SOP页面跳转设计 RAS AES加密算法应用跨服务免登陆接口设计
SOP,是 Standard Operating Procedure三个单词中首字母的大写 ,即标准作业程序,指将某一事件的标准操作步骤和要求以统一的格式描述出来,用于指导和规范日常的工作。
加密/加签过程: 1.动态随机生成AES密钥aesKey,而不是静态的AES密钥。提高安全性。 2.使用该AES对传输的接口数据data加密。 比如:username=AES(username原文,aesKey)&age=AES(age原文,aesKey) 3.使用RSA公钥对aesKey加密,作为参数传递 prikey=RSA(aeskey,公钥)
以上完整的路径:http://IP地址 端口/path?username=AES(username,aesKey)&age=AES(age,aesKey)&prikey=RSA(aeskey,公钥)
解密/解签过程: 1.先用私钥从prikey解密获取aesKey 2.用aesKey解密username,age获得username原文,age原文
* Invalid AES key length: 33 bytes * * 如果未指定init LEN,则根据参数的key自适应。AES KEY长度为 16位,24位,32位。 * 否则可以指定AES KEY长度 * // KeyGenerator kgen = KeyGenerator.getInstance(TYPE); * // //Wrong keysize: must be equal to 128, 192 or 256 * // kgen.init(LEN); //128 / 8 = 16 * * 经过测试发现: * keysize: must be equal to 128, 192 or 256 * aes key长度 16,24,32 * 以上的两个条件相互都成立,而不是如下的第一组,第二组,第三组的强制配对。
DEMO代码示例:
代码语言:javascript复制package com.example.core.mydemo.spi;
import com.alibaba.fastjson.JSONObject;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.SecretKeySpec;
import java.math.BigInteger;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Date;
/**
* Invalid AES key length: 33 bytes
*
* 如果未指定init LEN,则根据参数的key自适应。AES KEY长度为 16位,24位,32位。
* 否则可以指定AES KEY长度
* // KeyGenerator kgen = KeyGenerator.getInstance(TYPE);
* // //Wrong keysize: must be equal to 128, 192 or 256
* // kgen.init(LEN); //128 / 8 = 16
*
* 经过测试发现:
* keysize: must be equal to 128, 192 or 256
* aes key长度 16,24,32
* 以上的两个条件相互都成立,而不是如下的第一组,第二组,第三组的强制配对。
*/
public class AesUtil {
//算法
private static final String ALGORITHMSTR = "AES/ECB/PKCS5Padding";
//密钥 (静态aesKey)
//第一组
public static final String KEY = "9862ecf540c64534";
// public static final String KEY = "yyyyyyyyyyyyyyyy"; //16位
//
private static final Integer LEN = 128;
//第二组
// public static final String KEY = "yyyyyyyyyyyyyyyy91a1e003c11b414e"; //32位
// private static final Integer LEN = 256;
//第三组
// public static final String KEY = "yyyyyyyyyyyyyyyy91a1e003"; //24位
// private static final Integer LEN = 192;
// 加密类型
private static final String TYPE = "AES";
/**
* aes加密 - 静态aesKey
*
* @param content
* @return
* @throws Exception
*/
public static String aesEncrypt(String content) {
try {
return aesEncrypt(content, KEY);
} catch (Exception e) {
e.printStackTrace();
return "";
}
}
/**
* aes解密 - 静态aesKey
*
* @param encrypt 内容
* @return
* @throws Exception
*/
public static String aesDecrypt(String encrypt) {
try {
return aesDecrypt(encrypt, KEY);
} catch (Exception e) {
e.printStackTrace();
return "";
}
}
/**
* 将base 64 code AES解密
*
* @param encryptStr 待解密的base 64 code
* @param decryptKey 解密密钥
* @return 解密后的string
* @throws Exception
*/
public static String aesDecrypt(String encryptStr, String decryptKey) throws Exception {
return isEmpty(encryptStr) ? null : aesDecryptByBytes(base64Decode(encryptStr), decryptKey);
}
/**
* AES解密
*
* @param encryptBytes 待解密的byte[]
* @param decryptKey 解密密钥
* @return 解密后的String
* @throws Exception
*/
public static String aesDecryptByBytes(byte[] encryptBytes, String decryptKey) throws Exception {
KeyGenerator kgen = KeyGenerator.getInstance(TYPE);
//Wrong keysize: must be equal to 128, 192 or 256
kgen.init(LEN);
Cipher cipher = Cipher.getInstance(ALGORITHMSTR);
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(decryptKey.getBytes(), TYPE));
byte[] decryptBytes = cipher.doFinal(encryptBytes);
return new String(decryptBytes);
}
/**
* base 64 decode
*
* @param base64Code 待解码的base 64 code
* @return 解码后的byte[]
* @throws Exception
*/
public static byte[] base64Decode(String base64Code) throws Exception {
return isEmpty(base64Code) ? null : Base64.getDecoder().decode(base64Code);
}
/**
* AES加密为base 64 code
*
* @param content 待加密的内容
* @param encryptKey 加密密钥
* @return 加密后的base 64 code
* @throws Exception
*/
public static String aesEncrypt(String content, String encryptKey) throws Exception {
return base64Encode(aesEncryptToBytes(content, encryptKey));
}
/**
* base 64 encode
*
* @param bytes 待编码的byte[]
* @return 编码后的base 64 code
*/
public static String base64Encode(byte[] bytes) {
return Base64.getEncoder().encodeToString(bytes);
}
/**
* AES加密
*
* @param content 待加密的内容
* @param encryptKey 加密密钥
* @return 加密后的byte[]
* @throws Exception
*/
public static byte[] aesEncryptToBytes(String content, String encryptKey) throws Exception {
KeyGenerator kgen = KeyGenerator.getInstance(TYPE);
//Wrong keysize: must be equal to 128, 192 or 256
kgen.init(LEN); //128 / 8 = 16
Cipher cipher = Cipher.getInstance(ALGORITHMSTR);
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(encryptKey.getBytes(), TYPE));
return cipher.doFinal(content.getBytes(StandardCharsets.UTF_8));
}
/**
* 将byte[]转为各种进制的字符串
*
* @param bytes byte[]
* @param radix 可以转换进制的范围,从Character.MIN_RADIX到Character.MAX_RADIX,超出范围后变为10进制
* @return 转换后的字符串
*/
public static String binary(byte[] bytes, int radix) {
return new BigInteger(1, bytes).toString(radix);// 这里的1代表正数
}
public static boolean isEmpty(CharSequence cs) {
return cs == null || cs.length() == 0;
}
/**
* 测试
* output:
* 对比:RASPublicAuthUtil.java输出结果 对比一致
* username AES加密后的数据:wG2GS4DxYko57DoL0kAAWA==
* username解码:wG2GS4DxYko57DoL0kAAWA==
*
*encrypt=wG2GS4DxYko57DoL0kAAWA==
* encodeEncrypt=wG2GS4DxYko57DoL0kAAWA==
* decrypt=admin
*
*/
public static void main(String[] args) throws Exception {
// JSONObject jsonObject = new JSONObject();
// jsonObject.put("ticketId", "8310000002021051115277C");
// jsonObject.put("serviceItemId", "100000000708");
// jsonObject.put("timestamp", new Date());
// System.out.println("json data=" jsonObject.toJSONString());
// String encrypt = aesEncrypt(jsonObject.toJSONString());
//aes加密
String encrypt = aesEncrypt("admin");
System.out.println("encrypt=" encrypt);
//aes编码
String encodeEncrypt = URLEncoder.encode(encrypt, "UTF-8");
System.out.println("encodeEncrypt=" encodeEncrypt);
//aes解密
String decodeEncrypt = URLDecoder.decode(encodeEncrypt,"UTF-8");
String decrypt = aesDecrypt(decodeEncrypt);
System.out.println("decrypt=" decrypt);
}
}
package com.example.core.mydemo.spi;
import com.alibaba.fastjson.JSONObject;
import javax.crypto.Cipher;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.UUID;
/**
**/
public class RSAPublicAuthUtil {
// Base64解密
private static final Base64.Decoder decoder = Base64.getDecoder();
// Base64加密
private static final Base64.Encoder encoder = Base64.getEncoder();
/**
* 非对称密钥算法
*/
public static final String KEY_ALGORITHM = "RSA";
/**
* 公钥
*/
private static final String PUBLIC_KEY = "可以使用支付宝开放平台开发助手.exe工具生成";
/**
* 私钥
*/
private static final String PRIVATE_KEY = "可以使用支付宝开放平台开发助手.exe工具生成";
/**
* @param data
* @throws
* @Description:
* @return: java.lang.String
* @Author: MeiQi
* @Date: 2021/7/12 20:50
**/
public static String encryptByPublicKey(String data)throws Exception {
byte[] key_byte = decoder.decode(PUBLIC_KEY);
byte[] encrypt_str = encryptByPublicKey(decoder.decode(data), key_byte);
return encoder.encodeToString(encrypt_str);
}
/**
* @param data 待加密数据
* @param key 密钥
* @throws
* @Description: 公钥加密
* @return: byte[] 加密数据
* @Author: MeiQi
* @Date: 2021/7/12 20:51
**/
private static byte[] encryptByPublicKey(byte[] data, byte[] key) throws Exception {
//实例化密钥工厂
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
//初始化公钥
//密钥材料转换
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(key);
//产生公钥
PublicKey pubKey = keyFactory.generatePublic(x509KeySpec);
//数据加密
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, pubKey);
return cipher.doFinal(data);
}
/**
* 私钥解密
* @param secretText 待解密的密文字符串
* @return 解密后的明文
*/
public static String decryptByPrivateKey(String secretText) {
try {
String privateKeyStr = PRIVATE_KEY;
String input_charset = "UTF-8";
// 生成私钥
Cipher cipher = Cipher.getInstance(KEY_ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, getPrivateKey(privateKeyStr));
// 密文解码
byte[] secretTextDecoded = decoder.decode(secretText);
byte[] tempBytes = cipher.doFinal(secretTextDecoded);
// return new String(tempBytes);
return encoder.encodeToString(tempBytes);
} catch (Exception e) {
throw new RuntimeException("解密字符串[" secretText "]时遇到异常", e);
}
}
/**
* 得到私钥
* @param key 密钥字符串(经过base64编码)
* @throws Exception
*/
private static PrivateKey getPrivateKey(String key) throws Exception {
byte[] keyBytes;
keyBytes = decoder.decode(key);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
return privateKey;
}
/**
* output:
* 公钥:~~
* 原文:admin
* 原文:25
* aesKey:9862ecf540c64534
* username AES加密后的数据:wG2GS4DxYko57DoL0kAAWA==
* age AES加密后的数据:NUjk8UtCDZq7U8HhRNixNQ==
* 使用公钥加密prikey后的数据:NJ2dUzqqUwzcrYqV5GX0xKDo9eBuC1hjvTUAmtZmC9xoTX7nc0JhEErO2AZRyCS47Bc6CZi68MWSKsBt9bNxIfkY3ciGWOxSgHNhOVpWM8wEjWb6q+NcoLV9p7wapdur43v3jdcGFhzD0ugmDMiTPhCPfp0Dz3s9qTZD6rN1uc0=
* http://localhost:8010/#/index?&username=wG2GS4DxYko57DoL0kAAWA==&age=NUjk8UtCDZq7U8HhRNixNQ==&prikey=NJ2dUzqqUwzcrYqV5GX0xKDo9eBuC1hjvTUAmtZmC9xoTX7nc0JhEErO2AZRyCS47Bc6CZi68MWSKsBt9bNxIfkY3ciGWOxSgHNhOVpWM8wEjWb6q+NcoLV9p7wapdur43v3jdcGFhzD0ugmDMiTPhCPfp0Dz3s9qTZD6rN1uc0=
* prikey解码:NJ2dUzqqUwzcrYqV5GX0xKDo9eBuC1hjvTUAmtZmC9xoTX7nc0JhEErO2AZRyCS47Bc6CZi68MWSKsBt9bNxIfkY3ciGWOxSgHNhOVpWM8wEjWb6q NcoLV9p7wapdur43v3jdcGFhzD0ugmDMiTPhCPfp0Dz3s9qTZD6rN1uc0=
* prikey解密:9862ecf540c64534
* username解码:wG2GS4DxYko57DoL0kAAWA==
* username解密:admin
* age解码:NUjk8UtCDZq7U8HhRNixNQ==
* age解密:25
*/
/**
* @param args
* @throws Exception
*/
public static void main(String[] args) throws Exception {
//发送端
System.out.println("公钥:" PUBLIC_KEY);
String username = "admin";
System.out.println("原文:" username);
String age = "25";
System.out.println("原文:" age);
String nonceStr = UUID.randomUUID().toString().replace("-", "");
String aesKey = nonceStr.substring(0, 16);
System.out.println("aesKey:" aesKey);
username = AesUtil.aesEncrypt(username, aesKey);
username = URLEncoder.encode(username, "UTF-8");
System.out.println("username AES加密后的数据:" username);
age = AesUtil.aesEncrypt(age, aesKey);
age = URLEncoder.encode(age, "UTF-8");
System.out.println("age AES加密后的数据:" age);
//发送端进行数据的加密
String prikey = RSAPublicAuthUtil.encryptByPublicKey(aesKey);
prikey = URLEncoder.encode(prikey, "UTF-8");
System.out.println("使用公钥加密prikey后的数据:" prikey);
String base_url = "http://localhost:8010/#/index?";
System.out.println(base_url.concat("&username=").concat(username).concat("&age=").concat(age).concat("&prikey=").concat(prikey));
//接收端
prikey = URLDecoder.decode(prikey,"UTF-8");
System.out.println("prikey解码:" prikey);
String decryAes = RSAPublicAuthUtil.decryptByPrivateKey(prikey);
System.out.println("prikey解密:" decryAes);
username = URLDecoder.decode(username,"UTF-8");
System.out.println("username解码:" username);
String decryUsernameStr = AesUtil.aesDecrypt(username,decryAes);
System.out.println("username解密:" decryUsernameStr);
age = URLDecoder.decode(age,"UTF-8");
System.out.println("age解码:" age);
String decryAgeStr = AesUtil.aesDecrypt(age,decryAes);
System.out.println("age解密:" decryAgeStr);
}
}
RSA公私钥生成可以使用支付宝开放平台开发助手.exe工具生成