開發在程式中需要對資料進行解密,加密方法是:AES/CBC/PKCS7Padding,由于java本身不支援,需要添加依賴,用的依賴是:
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk16</artifactId>
<version>1.46</version>
</dependency>
其實,這是由于linux版本java與windows有一些差別導緻的,解決方法如下:
1.找包:bcprov-jdk15on-1.56.jar
看看開發給的jar包裡有沒有:
jar -tvf jar包 | grep bcprov
如果有,解壓:
jar -xvf jar包 BOOT-INF/lib/bcprov-jdk15on-1.55.jar
如果沒有,下載下傳:
https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on
2.放包到:$JAVA_HOME/jre/lib/ext 下
3.找到檔案:$JAVA_HOME/jre/lib/security/java.security
在security.provider.9 下新增一行:
security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider
4.重新開機應用驗證;
Dockerfile
# cat Dockerfile
# AlpineLinux with a glibc-2.29-r0 and Oracle Java 8
FROM anapsix/alpine-java:8u172b11_jdk
RUN wget -P $JAVA_HOME/jre/lib/ext/ https://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk16/1.46/bcprov-jdk16-1.46.jar \
&& sed -i '/security.provider.9=sun.security.smartcardio.SunPCSC/a\\security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider' $JAVA_HOME/jre/lib/security/java.security
WORKDIR /data
CMD /data/start.sh
參數解釋
FROM anapsix/alpine-java:8u172b11_jdk 指定基于“anapsix/alpine-java:8u172b11_jdk”為基礎鏡像,必須要有!!!
WORKDIR /data :指令可以來指定工作目錄 WORKDIR 會幫你建立目錄,必須指定!!!
RUN:在docker鏡像中執行的指令,以上指令作用皆為修複jdk 1.8 加解密的問題
CMD /data/start.sh :容器啟動時所要執行的指令,是以在啟動java項目容器時,必須要映射start.sh此檔案,此檔案作用為:用于啟動java項目
驗證測試
- 新鏡像啟動程式
# docker run -itd --restart=unless-stopped --cap-add=SYS_PTRACE -v /etc/localtime:/etc/localtime -v /etc/timezone:/etc/timezone --name test -v $(pwd):/data --network=host ph/jdk8:ph
58c1df67596631188eff7648b41f22d4daee022866fe019344969b7eb0a31f5d
- 驗證測試
[root@localhost test]# tail -f MyTest-1.0-SNAPSHOT.log
原字元串:5ab3bb07-d54a-4645-9f2a-a47645a238fe
加密後:xBhFOXwLsRW6lTYu0tXvKm79PXfu++9O5Vz1hsz0VcHhXYJol6ltzjQR8eNFLCBS
解密後:5ab3bb07-d54a-4645-9f2a-a47645a238fe
- 附上原鏡像啟動jar包時的日志
[root@localhost test]# tail -f MyTest-1.0-SNAPSHOT.log
Exception in thread "main" java.lang.SecurityException: JCE cannot authenticate the provider BC
at javax.crypto.Cipher.getInstance(Cipher.java:656)
at javax.crypto.Cipher.getInstance(Cipher.java:595)
at com.ph.test.DecryptTest$AES.init(DecryptTest.java:296)
at com.ph.test.DecryptTest$AES.encryptString(DecryptTest.java:68)
at com.ph.test.DecryptTest.encrypt(DecryptTest.java:39)
at com.ph.test.DecryptTest.main(DecryptTest.java:27)