AI专业者开发社区 1 号成员
  •  0 回帖  •  5 浏览  •  5 个月前
 

Jar混淆加密Proguard(spring boot 版)

一般的.class 文件可以通过 jd-gui 工具直接看到源码!

所以,再生产级别的 java 开发中,务必要是用 jar 包加密。

加密方式有三种:

1.proguard 混淆

(1)在 pom 文件中,引入 proguard 插件

<!-- 加载 proguard 的混淆插件,通过 mvn package 打包即可 -->
<build>
<plugins>
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
</execution>
</executions>
<configuration>
<proguardVersion>5.3.3</proguardVersion>
<injar>${project.build.finalName}.jar</injar>
<outjar>${project.build.finalName}.jar</outjar>
<obfuscate>true</obfuscate>
<proguardInclude>${project.basedir}/proguard.cfg</proguardInclude>
<libs>
<!-- Include main JAVA library required.-->
<lib>${java.home}/lib/rt.jar</lib>
<!-- Include crypto JAVA library if necessary.-->
<lib>${java.home}/lib/jce.jar</lib>
</libs>
</configuration>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.3.3</version>
</dependency>
</dependencies>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
<configuration>
<mainClass>com.xxl.job.admin.XxlJobAdminApplication</mainClass>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>

 

(2)配置 proguard.cfg 文件(proguard.cfg 文件必须和 pom.xml 文件同一目录)

-target 1.8 ## 指定 java 版本号
-dontshrink ## 默认是开启的,这里关闭 shrink,即不删除没有使用的类 / 成员
-dontoptimize ## 默认是开启的,这里关闭字节码级别的优化
-useuniqueclassmembernames ## 对于类成员的命名的混淆采取唯一策略
-adaptclassstrings ## 混淆类名之后,对使用 Class.forName('className') 之类的地方进行相应替代
-dontusemixedcaseclassnames ## 混淆时不生成大小写混合的类名,默认是可以大小写混合
## 对异常、注解信息在 runtime 予以保留,不然影响 springboot 启动
-keepattributes Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LineNumberTable,*Annotation*,EnclosingMethod
## 保留 main 方法的类及其方法名
-keepclasseswithmembers public class * {public static void main(java.lang.String[]);}
-keepclassmembers enum * {*;}  ## 保留枚举成员及方法

保持对外的接口性质类对外的类名与方法名不变


#-keep class com.example.common.sort.exact.bean.**
-keep class com.xxl.job.admin.controller.**
-keep class com.xxl.job.admin.controller.** { ; }
#保持 dao 层类名不变
-keep class com.xxl.job.admin.dao.*
-keep class com.xxl.job.admin.dao.** {*;}


-keep class  com.xxl.job.admin.core.model.**
-keep class  com.xxl.job.admin.core.model.** {*;} ## 这里需要改成解析到哪个  javabean

##---------------Begin: proguard configuration for Gson ---------- # Gson uses generic type information stored in a class file when working with fields. Proguard # removes such information by default, so configure it to keep all of it. -keepattributes Signature # Gson specific classes -keep class sun.misc.Unsafe {*;} #-keep class com.google.gson.stream.** {*;} # Application classes that will be serialized/deserialized over Gson #-keep class com.google.gson.examples.android.model.** {*;} ## 这里需要改成解析到哪个 javabean -keep class com.google.**{*;} -keepclassmembers class * implements java.io.Serializable {static final long serialVersionUID; private static final java.io.ObjectStreamField[] serialPersistentFields; private void writeObject(java.io.ObjectOutputStream); private void readObject(java.io.ObjectInputStream); java.lang.Object writeReplace(); java.lang.Object readResolve(); } ##---------------End: proguard configuration for Gson ----------

 

 

(3)启动类配置(防止 spring 初始化,bean 重复问题)

package com.xxl.job.admin;

import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionRegistry;
import org.springframework.beans.factory.support.BeanNameGenerator;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;


/**


    

  • 

    @author xuxueli 2018-10-28 00:38:13
    */
    @SpringBootApplication
    public class XxlJobAdminApplication {
    

    /**
    

      

    • 使用类路径命名空间,使得 proguard 混淆后,spring 能区分实例
      */
      public static class CustomGenerator implements BeanNameGenerator {
      @Override
      public String generateBeanName(BeanDefinition definition, BeanDefinitionRegistry registry) {
      return definition.getBeanClassName();
      }
      }
      • 

    

    public static void main(String[] args) {
    new SpringApplicationBuilder(XxlJobAdminApplication.class)
    .beanNameGenerator(    new CustomGenerator())
    .run(args);
    }
    

    /*public static void main(String[] args) {
    

     SpringApplication.run(XxlJobAdminApplication.class, args);

    

    }*/
    

    • 



}

 

(4)最后用 mvn package   打包即可

 

 

 

 

2.Classloader 加载期加密

.....

3.jvmti 加密

......