[새기능] DB 암호화

build.gradle

@@ -58,6 +58,8 @@ dependencies {
 
     implementation 'org.apache.poi:poi:5.2.3'
     implementation 'org.apache.poi:poi-ooxml:5.2.3'
+
+    implementation 'com.github.ulisesbocchio:jasypt-spring-boot-starter:3.0.4'
 
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
     testImplementation 'org.springframework.restdocs:spring-restdocs-mockmvc'

src/main/java/com/bamdoliro/maru/domain/form/domain/Form.java

@@ -11,19 +11,9 @@
 import com.bamdoliro.maru.domain.form.domain.value.Score;
 import com.bamdoliro.maru.domain.form.service.CalculateFormScoreService;
 import com.bamdoliro.maru.domain.user.domain.User;
+import com.bamdoliro.maru.infrastructure.persistence.converter.LongEncryptedConverter;
 import com.bamdoliro.maru.shared.entity.BaseTimeEntity;
-import jakarta.persistence.Column;
-import jakarta.persistence.Embedded;
-import jakarta.persistence.Entity;
-import jakarta.persistence.EnumType;
-import jakarta.persistence.Enumerated;
-import jakarta.persistence.FetchType;
-import jakarta.persistence.GeneratedValue;
-import jakarta.persistence.GenerationType;
-import jakarta.persistence.Id;
-import jakarta.persistence.JoinColumn;
-import jakarta.persistence.OneToOne;
-import jakarta.persistence.Table;
+import jakarta.persistence.*;
 import lombok.*;
 
 @Getter
@@ -37,6 +27,7 @@ public class Form extends BaseTimeEntity {
     @Id
     private Long id;
 
+    @Convert(converter = LongEncryptedConverter.class)
     @Column(nullable = true, unique = true)
     private Long examinationNumber;
 

src/main/java/com/bamdoliro/maru/domain/form/domain/value/Address.java

@@ -1,6 +1,8 @@
 package com.bamdoliro.maru.domain.form.domain.value;
 
+import com.bamdoliro.maru.infrastructure.persistence.converter.StringEncryptedConverter;
 import jakarta.persistence.Column;
+import jakarta.persistence.Convert;
 import jakarta.persistence.Embeddable;
 import lombok.AccessLevel;
 import lombok.AllArgsConstructor;
@@ -13,13 +15,16 @@
 @Embeddable
 public class Address {
 
-    @Column(nullable = false, length = 5)
+    @Convert(converter = StringEncryptedConverter.class)
+    @Column(nullable = false)
     private String zoneCode;
 
-    @Column(nullable = false, length = 100)
+    @Convert(converter = StringEncryptedConverter.class)
+    @Column(nullable = false)
     private String address;
 
-    @Column(nullable = false, length = 100)
+    @Convert(converter = StringEncryptedConverter.class)
+    @Column(nullable = false)
     private String detailAddress;
 
     @Override

src/main/java/com/bamdoliro/maru/domain/form/domain/value/Applicant.java

@@ -1,13 +1,9 @@
 package com.bamdoliro.maru.domain.form.domain.value;
 
 import com.bamdoliro.maru.domain.form.domain.type.Gender;
-import jakarta.persistence.AttributeOverride;
-import jakarta.persistence.AttributeOverrides;
-import jakarta.persistence.Column;
-import jakarta.persistence.Embeddable;
-import jakarta.persistence.Embedded;
-import jakarta.persistence.EnumType;
-import jakarta.persistence.Enumerated;
+import com.bamdoliro.maru.infrastructure.persistence.converter.LocalDateEncryptedConverter;
+import com.bamdoliro.maru.infrastructure.persistence.converter.StringEncryptedConverter;
+import jakarta.persistence.*;
 import lombok.AccessLevel;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
@@ -21,16 +17,19 @@
 @Embeddable
 public class Applicant {
 
-    @Column(nullable = false, length = 20)
+    @Convert(converter = StringEncryptedConverter.class)
+    @Column(nullable = false)
     private String name;
 
 
     @Embedded
     @AttributeOverrides({
-            @AttributeOverride(name = "value", column = @Column(name = "phone_number", nullable = false, length = 11)),
+            @AttributeOverride(name = "value", column = @Column(name = "phone_number", nullable = false)),
     })
     private PhoneNumber phoneNumber;
 
+
+    @Convert(converter = LocalDateEncryptedConverter.class)
     @Column(nullable = false)
     private LocalDate birthday;
 

src/main/java/com/bamdoliro/maru/domain/form/domain/value/Document.java

@@ -1,6 +1,8 @@
 package com.bamdoliro.maru.domain.form.domain.value;
 
+import com.bamdoliro.maru.infrastructure.persistence.converter.StringEncryptedConverter;
 import jakarta.persistence.Column;
+import jakarta.persistence.Convert;
 import jakarta.persistence.Embeddable;
 import lombok.AccessLevel;
 import lombok.AllArgsConstructor;
@@ -13,9 +15,11 @@
 @Embeddable
 public class Document {
 
-    @Column(nullable = false, length = 1600)
+    @Convert(converter = StringEncryptedConverter.class)
+    @Column(nullable = false, columnDefinition = "TEXT")
     private String coverLetter;
 
-    @Column(nullable = false, length = 1600)
+    @Convert(converter = StringEncryptedConverter.class)
+    @Column(nullable = false, columnDefinition = "TEXT")
     private String statementOfPurpose;
 }

src/main/java/com/bamdoliro/maru/domain/form/domain/value/Parent.java

@@ -1,10 +1,7 @@
 package com.bamdoliro.maru.domain.form.domain.value;
 
-import jakarta.persistence.AttributeOverride;
-import jakarta.persistence.AttributeOverrides;
-import jakarta.persistence.Column;
-import jakarta.persistence.Embeddable;
-import jakarta.persistence.Embedded;
+import com.bamdoliro.maru.infrastructure.persistence.converter.StringEncryptedConverter;
+import jakarta.persistence.*;
 import lombok.AccessLevel;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
@@ -16,12 +13,13 @@
 @Embeddable
 public class Parent {
 
-    @Column(name = "parent_name", nullable = false, length = 20)
+    @Convert(converter = StringEncryptedConverter.class)
+    @Column(name = "parent_name", nullable = false)
     private String name;
 
     @Embedded
     @AttributeOverrides({
-            @AttributeOverride(name = "value", column = @Column(name = "parent_phone_number", nullable = false, length = 11)),
+            @AttributeOverride(name = "value", column = @Column(name = "parent_phone_number", nullable = false)),
     })
     private PhoneNumber phoneNumber;
 

src/main/java/com/bamdoliro/maru/domain/form/domain/value/PhoneNumber.java

@@ -1,5 +1,7 @@
 package com.bamdoliro.maru.domain.form.domain.value;
 
+import com.bamdoliro.maru.infrastructure.persistence.converter.StringEncryptedConverter;
+import jakarta.persistence.Convert;
 import jakarta.persistence.Embeddable;
 import lombok.AccessLevel;
 import lombok.AllArgsConstructor;
@@ -12,6 +14,7 @@
 @Embeddable
 public class PhoneNumber {
 
+    @Convert(converter = StringEncryptedConverter.class)
     private String value;
 
     @Override

src/main/java/com/bamdoliro/maru/domain/form/domain/value/Teacher.java

@@ -1,10 +1,7 @@
 package com.bamdoliro.maru.domain.form.domain.value;
 
-import jakarta.persistence.AttributeOverride;
-import jakarta.persistence.AttributeOverrides;
-import jakarta.persistence.Column;
-import jakarta.persistence.Embeddable;
-import jakarta.persistence.Embedded;
+import com.bamdoliro.maru.infrastructure.persistence.converter.StringEncryptedConverter;
+import jakarta.persistence.*;
 import lombok.AccessLevel;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
@@ -16,18 +13,19 @@
 @Embeddable
 public class Teacher {
 
-    @Column(name = "teacher_name", nullable = true, length = 20)
+    @Convert(converter = StringEncryptedConverter.class)
+    @Column(name = "teacher_name", nullable = true)
     private String name;
 
     @Embedded
     @AttributeOverrides({
-            @AttributeOverride(name = "value", column = @Column(name = "teacher_phone_number", nullable = true, length = 11)),
+            @AttributeOverride(name = "value", column = @Column(name = "teacher_phone_number", nullable = true)),
     })
     private PhoneNumber phoneNumber;
 
     @Embedded
     @AttributeOverrides({
-            @AttributeOverride(name = "value", column = @Column(name = "teacher_mobile_phone_number", nullable = true, length = 11)),
+            @AttributeOverride(name = "value", column = @Column(name = "teacher_mobile_phone_number", nullable = true)),
     })
     private PhoneNumber mobilePhoneNumber;
 }

src/main/java/com/bamdoliro/maru/domain/user/domain/User.java

@@ -2,17 +2,10 @@
 
 import com.bamdoliro.maru.domain.user.domain.type.Authority;
 import com.bamdoliro.maru.domain.user.domain.value.Password;
+import com.bamdoliro.maru.infrastructure.persistence.converter.StringEncryptedConverter;
 import com.bamdoliro.maru.shared.util.PasswordUtil;
 import com.bamdoliro.maru.shared.entity.BaseTimeEntity;
-import jakarta.persistence.Column;
-import jakarta.persistence.Embedded;
-import jakarta.persistence.Entity;
-import jakarta.persistence.EnumType;
-import jakarta.persistence.Enumerated;
-import jakarta.persistence.GeneratedValue;
-import jakarta.persistence.GenerationType;
-import jakarta.persistence.Id;
-import jakarta.persistence.Table;
+import jakarta.persistence.*;
 import lombok.AccessLevel;
 import lombok.Builder;
 import lombok.Getter;
@@ -34,10 +27,12 @@ public class User extends BaseTimeEntity {
     @Column(unique = true, nullable = false)
     private UUID uuid;
 
-    @Column(unique = true, nullable = false, length = 11)
+    @Convert(converter = StringEncryptedConverter.class)
+    @Column(unique = true, nullable = false)
     private String phoneNumber;
 
-    @Column(nullable = false, length = 50)
+    @Convert(converter = StringEncryptedConverter.class)
+    @Column(nullable = false)
     private String name;
 
     @Embedded

src/main/java/com/bamdoliro/maru/infrastructure/persistence/converter/GenericEncryptedConverter.java

@@ -0,0 +1,25 @@
+package com.bamdoliro.maru.infrastructure.persistence.converter;
+
+import com.bamdoliro.maru.infrastructure.persistence.converter.mapper.DecryptionMapper;
+import jakarta.persistence.AttributeConverter;
+import lombok.RequiredArgsConstructor;
+import org.jasypt.encryption.StringEncryptor;
+
+@RequiredArgsConstructor
+public class GenericEncryptedConverter<T> implements AttributeConverter<T, String> {
+
+    private final StringEncryptor encryptor;
+    private final DecryptionMapper<T> decryptionMapper;
+
+    @Override
+    public String convertToDatabaseColumn(T attribute) {
+        if (attribute == null) return null;
+        return encryptor.encrypt(attribute.toString());
+    }
+
+    @Override
+    public T convertToEntityAttribute(String dbData) {
+        if (dbData == null) return null;
+        return decryptionMapper.map(encryptor.decrypt(dbData));
+    }
+}

src/main/java/com/bamdoliro/maru/infrastructure/persistence/converter/LocalDateEncryptedConverter.java

@@ -0,0 +1,14 @@
+package com.bamdoliro.maru.infrastructure.persistence.converter;
+
+import jakarta.persistence.Converter;
+import org.jasypt.encryption.StringEncryptor;
+
+import java.time.LocalDate;
+
+@Converter
+public class LocalDateEncryptedConverter extends GenericEncryptedConverter<LocalDate> {
+
+    public LocalDateEncryptedConverter(StringEncryptor encryptor) {
+        super(encryptor, LocalDate::parse);
+    }
+}

src/main/java/com/bamdoliro/maru/infrastructure/persistence/converter/LongEncryptedConverter.java

@@ -0,0 +1,12 @@
+package com.bamdoliro.maru.infrastructure.persistence.converter;
+
+import jakarta.persistence.Converter;
+import org.jasypt.encryption.StringEncryptor;
+
+@Converter
+public class LongEncryptedConverter extends GenericEncryptedConverter<Long> {
+
+    public LongEncryptedConverter(StringEncryptor encryptor) {
+        super(encryptor, Long::valueOf);
+    }
+}

src/main/java/com/bamdoliro/maru/infrastructure/persistence/converter/StringEncryptedConverter.java

@@ -0,0 +1,10 @@
+package com.bamdoliro.maru.infrastructure.persistence.converter;
+
+import org.jasypt.encryption.StringEncryptor;
+
+public class StringEncryptedConverter extends GenericEncryptedConverter<String> {
+
+    public StringEncryptedConverter(StringEncryptor encryptor) {
+        super(encryptor, s -> s);
+    }
+}

src/main/java/com/bamdoliro/maru/infrastructure/persistence/converter/mapper/DecryptionMapper.java

@@ -0,0 +1,6 @@
+package com.bamdoliro.maru.infrastructure.persistence.converter.mapper;
+
+@FunctionalInterface
+public interface DecryptionMapper<T> {
+    T map(String value);
+}

src/main/java/com/bamdoliro/maru/shared/config/JasyptConfig.java

@@ -0,0 +1,37 @@
+package com.bamdoliro.maru.shared.config;
+
+import lombok.RequiredArgsConstructor;
+import org.jasypt.encryption.StringEncryptor;
+import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
+import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
+import org.jasypt.salt.StringFixedSaltGenerator;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@RequiredArgsConstructor
+@Configuration
+public class JasyptConfig {
+
+    @Value("${spring.jasypt.encryptor.key}")
+    private String key;
+
+    @Value("${spring.jasypt.encryptor.salt}")
+    private String salt;
+
+    @Bean
+    public StringEncryptor stringEncryptor() {
+        PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
+        SimpleStringPBEConfig config = new SimpleStringPBEConfig();
+        config.setPassword(key);
+        config.setAlgorithm("PBEWithMD5AndDES");
+        config.setKeyObtentionIterations("1000");
+        config.setPoolSize("1");
+
+        config.setSaltGenerator(new StringFixedSaltGenerator(salt));
+        config.setIvGeneratorClassName("org.jasypt.iv.NoIvGenerator");
+        encryptor.setConfig(config);
+        return encryptor;
+    }
+
+}

src/main/resources/application.yml

@@ -51,6 +51,11 @@ spring:
     multipart:
       max-file-size: 10MB
 
+  jasypt:
+    encryptor:
+      key: ${ENCRYPTION_PASSWORD}
+      salt: ${ENCRYPTION_SALT}
+
 jwt:
   refresh-expiration-time: 1296000000 # 15일
   access-expiration-time: 3600000 # 1시간
@@ -114,4 +119,5 @@ spring:
       port: 6379
       password: bamdoliro
 
+
 debug: false