<em>Mac</em>Book项目 2009年学校开始实施<em>Mac</em>Book项目,所有师生配备一本<em>Mac</em>Book,并同步更新了校园无线网络。学校每周进行电脑技术更新,每月发送技术支持资料,极大改变了教学及学习方式。因此2011
2021-06-01 09:32:01
SpringBoot安全策略開發之整合資料傳輸加密
2023-01-04 14:00:19
前言
近期在對開發框架安全策略方面進行升級優化,提供一些通用場景的解決方案,本文針對前後端資料傳輸加密進行簡單的分享,處理流程設計如下圖所示,本加密方法對原有專案相容性較好,只需要更換封裝好的加密Ajax請求方法,後端統一攔截判斷是否需要解密即可
生成DESKey
生成的DES加密金鑰一定是8的整數倍的位數
function getRandomStr() {
let str = ""
let array = [
"0",
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"a",
"b",
"c",
"d",
"e",
"f",
"g",
"h",
"i",
"j",
"k",
"l",
"m",
"n",
"o",
"p",
"q",
"r",
"s",
"t",
"u",
"v",
"w",
"x",
"y",
"z",
"A",
"B",
"C",
"D",
"E",
"F",
"G",
"H",
"I",
"J",
"K",
"L",
"M",
"N",
"O",
"P",
"Q",
"R",
"S",
"T",
"U",
"V",
"W",
"X",
"Y",
"Z",
];
for (let i = 0; i < 8; i++) {
str += array[Math.round(Math.random() * (array.length - 1))];
}
return str;
}
生成RSA金鑰對
RSA金鑰對有很多種格式,因為需要和前端演演算法庫互聯互通,這裡選擇的是1024位元,Padding方式為PKSC1
public static Map<String, String> createKeysPKSC1(int keySize) {
// map裝載公鑰和私鑰
Map<String, String> keyPairMap = new HashMap<String, String>();
try {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
SecureRandom random = new SecureRandom();
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "BC");
generator.initialize(keySize, random);
KeyPair keyPair = generator.generateKeyPair();
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
String publicKeyStr = new String(Base64.encodeBase64(publicKey.getEncoded()));
String privateKeyStr = new String(Base64.encodeBase64(privateKey.getEncoded()));
keyPairMap.put("publicKey", publicKeyStr);
keyPairMap.put("privateKey", privateKeyStr);
} catch (Exception e) {
e.printStackTrace();
}
// 返回map
return keyPairMap;
}
前端DES加密
引入crypto.js第三方庫
function encryptByDES(message, key) {
var keyHex = CryptoJS.enc.Utf8.parse(key);
var encrypted = CryptoJS.DES.encrypt(message, keyHex, {
mode: CryptoJS.mode.ECB,
padding: CryptoJS.pad.Pkcs7
});
return encrypted.toString();
}
前端RSA加密
引入jsencrypt,js第三方庫
function encryptByRSA(data, publicKey) {
var encryptor = new JSEncrypt()
encryptor.setPublicKey(publicKey)
return encryptor.encrypt(data);;
}
後端RSA解密
public static String decryptPKSC1(String data, String privateKeyStr) {
try {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
RSAPrivateKey privateKey = getPrivateKeyPKSC1(privateKeyStr);
cipher.init(Cipher.DECRYPT_MODE, privateKey);
return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.decodeBase64(data), privateKey.getModulus().bitLength()), CHARSET);
} catch (Exception e) {
throw new RuntimeException("解密字串[" + data + "]時遇到異常", e);
}
}
後端DES解密
public static String decrypt(String data, String key) throws IOException,
Exception {
if (data == null)
return null;
BASE64Decoder decoder = new BASE64Decoder();
byte[] buf = decoder.decodeBuffer(data);
byte[] bt = decrypt(buf, key.getBytes("UTF-8"));
return new String(bt, "UTF-8");
}
後端自定義攔截器
public class XSSFilter implements Filter, Ordered {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
String contentType = request.getContentType();
if (StringUtils.isNotBlank(contentType) && contentType.contains("application/json")) {
XSSBodyRequestWrapper xssBodyRequestWrapper = new XSSBodyRequestWrapper((HttpServletRequest) request);
chain.doFilter(xssBodyRequestWrapper, response);
} else {
chain.doFilter(request, response);
}
}
@Override
public int getOrder() {
return 9;
}
}
public class XSSBodyRequestWrapper extends HttpServletRequestWrapper {
private String body;
public XSSBodyRequestWrapper(HttpServletRequest request) {
super(request);
try{
body = XSSScriptUtil.handleString(CommonUtil.getBodyString(request));
String encrypt = request.getHeader("encrypt");
if (!StringUtil.isEmpty(encrypt)) {
String privateKey = RSAEncryptUtil.getSystemDefaultRSAPrivateKey();
String desEncryptStr = RSAEncryptUtil.decryptPKSC1(encrypt, privateKey);
JSONObject obj = JSONObject.parseObject(body);
String encryptParam = obj.getString("encryptParam");
body = DESEncryptUtil.decrypt(encryptParam, desEncryptStr);
}
}catch (Exception e){
e.printStackTrace();
}
}
@Override
public BufferedReader getReader() throws IOException {
return new BufferedReader(new InputStreamReader(getInputStream()));
}
@Override
public ServletInputStream getInputStream() throws IOException {
final ByteArrayInputStream bais = new ByteArrayInputStream(body.getBytes(Charset.forName("UTF-8")));
return new ServletInputStream() {
@Override
public int read() throws IOException {
return bais.read();
}
@Override
public boolean isFinished() {
return false;
}
@Override
public boolean isReady() {
return false;
}
@Override
public void setReadListener(ReadListener readListener) {
}
};
}
}到此這篇關於SpringBoot安全策略開發之整合資料傳輸加密的文章就介紹到這了,更多相關SpringBoot資料傳輸加密內容請搜尋it145.com以前的文章或繼續瀏覽下面的相關文章希望大家以後多多支援it145.com!
相關文章
-
黑科技的輕簡出行,告別「電量焦慮症」:Anker氮化鎵超能充系列
综合看Anker超能充系列的性价比很高,并且与不仅和iPhone12/苹果<em>Mac</em>Book很配,而且适合多设备充电需求的日常使用或差旅场景,不管是安卓还是Switch同样也能用得上它,希望这次分享能给准备购入充电器的小伙伴们有所
2021-06-01 09:31:42
-
吳亦凡廠牌首秀,L4WUDU居然忘詞了,Rapper和明星比還是有差距!
除了L4WUDU与吴亦凡已经多次共事,成为了明面上的厂牌成员,吴亦凡还曾带领20XXCLUB全队参加2020年的一场音乐节,这也是20XXCLUB首次全员合照,王嗣尧Turbo、陈彦希Regi、<em>Mac</em> Ova Seas、林渝植等人全部出场。然而让
2021-06-01 09:31:34
-
IPFS、Chia、Bzz和ICP挖礦該怎麼選?哪一個更有優勢?
目前应用IPFS的机构:1 谷歌<em>浏览器</em>支持IPFS分布式协议 2 万维网 (历史档案博物馆)数据库 3 火狐<em>浏览器</em>支持 IPFS分布式协议 4 EOS 等数字货币数据存储 5 美国国会图书馆,历史资料永久保存在 IPFS 6 加
2021-06-01 09:31:24
-
有哪些事是買了雪佛蘭後才知道的?美事偷著樂,開拓者車主隨聊
开拓者的车机是兼容苹果和<em>安卓</em>,虽然我不怎么用,但确实兼顾了我家人的很多需求:副驾的门板还配有解锁开关,有的时候老婆开车,下车的时候偶尔会忘记解锁,我在副驾驶可以自己开门:第二排设计很好,不仅配置了一个很大的
2021-06-01 09:30:48
-
iPhone12在618最新定價,跌價幅度超過1400元,還等iPhone13嗎?
不仅是<em>安卓</em>手机,苹果手机的降价力度也是前所未有了,iPhone12也“跳水价”了,发布价是6799元,如今已经跌至5308元,降价幅度超过1400元,最新定价确认了。iPhone12是苹果首款5G手机,同时也是全球首款5nm芯片的智能机,它
2021-06-01 09:30:45