代码授权码加密与混淆demo

Author: lyb-geek

.gitignore

@@ -619,3 +619,7 @@
 /springboot-unit-resp/target/classes/com/github/lybgeek/user/service/impl/UserServiceImpl.class
 /springboot-unit-resp/target/classes/com/github/lybgeek/user/service/UserService.class
 /springboot-unit-resp/target/generated-sources/annotations/com/github/lybgeek/user/convert/UserConvertImpl.java
+/springboot-code-authorization/target/classes/
+/springboot-code-authorization/springboot-code-authorization.iml
+/springboot-mybatis-autoId/target/
+/springboot-mybatis-autoId/springboot-mybatis-autoId.iml

pom.xml

@@ -32,6 +32,7 @@
         <module>springboot-mq-idempotent-consume</module>
         <module>springboot-unit-resp</module>
         <module>springboot-mybatis-autoId</module>
+        <module>springboot-code-authorization</module>
     </modules>
     <parent>
         <groupId>org.springframework.boot</groupId>
@@ -467,12 +468,6 @@
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
 
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-devtools</artifactId>
-            <scope>runtime</scope>
-            <optional>true</optional>
-        </dependency>
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>

springboot-code-authorization/ReadME.md

@@ -0,0 +1 @@
+该demo主要演示通过自定类加载器来实现代码加密，以及通过proguard插件来实现混淆加密，并把自定义加载器加载的类与spring进行整合

springboot-code-authorization/UserServiceImpl.class

@@ -0,0 +1,173 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>springboot-learning</artifactId>
+        <groupId>com.github.lybgeek</groupId>
+        <version>0.0.1-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>springboot-code-authorization</artifactId>
+
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-freemarker</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.baomidou</groupId>
+            <artifactId>mybatis-plus-boot-starter</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.baomidou</groupId>
+            <artifactId>mybatis-plus-generator</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.yaml</groupId>
+            <artifactId>snakeyaml</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.alibaba</groupId>
+            <artifactId>druid-spring-boot-starter</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-aop</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>cglib</groupId>
+            <artifactId>cglib</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>mysql</groupId>
+            <artifactId>mysql-connector-java</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-configuration-processor</artifactId>
+            <optional>true</optional>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.mybatis.spring.boot</groupId>
+            <artifactId>mybatis-spring-boot-starter</artifactId>
+        </dependency>
+
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+
+            <plugin>
+                <groupId>com.github.wvengen</groupId>
+                <artifactId>proguard-maven-plugin</artifactId>
+                <version>2.0.14</version>
+                <executions>
+                    <execution>
+                        <!-- 混淆时刻，这里是打包的时候混淆-->
+                        <phase>package</phase>
+                        <goals>
+                            <!-- 使用插件的什么功能: 混淆-->
+                            <goal>proguard</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <proguardVersion>6.0.2</proguardVersion>
+                    <!-- 是否将生成的PG文件安装部署-->
+                    <attach>true</attach>
+                    <!-- 是否混淆-->
+                    <obfuscate>true</obfuscate>
+                    <!-- 指定生成文件分类 -->
+                    <attachArtifactClassifier>pg</attachArtifactClassifier>
+                    <options>
+                        <!-- JDK目标版本1.8-->
+                        <option>-target 1.8</option>
+                        <!-- 不做收缩（删除注释、未被引用代码）-->
+                        <option>-dontshrink</option>
+                        <!-- 不做优化（变更代码实现逻辑）-->
+                        <option>-dontoptimize</option>
+                        <!-- 不路过非公用类文件及成员-->
+                        <option>-dontskipnonpubliclibraryclasses</option>
+                        <option>-dontskipnonpubliclibraryclassmembers</option>
+                        <!-- 优化时允许访问并修改有修饰符的类和类的成员 -->
+                        <option>-allowaccessmodification</option>
+                        <!-- 确定统一的混淆类的成员名称来增加混淆-->
+                        <option>-useuniqueclassmembernames</option>
+
+                        <!--保证spring注解能力-->
+                        <option>-keepdirectories</option>
+
+                        <!-- 不混淆所有包名，本人测试混淆后WEB项目问题实在太多，毕竟Spring配置中有大量固定写法的包名-->
+                        <option>-keeppackagenames</option>
+                        <!-- 不混淆所有特殊的类-->
+                        <option>-keepattributes
+                            Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LineNumberTable,LocalVariable*Table,*Annotation*,Synthetic,EnclosingMethod
+                        </option>
+                        <!-- 不混淆所有的set/get方法，毕竟项目中使用的部分第三方框架（例如Shiro）会用到大量的set/get映射-->
+                        <option>-keepclassmembers public class * {void set*(***);*** get*();}</option>
+
+                        <option>-keep class com.github.lybgeek.user.**.entity.** {*;}</option>
+                        <option>-keep class com.fuse.cdn.api.modules.**.dto.** {*;}</option>
+
+
+                        <!-- 以下包因为大部分是Spring管理的Bean，不对包类的类名进行混淆，但对类中的属性和方法混淆-->
+                        <option>-keep class com.github.lybgeek.user.**.controller.**</option>
+                        <option>-keep class com.github.lybgeek.user.**.service.**</option>
+                        <option>-keep class ccom.github.lybgeek.user.**.dao.**{*;}</option>
+
+
+                        <!-- 不混淆启动类，否则spring-boot不能正常启动 -->
+                        <option>-keep class com.github.lybgeek.CodeAuthorizationApplication</option>
+
+                        <!-- 忽略打包时的告警信息 -->
+                        <option>-ignorewarnings</option>
+
+                    </options>
+                    <outjar>${project.build.finalName}</outjar>
+                    <!-- 添加依赖，这里你可以按你的需要修改，这里测试只需要一个JRE的Runtime包就行了 -->
+                    <libs>
+                        <lib>${java.home}/lib/rt.jar</lib>
+                        <lib>${java.home}/lib/jce.jar</lib>
+                    </libs>
+                    <outputDirectory>${project.build.directory}</outputDirectory>
+                </configuration>
+                <dependencies>
+                    <dependency>
+                        <groupId>net.sf.proguard</groupId>
+                        <artifactId>proguard-base</artifactId>
+                        <version>6.0.2</version>
+                        <scope>runtime</scope>
+                    </dependency>
+                </dependencies>
+            </plugin>
+        </plugins>
+    </build>
+
+
+</project>

springboot-code-authorization/pom.xml

@@ -0,0 +1,18 @@
+package com.github.lybgeek;
+
+
+import org.mybatis.spring.annotation.MapperScan;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+@MapperScan(basePackages = "com.github.lybgeek.**.dao")
+public class CodeAuthorizationApplication {
+
+
+	public static void main(String[] args) {
+		SpringApplication.run(CodeAuthorizationApplication.class, args);
+	}
+
+
+}

springboot-code-authorization/src/main/java/com/github/lybgeek/CodeAuthorizationApplication.java

@@ -0,0 +1,127 @@
+package com.github.lybgeek.common.classloader;
+
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+
+import java.io.ByteArrayOutputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+@Slf4j
+public class CustomClassLoader extends ClassLoader{
+
+    /**
+     * 授权码
+     */
+    private String secretKey;
+
+    private String SECRETKEY_PREFIX = "lyb-geek";
+
+
+    /**
+     * class文件的根目录
+     */
+    private String classRootDir = "META-INF/services/";
+
+    public CustomClassLoader(String secretKey) {
+        this.secretKey = secretKey;
+    }
+
+
+    public String getClassRootDir() {
+        return classRootDir;
+    }
+
+    public void setClassRootDir(String classRootDir) {
+        this.classRootDir = classRootDir;
+    }
+
+    @Override
+    protected Class<?> findClass(String name) throws ClassNotFoundException {
+
+        Class<?> clz = findLoadedClass(name);
+        //先查询有没有加载过这个类。如果已经加载，则直接返回加载好的类。如果没有，则加载新的类。
+        if(clz != null){
+            return clz;
+        }else{
+            ClassLoader parent = this.getParent();
+            clz = getaClass(name, clz, parent);
+
+            if(clz != null){
+                return clz;
+            }else{
+                clz = getaClass(name);
+            }
+
+        }
+
+        return clz;
+
+    }
+
+    private Class<?> getaClass(String name) throws ClassNotFoundException {
+        Class<?> clz;
+        byte[] classData = getClassData(name);
+        if(classData == null){
+            throw new ClassNotFoundException();
+        }else{
+            clz = defineClass(name, classData, 0,classData.length);
+        }
+        return clz;
+    }
+
+    private Class<?> getaClass(String name, Class<?> clz, ClassLoader parent) {
+        try {
+            //委派给父类加载
+            clz = parent.loadClass(name);
+        } catch (Exception e) {
+           //log.warn("parent load class fail："+ e.getMessage(),e);
+        }
+        return clz;
+    }
+
+    private byte[] getClassData(String classname){
+        if(StringUtils.isEmpty(secretKey) || !secretKey.contains(SECRETKEY_PREFIX) || secretKey.split(SECRETKEY_PREFIX).length != 2){
+            throw new RuntimeException("secretKey is illegal");
+        }
+        String path = CustomClassLoader.class.getClassLoader().getResource("META-INF/services/").getPath() +"/"+ classname+".lyb";
+        InputStream is = null;
+        ByteArrayOutputStream bas = null;
+        try{
+            is  = new FileInputStream(path);
+            bas = new ByteArrayOutputStream();
+            int len;
+            //解密
+            String[] arrs = secretKey.split(SECRETKEY_PREFIX);
+            long key = Long.valueOf(arrs[1]);
+          //  System.out.println("key:"+key);
+            while((len = is.read())!=-1){
+                byte data = (byte)(len - key - secretKey.length());
+                bas.write(data);
+            }
+            return bas.toByteArray();
+        }catch(Exception e){
+            e.printStackTrace();
+            return null;
+        }finally{
+            try {
+                if(is!=null){
+                    is.close();
+                }
+            } catch (IOException e) {
+                log.error("encrypt fail:"+e.getMessage(),e);
+            }
+            try {
+                if(bas!=null){
+                    bas.close();
+                }
+            } catch (IOException e) {
+                e.printStackTrace();
+            }
+        }
+
+    }
+
+
+}