美文网首页
对请求参数做AES加密

对请求参数做AES加密

作者: 呼噜噜睡 | 来源:发表于2024-07-03 11:01 被阅读0次

    对于安全性较高的网站,请求参数传输可能会加密成密文,在进行传输,这里,小编给大家提供一个简单的使用AES对请求参数进行加密的代码实现(普通get/post以及application/json的post请求),放代码吧。

    首先定义一些常量:

    
    package cn.wjp.mydaily.common.filter;
    
    public class HttpConst {
        /**
         * 几种常见的Content-Type
         */
        public static final String FORM_URLENCODED_CONTENT_TYPE ="application/x-www-form-urlencoded";
    
        public static final String JSON_CONTENT_TYPE = "application/json";
    
        public static final String MULTIPART_CONTENT_TYPE = "multipart/form-data";
        /**
         * 常见的post/get请求方式
         */
        public static final String POST_METHOD = "post";
    
        public static final String GET_METHOD = "get";
    
        public static final String OPTIONS_METHOD = "options";
    
    }
    

    接下来是AES加密解密的工具类:

    package cn.wjp.mydaily.common.filter;
    
    import java.util.Base64;
    import java.util.Base64.Decoder;
    import java.util.Base64.Encoder;
    import javax.crypto.Cipher;
    import javax.crypto.spec.IvParameterSpec;
    import javax.crypto.spec.SecretKeySpec;
    
    /**
     * AES加密、解密
     * @author wjp
     *
     */
    public class AESCipher {
    
        //偏移量
        private static final String IV_STRING = "16-Bytes--String";//长度为16的字符串
    
        //私钥
        public static final String KEY = "key1234561111111";//长度为16的字符串
    
        public static final String DEFAULT_CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";
        /**
         * 加密方法
         * @param content 加密内容
         * @param key 加密公钥 16-Bytes--String
         * @return
         */
        public static String encryptAES(String content, String key)
                throws Exception {
    
            byte[] byteContent = content.getBytes("UTF-8");
    
            
            // 这里的 key 不可以使用 KeyGenerator、SecureRandom、SecretKey 生成
            byte[] enCodeFormat = key.getBytes();
            SecretKeySpec secretKeySpec = new SecretKeySpec(enCodeFormat, "AES");
    
            byte[] initParam = IV_STRING.getBytes();
            IvParameterSpec ivParameterSpec = new IvParameterSpec(initParam);
    
            // 指定加密的算法、工作模式和填充方式
            Cipher cipher = Cipher.getInstance(DEFAULT_CIPHER_ALGORITHM);
            cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivParameterSpec);
    
            byte[] encryptedBytes = cipher.doFinal(byteContent);
    
            // 同样对加密后数据进行 base64 编码
            Encoder encoder = Base64.getEncoder();
            return encoder.encodeToString(encryptedBytes);
        }
    
        /**
         * 解密算法
         * @param content 解密内容
         * @param key 加密公钥 16-Bytes--String
         * @return
         */
        public static String decryptAES(String content, String key) {
            try {
                // base64 解码
                Decoder decoder = Base64.getDecoder();
                byte[] encryptedBytes = decoder.decode(content);
    
                byte[] enCodeFormat = key.getBytes();
                SecretKeySpec secretKey = new SecretKeySpec(enCodeFormat, "AES");
    
                byte[] initParam = IV_STRING.getBytes();
                IvParameterSpec ivParameterSpec = new IvParameterSpec(initParam);
    
                Cipher cipher = Cipher.getInstance(DEFAULT_CIPHER_ALGORITHM);
                cipher.init(Cipher.DECRYPT_MODE, secretKey, ivParameterSpec);
    
                byte[] result = cipher.doFinal(encryptedBytes);
    
                return new String(result, "UTF-8");
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }
    

    好了,万事俱备,接下来该过滤器登场了:

    package cn.wjp.mydaily.common.filter;
    
    import com.alibaba.fastjson.JSON;
    import com.alibaba.fastjson.TypeReference;
    
    import javax.servlet.*;
    import javax.servlet.FilterConfig;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import java.io.IOException;
    import java.util.Arrays;
    import java.util.HashMap;
    import java.util.Map;
    
    /**
     * 对请求参数做处理
     */
    public class ParamsFilter implements Filter {
    
        private static final String DECRYPT_PARAM_NAME = "decrypt";//请求参数包含的是否加密的字段
    
        private static final String DEFAULT_DECRYPT_TYPE = "AES";//默认加密的类型
    
        public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
            HttpServletRequest request = (HttpServletRequest) req;
            HttpServletResponse response = (HttpServletResponse) res;
    
            String contentType = request.getContentType();//获取contentType请求头
            String method = request.getMethod();//获取请求方法  post/get
            //1 处理get请求  get请求的Content-Type一般为application/x-www-form-urlencoded  或者  text/html
            if (method.trim().equalsIgnoreCase(HttpConst.GET_METHOD)) {
                String decrypt = request.getParameter(DECRYPT_PARAM_NAME);
                if(decrypt==null||decrypt.trim().isEmpty()){
                    chain.doFilter(request, response);
                    return;
                }
                HttpServletRequestNormalWrapper wrapperRequest = new HttpServletRequestNormalWrapper(request);
                Map<String, String[]> parameterMap = wrapperRequest.getParameterMap();
                parameterMap = decryptParamForNormalRequest(parameterMap,decrypt);
                wrapperRequest.setParameterMap(parameterMap);
                chain.doFilter(wrapperRequest, response);
                return;
            }
            //2 处理post请求  只处理application/x-www-form-urlencoded  application/json,对于multipart/form-data,直接放行
            if (method.trim().equalsIgnoreCase(HttpConst.POST_METHOD)) {
                if (contentType.trim().toLowerCase().contains(HttpConst.MULTIPART_CONTENT_TYPE)) {
                    chain.doFilter(request, response);
                    return;
                }
                //处理application/x-www-form-urlencoded
                if (contentType.trim().toLowerCase().contains(HttpConst.FORM_URLENCODED_CONTENT_TYPE)) {
                    String decrypt = request.getParameter(DECRYPT_PARAM_NAME);
                    if(decrypt==null||decrypt.trim().isEmpty()){
                        chain.doFilter(request, response);
                        return;
                    }
                    HttpServletRequestNormalWrapper wrapperRequest = new HttpServletRequestNormalWrapper(request);
                    Map<String, String[]> parameterMap = wrapperRequest.getParameterMap();
                    parameterMap = decryptParamForNormalRequest(parameterMap,decrypt);
                    wrapperRequest.setParameterMap(parameterMap);
                    chain.doFilter(wrapperRequest, response);
                    return;
                }
                //处理application/json
                if (contentType.trim().toLowerCase().contains(HttpConst.JSON_CONTENT_TYPE)) {
                    HttpServletRequestBodyReaderWrapper requestWrapper = new HttpServletRequestBodyReaderWrapper(request);
                    String body = requestWrapper.getBody();
                    if (body == null || body.trim().isEmpty()||body.trim().equalsIgnoreCase("{}")) {
                        chain.doFilter(requestWrapper, response);
                        return;
                    }
                    Map<String, Object> map = JSON.parseObject(body, new TypeReference<Map<String, Object>>() {});
                    String decrypt = (String)map.get(DECRYPT_PARAM_NAME);
                    if(decrypt==null||decrypt.trim().isEmpty()){
                        chain.doFilter(requestWrapper, response);
                        return;
                    }
                    body = decryptParamForPostJsonRequest(body,decrypt);
                    requestWrapper.setBody(body);
                    chain.doFilter(requestWrapper, response);
                    return;
                }
            }
            chain.doFilter(request, response);
            return;
    
        }
    
        /**
         * 字符串解密
         *
         * @param value
         * @return
         */
        public String decryptParam(String value,String decryptType) {
            if(decryptType.trim().equalsIgnoreCase(DEFAULT_DECRYPT_TYPE)){
                return AESCipher.decryptAES(value,AESCipher.KEY);
            }else{
                return value + "+++";
            }
    
        }
    
        /**
         * 普通的post/get请求
         *
         * @param parameterMap
         */
        public Map<String, String[]> decryptParamForNormalRequest(Map<String, String[]> parameterMap,String decryptType) {
            Map<String, String[]> decryptMap = new HashMap<>();
            if (parameterMap == null || parameterMap.size() == 0) {
                return decryptMap;
            }
            for (Map.Entry<String, String[]> entry : parameterMap.entrySet()) {
                String key = entry.getKey();
                if(key==null||key.trim().equalsIgnoreCase(DECRYPT_PARAM_NAME)){
                   continue;
                }
                String[] value = entry.getValue();
                //String decryptKey = decodeParam(key,decryptType);
                String[] decryptValue = null;
                if (value != null && value.length > 0) {
                    decryptValue = new String[value.length];
                    for (int i = 0; i < value.length; i++) {
                        decryptValue[i] = decryptParam(value[i],decryptType);
                    }
                }
                decryptMap.put(key, decryptValue);
            }
            //打印用
            StringBuffer printStr = new StringBuffer();
            for (Map.Entry<String, String[]> entry1 : decryptMap.entrySet()) {
                printStr.append(entry1.getKey()).append("=").append(Arrays.asList(entry1.getValue())).append("&");
            }
            System.out.println("ParamsFilter:发送的请求参数:" + JSON.toJSONString(printStr));
            return decryptMap;
        }
    
        /**
         * post的application/json请求
         *
         * @param body
         */
        public String decryptParamForPostJsonRequest(String body,String decryptType) {
            String decryptBody = "{}";
            if (body == null || body.trim().isEmpty()||body.trim().equalsIgnoreCase("{}")||!body.trim().contains(":")) {
                return decryptBody;
            }
            Map<String, Object> map = JSON.parseObject(body, new TypeReference<Map<String, Object>>() {
            });
            if (map == null || map.size() == 0) {
                return decryptBody;
            }
            Map<String, Object> decryptMap = new HashMap<>();
            for (Map.Entry<String, Object> entry : map.entrySet()) {
                String key = entry.getKey();
                if(key==null||key.trim().equalsIgnoreCase(DECRYPT_PARAM_NAME)){
                    continue;
                }
                Object value = entry.getValue();
                String valueStr = String.valueOf(value);
                if (valueStr == null || valueStr.trim().isEmpty() || valueStr.trim().equalsIgnoreCase("null")) {
                    valueStr = null;
                }
                decryptMap.put(key, decryptParam(valueStr,decryptType));
            }
            decryptBody = JSON.toJSONString(decryptMap);
            System.out.println("ParamsFilter:发送的请求参数:" + decryptBody);
            return decryptBody;
        }
    
    
        @Override
        public void destroy() {
        }
    
        @Override
        public void init(FilterConfig arg0) {
        }
    }
    

    相关文章

      网友评论

          本文标题:对请求参数做AES加密

          本文链接:https://www.haomeiwen.com/subject/snmbcjtx.html