/** * AES加密 * @param content 字符串内容 * @param password 密钥 */ public static String encrypt(String content, String password){ return aes(content,password,Cipher.ENCRYPT_MODE); }
/** * DES解密 * @param content 字符串内容 * @param password 密钥 */ public static String decrypt(String content, String password){ return des(content,password,Cipher.DECRYPT_MODE); }
public static String checkAndGetKey(String k1,String k2,String keyName){ if(StringUtils.isNullOrEmpty(k1) && StringUtils.isNullOrEmpty(k2)){ throw new KeyNotConfiguredException(String.format("%s is not configured (未配置%s)", keyName,keyName)); } if(k1==null) return k2; return k1; }
/** * 选择加密方式并进行加密 * @param formatStringBody 目标加密字符串 * @param infoBean 加密信息 * @return 加密结果 */ private String switchEncrypt(String formatStringBody,EncryptAnnotationInfoBean infoBean){ EncryptBodyMethod method = infoBean.getEncryptBodyMethod(); if(method==null){ throw new EncryptMethodNotFoundException(); } if(method == EncryptBodyMethod.MD5){ return MD5EncryptUtil.encrypt(formatStringBody); } if(method == EncryptBodyMethod.SHA){ SHAEncryptType shaEncryptType = infoBean.getShaEncryptType(); if(shaEncryptType==null) shaEncryptType = SHAEncryptType.SHA256; return SHAEncryptUtil.encrypt(formatStringBody,shaEncryptType); } String key = infoBean.getKey(); if(method == EncryptBodyMethod.DES){ key = CheckUtils.checkAndGetKey(config.getAesKey(),key,"DES-KEY"); return DESEncryptUtil.encrypt(formatStringBody,key); } if(method == EncryptBodyMethod.AES){ key = CheckUtils.checkAndGetKey(config.getAesKey(),key,"AES-KEY"); return AESEncryptUtil.encrypt(formatStringBody,key); } throw new EncryptBodyFailException(); }
/** * 选择加密方式并进行解密 * @param formatStringBody 目标解密字符串 * @param infoBean 加密信息 * @return 解密结果 */ private String switchDecrypt(String formatStringBody,DecryptAnnotationInfoBean infoBean){ DecryptBodyMethod method = infoBean.getDecryptBodyMethod(); if(method==null) throw new DecryptMethodNotFoundException(); String key = infoBean.getKey(); if(method == DecryptBodyMethod.DES){ key = CheckUtils.checkAndGetKey(config.getAesKey(),key,"DES-KEY"); return DESEncryptUtil.decrypt(formatStringBody,key); } if(method == DecryptBodyMethod.AES){ key = CheckUtils.checkAndGetKey(config.getAesKey(),key,"AES-KEY"); return AESEncryptUtil.decrypt(formatStringBody,key); } throw new DecryptBodyFailException(); } }
@Override public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) { JwtToken jwtToken = (JwtToken) token; Object accountCredentials = getCredentials(info); if(jwtToken.getPassword()!=null){ Object tokenCredentials = MD5EncryptUtil.encrypt(String.valueOf( jwtToken.getPassword())+jwtToken.getUsername()); if(!accountCredentials.equals(tokenCredentials)){ throw new DisabledAccountException("密码不正确!"); } }else{ boolean verify = JwtUtil.verify(jwtToken.getToken(), jwtToken.getUsername(), accountCredentials.toString()); if(!verify){ throw new DisabledAccountException("verifyFail"); } } return true; }
/** * DES加密/解密公共方法 * @param content 字符串内容 * @param password 密钥 * @param type 加密:{@link Cipher#ENCRYPT_MODE},解密:{@link Cipher#DECRYPT_MODE} */ private static String des(String content, String password, int type) { try { SecureRandom random = new SecureRandom(); DESKeySpec desKey = new DESKeySpec(password.getBytes()); SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES"); Cipher cipher = Cipher.getInstance("DES"); cipher.init(type, keyFactory.generateSecret(desKey), random); if (type == Cipher.ENCRYPT_MODE) { byte[] byteContent = content.getBytes("utf-8"); return Hex2Util.parseByte2HexStr(cipher.doFinal(byteContent)); } else { byte[] byteContent = Hex2Util.parseHexStr2Byte(content); assert byteContent != null; return new String(cipher.doFinal(byteContent)); } } catch (Exception e) { e.printStackTrace(); } return null; }
@Override public void resetPassword(ResetPasswordDTO resetPasswordDTO){ SysUser user = this.selectById(resetPasswordDTO.getUid().trim()); if(user==null){ throw RequestException.fail(String.format("不存在ID为 %s 的用户",resetPasswordDTO.getUid())); } String password = MD5EncryptUtil.encrypt(String.valueOf(resetPasswordDTO.getPassword())+user.getUsername()); user.setPassword(password); try { this.updateById(user); shiroService.clearAuthByUserId(user.getId(),true,true); }catch (Exception e){ throw RequestException.fail(String.format("ID为 %s 的用户密码重置失败",resetPasswordDTO.getUid()),e); } } }
/** * AES加密/解密 公共方法 * @param content 字符串 * @param password 密钥 * @param type 加密:{@link Cipher#ENCRYPT_MODE},解密:{@link Cipher#DECRYPT_MODE} */ private static String aes(String content, String password, int type) { try { KeyGenerator generator = KeyGenerator.getInstance("AES"); SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); random.setSeed(password.getBytes()); generator.init(128, random); SecretKey secretKey = generator.generateKey(); byte[] enCodeFormat = secretKey.getEncoded(); SecretKeySpec key = new SecretKeySpec(enCodeFormat, "AES"); Cipher cipher = Cipher.getInstance("AES"); cipher.init(type, key); if (type == Cipher.ENCRYPT_MODE) { byte[] byteContent = content.getBytes("utf-8"); return Hex2Util.parseByte2HexStr(cipher.doFinal(byteContent)); } else { byte[] byteContent = Hex2Util.parseHexStr2Byte(content); return new String(cipher.doFinal(byteContent)); } } catch (Exception e) { e.printStackTrace(); } return null; } }
/** * AES解密 * @param content 字符串内容 * @param password 密钥 */ public static String decrypt(String content, String password){ return aes(content,password,Cipher.DECRYPT_MODE); }
/** * DES加密 * @param content 字符串内容 * @param password 密钥 */ public static String encrypt(String content, String password){ return des(content,password,Cipher.ENCRYPT_MODE); }
" (无法获取请求正文数据,请检查发送数据体或请求方法是否符合规范。)"); if(body==null || StringUtils.isNullOrEmpty(body)){ throw new DecryptBodyFailException("The request body is NULL or an empty string, so the decryption failed." + " (请求正文为NULL或为空字符串,因此解密失败。)");
@Override public void add(UserAddDTO addDTO) { SysUser findUser = this.findUserByName(addDTO.getUsername(),false); if(findUser!=null){ throw RequestException.fail( String.format("已经存在用户名为 %s 的用户",addDTO.getUsername())); } try { findUser = new SysUser(); BeanUtils.copyProperties(addDTO,findUser); findUser.setCreateDate(new Date()); findUser.setPassword(MD5EncryptUtil.encrypt(String.valueOf(findUser.getPassword())+findUser.getUsername())); this.insert(findUser); this.updateUserRole(findUser); }catch (Exception e){ throw RequestException.fail("添加用户失败",e); } }