实现密码加密,采用SHA安全算法

2018-01-19 22:54:14 +08:00
parent 6cecf8e1a6
commit c5b41b0394
8 changed files with 240 additions and 96 deletions
--- a/skic/.classpath
+++ b/skic/.classpath
@@ -20,5 +20,6 @@
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="lib" path="WebRoot/WEB-INF/lib/mysql-connector-java-5.1.45-bin.jar"/>
 	<classpathentry kind="lib" path="WebRoot/WEB-INF/lib/commons-codec-1.11.jar"/>
 	<classpathentry kind="output" path="WebRoot/WEB-INF/classes"/>
 </classpath>
--- a/skic/WebRoot/WEB-INF/lib/commons-codec-1.11.jar
+++ b/skic/WebRoot/WEB-INF/lib/commons-codec-1.11.jar
--- a/skic/WebRoot/login.jsp
+++ b/skic/WebRoot/login.jsp
@@ -87,7 +87,7 @@ String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.
 	          <div class="input-field col s6 m6 l6">
 	              <p class="margin right-align medium-small"><a href="forgot-password.jsp">Forgot password?</a></p>
 	          </div>          
-
+			</div>
 	      </form>
 	    </div>
 	  </div>
--- a/skic/WebRoot/register.jsp
+++ b/skic/WebRoot/register.jsp
@@ -38,101 +38,116 @@
 </body>
 </html> --%>
 <meta charset="UTF-8">
-	<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1.0, user-scalable=no">
+<meta name="viewport"
 	content="width=device-width, initial-scale=1, maximum-scale=1.0, user-scalable=no">
-	<title>skic用户注册</title>
+<title>skic用户注册</title>
-	<!-- <link rel="stylesheet" type="text/css" href="css/normalize.css" /> -->
+<!-- <link rel="stylesheet" type="text/css" href="css/normalize.css" /> -->
-	<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/materialize/0.97.1/css/materialize.min.css">
+<link rel="stylesheet"
-	<style type="text/css">
+	href="https://cdnjs.cloudflare.com/ajax/libs/materialize/0.97.1/css/materialize.min.css">
-	html,
+<style type="text/css">
-	body {
+html, body {
 	height: 100%;
-	}
+}
-	html {
+
 html {
 	display: table;
 	margin: auto;
-	}
+}
-	body {
+
 body {
 	display: table-cell;
 	vertical-align: middle;
-		color:#404d5b;
+	color: #404d5b;
-	}
+}
-	.margin {
+
 .margin {
 	margin: 0 !important;
-	}
+}
-	.card-panel{ min-width:350px;}
+
-	</style>
+.card-panel {
-	<!--[if IE]>
+	min-width: 350px;
 }
 </style>
 <!--[if IE]>
 		<script src="http://apps.bdimg.com/libs/html5shiv/3.7/html5shiv.min.js"></script>
 	<![endif]-->
 </head>
 <body class=" cyan darken-1">
 	<div id="login-page" class="row">
 		<div class="col s12 z-depth-6 card-panel">
-	      <form class="login-form" action="<%=request.getContextPath()%>/CheckRegisterServlet" method="post" name="loginTest">
+			<form class="login-form"
 				action="<%=request.getContextPath()%>/CheckRegisterServlet"
 				method="post" name="loginTest">
 				<div class="row">
 					<div class="input-field col s12 center">
-	            <img src="http://w3lessons.info/logo.png" alt="" class="responsive-img valign profile-image-login">
+						<img src="http://w3lessons.info/logo.png" alt=""
 							class="responsive-img valign profile-image-login">
 						<p class="center login-form-text">Welcome to skic</p>
 					</div>
 				</div>
 				<div class="row margin">
 					<div class="input-field col s12">
-	            <i class="mdi-social-person-outline prefix"></i>
+						<i class="mdi-social-person-outline prefix"></i> <input
-	            <input name="userName" type="text" class="validate">
+							name="userName" type="text" class="validate"> <label
-	            <label for="username" class="center-align">Username</label>
+							for="username" class="center-align">Username</label>
 					</div>
 				</div>
 				<div class="row margin">
 					<div class="input-field col s12">
-	            <i class="mdi-social-person-outline prefix"></i>
+						<i class="mdi-social-person-outline prefix"></i> <input
-	            <input name="realName" type="text" class="validate">
+							name="realName" type="text" class="validate"> <label
-	            <label for="username" class="center-align">Realname</label>
+							for="username" class="center-align">Realname</label>
 					</div>
 				</div>
 				<div class="row margin">
 					<div class="input-field col s12">
-	            <i class="mdi-communication-email prefix"></i>
+						<i class="mdi-communication-email prefix"></i> <input name="email"
-	            <input name="email" type="email" class="validate">
+							type="email" class="validate"> <label for="email"
-	            <label for="email" class="center-align">Email</label>
+							class="center-align">Email</label>
 					</div>
 				</div>
 				<div class="row margin">
 					<div class="input-field col s12">
-	            <i class="mdi-action-lock-outline prefix"></i>
+						<i class="mdi-action-lock-outline prefix"></i> <input type="tel"
-	            <input type="tel" name="tel" class="validate">
+							name="tel" class="validate"> <label for="username"
-	            <label for="username" class="center-align">PhoneNum</label>
+							class="center-align">PhoneNum</label>
 					</div>
 				</div>
 				<div class="row margin">
 					<div class="input-field col s12">
-	            <i class="mdi-action-lock-outline prefix"></i>
+						<i class="mdi-action-lock-outline prefix"></i> <input
-	            <input id="password" type="password" class="validate">
+							name="passWord" type="password" class="validate"> <label
-	            <label for="password">Password</label>
+							for="password">Password</label>
 					</div>
 				</div>
 				<div class="row margin">
 					<div class="input-field col s12">
-	            <i class="mdi-action-lock-outline prefix"></i>
+						<i class="mdi-action-lock-outline prefix"></i> <input
-	            <input id="password-again" type="password">
+							name="passWord2" type="password"> <label
-	            <label for="password-again">Re-type password</label>
+							for="password-again">Re-type password</label>
 					</div>
 				</div>
 				<div class="row">
 					<div class="input-field col s12">
-	            <a href="register.html" class="btn waves-effect waves-light col s12">register</a>
+						<button class="btn waves-effect waves-light col s12" type="submit"
 							name="action">register</button>
 					</div>
 					<div class="input-field col s12">
-	            <p class="margin center medium-small sign-up">Have an account? <a href="login.jsp">Login</a></p>
+						<p class="margin center medium-small sign-up">
 							Have an account? <a href="login.jsp">Login</a>
 						</p>
 					</div>
 				</div>
 			</form>
 		</div>
 	</div>
-	<script type="text/javascript" src="http://apps.bdimg.com/libs/jquery/1.11.1/jquery.min.js"></script>
+	<script type="text/javascript"
 		src="http://apps.bdimg.com/libs/jquery/1.11.1/jquery.min.js"></script>
 	<!--materialize js-->
-  	<script src="https://cdnjs.cloudflare.com/ajax/libs/materialize/0.97.1/js/materialize.min.js"></script>
+	<script
 		src="https://cdnjs.cloudflare.com/ajax/libs/materialize/0.97.1/js/materialize.min.js"></script>
 </body>
 </html>
--- a/skic/src/com/coding/util/Coding.java
+++ b/skic/src/com/coding/util/Coding.java
@@ -0,0 +1,91 @@
 package com.coding.util;
 import java.security.InvalidKeyException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import javax.crypto.KeyGenerator;
 import javax.crypto.Mac;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
 import org.apache.commons.codec.binary.Base64;
 public class Coding {
 	public static final String KEY_SHA = "SHA";
 	public static final String KEY_MD5 = "MD5";
 	public static final String KEY_MAC = "HmacMD5";
 	// sun不推荐使用它们自己的base64,用apache的挺好
 	/**
 	 * BASE64解密
 	 */
 	public static byte[] decryptBASE64(byte[] dest) {
 		if (dest == null) {
 			return null;
 		}
 		return Base64.decodeBase64(dest);
 	}
 	/**
 	 * BASE64加密
 	 */
 	public static byte[] encryptBASE64(byte[] origin) {
 		if (origin == null) {
 			return null;
 		}
 		return Base64.encodeBase64(origin);
 	}
 	/**
 	 * MD5加密
 	 * 
 	 * @throws NoSuchAlgorithmException
 	 */
 	public static byte[] encryptMD5(byte[] data) throws NoSuchAlgorithmException {
 		if (data == null) {
 			return null;
 		}
 		MessageDigest md5 = MessageDigest.getInstance(KEY_MD5);
 		md5.update(data);
 		return md5.digest();
 	}
 	/**
 	 * SHA加密
 	 * 
 	 * @throws NoSuchAlgorithmException
 	 */
 	public static byte[] encryptSHA(byte[] data) throws NoSuchAlgorithmException {
 		if (data == null) {
 			return null;
 		}
 		MessageDigest sha = MessageDigest.getInstance(KEY_SHA);
 		sha.update(data);
 		return sha.digest();
 	}
 	/**
 	 * 初始化HMAC密钥
 	 * 
 	 * @throws NoSuchAlgorithmException
 	 */
 	public static String initMacKey() throws NoSuchAlgorithmException {
 		KeyGenerator keyGenerator = KeyGenerator.getInstance(KEY_MAC);
 		SecretKey secretKey = keyGenerator.generateKey();
 		return new String(encryptBASE64(secretKey.getEncoded()));
 	}
 	/**
 	 * HMAC加密
 	 * 
 	 * @throws NoSuchAlgorithmException
 	 * @throws InvalidKeyException
 	 */
 	public static byte[] encryptHMAC(byte[] data, String key) throws NoSuchAlgorithmException, InvalidKeyException {
 		SecretKey secretKey = new SecretKeySpec(decryptBASE64(key.getBytes()), KEY_MAC);
 		Mac mac = Mac.getInstance(secretKey.getAlgorithm());
 		mac.init(secretKey);
 		return mac.doFinal(data);
 	}
 }
--- a/skic/src/com/coding/util/CodingTest.java
+++ b/skic/src/com/coding/util/CodingTest.java
@@ -0,0 +1,18 @@
 package com.coding.util;
 import java.math.BigInteger;
 public class CodingTest {
 	public static void main(String[] args) throws Exception {
 		String data = "简单加密2";
 		System.out.println(new BigInteger(Coding.encryptBASE64(data.getBytes())).toString(16));
 		System.out.println(new BigInteger(Coding.encryptBASE64(data.getBytes())).toString(32));
 		System.out.println(new String(Coding.decryptBASE64(Coding.encryptBASE64(data.getBytes()))));
 		System.out.println(new BigInteger(Coding.encryptMD5(data.getBytes())).toString());
 		System.out.println(new BigInteger(Coding.encryptSHA(data.getBytes())).toString());
 		System.out.println(new BigInteger(Coding.encryptHMAC(data.getBytes(), Coding.initMacKey())).toString());
 	}
 }
--- a/skic/src/com/skic/servlet/CheckLoginServlet.java
+++ b/skic/src/com/skic/servlet/CheckLoginServlet.java
@@ -1,6 +1,8 @@
 package com.skic.servlet;
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.NoSuchAlgorithmException;
 import java.util.Map;
 import javax.servlet.RequestDispatcher;
@@ -9,6 +11,7 @@ import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import com.coding.util.Coding;
 import com.skic.DTO.UserDTO;
 import com.skic.service.CheckLoginService;
@@ -35,6 +38,13 @@ public class CheckLoginServlet extends HttpServlet {
 		request.setCharacterEncoding("utf-8");
 		String userName = request.getParameter("userName");
 		String passWord = request.getParameter("passWord");
 		String passWordBase64 = null;
 		try {
 			passWordBase64 = new BigInteger(Coding.encryptSHA(passWord.getBytes())).toString();//对密码进行加密比较
 		} catch (NoSuchAlgorithmException e) {
 			// TODO Auto-generated catch block
 			e.printStackTrace();
 		}
 		String adminflag = "";
 		String vipflag = "";
 		String rootflag = "";
@@ -47,7 +57,7 @@ public class CheckLoginServlet extends HttpServlet {
 		}else {
 			UserDTO user = new UserDTO();
 			user.setUserName(userName);
-			user.setPassword(passWord);
+			user.setPassword(passWordBase64);//比对加密后的密码
 			Map<String, Integer> rsMap = cks.CheckUser(user);
 			request.getSession().setAttribute("login_status", rsMap.get("login_status"));//存储登录状态
 			if (rsMap.get("login_status")==1) {
--- a/skic/src/com/skic/servlet/CheckRegisterServlet.java
+++ b/skic/src/com/skic/servlet/CheckRegisterServlet.java
@@ -1,6 +1,8 @@
 package com.skic.servlet;
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.NoSuchAlgorithmException;
 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
@@ -8,6 +10,7 @@ import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import com.coding.util.Coding;
 import com.skic.DTO.UserDTO;
 import com.skic.service.CheckRegisterService;;
@@ -30,12 +33,18 @@ public class CheckRegisterServlet extends HttpServlet {
 	public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
 		doPost(request, response);
 	}
-	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException{
 		request.setCharacterEncoding("utf-8");
 		String userName = request.getParameter("userName");
 		String realName = request.getParameter("realName");
 		String email = request.getParameter("email");
-		String passWord = request.getParameter("passWord1");
+		String passWord = request.getParameter("passWord");
 		String passWordBase64 = null;
 		try {
 			passWordBase64 = new BigInteger(Coding.encryptSHA(passWord.getBytes())).toString();//对密码进行加密处理
 		} catch (NoSuchAlgorithmException e) {
 			e.printStackTrace();
 		}
 		String tel = request.getParameter("tel");
 		RequestDispatcher rd = null;
 		String forwardString = null;
@@ -46,7 +55,7 @@ public class CheckRegisterServlet extends HttpServlet {
 		}else {
 			UserDTO user = new UserDTO();
 			user.setUserName(userName);
-			user.setPassword(passWord);
+			user.setPassword(passWordBase64);
 			user.setRealName(realName);
 			user.setEmail(email);;
 			user.setPhoneNum(tel);