diff --git a/polaris-assembly/polaris-assembly-client/src/main/java/com/tencent/polaris/assembly/client/flow/DefaultAssemblyFlow.java b/polaris-assembly/polaris-assembly-client/src/main/java/com/tencent/polaris/assembly/client/flow/DefaultAssemblyFlow.java
index 2fc6a559e..b8d7315a1 100644
--- a/polaris-assembly/polaris-assembly-client/src/main/java/com/tencent/polaris/assembly/client/flow/DefaultAssemblyFlow.java
+++ b/polaris-assembly/polaris-assembly-client/src/main/java/com/tencent/polaris/assembly/client/flow/DefaultAssemblyFlow.java
@@ -17,21 +17,13 @@
package com.tencent.polaris.assembly.client.flow;
-import java.util.Collections;
-import java.util.List;
-
import com.tencent.polaris.api.config.Configuration;
import com.tencent.polaris.api.config.global.FlowConfig;
import com.tencent.polaris.api.plugin.compose.Extensions;
import com.tencent.polaris.api.plugin.loadbalance.LoadBalancer;
import com.tencent.polaris.api.plugin.route.RouteInfo;
import com.tencent.polaris.api.plugin.stat.TraceReporter;
-import com.tencent.polaris.api.pojo.Instance;
-import com.tencent.polaris.api.pojo.ServiceEventKey;
-import com.tencent.polaris.api.pojo.ServiceInfo;
-import com.tencent.polaris.api.pojo.ServiceInstances;
-import com.tencent.polaris.api.pojo.ServiceKey;
-import com.tencent.polaris.api.pojo.SourceService;
+import com.tencent.polaris.api.pojo.*;
import com.tencent.polaris.api.rpc.RequestBaseEntity;
import com.tencent.polaris.api.rpc.ServiceCallResult;
import com.tencent.polaris.api.utils.CollectionUtils;
@@ -46,6 +38,9 @@
import com.tencent.polaris.client.flow.ResourcesResponse;
import com.tencent.polaris.discovery.client.flow.CommonInstancesRequest;
+import java.util.Collections;
+import java.util.List;
+
public class DefaultAssemblyFlow implements AssemblyFlow {
private SDKContext sdkContext;
diff --git a/polaris-assembly/polaris-assembly-factory/pom.xml b/polaris-assembly/polaris-assembly-factory/pom.xml
index d0daa3357..b962e1545 100644
--- a/polaris-assembly/polaris-assembly-factory/pom.xml
+++ b/polaris-assembly/polaris-assembly-factory/pom.xml
@@ -84,6 +84,11 @@
event-logger
${project.version}
+
+ com.tencent.polaris
+ event-tsf
+ ${project.version}
+
diff --git a/polaris-auth/polaris-auth-factory/pom.xml b/polaris-auth/polaris-auth-factory/pom.xml
index 22bbf7fe0..e3d60ce4c 100644
--- a/polaris-auth/polaris-auth-factory/pom.xml
+++ b/polaris-auth/polaris-auth-factory/pom.xml
@@ -20,6 +20,11 @@
polaris-auth-client
${project.version}
+
+ com.tencent.polaris
+ auth-block-allow-list
+ ${project.version}
+
com.tencent.polaris
polaris-client
diff --git a/polaris-circuitbreaker/polaris-circuitbreaker-factory/pom.xml b/polaris-circuitbreaker/polaris-circuitbreaker-factory/pom.xml
index 6ee389974..30bd2bfa4 100644
--- a/polaris-circuitbreaker/polaris-circuitbreaker-factory/pom.xml
+++ b/polaris-circuitbreaker/polaris-circuitbreaker-factory/pom.xml
@@ -106,6 +106,11 @@
event-logger
${project.version}
+
+ com.tencent.polaris
+ event-tsf
+ ${project.version}
+
diff --git a/polaris-common/polaris-client/src/main/java/com/tencent/polaris/client/flow/BaseFlow.java b/polaris-common/polaris-client/src/main/java/com/tencent/polaris/client/flow/BaseFlow.java
index 0bab28256..3aadf48bb 100644
--- a/polaris-common/polaris-client/src/main/java/com/tencent/polaris/client/flow/BaseFlow.java
+++ b/polaris-common/polaris-client/src/main/java/com/tencent/polaris/client/flow/BaseFlow.java
@@ -297,7 +297,7 @@ private static boolean loadLocalResources(ServiceEventKey svcEventKey, Resources
}
public static Instance processLoadBalance(LoadBalancer loadBalancer, Criteria criteria,
- ServiceInstances dstInstances, List weightAdjusters) throws PolarisException {
+ ServiceInstances dstInstances, List weightAdjusters) throws PolarisException {
if (criteria == null) {
criteria = new Criteria();
}
@@ -357,6 +357,9 @@ public static void reportFlowEvent(Extensions extensions, FlowEvent flowEvent) {
}
for (EventReporter eventReporter : eventReporterList) {
try {
+ if (!eventReporter.isEnabled()) {
+ continue;
+ }
if (!eventReporter.reportEvent(flowEvent)) {
LOG.warn("Report event by {} failed. Flow event detail: {}", eventReporter.getName(), flowEvent);
}
diff --git a/polaris-common/polaris-config-default/src/main/resources/conf/default-config.yml b/polaris-common/polaris-config-default/src/main/resources/conf/default-config.yml
index c52f22391..396042b68 100644
--- a/polaris-common/polaris-config-default/src/main/resources/conf/default-config.yml
+++ b/polaris-common/polaris-config-default/src/main/resources/conf/default-config.yml
@@ -86,6 +86,12 @@ global:
#描述: 事件上报插件名列表
reporters:
- logger
+ # 描述:事件上报插件配置
+ plugin:
+ # 描述:TSF 事件上报插件配置
+ tsf:
+ # 描述:TSF 事件上报开关
+ enable: false
# 描述:Admin相关的配置
admin:
# 描述:Admin的监听的IP
@@ -286,7 +292,7 @@ consumer:
weightAdjust:
enable: true
chain:
- # 开启了服务预热插件,可以支持多个动态权重调整插件同时生效
+ # 开启了服务预热插件,可以支持多个动态权重调整插件同时生效
# - warmup
# 被调方配置
provider:
diff --git a/polaris-common/polaris-encrypt/pom.xml b/polaris-common/polaris-encrypt/pom.xml
new file mode 100644
index 000000000..541a5738e
--- /dev/null
+++ b/polaris-common/polaris-encrypt/pom.xml
@@ -0,0 +1,35 @@
+
+
+
+ polaris-common
+ com.tencent.polaris
+ ${revision}
+ ../pom.xml
+
+ 4.0.0
+
+ polaris-encrypt
+ Polaris Common Encrypt
+ Polaris Common Encrypt JAR
+
+
+
+ com.tencent.polaris
+ polaris-model
+ ${project.version}
+
+
+ org.slf4j
+ slf4j-api
+ ${slf4j.version}
+ provided
+
+
+ org.bouncycastle
+ bcpkix-jdk15to18
+ ${bouncycastle.version}
+
+
+
\ No newline at end of file
diff --git a/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/ConfigEncryptProvider.java b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/ConfigEncryptProvider.java
new file mode 100644
index 000000000..b7c0af543
--- /dev/null
+++ b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/ConfigEncryptProvider.java
@@ -0,0 +1,44 @@
+/*
+ * Tencent is pleased to support the open source community by making Polaris available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.polaris.encrypt;
+
+/**
+ * TSF 配置加密提供器接口
+ *
+ * @author hongweizhu
+ */
+public abstract class ConfigEncryptProvider {
+
+ /**
+ * 加密
+ *
+ * @param content 明文
+ * @param password 密码
+ * @return 密文
+ */
+ public abstract String encrypt(String content, String password);
+
+ /**
+ * 解密
+ *
+ * @param encryptedContent 密文
+ * @param password 密码
+ * @return 明文
+ */
+ public abstract String decrypt(String encryptedContent, String password);
+}
diff --git a/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/ConfigEncryptProviderFactory.java b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/ConfigEncryptProviderFactory.java
new file mode 100644
index 000000000..278910a9a
--- /dev/null
+++ b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/ConfigEncryptProviderFactory.java
@@ -0,0 +1,40 @@
+/*
+ * Tencent is pleased to support the open source community by making Polaris available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.polaris.encrypt;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class ConfigEncryptProviderFactory {
+
+ private static final Logger log = LoggerFactory.getLogger(ConfigEncryptProviderFactory.class);
+
+ private static ConfigEncryptProvider configEncryptProvider = null;
+
+ public static ConfigEncryptProvider getInstance() {
+ if (null == configEncryptProvider) {
+ try {
+ Class> providerClass = Class.forName(EncryptConfig.getProviderClass());
+ configEncryptProvider = (ConfigEncryptProvider) providerClass.newInstance();
+ } catch (ClassNotFoundException | InstantiationException | IllegalAccessException e) {
+ log.error("get config encrypt provider error", e);
+ }
+ }
+ return configEncryptProvider;
+ }
+}
diff --git a/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/EncryptConfig.java b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/EncryptConfig.java
new file mode 100644
index 000000000..1bc02b58e
--- /dev/null
+++ b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/EncryptConfig.java
@@ -0,0 +1,122 @@
+/*
+ * Tencent is pleased to support the open source community by making Polaris available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.polaris.encrypt;
+
+import com.tencent.polaris.api.utils.ClassUtils;
+import com.tencent.polaris.api.utils.StringUtils;
+
+public class EncryptConfig {
+
+ private static final String TSF_PASSWORD_KEY = "tsf_config_encrypt_password";
+
+ private static final String PASSWORD_KEY = "config_encrypt_password";
+
+ static {
+ // TSF 环境变量
+ if (null != System.getenv(TSF_PASSWORD_KEY)) {
+ password = System.getenv(TSF_PASSWORD_KEY);
+ }
+ // TSF JVM参数
+ if (null != System.getProperty(TSF_PASSWORD_KEY)) {
+ password = System.getProperty(TSF_PASSWORD_KEY);
+ }
+ // 环境变量
+ if (null != System.getenv(PASSWORD_KEY)) {
+ password = System.getenv(PASSWORD_KEY);
+ }
+ // JVM参数
+ if (null != System.getProperty(PASSWORD_KEY)) {
+ password = System.getProperty(PASSWORD_KEY);
+ }
+ }
+
+ /**
+ * 加密前缀
+ */
+ public static String ENCRYPT_PREFIX = "ENC(";
+ /**
+ * 加密后缀
+ */
+ public static String ENCRYPT_SUFFIX = ")";
+
+ /**
+ * 密码
+ */
+ private static String password;
+
+ /**
+ * 加解密提供器类名
+ */
+ private static String providerClass = "com.tencent.polaris.encrypt.impl.ConfigEncryptAESProvider";
+
+ /**
+ * 是否开启配置,判断 password 是否为空
+ */
+ public static Boolean getEnabled() {
+ return StringUtils.isNotBlank(password);
+ }
+
+ public static String getPassword() {
+ return EncryptConfig.password;
+ }
+
+ public static void setPassword(String password) {
+ EncryptConfig.password = password;
+ }
+
+ public static ConfigEncryptProvider getProvider() {
+ return ConfigEncryptProviderFactory.getInstance();
+ }
+
+ public static String getProviderClass() {
+ return providerClass;
+ }
+
+ public static void setProviderClass(String providerClass) {
+ EncryptConfig.providerClass = providerClass;
+ }
+
+ /**
+ * 是否需要进行解密
+ *
+ * @param content 判断对象
+ * @return true:需要解密;false:不需要解密
+ */
+ public static Boolean needDecrypt(Object content) {
+ if (null == content || !ClassUtils.isClassPresent("org.bouncycastle.jce.provider.BouncyCastleProvider")) {
+ return false;
+ } else {
+ String stringValue = String.valueOf(content);
+ return stringValue.startsWith(ENCRYPT_PREFIX) && stringValue.endsWith(ENCRYPT_SUFFIX);
+ }
+ }
+
+ /**
+ * 获取真实密文
+ *
+ * @param content 原始配置值
+ * @return 真实密文
+ */
+ public static String realContent(Object content) {
+ if (null != content) {
+ String stringValue = String.valueOf(content);
+ return stringValue.substring(ENCRYPT_PREFIX.length(), stringValue.length() - ENCRYPT_SUFFIX.length());
+ }
+ return null;
+ }
+}
diff --git a/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/impl/ConfigEncryptAESProvider.java b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/impl/ConfigEncryptAESProvider.java
new file mode 100644
index 000000000..25ebbe463
--- /dev/null
+++ b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/impl/ConfigEncryptAESProvider.java
@@ -0,0 +1,48 @@
+/*
+ * Tencent is pleased to support the open source community by making Polaris available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.polaris.encrypt.impl;
+
+import com.tencent.polaris.encrypt.ConfigEncryptProvider;
+import com.tencent.polaris.encrypt.util.AESUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class ConfigEncryptAESProvider extends ConfigEncryptProvider {
+
+ private static final Logger log = LoggerFactory.getLogger(ConfigEncryptAESProvider.class);
+
+ @Override
+ public String encrypt(String content, String password) {
+ try {
+ return AESUtil.encrypt(content, password);
+ } catch (Exception e) {
+ log.error("[TSF SDK] Error on encrypting.", e);
+ return content;
+ }
+ }
+
+ @Override
+ public String decrypt(String encryptedContent, String password) {
+ try {
+ return AESUtil.decrypt(encryptedContent, password);
+ } catch (Exception e) {
+ log.error("[TSF SDK] Error on decrypting.", e);
+ return encryptedContent;
+ }
+ }
+}
diff --git a/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/util/AESUtil.java b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/util/AESUtil.java
new file mode 100644
index 000000000..b97b380e9
--- /dev/null
+++ b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/util/AESUtil.java
@@ -0,0 +1,174 @@
+/*
+ * Tencent is pleased to support the open source community by making Polaris available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.polaris.encrypt.util;
+
+import com.tencent.polaris.api.exception.ErrorCode;
+import com.tencent.polaris.api.exception.PolarisException;
+import com.tencent.polaris.api.utils.StringUtils;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.nio.charset.StandardCharsets;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.util.Base64;
+
+/**
+ * @author fabian4, Haotian Zhang
+ */
+public class AESUtil {
+
+ static {
+ Security.addProvider(new BouncyCastleProvider());
+ }
+
+ /**
+ * 生成AES128密钥
+ */
+ public static byte[] generateAesKey() {
+ KeyGenerator keyGenerator;
+ try {
+ keyGenerator = KeyGenerator.getInstance("AES");
+ } catch (NoSuchAlgorithmException e) {
+ throw new PolarisException(ErrorCode.AES_KEY_GENERATE_ERROR, e.getMessage());
+ }
+ SecureRandom secureRandom = new SecureRandom();
+ keyGenerator.init(128, secureRandom);
+ SecretKey secretKey = keyGenerator.generateKey();
+ return secretKey.getEncoded();
+ }
+
+ /**
+ * 生成AES256密钥
+ *
+ * @param seed 随机数种子
+ */
+ public static byte[] generateAesKey(String seed) {
+ KeyGenerator keyGenerator;
+ try {
+ keyGenerator = KeyGenerator.getInstance("AES");
+ SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
+ secureRandom.setSeed(SHA256.encode(seed));
+ keyGenerator.init(256, secureRandom);
+ } catch (NoSuchAlgorithmException e) {
+ throw new PolarisException(ErrorCode.AES_KEY_GENERATE_ERROR, e.getMessage());
+ }
+ SecretKey secretKey = keyGenerator.generateKey();
+ return secretKey.getEncoded();
+ }
+
+ /**
+ * AES加密,AES/CBC/PKCS7Padding
+ *
+ * @param content 需要加密的内容
+ * @param password 加密密码
+ */
+ public static String encrypt(String content, byte[] password) {
+ try {
+ Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
+ byte[] iv = new byte[cipher.getBlockSize()];
+ System.arraycopy(password, 0, iv, 0, cipher.getBlockSize());
+ cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(password, "AES"), new IvParameterSpec(iv));
+ byte[] bytes = cipher.doFinal(content.getBytes());
+ return Base64.getEncoder().encodeToString(bytes);
+ } catch (Exception e) {
+ throw new PolarisException(ErrorCode.AES_ENCRYPT_ERROR, e.getMessage(), e);
+ }
+ }
+
+ /**
+ * AES加密,AES/ECB/PKCS7Padding
+ *
+ * @param content 明文
+ * @param password 密钥
+ * @return 密文
+ */
+ public static String encrypt(String content, String password) {
+ if (StringUtils.isBlank(password)) {
+ throw new PolarisException(ErrorCode.AES_ENCRYPT_ERROR, "Password not found.");
+ }
+ try {
+ byte[] enCodeFormat = generateAesKey(password);
+ // 根据给定的字节数组构造一个密钥。enCodeFormat:密钥内容;"AES":与给定的密钥内容相关联的密钥算法的名称
+ SecretKeySpec skSpec = new SecretKeySpec(enCodeFormat, "AES");
+ // 创建一个实现指定转换的 Cipher对象,该转换由指定的提供程序提供。
+ // "AES/ECB/PKCS7Padding":转换的名称;"BC":提供程序的名称
+ Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC");
+ // 初始化cipher:加密模式
+ cipher.init(Cipher.ENCRYPT_MODE, skSpec);
+ byte[] byteContent = content.getBytes(StandardCharsets.UTF_8);
+ byte[] cryptograph = cipher.doFinal(byteContent);
+ byte[] enryptedContent = org.bouncycastle.util.encoders.Base64.encode(cryptograph);
+ return new String(enryptedContent);
+ } catch (Exception e) {
+ throw new PolarisException(ErrorCode.AES_ENCRYPT_ERROR, "Failed encrypt.", e);
+ }
+ }
+
+ /**
+ * AES解密,AES/CBC/PKCS7Padding
+ *
+ * @param content 待解密内容
+ * @param password 解密密钥
+ */
+ public static String decrypt(String content, byte[] password) {
+ try {
+ Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
+ byte[] iv = new byte[cipher.getBlockSize()];
+ System.arraycopy(password, 0, iv, 0, cipher.getBlockSize());
+ cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(password, "AES"), new IvParameterSpec(iv));
+ byte[] paddingPlaintext = cipher.doFinal(Base64.getDecoder().decode(content));
+ return new String(paddingPlaintext);
+ } catch (Exception e) {
+ throw new PolarisException(ErrorCode.AES_DECRYPT_ERROR, e.getMessage(), e);
+ }
+ }
+
+ /**
+ * AES解密,AES/ECB/PKCS7Padding
+ *
+ * @param encryptedContent 密文
+ * @param password 密钥
+ * @return 明文
+ */
+ public static String decrypt(String encryptedContent, String password) {
+ if (StringUtils.isBlank(password)) {
+ throw new PolarisException(ErrorCode.AES_DECRYPT_ERROR, "Password not found.");
+ }
+ try {
+ byte[] enCodeFormat = generateAesKey(password);
+ // 根据给定的字节数组构造一个密钥。enCodeFormat:密钥内容;"AES":与给定的密钥内容相关联的密钥算法的名称
+ SecretKeySpec skSpec = new SecretKeySpec(enCodeFormat, "AES");
+ // 创建一个实现指定转换的 Cipher对象,该转换由指定的提供程序提供。
+ // "AES/ECB/PKCS7Padding":转换的名称;"BC":提供程序的名称
+ Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC");
+ // 初始化cipher:解密模式
+ cipher.init(Cipher.DECRYPT_MODE, skSpec);
+ byte[] result = cipher.doFinal(org.bouncycastle.util.encoders.Base64.decode(encryptedContent.getBytes(StandardCharsets.UTF_8)));
+ return new String(result);
+ } catch (Exception e) {
+ throw new PolarisException(ErrorCode.AES_DECRYPT_ERROR, "Failed decrypt.", e);
+ }
+ }
+
+}
diff --git a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/util/RSAUtil.java b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/util/RSAUtil.java
similarity index 89%
rename from polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/util/RSAUtil.java
rename to polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/util/RSAUtil.java
index bf6a0068a..b361371ee 100644
--- a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/util/RSAUtil.java
+++ b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/util/RSAUtil.java
@@ -15,7 +15,7 @@
* specific language governing permissions and limitations under the License.
*/
-package com.tencent.polaris.plugins.configfilefilter.util;
+package com.tencent.polaris.encrypt.util;
import com.tencent.polaris.api.exception.ErrorCode;
import com.tencent.polaris.api.exception.PolarisException;
@@ -24,16 +24,10 @@
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
-import java.security.InvalidKeyException;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
+import java.security.*;
/**
- * @author fabian4
- * @date 2023/6/14
+ * @author fabian4, Haotian Zhang
*/
public class RSAUtil {
diff --git a/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/util/SHA256.java b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/util/SHA256.java
new file mode 100644
index 000000000..b26fe19f4
--- /dev/null
+++ b/polaris-common/polaris-encrypt/src/main/java/com/tencent/polaris/encrypt/util/SHA256.java
@@ -0,0 +1,43 @@
+/*
+ * Tencent is pleased to support the open source community by making Polaris available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.tencent.polaris.encrypt.util;
+
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+/**
+ * SHA-256摘要算法
+ *
+ * @author hongweizhu
+ */
+public class SHA256 {
+
+ /**
+ * 计算SHA-256摘要
+ *
+ * @param content 原文
+ * @return 摘要
+ * @throws NoSuchAlgorithmException 算法不存在时抛出
+ */
+ public static byte[] encode(String content) throws NoSuchAlgorithmException {
+ MessageDigest digester = MessageDigest.getInstance("SHA-256");
+ digester.update(content.getBytes(StandardCharsets.UTF_8));
+ return digester.digest();
+ }
+}
diff --git a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/test/java/com/tencent/polaris/plugins/configfilefilter/util/AESUtilTest.java b/polaris-common/polaris-encrypt/src/test/java/com/tencent/polaris/encrypt/util/AESUtilTest.java
similarity index 58%
rename from polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/test/java/com/tencent/polaris/plugins/configfilefilter/util/AESUtilTest.java
rename to polaris-common/polaris-encrypt/src/test/java/com/tencent/polaris/encrypt/util/AESUtilTest.java
index 53e8ce6d7..100d2ddbd 100644
--- a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/test/java/com/tencent/polaris/plugins/configfilefilter/util/AESUtilTest.java
+++ b/polaris-common/polaris-encrypt/src/test/java/com/tencent/polaris/encrypt/util/AESUtilTest.java
@@ -15,32 +15,16 @@
* specific language governing permissions and limitations under the License.
*/
-/*
- * Tencent is pleased to support the open source community by making Polaris available.
- *
- * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
- *
- * Licensed under the BSD 3-Clause License (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * https://opensource.org/licenses/BSD-3-Clause
- *
- * Unless required by applicable law or agreed to in writing, software distributed
- * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
- * CONDITIONS OF ANY KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations under the License.
- */
-
-package com.tencent.polaris.plugins.configfilefilter.util;
+package com.tencent.polaris.encrypt.util;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
/**
- * @author fabian4
- * @date 2023/6/14
+ * Test for {@link AESUtil}.
+ *
+ * @author fabian4, Haotian Zhang
*/
public class AESUtilTest {
@@ -52,4 +36,13 @@ public void testAes() {
String decrypted = AESUtil.decrypt(encrypted, aesKey);
assertEquals(content, decrypted);
}
+
+ @Test
+ public void testAesECB() {
+ String content = "test content";
+ String password = "test password";
+ String encrypted = AESUtil.encrypt(content, password);
+ String decrypted = AESUtil.decrypt(encrypted, password);
+ assertEquals(content, decrypted);
+ }
}
diff --git a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/test/java/com/tencent/polaris/plugins/configfilefilter/util/RSAUtilTest.java b/polaris-common/polaris-encrypt/src/test/java/com/tencent/polaris/encrypt/util/RSAUtilTest.java
similarity index 95%
rename from polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/test/java/com/tencent/polaris/plugins/configfilefilter/util/RSAUtilTest.java
rename to polaris-common/polaris-encrypt/src/test/java/com/tencent/polaris/encrypt/util/RSAUtilTest.java
index 3f912fb1f..e030adf5a 100644
--- a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/test/java/com/tencent/polaris/plugins/configfilefilter/util/RSAUtilTest.java
+++ b/polaris-common/polaris-encrypt/src/test/java/com/tencent/polaris/encrypt/util/RSAUtilTest.java
@@ -15,7 +15,7 @@
* specific language governing permissions and limitations under the License.
*/
-package com.tencent.polaris.plugins.configfilefilter.util;
+package com.tencent.polaris.encrypt.util;
import org.junit.Test;
diff --git a/polaris-common/pom.xml b/polaris-common/pom.xml
index f3c37e929..10f3f44f4 100644
--- a/polaris-common/pom.xml
+++ b/polaris-common/pom.xml
@@ -24,5 +24,6 @@
polaris-logging
polaris-metadata
polaris-threadlocal
+ polaris-encrypt
\ No newline at end of file
diff --git a/polaris-configuration/polaris-configuration-client/pom.xml b/polaris-configuration/polaris-configuration-client/pom.xml
index 481ed1cfd..5c3770358 100644
--- a/polaris-configuration/polaris-configuration-client/pom.xml
+++ b/polaris-configuration/polaris-configuration-client/pom.xml
@@ -1,7 +1,7 @@
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
polaris-configuration
com.tencent.polaris
@@ -20,6 +20,11 @@
polaris-configuration-api
${revision}
+
+ com.tencent.polaris
+ polaris-encrypt
+ ${project.version}
+
com.tencent.polaris
polaris-client
diff --git a/polaris-configuration/polaris-configuration-client/src/main/java/com/tencent/polaris/configuration/client/internal/ConfigPropertiesFile.java b/polaris-configuration/polaris-configuration-client/src/main/java/com/tencent/polaris/configuration/client/internal/ConfigPropertiesFile.java
index 543078c00..839aae94d 100644
--- a/polaris-configuration/polaris-configuration-client/src/main/java/com/tencent/polaris/configuration/client/internal/ConfigPropertiesFile.java
+++ b/polaris-configuration/polaris-configuration-client/src/main/java/com/tencent/polaris/configuration/client/internal/ConfigPropertiesFile.java
@@ -26,6 +26,7 @@
import com.tencent.polaris.configuration.api.core.*;
import com.tencent.polaris.configuration.client.util.ConfigFileUtils;
import com.tencent.polaris.configuration.client.util.ConvertFunctions;
+import com.tencent.polaris.encrypt.EncryptConfig;
import com.tencent.polaris.logging.LoggerFactory;
import org.slf4j.Logger;
@@ -369,12 +370,15 @@ protected Properties convertToProperties(String content) {
}
//默认用 properties 格式解析
- convertToProperties(properties, content);
+ properties = convertToProperties(properties, content);
+
+ // 解密
+ decryptProperties(properties);
return properties;
}
- protected void convertToProperties(Properties properties, String content) {
+ protected Properties convertToProperties(Properties properties, String content) {
try {
properties.load(new InputStreamReader(new ByteArrayInputStream(content.getBytes())));
} catch (IOException e) {
@@ -384,6 +388,26 @@ protected void convertToProperties(Properties properties, String content) {
LOGGER.error(msg, e);
throw new IllegalStateException(msg);
}
+ return properties;
+ }
+
+ protected void decryptProperties(Properties properties) {
+ if (EncryptConfig.getEnabled()) {
+ // 启用加解密
+ for (Map.Entry, ?> entry : properties.entrySet()) {
+ if (EncryptConfig.needDecrypt(entry.getValue())) {
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER.debug("Need Decrypt {}: {}", entry.getKey(), entry.getValue());
+ }
+ // 解密配置值
+ String decryptedValue = EncryptConfig.getProvider()
+ .decrypt(EncryptConfig.realContent(entry.getValue()), EncryptConfig.getPassword());
+ properties.put(entry.getKey().toString(), decryptedValue);
+ } else {
+ properties.put(entry.getKey().toString(), entry.getValue());
+ }
+ }
+ }
}
private void fireChangeEvent(ConfigKVFileChangeEvent event) {
diff --git a/polaris-configuration/polaris-configuration-client/src/main/java/com/tencent/polaris/configuration/client/internal/ConfigYamlFile.java b/polaris-configuration/polaris-configuration-client/src/main/java/com/tencent/polaris/configuration/client/internal/ConfigYamlFile.java
index cd9af6a54..82b1c393a 100644
--- a/polaris-configuration/polaris-configuration-client/src/main/java/com/tencent/polaris/configuration/client/internal/ConfigYamlFile.java
+++ b/polaris-configuration/polaris-configuration-client/src/main/java/com/tencent/polaris/configuration/client/internal/ConfigYamlFile.java
@@ -20,9 +20,10 @@
import com.tencent.polaris.api.config.configuration.ConfigFileConfig;
import com.tencent.polaris.configuration.client.util.YamlParser;
import com.tencent.polaris.logging.LoggerFactory;
-import java.util.Properties;
import org.slf4j.Logger;
+import java.util.Properties;
+
/**
* The yaml/yml file.
*
@@ -36,18 +37,13 @@ public class ConfigYamlFile extends ConfigPropertiesFile {
public ConfigYamlFile(String namespace, String fileGroup, String fileName,
- ConfigFileRepo configFileRepo,
- ConfigFileConfig configFileConfig) {
+ ConfigFileRepo configFileRepo,
+ ConfigFileConfig configFileConfig) {
super(namespace, fileGroup, fileName, configFileRepo, configFileConfig);
}
@Override
- protected Properties convertToProperties(String content) {
- Properties properties = new Properties();
- if (content == null) {
- return properties;
- }
-
+ protected Properties convertToProperties(Properties properties, String content) {
try {
properties = YAML_PARSER.yamlToProperties(content);
} catch (Throwable t) {
@@ -57,7 +53,6 @@ protected Properties convertToProperties(String content) {
LOGGER.error(msg, t);
throw new IllegalStateException(msg);
}
-
return properties;
}
}
diff --git a/polaris-configuration/polaris-configuration-factory/pom.xml b/polaris-configuration/polaris-configuration-factory/pom.xml
index 7593fd776..88fd8f59c 100644
--- a/polaris-configuration/polaris-configuration-factory/pom.xml
+++ b/polaris-configuration/polaris-configuration-factory/pom.xml
@@ -126,6 +126,11 @@
event-logger
${project.version}
+
+ com.tencent.polaris
+ event-tsf
+ ${project.version}
+
com.tencent.polaris
diff --git a/polaris-dependencies/pom.xml b/polaris-dependencies/pom.xml
index b24b6434a..ea89e61cd 100644
--- a/polaris-dependencies/pom.xml
+++ b/polaris-dependencies/pom.xml
@@ -52,6 +52,11 @@
polaris-threadlocal
${project.version}
+
+ com.tencent.polaris
+ polaris-encrypt
+ ${project.version}
+
diff --git a/polaris-discovery/polaris-discovery-factory/pom.xml b/polaris-discovery/polaris-discovery-factory/pom.xml
index 84ebe762d..29b7b47b3 100644
--- a/polaris-discovery/polaris-discovery-factory/pom.xml
+++ b/polaris-discovery/polaris-discovery-factory/pom.xml
@@ -164,6 +164,11 @@
lossless-deregister
${project.version}
+
+ com.tencent.polaris
+ lossless-warmup
+ ${project.version}
+
@@ -178,6 +183,11 @@
event-logger
${project.version}
+
+ com.tencent.polaris
+ event-tsf
+ ${project.version}
+
diff --git a/polaris-factory/pom.xml b/polaris-factory/pom.xml
index 5cbea4320..760731276 100644
--- a/polaris-factory/pom.xml
+++ b/polaris-factory/pom.xml
@@ -1,7 +1,7 @@
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
polaris-parent
com.tencent.polaris
@@ -53,6 +53,11 @@
polaris-assembly-factory
${project.version}
+
+ com.tencent.polaris
+ polaris-auth-factory
+ ${project.version}
+
diff --git a/polaris-plugins/polaris-plugin-api/src/main/java/com/tencent/polaris/api/plugin/event/EventReporter.java b/polaris-plugins/polaris-plugin-api/src/main/java/com/tencent/polaris/api/plugin/event/EventReporter.java
index aa3a832ed..737001d2a 100644
--- a/polaris-plugins/polaris-plugin-api/src/main/java/com/tencent/polaris/api/plugin/event/EventReporter.java
+++ b/polaris-plugins/polaris-plugin-api/src/main/java/com/tencent/polaris/api/plugin/event/EventReporter.java
@@ -26,5 +26,7 @@
*/
public interface EventReporter extends Plugin {
+ boolean isEnabled();
+
boolean reportEvent(FlowEvent flowEvent);
}
diff --git a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/CryptoConfigFileFilter.java b/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/CryptoConfigFileFilter.java
index 07a267abb..c87faae42 100644
--- a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/CryptoConfigFileFilter.java
+++ b/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/CryptoConfigFileFilter.java
@@ -17,6 +17,7 @@
package com.tencent.polaris.plugins.configfilefilter;
+import com.tencent.polaris.annonation.JustForTest;
import com.tencent.polaris.api.config.configuration.ConfigFilterConfig;
import com.tencent.polaris.api.config.configuration.CryptoConfig;
import com.tencent.polaris.api.exception.PolarisException;
@@ -29,7 +30,7 @@
import com.tencent.polaris.api.plugin.configuration.ConfigFileResponse;
import com.tencent.polaris.api.plugin.filter.ConfigFileFilter;
import com.tencent.polaris.api.plugin.filter.Crypto;
-import com.tencent.polaris.annonation.JustForTest;
+import com.tencent.polaris.api.utils.ClassUtils;
import com.tencent.polaris.factory.config.configuration.CryptoConfigImpl;
import com.tencent.polaris.logging.LoggerFactory;
import com.tencent.polaris.plugins.configfilefilter.service.RSAService;
@@ -61,27 +62,31 @@ public Function doFilter(ConfigFile configFile,
return new Function() {
@Override
public ConfigFileResponse apply(ConfigFile configFile) {
- // do before
- // Design doc: https://github.com/polarismesh/polaris/issues/966
- configFile.setEncrypted(Boolean.TRUE);
- configFile.setPublicKey(rsaService.getPKCS1PublicKey());
-
- ConfigFileResponse response = next.apply(configFile);
-
- // do after
- ConfigFile configFileResponse = response.getConfigFile();
- if (response.getCode() == ServerCodes.EXECUTE_SUCCESS) {
- String dataKey = configFileResponse.getDataKey();
- if (dataKey == null) {
- LOG.info("ConfigFile [namespace: {}, file group: {}, file name: {}] does not have data key. "
- + "Return original response.",
- configFile.getNamespace(), configFile.getFileGroup(), configFile.getFileName());
- return response;
+ if (ClassUtils.isClassPresent("org.bouncycastle.asn1.x509.SubjectPublicKeyInfo")) {
+ // do before
+ // Design doc: https://github.com/polarismesh/polaris/issues/966
+ configFile.setEncrypted(Boolean.TRUE);
+ configFile.setPublicKey(rsaService.getPKCS1PublicKey());
+
+ ConfigFileResponse response = next.apply(configFile);
+
+ // do after
+ ConfigFile configFileResponse = response.getConfigFile();
+ if (response.getCode() == ServerCodes.EXECUTE_SUCCESS) {
+ String dataKey = configFileResponse.getDataKey();
+ if (dataKey == null) {
+ LOG.info("ConfigFile [namespace: {}, file group: {}, file name: {}] does not have data key. "
+ + "Return original response.",
+ configFile.getNamespace(), configFile.getFileGroup(), configFile.getFileName());
+ return response;
+ }
+ byte[] password = rsaService.decrypt(dataKey);
+ crypto.doDecrypt(configFileResponse, password);
}
- byte[] password = rsaService.decrypt(dataKey);
- crypto.doDecrypt(configFileResponse, password);
+ return response;
+ } else {
+ return next.apply(configFile);
}
- return response;
}
};
}
diff --git a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/crypto/AESCrypto.java b/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/crypto/AESCrypto.java
index 3d19c0600..aaaa69179 100644
--- a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/crypto/AESCrypto.java
+++ b/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/crypto/AESCrypto.java
@@ -25,7 +25,7 @@
import com.tencent.polaris.api.plugin.compose.Extensions;
import com.tencent.polaris.api.plugin.configuration.ConfigFile;
import com.tencent.polaris.api.plugin.filter.Crypto;
-import com.tencent.polaris.plugins.configfilefilter.util.AESUtil;
+import com.tencent.polaris.encrypt.util.AESUtil;
/**
* AES Crypto 加密
diff --git a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/service/RSAService.java b/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/service/RSAService.java
index 16afd880e..b90f66c4c 100644
--- a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/service/RSAService.java
+++ b/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/service/RSAService.java
@@ -19,7 +19,7 @@
import com.tencent.polaris.api.exception.ErrorCode;
import com.tencent.polaris.api.exception.PolarisException;
-import com.tencent.polaris.plugins.configfilefilter.util.RSAUtil;
+import com.tencent.polaris.encrypt.util.RSAUtil;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
@@ -59,7 +59,7 @@ public String getPKCS1PublicKey() {
try {
primitive = spkInfo.parsePublicKey();
byte[] publicKeyPKCS1 = primitive.getEncoded();
- return Base64.getEncoder().encodeToString(publicKeyPKCS1);
+ return Base64.getEncoder().encodeToString(publicKeyPKCS1);
} catch (IOException e) {
throw new PolarisException(ErrorCode.RSA_KEY_GENERATE_ERROR, e.getMessage());
}
diff --git a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/util/AESUtil.java b/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/util/AESUtil.java
deleted file mode 100644
index 114019bc5..000000000
--- a/polaris-plugins/polaris-plugins-configfilefilter/configfilefilter-crypto/src/main/java/com/tencent/polaris/plugins/configfilefilter/util/AESUtil.java
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * Tencent is pleased to support the open source community by making Polaris available.
- *
- * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
- *
- * Licensed under the BSD 3-Clause License (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * https://opensource.org/licenses/BSD-3-Clause
- *
- * Unless required by applicable law or agreed to in writing, software distributed
- * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
- * CONDITIONS OF ANY KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations under the License.
- */
-
-package com.tencent.polaris.plugins.configfilefilter.util;
-
-import com.tencent.polaris.api.exception.ErrorCode;
-import com.tencent.polaris.api.exception.PolarisException;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
-import javax.crypto.*;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.Security;
-import java.util.Base64;
-
-/**
- * @author fabian4
- * @date 2023/6/14
- */
-public class AESUtil {
-
- static {
- Security.addProvider(new BouncyCastleProvider());
- }
-
- /**
- * 生成AES密钥
- */
- public static byte[] generateAesKey() {
- KeyGenerator keyGenerator;
- try {
- keyGenerator = KeyGenerator.getInstance("AES");
- } catch (NoSuchAlgorithmException e) {
- throw new PolarisException(ErrorCode.AES_KEY_GENERATE_ERROR, e.getMessage());
- }
- SecureRandom secureRandom = new SecureRandom();
- keyGenerator.init(128, secureRandom);
- SecretKey secretKey = keyGenerator.generateKey();
- return secretKey.getEncoded();
- }
-
- /**
- * AES加密
- *
- * @param content 需要加密的内容
- * @param password 加密密码
- */
- public static String encrypt(String content, byte[] password) {
- try {
- Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
- byte[] iv = new byte[cipher.getBlockSize()];
- System.arraycopy(password, 0, iv, 0, cipher.getBlockSize());
- cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(password, "AES"), new IvParameterSpec(iv));
- byte[] bytes = cipher.doFinal(content.getBytes());
- return Base64.getEncoder().encodeToString(bytes);
- } catch (Exception e) {
- throw new PolarisException(ErrorCode.AES_ENCRYPT_ERROR, e.getMessage(), e);
- }
- }
-
- /**
- * AES解密
- *
- * @param content 待解密内容
- * @param password 解密密钥
- */
- public static String decrypt(String content, byte[] password) {
- try {
- Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
- byte[] iv = new byte[cipher.getBlockSize()];
- System.arraycopy(password, 0, iv, 0, cipher.getBlockSize());
- cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(password, "AES"), new IvParameterSpec(iv));
- byte[] paddingPlaintext = cipher.doFinal(Base64.getDecoder().decode(content));
- return new String(paddingPlaintext);
- } catch (Exception e) {
- throw new PolarisException(ErrorCode.AES_DECRYPT_ERROR, e.getMessage(), e);
- }
- }
-
-}
diff --git a/polaris-plugins/polaris-plugins-connector/connector-consul/src/main/java/com/tencent/polaris/plugins/connector/consul/service/router/RoutingService.java b/polaris-plugins/polaris-plugins-connector/connector-consul/src/main/java/com/tencent/polaris/plugins/connector/consul/service/router/RoutingService.java
index 3bbd0cd15..af03bba48 100644
--- a/polaris-plugins/polaris-plugins-connector/connector-consul/src/main/java/com/tencent/polaris/plugins/connector/consul/service/router/RoutingService.java
+++ b/polaris-plugins/polaris-plugins-connector/connector-consul/src/main/java/com/tencent/polaris/plugins/connector/consul/service/router/RoutingService.java
@@ -201,31 +201,66 @@ private List parseResponse(final HttpResponse response, Stri
RoutingProto.Route.Builder routeBuilder = RoutingProto.Route.newBuilder();
routeBuilder.putExtendInfo(ROUTER_FAULT_TOLERANCE_ENABLE, String.valueOf(routeRuleGroup.getFallbackStatus()));
// parse sources
- List sources = Lists.newArrayList();
- RoutingProto.Source.Builder sourceBuilder = RoutingProto.Source.newBuilder();
- sourceBuilder.setNamespace(StringValue.of("*"));
- sourceBuilder.setService(StringValue.of("*"));
+ List sources = new ArrayList<>();
+ List sourceBuilders = new ArrayList<>();
+ List metadataSourceBuilders = new ArrayList<>();
if (CollectionUtils.isNotEmpty(routeRule.getTagList())) {
for (RouteTag routeTag : routeRule.getTagList()) {
if (StringUtils.equals(routeTag.getTagField(), TagConstant.SYSTEM_FIELD.SOURCE_SERVICE_NAME)) {
- sourceBuilder.setService(StringValue.of(routeTag.getTagValue()));
+ String[] tagValues = routeTag.getTagValue().split(",");
+ for (String tagValue : tagValues) {
+ if (StringUtils.isNotEmpty(tagValue)) {
+ RoutingProto.Source.Builder sourceBuilder = RoutingProto.Source.newBuilder();
+ sourceBuilder.setNamespace(StringValue.of("*"));
+ String serviceName = tagValue;
+ if (routeTag.getTagOperator().equals(TagConstant.OPERATOR.NOT_EQUAL) || routeTag.getTagOperator().equals(TagConstant.OPERATOR.NOT_IN)) {
+ serviceName = "!" + serviceName;
+ }
+ sourceBuilder.setService(StringValue.of(serviceName));
+ sourceBuilders.add(sourceBuilder);
+ }
+ }
} else if (StringUtils.equals(routeTag.getTagField(), TagConstant.SYSTEM_FIELD.SOURCE_NAMESPACE_SERVICE_NAME)) {
- String[] split = routeTag.getTagValue().split("/");
- if (split.length == 2) {
- sourceBuilder.setNamespace(StringValue.of(split[0]));
- sourceBuilder.setService(StringValue.of(split[1]));
+ String[] tagValues = routeTag.getTagValue().split(",");
+ for (String tagValue : tagValues) {
+ if (StringUtils.isNotEmpty(tagValue)) {
+ String[] split = tagValue.split("/");
+ RoutingProto.Source.Builder sourceBuilder = RoutingProto.Source.newBuilder();
+ sourceBuilder.setNamespace(StringValue.of("*"));
+ String serviceName = tagValue;
+ if (split.length == 2) {
+ serviceName = split[1];
+ }
+ if (routeTag.getTagOperator().equals(TagConstant.OPERATOR.NOT_EQUAL) || routeTag.getTagOperator().equals(TagConstant.OPERATOR.NOT_IN)) {
+ serviceName = "!" + serviceName;
+ } else if (routeTag.getTagOperator().equals(TagConstant.OPERATOR.REGEX)) {
+ serviceName = "*" + serviceName;
+ }
+ sourceBuilder.setService(StringValue.of(serviceName));
+ sourceBuilders.add(sourceBuilder);
+ }
}
} else {
+ RoutingProto.Source.Builder metadataSourceBuilder = RoutingProto.Source.newBuilder();
+ metadataSourceBuilder.setNamespace(StringValue.of("*"));
+ metadataSourceBuilder.setService(StringValue.of("*"));
ModelProto.MatchString.Builder matchStringBuilder = ModelProto.MatchString.newBuilder();
matchStringBuilder.setType(parseMatchStringType(routeTag));
matchStringBuilder.setValue(StringValue.of(routeTag.getTagValue()));
matchStringBuilder.setValueType(ModelProto.MatchString.ValueType.TEXT);
String metadataKey = routeTag.getTagField();
- sourceBuilder.putMetadata(parseMetadataKey(metadataKey), matchStringBuilder.build());
+ metadataSourceBuilder.putMetadata(parseMetadataKey(metadataKey), matchStringBuilder.build());
+ metadataSourceBuilders.add(metadataSourceBuilder);
+ }
+ }
+ for (RoutingProto.Source.Builder sourceBuilder : sourceBuilders) {
+ for (RoutingProto.Source.Builder metadataSourceBuilder : metadataSourceBuilders) {
+ sourceBuilder.putAllMetadata(metadataSourceBuilder.getMetadataMap());
}
+ sources.add(sourceBuilder.build());
}
}
- sources.add(sourceBuilder.build());
+
// parse destinations
List destinations = Lists.newArrayList();
for (RouteDest routeDest : routeRule.getDestList()) {
diff --git a/polaris-plugins/polaris-plugins-observability/event-logger/src/main/java/com/tencent/polaris/plugins/event/logger/LoggerEventReporter.java b/polaris-plugins/polaris-plugins-observability/event-logger/src/main/java/com/tencent/polaris/plugins/event/logger/LoggerEventReporter.java
index a1dd2ea2c..b296cb4be 100644
--- a/polaris-plugins/polaris-plugins-observability/event-logger/src/main/java/com/tencent/polaris/plugins/event/logger/LoggerEventReporter.java
+++ b/polaris-plugins/polaris-plugins-observability/event-logger/src/main/java/com/tencent/polaris/plugins/event/logger/LoggerEventReporter.java
@@ -41,6 +41,11 @@ public class LoggerEventReporter implements EventReporter {
private static final Logger EVENT_LOG = LoggerFactory.getLogger(LOGGING_EVENT);
private static final Logger LOG = LoggerFactory.getLogger(LoggerEventReporter.class);
+ @Override
+ public boolean isEnabled() {
+ return true;
+ }
+
@Override
public boolean reportEvent(FlowEvent flowEvent) {
try {
diff --git a/polaris-plugins/polaris-plugins-observability/event-tsf/src/main/java/com/tencent/polaris/plugins/event/tsf/TsfEventReporter.java b/polaris-plugins/polaris-plugins-observability/event-tsf/src/main/java/com/tencent/polaris/plugins/event/tsf/TsfEventReporter.java
index 30c693dca..439022bee 100644
--- a/polaris-plugins/polaris-plugins-observability/event-tsf/src/main/java/com/tencent/polaris/plugins/event/tsf/TsfEventReporter.java
+++ b/polaris-plugins/polaris-plugins-observability/event-tsf/src/main/java/com/tencent/polaris/plugins/event/tsf/TsfEventReporter.java
@@ -21,6 +21,8 @@
import com.google.gson.GsonBuilder;
import com.tencent.polaris.api.config.global.EventReporterConfig;
import com.tencent.polaris.api.config.plugin.DefaultPlugins;
+import com.tencent.polaris.api.config.plugin.PluginConfigProvider;
+import com.tencent.polaris.api.config.verify.Verifier;
import com.tencent.polaris.api.exception.PolarisException;
import com.tencent.polaris.api.plugin.PluginType;
import com.tencent.polaris.api.plugin.common.InitContext;
@@ -66,7 +68,7 @@
/**
* @author Haotian Zhang
*/
-public class TsfEventReporter implements EventReporter {
+public class TsfEventReporter implements EventReporter, PluginConfigProvider {
private static final Logger LOG = LoggerFactory.getLogger(TsfEventReporter.class);
@@ -90,6 +92,11 @@ public class TsfEventReporter implements EventReporter {
protected ScheduledExecutorService reportEventExecutors = Executors.newScheduledThreadPool(1,
new NamedThreadFactory("event-tsf-report"));
+ @Override
+ public boolean isEnabled() {
+ return tsfEventReporterConfig.isEnable();
+ }
+
@Override
public boolean reportEvent(FlowEvent flowEvent) {
if (flowEvent.getEventType().equals(ServiceEventKey.EventType.CIRCUIT_BREAKING)) {
@@ -220,6 +227,11 @@ public String getName() {
return DefaultPlugins.TSF_EVENT_REPORTER_TYPE;
}
+ @Override
+ public Class extends Verifier> getPluginConfigClazz() {
+ return TsfEventReporterConfig.class;
+ }
+
@Override
public PluginType getType() {
return PluginTypes.EVENT_REPORTER.getBaseType();
@@ -233,7 +245,10 @@ public void init(InitContext ctx) throws PolarisException {
if (StringUtils.equals(getName(), reporter)) {
this.tsfEventReporterConfig = ctx.getConfig().getGlobal().getEventReporter()
.getPluginConfig(getName(), TsfEventReporterConfig.class);
- init = false;
+ if (tsfEventReporterConfig.isEnable()) {
+ init = false;
+ }
+ return;
}
}
}
diff --git a/polaris-plugins/polaris-plugins-observability/event-tsf/src/main/java/com/tencent/polaris/plugins/event/tsf/TsfEventReporterConfig.java b/polaris-plugins/polaris-plugins-observability/event-tsf/src/main/java/com/tencent/polaris/plugins/event/tsf/TsfEventReporterConfig.java
index c473ec0ae..2254d330b 100644
--- a/polaris-plugins/polaris-plugins-observability/event-tsf/src/main/java/com/tencent/polaris/plugins/event/tsf/TsfEventReporterConfig.java
+++ b/polaris-plugins/polaris-plugins-observability/event-tsf/src/main/java/com/tencent/polaris/plugins/event/tsf/TsfEventReporterConfig.java
@@ -10,6 +10,9 @@
*/
public class TsfEventReporterConfig implements Verifier {
+ @JsonProperty
+ private Boolean enable;
+
@JsonProperty
private String eventMasterIp;
@@ -39,21 +42,28 @@ public class TsfEventReporterConfig implements Verifier {
@Override
public void verify() {
- ConfigUtils.validateString(eventMasterIp, "global.eventReporter.plugins.tsf.eventMasterIp");
- ConfigUtils.validatePositiveInteger(eventMasterPort, "global.eventReporter.plugins.tsf.eventMasterPort");
- ConfigUtils.validateString(appId, "global.eventReporter.plugins.tsf.appId");
- ConfigUtils.validateString(region, "global.eventReporter.plugins.tsf.region");
- ConfigUtils.validateString(instanceId, "global.eventReporter.plugins.tsf.instanceId");
- ConfigUtils.validateString(tsfNamespaceId, "global.eventReporter.plugins.tsf.tsfNamespaceId");
- ConfigUtils.validateString(serviceName, "global.eventReporter.plugins.tsf.serviceName");
- ConfigUtils.validateString(token, "global.eventReporter.plugins.tsf.token");
- ConfigUtils.validateString(applicationId, "global.eventReporter.plugins.tsf.applicationId");
+ ConfigUtils.validateNull(enable, "global.eventReporter.plugin.tsf.enable");
+ if (!enable) {
+ return;
+ }
+ ConfigUtils.validateString(eventMasterIp, "global.eventReporter.plugin.tsf.eventMasterIp");
+ ConfigUtils.validatePositiveInteger(eventMasterPort, "global.eventReporter.plugin.tsf.eventMasterPort");
+ ConfigUtils.validateString(appId, "global.eventReporter.plugin.tsf.appId");
+ ConfigUtils.validateString(region, "global.eventReporter.plugin.tsf.region");
+ ConfigUtils.validateString(instanceId, "global.eventReporter.plugin.tsf.instanceId");
+ ConfigUtils.validateString(tsfNamespaceId, "global.eventReporter.plugin.tsf.tsfNamespaceId");
+ ConfigUtils.validateString(serviceName, "global.eventReporter.plugin.tsf.serviceName");
+ ConfigUtils.validateString(token, "global.eventReporter.plugin.tsf.token");
+ ConfigUtils.validateString(applicationId, "global.eventReporter.plugin.tsf.applicationId");
}
@Override
public void setDefault(Object defaultObject) {
if (defaultObject instanceof TsfEventReporterConfig) {
TsfEventReporterConfig tsfEventReporterConfig = (TsfEventReporterConfig) defaultObject;
+ if (null == enable) {
+ setEnable(tsfEventReporterConfig.isEnable());
+ }
if (StringUtils.isBlank(eventMasterIp)) {
setEventMasterIp(tsfEventReporterConfig.getEventMasterIp());
}
@@ -84,6 +94,17 @@ public void setDefault(Object defaultObject) {
}
}
+ public boolean isEnable() {
+ if (null == enable) {
+ enable = false;
+ }
+ return enable;
+ }
+
+ public void setEnable(boolean enable) {
+ this.enable = enable;
+ }
+
public String getEventMasterIp() {
return eventMasterIp;
}
@@ -155,4 +176,20 @@ public String getApplicationId() {
public void setApplicationId(String applicationId) {
this.applicationId = applicationId;
}
+
+ @Override
+ public String toString() {
+ return "TsfEventReporterConfig{" +
+ "enable=" + enable +
+ ", eventMasterIp='" + eventMasterIp + '\'' +
+ ", eventMasterPort=" + eventMasterPort +
+ ", appId='" + appId + '\'' +
+ ", region='" + region + '\'' +
+ ", instanceId='" + instanceId + '\'' +
+ ", tsfNamespaceId='" + tsfNamespaceId + '\'' +
+ ", serviceName='" + serviceName + '\'' +
+ ", token='" + token + '\'' +
+ ", applicationId='" + applicationId + '\'' +
+ '}';
+ }
}
diff --git a/polaris-plugins/polaris-plugins-observability/trace-otel/src/main/java/com/tencent/polaris/plugins/stat/otel/OtelTraceReporter.java b/polaris-plugins/polaris-plugins-observability/trace-otel/src/main/java/com/tencent/polaris/plugins/stat/otel/OtelTraceReporter.java
index 41488f955..3daf45241 100644
--- a/polaris-plugins/polaris-plugins-observability/trace-otel/src/main/java/com/tencent/polaris/plugins/stat/otel/OtelTraceReporter.java
+++ b/polaris-plugins/polaris-plugins-observability/trace-otel/src/main/java/com/tencent/polaris/plugins/stat/otel/OtelTraceReporter.java
@@ -17,8 +17,6 @@
package com.tencent.polaris.plugins.stat.otel;
-import java.util.Map;
-
import com.tencent.polaris.api.config.global.TraceReporterConfig;
import com.tencent.polaris.api.exception.PolarisException;
import com.tencent.polaris.api.plugin.PluginType;
@@ -34,6 +32,8 @@
import io.opentelemetry.api.trace.Span;
import org.slf4j.Logger;
+import java.util.Map;
+
public class OtelTraceReporter implements TraceReporter {
private static final Logger LOGGER = LoggerFactory.getLogger(PolarisLogging.class);
diff --git a/polaris-plugins/polaris-plugins-router/router-rule/src/main/java/com/tencent/polaris/plugins/router/rule/RuleBasedRouter.java b/polaris-plugins/polaris-plugins-router/router-rule/src/main/java/com/tencent/polaris/plugins/router/rule/RuleBasedRouter.java
index fa7a8c029..572060d32 100644
--- a/polaris-plugins/polaris-plugins-router/router-rule/src/main/java/com/tencent/polaris/plugins/router/rule/RuleBasedRouter.java
+++ b/polaris-plugins/polaris-plugins-router/router-rule/src/main/java/com/tencent/polaris/plugins/router/rule/RuleBasedRouter.java
@@ -44,6 +44,7 @@
import org.slf4j.Logger;
import java.util.*;
+import java.util.regex.Pattern;
import static com.tencent.polaris.api.plugin.cache.CacheConstants.API_ID;
import static com.tencent.polaris.api.plugin.route.RouterConstants.ROUTER_FAULT_TOLERANCE_ENABLE;
@@ -133,11 +134,28 @@ private boolean matchSource(List sources, Service sourceSer
continue;
}
- if (!RuleUtils.MATCH_ALL.equals(source.getService().getValue()) && !source.getService()
- .getValue().equals(sourceService.getService())) {
+ String service = source.getService().getValue();
+ if (!RuleUtils.MATCH_ALL.equals(service) && !StringUtils.startsWith(service, "!")
+ && !StringUtils.startsWith(service, "*")
+ && !StringUtils.equals(service, sourceService.getService())) {
matched = false;
continue;
}
+ if (!RuleUtils.MATCH_ALL.equals(service) && StringUtils.startsWith(service, "!")) {
+ String realService = StringUtils.substring(service, 1);
+ if (StringUtils.equals(realService, sourceService.getService())) {
+ matched = false;
+ continue;
+ }
+ }
+ if (!RuleUtils.MATCH_ALL.equals(service) && StringUtils.startsWith(service, "*")) {
+ String regex = StringUtils.substring(service, 1);
+ Pattern pattern = Pattern.compile(regex);
+ if (!pattern.matcher(sourceService.getService()).find()) {
+ matched = false;
+ continue;
+ }
+ }
}
}
diff --git a/polaris-ratelimit/polaris-ratelimit-factory/pom.xml b/polaris-ratelimit/polaris-ratelimit-factory/pom.xml
index 207c768ed..10f673240 100644
--- a/polaris-ratelimit/polaris-ratelimit-factory/pom.xml
+++ b/polaris-ratelimit/polaris-ratelimit-factory/pom.xml
@@ -113,6 +113,11 @@
event-logger
${project.version}
+
+ com.tencent.polaris
+ event-tsf
+ ${project.version}
+
com.tencent.polaris