From 8dc69d4870ba7358d1e7d2afa1c4c1e4a57644d4 Mon Sep 17 00:00:00 2001
From: zhangwenzan <zhangwenzan@fxyuns.com>
Date: Wed, 17 Sep 2025 15:52:27 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E5=8A=A0=E5=AF=86=E4=BF=AE=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../core/security/EncryptionService.java      |  5 +++-
 .../converter/SensitiveDataConverter.java     | 29 ++++++++++---------
 2 files changed, 20 insertions(+), 14 deletions(-)

diff --git a/core/src/main/java/com/kakarote/core/security/EncryptionService.java b/core/src/main/java/com/kakarote/core/security/EncryptionService.java
index aaa6bff..b5a795e 100644
--- a/core/src/main/java/com/kakarote/core/security/EncryptionService.java
+++ b/core/src/main/java/com/kakarote/core/security/EncryptionService.java
@@ -5,6 +5,7 @@ import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 
+import javax.crypto.AEADBadTagException;
 import javax.crypto.Cipher;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
@@ -123,7 +124,9 @@ public class EncryptionService {
             // 执行解密
             byte[] plaintext = cipher.doFinal(decoded);
             return new String(plaintext, StandardCharsets.UTF_8);
-        } catch (Exception e) {
+        } catch (AEADBadTagException e) {
+            return decryptAes(ciphertext);
+        }catch (Exception e) {
             log.error("确定性AES解密失败", e);
             throw new SecurityException("数据解密失败", e);
         }
diff --git a/core/src/main/java/com/kakarote/core/security/converter/SensitiveDataConverter.java b/core/src/main/java/com/kakarote/core/security/converter/SensitiveDataConverter.java
index 61b7b56..c8f8be3 100644
--- a/core/src/main/java/com/kakarote/core/security/converter/SensitiveDataConverter.java
+++ b/core/src/main/java/com/kakarote/core/security/converter/SensitiveDataConverter.java
@@ -33,6 +33,16 @@ public class SensitiveDataConverter extends AbstractJsonTypeHandler<String> impl
         this.encryptionService = encryptionService;
     }
 
+    public String getNullableResult(ResultSet resultSet, String s) throws SQLException {
+        String value = resultSet.getString(s);
+        if (value != null && value.startsWith(Const.ENCRYPTED_PREFIX)) {
+            // 修复：使用deterministicDecryptAes方法解密由deterministicEncryptAes加密的数据
+            String encryptedValue = value.substring(Const.ENCRYPTED_PREFIX.length());
+            value = getEncryptionService().deterministicDecryptAes(encryptedValue);
+        }
+        return value;
+    }
+
     @Override
     public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
         SensitiveDataConverter.applicationContext = applicationContext;
@@ -54,22 +64,14 @@ public class SensitiveDataConverter extends AbstractJsonTypeHandler<String> impl
         preparedStatement.setString(i, s);
     }
 
-    @Override
-    public String getNullableResult(ResultSet resultSet, String s) throws SQLException {
-        String value = resultSet.getString(s);
-        if (value != null && value.startsWith(Const.ENCRYPTED_PREFIX)) {
-            // 修复：移除前缀后再解密
-            value = getEncryptionService().decryptAes(value.substring(Const.ENCRYPTED_PREFIX.length()));
-        }
-        return value;
-    }
 
     @Override
     public String getNullableResult(ResultSet resultSet, int i) throws SQLException {
         String value = resultSet.getString(i);
         if (value != null && value.startsWith(Const.ENCRYPTED_PREFIX)) {
-            // 修复：移除前缀后再解密
-            value = getEncryptionService().decryptAes(value.substring(Const.ENCRYPTED_PREFIX.length()));
+            // 修复：使用deterministicDecryptAes方法解密由deterministicEncryptAes加密的数据
+            String encryptedValue = value.substring(Const.ENCRYPTED_PREFIX.length());
+            value = getEncryptionService().deterministicDecryptAes(encryptedValue);
         }
         return value;
     }
@@ -78,8 +80,9 @@ public class SensitiveDataConverter extends AbstractJsonTypeHandler<String> impl
     public String getNullableResult(CallableStatement callableStatement, int i) throws SQLException {
         String value = callableStatement.getString(i);
         if (value != null && value.startsWith(Const.ENCRYPTED_PREFIX)) {
-            // 修复：移除前缀后再解密
-            value = getEncryptionService().decryptAes(value.substring(Const.ENCRYPTED_PREFIX.length()));
+            // 修复：使用deterministicDecryptAes方法解密由deterministicEncryptAes加密的数据
+            String encryptedValue = value.substring(Const.ENCRYPTED_PREFIX.length());
+            value = getEncryptionService().deterministicDecryptAes(encryptedValue);
         }
         return value;
     }