#2046 add encryption to param data value

platform-core/src/main/java/com/webank/wecube/platform/core/service/BatchExecutionService.java

@@ -48,7 +48,7 @@ import com.webank.wecube.platform.core.jpa.PluginConfigInterfaceRepository;
 import com.webank.wecube.platform.core.service.dme.EntityOperationRootCondition;
 import com.webank.wecube.platform.core.service.dme.StandardEntityOperationService;
 import com.webank.wecube.platform.core.service.plugin.PluginInstanceService;
-import com.webank.wecube.platform.core.service.workflow.EncryptionService;
+import com.webank.wecube.platform.core.service.workflow.SimpleEncryptionService;
 import com.webank.wecube.platform.core.support.plugin.PluginServiceStub;
 import com.webank.wecube.platform.core.support.plugin.dto.PluginResponse.ResultData;
 import com.webank.wecube.platform.core.support.plugin.dto.PluginResponseStationaryOutput;
@@ -79,7 +79,7 @@ public class BatchExecutionService {
     private RestTemplate userJwtSsoTokenRestTemplate;
     
     @Autowired
-    private EncryptionService encryptionService;
+    private SimpleEncryptionService encryptionService;
 
     private ObjectMapper objectMapper = new ObjectMapper().setSerializationInclusion(JsonInclude.Include.NON_NULL);
 

platform-core/src/main/java/com/webank/wecube/platform/core/service/workflow/AbstractPluginInvocationService.java

@@ -67,6 +67,9 @@ public abstract class AbstractPluginInvocationService extends AbstractWorkflowSe
     
     @Autowired
     protected ApplicationProperties applicationProperties;
+    
+    @Autowired
+    protected SimpleEncryptionService simpleEncryptionService;
 
     protected TaskNodeInstInfoEntity findExactTaskNodeInstInfoEntityWithNodeId(
             List<TaskNodeInstInfoEntity> nodeInstEntities, String nodeId) {
@@ -195,5 +198,30 @@ public abstract class AbstractPluginInvocationService extends AbstractWorkflowSe
 
         return null;
     }
+    
+    protected String tryEncodeParamDataValue(String rawDataValue){
+        if(StringUtils.isBlank(rawDataValue)){
+            return rawDataValue;
+        }
+        
+        String cipherDataValue = simpleEncryptionService.encodeToAesBase64(rawDataValue);
+        return cipherDataValue;
+    }
+    
+    protected String tryDecodeParamDataValue(String cipherDataValue){
+        if(StringUtils.isBlank(cipherDataValue)){
+            return cipherDataValue;
+        }
+        
+        String rawDataValue = null;
+        try{
+            rawDataValue = simpleEncryptionService.decodeFromAesBase64(cipherDataValue);
+        }catch(Exception e){
+            log.info("errors while decode cipher data value:{},error:{}", cipherDataValue, e.getMessage());
+            rawDataValue = cipherDataValue;
+        }
+        
+        return rawDataValue;
+    }
 
 }

platform-core/src/main/java/com/webank/wecube/platform/core/service/workflow/AbstractWorkflowService.java

@@ -21,6 +21,8 @@ public abstract class AbstractWorkflowService {
     
     public static final String EMPTY_ERROR_MSG = "";
     
+    public static final String IS_SENSITIVE_ATTR = "Y";
+    
     protected static List<String> statelessNodeTypes = Arrays.asList("startEvent", "endEvent", "exclusiveGateway",
             "parallelGateway");
     

platform-core/src/main/java/com/webank/wecube/platform/core/service/workflow/AsyncPluginInvocationService.java

@@ -337,11 +337,18 @@ public class AsyncPluginInvocationService extends AbstractPluginInvocationServic
 					entry.getKey());
 
 			String paramDataType = null;
+			boolean isSensitiveData = false;
 			if (p == null) {
 				paramDataType = DATA_TYPE_STRING;
 			} else {
 				paramDataType = p.getDataType();
+				isSensitiveData = (IS_SENSITIVE_ATTR.equalsIgnoreCase(p.getSensitiveData()));
 			}
+			
+			String paramDataValue = trimExceedParamValue(asString(entry.getValue(), paramDataType), MAX_PARAM_VAL_SIZE);
+			if(isSensitiveData){
+                paramDataValue = tryEncodeParamDataValue(paramDataValue);
+            }
 
 			TaskNodeExecParamEntity paramEntity = new TaskNodeExecParamEntity();
 			paramEntity.setEntityTypeId(entityTypeId);
@@ -350,8 +357,7 @@ public class AsyncPluginInvocationService extends AbstractPluginInvocationServic
 			paramEntity.setParamType(TaskNodeExecParamEntity.PARAM_TYPE_RESPONSE);
 			paramEntity.setParamName(entry.getKey());
 			paramEntity.setParamDataType(paramDataType);
-			paramEntity.setParamDataValue(
-					trimExceedParamValue(asString(entry.getValue(), paramDataType), MAX_PARAM_VAL_SIZE));
+			paramEntity.setParamDataValue(paramDataValue);
 			paramEntity.setRequestId(requestId);
 
 			taskNodeExecParamRepository.saveAndFlush(paramEntity);

platform-core/src/main/java/com/webank/wecube/platform/core/service/workflow/PluginInvocationService.java

@@ -59,8 +59,6 @@ import com.webank.wecube.platform.core.support.plugin.PluginInvocationRestClient
 @Service
 public class PluginInvocationService extends AbstractPluginInvocationService {
 
-    private static final String IS_SENSITIVE_ATTR = "Y";
-
     @Autowired
     private PluginInvocationRestClient pluginInvocationRestClient;
 
@@ -87,6 +85,7 @@ public class PluginInvocationService extends AbstractPluginInvocationService {
 
     @Autowired
     private WorkflowProcInstEndEventNotifier workflowProcInstEndEventNotifier;
+    
 
     public void handleProcessInstanceEndEvent(PluginInvocationCommand cmd) {
         if (log.isInfoEnabled()) {
@@ -660,6 +659,10 @@ public class PluginInvocationService extends AbstractPluginInvocationService {
         }
 
         for (TaskNodeExecParamEntity e : execParamEntities) {
+            String paramDataValue = e.getParamDataValue();
+            if(e.getSensitive() != null && e.getSensitive() == true){
+                paramDataValue = tryDecodeParamDataValue(paramDataValue);
+            }
             retDataValues.add(fromString(e.getParamDataValue(), e.getParamDataType()));
         }
 
@@ -839,7 +842,7 @@ public class PluginInvocationService extends AbstractPluginInvocationService {
                 e.setParamType(TaskNodeExecParamEntity.PARAM_TYPE_REQUEST);
                 e.setParamDataType(attr.getType());
                 e.setObjectId(sObjectId);
-                e.setParamDataValue(attr.getExpectedValue() == null ? null : attr.getExpectedValue().toString());
+                e.setParamDataValue(tryCalculateParamDataValue(attr));
                 e.setEntityDataId(entityDataId);
                 e.setEntityTypeId(entityTypeId);
 
@@ -857,6 +860,20 @@ public class PluginInvocationService extends AbstractPluginInvocationService {
 
         return pluginParameters;
     }
+    
+    private String tryCalculateParamDataValue(InputParamAttr attr){
+        if(attr.getExpectedValue() == null){
+            return null;
+        }
+        
+        String dataValue = attr.getExpectedValue().toString();
+        if(attr.isSensitive()){
+            dataValue = tryEncodeParamDataValue(dataValue);
+        }
+        
+        return dataValue;
+    }
+    
 
     private PluginInstance retrieveAvailablePluginInstance(PluginConfigInterface itf) {
         PluginConfig config = itf.getPluginConfig();
@@ -1043,6 +1060,12 @@ public class PluginInvocationService extends AbstractPluginInvocationService {
                 paramDataType = p.getDataType();
                 isSensitiveData = (IS_SENSITIVE_ATTR.equalsIgnoreCase(p.getSensitiveData()));
             }
+            
+            String paramDataValue = trimExceedParamValue(asString(entry.getValue(), paramDataType), MAX_PARAM_VAL_SIZE);
+            
+            if(isSensitiveData){
+                paramDataValue = tryEncodeParamDataValue(paramDataValue);
+            }
 
             TaskNodeExecParamEntity paramEntity = new TaskNodeExecParamEntity();
             paramEntity.setEntityTypeId(entityTypeId);
@@ -1051,8 +1074,7 @@ public class PluginInvocationService extends AbstractPluginInvocationService {
             paramEntity.setParamType(TaskNodeExecParamEntity.PARAM_TYPE_RESPONSE);
             paramEntity.setParamName(entry.getKey());
             paramEntity.setParamDataType(paramDataType);
-            paramEntity.setParamDataValue(
-                    trimExceedParamValue(asString(entry.getValue(), paramDataType), MAX_PARAM_VAL_SIZE));
+            paramEntity.setParamDataValue(paramDataValue);
             paramEntity.setRequestId(requestId);
             paramEntity.setSensitive(isSensitiveData);
 

platform-core/src/main/java/com/webank/wecube/platform/core/service/workflow/EncryptionService.java → platform-core/src/main/java/com/webank/wecube/platform/core/service/workflow/SimpleEncryptionService.java

@@ -6,17 +6,20 @@ import org.springframework.stereotype.Service;
 import com.webank.wecube.platform.core.utils.EncryptionUtils;
 
 @Service
-public class EncryptionService {
+public class SimpleEncryptionService {
     
     private static final String AES_SEED = "platform-aes-seed-2020";
     private static final String AES_SALT = "platform-aes-salt-2020";
     
+    private static final String AES_PREFIX = "{AES}";
+    
     public String encodeToAesBase64(String raw) {
         if(StringUtils.isBlank(raw)) {
             return raw;
         }
         
-        return EncryptionUtils.encryptWithAes(raw, AES_SEED, AES_SALT);
+        String cipherVal = EncryptionUtils.encryptWithAes(raw, AES_SEED, AES_SALT);
+        return AES_PREFIX+cipherVal;
     }
     
     public String decodeFromAesBase64(String aesBase64) {
@@ -24,6 +27,12 @@ public class EncryptionService {
             return aesBase64;
         }
         
+        if(!aesBase64.startsWith(AES_PREFIX)){
+            return aesBase64;
+        }
+        
+        aesBase64 = aesBase64.substring(AES_PREFIX.length());
+        
         return EncryptionUtils.decryptWithAes(aesBase64, AES_SEED, AES_SALT);
     }