AES加密，加签验签

//生成P加密参数:
package com.paic.pad.info.common.utils;


import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.Key;
import java.util.Arrays;
import java.util.Date;
import java.util.Random;

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

public class Aes128CbcUtils {
	
	protected final static Log logger = LogFactory.getLog(Aes128CbcUtils.class);
    // 算法名称
	final static String KEY_ALGORITHM = "AES";
	// 加解密算法/模式/填充方式
	final static String CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";
	// 字符集
    final static String CHARSET_NAME = "UTF-8";
    // 填充矢量
    final static byte[] iv = {0x30, 0x31, 0x30, 0x32, 0x30, 0x33, 0x30, 0x34, 0x30, 0x35, 0x30, 0x36, 0x30, 0x37, 0x30, 0x38};
    //final static byte[] iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};

	private static Key getKey(byte[] keyBytes) {
		// 如果密钥不足16位，那么就补足
		int base = 16;
		
		if ((keyBytes.length % base) != 0) {
			int groups = (keyBytes.length / base) + ((keyBytes.length % base) != 0 ? 1 : 0);
			byte[] temp = new byte[groups * base];
			Arrays.fill(temp, (byte) 0);
			System.arraycopy(keyBytes, 0, temp, 0, keyBytes.length);
			keyBytes = temp;
		}
		
		// 转化成JAVA的密钥格式
		return new SecretKeySpec(keyBytes, KEY_ALGORITHM);
	}

	/**
	 * 加密方法
	 * 
	 * @param content 要加密的字符串
	 * @param key 加密密钥
	 * @return 
	 */
	public static String encrypt(String content, String key) {
		try {
			byte[] enc = encrypt(content.getBytes(CHARSET_NAME), key.getBytes(CHARSET_NAME));
			String base64Str = Base64.encodeBase64String(enc);
			return new String(base64Str.getBytes(), CHARSET_NAME);
		}
		catch (UnsupportedEncodingException e) {
			logger.error(" 加密密钥异常 " , e);
		}
		
		return null;
	}
	
	/**
	 * 加密方法
	 * 
	 * @param content 要加密的字符串
	 * @param keyBytes 加密密钥
	 * @return
	 */
	public static byte[] encrypt(byte[] content, byte[] keyBytes) {
		byte[] encryptedText = null;
		
		try {
			Key key = getKey(keyBytes);
			Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
			cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(iv));
			encryptedText = cipher.doFinal(content);
		}
		catch (Exception e) {
			logger.error(" 加密密钥异常 " , e);
		}
		return encryptedText;
	}
	
	/**
	 * 解密方法
	 * 
	 * @param encryptedData 要解密的字符串
	 * @param keyBytes 解密密钥
	 * @return
	 */
	public static String decrypt(String encryptedData, String key) {
		try {
			byte[] enc = encryptedData.getBytes(CHARSET_NAME);
			enc = Base64.decodeBase64(enc);
			byte[] dec = decrypt(enc, key.getBytes(CHARSET_NAME));
			return new String(dec, CHARSET_NAME);
		}
		catch (UnsupportedEncodingException e) {
			logger.error(" 解密密钥异常 " , e);
		}
		
		return null;
	}

	/**
	 * 解密方法
	 * 
	 * @param encryptedData 要解密的字符串
	 * @param keyBytes 解密密钥
	 * @return
	 */
	public static byte[] decrypt(byte[] encryptedData, byte[] keyBytes) {
		byte[] encryptedText = null;
		
		try {
			Key key = getKey(keyBytes);
			Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
			cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(iv));
			encryptedText = cipher.doFinal(encryptedData);
		}
		catch (Exception e) {
			logger.error(" 解密密钥异常 " , e);
		}
		
		return encryptedText;
	}
	
	public static void main(String[] args) throws Exception {
		/*//加解密 密钥
  		byte[] keybytes = "paic1234".getBytes();
  		String content = "a=1&b=2&c=3";
  		// 加密字符串
  		System.out.println("加密前的：" + content);
  		System.out.println("加密密钥：" + new String(keybytes));
  		// 加密方法
  		byte[] enc = Aes128CbcUtils.encrypt(content.getBytes(), keybytes);
  		System.out.println("加密后的内容：" + new String(Hex.encode(enc)));
  		// 解密方法
  		byte[] dec = Aes128CbcUtils.decrypt(enc, keybytes);
  		System.out.println("解密后的内容：" + new String(dec));*/
  
		// 加解密 密钥
		String key = "83519aa6d30ecdc3";// "paic1234";
		long timestamp = new Date().getTime();
		long nonce = new Random().nextInt(100000);
		String toSign = timestamp+""+nonce;
		System.out.println("signature：" + toSign);
		String signature = HmacSHA1Utils.getSignature(toSign, key);
		String content = "timestamp="+timestamp+"&nonce="+nonce+"&signature="+signature+"&umId=LIUKAIHUA001";
	    // 加密字符串
		System.out.println("加密前的：" + content);
		System.out.println("加密密钥：" + key);
		// 加密方法
		String enc = Aes128CbcUtils.encrypt(content, key);
		System.out.println("加密后的内容：" + enc);
		//URL encode
		enc = URLEncoder.encode(enc, CHARSET_NAME);
		System.out.println("URL encode：" + enc);
		//URL decode
		String dec = URLDecoder.decode(enc, CHARSET_NAME);
		System.out.println("URL decode：" + dec);
		// 解密方法
		dec = Aes128CbcUtils.decrypt(dec, key);
		System.out.println("解密后的内容：" + dec);
	}
}

　　

验证P参数：

	        String p = request.getParameter("p");
		String reqUrl = request.getParameter("toUrl");
		String toUrl = reqUrl.replace(request.getContextPath(), "");
		HttpSession session = request.getSession();
		boolean hasSession = (session != null) && (session.getAttribute(SessionKeyConstant.SESSION_LOGIN_USER) != null);
		String dispatchUrl = "forward:" + toUrl;
		String key = PropertyUtils.getProperty("req.auth.key");//密钥
		String vaildTime =  PropertyUtils.getProperty("req.auth.requestVaildTime");//有效时间5000毫秒

		if(hasSession) {
			UserDTO user = (UserDTO) session.getAttribute(SessionKeyConstant.SESSION_LOGIN_USER);
			String currUmId = user.getUmId();
			
			//免登录请求
			if(StringUtils.isNotEmpty(p)) {
				try {
					//1. URL decode
					//p = URLDecoder.decode(p, "UTF-8");
					//2. 解密
					String nameValuePairs = Aes128CbcUtils.decrypt(p, key);
					//3. 请求验签 和 时效验证
					String timestamp = CommonUtils.getValueByKey(nameValuePairs, "timestamp");
					String nonce = CommonUtils.getValueByKey(nameValuePairs, "nonce");
					String toSign = timestamp+""+nonce;	
					String umId = CommonUtils.getValueByKey(nameValuePairs, "umId");
					String customerId = CommonUtils.getValueByKey(nameValuePairs, "customerId");
					String actualSign = HmacSHA1Utils.getSignature(toSign, key);
					String exceptedSign = CommonUtils.getValueByKey(nameValuePairs, "signature");
					boolean isSignatureVaild = StringUtils.equals(actualSign, exceptedSign);
					long requestVaildTime = Long.parseLong(vaildTime);
					long requestTimestamp = new Long(timestamp);
					long currTimestamp = new Date().getTime();
					boolean isRequestVaild = ((currTimestamp-requestTimestamp) < requestVaildTime);
					
					//验证session里用户的umId是否和传过来的umId一致。
					if(!StringUtils.equalsIgnoreCase(currUmId, umId)) {
						dispatchUrl = "redirect:/404.html";
						logger.info("有session用户umId不一致。p=" + p + "currUmId=" + currUmId + "，umId=" + umId);
					}
					else {					
						//清除session里的customerId
						if(StringUtils.isEmpty(customerId)){
							//SESSION_CONTACT_ID 对应的值是customerId
							session.removeAttribute(SessionKeyConstant.SESSION_CONTACT_ID);
						}
						//验证umId通过
						else {
							if(isSignatureVaild && isRequestVaild && StringUtils.isNotEmpty(umId)) {
								//SESSION_CONTACT_ID 对应的值是customerId
								session.setAttribute(SessionKeyConstant.SESSION_CONTACT_ID, customerId);
							}
						}
					}
				} 
				catch (Exception e) {
					logger.warn("解密异常：" + p, e);
					dispatchUrl = "redirect:/404.html";
				}
			}
			
			session.setAttribute(SessionKeyConstant.SESSION_REQ_AUTH_SUCC, new Boolean(true));
		}

　　

	/**
	 * 
	 * 根据key取出解密后的参数值
	 *  
	 * @param context 解密后的内容
	 * @param key 参数的key
	 * @return
	 */
	public static String getValueByKey(String context, String key) {
		String result = "";
		
		if(StringUtils.isNotEmpty(context)){			
			String[] arr = context.split("&");
			
			for (int i = 0; i < arr.length; i++) {
				if(arr[i].indexOf("=") != -1) {
					String k = arr[i].substring(0, arr[i].indexOf("="));
					String value = arr[i].substring(arr[i].indexOf("=")+1, arr[i].length());
					
					if(key.equals(k)){
						result = value;
						break;
					}
				}
			}
		}
		
		return result;
	}

　　

转载于:https://www.cnblogs.com/hailei/p/5443444.html