[ISSUE#5695] Summer2021 Import/export compatible with configuration encryption and decryption

config/src/main/java/com/alibaba/nacos/config/server/controller/ConfigController.java

@@ -157,7 +157,6 @@ public Boolean publishConfig(HttpServletRequest request, HttpServletResponse res
  MapUtil.putIfValNoNull(configAdvanceInfo, "effect", effect);
  MapUtil.putIfValNoNull(configAdvanceInfo, "type", type);
  MapUtil.putIfValNoNull(configAdvanceInfo, "schema", schema);
- MapUtil.putIfValNoNull(configAdvanceInfo, "encryptedDataKey", encryptedDataKey);
  ParamUtils.checkParam(configAdvanceInfo);
 
  if (AggrWhitelist.isAggrDataId(dataId)) {
@@ -502,8 +501,9 @@ public ResponseEntity<byte[]> exportConfig(@RequestParam(value = "dataId", requi
  // Fixed use of "\r\n" here
  .append(ci.getAppName()).append("\r\n");
  }
+ String decryptContent = CryptoExecutor.executeDecrypt(ci.getDataId(), ci.getEncryptedDataKey(), ci.getContent());
  String itemName = ci.getGroup() + Constants.CONFIG_EXPORT_ITEM_FILE_SEPARATOR + ci.getDataId();
- zipItemList.add(new ZipUtils.ZipItem(itemName, ci.getContent()));
+ zipItemList.add(new ZipUtils.ZipItem(itemName, decryptContent));
  }
  if (metaData != null) {
  zipItemList.add(new ZipUtils.ZipItem(Constants.CONFIG_EXPORT_METADATA, metaData.toString()));
@@ -514,7 +514,7 @@ public ResponseEntity<byte[]> exportConfig(@RequestParam(value = "dataId", requi
  EXPORT_CONFIG_FILE_NAME + DateFormatUtils.format(new Date(), EXPORT_CONFIG_FILE_NAME_DATE_FORMAT)
  + EXPORT_CONFIG_FILE_NAME_EXT;
  headers.add("Content-Disposition", "attachment;filename=" + fileName);
- return new ResponseEntity<byte[]>(ZipUtils.zip(zipItemList), headers, HttpStatus.OK);
+ return new ResponseEntity<>(ZipUtils.zip(zipItemList), headers, HttpStatus.OK);
  }
 
  /**
@@ -547,8 +547,9 @@ public ResponseEntity<byte[]> exportConfigV2(@RequestParam(value = "dataId", req
  configMetadataItem.setGroup(ci.getGroup());
  configMetadataItem.setType(ci.getType());
  configMetadataItems.add(configMetadataItem);
+ String decryptContent = CryptoExecutor.executeDecrypt(ci.getDataId(), ci.getEncryptedDataKey(), ci.getContent());
  String itemName = ci.getGroup() + Constants.CONFIG_EXPORT_ITEM_FILE_SEPARATOR + ci.getDataId();
- zipItemList.add(new ZipUtils.ZipItem(itemName, ci.getContent()));
+ zipItemList.add(new ZipUtils.ZipItem(itemName, decryptContent));
  }
  ConfigMetadata configMetadata = new ConfigMetadata();
  configMetadata.setMetadata(configMetadataItems);
@@ -686,14 +687,22 @@ private RestResult<Map<String, Object>> parseImportData(ZipUtils.UnZipResult unz
  .substring(tempDataId.lastIndexOf(".") + 1);
  }
  final String metaDataId = group + "." + tempDataId + ".app";
+ String encryptedDataKey = "";
+ String content = item.getItemData();
+ CryptoSpi cryptoSpi = CryptoExecutor.cryptoInstance(dataId);
+ if (null != cryptoSpi) {
+ encryptedDataKey = cryptoSpi.generateSecretKey();
+ content = CryptoExecutor.executeEncrypt(cryptoSpi::encrypt, encryptedDataKey, content);
+ }
  ConfigAllInfo ci = new ConfigAllInfo();
  ci.setGroup(group);
  ci.setDataId(dataId);
- ci.setContent(item.getItemData());
+ ci.setContent(content);
  if (metaDataMap.get(metaDataId) != null) {
  ci.setAppName(metaDataMap.get(metaDataId));
  }
  ci.setTenant(namespace);
+ ci.setEncryptedDataKey(encryptedDataKey);
  configInfoList.add(ci);
  }
  }
@@ -772,6 +781,12 @@ private RestResult<Map<String, Object>> parseImportDataV2(ZipUtils.UnZipResult u
  unrecognizedList.add(unrecognizedItem);
  continue;
  }
+ String encryptedDataKey = "";
+ CryptoSpi cryptoSpi = CryptoExecutor.cryptoInstance(dataId);
+ if (null != cryptoSpi) {
+ encryptedDataKey = cryptoSpi.generateSecretKey();
+ content = CryptoExecutor.executeEncrypt(cryptoSpi::encrypt, encryptedDataKey, content);
+ }
  ConfigAllInfo ci = new ConfigAllInfo();
  ci.setGroup(group);
  ci.setDataId(dataId);
@@ -780,6 +795,7 @@ private RestResult<Map<String, Object>> parseImportDataV2(ZipUtils.UnZipResult u
  ci.setDesc(configExportItem.getDesc());
  ci.setAppName(configExportItem.getAppName());
  ci.setTenant(namespace);
+ ci.setEncryptedDataKey(encryptedDataKey);
  configInfoList.add(ci);
  }
  return null;
@@ -847,6 +863,7 @@ public RestResult<Map<String, Object>> cloneConfig(HttpServletRequest request,
  ci4save.setAppName(ci.getAppName());
  }
  ci4save.setDesc(ci.getDesc());
+ ci4save.setEncryptedDataKey(ci.getEncryptedDataKey() == null ? StringUtils.EMPTY : ci.getEncryptedDataKey());
  configInfoList4Clone.add(ci4save);
  }
 

config/src/main/java/com/alibaba/nacos/config/server/remote/ConfigPublishRequestHandler.java

@@ -89,7 +89,6 @@ public ConfigPublishResponse handle(ConfigPublishRequest request, RequestMeta me
  MapUtil.putIfValNoNull(configAdvanceInfo, "effect", request.getAdditionParam("effect"));
  MapUtil.putIfValNoNull(configAdvanceInfo, "type", type);
  MapUtil.putIfValNoNull(configAdvanceInfo, "schema", request.getAdditionParam("schema"));
- MapUtil.putIfValNoNull(configAdvanceInfo, "encryptedDataKey", encryptedDataKey);
  ParamUtils.checkParam(configAdvanceInfo);
 
  if (AggrWhitelist.isAggrDataId(dataId)) {

config/src/main/java/com/alibaba/nacos/config/server/service/repository/PersistService.java

@@ -58,7 +58,7 @@ public interface PersistService {
  String SPOT = ".";
  Object[] EMPTY_ARRAY = new Object[] {};
  @SuppressWarnings("checkstyle:linelength")
- String SQL_FIND_ALL_CONFIG_INFO = "SELECT id,data_id,group_id,tenant_id,app_name,content,type,md5,gmt_create,gmt_modified,src_user,src_ip,c_desc,c_use,effect,c_schema FROM config_info";
+ String SQL_FIND_ALL_CONFIG_INFO = "SELECT id,data_id,group_id,tenant_id,app_name,content,type,md5,gmt_create,gmt_modified,src_user,src_ip,c_desc,c_use,effect,c_schema,encrypted_data_key FROM config_info";
 
  String SQL_TENANT_INFO_COUNT_BY_TENANT_ID = "SELECT count(1) FROM tenant_info WHERE tenant_id = ?";
  String SQL_FIND_CONFIG_INFO_BY_IDS = "SELECT id,data_id,group_id,tenant_id,app_name,content,md5 FROM config_info WHERE ";

config/src/main/java/com/alibaba/nacos/config/server/service/repository/embedded/EmbeddedStoragePersistServiceImpl.java

@@ -1945,7 +1945,8 @@ public long addConfigInfoAtomic(final long id, final String srcIp, final String
  final String type = configAdvanceInfo == null ? null : (String) configAdvanceInfo.get("type");
  final String schema = configAdvanceInfo == null ? null : (String) configAdvanceInfo.get("schema");
  final String md5Tmp = MD5Utils.md5Hex(configInfo.getContent(), Constants.ENCODE);
- final String encryptedDataKey = configInfo.getEncryptedDataKey();
+ final String encryptedDataKey =
+ configInfo.getEncryptedDataKey() == null ? StringUtils.EMPTY : configInfo.getEncryptedDataKey();
 
  final String sql =
  "INSERT INTO config_info(id, data_id, group_id, tenant_id, app_name, content, md5, src_ip, src_user, gmt_create,"
@@ -2057,7 +2058,7 @@ public void updateConfigInfoAtomic(final ConfigInfo configInfo, final String src
  final String type = configAdvanceInfo == null ? null : (String) configAdvanceInfo.get("type");
  final String schema = configAdvanceInfo == null ? null : (String) configAdvanceInfo.get("schema");
  final String encryptedDataKey =
- configAdvanceInfo == null ? null : (String) configAdvanceInfo.get("encryptedDataKey");
+ configInfo.getEncryptedDataKey() == null ? StringUtils.EMPTY : configInfo.getEncryptedDataKey();
 
  final String sql = "UPDATE config_info SET content=?, md5 = ?, src_ip=?,src_user=?,gmt_modified=?,app_name=?,"
  + "c_desc=?,c_use=?,effect=?,type=?,c_schema=?,encrypted_data_key=? WHERE data_id=? AND group_id=? AND tenant_id=?";
@@ -2494,7 +2495,8 @@ public Map<String, Object> batchInsertOrUpdate(List<ConfigAllInfo> configInfoLis
  }
  ConfigInfo configInfo2Save = new ConfigInfo(configInfo.getDataId(), configInfo.getGroup(),
  configInfo.getTenant(), configInfo.getAppName(), configInfo.getContent());
-
+ configInfo2Save.setEncryptedDataKey(
+ configInfo.getEncryptedDataKey() == null ? "" : configInfo.getEncryptedDataKey());
  String type = configInfo.getType();
  if (StringUtils.isBlank(type)) {
  // simple judgment of file type based on suffix

config/src/main/java/com/alibaba/nacos/config/server/service/repository/extrnal/ExternalStoragePersistServiceImpl.java

@@ -103,7 +103,7 @@ public class ExternalStoragePersistServiceImpl implements PersistService {
 
  private DataSourceService dataSourceService;
 
- private static final String SQL_FIND_ALL_CONFIG_INFO = "SELECT id,data_id,group_id,tenant_id,app_name,content,type,md5,gmt_create,gmt_modified,src_user,src_ip,c_desc,c_use,effect,c_schema FROM config_info";
+ private static final String SQL_FIND_ALL_CONFIG_INFO = "SELECT id,data_id,group_id,tenant_id,app_name,content,type,md5,gmt_create,gmt_modified,src_user,src_ip,c_desc,c_use,effect,c_schema,encrypted_data_key FROM config_info";
 
  private static final String SQL_TENANT_INFO_COUNT_BY_TENANT_ID = "SELECT count(*) FROM tenant_info WHERE tenant_id = ?";
 
@@ -180,10 +180,6 @@ public void addConfigInfo(final String srcIp, final String srcUser, final Config
  addConfigTagsRelation(configId, configTags, configInfo.getDataId(), configInfo.getGroup(),
  configInfo.getTenant());
 
- final String encryptedDataKey =
- configAdvanceInfo == null ? "" : (String) configAdvanceInfo.get("encryptedDataKey");
- configInfo.setEncryptedDataKey(encryptedDataKey);
-
  insertConfigHistoryAtomic(0, configInfo, srcIp, srcUser, time, "I");
  } catch (CannotGetJdbcConnectionException e) {
  LogUtil.FATAL_LOG.error("[db-error] " + e.toString(), e);
@@ -2065,7 +2061,7 @@ public long addConfigInfoAtomic(final long configId, final String srcIp, final S
  final String type = configAdvanceInfo == null ? null : (String) configAdvanceInfo.get("type");
  final String schema = configAdvanceInfo == null ? null : (String) configAdvanceInfo.get("schema");
  final String encryptedDataKey =
- configAdvanceInfo == null ? "" : (String) configAdvanceInfo.get("encryptedDataKey");
+ configInfo.getEncryptedDataKey() == null ? StringUtils.EMPTY : configInfo.getEncryptedDataKey();
 
  final String md5Tmp = MD5Utils.md5Hex(configInfo.getContent(), Constants.ENCODE);
 
@@ -2236,7 +2232,7 @@ public void updateConfigInfoAtomic(final ConfigInfo configInfo, final String src
  String type = configAdvanceInfo == null ? null : (String) configAdvanceInfo.get("type");
  String schema = configAdvanceInfo == null ? null : (String) configAdvanceInfo.get("schema");
  final String encryptedDataKey =
- configAdvanceInfo == null ? "" : (String) configAdvanceInfo.get("encryptedDataKey");
+ configInfo.getEncryptedDataKey() == null ? StringUtils.EMPTY : configInfo.getEncryptedDataKey();
 
  try {
  jt.update("UPDATE config_info SET content=?, md5 = ?, src_ip=?,src_user=?,gmt_modified=?,"
@@ -2732,6 +2728,8 @@ public Map<String, Object> batchInsertOrUpdate(List<ConfigAllInfo> configInfoLis
  }
  ConfigInfo configInfo2Save = new ConfigInfo(configInfo.getDataId(), configInfo.getGroup(),
  configInfo.getTenant(), configInfo.getAppName(), configInfo.getContent());
+ configInfo2Save.setEncryptedDataKey(
+ configInfo.getEncryptedDataKey() == null ? StringUtils.EMPTY : configInfo.getEncryptedDataKey());
 
  String type = configInfo.getType();
  if (StringUtils.isBlank(type)) {