<%@ page language="java" pageEncoding="UTF-8"%>
<%@ page contentType="text/html;charset=UTF-8"%>
<%
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html; charset=UTF-8");
%>
<%@page import="java.security.*"%>
<%@page import="java.util.Base64"%>
<%
class RSAKeyPairGenerator {
private PrivateKey privateKey;
private PublicKey publicKey;
public RSAKeyPairGenerator() throws NoSuchAlgorithmException {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(1024);
KeyPair pair = keyGen.generateKeyPair();
this.privateKey = pair.getPrivate();
this.publicKey = pair.getPublic();
}
public PrivateKey getPrivateKey() {
return privateKey;
}
public PublicKey getPublicKey() {
return publicKey;
}
}
%>
<!DOCTYPE html>
<html>
<head>
<title>请登录</title>
<script src="jsencrypt.min.js"></script>
<script type="text/javascript">
function reloadImg() {
var timestamp = new Date().getTime();
document.getElementById("captcha").src = "simpleCaptcha.jpg?"
+ timestamp;
}
function encryptPassword() {
var password = document.getElementById('password').value;
var publicKey = document.getElementById('PublicKey').value;
let RSAEncrypt = new JSEncrypt();
RSAEncrypt.setPublicKey(publicKey);
let encryptedPass = RSAEncrypt.encrypt(password);
document.getElementById('password').value = encryptedPass;
}
</script>
</head>
<body>
<form id="form" method="post" action="validate.jsp"
onsubmit="encryptPassword()">
<input id="PublicKey" name="PublicKey" type="hidden"
value="<%RSAKeyPairGenerator keyPairGenerator = new RSAKeyPairGenerator();
out.print(String.format("%s", Base64.getEncoder().encodeToString(keyPairGenerator.getPublicKey().getEncoded())));
//out.println(String.format("Private Key : %s",
// Base64.getEncoder().encodeToString(keyPairGenerator.getPrivateKey().getEncoded())));
session.setAttribute("PrivateKey", Base64.getEncoder().encodeToString(keyPairGenerator.getPrivateKey().getEncoded()));%>">
<%
System.out.println(String.format("PublicKey : %s",
Base64.getEncoder().encodeToString(keyPairGenerator.getPublicKey().getEncoded())));
System.out.println(String.format("PrivateKey : %s",
Base64.getEncoder().encodeToString(keyPairGenerator.getPrivateKey().getEncoded())));
%>
<center>
<table border="1" cellpadding="5" cellspacing="2">
<thead>
<tr>
<th colspan="2">请输入用户名密码登录</th>
</tr>
</thead>
<tbody>
<tr>
<td>用户名</td>
<td><input id="username" type="text" name="username" required /></td>
</tr>
<tr>
<td>密码</td>
<td><input id="password" type="password" name="password"
required /></td>
</tr>
<tr>
<td>验证码</td>
<td><img id="captcha" src="simpleCaptcha.jpg" /><br /> <a
href="javascript:reloadImg()">刷新验证码</a> <br /> <input
type="text" name="answer" /><br></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit"
value="登录" /> <input type="reset" value="重置" /></td>
</tr>
</tbody>
</table>
</center>
</form>
</body>
</html>
<%@page language="java" pageEncoding="UTF-8"%>
<%@page contentType="text/html;charset=UTF-8"%>
<%
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html; charset=UTF-8");
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%@page import="java.sql.*"%>
<%@page import="java.io.*"%>
<%@page import="java.sql.DriverManager"%>
<%@page import="java.sql.ResultSet"%>
<%@page import="java.sql.Statement"%>
<%@page import="java.sql.Connection"%>
<%@page import="java.security.MessageDigest"%>
<%@page import="java.security.NoSuchAlgorithmException"%>
<%@page import="java.security.NoSuchProviderException"%>
<%@page import="java.security.SecureRandom"%>
<%@page import="nl.captcha.Captcha"%>
<%@page import="java.security.*"%>
<%@page import="java.security.spec.InvalidKeySpecException"%>
<%@page import="java.security.spec.PKCS8EncodedKeySpec"%>
<%@page import="java.security.spec.X509EncodedKeySpec"%>
<%@page import="java.util.Base64"%>
<%@page import="javax.crypto.BadPaddingException"%>
<%@page import="javax.crypto.Cipher"%>
<%@page import="javax.crypto.IllegalBlockSizeException"%>
<%@page import="javax.crypto.NoSuchPaddingException"%>
<%
class RSAUtil {
public PublicKey getPublicKey(String base64PublicKey) {
PublicKey publicKey = null;
try {
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(base64PublicKey.getBytes()));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
publicKey = keyFactory.generatePublic(keySpec);
return publicKey;
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeySpecException e) {
e.printStackTrace();
}
return publicKey;
}
public PrivateKey getPrivateKey(String base64PrivateKey) {
PrivateKey privateKey = null;
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(base64PrivateKey.getBytes()));
KeyFactory keyFactory = null;
try {
keyFactory = KeyFactory.getInstance("RSA");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
try {
privateKey = keyFactory.generatePrivate(keySpec);
} catch (InvalidKeySpecException e) {
e.printStackTrace();
}
return privateKey;
}
public byte[] encrypt(String data, String publicKey) throws BadPaddingException, IllegalBlockSizeException,
InvalidKeyException, NoSuchPaddingException, NoSuchAlgorithmException {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.ENCRYPT_MODE, getPublicKey(publicKey));
return cipher.doFinal(data.getBytes());
}
public String decrypt(byte[] data, PrivateKey privateKey) throws NoSuchPaddingException, NoSuchAlgorithmException,
InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
return new String(cipher.doFinal(data));
}
public String decrypt(String data, String base64PrivateKey) throws IllegalBlockSizeException, InvalidKeyException,
BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException {
return decrypt(Base64.getDecoder().decode(data.getBytes()), getPrivateKey(base64PrivateKey));
}
}
String encryptedString = request.getParameter("password");
String privateKey = (String) session.getAttribute("PrivateKey");
RSAUtil rsaUtil = new RSAUtil();
String decryptedString = rsaUtil.decrypt(encryptedString, privateKey);
String password = decryptedString;
Captcha captcha = (Captcha) session.getAttribute(Captcha.NAME);
request.setCharacterEncoding("UTF-8");
String answer = request.getParameter("answer");
if (captcha.isCorrect(answer)) {
%>