最近尝试调查一些Java的web项目的Liscense认证,网上众说纷纭,在参考了一些资料以后,分享一下我的想法。
首先,需要理解数字证书的原理,下面这篇文章写得很不错:
数字证书原理
我觉得单机认证不是很靠谱,既然是web项目,那肯定能联网,所以可以用网上认证的方式做。
Liscense认证流程图:
Liscense连接数认证(比方说某个Liscense只允许500人同时登录):
ActiveSessionCounter(需在web.xml中插入个Listener):
package com.sun.liscense;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
public class ActiveSessionCounter implements HttpSessionListener {
/*
* 在web.xml中加入以下代码
*
* <listener>
<listener-class>com.sun.liscense.ActiveSessionCounter</listener-class>
</listener>
*/
@Override
public void sessionCreated(HttpSessionEvent httpSessionEvent) {
System.out.println("session 创建了,人数+1");httpSessionEvent.getSession().getServletContext();
}
@Override
public void sessionDestroyed(HttpSessionEvent httpSessionEvent) {
HttpSession httpSession=httpSessionEvent.getSession();
System.out.println("session"+httpSession.getId()+" 销毁了,人数-1");
}
}
加解密采用RSA加密的方式,这个比较简单,网上找了段加解密的代码。
RSAModule:
/**
* @author Administrator
*
*/
package com.sun.liscense;
import java.math.BigInteger;
import java.security.*;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import com.sun.jersey.core.util.Base64;
public abstract class RSAModule {
public static final String KEY_ALGORITHM = "RSA";
public static final String KEY_PROVIDER = "BC";
public static final String SIGNATURE_ALGORITHM = "SHA1WithRSA";
/**
* 初始化密钥对
*/
public static Map<String, Object> initKeys(String seed) throws Exception {
Map<String, Object> keyMap = new HashMap<String, Object>();
Security.addProvider(new BouncyCastleProvider());
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM,KEY_PROVIDER);
keyPairGenerator.initialize(1024,new SecureRandom(seed.getBytes()));
KeyPair pair = keyPairGenerator.generateKeyPair();
RSAPublicKey rsaPublicKey = (RSAPublicKey) pair.getPublic();
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) pair.getPrivate();
KeyFactory factory = KeyFactory.getInstance(KEY_ALGORITHM,KEY_PROVIDER);
RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger(rsaPublicKey.getModulus().toString()),new BigInteger(rsaPublicKey.getPublicExponent().toString()));
RSAPrivateKeySpec priKeySpec = new RSAPrivateKeySpec(new BigInteger(rsaPrivateKey.getModulus().toString()),new BigInteger(rsaPrivateKey.getPrivateExponent().toString()));
PublicKey publicKey = factory.generatePublic(pubKeySpec);
PrivateKey privateKey = factory.generatePrivate(priKeySpec);
System.out.println("公钥:" + pubKeySpec.getModulus() + "----" + pubKeySpec.getPublicExponent());
System.out.println("私钥:" + priKeySpec.getModulus() + "----" + priKeySpec.getPrivateExponent());
keyMap.put("publicKey", publicKey);
keyMap.put("privateKey", privateKey);
return keyMap;
}
/**
* 私钥加密
* */
public static byte[] encryptRSA(byte[] data,PrivateKey privateKey) throws Exception {
Cipher cipher = Cipher.getInstance(KEY_ALGORITHM,KEY_PROVIDER);
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
int dataSize = cipher.getOutputSize(data.length);
int blockSize = cipher.getBlockSize();
int blockNum = 0;
if (data.length % blockSize == 0) {
blockNum = data.length / blockSize;
} else {
blockNum = data.length / blockSize + 1;
}
byte[] raw = new byte[dataSize * blockNum];
int i = 0;
while (data.length - i * blockSize > 0) {
if (data.length - i * blockSize > blockSize) {
cipher.doFinal(data, i * blockSize, blockSize, raw, i * dataSize);
} else {
cipher.doFinal(data, i * blockSize, data.length - i * blockSize, raw, i * dataSize);
}
i++;
}
return raw;
}
/**
* 生成数字签名
* */
public static String sign(byte[] encoderData,PrivateKey privateKey) throws Exception {
Signature sig = Signature.getInstance(SIGNATURE_ALGORITHM,KEY_PROVIDER);
sig.initSign(privateKey);
sig.update(encoderData);
return new String(Base64.encode(sig.sign()));
}
/**
* 校验数字签名
* */
public static boolean verify (byte[] encoderData,String sign,PublicKey publicKey) throws Exception {
Signature sig = Signature.getInstance(SIGNATURE_ALGORITHM,KEY_PROVIDER);
sig.initVerify(publicKey);
sig.update(encoderData);
return sig.verify(Base64.decode(sign));
}
}
RSAService(加解密及验证方法的调用):
package com.sun.liscense;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Map;
public class RSAService {
public static void main(String[] args) throws Exception {
Map<String, Object> keyMap = RSAModule.initKeys("0");
PublicKey publicKey = (PublicKey) keyMap.get("publicKey");
PrivateKey privateKey = (PrivateKey) keyMap.get("privateKey");
String str = "这是原文";
byte[] encoderData = RSAModule.encryptRSA(str.getBytes(), privateKey);
String sign = RSAModule.sign(encoderData, privateKey);
boolean status = RSAModule.verify(encoderData, sign, publicKey);
System.out.println("原文:" + str);
System.out.println("密文:" + new String(encoderData));
System.out.println("签名:" + sign);
System.out.println("验证结果:" + status);
}
}