登录验证
用户注册
1. 对账号密码进行加盐加密
加盐:两个用户密码相同,那么他们密码的哈希值也是相同的。我们可以通过“随机化”哈希来阻止这类攻击,于是当相同的密码被哈希两次之后,得到的值就不相同了。我们在密码中加入一段随机的字符来进行加密,这样每次生成的密文都是不同的,这个字符串就是盐(salt),我们把密文和盐值存入数据库中。
校验密码的步骤
- 从数据库取出用户的密码哈希值和对应盐值
- 将盐值混入用户输入的密码,并且使用同样的哈希函数进行加密
- 比较上一步的结果和数据库储存的哈希值是否相同,如果相同那么密码正确,反之密码错误
1 // 需要注册的账号密码 2 String account = "zhangsan"; 3 String pwd = "zaqxsw000"; 4 byte[] saltByte = Digests.generateSalt(Constants.SALT_SIZE); 5 // 生成的盐 6 String saltStr = Encodes.encodeHex(saltByte); 7 System.out.println(saltStr); 8 9 byte[] hashPassword = Digests.sha1(pwd.getBytes(), saltByte, Constants.HASH_INTERATIONS); 10 String encodePassword = Encodes.encodeHex(hashPassword); 11 System.out.println(encodePassword);
2
import org.apache.commons.lang3.Validate; import java.io.IOException; import java.io.InputStream; import java.security.GeneralSecurityException; import java.security.MessageDigest; import java.security.SecureRandom; /** * 支持SHA-1/MD5消息摘要的工具类. * * 返回ByteSource,可进一步被编码为Hex, Base64或UrlSafeBase64 * */ public class Digests { private static final String SHA1 = "SHA-1"; private static final String MD5 = "MD5"; private static SecureRandom random = new SecureRandom(); /** * 对输入字符串进行md5散列. */ public static byte[] md5(byte[] input) { return digest(input, MD5, null, 1); } public static byte[] md5(byte[] input, int iterations) { return digest(input, MD5, null, iterations); } /** * 对输入字符串进行sha1散列. */ public static byte[] sha1(byte[] input) { return digest(input, SHA1, null, 1); } public static byte[] sha1(byte[] input, byte[] salt) { return digest(input, SHA1, salt, 1); } public static byte[] sha1(byte[] input, byte[] salt, int iterations) { return digest(input, SHA1, salt, iterations); } /** * 对字符串进行散列, 支持md5与sha1算法. */ private static byte[] digest(byte[] input, String algorithm, byte[] salt, int iterations) { try { MessageDigest digest = MessageDigest.getInstance(algorithm); if (salt != null) { digest.update(salt); } byte[] result = digest.digest(input); for (int i = 1; i < iterations; i++) { digest.reset(); result = digest.digest(result); } return result; } catch (GeneralSecurityException e) { throw Exceptions.unchecked(e); } } /** * 生成随机的Byte[]作为salt. * * @param numBytes byte数组的大小 */ public static byte[] generateSalt(int numBytes) { Validate.isTrue(numBytes > 0, "numBytes argument must be a positive integer (1 or larger)", numBytes); byte[] bytes = new byte[numBytes]; random.nextBytes(bytes); return bytes; } /** * 对文件进行md5散列. */ public static byte[] md5(InputStream input) throws IOException { return digest(input, MD5); } /** * 对文件进行sha1散列. */ public static byte[] sha1(InputStream input) throws IOException { return digest(input, SHA1); } private static byte[] digest(InputStream input, String algorithm) throws IOException { try { MessageDigest messageDigest = MessageDigest.getInstance(algorithm); int bufferLength = 8 * 1024; byte[] buffer = new byte[bufferLength]; int read = input.read(buffer, 0, bufferLength); while (read > -1) { messageDigest.update(buffer, 0, read); read = input.read(buffer, 0, bufferLength); } return messageDigest.digest(); } catch (GeneralSecurityException e) { throw Exceptions.unchecked(e); } } }
3.
import org.apache.commons.codec.DecoderException; import org.apache.commons.codec.binary.Base64; import org.apache.commons.codec.binary.Hex; import org.apache.commons.lang3.StringEscapeUtils; import java.io.UnsupportedEncodingException; import java.net.URLDecoder; import java.net.URLEncoder; /** * 封装各种格式的编码解码工具类. * 1.Commons-Codec的 hex/base64 编码 * 2.自制的base62 编码 * 3.Commons-Lang的xml/html escape * 4.JDK提供的URLEncoder */ public class Encodes { private static final String DEFAULT_URL_ENCODING = "UTF-8"; private static final char[] BASE62 = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz".toCharArray(); /** * Hex编码. */ public static String encodeHex(byte[] input) { return new String(Hex.encodeHex(input)); } /** * Hex解码. */ public static byte[] decodeHex(String input) { try { return Hex.decodeHex(input.toCharArray()); } catch (DecoderException e) { throw Exceptions.unchecked(e); } } /** * Base64编码. */ public static String encodeBase64(byte[] input) { return new String(Base64.encodeBase64(input)); } /** * Base64编码. */ public static String encodeBase64(String input) { try { return new String(Base64.encodeBase64(input.getBytes(DEFAULT_URL_ENCODING))); } catch (UnsupportedEncodingException e) { return ""; } } // /** // * Base64编码, URL安全(将Base64中的URL非法字符'+'和'/'转为'-'和'_', 见RFC3548). // */ // public static String encodeUrlSafeBase64(byte[] input) { // return Base64.encodeBase64URLSafe(input); // } /** * Base64解码. */ public static byte[] decodeBase64(String input) { return Base64.decodeBase64(input.getBytes()); } /** * Base64解码. */ public static String decodeBase64String(String input) { try { return new String(Base64.decodeBase64(input.getBytes()), DEFAULT_URL_ENCODING); } catch (UnsupportedEncodingException e) { return ""; } } /** * Base62编码。 */ public static String encodeBase62(byte[] input) { char[] chars = new char[input.length]; for (int i = 0; i < input.length; i++) { chars[i] = BASE62[((input[i] & 0xFF) % BASE62.length)]; } return new String(chars); } /** * Html 转码. */ public static String escapeHtml(String html) { return StringEscapeUtils.escapeHtml4(html); } /** * Html 解码. */ public static String unescapeHtml(String htmlEscaped) { return StringEscapeUtils.unescapeHtml4(htmlEscaped); } /** * Xml 转码. */ public static String escapeXml(String xml) { return StringEscapeUtils.escapeXml10(xml); } /** * Xml 解码. */ public static String unescapeXml(String xmlEscaped) { return StringEscapeUtils.unescapeXml(xmlEscaped); } /** * URL 编码, Encode默认为UTF-8. */ public static String urlEncode(String part) { try { return URLEncoder.encode(part, DEFAULT_URL_ENCODING); } catch (UnsupportedEncodingException e) { throw Exceptions.unchecked(e); } } /** * URL 解码, Encode默认为UTF-8. */ public static String urlDecode(String part) { try { return URLDecoder.decode(part, DEFAULT_URL_ENCODING); } catch (UnsupportedEncodingException e) { throw Exceptions.unchecked(e); } } }
错误或不严谨之处欢迎指点,不胜感激
浙公网安备 33010602011771号