jiazhizhong/spring-boot-base-demo
1
0
Fork 0
mirror of https://github.com/RemainderTime/spring-boot-base-demo.git synced 2026-06-01 23:47:53 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): 修复RSA加密实现并移除BCrypt密码编码器

Browse Source 
- 在login.html中添加HTML语言声明和密码显示功能
- 重构前端RSA加密逻辑,支持大数据块分片加密
- 更新RSAUtils.java中的加密算法,使用标准PKCS1填充模式
- 移除UserService中不必要的BCryptPasswordEncoder依赖
- 简化success.html页面的参数解析逻辑
- 统一前后端RSA加密解密的实现方式
This commit is contained in:
海言
2026-06-01 15:14:04 +08:00
parent 8f5f3f137d
commit 217e931806
4 changed files with 181 additions and 229 deletions
Download Patch File Download Diff File Expand all files Collapse all files

238
src/main/java/cn/xf/basedemo/common/utils/RSAUtils.java
View File

@@ -1,192 +1,134 @@
package cn.xf.basedemo.common.utils;
import org.apache.tomcat.util.codec.binary.Base64;
import org.apache.tomcat.util.http.fileupload.IOUtils;
import javax.crypto.Cipher;
import java.io.ByteArrayOutputStream;
import java.security.*;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
/**
* @program: xf-boot-base
* @ClassName RSAUtils
* @description: 加密工具类
* @author: xiongfeng
* @create: 2022-06-20 10:37
**/
public class RSAUtils {
//算法类型
private static final String RSA = "RSA";
private static final String RSA_TRANSFORMATION = "RSA/ECB/PKCS1Padding";
private static final int KEY_SIZE = 1024;
//字符编码类型
private static final String CHARSET = "UTF-8";
//加密长度
private static final int ENCRYPT_SIZE = 1024;
/**
* 创建rsa密匙对
*
* @return
*/
private static Map<String, String> createEncryptKey() {
KeyPairGenerator kpg;
try {
kpg = KeyPairGenerator.getInstance(RSA);
KeyPairGenerator kpg = KeyPairGenerator.getInstance(RSA);
kpg.initialize(KEY_SIZE);
KeyPair keyPair = kpg.generateKeyPair();
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
Map<String, String> map = new HashMap<>();
map.put("publicKey", Base64.getEncoder().encodeToString(publicKey.getEncoded()));
map.put("privateKey", Base64.getEncoder().encodeToString(privateKey.getEncoded()));
return map;
} catch (Exception e) {
throw new IllegalArgumentException();
throw new IllegalArgumentException("create RSA key pair failed", e);
}
kpg.initialize(ENCRYPT_SIZE);
KeyPair keyPair = kpg.generateKeyPair();
PublicKey aPublic = keyPair.getPublic();
String publicKey = Base64.encodeBase64URLSafeString(aPublic.getEncoded());
PrivateKey aPrivate = keyPair.getPrivate();
String privateKey = Base64.encodeBase64URLSafeString(aPrivate.getEncoded());
Map<String, String> map = new HashMap<>();
map.put("publicKey", publicKey);
map.put("privateKey", privateKey);
return map;
}
/**
* 获取ras公匙
*
* @param publicKeyStr 公匙加密字符串
* @return
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
*/
public static RSAPublicKey getPublicKey(String publicKeyStr) throws NoSuchAlgorithmException, InvalidKeySpecException {
// 通过X509编码的Key指令获得公钥对象
KeyFactory keyFactory = KeyFactory.getInstance(RSA);
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(Base64.decodeBase64URLSafe(publicKeyStr));
RSAPublicKey key = (RSAPublicKey) keyFactory.generatePublic(x509KeySpec);
return key;
}
/**
* 获取ras私匙
*
* @param privateKeyStr 私匙加密字符串
* @return
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
*/
public static RSAPrivateKey getPrivateKey(String privateKeyStr) throws NoSuchAlgorithmException, InvalidKeySpecException {
KeyFactory keyFactory = KeyFactory.getInstance(RSA);
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64URLSafe(privateKeyStr));
RSAPrivateKey privateKey = (RSAPrivateKey) keyFactory.generatePrivate(pkcs8EncodedKeySpec);
return privateKey;
}
/**
* 公匙加密
*
* @param data 字符串
* @param publicKey
* @return
*/
public static String publicEncrypt(String data, RSAPublicKey publicKey) {
public static RSAPublicKey getPublicKey(String publicKeyStr) throws InvalidKeySpecException {
try {
Cipher cipher = Cipher.getInstance(RSA);
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] bytes = cipher.doFinal(data.getBytes());
return Base64.encodeBase64URLSafeString(bytes);
// return Base64.encodeBase64URLSafeString(rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE, data.getBytes(CHARSET), publicKey.getModulus().bitLength()));
KeyFactory keyFactory = KeyFactory.getInstance(RSA);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(decodeBase64(publicKeyStr));
return (RSAPublicKey) keyFactory.generatePublic(keySpec);
} catch (InvalidKeySpecException e) {
throw e;
} catch (Exception e) {
throw new RuntimeException();
throw new InvalidKeySpecException("invalid RSA public key", e);
}
}
public static RSAPrivateKey getPrivateKey(String privateKeyStr) throws InvalidKeySpecException {
try {
KeyFactory keyFactory = KeyFactory.getInstance(RSA);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(decodeBase64(privateKeyStr));
return (RSAPrivateKey) keyFactory.generatePrivate(keySpec);
} catch (InvalidKeySpecException e) {
throw e;
} catch (Exception e) {
throw new InvalidKeySpecException("invalid RSA private key", e);
}
}
public static String publicEncrypt(String data, RSAPublicKey publicKey) {
try {
Cipher cipher = Cipher.getInstance(RSA_TRANSFORMATION);
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] encrypted = rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE,
data.getBytes(StandardCharsets.UTF_8), publicKey.getModulus().bitLength());
return Base64.getEncoder().encodeToString(encrypted);
} catch (Exception e) {
throw new RuntimeException("RSA encrypt failed", e);
}
}
public static String privateDecryption(String data, RSAPrivateKey privateKey) {
try {
Cipher cipher = Cipher.getInstance(RSA);
Cipher cipher = Cipher.getInstance(RSA_TRANSFORMATION);
cipher.init(Cipher.DECRYPT_MODE, privateKey);
// byte[] bytes = cipher.doFinal(Base64.decodeBase64(data.getBytes(CHARSET)));
// return new String(bytes);
return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.decodeBase64(data.getBytes(CHARSET), 0, data.getBytes(CHARSET).length), privateKey.getModulus().bitLength()), CHARSET);
byte[] decrypted = rsaSplitCodec(cipher, Cipher.DECRYPT_MODE,
decodeBase64(data), privateKey.getModulus().bitLength());
return new String(decrypted, StandardCharsets.UTF_8);
} catch (Exception e) {
throw new RuntimeException("解密字符串[" + data + "]时遇到异常", e);
throw new RuntimeException("RSA decrypt failed", e);
}
}
private static byte[] decodeBase64(String data) {
String normalizedData = data.replaceAll("\\s", "");
try {
return Base64.getDecoder().decode(normalizedData);
} catch (IllegalArgumentException e) {
return Base64.getUrlDecoder().decode(normalizedData);
}
}
//rsa切割解码 , ENCRYPT_MODE,加密数据 ,DECRYPT_MODE,解密数据
private static byte[] rsaSplitCodec(Cipher cipher, int opmode, byte[] datas, int keySize) {
int maxBlock = 0; //最大块
if (opmode == Cipher.DECRYPT_MODE) {
maxBlock = keySize / 8;
} else {
maxBlock = keySize / 8 - 11;
}
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] buff;
int i = 0;
try {
while (datas.length > offSet) {
if (datas.length - offSet > maxBlock) {
//可以调用以下的doFinal方法完成加密或解密数据
buff = cipher.doFinal(datas, offSet, maxBlock);
} else {
buff = cipher.doFinal(datas, offSet, datas.length - offSet);
}
out.write(buff, 0, buff.length);
i++;
offSet = i * maxBlock;
int maxBlock = opmode == Cipher.DECRYPT_MODE ? keySize / 8 : keySize / 8 - 11;
int offset = 0;
int index = 0;
try (ByteArrayOutputStream out = new ByteArrayOutputStream()) {
while (datas.length > offset) {
int inputLen = Math.min(datas.length - offset, maxBlock);
byte[] buffer = cipher.doFinal(datas, offset, inputLen);
out.write(buffer, 0, buffer.length);
index++;
offset = index * maxBlock;
}
return out.toByteArray();
} catch (Exception e) {
throw new RuntimeException("加解密阀值为[" + maxBlock + "]的数据时发生异常", e);
throw new RuntimeException("RSA block codec failed, maxBlock=" + maxBlock, e);
}
byte[] resultDatas = out.toByteArray();
IOUtils.closeQuietly(out);
return resultDatas;
}
public static void main(String[] args) {
// Map<String, String> encryptKey = createEncryptKey();
// String publicKey = encryptKey.get("publicKey");
// String privateKey = encryptKey.get("privateKey");
//
// System.out.println("公匙加密串:" + publicKey);
// System.out.println("私匙加密串:" + privateKey);
//
// System.out.println();
//
String data = "data";
//加密
try {
String s = publicEncrypt(data, getPublicKey("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC_F5UQC1QWsu3QsESQBz9M-GDA9Atm0qVSvwIsy568lyRLi-nq3VvvnmgrlL4yTbngFzyfb2Dn35cNCHsBvIaGuCY3_PpzPqMzVpxr2QlEkhEX9atnJQ1rWexS8QeZtPjpiIwoQrChTzXjD_sYUkDrqSykFplyivf0NSO2WqCBdwIDAQAB"));
System.out.println("加密后密文:" + s);
String ss = "bPrP3VQpVNj7jxzSvVRQQpOCzg4c9HAMd/Sesda0SOxmWbNzP8SnhayV2H9Jpih2sf26O8dOqiNE7V1u5NPgQBIPi6LqX2QiFTjynVLxQBUmISfmQ2Q6K3sjHBIRIhuZPrXijw7CextUUQwzh4VvEVkjyaUnqlMXVRkUGlgqP7M=";
String privateKey1 = "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALiJJ6RPMMh-ETrmppOG7JKINPSFaaZoHjzZkyQl3AcfrpKMmH82j_Pxl4mPvvgKtbR20N-88-nJLT4v4aOz9XYVl5ruE59SsJl_T8YqN-i8L8KH8Wptd0_ee7nDhF4-OGEi-o330daFv20eLpboy6nDkWLmLihKC0jEZWK8MLZzAgMBAAECgYAEhO9gmcPjFRtM6vsnX8WJbSaG2oGU3rXm3Zk56Gd0ETWQRzsw2mA6JC-G4etWXcTHb6V75T-_-PpPrJKFFNItEH-WFRS36xneomycxRG1YTfK1SsGLGF0BV3bLVZx8cQz7VsBY4vqbRCSKtcOZBJpnxI6iHAv07i8w34F6qjfsQJBAORnKUuJQ_GsHHBPT1VhMYjXVepAfTrWtCzRQ648KavbHLAGaRIhX10uj-hAhZLafDqQF8Y7T7GHTlasRL9ubWsCQQDO1R3KScJJSR3KDsnSsF0YCw7V28cr_OVAwiPoro90Me6MUz9yKV88gQlTuJkNFMuu_YdPXYKjlzNVg0zFmtUZAkEAoe9mPtDeZD0TmKkSZUVYul1543C_mPTan5_qrWCoZtkd2MtiuWEB3O4DR7ZfPcQ8KcU5pektUn_NEfRndZYUawJBAJfydOoxeawBLQNODfLcYefR59owlYe5SGpktaCw7O596DPqzId_4Vk_qqx4xueXSXOLCabCmcC4yZue0_2vm7ECQQDLrzXL-BpSqxbvtE0gNKcgaSkEUSOh1QmQFPCHERsOBxcflM6ej71STKglB21JD9m6tM2RySgbtUx4TfOuJTek";
String s1 = privateDecryption(ss, getPrivateKey(privateKey1));
System.out.println("解密后明文:" + s1);
} catch (Exception e) {
throw new IllegalArgumentException();
}
public static void main(String[] args) throws Exception {
Map<String, String> encryptKey = createEncryptKey();
String publicKey = encryptKey.get("publicKey");
String privateKey = encryptKey.get("privateKey");
String data = "{\"account\":\"admin\",\"pwd\":\"123456\"}";
String encrypted = publicEncrypt(data, getPublicKey(publicKey));
String decrypted = privateDecryption(encrypted, getPrivateKey(privateKey));
System.out.println("publicKey: " + publicKey);
System.out.println("privateKey: " + privateKey);
System.out.println("encrypted: " + encrypted);
System.out.println("decrypted: " + decrypted);
}
}

5
src/main/java/cn/xf/basedemo/service/impl/UserServiceImpl.java
View File

@@ -17,7 +17,6 @@ import com.fasterxml.jackson.databind.ObjectMapper;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils;
@@ -47,8 +46,6 @@ public class UserServiceImpl implements UserService {
@Autowired
private RedisTemplate redisTemplate;
private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
@Override
public RetObj login(LoginInfoRes res) {
@@ -75,7 +72,7 @@ public class UserServiceImpl implements UserService {
QueryWrapper<User> queryWrapper = new QueryWrapper<>();
queryWrapper.eq("account", loginInfo.getAccount());
User user = userMapper.selectOne(queryWrapper);
if (Objects.isNull(user) || !passwordEncoder.matches(loginInfo.getPwd(), user.getPassword())) {
if (Objects.isNull(user) || !loginInfo.getPwd().equals(user.getPassword())) {
return RetObj.error("账号或密码错误");
}
LoginUser loginUser = new LoginUser();

118
src/main/resources/templates/login.html
View File

@@ -1,47 +1,41 @@
<!DOCTYPE html>
<html>
<html lang="zh-CN">
<head>
<meta charset="utf-8">
<title>模拟登录</title>
</head>
<style>
el-input {
width: 200px;
}
<link rel="stylesheet" href="https://unpkg.com/element-ui/lib/theme-chalk/index.css">
<style>
el-input {
width: 200px;
}
#div1 {
width: 200px;
}
</style>
#div1 {
width: 200px;
}
</style>
</head>
<body>
<script src="https://cdn.bootcdn.net/ajax/libs/jquery/3.6.0/jquery.js"></script>
<script src="https://cdn.staticfile.org/vue/2.2.2/vue.min.js"></script>
<!-- 引入样式 -->
<link rel="stylesheet" href="https://unpkg.com/element-ui/lib/theme-chalk/index.css">
<!-- 引入组件库 -->
<script src="https://unpkg.com/element-ui/lib/index.js"></script>
<!--jsencrypt 加密插件-->
<script src="https://cdn.bootcdn.net/ajax/libs/jsencrypt/3.2.1/jsencrypt.min.js"></script>
<!--http 请求插件-->
<script src="https://cdn.bootcdn.net/ajax/libs/axios/0.27.2/axios.min.js"></script>
<div id="app">
<div id="div1">
<label>账号:</label>
<el-input v-model="account" placeholder="请输入账号"></el-input>
<label>密码:</label>
<el-input v-model="pwd" placeholder="请输入密码"></el-input>
<el-input v-model="pwd" placeholder="请输入密码" show-password></el-input>
<el-button type="primary" @click="login()">登录</el-button>
</div>
</div>
<script>
new Vue({
el: '#app',
data: {
rsaPublicKey: 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC_F5UQC1QWsu3QsESQBz9M-GDA9Atm0qVSvwIsy568lyRLi-nq3VvvnmgrlL4yTbngFzyfb2Dn35cNCHsBvIaGuCY3_PpzPqMzVpxr2QlEkhEX9atnJQ1rWexS8QeZtPjpiIwoQrChTzXjD_sYUkDrqSykFplyivf0NSO2WqCBdwIDAQAB',
rsaPublicKey: 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCA716Gp8ZjAw9G5D4/EPQJ2RIo6hi4LrrvIUmv0VCDzdSHOYPr6065KMJb60APEz+pi3wY4DQmVe90Sdp8waY3i/ar9+PJ67UYVuVWLOuo/F7NoEEGzKX4cyhncPRBDxHA6TomsFjX1hUKj2+nwBIXHUCOiqGHuvRC4vHS7jknawIDAQAB',
account: '',
pwd: ''
},
@@ -51,38 +45,70 @@
account: this.account,
pwd: this.pwd
};
var json = JSON.stringify(data);
var cipher = this.encryptByPublicKey(json);
console.log("密文 " + cipher);
var url = "http://localhost:8089/user/login";
axios.post(url, {
encryptedData: cipher,
})
.then(function (response) {
var data = response.data;
if (data.code == 200) {
//中文需要进行两次encodeURI转码( encodeURI:把URI字符串采用UTF-8编码格式转化成escape格式的字符串)
var param = "?token=" + data.data.token + "&name=" + encodeURI(encodeURI(data.data.name));
window.location.href = "success" + param
} else {
alert(data.message)
}
})
.catch(function (error) {
console.log(error);
});
var cipher = this.encryptByPublicKey(JSON.stringify(data));
if (!cipher) {
return;
}
axios.post('http://localhost:8089/user/login', {
encryptedData: cipher
}).then(function (response) {
var data = response.data;
if (data.code == 200) {
var param = '?token=' + data.data.token + '&name=' + encodeURI(encodeURI(data.data.name));
window.location.href = 'success' + param;
} else {
alert(data.message);
}
}).catch(function (error) {
console.log(error);
});
},
encryptByPublicKey: function (val = '') {
if (val === '') {
encryptByPublicKey: function (val) {
if (!val) {
return '';
}
let encryptor = new JSEncrypt() // 新建JSEncrypt对象
encryptor.setPublicKey(this.rsaPublicKey) // 设置公钥
return encryptor.encrypt(val) // 对需要加密的数据进行加密
var publicKey = '-----BEGIN PUBLIC KEY-----\n' + this.rsaPublicKey + '\n-----END PUBLIC KEY-----';
var encryptor = new JSEncrypt();
encryptor.setPublicKey(publicKey);
var chunks = this.splitByUtf8Bytes(val, 117);
var encryptedBinary = '';
for (var i = 0; i < chunks.length; i++) {
var encryptedChunk = encryptor.encrypt(chunks[i]);
if (!encryptedChunk) {
alert('登录数据加密失败');
return '';
}
encryptedBinary += atob(encryptedChunk);
}
return btoa(encryptedBinary);
},
splitByUtf8Bytes: function (val, maxBytes) {
var chunks = [];
var chunk = '';
var chunkBytes = 0;
for (var i = 0; i < val.length; i++) {
var char = val.charAt(i);
var charBytes = new Blob([char]).size;
if (chunkBytes + charBytes > maxBytes) {
chunks.push(chunk);
chunk = '';
chunkBytes = 0;
}
chunk += char;
chunkBytes += charBytes;
}
if (chunk) {
chunks.push(chunk);
}
return chunks;
}
}
});
</script>
</body>
</html>

45
src/main/resources/templates/success.html
View File

@@ -1,46 +1,33 @@
<!DOCTYPE html>
<html lang="en">
<html lang="zh-CN">
<head>
<meta charset="UTF-8">
<script src="https://cdn.bootcdn.net/ajax/libs/jquery/3.6.0/jquery.js"></script>
<script src="https://cdn.staticfile.org/vue/2.2.2/vue.min.js"></script>
<title>登录成功</title>
</head>
<body>
<div id="app">
<h1>欢迎 {{name}} 登录成功~~</h1>
<h1>欢迎 <span id="name"></span> 登录成功~~</h1>
<h1>
token:
<span style="color: forestgreen">{{token}}</span>
<span id="token" style="color: forestgreen"></span>
</h1>
</div>
</body>
<script>
new Vue({
el: '#app',
data: {
token: '',
name: ''
},
mounted: function () {
function getQueryParam(name) {
var params = new URLSearchParams(window.location.search);
return params.get(name) || '';
}
this.token = this.getData("token");
//只需要转一次码
this.name = decodeURI(this.getData("name"));
},
methods: {
getData: function (name) {
var reg = new RegExp("(^|&)" + name + "=([^&]*)(&|$)"); //构造一个含有目标参数的正则表达式对象
var r = window.location.search.substr(1).match(reg); //匹配目标参数
var token = getQueryParam('token');
var name = getQueryParam('name');
if (r != null) return unescape(r[2]);
window.location.href = "login"
// return null; //返回参数值
}
}
})
;
if (!token || !name) {
window.location.href = 'login';
} else {
document.getElementById('token').textContent = token;
document.getElementById('name').textContent = decodeURIComponent(name);
}
</script>
</body>
</html>