Java对字符串加密并返回星号※
2019-04-28 08:22:29来源:博客园 阅读 ()
If you don't look back, you'll never know I waiting for you behind you.
Java对字符串加密并返回星号※
PasswordUtils这个加密工具类是在Ranger项目的源码中发现的,它是一个安全管理框架,普通的加密需求应该用它的加密工具类就OK了;
首先,用户输入密码,前端先用type为password把密码显示为※,但是这时通过F12查看,浏览器仍然可以看到密码信息,但是这是用户自己输入的,第一把看见也ok;一旦请求提交立刻返回经加密后的密码,此处并非返回加密后的密码,而是直接返回一个※密码如“******”,并把转换加密后的密码存入数据库,之后每次请求也都返回“******”;然后在后台需要用到密码的地方就自己解密咯。
加密工具类PasswordUtils:
1 package org.apache.ranger.plugin.util;
2
3 import java.io.IOException;
4 import java.util.Map;
5
6 import javax.crypto.Cipher;
7 import javax.crypto.SecretKey;
8 import javax.crypto.SecretKeyFactory;
9 import javax.crypto.spec.PBEKeySpec;
10 import javax.crypto.spec.PBEParameterSpec;
11
12 import org.apache.commons.lang.StringUtils;
13 import org.slf4j.Logger;
14 import org.slf4j.LoggerFactory;
15
16 import com.sun.jersey.core.util.Base64;
17 public class PasswordUtils {
18
19 private static final Logger LOG = LoggerFactory.getLogger(PasswordUtils.class);
20
21 private final String CRYPT_ALGO;
22 private String password;
23 private final char[] ENCRYPT_KEY;
24 private final byte[] SALT;
25 private final int ITERATION_COUNT;
26 private final char[] encryptKey;
27 private final byte[] salt;
28 private static final String LEN_SEPARATOR_STR = ":";
29
30 public static final String DEFAULT_CRYPT_ALGO = "PBEWithMD5AndDES";
31 public static final String DEFAULT_ENCRYPT_KEY = "tzL1AKl5uc4NKYaoQ4P3WLGIBFPXWPWdu1fRm9004jtQiV";
32 public static final String DEFAULT_SALT = "f77aLYLo";
33 public static final int DEFAULT_ITERATION_COUNT = 17;
34
35 public static String encryptPassword(String aPassword) throws IOException {
36 return new PasswordUtils(aPassword).encrypt();
37 }
38
39 private String encrypt() throws IOException {
40 String ret = null;
41 String strToEncrypt = null;
42 if (password == null) {
43 strToEncrypt = "";
44 } else {
45 strToEncrypt = password.length() + LEN_SEPARATOR_STR + password;
46 }
47 try {
48 Cipher engine = Cipher.getInstance(CRYPT_ALGO);
49 PBEKeySpec keySpec = new PBEKeySpec(encryptKey);
50 SecretKeyFactory skf = SecretKeyFactory.getInstance(CRYPT_ALGO);
51 SecretKey key = skf.generateSecret(keySpec);
52 engine.init(Cipher.ENCRYPT_MODE, key, new PBEParameterSpec(salt, ITERATION_COUNT));
53 byte[] encryptedStr = engine.doFinal(strToEncrypt.getBytes());
54 ret = new String(Base64.encode(encryptedStr));
55 }
56 catch(Throwable t) {
57 LOG.error("Unable to encrypt password due to error", t);
58 throw new IOException("Unable to encrypt password due to error", t);
59 }
60 return ret;
61 }
62
63 PasswordUtils(String aPassword) {
64 String[] crypt_algo_array = null;
65 int count = 0;
66 if (aPassword != null && aPassword.contains(",")) {
67 count = StringUtils.countMatches(aPassword, ",");
68 crypt_algo_array = aPassword.split(",");
69 }
70 if (crypt_algo_array != null && crypt_algo_array.length > 4) {
71 CRYPT_ALGO = crypt_algo_array[0];
72 ENCRYPT_KEY = crypt_algo_array[1].toCharArray();
73 SALT = crypt_algo_array[2].getBytes();
74 ITERATION_COUNT = Integer.parseInt(crypt_algo_array[3]);
75 password = crypt_algo_array[4];
76 if (count > 4) {
77 for (int i = 5 ; i<=count ; i++){
78 password = password + "," + crypt_algo_array[i];
79 }
80 }
81 } else {
82 CRYPT_ALGO = DEFAULT_CRYPT_ALGO;
83 ENCRYPT_KEY = DEFAULT_ENCRYPT_KEY.toCharArray();
84 SALT = DEFAULT_SALT.getBytes();
85 ITERATION_COUNT = DEFAULT_ITERATION_COUNT;
86 password = aPassword;
87 }
88 Map<String, String> env = System.getenv();
89 String encryptKeyStr = env.get("ENCRYPT_KEY");
90 if (encryptKeyStr == null) {
91 encryptKey=ENCRYPT_KEY;
92 }else{
93 encryptKey=encryptKeyStr.toCharArray();
94 }
95 String saltStr = env.get("ENCRYPT_SALT");
96 if (saltStr == null) {
97 salt = SALT;
98 }else{
99 salt=saltStr.getBytes();
100 }
101 }
102
103 public static String decryptPassword(String aPassword) throws IOException {
104 return new PasswordUtils(aPassword).decrypt();
105 }
106
107 private String decrypt() throws IOException {
108 String ret = null;
109 try {
110 byte[] decodedPassword = Base64.decode(password);
111 Cipher engine = Cipher.getInstance(CRYPT_ALGO);
112 PBEKeySpec keySpec = new PBEKeySpec(encryptKey);
113 SecretKeyFactory skf = SecretKeyFactory.getInstance(CRYPT_ALGO);
114 SecretKey key = skf.generateSecret(keySpec);
115 engine.init(Cipher.DECRYPT_MODE, key,new PBEParameterSpec(salt, ITERATION_COUNT));
116 String decrypted = new String(engine.doFinal(decodedPassword));
117 int foundAt = decrypted.indexOf(LEN_SEPARATOR_STR);
118 if (foundAt > -1) {
119 if (decrypted.length() > foundAt) {
120 ret = decrypted.substring(foundAt+1);
121 }
122 else {
123 ret = "";
124 }
125 }
126 else {
127 ret = null;
128 }
129 }
130 catch(Throwable t) {
131 LOG.error("Unable to decrypt password due to error", t);
132 throw new IOException("Unable to decrypt password due to error", t);
133 }
134 return ret;
135 }
136
137 public static String getDecryptPassword(String password) {
138 String decryptedPwd = null;
139 try {
140 decryptedPwd = decryptPassword(password);
141 } catch (Exception ex) {
142 LOG.warn("Password decryption failed, trying original password string.");
143 decryptedPwd = null;
144 } finally {
145 if (decryptedPwd == null) {
146 decryptedPwd = password;
147 }
148 }
149 return decryptedPwd;
150 }
151 }
测试加密/解密执行结果:
1 package com.xinyan.springcloud.tjt;
2
3 public class TestDecryptEncrypt {
4
5 public static void main(String[] args) throws Exception {
6 String password = "taojietaoge";
7 //加密:
8 String encryptPassword = PasswordUtils.encryptPassword(password);
9 System.out.println("加密后:"+ encryptPassword);
10 //解密:
11 String decryptPassword = PasswordUtils.decryptPassword(encryptPassword);
12 System.out.println("解密后:"+ decryptPassword);
13 }
14
15 }
执行结果如下:
原文链接:https://www.cnblogs.com/taojietaoge/p/10773455.html
如有疑问请与原作者联系
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
- 国外程序员整理的Java资源大全(全部是干货) 2020-06-12
- 2020年深圳中国平安各部门Java中级面试真题合集(附答案) 2020-06-11
- 2020年java就业前景 2020-06-11
- 04.Java基础语法 2020-06-11
- DES/3DES/AES 三种对称加密算法实现 2020-06-11
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash