<%@ page language="java" pageEncoding="UTF-8"%>
<%@ page contentType="text/html;charset=UTF-8"%>
<%
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html; charset=UTF-8");
%>
<!DOCTYPE html>
<html>
<body>
<%@include file="header.jsp"%>
<h1>用户管理</h1>
<%@page import="java.sql.*,java.util.*"%>
<%@page import="java.security.MessageDigest"%>
<%@page import="java.security.NoSuchAlgorithmException"%>
<%@page import="java.security.NoSuchProviderException"%>
<%@page import="java.security.SecureRandom"%>
<%
class SaltedSHA256Password {
public String getSecurePassword(String passwordToHash, byte[] salt) {
String generatedPassword = null;
try {
// Create MessageDigest instance for MD5
MessageDigest md = MessageDigest.getInstance("SHA-256");
// Add password bytes to digest
md.update(salt);
// Get the hash's bytes
byte[] bytes = md.digest(passwordToHash.getBytes());
// This bytes[] has bytes in decimal format;
// Convert it to hexadecimal format
StringBuilder sb = new StringBuilder();
for (int i = 0; i < bytes.length; i++) {
sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
}
// Get complete hashed password in hex format
generatedPassword = sb.toString();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return generatedPassword;
}
// Add salt
public byte[] getSalt() throws NoSuchAlgorithmException, NoSuchProviderException {
// Always use a SecureRandom generator
SecureRandom sr = SecureRandom.getInstance("SHA1PRNG", "SUN");
// Create array for salt
byte[] salt = new byte[16];
// Get a random salt
sr.nextBytes(salt);
// return salt
return salt;
}
// Convert Hex String to Byte Array
public byte[] hex2byte(String str) {
byte[] bytes = new byte[str.length() / 2];
for (int i = 0; i < bytes.length; i++) {
bytes[i] = (byte) Integer.parseInt(str.substring(2 * i, 2 * i + 2), 16);
}
return bytes;
}
// Convert Byte Arrary to Hex String
public String byte2hex(byte[] b) {
// String Buffer can be used instead
String hs = "";
String stmp = "";
for (int n = 0; n < b.length; n++) {
stmp = (java.lang.Integer.toHexString(b[n] & 0XFF));
if (stmp.length() == 1) {
hs = hs + "0" + stmp;
} else {
hs = hs + stmp;
}
if (n < b.length - 1) {
hs = hs + "";
}
}
return hs;
}
}
%>
<%
String username = request.getParameter("username");
String password = request.getParameter("password");
SaltedSHA256Password ssp=new SaltedSHA256Password();
byte[] salt = ssp.getSalt();
String hexsalt=ssp.byte2hex(salt).toString();
System.out.println(hexsalt);
String securePassword = ssp.getSecurePassword(password, salt);
System.out.println(securePassword);
try {
Class.forName("com.mysql.cj.jdbc.Driver");
Connection conn = DriverManager.getConnection(
"jdbc:mysql://localhost:3306/test?autoReconnect=true&useSSL=false&useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai",
"test", "test");
Statement st = conn.createStatement();
int i = st.executeUpdate("insert into user(username,salt,hash)values('" + username + "','" + hexsalt+ "','" + securePassword + "'" + ")");
out.println("添加成功!");
} catch (Exception e) {
System.out.print(e);
e.printStackTrace();
}
%>
<%@include file="footer.jsp"%>
</body>
</html>