若依框架渗透测试⽤户名密码明⽂传输问题
解决思路,前端js加密,controller层解密
1、前端加密
引⼊js(jsencrypt.min.js)
function login() {
$.modal.loading($("#btnSubmit").data("loading"));
var username = $("input[name='username']").val().trim();
var password = $("input[name='password']").val().trim();
var validateCode = $("input[name='validateCode']").val();
var rememberMe = $("input[name='rememberme']").is(':checked');
$.ajax({
type: "post",
url: ctx + "login",
data: {
"username": username,
"password": getP(password),
"validateCode" : validateCode,
"rememberMe": rememberMe
},
success: function(r) {
。。。。。。。。。。。。。。。省略
function getP(pw){方舟子是哪里人
var encrypt = new JSEncrypt();
encrypt.setPublicKey("-----BEGIN PUBLIC KEY-----MIIBITANBgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQBdGLuF0cP1mE8cuK24mp7qi5sSmNVSB0qdJiiw6jzkU+iH1+bVJmFbuiAmYG/VOym6ZDftCy2R4oJvkP7MgS1nsxBRdnb0eAU/abV var encryted = pt(pw);
return encryted;
}
这⼉的公钥可以放到jsencrypt.min.js的最后⾯,然后在这⼉取,我直接就写到这⼉了
controller层解密代码
@PostMapping("/login")
@ResponseBody
public AjaxResult ajaxLogin(String username, String password, Boolean rememberMe)
{
String repassword = "";
游戏名大全//System.out.println("解密前"+password);
//对传过来密码的值进⾏解密
try {
repassword = RSAUtil.decrypt(password,RSAUtil.PRIVATE_KEY);
//System.out.println("解密后"+repassword);
} catch (Exception e) {
e.printStackTrace();
return error("⾮法登录");
考研数学国家线}
UsernamePasswordToken token = new UsernamePasswordToken(username, repassword, rememberMe);
Subject subject = Subject();
try{
subject.login(token);
return success();
}
catch (AuthenticationException e)
{
String msg = "⽤户或密码错误";
if (StringUtils.Message()))
{
msg = e.getMessage();
}
return error(msg);
}
乔欣家里到底干什么的}
⼯具类SHAUtil
package com.ruoyimon.utils;
鱼片怎么切import dec.binary.Base64;
pto.Cipher;
import java.security.*;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
public class RSAUtil {
//public static String PRIVATE_KEY="MIIEoQIBAAMMMMMMMMMMMMMMMMFbuiAmYG/VOym6ZDftCy2R4oJvkP7MgS1nsxBRdnb0eAU/abVy1Wk2y1d6ZsiF35Shpy235WfkIVc9cRX71LpNxetfMiFAJSqSZ2XbNJTBWZEah/r0rBgRSAkC6N public static String PRIVATE_KEY="MIIEuwNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNgEAAoIBAF0Yu4XRw/WYTxy4rbianuqLmxKY1VIHSp0mKLDqPORT6IfX5tUmYVu6ICZgb9U7KbpkN+0LLZHigm+Q/syBLWezEFF2dvR4BT9ptXLV public static String PUBLIC_KEY="MIIBITANBgkqhkiKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKi5sSmNVSB0qdJiiw6jzkU+iH1+bVJmFbuiAmYG/VOym6ZDftCy2R4oJvkP7MgS1nsxBRdnb0eAU/abVy1Wk2y1d6ZsiF35Shpy235WfkIVc private static Map<Integer, String> keyMap = new HashMap<Integer, String>(); //⽤于封装随机产⽣的公钥与私钥
/* public static void main(String[] args) throws Exception {
//⽣成公钥和私钥
genKeyPair();
//加密字符串
String message = "testmsg";
System.out.println("随机⽣成的公钥为:" + (0));
System.out.println("随机⽣成的私钥为:" + (1));
String messageEn = encrypt((0));
System.out.println("明⽂:"+message);
System.out.println("加密后的字符串为:" + messageEn);
String messageDe = decrypt((1));
System.out.println("还原后的字符串为:" + messageDe);
}*/
/**
* 随机⽣成密钥对
* @throws NoSuchAlgorithmException
*/
public static void genKeyPair() throws NoSuchAlgorithmException {
// KeyPairGenerator类⽤于⽣成公钥和私钥对,基于RSA算法⽣成对象
KeyPairGenerator keyPairGen = Instance("RSA");
// 初始化密钥对⽣成器,密钥⼤⼩为96-1024位
keyPairGen.initialize(1024,new SecureRandom());
// ⽣成⼀个密钥对,保存在keyPair中
KeyPair keyPair = ateKeyPair();
RSAPrivateKey privateKey = (RSAPrivateKey) Private(); // 得到私钥
RSAPublicKey publicKey = (RSAPublicKey) Public(); // 得到公钥
String publicKeyString = new Encoded()));
// 得到私钥字符串
String privateKeyString = new deBase64((Encoded())));
// 将公钥和私钥保存到Map
keyMap.put(0,publicKeyString); //0表⽰公钥
keyMap.put(1,privateKeyString); //1表⽰私钥
}
/**
* RSA公钥加密
*
* @param str
* 加密字符串
* @param publicKey
* 公钥
* @return 密⽂
* @throws Exception
* 加密过程中的异常信息
*/
public static String encrypt( String str, String publicKey ) throws Exception{
/
2022端午放假时间表/base64编码的公钥
byte[] decoded = Base64.decodeBase64(publicKey);
RSAPublicKey pubKey = (RSAPublicKey) Instance("RSA").generatePublic(new X509EncodedKeySpec(decoded));
//RSA加密
Cipher cipher = Instance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, pubKey);
String outStr = deBase64String(cipher.Bytes("UTF-8")));
return outStr;
}
/**
* RSA私钥解密
*
* @param str
* 加密字符串
* @param privateKey
* 私钥
* @return 铭⽂
* @throws Exception
* 解密过程中的异常信息
*/
public static String decrypt(String str, String privateKey) throws Exception{
//64位解码加密后的字符串
byte[] inputByte = Base64.Bytes("UTF-8"));
//base64编码的私钥
byte[] decoded = Base64.decodeBase64(privateKey);
RSAPrivateKey priKey = (RSAPrivateKey) Instance("RSA").generatePrivate(new PKCS8EncodedKeySpec(decoded)); //RSA解密
Cipher cipher = Instance("RSA");
cipher.init(Cipher.DECRYPT_MODE, priKey);
String outStr = new String(cipher.doFinal(inputByte));
return outStr;
}
}
公钥和私钥⽣成地址
⽣成的密钥要格式转化
把密钥格式转化为 pksc8
发布评论