package com.common.core.utils; import com.alibaba.fastjson.JSONObject; import com.common.core.enums.ResultCodeEnum; import com.common.core.exception.BizException; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; import software.amazon.awssdk.auth.credentials.AwsBasicCredentials; import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider; import software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider; import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient; import software.amazon.awssdk.services.secretsmanager.model.*; import java.util.Base64; @Slf4j @Component public class SecretsManagerUtils { @Value("${aws.region}") private String regionStr; @Value("${aws.secrets.systemauth}") private String systemauthName; @Value("${aws.secrets.mysql}") private String mysqlsecretName; @Value("${aws.secrets.sm4}") private String SM4SecretName; @Value("${aws.secrets.mailauth}") private String mailauthName; private static JSONObject systemAuth; private static JSONObject mysqlsecret; private static JSONObject SM4Secret; private static JSONObject mailauth; private void getInit() { if(systemAuth==null){ systemAuth=this.getSecretByName(systemauthName); } if(mysqlsecret==null){ mysqlsecret=this.getSecretByName(mysqlsecretName); } if(SM4Secret==null){ SM4Secret=this.getSecretByName(SM4SecretName); } if(mailauth==null){ mailauth=this.getSecretByName(mailauthName); } } public JSONObject getSecretByName(String secretName) { String key_id = System.getenv("AWS_ACCESS_KEY_ID"); String access_key = System.getenv("AWS_SECRET_ACCESS_KEY"); Region region = Region.of(regionStr); SecretsManagerClient client = null; if(StringUtils.isNotEmpty(key_id) && StringUtils.isNotEmpty(access_key)){ AwsBasicCredentials awsCreds = AwsBasicCredentials.create(key_id,access_key); client = SecretsManagerClient.builder().credentialsProvider(StaticCredentialsProvider.create(awsCreds)) .region(region) .build(); }else { AwsCredentialsProvider credentialsProvider = InstanceProfileCredentialsProvider.builder().build(); client = SecretsManagerClient.builder().credentialsProvider(credentialsProvider) .region(region) .build(); } String secret, decodedBinarySecret; GetSecretValueRequest getSecretValueRequest = GetSecretValueRequest.builder() .secretId(secretName) .build(); GetSecretValueResponse getSecretValueResponse = null; try { getSecretValueResponse = client.getSecretValue(getSecretValueRequest); } catch (Exception e) { log.error(e.getMessage(), e); throw new BizException(ResultCodeEnum.AWS_RT_ERROR); } if (getSecretValueResponse.secretString() != null) { return JSONObject.parseObject(getSecretValueResponse.secretString()); } else { decodedBinarySecret = new String(Base64.getDecoder().decode(getSecretValueResponse.secretBinary().asByteBuffer()).array()); return JSONObject.parseObject(getSecretValueResponse.secretString()); } } public JSONObject getSecret(String secretName) { this.getInit(); if(secretName.equals(systemauthName)){ return systemAuth; } if(secretName.equals(mysqlsecretName)){ return mysqlsecret; } if(secretName.equals(SM4SecretName)){ return SM4Secret; } if(secretName.equals(mailauthName)){ return mailauth; } return getSecretByName(secretName); } }