securityutil.java

来自「cwbbs 云网论坛源码」· Java 代码 · 共 288 行

JAVA
288
字号
package cn.js.fan.security;import java.security.*;import java.sql.*;import javax.crypto.*;import javax.servlet.http.HttpSession;import javax.servlet.http.HttpServletRequest;import java.security.interfaces.RSAPublicKey;import java.io.InputStream;import java.io.FileInputStream;import java.security.cert.CertificateFactory;import java.security.cert.X509Certificate;import java.io.FileNotFoundException;import java.io.IOException;import cn.js.fan.db.SQLFilter;public class SecurityUtil {    String defaulturl = "../index.jsp";    static boolean debug = false;    private static String Algorithm = "DES";     public SecurityUtil() {        Security.addProvider(new com.sun.crypto.provider.SunJCE());    }        public static String byte2hex(byte[] b) {        String hs = "";        String stmp = "";        for (int n = 0; n < b.length; n++) {            stmp = (java.lang.Integer.toHexString(b[n] & 0XFF));            if (stmp.length() == 1)                hs = hs + "0" + stmp;            else hs = hs + stmp;                    }        return hs.toLowerCase();    }    public static String MD5(String input) throws Exception {        java.security.MessageDigest alg = java.security.MessageDigest.                                          getInstance("MD5");         alg.update(input.getBytes());        byte[] digest = alg.digest();        return byte2hex(digest);    }    public static String MD5(byte[] input) throws Exception {        java.security.MessageDigest alg = java.security.MessageDigest.                                          getInstance("MD5");         alg.update(input);        byte[] digest = alg.digest();        return byte2hex(digest);    }    public static byte[] MD5Raw(String input) throws Exception {        java.security.MessageDigest alg = java.security.MessageDigest.                                          getInstance("MD5");         alg.update(input.getBytes());        return alg.digest();    }    public void setdefaulturl(String myurl) {        this.defaulturl = myurl;    }    public String getdefaulturl() {        return (this.defaulturl);    }    public boolean isRequestValid(HttpServletRequest request) throws            SQLException {        if (request.getRequestURL().indexOf(request.getServerName()) == -1)            return false;        else            return true;    }        public static byte[] getKey() throws Exception {        KeyGenerator keygen = KeyGenerator.getInstance(Algorithm);        SecretKey deskey = keygen.generateKey();        if (debug)            System.out.println("生成密钥:" + byte2hex(deskey.getEncoded()));        return deskey.getEncoded();    }        public static byte[] encode(byte[] input, byte[] key) throws Exception {        SecretKey deskey = new javax.crypto.spec.SecretKeySpec(key, Algorithm);        if (debug) {            System.out.println("加密前的二进串:" + byte2hex(input));            System.out.println("加密前的字符串:" + new String(input));        }        Cipher c1 = Cipher.getInstance(Algorithm);        c1.init(Cipher.ENCRYPT_MODE, deskey);        byte[] cipherByte = c1.doFinal(input);        if (debug) {            System.out.println("加密后的二进串:" + byte2hex(cipherByte));            System.out.println("加密后的字符串:" + new String(cipherByte));        }        return cipherByte;    }    public static String encode2hex(byte[] input, byte[] key) throws Exception {        SecretKey deskey = new javax.crypto.spec.SecretKeySpec(key, Algorithm);        if (debug) {            System.out.println("加密前的二进串:" + byte2hex(input));            System.out.println("加密前的字符串:" + new String(input));        }        Cipher c1 = Cipher.getInstance(Algorithm);        c1.init(Cipher.ENCRYPT_MODE, deskey);        byte[] cipherByte = c1.doFinal(input);        if (debug) {            System.out.println("加密后的二进串:" + byte2hex(cipherByte));            System.out.println("加密后的字符串:" + new String(cipherByte));        }        return byte2hex(cipherByte);    }        public static byte[] decode(byte[] input, byte[] key) throws Exception {        SecretKey deskey = new javax.crypto.spec.SecretKeySpec(key, Algorithm);        if (debug)            System.out.println("解密前的信息:" + byte2hex(input));        Cipher c1 = Cipher.getInstance(Algorithm);        c1.init(Cipher.DECRYPT_MODE, deskey);        byte[] clearByte = c1.doFinal(input);        if (debug) {            System.out.println("解密后的二进串:" + byte2hex(clearByte));            System.out.println("解密后的字符串:" + (new String(clearByte)));        }        return clearByte;    }    public static byte hex2byte(char hex) {        int k = 0;        if (hex >= '0' && hex <= '9')            k = hex - '0';        else if (hex >= 'A' && hex <= 'F')            k = 10 + hex - 'A';        else if (hex >= 'a' && hex <= 'f')            k = 10 + hex - 'a';        else {            System.out.println("Wrong hex digit!");        }        return (byte) (k & 0xFF);    }        public static byte hex2byte(char a1, char a2) {        int k;        if (a1 >= '0' && a1 <= '9')            k = (int) (a1 - '0');        else if (a1 >= 'a' && a1 <= 'f')            k = (int) (a1 - 'a' + 10);        else if (a1 >= 'A' && a1 <= 'F')            k = (int) (a1 - 'A' + 10);        else            k = 0;        k <<= 4;        if (a2 >= '0' && a2 <= '9')            k += (int) (a2 - '0');        else if (a2 >= 'a' && a2 <= 'f')            k += (int) (a2 - 'a' + 10);        else if (a2 >= 'A' && a2 <= 'F')            k += (int) (a2 - 'A' + 10);        else            k += 0;        return (byte) (k & 0xFF);    }    public static byte[] hexstr2byte(String str) {        int len = str.length();        if (len % 2 != 0) {            System.out.println("十六进制字符串的长度为" + len + ",不为2的倍数!");            return null;         }        byte[] r = new byte[len / 2];        int k = 0;        for (int i = 0; i < str.length() - 1; i += 2) {            r[k] = hex2byte(str.charAt(i), str.charAt(i + 1));            k++;        }        return r;    }    public static byte[] decodehexstr(String hexstr, byte[] key) throws            Exception {        byte[] input = hexstr2byte(hexstr);        if (input == null)            return null;        SecretKey deskey = new javax.crypto.spec.SecretKeySpec(key, Algorithm);        if (debug)            System.out.println("解密前的信息:" + hexstr);        Cipher c1 = Cipher.getInstance(Algorithm);        c1.init(Cipher.DECRYPT_MODE, deskey);        byte[] clearByte = c1.doFinal(input);        if (debug) {            System.out.println("解密后的二进串:" + byte2hex(clearByte));            System.out.println("解密后的字符串:" + (new String(clearByte)));        }        return clearByte;    }    public boolean verifysignature(String filename, byte[] oridata,                                   byte[] signatureData) {        X509Certificate cert = null;        try {            InputStream inStream = new FileInputStream(filename);            try {                CertificateFactory cf = CertificateFactory.getInstance("X.509");                cert = (X509Certificate) cf.generateCertificate(inStream);            } catch (java.security.cert.CertificateException e) {                System.out.println("generateCertificate error:" + e.getMessage());                return false;            }            inStream.close();        } catch (FileNotFoundException e) {            System.out.println("read " + filename + " error:" + e.getMessage());            return false;        } catch (IOException e) {            System.out.println("close " + filename + " error:" + e.getMessage());            return false;        }        RSAPublicKey publicKey = (RSAPublicKey) cert.getPublicKey();        Signature signer = null;        try {            signer = Signature.getInstance("MD5withRSA");            signer.initVerify(publicKey);        } catch (NoSuchAlgorithmException noAlgorithm) {            System.out.println(noAlgorithm);            return false;        } catch (InvalidKeyException badKey) {            System.out.println(badKey);            return false;        }        try {            signer.update(oridata);        } catch (SignatureException signError) {            System.out.println(signError);            return false;        }        boolean signatureVerified = false;        try {            signatureVerified = signer.verify(signatureData);        } catch (SignatureException signError) {            System.out.println(signError);            return false;        }        return signatureVerified;    }    public static boolean isValidSqlParam(String param) {                return SQLFilter.isValidSqlParam(param);    }    public static boolean isValidSql(String sql) {        return SQLFilter.isValidSql(sql);    }        public static boolean sql_inj(String str) {        return SQLFilter.sql_inj(str);    }    public static String SHA_BASE64_24(String input) throws Exception {    java.security.MessageDigest alg = java.security.MessageDigest.getInstance(        "SHA");    alg.update(input.getBytes());    byte[] digest = alg.digest();    return (new sun.misc.BASE64Encoder()).encode(digest).substring(0,24);  }}

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?