实现密码加密,采用SHA安全算法

2018-01-19 22:54:14 +08:00
parent 6cecf8e1a6
commit c5b41b0394
8 changed files with 240 additions and 96 deletions
--- a/skic/.classpath
+++ b/skic/.classpath
@@ -20,5 +20,6 @@
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="lib" path="WebRoot/WEB-INF/lib/mysql-connector-java-5.1.45-bin.jar"/>
+	<classpathentry kind="lib" path="WebRoot/WEB-INF/lib/commons-codec-1.11.jar"/>
 	<classpathentry kind="output" path="WebRoot/WEB-INF/classes"/>
 </classpath>
--- a/skic/WebRoot/WEB-INF/lib/commons-codec-1.11.jar
+++ b/skic/WebRoot/WEB-INF/lib/commons-codec-1.11.jar
--- a/skic/WebRoot/login.jsp
+++ b/skic/WebRoot/login.jsp
@@ -87,7 +87,7 @@ String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.
 	          <div class="input-field col s6 m6 l6">
 	              <p class="margin right-align medium-small"><a href="forgot-password.jsp">Forgot password?</a></p>
 	          </div>          
-
+			</div>
 	      </form>
 	    </div>
 	  </div>
--- a/skic/WebRoot/register.jsp
+++ b/skic/WebRoot/register.jsp
@@ -38,101 +38,116 @@
 </body>
 </html> --%>
 <meta charset="UTF-8">
-	<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1.0, user-scalable=no">
+<meta name="viewport"
+	content="width=device-width, initial-scale=1, maximum-scale=1.0, user-scalable=no">

-	<title>skic用户注册</title>
-	<!-- <link rel="stylesheet" type="text/css" href="css/normalize.css" /> -->
-	<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/materialize/0.97.1/css/materialize.min.css">
-	<style type="text/css">
-	html,
-	body {
+<title>skic用户注册</title>
+<!-- <link rel="stylesheet" type="text/css" href="css/normalize.css" /> -->
+<link rel="stylesheet"
+	href="https://cdnjs.cloudflare.com/ajax/libs/materialize/0.97.1/css/materialize.min.css">
+<style type="text/css">
+html, body {
 	height: 100%;
-	}
-	html {
+}
+
+html {
 	display: table;
 	margin: auto;
-	}
-	body {
+}
+
+body {
 	display: table-cell;
 	vertical-align: middle;
-		color:#404d5b;
-	}
-	.margin {
+	color: #404d5b;
+}
+
+.margin {
 	margin: 0 !important;
-	}
-	.card-panel{ min-width:350px;}
-	</style>
-	<!--[if IE]>
+}
+
+.card-panel {
+	min-width: 350px;
+}
+</style>
+<!--[if IE]>
 		<script src="http://apps.bdimg.com/libs/html5shiv/3.7/html5shiv.min.js"></script>
 	<![endif]-->
 </head>
 <body class=" cyan darken-1">
 	<div id="login-page" class="row">
 		<div class="col s12 z-depth-6 card-panel">
-	      <form class="login-form" action="<%=request.getContextPath()%>/CheckRegisterServlet" method="post" name="loginTest">
+			<form class="login-form"
+				action="<%=request.getContextPath()%>/CheckRegisterServlet"
+				method="post" name="loginTest">
 				<div class="row">
 					<div class="input-field col s12 center">
-	            <img src="http://w3lessons.info/logo.png" alt="" class="responsive-img valign profile-image-login">
+						<img src="http://w3lessons.info/logo.png" alt=""
+							class="responsive-img valign profile-image-login">
 						<p class="center login-form-text">Welcome to skic</p>
 					</div>
 				</div>
 				<div class="row margin">
 					<div class="input-field col s12">
-	            <i class="mdi-social-person-outline prefix"></i>
-	            <input name="userName" type="text" class="validate">
-	            <label for="username" class="center-align">Username</label>
+						<i class="mdi-social-person-outline prefix"></i> <input
+							name="userName" type="text" class="validate"> <label
+							for="username" class="center-align">Username</label>
 					</div>
 				</div>
 				<div class="row margin">
 					<div class="input-field col s12">
-	            <i class="mdi-social-person-outline prefix"></i>
-	            <input name="realName" type="text" class="validate">
-	            <label for="username" class="center-align">Realname</label>
+						<i class="mdi-social-person-outline prefix"></i> <input
+							name="realName" type="text" class="validate"> <label
+							for="username" class="center-align">Realname</label>
 					</div>
 				</div>
 				<div class="row margin">
 					<div class="input-field col s12">
-	            <i class="mdi-communication-email prefix"></i>
-	            <input name="email" type="email" class="validate">
-	            <label for="email" class="center-align">Email</label>
+						<i class="mdi-communication-email prefix"></i> <input name="email"
+							type="email" class="validate"> <label for="email"
+							class="center-align">Email</label>
 					</div>
 				</div>
 				<div class="row margin">
 					<div class="input-field col s12">
-	            <i class="mdi-action-lock-outline prefix"></i>
-	            <input type="tel" name="tel" class="validate">
-	            <label for="username" class="center-align">PhoneNum</label>
+						<i class="mdi-action-lock-outline prefix"></i> <input type="tel"
+							name="tel" class="validate"> <label for="username"
+							class="center-align">PhoneNum</label>
 					</div>
 				</div>
 				<div class="row margin">
 					<div class="input-field col s12">
-	            <i class="mdi-action-lock-outline prefix"></i>
-	            <input id="password" type="password" class="validate">
-	            <label for="password">Password</label>
+						<i class="mdi-action-lock-outline prefix"></i> <input
+							name="passWord" type="password" class="validate"> <label
+							for="password">Password</label>
 					</div>
 				</div>
 				<div class="row margin">
 					<div class="input-field col s12">
-	            <i class="mdi-action-lock-outline prefix"></i>
-	            <input id="password-again" type="password">
-	            <label for="password-again">Re-type password</label>
+						<i class="mdi-action-lock-outline prefix"></i> <input
+							name="passWord2" type="password"> <label
+							for="password-again">Re-type password</label>
 					</div>
 				</div>
 				<div class="row">
 					<div class="input-field col s12">
-	            <a href="register.html" class="btn waves-effect waves-light col s12">register</a>
+						<button class="btn waves-effect waves-light col s12" type="submit"
+							name="action">register</button>
 					</div>
 					<div class="input-field col s12">
-	            <p class="margin center medium-small sign-up">Have an account? <a href="login.jsp">Login</a></p>
+						<p class="margin center medium-small sign-up">
+							Have an account? <a href="login.jsp">Login</a>
+						</p>
 					</div>
 				</div>
 			</form>
 		</div>
 	</div>

-	<script type="text/javascript" src="http://apps.bdimg.com/libs/jquery/1.11.1/jquery.min.js"></script>
+	<script type="text/javascript"
+		src="http://apps.bdimg.com/libs/jquery/1.11.1/jquery.min.js"></script>

 	<!--materialize js-->
-  	<script src="https://cdnjs.cloudflare.com/ajax/libs/materialize/0.97.1/js/materialize.min.js"></script>
+	<script
+		src="https://cdnjs.cloudflare.com/ajax/libs/materialize/0.97.1/js/materialize.min.js"></script>
 </body>
 </html>
--- a/skic/src/com/coding/util/Coding.java
+++ b/skic/src/com/coding/util/Coding.java
@@ -0,0 +1,91 @@
+package com.coding.util;
+
+import java.security.InvalidKeyException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import javax.crypto.KeyGenerator;
+import javax.crypto.Mac;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import org.apache.commons.codec.binary.Base64;
+
+public class Coding {
+	public static final String KEY_SHA = "SHA";
+	public static final String KEY_MD5 = "MD5";
+	public static final String KEY_MAC = "HmacMD5";
+
+	// sun不推荐使用它们自己的base64,用apache的挺好
+	/**
+	 * BASE64解密
+	 */
+	public static byte[] decryptBASE64(byte[] dest) {
+		if (dest == null) {
+			return null;
+		}
+		return Base64.decodeBase64(dest);
+	}
+
+	/**
+	 * BASE64加密
+	 */
+	public static byte[] encryptBASE64(byte[] origin) {
+		if (origin == null) {
+			return null;
+		}
+		return Base64.encodeBase64(origin);
+	}
+
+	/**
+	 * MD5加密
+	 * 
+	 * @throws NoSuchAlgorithmException
+	 */
+	public static byte[] encryptMD5(byte[] data) throws NoSuchAlgorithmException {
+		if (data == null) {
+			return null;
+		}
+		MessageDigest md5 = MessageDigest.getInstance(KEY_MD5);
+		md5.update(data);
+		return md5.digest();
+	}
+
+	/**
+	 * SHA加密
+	 * 
+	 * @throws NoSuchAlgorithmException
+	 */
+	public static byte[] encryptSHA(byte[] data) throws NoSuchAlgorithmException {
+		if (data == null) {
+			return null;
+		}
+		MessageDigest sha = MessageDigest.getInstance(KEY_SHA);
+		sha.update(data);
+		return sha.digest();
+	}
+
+	/**
+	 * 初始化HMAC密钥
+	 * 
+	 * @throws NoSuchAlgorithmException
+	 */
+	public static String initMacKey() throws NoSuchAlgorithmException {
+		KeyGenerator keyGenerator = KeyGenerator.getInstance(KEY_MAC);
+		SecretKey secretKey = keyGenerator.generateKey();
+		return new String(encryptBASE64(secretKey.getEncoded()));
+	}
+
+	/**
+	 * HMAC加密
+	 * 
+	 * @throws NoSuchAlgorithmException
+	 * @throws InvalidKeyException
+	 */
+	public static byte[] encryptHMAC(byte[] data, String key) throws NoSuchAlgorithmException, InvalidKeyException {
+		SecretKey secretKey = new SecretKeySpec(decryptBASE64(key.getBytes()), KEY_MAC);
+		Mac mac = Mac.getInstance(secretKey.getAlgorithm());
+		mac.init(secretKey);
+		return mac.doFinal(data);
+
+	}
+
+}
--- a/skic/src/com/coding/util/CodingTest.java
+++ b/skic/src/com/coding/util/CodingTest.java
@@ -0,0 +1,18 @@
+package com.coding.util;
+
+import java.math.BigInteger;
+
+public class CodingTest {
+	
+	public static void main(String[] args) throws Exception {
+		String data = "简单加密2";
+		System.out.println(new BigInteger(Coding.encryptBASE64(data.getBytes())).toString(16));
+		System.out.println(new BigInteger(Coding.encryptBASE64(data.getBytes())).toString(32));
+		System.out.println(new String(Coding.decryptBASE64(Coding.encryptBASE64(data.getBytes()))));
+
+		System.out.println(new BigInteger(Coding.encryptMD5(data.getBytes())).toString());
+		System.out.println(new BigInteger(Coding.encryptSHA(data.getBytes())).toString());
+		System.out.println(new BigInteger(Coding.encryptHMAC(data.getBytes(), Coding.initMacKey())).toString());
+	}
+
+}
--- a/skic/src/com/skic/servlet/CheckLoginServlet.java
+++ b/skic/src/com/skic/servlet/CheckLoginServlet.java
@@ -1,6 +1,8 @@
 package com.skic.servlet;

 import java.io.IOException;
+import java.math.BigInteger;
+import java.security.NoSuchAlgorithmException;
 import java.util.Map;

 import javax.servlet.RequestDispatcher;
@@ -9,6 +11,7 @@ import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

+import com.coding.util.Coding;
 import com.skic.DTO.UserDTO;
 import com.skic.service.CheckLoginService;

@@ -35,6 +38,13 @@ public class CheckLoginServlet extends HttpServlet {
 		request.setCharacterEncoding("utf-8");
 		String userName = request.getParameter("userName");
 		String passWord = request.getParameter("passWord");
+		String passWordBase64 = null;
+		try {
+			passWordBase64 = new BigInteger(Coding.encryptSHA(passWord.getBytes())).toString();//对密码进行加密比较
+		} catch (NoSuchAlgorithmException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}
 		String adminflag = "";
 		String vipflag = "";
 		String rootflag = "";
@@ -47,7 +57,7 @@ public class CheckLoginServlet extends HttpServlet {
 		}else {
 			UserDTO user = new UserDTO();
 			user.setUserName(userName);
-			user.setPassword(passWord);
+			user.setPassword(passWordBase64);//比对加密后的密码
 			Map<String, Integer> rsMap = cks.CheckUser(user);
 			request.getSession().setAttribute("login_status", rsMap.get("login_status"));//存储登录状态
 			if (rsMap.get("login_status")==1) {
--- a/skic/src/com/skic/servlet/CheckRegisterServlet.java
+++ b/skic/src/com/skic/servlet/CheckRegisterServlet.java
@@ -1,6 +1,8 @@
 package com.skic.servlet;

 import java.io.IOException;
+import java.math.BigInteger;
+import java.security.NoSuchAlgorithmException;

 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
@@ -8,6 +10,7 @@ import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

+import com.coding.util.Coding;
 import com.skic.DTO.UserDTO;
 import com.skic.service.CheckRegisterService;;

@@ -30,12 +33,18 @@ public class CheckRegisterServlet extends HttpServlet {
 	public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
 		doPost(request, response);
 	}
-	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException{
 		request.setCharacterEncoding("utf-8");
 		String userName = request.getParameter("userName");
 		String realName = request.getParameter("realName");
 		String email = request.getParameter("email");
-		String passWord = request.getParameter("passWord1");
+		String passWord = request.getParameter("passWord");
+		String passWordBase64 = null;
+		try {
+			passWordBase64 = new BigInteger(Coding.encryptSHA(passWord.getBytes())).toString();//对密码进行加密处理
+		} catch (NoSuchAlgorithmException e) {
+			e.printStackTrace();
+		}
 		String tel = request.getParameter("tel");
 		RequestDispatcher rd = null;
 		String forwardString = null;
@@ -46,7 +55,7 @@ public class CheckRegisterServlet extends HttpServlet {
 		}else {
 			UserDTO user = new UserDTO();
 			user.setUserName(userName);
-			user.setPassword(passWord);
+			user.setPassword(passWordBase64);
 			user.setRealName(realName);
 			user.setEmail(email);;
 			user.setPhoneNum(tel);