instl / 加密解密 / 一次性口令机制java实现(信息安全)

0 0

   

一次性口令机制java实现(信息安全)

2019-04-25  instl

在信息学中,密码也叫口令,要实现登录验证,每次网络传输的口令都不一致,故称为一次性口令机制。

这里实现简单的一次性口令机制:(SpringMVC实现)

思路:用验证码代替时间戳,将密码(口令)通过md5算法加密,再将验证码加在后面,然后再用md5算法加密,在网络传输过程中以密文的形式传输到后台管理。后台数据库保存的是用md5算法加密的密码,将该密文加上保存在session范围内的验证码用md5算法加密,得到的密文与请求中的口令对比,如配对,则验证成功,否则,验证失败。

MD5加密:

EncryptionByMD5.java

  1. package com.dw.controller;

  2. public class EncryptionByMD5 {

  3. public static String getMD5(byte[] source) {
  4. String s = null;
  5. char hexDigits[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
  6. 'a', 'b', 'c', 'd', 'e', 'f' };// 用来将字节转换成16进制表示的字符
  7. try {
  8. java.security.MessageDigest md = java.security.MessageDigest
  9. .getInstance("MD5");
  10. md.update(source);
  11. byte tmp[] = md.digest();// MD5 的计算结果是一个 128 位的长整数,
  12. // 用字节表示就是 16 个字节
  13. char str[] = new char[16 * 2];// 每个字节用 16 进制表示的话,使用两个字符, 所以表示成 16
  14. // 进制需要 32 个字符
  15. int k = 0;// 表示转换结果中对应的字符位置
  16. for (int i = 0; i < 16; i++) {// 从第一个字节开始,对 MD5 的每一个字节// 转换成 16
  17. // 进制字符的转换
  18. byte byte0 = tmp[i];// 取第 i 个字节
  19. str[k++] = hexDigits[byte0 >>> 4 & 0xf];// 取字节中高 4 位的数字转换,// >>>
  20. // 为逻辑右移,将符号位一起右移
  21. str[k++] = hexDigits[byte0 & 0xf];// 取字节中低 4 位的数字转换

  22. }
  23. s = new String(str);// 换后的结果转换为字符串

  24. } catch (Exception e) {
  25. // TODO Auto-generated catch block
  26. e.printStackTrace();
  27. }
  28. return s;
  29. }

  30. public static void main(String[] args){

  31. String test=EncryptionByMD5.getMD5("abc123".getBytes());
  32. //test = e99a18c428cb38d5f260853678922e03
  33. System.out.println(test);

  34. }

  35. }

验证码实现:RandomValidateCode.java:
  1. package com.dw.controller;

  2. import java.awt.Color;
  3. import java.awt.Font;
  4. import java.awt.Graphics;
  5. import java.awt.image.BufferedImage;
  6. import java.util.Random;

  7. import javax.imageio.ImageIO;
  8. import javax.servlet.http.HttpServletRequest;
  9. import javax.servlet.http.HttpServletResponse;
  10. import javax.servlet.http.HttpSession;
  11. /**
  12. * 验证码生成类
  13. */
  14. public class RandomValidateCode {

  15. public static final String RANDOMCODEKEY= "RANDOMVALIDATECODEKEY";//放到session中的key
  16. //private String randString = "0123456789";//随机产生只有数字的字符串 private String
  17. //private String randString = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";//随机产生只有字母的字符串
  18. private String randString = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";//随机产生数字与字母组合的字符串
  19. private int width = 95;// 图片宽
  20. private int height = 25;// 图片高
  21. private int lineSize = 40;// 干扰线数量
  22. private int stringNum = 4;// 随机产生字符数量

  23. private Random random = new Random();

  24. /*
  25. * 获得字体
  26. */
  27. private Font getFont() {
  28. return new Font("Fixedsys", Font.CENTER_BASELINE, 18);
  29. }

  30. /*
  31. * 获得颜色
  32. */
  33. private Color getRandColor(int fc, int bc) {
  34. if (fc > 255)
  35. fc = 255;
  36. if (bc > 255)
  37. bc = 255;
  38. int r = fc + random.nextInt(bc - fc - 16);
  39. int g = fc + random.nextInt(bc - fc - 14);
  40. int b = fc + random.nextInt(bc - fc - 18);
  41. return new Color(r, g, b);
  42. }

  43. /**
  44. * 生成随机图片
  45. */
  46. public void getRandcode(HttpServletRequest request,
  47. HttpServletResponse response) {
  48. HttpSession session = request.getSession();
  49. // BufferedImage类是具有缓冲区的Image类,Image类是用于描述图像信息的类
  50. BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_BGR);
  51. Graphics g = image.getGraphics();// 产生Image对象的Graphics对象,该对象可以在图像上进行各种绘制操作
  52. g.fillRect(0, 0, width, height);
  53. g.setFont(new Font("Times New Roman", Font.ROMAN_BASELINE, 18));
  54. g.setColor(getRandColor(110, 133));
  55. // 绘制干扰线
  56. for (int i = 0; i <= lineSize; i++) {
  57. drowLine(g);
  58. }
  59. // 绘制随机字符
  60. String randomString = "";
  61. for (int i = 1; i <= stringNum; i++) {
  62. randomString = drowString(g, randomString, i);
  63. }
  64. //将生成的随机字符串保存到session中,而jsp界面通过session.getAttribute("RANDOMCODEKEY"),
  65. //获得生成的验证码,然后跟用户输入的进行比较
  66. session.removeAttribute(RANDOMCODEKEY);
  67. session.setAttribute(RANDOMCODEKEY, randomString);
  68. g.dispose();
  69. try {
  70. // 将内存中的图片通过流动形式输出到客户端
  71. ImageIO.write(image, "JPEG", response.getOutputStream());
  72. } catch (Exception e) {
  73. e.printStackTrace();
  74. }

  75. }

  76. /*
  77. * 绘制字符串
  78. */
  79. private String drowString(Graphics g, String randomString, int i) {
  80. g.setFont(getFont());
  81. g.setColor(new Color(random.nextInt(101), random.nextInt(111), random
  82. .nextInt(121)));
  83. String rand = String.valueOf(getRandomString(random.nextInt(randString
  84. .length())));
  85. randomString += rand;
  86. g.translate(random.nextInt(3), random.nextInt(3));
  87. g.drawString(rand, 13 * i, 16);
  88. return randomString;
  89. }

  90. /*
  91. * 绘制干扰线
  92. */
  93. private void drowLine(Graphics g) {
  94. int x = random.nextInt(width);
  95. int y = random.nextInt(height);
  96. int xl = random.nextInt(13);
  97. int yl = random.nextInt(15);
  98. g.drawLine(x, y, x + xl, y + yl);
  99. }

  100. /*
  101. * 获取随机的字符
  102. */
  103. public String getRandomString(int num) {
  104. return String.valueOf(randString.charAt(num));
  105. }
  106. }

Controller.java:
  1. package com.dw.controller;

  2. import javax.servlet.http.HttpServletRequest;
  3. import javax.servlet.http.HttpServletResponse;
  4. import javax.servlet.http.HttpSession;

  5. import org.springframework.http.HttpRequest;
  6. import org.springframework.stereotype.Controller;
  7. import org.springframework.web.bind.annotation.RequestMapping;
  8. import org.springframework.web.bind.annotation.ResponseBody;

  9. @Controller
  10. @RequestMapping("/validateCode")
  11. public class YanZhengMaController {
  12. @RequestMapping("/getVerify")
  13. public void getVerify(HttpServletRequest request, HttpServletResponse response){
  14. response.setContentType("image/jpeg");//设置相应类型,告诉浏览器输出的内容为图片
  15. response.setHeader("Pragma", "No-cache");//设置响应头信息,告诉浏览器不要缓存此内容
  16. response.setHeader("Cache-Control", "no-cache");
  17. response.setDateHeader("Expire", 0);
  18. RandomValidateCode randomValidateCode = new RandomValidateCode();
  19. try {
  20. randomValidateCode.getRandcode(request, response);//输出验证码图片方法
  21. } catch (Exception e) {
  22. e.printStackTrace();
  23. }
  24. }

  25. /**
  26. * 登录页面校验验证码
  27. */
  28. @RequestMapping("/checkVerify")
  29. @ResponseBody
  30. public String checkVerify(String inputStr, HttpSession session){
  31. //从session中获取随机数
  32. String random = (String) session.getAttribute("RANDOMVALIDATECODEKEY");
  33. if(random.equals(inputStr)){
  34. return "T";//验证码正确
  35. }else{
  36. return "F";//验证码错误
  37. }
  38. }

  39. /*
  40. * 口令、口令+验证码加密
  41. */
  42. @RequestMapping("/jiami")
  43. @ResponseBody
  44. public String jiaMi(String inputStr, HttpSession session){
  45. EncryptionByMD5 md5 = new EncryptionByMD5();
  46. String jiami = md5.getMD5(inputStr.getBytes());
  47. return jiami;
  48. }

  49. /*
  50. * 验证成功输出界面
  51. */
  52. @SuppressWarnings("static-access")
  53. @RequestMapping("/checkOk")
  54. public String checkOk(HttpServletRequest request,HttpSession session) {
  55. String password = request.getParameter("password");
  56. String username = request.getParameter("username");
  57. String user = "admin";
  58. //pwd = abc123 + 验证码
  59. String pwd = "e99a18c428cb38d5f260853678922e03" + (String) session.getAttribute("RANDOMVALIDATECODEKEY");
  60. EncryptionByMD5 encryptionByMD5 = new EncryptionByMD5();
  61. pwd = encryptionByMD5.getMD5(pwd.getBytes());
  62. // System.out.println("pwd:"+pwd);
  63. // System.out.println("password:"+password);
  64. if(!user.equals(username) || !pwd.equals(password)){
  65. return "redirect:error.jsp";
  66. }
  67. return "redirect:ok.jsp";
  68. }
  69. }

jsp页面:
  1. <%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>

  2. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  3. <html>
  4. <head>
  5. <title>登陆页面</title>
  6. <meta name="viewport"
  7. content="width=device-width,initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no"/>
  8. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  9. <script language="javascript" src="js/jquery-3.1.1.min.js"></script>

  10. <script type="text/javascript">
  11. $(document.body).ready(function () {
  12. //首次获取验证码
  13. $("#imgVerify").attr("src","/SpringMVC01/validateCode/getVerify.do?"+Math.random());
  14. });


  15. //获取验证码
  16. function getVerify(obj,str){
  17. obj.src = str+"/validateCode/getVerify.do?"+Math.random();
  18. }
  19. //验证码出错- 刷新验证码
  20. function getVerify2(str){
  21. $("#imgVerify").attr("src",str+"/validateCode/getVerify.do?"+Math.random());
  22. }

  23. //校验验证码
  24. function checkSum(str){
  25. var inputStr = $(".check_input").val();
  26. if(inputStr!=null && inputStr!=""){
  27. inputStr = inputStr.toUpperCase();//将输入的字母全部转换成大写
  28. $.ajax({
  29. url : str+"/validateCode/checkVerify.do",
  30. data: {inputStr:inputStr},
  31. success : function(datas) {
  32. if(datas == "T"){
  33. //$("#form1").submit();//提交表单
  34. jiami(str);
  35. }else{
  36. getVerify2(str); //出错时更换验证码
  37. $(".check_input").val("");
  38. $(".warn_text").text("验证码输入错误!");
  39. $(".login_form_warn").css("display","block");
  40. }
  41. }
  42. });
  43. }else{
  44. getVerify2(str); //出错时更换验证码
  45. $(".warn_text").text("请输入验证码");
  46. $(".login_form_warn").css("display","block");
  47. }
  48. }


  49. function jiami(str){
  50. var pwd = document.getElementById("password").value;
  51. var inputStr = $(".check_input").val().toUpperCase();
  52. $.ajax({
  53. url:str+"/validateCode/jiami.do",
  54. data: {inputStr:pwd},
  55. success:function(datas){
  56. //$("#form1").submit();//提交表单
  57. var klAndYzm = datas + inputStr;
  58. $.ajax({
  59. url:str+"/validateCode/jiami.do",
  60. data: {inputStr:klAndYzm},
  61. success:function(datas){
  62. document.getElementById("password").value = datas;
  63. $("#form1").submit();//提交表单
  64. }
  65. });

  66. }
  67. });

  68. }

  69. </script>

  70. </head>
  71. <body>
  72. <div class="login_form">
  73. <form action="${pageContext.request.contextPath }/validateCode/checkOk.do" method='post' id="form1">
  74. <input type="text" name="username" id="username" placeholder="请输入用户名">
  75. <input type="password" name="password" id="password" placeholder="请输入密码">
  76. </form>
  77. <input class="check_input" type="text" placeholder="请输入验证码" >
  78. <img id="imgVerify" src="" alt="点击更换验证码" width="112" height="36" onclick="getVerify(this,'${pageContext.request.contextPath}');"><!--首次获取验证码图片,也可在此将src设为访问路径/getVerify-->
  79. <div class="login_form_warn_lable"></div>
  80. <div class="login_form_warn">
  81. <div style="font-size: 10px;color: red;"> <span class="warn_text"></span> </div>
  82. </div>
  83. <div class="login_form_submit">
  84. <input class="btn_submit" onclick="checkSum('${pageContext.request.contextPath}');" type="submit" value="登录"/>
  85. </div>
  86. </div>
  87. </body>
  88. </html>
效果:


    本站是提供个人知识管理的网络存储空间,所有内容均由用户发布,不代表本站观点。如发现有害或侵权内容,请点击这里 或 拨打24小时举报电话:4000070609 与我们联系。

    猜你喜欢

    0条评论

    发表

    请遵守用户 评论公约

    类似文章 更多
    喜欢该文的人也喜欢 更多