From d6404ab72e2e0fa8a8c68b7ce14c2f2a6352bfae Mon Sep 17 00:00:00 2001 From: ZeYanG <zeyang404@gmail.com> Date: Fri, 24 Aug 2018 14:48:07 +0800 Subject: [PATCH] 提交 验证码大小写 --- publish/src/com/javen/controller/PublishController.java | 6 publish/src/com/javen/common/Des1.java | 423 ++++++++++++++++++++++++++++++++++++++++++++++++++++ out/production/CustomForm-publish/com/javen/controller/PublishController.class | 0 out/production/CustomForm-publish/com/javen/common/Des1.class | 0 publish/WEB-INF/jsp/showForm.jsp | 12 + 5 files changed, 436 insertions(+), 5 deletions(-) diff --git a/out/production/CustomForm-publish/com/javen/common/Des1.class b/out/production/CustomForm-publish/com/javen/common/Des1.class new file mode 100644 index 0000000..6487610 --- /dev/null +++ b/out/production/CustomForm-publish/com/javen/common/Des1.class Binary files differ diff --git a/out/production/CustomForm-publish/com/javen/controller/PublishController.class b/out/production/CustomForm-publish/com/javen/controller/PublishController.class index 27356bc..f842e5b 100644 --- a/out/production/CustomForm-publish/com/javen/controller/PublishController.class +++ b/out/production/CustomForm-publish/com/javen/controller/PublishController.class Binary files differ diff --git a/publish/WEB-INF/jsp/showForm.jsp b/publish/WEB-INF/jsp/showForm.jsp index e0d94a3..25fb9f9 100644 --- a/publish/WEB-INF/jsp/showForm.jsp +++ b/publish/WEB-INF/jsp/showForm.jsp @@ -138,6 +138,11 @@ <!-- 密码验证 --> <script type="text/javascript"> $(function(){ + var url = window.location.href; + var key = GetQueryString(url,"publishShowflag"); + if(key==1){ + return ; + } // 发布模式选择 if(getEnclocal("customShowFlag") == undefined) { setDeclocal("customShowFlag","3"); @@ -151,9 +156,9 @@ popupDiv('showPassword'); }; $("#auth").click(function(){ - var param = {}; - param.accesspassword = $("#password").val(); - param.ver = $("#ver").val(); + var param = {}; + param.accesspassword = encryptByDES($("#password").val(),""); + param.ver = encryptByDES($("#ver").val().toLocaleLowerCase(),""); // param.openId = getCookie("openId"); // param.formId = getEnclocal("customForm").newFormID; if (!param.accesspassword) { @@ -167,6 +172,7 @@ $.ajax({ type : "POST", dataType : "text", + // headers : {"Content-Type":"application/json"}, url : "/publish/auth", data : param, success : function(data){ diff --git a/publish/src/com/javen/common/Des1.java b/publish/src/com/javen/common/Des1.java new file mode 100644 index 0000000..1d67aff --- /dev/null +++ b/publish/src/com/javen/common/Des1.java @@ -0,0 +1,423 @@ +package com.javen.common; + +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.codec.digest.DigestUtils; + +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.SecretKey; +import javax.crypto.spec.SecretKeySpec; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.security.Security; +import java.util.Arrays; +import java.util.Objects; + +/** + * 编码加密工具类 + */ +public class Des1 { + + private Des1() { + } + + /** Base64 编码 */ + private static final Base64 B64 = new Base64(); + /** 安全的随机数源 */ + private static final SecureRandom RANDOM = new SecureRandom(); + /** SHA-1加密 */ + private static MessageDigest SHA_1 = null; + + static { + init(); + } + + /** 初始化 */ + private static void init() { + try { + SHA_1 = MessageDigest.getInstance("SHA-1"); + } catch (NoSuchAlgorithmException e) { + throw new IllegalStateException(e); + } + } + + /** + * SHA-1加密 + * + * @param str + * 明文 + * @return 密文 + */ + public static String sha1(String str) { + return new String(B64.encode(SHA_1.digest(str.getBytes()))); + } + + /** + * SHA-1加密(Url安全) + * + * @param str + * 明文 + * @return 密文 + */ + public static String sha1Url(String str) { + return new String(Base64.encodeBase64URLSafeString(SHA_1.digest(str.getBytes()))); + } + + /** + * Base64编码 + * + * @param bs + * byte数组 + * @return 编码后的byte数组 + */ + public static byte[] b64Encode(byte[] bs) { + return B64.encode(bs); + } + + /** + * Base64编码字符串 + * + * @param str + * 需要编码的字符串 + * @return 编码后的字符串 + */ + public static String b64Encode(String str) { + if (null != str) { + return new String(B64.encode(str.getBytes())); + } + return null; + } + + /** + * Base64编码字符串(Url安全) + * + * @param str + * 需要编码的字符串 + * @return 编码后的字符串 + */ + public static String b64Url(String str) { + if (null != str) { + return Base64.encodeBase64URLSafeString(str.getBytes()); + } + return null; + } + + /** + * Base64解码 + * + * @param bs + * byte数组 + * @return 解码后的byte数组 + */ + public static byte[] b64Decode(byte[] bs) { + return B64.decode(bs); + } + + /** + * Base64解码字符串 + * + * @param str + * 需要解码的字符串 + * @return 解码后的字符串 + */ + public static String b64Decode(String str) { + if (null != str) { + byte[] bs = B64.decode(str.getBytes()); + if (null != bs) { + return new String(bs); + } + } + return null; + } + + /** + * 生成32位MD5密文 + * + * <pre> + * org.apache.commons.codec.digest.DigestUtils + * </pre> + * + * @param str + * 明文 + * @return 密文 + */ + public static String md5(String str) { + if (null != str) { + return DigestUtils.md5Hex(str); + } + return null; + } + + /** DES加密算法 */ + private static final String DES_ALGORITHM = "DESede"; // 可用 DES,DESede,Blowfish + /** DES默认加密 */ + private static Cipher DES_CIPHER_ENC = null; + /** DES默认解密 */ + private static Cipher DES_CIPHER_DEC = null; + private static String AESECBPKCS5Padding = "AES/ECB/PKCS5Padding"; + + static { + // 添加JCE算法 + Security.addProvider(new com.sun.crypto.provider.SunJCE()); + // 初始化默认DES加密 + try { + // 密钥 + SecretKey desKey = new SecretKeySpec(new byte[] { 0x11, 0x22, 0x4F, 0x58, (byte) 0x88, 0x10, 0x40, 0x38, 0x28, 0x25, 0x79, 0x51, (byte) 0xCB, (byte) 0xDD, 0x55, 0x66, 0x77, 0x29, 0x74, + (byte) 0x98, 0x30, 0x40, 0x36, (byte) 0xE2 }, DES_ALGORITHM); + // 初始化默认加密 + DES_CIPHER_ENC = Cipher.getInstance(DES_ALGORITHM); + DES_CIPHER_ENC.init(Cipher.ENCRYPT_MODE, desKey, RANDOM); + // 初始化默认解密 + DES_CIPHER_DEC = Cipher.getInstance(DES_ALGORITHM); + DES_CIPHER_DEC.init(Cipher.DECRYPT_MODE, desKey, RANDOM); + } catch (Exception e) { + System.err.println("DES默认加密解密初始化失败:" + e.getMessage()); + } + } + + /** + * DES加密(默认密钥) + * + * + * @param strings + * @param str + * 需要加密的明文 + * @return 加密后的密文(base64编码字符串) + */ + public static String desEncryp(String[] strings, String str) { + return desEncryp(str, false); + } + + /** + * DES加密(默认密钥) + * + * @param str + * 需要加密的明文 + * @return 加密后的密文(base64编码字符串,Url安全) + */ + public static String desEncrypUrl(String str) { + return desEncryp(str, true); + } + + /** + * DES加密(默认密钥) + * + * @param str + * 需要加密的明文 + * @param urlSafety + * 密文是否需要Url安全 + * @return 加密后的密文(str为null返回null) + */ + public static String desEncryp(String str, boolean urlSafety) { + if (null != str) { + try { + byte[] bytes = DES_CIPHER_ENC.doFinal(str.getBytes("UTF-8"));// 加密 + if (urlSafety) { + return Base64.encodeBase64URLSafeString(bytes); + } else { + return new String(B64.encode(bytes)); + } + } catch (Exception e) { + System.err.println("DES加密失败, 密文:" + str + ", 错误:" + e.getMessage()); + } + } + return null; + } + + /** + * DES解密(默认密钥) + * + * @param str + * 需要解密的密文(base64编码字符串) + * @return 解密后的明文 + */ + public static String desDecrypt(String str) { + if (null != str) { + try { + byte[] bytes = DES_CIPHER_DEC.doFinal(B64.decode(str));// 解密 + return new String(bytes, "UTF-8"); + } catch (Exception e) { + System.err.println("DES解密失败, 密文:" + str + ", 错误:" + e.getMessage()); + } + } + return null; + } + + /** + * DES加密 + * + * @param str + * 需要加密的明文 + * @param key + * 密钥(长度小于24字节自动补足,大于24取前24字节) + * @return 加密后的密文(base64编码字符串) + */ + public static String desEncryp(String str, String key) {//加密 + return desEncryp(str, key, false); + } + + + /** + * DES加密 + * + * @param str + * 需要加密的明文 + * @param key + * 密钥(长度小于24字节自动补足,大于24取前24字节) + * @return 加密后的密文(base64编码字符串,Url安全) + */ + public static String desEncrypUrl(String str, String key) { + return desEncryp(str, key, true); + } + + /** + * DES加密 + * + * @param str + * 需要加密的明文 + * @param key + * 密钥(长度小于24字节自动补足,大于24取前24字节) + * @param urlSafety + * 密文是否需要Url安全 + * @return 加密后的密文(str/key为null返回null) + */ + public static String desEncryp(String str, String key, boolean urlSafety) { + if (null != str && null != key) { + try { + Cipher c = Cipher.getInstance(DES_ALGORITHM); + c.init(Cipher.ENCRYPT_MODE, desKey(key), RANDOM); + // 加密 + byte[] bytes = c.doFinal(str.getBytes("UTF-8"));// 加密 + // 返回b64处理后的字符串 + if (urlSafety) { + return Base64.encodeBase64URLSafeString(bytes); + } else { + return new String(B64.encode(bytes)); + } + } catch (Exception e) { + System.err.println("DES加密失败, 密文:" + str + ", key:" + key + ", 错误:" + e.getMessage()); + } + } + return null; + } + + /** + * DES解密 + * + * @param str + * 需要解密的密文(base64编码字符串) + * @param key + * 密钥(长度小于24字节自动补足,大于24取前24字节) + * @return 解密后的明文 + */ + public static String desDecrypt(String str, String key) {//解密 + + if (null != str && null != key) { + try { + Cipher c = Cipher.getInstance(DES_ALGORITHM); + c.init(Cipher.DECRYPT_MODE, desKey(key), RANDOM); + byte[] bytes = c.doFinal(B64.decode(str)); + String a = new String(bytes, "UTF-8"); + return a!=null && !Objects.equals(a,"")?a:str; + } catch (BadPaddingException e) { + return str; + // System.err.println("DES解密失败, 密文:" + str + ", key:" + key + ", 错误:" + e.getMessage()); + } catch (Exception e) { + return str; + // System.err.println("DES解密失败, 密文:" + str + ", key:" + key + ", 错误:" + e.getMessage()); + } + } +// System.err.println("解密失败str"+str); + return str; + } + + /** DES密钥 */ + private static SecretKey desKey(String key) { + byte[] bs = key.getBytes(); + if (bs.length != 24) { + bs = Arrays.copyOf(bs, 24);// 处理数组长度为24 + } + return new SecretKeySpec(bs, DES_ALGORITHM); + } + + /** AES加密算法 */ + private static final String AES_ALGORITHM = "AES"; + + /** + * AES加密 + * + * @param str + * 需要加密的明文 + * @param key + * 密钥 + * @return 加密后的密文(str/key为null返回null) + */ + public static String aesEncryp(String str, String key) { + return aesEncryp(str, key, false); + } + + /** + * AES加密 + * + * @param str + * 需要加密的明文 + * @param key + * 密钥 + * @param urlSafety + * 密文是否需要Url安全 + * @return 加密后的密文(str/key为null返回null) + */ + public static String aesEncryp(String str, String key, boolean urlSafety) { + if (null != str && null != key) { + try { + Cipher c = Cipher.getInstance(AESECBPKCS5Padding); + c.init(Cipher.ENCRYPT_MODE, aesKey(key), RANDOM); + byte[] bytes = c.doFinal(str.getBytes("UTF-8"));// 加密 + if (urlSafety) { + return Base64.encodeBase64URLSafeString(bytes); + } else { + return new String(B64.encode(bytes)); + } + } catch (Exception e) { + System.err.println("AES加密失败, 密文:" + str + ", key:" + key + ", 错误:" + e.getMessage()); + } + } + return null; + } + + /** + * AES解密 + * + * @param str + * 需要解密的密文(base64编码字符串) + * @param key + * 密钥 + * @return 解密后的明文 + */ + public static String aesDecrypt(String str, String key) { + if (null != str && null != key) { + try { + Cipher c = Cipher.getInstance(AESECBPKCS5Padding); + c.init(Cipher.DECRYPT_MODE, aesKey(key), RANDOM); + return new String(c.doFinal(B64.decode(str)), "UTF-8");// 解密 + } catch (BadPaddingException e) { + System.err.println("AES解密失败, 密文:" + str + ", key:" + key + ", 错误:" + e.getMessage()); + } catch (Exception e) { + System.err.println("AES解密失败, 密文:" + str + ", key:" + key + ", 错误:" + e.getMessage()); + } + } + return null; + } + + /** AES密钥 */ + private static SecretKeySpec aesKey(String key) { + byte[] bs = key.getBytes(); + if (bs.length != 16) { + bs = Arrays.copyOf(bs, 16);// 处理数组长度为16 + } + return new SecretKeySpec(bs, AES_ALGORITHM); + } + + +} \ No newline at end of file diff --git a/publish/src/com/javen/controller/PublishController.java b/publish/src/com/javen/controller/PublishController.java index 7ed00d3..0425ad7 100644 --- a/publish/src/com/javen/controller/PublishController.java +++ b/publish/src/com/javen/controller/PublishController.java @@ -8,6 +8,7 @@ import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSONObject; import com.javen.common.ApplicationConfig; +import com.javen.common.Des1; import com.javen.common.HttpRequest; import java.io.IOException; @@ -129,10 +130,11 @@ public String authPassword(String ver,String accesspassword, HttpServletRequest request) { HttpSession session = request.getSession(true); String verSession = String.valueOf(session.getAttribute("verCode")); - if(!ver.equals(verSession)){ + if(!Des1.desDecrypt(ver,"").equals(verSession)){ +// return Des1.desDecrypt(ver,"")+"-----"+ver+"===="+verSession; return "error"; } - return this.password.equals(accesspassword) ? "success" : "fail"; + return this.password.equals(Des1.desDecrypt(accesspassword,"")) ? "success" : "fail"; } @RequestMapping("generate") -- Gitblit v1.8.0