| | |
| | | |
| | | import com.alibaba.druid.sql.SQLUtils; |
| | | import com.alibaba.druid.sql.ast.SQLExpr; |
| | | import com.alibaba.druid.sql.ast.SQLObject; |
| | | import com.alibaba.druid.sql.ast.SQLStatement; |
| | | import com.alibaba.druid.sql.ast.statement.*; |
| | | import com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlDeleteStatement; |
| | |
| | | import com.alibaba.druid.util.JdbcConstants; |
| | | import com.alibaba.druid.util.JdbcUtils; |
| | | import com.hx.util.StringUtils; |
| | | import org.slf4j.Logger; |
| | | import org.slf4j.LoggerFactory; |
| | | |
| | | import java.util.ArrayList; |
| | | import java.util.Collection; |
| | | import java.util.List; |
| | | import java.util.Map; |
| | |
| | | * @author CJH 2022-01-12 |
| | | */ |
| | | public class SqlUtils { |
| | | //log4j日志 |
| | | private static Logger logger = LoggerFactory.getLogger(SqlUtils.class.getName()); |
| | | |
| | | /**查询加密数据处理,只对查询做处理,select返回不做处理 |
| | | |
| | | /**查询加密数据处理,只对查询做处理 |
| | | * @param sql sql语句 |
| | | * @param aesKeysTable aes秘钥 |
| | | * @return |
| | |
| | | |
| | | MySqlStatementParser parser = new MySqlStatementParser(sql); |
| | | SQLSelectStatement sqlStatement = (SQLSelectStatement) parser.parseSelect(); |
| | | //获取格式化的slq语句 |
| | | sql = sqlStatement.toString(); |
| | | |
| | | SQLSelect sqlSelect = sqlStatement.getSelect(); |
| | | if (sqlSelect.getQuery() instanceof SQLSelectQueryBlock) { |
| | | // 非union的查询语句 |
| | | return selectSqlRoutine( sqlStatement,aesKeysTable); |
| | | } else if (sqlSelect.getQuery() instanceof SQLUnionQuery) { |
| | | // union的查询语句 |
| | | return selectSqlUnion( sql, sqlStatement, aesKeysTable); |
| | | }else { |
| | | return selectSqlRoutine( sqlStatement,aesKeysTable); |
| | | } |
| | | } |
| | | |
| | | /**查询加密数据处理,只对查询做处理,select返回不做处理(Union特殊语句) |
| | | * @param sql sql语句 |
| | | * @param aesKeysTable aes秘钥 |
| | | * @return |
| | | */ |
| | | public static String selectSqlUnion(String sql,SQLSelectStatement sqlStatement,Map<String,Map<String,String>> aesKeysTable){ |
| | | |
| | | //获取表和别名 |
| | | ExportTableAliasVisitor visitorTable = new ExportTableAliasVisitor(); |
| | | sqlStatement.accept(visitorTable); |
| | | Map<String,String> tableMaps = visitorTable.getTableMap(); |
| | | |
| | | //获取所有的字段 |
| | | MySqlSchemaStatVisitor visitor = new MySqlSchemaStatVisitor(); |
| | | sqlStatement.accept(visitor); |
| | | //遍历所有字段 |
| | | Collection<TableStat.Column> columns= visitor.getColumns(); |
| | | |
| | | //处理需要加密得字段 |
| | | |
| | | if(!StringUtils.isEmpty(sql)){ |
| | | Map<String,String> aesKeys = null; |
| | | String aeskey = null; |
| | | //把剩下的拼接上来 |
| | | String tableAl = null; |
| | | for(TableStat.Column column:columns){ |
| | | aesKeys= aesKeysTable.get(column.getTable()); |
| | | if(aesKeys == null){ |
| | | continue; |
| | | } |
| | | aeskey = aesKeys.getOrDefault(column.getName(),null); |
| | | if(StringUtils.isEmpty(aeskey)){ |
| | | continue; |
| | | } |
| | | tableAl = tableMaps.get(column.getTable()); |
| | | if(!StringUtils.isEmpty(tableAl)){ |
| | | tableAl = tableAl+"."+column.getName(); |
| | | }else{ |
| | | tableAl = column.getName(); |
| | | } |
| | | sql = sql.replaceAll("((?<!\\.)\\b"+tableAl+"\\b(?!\\.))","AES_DECRYPT(UNHEX("+tableAl+"),'"+aeskey+"')"); |
| | | } |
| | | } |
| | | return sql; |
| | | } |
| | | |
| | | |
| | | /**查询加密数据处理,只对查询做处理,select返回不做处理(常规语句) |
| | | * @param sqlStatement sql语句 |
| | | * @param aesKeysTable aes秘钥 |
| | | * @return |
| | | */ |
| | | public static String selectSqlRoutine(SQLSelectStatement sqlStatement,Map<String,Map<String,String>> aesKeysTable){ |
| | | |
| | | //解析select查询 |
| | | //SQLSelect sqlSelect = sqlStatement.getSelect() |
| | | //获取sql查询块 |
| | | SQLSelectQueryBlock sqlSelectQuery = (SQLSelectQueryBlock)sqlStatement.getSelect().getQuery() ; |
| | | SQLSelectQueryBlock sqlSelectQuery = null; |
| | | boolean b = true; |
| | | try{ |
| | | sqlSelectQuery = (SQLSelectQueryBlock)sqlStatement.getSelect().getQuery() ; |
| | | }catch (Exception e){ |
| | | b = false; |
| | | logger.error("解析sql报错:"+e.getMessage()); |
| | | } |
| | | if(!b){ |
| | | return "err"; |
| | | } |
| | | |
| | | StringBuffer out = new StringBuffer() ; |
| | | //创建sql解析的标准化输出 |
| | | SQLASTOutputVisitor sqlastOutputVisitor = SQLUtils.createFormatOutputVisitor(out , null , JdbcUtils.MYSQL) ; |
| | |
| | | } |
| | | |
| | | //处理where需要加密得字段 |
| | | sql = sqlWhere.toString(); |
| | | String sql = sqlWhere.toString(); |
| | | if(!StringUtils.isEmpty(sql)){ |
| | | Map<String,String> aesKeys = null; |
| | | String aeskey = null; |
| | |
| | | }else{ |
| | | tableAl = column.getName(); |
| | | } |
| | | sql = sql.replaceAll("( |\\n|\\()"+tableAl+"( |\\n|\\))"," AES_DECRYPT(UNHEX("+tableAl+"),'"+aeskey+"') "); |
| | | sql = sql.replaceAll("((?<!\\.)\\b"+tableAl+"\\b(?!\\.))","AES_DECRYPT(UNHEX("+tableAl+"),'"+aeskey+"')"); |
| | | } |
| | | } |
| | | return sqlSelect.toString()+sql; |
| | |
| | | }else{ |
| | | tableAl = column.getName(); |
| | | } |
| | | sql = sql.replaceAll("( |\\n|\\()"+tableAl+"( |\\n|\\))"," AES_DECRYPT(UNHEX("+tableAl+"),'"+aeskey+"') "); |
| | | sql = sql.replaceAll("((?<!\\.)\\b"+tableAl+"\\b(?!\\.))","AES_DECRYPT(UNHEX("+tableAl+"),'"+aeskey+"')"); |
| | | } |
| | | } |
| | | return sqlSelect.toString()+sql; |
| | |
| | | }else{ |
| | | tableAl = column.getName(); |
| | | } |
| | | sqlWhere = sqlWhere.replaceAll("( |\\n|\\()"+tableAl+"( |\\n|\\))"," AES_DECRYPT(UNHEX("+tableAl+"),'"+aeskey+"') "); |
| | | sqlWhere = sqlWhere.replaceAll("((?<!\\.)\\b"+tableAl+"\\b(?!\\.))","AES_DECRYPT(UNHEX("+tableAl+"),'"+aeskey+"')"); |
| | | } |
| | | |
| | | } |
| | | splicingSql.append(sqlWhere.toString()); |
| | | splicingSql.append(sqlWhere); |
| | | return splicingSql.toString(); |
| | | } |
| | | |
| | |
| | | }else{ |
| | | tableAl = column.getName(); |
| | | } |
| | | sqlWhere = sqlWhere.replaceAll("( |\\n|\\()"+tableAl+"( |\\n|\\))"," AES_DECRYPT(UNHEX("+tableAl+"),'"+aeskey+"') "); |
| | | sqlWhere = sqlWhere.replaceAll("((?<!\\.)\\b"+tableAl+"\\b(?!\\.))","AES_DECRYPT(UNHEX("+tableAl+"),'"+aeskey+"')"); |
| | | } |
| | | |
| | | } |
| | | splicingSql.append(sqlWhere.toString()); |
| | | splicingSql.append(sqlWhere); |
| | | return splicingSql.toString(); |
| | | } |
| | | |