package com.common.core.utils;
|
|
import com.alibaba.fastjson.JSONObject;
|
import com.common.core.enums.ResultCodeEnum;
|
import com.common.core.exception.BizException;
|
import lombok.extern.slf4j.Slf4j;
|
import org.apache.commons.lang3.StringUtils;
|
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.stereotype.Component;
|
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
|
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
|
import software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider;
|
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
|
import software.amazon.awssdk.regions.Region;
|
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
|
import software.amazon.awssdk.services.secretsmanager.model.*;
|
|
import java.util.Base64;
|
|
@Slf4j
|
@Component
|
public class SecretsManagerUtils {
|
@Value("${aws.region}")
|
private String regionStr;
|
@Value("${aws.secrets.systemauth}")
|
private String systemauthName;
|
@Value("${aws.secrets.mysql}")
|
private String mysqlsecretName;
|
@Value("${aws.secrets.sm4}")
|
private String SM4SecretName;
|
@Value("${aws.secrets.mailauth}")
|
private String mailauthName;
|
|
private static JSONObject systemAuth;
|
private static JSONObject mysqlsecret;
|
private static JSONObject SM4Secret;
|
private static JSONObject mailauth;
|
|
private void getInit() {
|
if(systemAuth==null){
|
systemAuth=this.getSecretByName(systemauthName);
|
}
|
if(mysqlsecret==null){
|
mysqlsecret=this.getSecretByName(mysqlsecretName);
|
}
|
if(SM4Secret==null){
|
SM4Secret=this.getSecretByName(SM4SecretName);
|
}
|
if(mailauth==null){
|
mailauth=this.getSecretByName(mailauthName);
|
}
|
}
|
public JSONObject getSecretByName(String secretName) {
|
String key_id = System.getenv("AWS_ACCESS_KEY_ID");
|
String access_key = System.getenv("AWS_SECRET_ACCESS_KEY");
|
Region region = Region.of(regionStr);
|
SecretsManagerClient client = null;
|
if(StringUtils.isNotEmpty(key_id) && StringUtils.isNotEmpty(access_key)){
|
AwsBasicCredentials awsCreds = AwsBasicCredentials.create(key_id,access_key);
|
client = SecretsManagerClient.builder().credentialsProvider(StaticCredentialsProvider.create(awsCreds))
|
.region(region)
|
.build();
|
}else {
|
AwsCredentialsProvider credentialsProvider = InstanceProfileCredentialsProvider.builder().build();
|
client = SecretsManagerClient.builder().credentialsProvider(credentialsProvider)
|
.region(region)
|
.build();
|
}
|
String secret, decodedBinarySecret;
|
GetSecretValueRequest getSecretValueRequest = GetSecretValueRequest.builder()
|
.secretId(secretName)
|
.build();
|
GetSecretValueResponse getSecretValueResponse = null;
|
|
try {
|
getSecretValueResponse = client.getSecretValue(getSecretValueRequest);
|
} catch (Exception e) {
|
log.error(e.getMessage(), e);
|
throw new BizException(ResultCodeEnum.AWS_RT_ERROR);
|
}
|
if (getSecretValueResponse.secretString() != null) {
|
return JSONObject.parseObject(getSecretValueResponse.secretString());
|
}
|
else {
|
decodedBinarySecret = new String(Base64.getDecoder().decode(getSecretValueResponse.secretBinary().asByteBuffer()).array());
|
return JSONObject.parseObject(getSecretValueResponse.secretString());
|
}
|
}
|
public JSONObject getSecret(String secretName) {
|
this.getInit();
|
if(secretName.equals(systemauthName)){
|
return systemAuth;
|
}
|
if(secretName.equals(mysqlsecretName)){
|
return mysqlsecret;
|
}
|
if(secretName.equals(SM4SecretName)){
|
return SM4Secret;
|
}
|
if(secretName.equals(mailauthName)){
|
return mailauth;
|
}
|
return getSecretByName(secretName);
|
}
|
}
|
