Utils.isBase64(data)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Base64 길이 체크 (4의 배수)
|
||||
if (data.length() % 4 != 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -253,7 +253,9 @@ public class EAIFileLogger
|
||||
* @exception DAOException
|
||||
**/
|
||||
public void setLog(EAIMessage message, Properties prop) throws Exception{
|
||||
|
||||
|
||||
if(!tranLogger.isError())
|
||||
return;
|
||||
|
||||
// 업무데이터 size 체크하여 업무데이터1,2에 insert하고
|
||||
// addBwkDataSub(message) 호출 여부 결정
|
||||
@@ -517,27 +519,28 @@ public class EAIFileLogger
|
||||
|
||||
//전장표 데이터부 JSON Array로 저장
|
||||
//암호화
|
||||
Charset hexaCharset = Charset.forName("euc-kr");
|
||||
if("Y".equalsIgnoreCase(EncryptionManager.getInstance().getEncryptYN()) ){
|
||||
try{
|
||||
biz = HexaConverter.bytesToHexa(bizMsgStr.getBytes(hexaCharset));
|
||||
}catch(Exception e){
|
||||
logger.error("EAIFileLogger] bizMsgStr encryption Error - " + e.getMessage());
|
||||
}
|
||||
try{
|
||||
header = HexaConverter.bytesToHexa(header.getBytes(hexaCharset));
|
||||
}catch(Exception e){
|
||||
logger.error("EAIFileLogger] header encryption Error - " + e.getMessage());
|
||||
}
|
||||
try{
|
||||
mdclData = HexaConverter.bytesToHexa(mdclData.getBytes(hexaCharset));
|
||||
}catch(Exception e){
|
||||
logger.error("EAIFileLogger] mdclData encryption Error - " + e.getMessage());
|
||||
}
|
||||
|
||||
}else {
|
||||
biz = bizMsgStr;
|
||||
}
|
||||
biz = EncryptionManager.getInstance().encryptDBData(bizMsgStr);
|
||||
// Charset hexaCharset = Charset.forName("euc-kr");
|
||||
// if("Y".equalsIgnoreCase(EncryptionManager.getInstance().getEncryptYN()) ){
|
||||
// try{
|
||||
// biz = HexaConverter.bytesToHexa(bizMsgStr.getBytes(hexaCharset));
|
||||
// }catch(Exception e){
|
||||
// logger.error("EAIFileLogger] bizMsgStr encryption Error - " + e.getMessage());
|
||||
// }
|
||||
// try{
|
||||
// header = HexaConverter.bytesToHexa(header.getBytes(hexaCharset));
|
||||
// }catch(Exception e){
|
||||
// logger.error("EAIFileLogger] header encryption Error - " + e.getMessage());
|
||||
// }
|
||||
// try{
|
||||
// mdclData = HexaConverter.bytesToHexa(mdclData.getBytes(hexaCharset));
|
||||
// }catch(Exception e){
|
||||
// logger.error("EAIFileLogger] mdclData encryption Error - " + e.getMessage());
|
||||
// }
|
||||
//
|
||||
// }else {
|
||||
// biz = bizMsgStr;
|
||||
// }
|
||||
|
||||
//임시코드 시작
|
||||
String logType = PropManager.getInstance().getProperty("BIZ_LOG_TYPE");
|
||||
|
||||
@@ -3,8 +3,6 @@ package com.eactive.eai.common.logger;
|
||||
import java.nio.charset.Charset;
|
||||
import java.util.Properties;
|
||||
|
||||
import com.eactive.eai.authserver.service.OAuth2Manager;
|
||||
import com.eactive.eai.authserver.vo.ClientVO;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
@@ -14,13 +12,10 @@ import org.springframework.transaction.annotation.Transactional;
|
||||
import com.eactive.eai.adapter.AdapterGroupVO;
|
||||
import com.eactive.eai.adapter.AdapterManager;
|
||||
import com.eactive.eai.agent.encryption.EncryptionManager;
|
||||
import com.eactive.eai.authserver.service.OAuth2Manager;
|
||||
import com.eactive.eai.authserver.vo.ClientVO;
|
||||
import com.eactive.eai.common.dao.DAOException;
|
||||
import com.eactive.eai.common.exception.ExceptionUtil;
|
||||
import com.eactive.eai.common.logger.EAILogLogger;
|
||||
import com.eactive.eai.common.logger.StatAdapterLogLogger;
|
||||
import com.eactive.eai.common.logger.StatLogLogger;
|
||||
import com.eactive.eai.common.logger.StatTranLogLogger;
|
||||
import com.eactive.eai.common.logger.SubMessageLogLogger;
|
||||
import com.eactive.eai.common.logger.mapper.StatAdapterLogMapper;
|
||||
import com.eactive.eai.common.logger.mapper.StatLogMapper;
|
||||
import com.eactive.eai.common.logger.mapper.StatTranLogMapper;
|
||||
@@ -30,7 +25,6 @@ import com.eactive.eai.common.message.MessageType;
|
||||
import com.eactive.eai.common.message.ServiceMessage;
|
||||
import com.eactive.eai.common.monitor.StatMonitorLogVO;
|
||||
import com.eactive.eai.common.property.PropManager;
|
||||
|
||||
import com.eactive.eai.common.server.EAIServerManager;
|
||||
import com.eactive.eai.common.server.EAIServerVO;
|
||||
import com.eactive.eai.common.server.loader.EAIServerLoader;
|
||||
@@ -55,11 +49,10 @@ import com.eactive.eai.transformer.layout.Item;
|
||||
import com.eactive.eai.transformer.layout.Layout;
|
||||
import com.eactive.eai.transformer.transform.Transform;
|
||||
import com.eactive.eai.transformer.transform.TransformManager;
|
||||
import com.eactive.eai.util.HexaConverter;
|
||||
import com.ext.eai.common.stdmessage.STDMessageKeys;
|
||||
// safeDB
|
||||
import com.eactive.ext.kjb.safedb.KjbSafedbWrapper;
|
||||
import com.eactive.ext.kjb.safedb.Utils;
|
||||
import com.ext.eai.common.stdmessage.STDMessageKeys;
|
||||
|
||||
|
||||
@Service
|
||||
@@ -478,20 +471,12 @@ public class EAILogDAO {
|
||||
}
|
||||
*/
|
||||
|
||||
// jwhong safeDB 암호화
|
||||
|
||||
if ("Y".equalsIgnoreCase(EncryptionManager.getInstance().getEncryptYN())) {
|
||||
try {
|
||||
biz = EncryptSafeDb(bizMsgStr);
|
||||
} catch (Exception e) {
|
||||
logger.error("EAIFileLogger] bizMsgStr encryption Error - " + e.getMessage());
|
||||
biz = bizMsgStr;
|
||||
}
|
||||
} else {
|
||||
try {
|
||||
biz = EncryptionManager.getInstance().encryptDBData(bizMsgStr);
|
||||
} catch (Exception e) {
|
||||
logger.error("EAIFileLogger] bizMsgStr encryption Error - " + e.getMessage());
|
||||
biz = bizMsgStr;
|
||||
}
|
||||
|
||||
// jwhong safeDB end
|
||||
}
|
||||
|
||||
// 임시코드 시작
|
||||
String logType = PropManager.getInstance().getProperty("BIZ_LOG_TYPE");
|
||||
@@ -860,88 +845,6 @@ public class EAILogDAO {
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
private String EncryptSafeDb(String attribute) {
|
||||
String originalAttribute = attribute;
|
||||
if (StringUtils.isNotEmpty(attribute)) {
|
||||
KjbSafedbWrapper wrapper = KjbSafedbWrapper.getInstance();
|
||||
attribute = wrapper.encryptNotRnnoString(attribute);
|
||||
|
||||
if (logger.isInfo()) {
|
||||
// originalAttribute 홀수 글자 마스킹
|
||||
StringBuilder sb = new StringBuilder();
|
||||
for (int i = 0; i < originalAttribute.length(); i++) {
|
||||
if (i % 2 == 0) {
|
||||
sb.append(originalAttribute.charAt(i));
|
||||
} else {
|
||||
sb.append("*");
|
||||
}
|
||||
}
|
||||
|
||||
originalAttribute = sb.toString();
|
||||
// System.out.println("DB 암호화 #2 : {"+ originalAttribute +"} -> {"+attribute+"}");
|
||||
//logger.debug("DB 암호화 #2 : {} -> {}", originalAttribute, attribute);
|
||||
}
|
||||
}
|
||||
return attribute;
|
||||
|
||||
}
|
||||
|
||||
public String DecryptSafeDb(String dbData) {
|
||||
|
||||
String dbDataOriginal = dbData;
|
||||
if (StringUtils.isNotEmpty(dbData)) {
|
||||
if (this.isEncrypted(dbData)) {
|
||||
KjbSafedbWrapper safeDBWrapper = KjbSafedbWrapper.getInstance();
|
||||
try {
|
||||
dbData = safeDBWrapper.decryptNotRnno(dbData);
|
||||
} catch (Exception e) {
|
||||
// 복호화 실패시 원본 반환
|
||||
String logData = dbData.length() <= 3 ? dbData : dbData.substring(0, 3) + "...";
|
||||
logger.warn("DB 복호화 실패: 복호화하지 않고 원본 반환. dbData={} (Length : {})", logData, dbData.length());
|
||||
return dbData;
|
||||
}
|
||||
} else {
|
||||
logger.debug("DB 복호화 경고: Base64 형식이 아님. 복호화하지 않고 원본 반환. dbData={}", dbData);
|
||||
}
|
||||
}
|
||||
|
||||
//logger.debug("DB 복호화 #2 : {} -> {}", dbDataOriginal, dbData);
|
||||
|
||||
return dbData;
|
||||
}
|
||||
|
||||
/**
|
||||
* 암호화 여부 확인(base64 인코딩 여부로 판단, 또는 0-9, - 로 구성된 경우 암호화 되지 않은 걸로 판단(연락처))
|
||||
* @param data
|
||||
* @return
|
||||
*/
|
||||
private boolean isEncrypted(String data) {
|
||||
if (StringUtils.isEmpty(data)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// 숫자, - 로만 구성된 경우 암호화 되지 않은 걸로 판단 (ex: 연락처)
|
||||
if (data.matches("^[0-9-]+$")) {
|
||||
return false;
|
||||
}
|
||||
|
||||
data = data.trim();
|
||||
|
||||
// Base64 형식 체크
|
||||
if (!Utils.isBase64(data)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Base64 길이 체크 (4의 배수)
|
||||
if (data.length() % 4 != 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
|
||||
@@ -28,37 +28,11 @@ public class InboundErrorInfoDAO extends BaseDAO {
|
||||
private InboundErrorInfoMapper inboundErrorInfoMapper;
|
||||
|
||||
public void addInboundErrorInfo(InboundErrorInfoVO vo) throws DAOException {
|
||||
EncryptionManager manager = EncryptionManager.getInstance();
|
||||
String bzwkDataCtnt = vo.getBwkDataTxt();
|
||||
|
||||
// 업무데이터를 암호화할 경우 길이가 늘어나는 문제가 있으므로 double check 함
|
||||
if ("Y".equalsIgnoreCase(manager.getEncryptYN())) {
|
||||
if (bzwkDataCtnt.length() > 2000) {
|
||||
bzwkDataCtnt = StringUtil.chunkString(bzwkDataCtnt, 2000);
|
||||
}
|
||||
|
||||
String encbzwkDataCtnt = null;
|
||||
try {
|
||||
encbzwkDataCtnt = ScpDbAgentUtil.ScpEncB64(
|
||||
PropManager.getInstance().getProperties(ScpDbAgentUtil.EXT_MODULE), bzwkDataCtnt, "EUC-KR");
|
||||
} catch (Exception e) {
|
||||
logger.error("addInboundErrorInfo] scpdb_agent encryption Error - " + e.getMessage());
|
||||
}
|
||||
|
||||
// double check
|
||||
if (encbzwkDataCtnt != null && encbzwkDataCtnt.length() > 4000) {
|
||||
bzwkDataCtnt = StringUtil.chunkString(bzwkDataCtnt, 500);
|
||||
try {
|
||||
encbzwkDataCtnt = ScpDbAgentUtil.ScpEncB64(
|
||||
PropManager.getInstance().getProperties(ScpDbAgentUtil.EXT_MODULE), bzwkDataCtnt, "EUC-KR");
|
||||
bzwkDataCtnt = encbzwkDataCtnt;
|
||||
} catch (Exception e) {
|
||||
logger.error("addInboundErrorInfo] scpdb_agent encryption Error - " + e.getMessage());
|
||||
}
|
||||
}
|
||||
} else {
|
||||
bzwkDataCtnt = StringUtil.chunkString(bzwkDataCtnt, 4000);
|
||||
}
|
||||
|
||||
// db 암호화
|
||||
bzwkDataCtnt = EncryptionManager.getInstance().encryptDBData(bzwkDataCtnt);
|
||||
vo.setBwkDataTxt(bzwkDataCtnt);
|
||||
|
||||
try {
|
||||
vo.setErrTm((vo.getErrTm()).substring(0, 16));
|
||||
|
||||
Reference in New Issue
Block a user