✨ 文件加密：支持对保存在系统中的所有文件进行加密，确保它们不会被恶意攻击者窃取或修改。

1 year ago · 6917a184cf
11 changed files with 344 additions and 21 deletions
--- a/tp-admin/src/main/java/com/inscloudtech/web/controller/system/SysOssController.java
+++ b/tp-admin/src/main/java/com/inscloudtech/web/controller/system/SysOssController.java
@ -74,7 +74,7 @@ public class SysOssController extends BaseController {
        if (ObjectUtil.isNull(file)) {
            return R.fail("上传文件不能为空");
        }
-        SysOssVo oss = iSysOssService.upload(file);
+        SysOssVo oss = iSysOssService.upload(file,false);
        Map<String, String> map = new HashMap<>(2);
        map.put("url", oss.getUrl());
        map.put("fileName", oss.getOriginalName());
--- a/tp-admin/src/main/java/com/inscloudtech/web/controller/system/SysProfileController.java
+++ b/tp-admin/src/main/java/com/inscloudtech/web/controller/system/SysProfileController.java
@ -113,7 +113,7 @@ public class SysProfileController extends BaseController {
            if (!StringUtils.equalsAnyIgnoreCase(extension, MimeTypeUtils.IMAGE_EXTENSION)) {
                return R.fail("文件格式不正确，请上传" + Arrays.toString(MimeTypeUtils.IMAGE_EXTENSION) + "格式");
            }
-            SysOssVo oss = iSysOssService.upload(avatarfile);
+            SysOssVo oss = iSysOssService.upload(avatarfile,false);
            String avatar = oss.getUrl();
            if (userService.updateUserAvatar(getUsername(), avatar)) {
                ajax.put("imgUrl", avatar);
--- a/tp-admin/src/main/java/com/inscloudtech/web/controller/system/TestReportController.java
+++ b/tp-admin/src/main/java/com/inscloudtech/web/controller/system/TestReportController.java
@ -81,7 +81,6 @@ public class TestReportController {
     * 上传测试报告
     *
     */
-    @SneakyThrows
    @Log(title = "测试报告管理", businessType = BusinessType.INSERT)
    @PostMapping(value = "/uploadReport", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
    public R upload( @RequestPart("file") MultipartFile file,
@ -95,7 +94,7 @@ public class TestReportController {
        TestReport testReport = new TestReport();
        testReport.setReportName(reportName);
        if(file != null && FileUploadUtils.checkTxtFileValid(file)){
-            SysOssVo toolVo = iSysOssService.upload(file);
+            SysOssVo toolVo = iSysOssService.upload(file,true);
            testReport.setReportPath(toolVo.getOriginalName());
            testReport.setReportOssId(toolVo.getOssId());
        }
@ -122,7 +121,7 @@ public class TestReportController {
        TestReport testReport = new TestReport();
        testReport.setReportName(reportName);
        if(file != null && FileUploadUtils.checkTxtFileValid(file)){
-            SysOssVo toolVo = iSysOssService.upload(file);
+            SysOssVo toolVo = iSysOssService.upload(file,true);
            testReport.setReportPath(toolVo.getOriginalName());
            testReport.setReportOssId(toolVo.getOssId());
        }
--- a/tp-common/src/main/java/com/inscloudtech/common/utils/DocumentEncryptionUtil.java
+++ b/tp-common/src/main/java/com/inscloudtech/common/utils/DocumentEncryptionUtil.java
@ -0,0 +1,136 @@
+package com.inscloudtech.common.utils;
+
+
+import org.springframework.web.multipart.MultipartFile;
+
+import javax.crypto.*;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.*;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+
+/**
+ * @createTime 2023/10/18 11:24
+ * @createAuthor SIN
+ * @use 文件的加密和解密
+ */
+public class DocumentEncryptionUtil {
+    // 文件的加密方式
+    private static final String ALGORITHM = "AES";
+
+    // 文件加密密钥
+    private static final String SECRET_KEY = "AMaw7X3yIMhCQxmw";
+
+    /**
+     * 文件加密
+     * @param uploadFile  需要加密文件
+     * @param dest  加密后文件地址
+     */
+    public static void encryptUploadFile(MultipartFile uploadFile, Path dest) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IOException {
+        // 使用密钥字符串生成秘密密钥
+        SecretKey secretKeySpec = new SecretKeySpec(SECRET_KEY.getBytes(), ALGORITHM);
+        // 获取 AES 加密算法的实例
+        Cipher cipher = Cipher.getInstance(ALGORITHM);
+        // 使用秘密密钥初始化密码 cipher，设置为加密模式
+        cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);
+
+        // 创建输入流，读取源文件
+        try (InputStream inputStream = uploadFile.getInputStream();
+             // 创建输出流，写入加密文件
+             OutputStream outputStream = Files.newOutputStream(dest);
+             // 创建密码输出流，连接到输出流，并使用密码 cipher 进行加密
+             CipherOutputStream cipherOutputStream = new CipherOutputStream(outputStream, cipher)) {
+            // 缓冲区大小
+            byte[] buffer = new byte[4096];
+            int bytesRead;
+            // 读取源文件内容到缓冲区
+            while ((bytesRead = inputStream.read(buffer)) != -1) {
+                // 将加密后的数据写入加密文件
+                cipherOutputStream.write(buffer, 0, bytesRead);
+            }
+        }
+    }
+
+    /**
+     * 文件加密
+     * @param sourceFilePath  需要加密文件地址
+     * @param destinationFilePath  加密后文件地址
+     */
+    public static void encryptFile(String sourceFilePath, String destinationFilePath) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IOException {
+        // 使用密钥字符串生成秘密密钥
+        SecretKey secretKeySpec = new SecretKeySpec(SECRET_KEY.getBytes(), ALGORITHM);
+        // 获取 AES 加密算法的实例
+        Cipher cipher = Cipher.getInstance(ALGORITHM);
+        // 使用秘密密钥初始化密码 cipher，设置为加密模式
+        cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);
+
+        // 获取源文件路径
+        Path sourcePath = Paths.get(sourceFilePath);
+        // 获取目标加密文件路径
+        Path destinationPath = Paths.get(destinationFilePath);
+
+        // 创建输入流，读取源文件
+        try (InputStream inputStream = Files.newInputStream(sourcePath);
+             // 创建输出流，写入加密文件
+             OutputStream outputStream = Files.newOutputStream(destinationPath);
+             // 创建密码输出流，连接到输出流，并使用密码 cipher 进行加密
+             CipherOutputStream cipherOutputStream = new CipherOutputStream(outputStream, cipher)) {
+            // 缓冲区大小
+            byte[] buffer = new byte[4096];
+            int bytesRead;
+            // 读取源文件内容到缓冲区
+            while ((bytesRead = inputStream.read(buffer)) != -1) {
+                // 将加密后的数据写入加密文件
+                cipherOutputStream.write(buffer, 0, bytesRead);
+            }
+        }
+    }
+
+    /**
+     * 文件解密
+     * @param sourceFilePath 需要解密的文件地址
+     * @param destinationFilePath 解密后的文件地址
+     */
+
+    public static void decryptFile(String sourceFilePath, String destinationFilePath) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IOException {
+        SecretKey secretKeySpec = new SecretKeySpec(SECRET_KEY.getBytes(), ALGORITHM); // 使用密钥字符串生成秘密密钥
+        Cipher cipher = Cipher.getInstance(ALGORITHM); // 获取 AES 加密算法的实例
+        cipher.init(Cipher.DECRYPT_MODE, secretKeySpec); // 使用秘密密钥初始化密码 cipher，设置为解密模式
+
+        Path sourcePath = Paths.get(sourceFilePath); // 获取源加密文件路径
+        Path destinationPath = Paths.get(destinationFilePath); // 获取目标解密文件路径
+
+        try (InputStream inputStream = Files.newInputStream(sourcePath); // 创建输入流，读取加密文件
+             OutputStream outputStream = Files.newOutputStream(destinationPath); // 创建输出流，写入解密文件
+             CipherInputStream cipherInputStream = new CipherInputStream(inputStream, cipher)) { // 创建密码输入流，连接到输入流，并使用密码 cipher 进行解密
+            byte[] buffer = new byte[4096]; // 缓冲区大小
+            int bytesRead;
+            while ((bytesRead = cipherInputStream.read(buffer)) != -1) { // 读取加密文件内容到缓冲区
+                outputStream.write(buffer, 0, bytesRead); // 将解密后的数据写入解密文件
+            }
+        }
+    }
+
+    public static void decryptFile4Download(String sourceFilePath, OutputStream outputStream) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IOException {
+        SecretKey secretKeySpec = new SecretKeySpec(SECRET_KEY.getBytes(), ALGORITHM); // 使用密钥字符串生成秘密密钥
+        Cipher cipher = Cipher.getInstance(ALGORITHM); // 获取 AES 加密算法的实例
+        cipher.init(Cipher.DECRYPT_MODE, secretKeySpec); // 使用秘密密钥初始化密码 cipher，设置为解密模式
+
+        Path sourcePath = Paths.get(sourceFilePath); // 获取源加密文件路径
+
+        try (InputStream inputStream = Files.newInputStream(sourcePath); // 创建输入流，读取加密文件
+             CipherInputStream cipherInputStream = new CipherInputStream(inputStream, cipher)) { // 创建密码输入流，连接到输入流，并使用密码 cipher 进行解密
+            byte[] buffer = new byte[4096]; // 缓冲区大小
+            int bytesRead;
+            while ((bytesRead = cipherInputStream.read(buffer)) != -1) { // 读取加密文件内容到缓冲区
+                outputStream.write(buffer, 0, bytesRead); // 将解密后的数据写入解密文件
+            }
+        }
+    }
+
+
+}
+
--- a/tp-common/src/main/java/com/inscloudtech/common/utils/FileEncryptionUtil.java
+++ b/tp-common/src/main/java/com/inscloudtech/common/utils/FileEncryptionUtil.java
@ -0,0 +1,132 @@
+package com.inscloudtech.common.utils;
+
+
+    import javax.crypto.*;
+    import javax.crypto.spec.SecretKeySpec;
+    import java.io.IOException;
+    import java.io.InputStream;
+    import java.io.OutputStream;
+    import java.nio.file.DirectoryStream;
+    import java.nio.file.Files;
+    import java.nio.file.Path;
+    import java.nio.file.Paths;
+    import java.security.InvalidKeyException;
+    import java.security.NoSuchAlgorithmException;
+
+/**
+ * @createTime 2023/10/19 9:20
+ * @createAuthor SIN
+ * @use 文件夹加密和解密
+ */
+public class FileEncryptionUtil {
+
+    //AES是高级加密标准（Advanced Encryption Standard）的缩写，是一种对称密钥加密算法，常用于数据加密和保护隐私。
+    private static final String ALGORITHM = "AES";
+
+
+    /**
+     * 去除文件名扩展名
+     * @param fileName 需要操作的文件
+     * @return
+     */
+    private static String removeExtension(String fileName) {
+        // 找到文件的最后一个点
+        int dotIndex = fileName.lastIndexOf(".");
+        // 保证点不是文件名的第一个字符和最后一个字符
+        if (dotIndex > 0 && dotIndex < fileName.length() - 1) {
+            // 返回有效的扩展名
+            return fileName.substring(0, dotIndex);
+        }
+        // 返回源文件
+        return fileName;
+    }
+
+    /**
+     * 文件夹加密
+     * @param secretKey 文件夹加密密钥
+     * @param sourceFilePath 需要加密的文件夹
+     * @param destinationFilePath 加密后的文件夹地址
+     */
+    public static void encryptFile(String secretKey,String sourceFilePath, String destinationFilePath) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IOException {
+        // 使用密钥字符串生成秘密密钥
+        SecretKey secretKeySpec = new SecretKeySpec(secretKey.getBytes(), ALGORITHM);
+        // 获取 AES 加密算法的实例
+        Cipher cipher = Cipher.getInstance(ALGORITHM);
+        // 使用秘密密钥初始化密码 cipher，设置为加密模式
+        cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);
+
+        // 获取源文件或文件夹路径
+        Path sourcePath = Paths.get(sourceFilePath);
+        // 获取目标加密文件或文件夹路径
+        Path destinationPath = Paths.get(destinationFilePath);
+
+        if (Files.isDirectory(sourcePath) && !Files.exists(destinationPath)) {
+            // 创建目标文件夹
+            Files.createDirectories(destinationPath);
+            // 遍历源文件夹
+            try (DirectoryStream<Path> directoryStream = Files.newDirectoryStream(sourcePath)) {
+                for (Path filePath : directoryStream) {
+                    // 加密后的文件名
+                    String encryptedFileName = filePath.getFileName().toString() + ".enc";
+                    // 加密后的文件路径
+                    String encryptedFilePath = destinationPath.resolve(encryptedFileName).toString();
+                    // 递归调用加密方法，处理子文件或子文件夹
+                    encryptFile(secretKey,filePath.toString(), encryptedFilePath);
+                }
+            }
+        } else if (Files.isRegularFile(sourcePath)) {
+            // 创建输入流，读取源文件
+            try (InputStream inputStream = Files.newInputStream(sourcePath);
+                 // 创建输出流，写入加密文件
+                 OutputStream outputStream = Files.newOutputStream(destinationPath);
+                 // 创建密码输出流，连接到输出流，并使用密码 cipher 进行加密
+                 CipherOutputStream cipherOutputStream = new CipherOutputStream(outputStream, cipher)) {
+                // 缓冲区大小
+                byte[] buffer = new byte[4096];
+                int bytesRead;
+                // 读取源文件内容到缓冲区
+                while ((bytesRead = inputStream.read(buffer)) != -1) {
+                    // 将加密后的数据写入加密文件
+                    cipherOutputStream.write(buffer, 0, bytesRead);
+                }
+            }
+        }
+    }
+
+    /**
+     *
+     * @param secretKey 文件夹解密密钥
+     * @param sourceFilePath 需要解密的文件夹
+     * @param destinationFilePath 解密后的文件夹地址
+     */
+    public static void decryptFile(String secretKey,String sourceFilePath, String destinationFilePath) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IOException {
+        SecretKey secretKeySpec = new SecretKeySpec(secretKey.getBytes(), ALGORITHM); // 使用密钥字符串生成秘密密钥
+        Cipher cipher = Cipher.getInstance(ALGORITHM); // 获取 AES 加密算法的实例
+        cipher.init(Cipher.DECRYPT_MODE, secretKeySpec); // 使用秘密密钥初始化密码 cipher，设置为解密模式
+
+        Path sourcePath = Paths.get(sourceFilePath); // 获取源加密文件或文件夹路径
+        Path destinationPath = Paths.get(destinationFilePath); // 获取目标解密文件或文件夹路径
+
+        if (Files.isDirectory(sourcePath) && !Files.exists(destinationPath)) {
+            Files.createDirectories(destinationPath); // 创建目标文件夹
+            try (DirectoryStream<Path> directoryStream = Files.newDirectoryStream(sourcePath)) { // 遍历源文件夹
+                for (Path filePath : directoryStream) {
+                    String decryptedFileName = removeExtension(filePath.getFileName().toString()); // 去除文件名的扩展名
+                    String decryptedFilePath = destinationPath.resolve(decryptedFileName).toString(); // 解密后的文件路径
+                    decryptFile(secretKey,filePath.toString(), decryptedFilePath); // 递归调用解密方法，处理子文件或子文件夹
+                }
+            }
+        } else if (Files.isRegularFile(sourcePath)) {
+            try (InputStream inputStream = Files.newInputStream(sourcePath); // 创建输入流，读取加密文件
+                 OutputStream outputStream = Files.newOutputStream(destinationPath); // 创建输出流，写入解密文件
+                 CipherInputStream cipherInputStream = new CipherInputStream(inputStream, cipher)) { // 创建密码输入流，连接到输入流，并使用密码 cipher 进行解密
+                byte[] buffer = new byte[4096]; // 缓冲区大小
+                int bytesRead;
+                while ((bytesRead = cipherInputStream.read(buffer)) != -1) { // 读取加密文件内容到缓冲区
+                    outputStream.write(buffer, 0, bytesRead); // 将解密后的数据写入解密文件
+                }
+            }
+        }
+    }
+
+}
--- a/tp-common/src/main/java/com/inscloudtech/common/utils/file/FileUploadUtils.java
+++ b/tp-common/src/main/java/com/inscloudtech/common/utils/file/FileUploadUtils.java
@ -7,9 +7,11 @@ import com.inscloudtech.common.exception.file.FileNameLengthLimitExceededExcepti
 import com.inscloudtech.common.exception.file.FileSizeLimitExceededException;
 import com.inscloudtech.common.exception.file.InvalidExtensionException;
 import com.inscloudtech.common.utils.DateUtils;
+import com.inscloudtech.common.utils.DocumentEncryptionUtil;
 import com.inscloudtech.common.utils.StringUtils;
 import com.inscloudtech.common.utils.uuid.Seq;
 import lombok.Getter;
+import lombok.SneakyThrows;
 import org.apache.commons.io.FilenameUtils;
 import org.springframework.web.multipart.MultipartFile;

@ -122,6 +124,19 @@ public class FileUploadUtils {
        return getPathFileName(baseDir, fileName);
    }

+    @SneakyThrows
+    public static String uploadEncryptFile(String baseDir, MultipartFile file){
+        int fileNamelength = Objects.requireNonNull(file.getName()).length();
+        if (fileNamelength > FileUploadUtils.DEFAULT_FILE_NAME_LENGTH) {
+            throw new FileNameLengthLimitExceededException(FileUploadUtils.DEFAULT_FILE_NAME_LENGTH);
+        }
+
+        String fileName = extractFilename(file);
+        String absPath = getAbsoluteFile(baseDir, fileName).getAbsolutePath();
+        DocumentEncryptionUtil.encryptUploadFile(file,Paths.get(absPath));
+        return getPathFileName(baseDir, fileName);
+    }
+
    /**
     * 以默认BucketName配置上传到Minio服务器
     *
@ -276,8 +291,7 @@ public class FileUploadUtils {
     * @param file 上传的文件
     * @throws FileSizeLimitExceededException 如果超出最大大小
     */
-    public static boolean checkTxtFileValid(MultipartFile file)
-        throws FileSizeLimitExceededException, InvalidExtensionException {
+    public static boolean checkTxtFileValid(MultipartFile file){
        long size = file.getSize();
        if (size > DEFAULT_TEXT_MAX_SIZE) {
            throw new FileSizeLimitExceededException(DEFAULT_TEXT_MAX_SIZE / 1024 / 1024);
--- a/tp-common/src/main/java/com/inscloudtech/common/utils/file/FileUtils.java
+++ b/tp-common/src/main/java/com/inscloudtech/common/utils/file/FileUtils.java
@ -117,5 +117,33 @@ public class FileUtils extends FileUtil {
            IOUtils.close(fis);
        }
    }
+
+    /**
+     * 输出指定文件的byte数组
+     *
+     * @param filePath 文件路径
+     * @param os       输出流
+     * @return
+     */
+    public static void writeBytesWithDecrypt(String filePath, OutputStream os) throws IOException {
+        FileInputStream fis = null;
+        try {
+            File file = new File(filePath);
+            if (!file.exists()) {
+                throw new FileNotFoundException(filePath);
+            }
+            fis = new FileInputStream(file);
+            byte[] b = new byte[1024];
+            int length;
+            while ((length = fis.read(b)) > 0) {
+                os.write(b, 0, length);
+            }
+        } catch (IOException e) {
+            throw e;
+        } finally {
+            IOUtils.close(os);
+            IOUtils.close(fis);
+        }
+    }
 }

--- a/tp-functional/src/main/java/com/inscloudtech/functional/controller/IpFilterController.java
+++ b/tp-functional/src/main/java/com/inscloudtech/functional/controller/IpFilterController.java
@ -107,6 +107,8 @@ public class IpFilterController extends BaseController {
    @DeleteMapping("/{ids}")
    public R<Void> remove(@NotEmpty(message = "主键不能为空")
                          @PathVariable Long[] ids) {
-        return toAjax(iIpFilterService.removeByIds(Arrays.asList(ids), true));
+        iIpFilterService.removeByIds(Arrays.asList(ids), true);
+        iIpFilterService.updateBlackIpList();
+        return R.ok();
    }
 }
--- a/tp-system/src/main/java/com/inscloudtech/system/service/ISysOssService.java
+++ b/tp-system/src/main/java/com/inscloudtech/system/service/ISysOssService.java
@ -25,7 +25,7 @@ public interface ISysOssService {

    SysOssVo getById(Long ossId);

-    SysOssVo upload(MultipartFile file);
+    SysOssVo upload(MultipartFile file,boolean isEncrypt);

    SysOssVo upload(File file);

@ -35,5 +35,4 @@ public interface ISysOssService {


    Boolean deleteWithValidByIds(Collection<Long> ids, Boolean isValid);
-
 }
--- a/tp-system/src/main/java/com/inscloudtech/system/service/impl/SysOssServiceImpl.java
+++ b/tp-system/src/main/java/com/inscloudtech/system/service/impl/SysOssServiceImpl.java
@ -1,5 +1,6 @@
 package com.inscloudtech.system.service.impl;

+import cn.dev33.satoken.stp.StpUtil;
 import cn.hutool.core.bean.BeanUtil;
 import cn.hutool.core.convert.Convert;
 import cn.hutool.core.io.IoUtil;
@ -16,6 +17,7 @@ import com.inscloudtech.common.core.page.TableDataInfo;
 import com.inscloudtech.common.core.service.OssService;
 import com.inscloudtech.common.exception.ServiceException;
 import com.inscloudtech.common.helper.LoginHelper;
+import com.inscloudtech.common.utils.DocumentEncryptionUtil;
 import com.inscloudtech.common.utils.DownLoadUtils;
 import com.inscloudtech.common.utils.ServletUtils;
 import com.inscloudtech.common.utils.StringUtils;
@ -125,7 +127,7 @@ public class SysOssServiceImpl implements ISysOssService, OssService {
        if (ObjectUtil.isNull(sysOss)) {
            throw new ServiceException("文件数据不存在!");
        }
-        this.downloadLocal(sysOss.getFileName(),sysOss.getOriginalName(),response);
+        this.downloadLocal(sysOss.getFileName(),sysOss.getOriginalName(),response,false);
       /* FileUtils.setAttachmentResponseHeader(response, sysOss.getOriginalName());
        response.setContentType(MediaType.APPLICATION_OCTET_STREAM_VALUE + "; charset=UTF-8");
        OssClient storage = OssFactory.instance(sysOss.getService());
@ -141,29 +143,35 @@ public class SysOssServiceImpl implements ISysOssService, OssService {
    @Override
    public void downloadWithCreateBy(Long ossId, String CreateBy, HttpServletResponse response) throws IOException {
        SysOssVo sysOss = baseMapper.selectVoOne(new LambdaQueryWrapper<SysOss>()
-            .eq(SysOss::getOssId, ossId).eq(SysOss::getCreateBy, CreateBy));
+            .eq(SysOss::getOssId, ossId).eq(StpUtil.hasRole("admin") == false,SysOss::getCreateBy, CreateBy));
        if (ObjectUtil.isNull(sysOss)) {
            throw new ServiceException("文件数据不存在!");
        }
-        this.downloadLocal(sysOss.getFileName(),sysOss.getOriginalName(),response);
+
+        this.downloadLocal(sysOss.getFileName(),sysOss.getOriginalName(),response,true);
    }

    @SneakyThrows
-    public void downloadLocal(String fileName, String originalName, HttpServletResponse response){
+    public void downloadLocal(String fileName, String originalName, HttpServletResponse response,boolean isDecrypt){
        if (!FileUtils.checkAllowDownload(fileName)) {
            throw new RuntimeException(StrUtil.format("文件名称({})非法，不允许下载。 ", fileName));
        }
        String filePath = ProjectConfig.getUploadPath() + fileName;
        response.setContentType(MediaType.APPLICATION_OCTET_STREAM_VALUE);
        FileUtils.setAttachmentResponseHeader(response, originalName);
-        FileUtils.writeBytes(filePath, response.getOutputStream());
+        if(isDecrypt){
+            DocumentEncryptionUtil.decryptFile4Download(filePath,response.getOutputStream());
+        }else {
+            FileUtils.writeBytes(filePath, response.getOutputStream());
+        }
+
    }

    @Override
-    public SysOssVo upload(MultipartFile file) {
+    public SysOssVo upload(MultipartFile file,boolean isEncrypt) {
        String originalfileName = file.getOriginalFilename();
        String suffix = StringUtils.substring(originalfileName, originalfileName.lastIndexOf("."), originalfileName.length());
-        UploadResult uploadResult = upload2Local(file);
+        UploadResult uploadResult = upload2Local(file,isEncrypt);
 //        try {
 //            uploadResult = storage.uploadSuffix(file.getBytes(), suffix, file.getContentType());
 //        } catch (IOException e) {
@ -174,13 +182,18 @@ public class SysOssServiceImpl implements ISysOssService, OssService {
    }


-    public UploadResult upload2Local(MultipartFile file) {
+    public UploadResult upload2Local(MultipartFile file,boolean isEncrypt) {
        // 上传文件路径
        String filePath = DownLoadUtils.getUploadPath();
        // 上传并返回新文件名称
        String fileName = null;
        try {
-            fileName = FileUploadUtils.upload(filePath, file);
+            if(isEncrypt){
+                fileName = FileUploadUtils.uploadEncryptFile(filePath, file);
+            }else {
+                fileName = FileUploadUtils.upload(filePath, file);
+            }
+
        } catch (IOException e) {
            e.printStackTrace();
            throw new ServiceException(e.getMessage());
--- a/tp-system/src/main/java/com/inscloudtech/system/service/impl/ToolManageServiceImpl.java
+++ b/tp-system/src/main/java/com/inscloudtech/system/service/impl/ToolManageServiceImpl.java
@ -147,7 +147,7 @@ public class ToolManageServiceImpl implements IToolManageService {

        try {
            if(file != null && FileUploadUtils.checkFileValid(file)){
-                SysOssVo toolVo = iSysOssService.upload(file);
+                SysOssVo toolVo = iSysOssService.upload(file,false);
                toolManage.setToolOssId(toolVo.getOssId());
                toolManage.setToolPath(toolVo.getOriginalName());
            }else if(null != toolManageId && toolManageId != 0L && StrUtil.isEmpty(toolPath)){
@ -156,7 +156,7 @@ public class ToolManageServiceImpl implements IToolManageService {
            }

            if(tipsFile != null && FileUploadUtils.checkFileValid(tipsFile)){
-                SysOssVo tipsVo = iSysOssService.upload(tipsFile);
+                SysOssVo tipsVo = iSysOssService.upload(tipsFile,false);
                toolManage.setTipsOssId(tipsVo.getOssId());
                toolManage.setTipsPath(tipsVo.getOriginalName());
            }else if(null != toolManageId && toolManageId != 0L && StrUtil.isEmpty(tipsPath) ){