This is an automated email from the ASF dual-hosted git repository.
panjuan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git
The following commit(s) were added to refs/heads/master by this push:
new d1c7e1e Expose metadata to encryptor and update doc (#13535)
d1c7e1e is described below
commit d1c7e1ea2baf631f8ecddeeb8214ad663d02b152
Author: Zhengqiang Duan <[email protected]>
AuthorDate: Wed Nov 10 19:26:28 2021 +0800
Expose metadata to encryptor and update doc (#13535)
* Expose metadata to encryptor
* update encrypt doc
* add unit test
* add unit test
* modify rewrite test case
* Revert "modify rewrite test case"
This reverts commit bf68d64a723364e354e7004876b608146cd8b1eb.
---
.../content/reference/encrypt/_index.cn.md | 4 ++--
.../content/reference/encrypt/_index.en.md | 4 ++--
.../context/EncryptSQLRewriteContextDecorator.java | 3 ++-
.../shardingsphere/encrypt/rule/EncryptRule.java | 15 +++++++++++++
.../fixture/CustomizedEncryptAlgorithm.java | 11 ++++++++-
.../encrypt/rule/EncryptRuleTest.java | 26 +++++++++++++++++++---
.../pojo/generic/SubstitutableColumnNameToken.java | 2 +-
7 files changed, 55 insertions(+), 10 deletions(-)
diff --git a/docs/document/content/reference/encrypt/_index.cn.md
b/docs/document/content/reference/encrypt/_index.cn.md
index fa52ae4..fe1bcf0 100644
--- a/docs/document/content/reference/encrypt/_index.cn.md
+++ b/docs/document/content/reference/encrypt/_index.cn.md
@@ -27,7 +27,7 @@ Apache ShardingSphere 会将用户请求的明文进行加密后存储到底层
**数据源配置**:指数据源配置。
-**加密算法配置**:指使用什么加密算法进行加解密。目前ShardingSphere内置了两种加解密算法:AES/MD5。用户还可以通过实现ShardingSphere提供的接口,自行实现一套加解密算法。
+**加密算法配置**:指使用什么加密算法进行加解密。目前ShardingSphere内置了三种加解密算法:AES,MD5 和
RC4。用户还可以通过实现ShardingSphere提供的接口,自行实现一套加解密算法。
**加密表配置**:用于告诉ShardingSphere数据表里哪个列用于存储密文数据(cipherColumn)、哪个列用于存储明文数据(plainColumn)以及用户想使用哪个列进行SQL编写(logicColumn)。
@@ -209,7 +209,7 @@ Apache ShardingSphere 提供了两种加密算法用于数据加密,这两种
在用户进行`INSERT`, `DELETE`,
`UPDATE`时,ShardingSphere会按照用户配置,对SQL进行解析、改写、路由,并调用`encrypt()`将数据加密后存储到数据库,
而在`SELECT`时,则调用`decrypt()`方法将从数据库中取出的加密数据进行逆向解密,最终将原始数据返回给用户。
-当前,Apache ShardingSphere 针对这种类型的加密解决方案提供了两种具体实现类,分别是
MD5(不可逆),AES(可逆),用户只需配置即可使用这两种内置的方案。
+当前,Apache ShardingSphere 针对这种类型的加密解决方案提供了三种具体实现类,分别是
MD5(不可逆),AES(可逆),RC4(可逆),用户只需配置即可使用这三种内置的方案。
### QueryAssistedEncryptAlgorithm
diff --git a/docs/document/content/reference/encrypt/_index.en.md
b/docs/document/content/reference/encrypt/_index.en.md
index 86a3cb4..75a3d8d 100644
--- a/docs/document/content/reference/encrypt/_index.en.md
+++ b/docs/document/content/reference/encrypt/_index.en.md
@@ -35,7 +35,7 @@ The encryption configuration is mainly divided into four
parts: data source conf
**Datasource Configuration**:The configuration of DataSource.
**Encrypt Algorithm Configuration**:What kind of encryption strategy to use
for encryption and decryption.
-Currently ShardingSphere has two built-in encryption/decryption strategies:
AES / MD5.
+Currently ShardingSphere has three built-in encryption/decryption strategies:
AES, MD5, RC4.
Users can also implement a set of encryption/decryption algorithms by
implementing the interface provided by Apache ShardingSphere.
**Encryption Table Configuration**:Show the ShardingSphere data table which
column is used to store cipher column data (cipherColumn),
@@ -262,7 +262,7 @@ The solution has provided two methods `encrypt()` and
`decrypt()` to encrypt/dec
When users `INSERT`, `DELETE` and `UPDATE`, ShardingSphere will parse, rewrite
and route SQL according to the configuration. It will also use `encrypt()` to
encrypt data and store them in the database. When using `SELECT`,
they will decrypt sensitive data from the database with `decrypt()` reversely
and return them to users at last.
-Currently, Apache ShardingSphere has provided two types of implementations for
this kind of encrypt solution, MD5 (irreversible) and AES (reversible), which
can be used after configuration.
+Currently, Apache ShardingSphere has provided three types of implementations
for this kind of encrypt solution, MD5 (irreversible), AES (reversible) and RC4
(reversible), which can be used after configuration.
### QueryAssistedEncryptAlgorithm
diff --git
a/shardingsphere-features/shardingsphere-encrypt/shardingsphere-encrypt-core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/context/EncryptSQLRewriteContextDecorator.java
b/shardingsphere-features/shardingsphere-encrypt/shardingsphere-encrypt-core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/context/EncryptSQLRewriteContextDecorator.java
index 66db4ba..eb01248 100644
---
a/shardingsphere-features/shardingsphere-encrypt/shardingsphere-encrypt-core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/context/EncryptSQLRewriteContextDecorator.java
+++
b/shardingsphere-features/shardingsphere-encrypt/shardingsphere-encrypt-core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/context/EncryptSQLRewriteContextDecorator.java
@@ -32,7 +32,7 @@ import
org.apache.shardingsphere.infra.route.context.RouteContext;
*/
public final class EncryptSQLRewriteContextDecorator implements
SQLRewriteContextDecorator<EncryptRule> {
- @SuppressWarnings("unchecked")
+ @SuppressWarnings({"rawtypes", "unchecked"})
@Override
public void decorate(final EncryptRule encryptRule, final
ConfigurationProperties props, final SQLRewriteContext sqlRewriteContext, final
RouteContext routeContext) {
for (ParameterRewriter each : new
EncryptParameterRewriterBuilder(encryptRule,
encryptRule.isQueryWithCipherColumn(sqlRewriteContext.getSqlStatementContext()))
@@ -41,6 +41,7 @@ public final class EncryptSQLRewriteContextDecorator
implements SQLRewriteContex
each.rewrite(sqlRewriteContext.getParameterBuilder(),
sqlRewriteContext.getSqlStatementContext(), sqlRewriteContext.getParameters());
}
}
+ encryptRule.setUpEncryptorSchema(sqlRewriteContext.getSchema());
sqlRewriteContext.addSQLTokenGenerators(new
EncryptTokenGenerateBuilder(encryptRule,
encryptRule.isQueryWithCipherColumn()).getSQLTokenGenerators());
}
diff --git
a/shardingsphere-features/shardingsphere-encrypt/shardingsphere-encrypt-core/src/main/java/org/apache/shardingsphere/encrypt/rule/EncryptRule.java
b/shardingsphere-features/shardingsphere-encrypt/shardingsphere-encrypt-core/src/main/java/org/apache/shardingsphere/encrypt/rule/EncryptRule.java
index 90fa46c..f8ec418 100644
---
a/shardingsphere-features/shardingsphere-encrypt/shardingsphere-encrypt-core/src/main/java/org/apache/shardingsphere/encrypt/rule/EncryptRule.java
+++
b/shardingsphere-features/shardingsphere-encrypt/shardingsphere-encrypt-core/src/main/java/org/apache/shardingsphere/encrypt/rule/EncryptRule.java
@@ -31,6 +31,8 @@ import
org.apache.shardingsphere.infra.binder.statement.SQLStatementContext;
import
org.apache.shardingsphere.infra.binder.statement.dml.SelectStatementContext;
import org.apache.shardingsphere.infra.binder.type.TableAvailable;
import
org.apache.shardingsphere.infra.config.algorithm.ShardingSphereAlgorithmFactory;
+import org.apache.shardingsphere.infra.metadata.schema.ShardingSphereSchema;
+import
org.apache.shardingsphere.infra.rewrite.sql.token.generator.aware.SchemaMetaDataAware;
import org.apache.shardingsphere.infra.rule.identifier.scope.SchemaRule;
import org.apache.shardingsphere.infra.rule.identifier.type.TableContainedRule;
import org.apache.shardingsphere.spi.ShardingSphereServiceLoader;
@@ -291,4 +293,17 @@ public final class EncryptRule implements SchemaRule,
TableContainedRule {
public String getType() {
return EncryptRule.class.getSimpleName();
}
+
+ /**
+ * Set up encryptor schema.
+ *
+ * @param schema schema
+ */
+ public void setUpEncryptorSchema(final ShardingSphereSchema schema) {
+ for (EncryptAlgorithm<?, ?> each : encryptors.values()) {
+ if (each instanceof SchemaMetaDataAware) {
+ ((SchemaMetaDataAware) each).setSchema(schema);
+ }
+ }
+ }
}
diff --git
a/shardingsphere-features/shardingsphere-encrypt/shardingsphere-encrypt-core/src/test/java/org/apache/shardingsphere/encrypt/fixture/CustomizedEncryptAlgorithm.java
b/shardingsphere-features/shardingsphere-encrypt/shardingsphere-encrypt-core/src/test/java/org/apache/shardingsphere/encrypt/fixture/CustomizedEncryptAlgorithm.java
index 561390c..5decca5 100644
---
a/shardingsphere-features/shardingsphere-encrypt/shardingsphere-encrypt-core/src/test/java/org/apache/shardingsphere/encrypt/fixture/CustomizedEncryptAlgorithm.java
+++
b/shardingsphere-features/shardingsphere-encrypt/shardingsphere-encrypt-core/src/test/java/org/apache/shardingsphere/encrypt/fixture/CustomizedEncryptAlgorithm.java
@@ -21,6 +21,8 @@ import lombok.Getter;
import lombok.Setter;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.shardingsphere.encrypt.spi.EncryptAlgorithm;
+import org.apache.shardingsphere.infra.metadata.schema.ShardingSphereSchema;
+import
org.apache.shardingsphere.infra.rewrite.sql.token.generator.aware.SchemaMetaDataAware;
import java.util.Properties;
@@ -29,7 +31,7 @@ import java.util.Properties;
*/
@Getter
@Setter
-public final class CustomizedEncryptAlgorithm implements
EncryptAlgorithm<Integer, Integer> {
+public final class CustomizedEncryptAlgorithm implements
EncryptAlgorithm<Integer, Integer>, SchemaMetaDataAware {
private static final String TEST_KEY = "TEST";
@@ -37,6 +39,8 @@ public final class CustomizedEncryptAlgorithm implements
EncryptAlgorithm<Intege
private byte[] key = DigestUtils.sha256(TEST_KEY);
+ private ShardingSphereSchema schema;
+
@Override
public void init() {
}
@@ -81,4 +85,9 @@ public final class CustomizedEncryptAlgorithm implements
EncryptAlgorithm<Intege
result[3] = (byte) intValue;
return result;
}
+
+ @Override
+ public void setSchema(final ShardingSphereSchema schema) {
+ this.schema = schema;
+ }
}
diff --git
a/shardingsphere-features/shardingsphere-encrypt/shardingsphere-encrypt-core/src/test/java/org/apache/shardingsphere/encrypt/rule/EncryptRuleTest.java
b/shardingsphere-features/shardingsphere-encrypt/shardingsphere-encrypt-core/src/test/java/org/apache/shardingsphere/encrypt/rule/EncryptRuleTest.java
index 1a3dff3..db94080 100644
---
a/shardingsphere-features/shardingsphere-encrypt/shardingsphere-encrypt-core/src/test/java/org/apache/shardingsphere/encrypt/rule/EncryptRuleTest.java
+++
b/shardingsphere-features/shardingsphere-encrypt/shardingsphere-encrypt-core/src/test/java/org/apache/shardingsphere/encrypt/rule/EncryptRuleTest.java
@@ -22,21 +22,28 @@ import
org.apache.shardingsphere.encrypt.algorithm.config.AlgorithmProvidedEncry
import org.apache.shardingsphere.encrypt.api.config.EncryptRuleConfiguration;
import
org.apache.shardingsphere.encrypt.api.config.rule.EncryptColumnRuleConfiguration;
import
org.apache.shardingsphere.encrypt.api.config.rule.EncryptTableRuleConfiguration;
+import org.apache.shardingsphere.encrypt.fixture.CustomizedEncryptAlgorithm;
import org.apache.shardingsphere.encrypt.fixture.TestEncryptAlgorithm;
+import org.apache.shardingsphere.encrypt.spi.EncryptAlgorithm;
import
org.apache.shardingsphere.infra.config.algorithm.ShardingSphereAlgorithmConfiguration;
import org.apache.shardingsphere.infra.database.DefaultSchema;
+import org.apache.shardingsphere.infra.metadata.schema.ShardingSphereSchema;
import org.junit.Test;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
+import java.util.Optional;
import java.util.Properties;
+import static org.hamcrest.CoreMatchers.instanceOf;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
public final class EncryptRuleTest {
@@ -143,11 +150,24 @@ public final class EncryptRuleTest {
assertThat(new
EncryptRule(createEncryptRuleConfiguration()).getType(),
is(EncryptRule.class.getSimpleName()));
}
+ @SuppressWarnings("rawtypes")
+ @Test
+ public void assertSetUpEncryptorSchema() {
+ EncryptRule encryptRule = new
EncryptRule(createEncryptRuleConfiguration());
+ encryptRule.setUpEncryptorSchema(mock(ShardingSphereSchema.class));
+ Optional<EncryptAlgorithm> actual =
encryptRule.findEncryptor("t_encrypt", "name");
+ assertTrue(actual.isPresent());
+ assertThat(actual.get(), instanceOf(CustomizedEncryptAlgorithm.class));
+ assertNotNull(((CustomizedEncryptAlgorithm) actual.get()).getSchema());
+ }
+
private EncryptRuleConfiguration createEncryptRuleConfiguration() {
- ShardingSphereAlgorithmConfiguration encryptAlgorithmConfig = new
ShardingSphereAlgorithmConfiguration("QUERY_ASSISTED_TEST", new Properties());
+ ShardingSphereAlgorithmConfiguration queryAssistedEncryptor = new
ShardingSphereAlgorithmConfiguration("QUERY_ASSISTED_TEST", new Properties());
+ ShardingSphereAlgorithmConfiguration customizedEncryptor = new
ShardingSphereAlgorithmConfiguration("CUSTOMIZED", new Properties());
EncryptColumnRuleConfiguration pwdColumnConfig = new
EncryptColumnRuleConfiguration("pwd", "pwd_cipher", "", "pwd_plain",
"test_encryptor");
EncryptColumnRuleConfiguration creditCardColumnConfig = new
EncryptColumnRuleConfiguration("credit_card", "credit_card_cipher", "",
"credit_card_plain", "test_encryptor");
- EncryptTableRuleConfiguration tableConfig = new
EncryptTableRuleConfiguration("t_encrypt", Arrays.asList(pwdColumnConfig,
creditCardColumnConfig), null);
- return new
EncryptRuleConfiguration(Collections.singleton(tableConfig),
ImmutableMap.of("test_encryptor", encryptAlgorithmConfig));
+ EncryptColumnRuleConfiguration nameColumnConfig = new
EncryptColumnRuleConfiguration("name", "name_cipher", "", "name_plain",
"customized_encryptor");
+ EncryptTableRuleConfiguration tableConfig = new
EncryptTableRuleConfiguration("t_encrypt", Arrays.asList(pwdColumnConfig,
creditCardColumnConfig, nameColumnConfig), null);
+ return new
EncryptRuleConfiguration(Collections.singleton(tableConfig),
ImmutableMap.of("test_encryptor", queryAssistedEncryptor,
"customized_encryptor", customizedEncryptor));
}
}
diff --git
a/shardingsphere-infra/shardingsphere-infra-rewrite/src/main/java/org/apache/shardingsphere/infra/rewrite/sql/token/pojo/generic/SubstitutableColumnNameToken.java
b/shardingsphere-infra/shardingsphere-infra-rewrite/src/main/java/org/apache/shardingsphere/infra/rewrite/sql/token/pojo/generic/SubstitutableColumnNameToken.java
index e989cbe..2663dbe 100644
---
a/shardingsphere-infra/shardingsphere-infra-rewrite/src/main/java/org/apache/shardingsphere/infra/rewrite/sql/token/pojo/generic/SubstitutableColumnNameToken.java
+++
b/shardingsphere-infra/shardingsphere-infra-rewrite/src/main/java/org/apache/shardingsphere/infra/rewrite/sql/token/pojo/generic/SubstitutableColumnNameToken.java
@@ -37,7 +37,7 @@ import java.util.stream.Collectors;
/**
* Substitutable column name token.
*/
-@EqualsAndHashCode
+@EqualsAndHashCode(callSuper = false)
public final class SubstitutableColumnNameToken extends SQLToken implements
Substitutable, RouteUnitAware {
@Getter
