diff --git a/libs/damo-manager.jar b/libs/damo-manager.jar new file mode 100644 index 0000000..e8efc5d Binary files /dev/null and b/libs/damo-manager.jar differ diff --git a/src/main/java/com/eactive/eai/agent/encryption/EncryptionManager.java b/src/main/java/com/eactive/eai/agent/encryption/EncryptionManager.java index e1e0f2d..7f3ef57 100644 --- a/src/main/java/com/eactive/eai/agent/encryption/EncryptionManager.java +++ b/src/main/java/com/eactive/eai/agent/encryption/EncryptionManager.java @@ -1,5 +1,6 @@ package com.eactive.eai.agent.encryption; +import org.apache.commons.lang3.StringUtils; import org.springframework.stereotype.Component; import com.eactive.eai.common.exception.ExceptionUtil; @@ -11,6 +12,8 @@ import com.eactive.eai.common.property.PropManager; import com.eactive.eai.common.server.Keys; import com.eactive.eai.common.util.ApplicationContextProvider; import com.eactive.eai.common.util.Logger; +import com.eactive.ext.kjb.safedb.KjbSafedbWrapper; +import com.eactive.ext.kjb.safedb.Utils; @Component public class EncryptionManager implements Lifecycle { @@ -18,6 +21,8 @@ public class EncryptionManager implements Lifecycle { private static final String GROUP_NAME = "ENCRYPTION"; private String encryptYN = ""; + private String dbEncryptSolutionName = "DAMO"; + private boolean started; private LifecycleSupport lifecycle = new LifecycleSupport(this); @@ -55,8 +60,15 @@ public class EncryptionManager implements Lifecycle { encryptYN = "N"; } } - - logger.warn("EncryptionManager] init :: encryption YN [ " + encryptYN + " ]"); + dbEncryptSolutionName = PropManager.getInstance().getProperty(GROUP_NAME, "dbEncryptSolutionName"); + if (dbEncryptSolutionName == null) { + dbEncryptSolutionName = "DAMO"; + } else { + if (dbEncryptSolutionName.trim().length() == 0) { + dbEncryptSolutionName = "DAMO"; + } + } + logger.warn("EncryptionManager] init :: encryption YN [ " + encryptYN + " ], dbEncryptSolutionName [ " + dbEncryptSolutionName + " ]"); } public synchronized void reload() throws Exception { @@ -99,4 +111,102 @@ public class EncryptionManager implements Lifecycle { public String getEncryptYN() { return encryptYN; } + + public String getDBEncryptSolutionName() { + return dbEncryptSolutionName; + } + + public boolean isEncrypt() { + return "Y".equalsIgnoreCase(encryptYN); + } + + public String encryptDBData(String plainText) { + if(isEncrypt()) { + // diamo + if ("DAMO".equals(dbEncryptSolutionName)) { + com.eactive.ext.djb.DamoManager damoManager = new com.eactive.ext.djb.DamoManager(); + return damoManager.encrypt(plainText); + } else if ("SAFEDB".equals(dbEncryptSolutionName)) { + String originalAttribute = plainText; + if (StringUtils.isNotEmpty(plainText)) { + KjbSafedbWrapper wrapper = KjbSafedbWrapper.getInstance(); + plainText = wrapper.encryptNotRnnoString(plainText); + + if (logger.isInfo()) { + // originalAttribute 홀수 글자 마스킹 + StringBuilder sb = new StringBuilder(); + for (int i = 0; i < originalAttribute.length(); i++) { + if (i % 2 == 0) { + sb.append(originalAttribute.charAt(i)); + } else { + sb.append("*"); + } + } + + originalAttribute = sb.toString(); + // System.out.println("DB 암호화 #2 : {"+ originalAttribute +"} -> + // {"+attribute+"}"); + // logger.debug("DB 암호화 #2 : {} -> {}", originalAttribute, attribute); + } + } + return plainText; + } else { + return plainText; + } + } else { + return plainText; + } + + } + + public String decryptDBData(String dbData) { + if (StringUtils.isNotEmpty(dbData)) { + if (this.isEncrypted(dbData)) { + KjbSafedbWrapper safeDBWrapper = KjbSafedbWrapper.getInstance(); + try { + dbData = safeDBWrapper.decryptNotRnno(dbData); + } catch (Exception e) { + // 복호화 실패시 원본 반환 + String logData = dbData.length() <= 3 ? dbData : dbData.substring(0, 3) + "..."; + logger.warn("DB 복호화 실패: 복호화하지 않고 원본 반환. dbData={} (Length : {})", logData, dbData.length()); + return dbData; + } + } else { + logger.debug("DB 복호화 경고: Base64 형식이 아님. 복호화하지 않고 원본 반환. dbData={}", dbData); + } + } + // logger.debug("DB 복호화 #2 : {} -> {}", dbDataOriginal, dbData); + return dbData; + } + + /** + * 암호화 여부 확인(base64 인코딩 여부로 판단, 또는 0-9, - 로 구성된 경우 암호화 되지 않은 걸로 판단(연락처)) + * + * @param data + * @return + */ + private boolean isEncrypted(String data) { + if (StringUtils.isEmpty(data)) { + return false; + } + + // 숫자, - 로만 구성된 경우 암호화 되지 않은 걸로 판단 (ex: 연락처) + if (data.matches("^[0-9-]+$")) { + return false; + } + + data = data.trim(); + + // Base64 형식 체크 + if (!Utils.isBase64(data)) { + return false; + } + + // Base64 길이 체크 (4의 배수) + if (data.length() % 4 != 0) { + return false; + } + + return true; + } } diff --git a/src/main/java/com/eactive/eai/common/logger/EAIFileLogger.java b/src/main/java/com/eactive/eai/common/logger/EAIFileLogger.java index 83b593e..e01f19a 100644 --- a/src/main/java/com/eactive/eai/common/logger/EAIFileLogger.java +++ b/src/main/java/com/eactive/eai/common/logger/EAIFileLogger.java @@ -253,7 +253,9 @@ public class EAIFileLogger * @exception DAOException **/ public void setLog(EAIMessage message, Properties prop) throws Exception{ - + + if(!tranLogger.isError()) + return; // 업무데이터 size 체크하여 업무데이터1,2에 insert하고 // addBwkDataSub(message) 호출 여부 결정 @@ -517,27 +519,28 @@ public class EAIFileLogger //전장표 데이터부 JSON Array로 저장 //암호화 - Charset hexaCharset = Charset.forName("euc-kr"); - if("Y".equalsIgnoreCase(EncryptionManager.getInstance().getEncryptYN()) ){ - try{ - biz = HexaConverter.bytesToHexa(bizMsgStr.getBytes(hexaCharset)); - }catch(Exception e){ - logger.error("EAIFileLogger] bizMsgStr encryption Error - " + e.getMessage()); - } - try{ - header = HexaConverter.bytesToHexa(header.getBytes(hexaCharset)); - }catch(Exception e){ - logger.error("EAIFileLogger] header encryption Error - " + e.getMessage()); - } - try{ - mdclData = HexaConverter.bytesToHexa(mdclData.getBytes(hexaCharset)); - }catch(Exception e){ - logger.error("EAIFileLogger] mdclData encryption Error - " + e.getMessage()); - } - - }else { - biz = bizMsgStr; - } + biz = EncryptionManager.getInstance().encryptDBData(bizMsgStr); +// Charset hexaCharset = Charset.forName("euc-kr"); +// if("Y".equalsIgnoreCase(EncryptionManager.getInstance().getEncryptYN()) ){ +// try{ +// biz = HexaConverter.bytesToHexa(bizMsgStr.getBytes(hexaCharset)); +// }catch(Exception e){ +// logger.error("EAIFileLogger] bizMsgStr encryption Error - " + e.getMessage()); +// } +// try{ +// header = HexaConverter.bytesToHexa(header.getBytes(hexaCharset)); +// }catch(Exception e){ +// logger.error("EAIFileLogger] header encryption Error - " + e.getMessage()); +// } +// try{ +// mdclData = HexaConverter.bytesToHexa(mdclData.getBytes(hexaCharset)); +// }catch(Exception e){ +// logger.error("EAIFileLogger] mdclData encryption Error - " + e.getMessage()); +// } +// +// }else { +// biz = bizMsgStr; +// } //임시코드 시작 String logType = PropManager.getInstance().getProperty("BIZ_LOG_TYPE"); diff --git a/src/main/java/com/eactive/eai/common/logger/EAILogDAO.java b/src/main/java/com/eactive/eai/common/logger/EAILogDAO.java index 55b386f..a8c500d 100644 --- a/src/main/java/com/eactive/eai/common/logger/EAILogDAO.java +++ b/src/main/java/com/eactive/eai/common/logger/EAILogDAO.java @@ -3,8 +3,6 @@ package com.eactive.eai.common.logger; import java.nio.charset.Charset; import java.util.Properties; -import com.eactive.eai.authserver.service.OAuth2Manager; -import com.eactive.eai.authserver.vo.ClientVO; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; @@ -14,13 +12,10 @@ import org.springframework.transaction.annotation.Transactional; import com.eactive.eai.adapter.AdapterGroupVO; import com.eactive.eai.adapter.AdapterManager; import com.eactive.eai.agent.encryption.EncryptionManager; +import com.eactive.eai.authserver.service.OAuth2Manager; +import com.eactive.eai.authserver.vo.ClientVO; import com.eactive.eai.common.dao.DAOException; import com.eactive.eai.common.exception.ExceptionUtil; -import com.eactive.eai.common.logger.EAILogLogger; -import com.eactive.eai.common.logger.StatAdapterLogLogger; -import com.eactive.eai.common.logger.StatLogLogger; -import com.eactive.eai.common.logger.StatTranLogLogger; -import com.eactive.eai.common.logger.SubMessageLogLogger; import com.eactive.eai.common.logger.mapper.StatAdapterLogMapper; import com.eactive.eai.common.logger.mapper.StatLogMapper; import com.eactive.eai.common.logger.mapper.StatTranLogMapper; @@ -30,7 +25,6 @@ import com.eactive.eai.common.message.MessageType; import com.eactive.eai.common.message.ServiceMessage; import com.eactive.eai.common.monitor.StatMonitorLogVO; import com.eactive.eai.common.property.PropManager; - import com.eactive.eai.common.server.EAIServerManager; import com.eactive.eai.common.server.EAIServerVO; import com.eactive.eai.common.server.loader.EAIServerLoader; @@ -55,11 +49,10 @@ import com.eactive.eai.transformer.layout.Item; import com.eactive.eai.transformer.layout.Layout; import com.eactive.eai.transformer.transform.Transform; import com.eactive.eai.transformer.transform.TransformManager; -import com.eactive.eai.util.HexaConverter; -import com.ext.eai.common.stdmessage.STDMessageKeys; // safeDB import com.eactive.ext.kjb.safedb.KjbSafedbWrapper; import com.eactive.ext.kjb.safedb.Utils; +import com.ext.eai.common.stdmessage.STDMessageKeys; @Service @@ -478,20 +471,12 @@ public class EAILogDAO { } */ - // jwhong safeDB 암호화 - - if ("Y".equalsIgnoreCase(EncryptionManager.getInstance().getEncryptYN())) { - try { - biz = EncryptSafeDb(bizMsgStr); - } catch (Exception e) { - logger.error("EAIFileLogger] bizMsgStr encryption Error - " + e.getMessage()); - biz = bizMsgStr; - } - } else { + try { + biz = EncryptionManager.getInstance().encryptDBData(bizMsgStr); + } catch (Exception e) { + logger.error("EAIFileLogger] bizMsgStr encryption Error - " + e.getMessage()); biz = bizMsgStr; - } - - // jwhong safeDB end + } // 임시코드 시작 String logType = PropManager.getInstance().getProperty("BIZ_LOG_TYPE"); @@ -860,88 +845,6 @@ public class EAILogDAO { } return false; } - - - private String EncryptSafeDb(String attribute) { - String originalAttribute = attribute; - if (StringUtils.isNotEmpty(attribute)) { - KjbSafedbWrapper wrapper = KjbSafedbWrapper.getInstance(); - attribute = wrapper.encryptNotRnnoString(attribute); - - if (logger.isInfo()) { - // originalAttribute 홀수 글자 마스킹 - StringBuilder sb = new StringBuilder(); - for (int i = 0; i < originalAttribute.length(); i++) { - if (i % 2 == 0) { - sb.append(originalAttribute.charAt(i)); - } else { - sb.append("*"); - } - } - - originalAttribute = sb.toString(); - // System.out.println("DB 암호화 #2 : {"+ originalAttribute +"} -> {"+attribute+"}"); - //logger.debug("DB 암호화 #2 : {} -> {}", originalAttribute, attribute); - } - } - return attribute; - - } - - public String DecryptSafeDb(String dbData) { - - String dbDataOriginal = dbData; - if (StringUtils.isNotEmpty(dbData)) { - if (this.isEncrypted(dbData)) { - KjbSafedbWrapper safeDBWrapper = KjbSafedbWrapper.getInstance(); - try { - dbData = safeDBWrapper.decryptNotRnno(dbData); - } catch (Exception e) { - // 복호화 실패시 원본 반환 - String logData = dbData.length() <= 3 ? dbData : dbData.substring(0, 3) + "..."; - logger.warn("DB 복호화 실패: 복호화하지 않고 원본 반환. dbData={} (Length : {})", logData, dbData.length()); - return dbData; - } - } else { - logger.debug("DB 복호화 경고: Base64 형식이 아님. 복호화하지 않고 원본 반환. dbData={}", dbData); - } - } - - //logger.debug("DB 복호화 #2 : {} -> {}", dbDataOriginal, dbData); - - return dbData; - } - - /** - * 암호화 여부 확인(base64 인코딩 여부로 판단, 또는 0-9, - 로 구성된 경우 암호화 되지 않은 걸로 판단(연락처)) - * @param data - * @return - */ - private boolean isEncrypted(String data) { - if (StringUtils.isEmpty(data)) { - return false; - } - - // 숫자, - 로만 구성된 경우 암호화 되지 않은 걸로 판단 (ex: 연락처) - if (data.matches("^[0-9-]+$")) { - return false; - } - - data = data.trim(); - - // Base64 형식 체크 - if (!Utils.isBase64(data)) { - return false; - } - - // Base64 길이 체크 (4의 배수) - if (data.length() % 4 != 0) { - return false; - } - - - return true; - } /* diff --git a/src/main/java/com/eactive/eai/inbound/error/InboundErrorInfoDAO.java b/src/main/java/com/eactive/eai/inbound/error/InboundErrorInfoDAO.java index 546619b..3e66fa4 100644 --- a/src/main/java/com/eactive/eai/inbound/error/InboundErrorInfoDAO.java +++ b/src/main/java/com/eactive/eai/inbound/error/InboundErrorInfoDAO.java @@ -28,37 +28,11 @@ public class InboundErrorInfoDAO extends BaseDAO { private InboundErrorInfoMapper inboundErrorInfoMapper; public void addInboundErrorInfo(InboundErrorInfoVO vo) throws DAOException { - EncryptionManager manager = EncryptionManager.getInstance(); String bzwkDataCtnt = vo.getBwkDataTxt(); - - // 업무데이터를 암호화할 경우 길이가 늘어나는 문제가 있으므로 double check 함 - if ("Y".equalsIgnoreCase(manager.getEncryptYN())) { - if (bzwkDataCtnt.length() > 2000) { - bzwkDataCtnt = StringUtil.chunkString(bzwkDataCtnt, 2000); - } - - String encbzwkDataCtnt = null; - try { - encbzwkDataCtnt = ScpDbAgentUtil.ScpEncB64( - PropManager.getInstance().getProperties(ScpDbAgentUtil.EXT_MODULE), bzwkDataCtnt, "EUC-KR"); - } catch (Exception e) { - logger.error("addInboundErrorInfo] scpdb_agent encryption Error - " + e.getMessage()); - } - - // double check - if (encbzwkDataCtnt != null && encbzwkDataCtnt.length() > 4000) { - bzwkDataCtnt = StringUtil.chunkString(bzwkDataCtnt, 500); - try { - encbzwkDataCtnt = ScpDbAgentUtil.ScpEncB64( - PropManager.getInstance().getProperties(ScpDbAgentUtil.EXT_MODULE), bzwkDataCtnt, "EUC-KR"); - bzwkDataCtnt = encbzwkDataCtnt; - } catch (Exception e) { - logger.error("addInboundErrorInfo] scpdb_agent encryption Error - " + e.getMessage()); - } - } - } else { - bzwkDataCtnt = StringUtil.chunkString(bzwkDataCtnt, 4000); - } + + // db 암호화 + bzwkDataCtnt = EncryptionManager.getInstance().encryptDBData(bzwkDataCtnt); + vo.setBwkDataTxt(bzwkDataCtnt); try { vo.setErrTm((vo.getErrTm()).substring(0, 16));