securityutil.java
来自「cwbbs 云网论坛源码」· Java 代码 · 共 288 行
JAVA
288 行
package cn.js.fan.security;import java.security.*;import java.sql.*;import javax.crypto.*;import javax.servlet.http.HttpSession;import javax.servlet.http.HttpServletRequest;import java.security.interfaces.RSAPublicKey;import java.io.InputStream;import java.io.FileInputStream;import java.security.cert.CertificateFactory;import java.security.cert.X509Certificate;import java.io.FileNotFoundException;import java.io.IOException;import cn.js.fan.db.SQLFilter;public class SecurityUtil { String defaulturl = "../index.jsp"; static boolean debug = false; private static String Algorithm = "DES"; public SecurityUtil() { Security.addProvider(new com.sun.crypto.provider.SunJCE()); } public static String byte2hex(byte[] b) { String hs = ""; String stmp = ""; for (int n = 0; n < b.length; n++) { stmp = (java.lang.Integer.toHexString(b[n] & 0XFF)); if (stmp.length() == 1) hs = hs + "0" + stmp; else hs = hs + stmp; } return hs.toLowerCase(); } public static String MD5(String input) throws Exception { java.security.MessageDigest alg = java.security.MessageDigest. getInstance("MD5"); alg.update(input.getBytes()); byte[] digest = alg.digest(); return byte2hex(digest); } public static String MD5(byte[] input) throws Exception { java.security.MessageDigest alg = java.security.MessageDigest. getInstance("MD5"); alg.update(input); byte[] digest = alg.digest(); return byte2hex(digest); } public static byte[] MD5Raw(String input) throws Exception { java.security.MessageDigest alg = java.security.MessageDigest. getInstance("MD5"); alg.update(input.getBytes()); return alg.digest(); } public void setdefaulturl(String myurl) { this.defaulturl = myurl; } public String getdefaulturl() { return (this.defaulturl); } public boolean isRequestValid(HttpServletRequest request) throws SQLException { if (request.getRequestURL().indexOf(request.getServerName()) == -1) return false; else return true; } public static byte[] getKey() throws Exception { KeyGenerator keygen = KeyGenerator.getInstance(Algorithm); SecretKey deskey = keygen.generateKey(); if (debug) System.out.println("生成密钥:" + byte2hex(deskey.getEncoded())); return deskey.getEncoded(); } public static byte[] encode(byte[] input, byte[] key) throws Exception { SecretKey deskey = new javax.crypto.spec.SecretKeySpec(key, Algorithm); if (debug) { System.out.println("加密前的二进串:" + byte2hex(input)); System.out.println("加密前的字符串:" + new String(input)); } Cipher c1 = Cipher.getInstance(Algorithm); c1.init(Cipher.ENCRYPT_MODE, deskey); byte[] cipherByte = c1.doFinal(input); if (debug) { System.out.println("加密后的二进串:" + byte2hex(cipherByte)); System.out.println("加密后的字符串:" + new String(cipherByte)); } return cipherByte; } public static String encode2hex(byte[] input, byte[] key) throws Exception { SecretKey deskey = new javax.crypto.spec.SecretKeySpec(key, Algorithm); if (debug) { System.out.println("加密前的二进串:" + byte2hex(input)); System.out.println("加密前的字符串:" + new String(input)); } Cipher c1 = Cipher.getInstance(Algorithm); c1.init(Cipher.ENCRYPT_MODE, deskey); byte[] cipherByte = c1.doFinal(input); if (debug) { System.out.println("加密后的二进串:" + byte2hex(cipherByte)); System.out.println("加密后的字符串:" + new String(cipherByte)); } return byte2hex(cipherByte); } public static byte[] decode(byte[] input, byte[] key) throws Exception { SecretKey deskey = new javax.crypto.spec.SecretKeySpec(key, Algorithm); if (debug) System.out.println("解密前的信息:" + byte2hex(input)); Cipher c1 = Cipher.getInstance(Algorithm); c1.init(Cipher.DECRYPT_MODE, deskey); byte[] clearByte = c1.doFinal(input); if (debug) { System.out.println("解密后的二进串:" + byte2hex(clearByte)); System.out.println("解密后的字符串:" + (new String(clearByte))); } return clearByte; } public static byte hex2byte(char hex) { int k = 0; if (hex >= '0' && hex <= '9') k = hex - '0'; else if (hex >= 'A' && hex <= 'F') k = 10 + hex - 'A'; else if (hex >= 'a' && hex <= 'f') k = 10 + hex - 'a'; else { System.out.println("Wrong hex digit!"); } return (byte) (k & 0xFF); } public static byte hex2byte(char a1, char a2) { int k; if (a1 >= '0' && a1 <= '9') k = (int) (a1 - '0'); else if (a1 >= 'a' && a1 <= 'f') k = (int) (a1 - 'a' + 10); else if (a1 >= 'A' && a1 <= 'F') k = (int) (a1 - 'A' + 10); else k = 0; k <<= 4; if (a2 >= '0' && a2 <= '9') k += (int) (a2 - '0'); else if (a2 >= 'a' && a2 <= 'f') k += (int) (a2 - 'a' + 10); else if (a2 >= 'A' && a2 <= 'F') k += (int) (a2 - 'A' + 10); else k += 0; return (byte) (k & 0xFF); } public static byte[] hexstr2byte(String str) { int len = str.length(); if (len % 2 != 0) { System.out.println("十六进制字符串的长度为" + len + ",不为2的倍数!"); return null; } byte[] r = new byte[len / 2]; int k = 0; for (int i = 0; i < str.length() - 1; i += 2) { r[k] = hex2byte(str.charAt(i), str.charAt(i + 1)); k++; } return r; } public static byte[] decodehexstr(String hexstr, byte[] key) throws Exception { byte[] input = hexstr2byte(hexstr); if (input == null) return null; SecretKey deskey = new javax.crypto.spec.SecretKeySpec(key, Algorithm); if (debug) System.out.println("解密前的信息:" + hexstr); Cipher c1 = Cipher.getInstance(Algorithm); c1.init(Cipher.DECRYPT_MODE, deskey); byte[] clearByte = c1.doFinal(input); if (debug) { System.out.println("解密后的二进串:" + byte2hex(clearByte)); System.out.println("解密后的字符串:" + (new String(clearByte))); } return clearByte; } public boolean verifysignature(String filename, byte[] oridata, byte[] signatureData) { X509Certificate cert = null; try { InputStream inStream = new FileInputStream(filename); try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); cert = (X509Certificate) cf.generateCertificate(inStream); } catch (java.security.cert.CertificateException e) { System.out.println("generateCertificate error:" + e.getMessage()); return false; } inStream.close(); } catch (FileNotFoundException e) { System.out.println("read " + filename + " error:" + e.getMessage()); return false; } catch (IOException e) { System.out.println("close " + filename + " error:" + e.getMessage()); return false; } RSAPublicKey publicKey = (RSAPublicKey) cert.getPublicKey(); Signature signer = null; try { signer = Signature.getInstance("MD5withRSA"); signer.initVerify(publicKey); } catch (NoSuchAlgorithmException noAlgorithm) { System.out.println(noAlgorithm); return false; } catch (InvalidKeyException badKey) { System.out.println(badKey); return false; } try { signer.update(oridata); } catch (SignatureException signError) { System.out.println(signError); return false; } boolean signatureVerified = false; try { signatureVerified = signer.verify(signatureData); } catch (SignatureException signError) { System.out.println(signError); return false; } return signatureVerified; } public static boolean isValidSqlParam(String param) { return SQLFilter.isValidSqlParam(param); } public static boolean isValidSql(String sql) { return SQLFilter.isValidSql(sql); } public static boolean sql_inj(String str) { return SQLFilter.sql_inj(str); } public static String SHA_BASE64_24(String input) throws Exception { java.security.MessageDigest alg = java.security.MessageDigest.getInstance( "SHA"); alg.update(input.getBytes()); byte[] digest = alg.digest(); return (new sun.misc.BASE64Encoder()).encode(digest).substring(0,24); }}
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?