diff --git a/.gitignore b/.gitignore index 6b285d2..10438f6 100644 --- a/.gitignore +++ b/.gitignore @@ -99,11 +99,11 @@ local.properties # When using Gradle or Maven with auto-import, you should exclude module files, # since they will be recreated, and may cause churn. Uncomment if using # auto-import. -# .idea/modules.xml -# .idea/*.iml -# .idea/modules -# *.iml -# *.ipr + .idea/modules.xml + .idea/*.iml + .idea/modules + *.iml + *.ipr # CMake cmake-build-*/ diff --git a/build.gradle b/build.gradle index de917f6..f155786 100644 --- a/build.gradle +++ b/build.gradle @@ -79,6 +79,7 @@ tasks.withType(JavaCompile) { } dependencies { + api project(':kjb-safedb') api "com.querydsl:querydsl-jpa:${queryDslVersion}" api "com.querydsl:querydsl-apt:${queryDslVersion}" diff --git a/src/main/java/com/eactive/apim/portal/portaluser/entity/PortalUser.java b/src/main/java/com/eactive/apim/portal/portaluser/entity/PortalUser.java index 1c63d96..74b8715 100644 --- a/src/main/java/com/eactive/apim/portal/portaluser/entity/PortalUser.java +++ b/src/main/java/com/eactive/apim/portal/portaluser/entity/PortalUser.java @@ -6,6 +6,8 @@ import com.eactive.apim.portal.portaluser.entity.PortalUserEnums.ApprovalStatus; import com.eactive.apim.portal.portaluser.entity.PortalUserEnums.RoleCode; import com.eactive.apim.portal.portaluser.entity.PortalUserEnums.UserStatus; import java.io.Serializable; + +import kjb.safedb.KjbNotRnnoJpaAttributeConverter; import lombok.Data; import lombok.EqualsAndHashCode; import org.hibernate.annotations.Comment; @@ -28,8 +30,9 @@ public class PortalUser extends Auditable implements Serializable, com.eactive.e @GeneratedValue(generator = "uuid-gen", strategy = GenerationType.IDENTITY) private String id; - @Column(name = "login_id", length = 32, nullable = false) + @Column(name = "login_id", length = 200, nullable = false) @Comment("로그인ID") + @Convert(converter = KjbNotRnnoJpaAttributeConverter.class) private String loginId; @Column(name = "password_hash", length = 60) @@ -40,16 +43,19 @@ public class PortalUser extends Auditable implements Serializable, com.eactive.e @Comment("사용자이름") private String userName; - @Column(name = "phone_number", length = 12) + @Column(name = "phone_number", length = 50) @Comment("전화번호") + @Convert(converter = KjbNotRnnoJpaAttributeConverter.class) private String phoneNumber; - @Column(name = "mobile_number", length = 20) + @Column(name = "mobile_number", length = 50) @Comment("휴대폰 번호") + @Convert(converter = KjbNotRnnoJpaAttributeConverter.class) private String mobileNumber; - @Column(name = "email_addr", length = 30) + @Column(name = "email_addr", length = 200) @Comment("이메일주소") + @Convert(converter = KjbNotRnnoJpaAttributeConverter.class) private String emailAddr; @ManyToOne(fetch = FetchType.EAGER) diff --git a/src/main/java/kjb/safedb/KjbNotRnnoJpaAttributeConverter.java b/src/main/java/kjb/safedb/KjbNotRnnoJpaAttributeConverter.java new file mode 100644 index 0000000..1a9fb5e --- /dev/null +++ b/src/main/java/kjb/safedb/KjbNotRnnoJpaAttributeConverter.java @@ -0,0 +1,85 @@ +package kjb.safedb; + +import com.eactive.ext.kjb.safedb.KjbSafedbMode; +import com.eactive.ext.kjb.safedb.KjbSafedbWrapper; +import com.eactive.ext.kjb.safedb.SafeDBColumns; +import com.eactive.ext.kjb.safedb.Utils; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; + +import javax.persistence.AttributeConverter; +import javax.persistence.Converter; + +@Converter +@Slf4j +public class KjbNotRnnoJpaAttributeConverter implements AttributeConverter { + /** + * 암호화 + * @param attribute the entity attribute value to be converted + * @return + */ + @Override + public String convertToDatabaseColumn(String attribute) { + log.debug("DB 암호화 #1 - {} / {}", attribute, SafeDBColumns.NOT_RNNO); + + String originalAttribute = attribute; + if (StringUtils.isNotEmpty(attribute)) { + KjbSafedbWrapper wrapper = KjbSafedbWrapper.getInstance(KjbSafedbMode.REAL); + attribute = wrapper.encryptNotRnnoString(attribute); + } + + log.debug("DB 암호화 #2 : {} -> {}", originalAttribute, attribute); + + return attribute; + } + + /** + * 복호화 + * @param dbData the data from the database column to be + * converted + * @return + */ + @Override + public String convertToEntityAttribute(String dbData) { + log.debug("DB 복호화 #1 - {} / {}", dbData, SafeDBColumns.NOT_RNNO); + + String dbDataOriginal = dbData; + if (StringUtils.isNotEmpty(dbData)) { + if (this.isEncrypted(dbData)) { + KjbSafedbWrapper safeDBWrapper = KjbSafedbWrapper.getInstance(); + dbData = safeDBWrapper.decryptNotRnno(dbData); + } else { + log.debug("DB 복호화 경고: Base64 형식이 아님. 복호화하지 않고 원본 반환. dbData={}", dbData); + } + } + + log.debug("DB 복호화 #2 : {} -> {}", dbDataOriginal, dbData); + + return dbData; + } + + /** + * 암호화 여부 확인(base64 인코딩 여부로 판단, 또는 0-9, - 로 구성된 경우 암호화 되지 않은 걸로 판단(연락처)) + * @param data + * @return + */ + private boolean isEncrypted(String data) { + if (StringUtils.isEmpty(data)) { + return false; + } + + // 숫자, - 로만 구성된 경우 암호화 되지 않은 걸로 판단 (ex: 연락처) + if (data.matches("^[0-9-]+$")) { + return false; + } + + data = data.trim(); + + // Base64 형식 체크 + if (Utils.isBase64(data)) { + return true; + } + + return false; + } +}