发表于: 2018-03-03 23:47:46
2 673
今日完成:
1. session有一个缺陷:如果web服务器做了负载均衡,那么下一个操作请求到了另一台服务器的时候session会丢失
2. 昨天实现的DES在测试中发现每次加密的结果都不同,解密的结果也没法和原信息相符
网上说可能是网页编码的问题等
在网上找了一个需要设置向量的DES进行实现测试,发现可以正常使用,以下是代码
public static String KEY = "1234567812345678";
public static final String ALGORITHM_DES = "DES/CBC/PKCS5Padding";
public static String encode(String data) {
if (data == null)
return null;
try {
DESKeySpec dks = new DESKeySpec(KEY.getBytes());
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
// key的长度不能够小于8位字节
Key secretKey = keyFactory.generateSecret(dks);
Cipher cipher = Cipher.getInstance(ALGORITHM_DES);
IvParameterSpec iv = new IvParameterSpec("12345678".getBytes());
AlgorithmParameterSpec paramSpec = iv;
cipher.init(Cipher.ENCRYPT_MODE, secretKey, paramSpec);
byte[] bytes = cipher.doFinal(data.getBytes());
return byte2String(bytes);
} catch (Exception e) {
e.printStackTrace();
return data;
}
}
public static String decode(String data) {
if (data == null)
return null;
try {
DESKeySpec dks = new DESKeySpec(KEY.getBytes());
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
// key的长度不能够小于8位字节
Key secretKey = keyFactory.generateSecret(dks);
Cipher cipher = Cipher.getInstance(ALGORITHM_DES);
IvParameterSpec iv = new IvParameterSpec("12345678".getBytes());
AlgorithmParameterSpec paramSpec = iv;
cipher.init(Cipher.DECRYPT_MODE, secretKey, paramSpec);
return new String(cipher.doFinal(byte2hex(data.getBytes())));
} catch (Exception e) {
e.printStackTrace();
return data;
}
}
private static String byte2String(byte[] b) {
StringBuilder hs = new StringBuilder();
String stmp;
for (int n = 0; b != null && n < b.length; n++) {
stmp = Integer.toHexString(b[n] & 0XFF);
if (stmp.length() == 1)
hs.append('0');
hs.append(stmp);
}
return hs.toString().toUpperCase(Locale.CHINA);
}
private static byte[] byte2hex(byte[] b) {
if ((b.length % 2) != 0)
throw new IllegalArgumentException();
byte[] b2 = new byte[b.length / 2];
for (int n = 0; n < b.length; n += 2) {
String item = new String(b, n, 2);
b2[n / 2] = (byte) Integer.parseInt(item, 16);
}
return b2;
}
密钥长度不能低于8位,这个算法还多了两个类型转换方法
3. 使用MD5对用户密码加密,并且进行登陆验证
if (null != name && null != password && "" != name && "" != null) {
String md = MD5.getResult(password);
check = schoolService.check(name, md);
}
4. Token
public static String createToken(String name, String signInTime) throws Exception {
Map<String, Object> map = new HashMap<String, Object>();
map.put("alg", "HS256");
map.put("typ", "JWT");
String token = JWT.create()
.withHeader(map)//header
.withClaim("name", name) //payload
.withClaim("sign_in_time", signInTime)
.sign(Algorithm.HMAC256("secret"));//加密
return token;
}
public static Map<String, Claim> verifyToken(String token) throws Exception {
JWTVerifier verifier = JWT.require(Algorithm.HMAC256("secret")).build();
DecodedJWT jwt = verifier.verify(token);
Map<String, Claim> claims = jwt.getClaims();
// System.out.println(claims.get("name").asString());
return claims;
}
5. 使用DES对用户名和登陆时间进行加密,生成token
String desName = DES.encode(name);
System.out.println(desName);
String desSignInTime = DES.encode(String.valueOf(System.currentTimeMillis()));
try {
Token = JwtToken.createToken(desName, desSignInTime);
//测试
Map<String, Claim> map = JwtToken.verifyToken(Token);
System.out.println(map.get("name").asString());
} catch (Exception e) {
e.printStackTrace();
}
测试verifyToken函数
明日计划:
1. 把DES和Token代码中的每一步弄明白,以及DES和Token的实现原理
2. 将Token加入到cookie
3. 学习服务端如何验证Token
遇到的问题:
1. DES算法中的随机数和向量的作用是什么
2. DES算法有多种不同实现方法,这些方法有很大差异吗,如何选择
3. 服务器端如何存储Token以及如何对web传来的Token进行验证
收获:
1. 实现了使用DES进行加密解密
2. 实现了简单的Token代码,并且进行了测试
评论