在JavaScript中加密SQL语句,在Java中进⾏解密
在前端防⽌SQL注⼊时,有个需求:在js中加密前端向后端传递的SQL语句,在后端进⾏解密后运⾏SQL语句。前端js加密⽅式有很多,但是存在很多⾮可逆性的加密,所以只能已经成熟的js加密解密⼯具;
1、crypto-js.min.js
2、base64.js
第⼀种加密⽅式本⼈在实际测试中发现会存在SQL语句过长,加密、解密后导致SQL语句被截取,不完整的情况,所以采取的是第⼆中js加密⽅式。
(1)在后端解密时,使⽤的是java类调⽤js(base64.js)中的⽅法的⽅式,实现代码:
/**
* 解密,
* @param str 密⽂
* @param str_src_Path js存放路径,path+name
* @return
*/
public static String decrypt(String str,String str_src_Path){
ScriptEngineManager scriptEngineManager =new ScriptEngineManager();
ScriptEngine nashorn = EngineByName("nashorn");
try{
// 读取js⽂件内容
nashorn.eval(new FileReader(str_src_Path));
//调⽤js代码,进⾏参数加密
Object eval = nashorn.eval("decrypt(\""+ str +"\")");
System.out.println("解密后明⽂==="+String());
String();
}catch(Exception e){
e.printStackTrace();
}
return null ;
}
/**
* 加密,
* @param str 明⽂
* @param str_src_Path js存放路径,path+name
* @return
*/
public static String encrypt(String str,String str_src_Path){
ScriptEngineManager scriptEngineManager =new ScriptEngineManager();
ScriptEngine nashorn = EngineByName("nashorn");
try{
// 读取js⽂件内容
nashorn.eval(new FileReader(str_src_Path));
//调⽤js代码,进⾏参数加密
Object eval = nashorn.eval("encrypt(\""+ str +"\")");
System.out.println("加密后密⽂ "+String());
String();
}catch(Exception e){
e.printStackTrace();
}
return null ;
}
(2)base64.js经过微调,增加了如下代码,加密解密的⽅法名参数个数需要与java代码中的⼀致
//加密
function encrypt(message)
{
return encode(message);
}
//解密
function decrypt(ciphertext)
{
return decode(ciphertext);
}
base64.js经过微调,全部内容为:
/*
* [hi-base64]{@link github/emn178/hi-base64}
*
* @version 0.2.1
* @author Chen, Yi-Cyuan [emn178@gmail]
* @copyright Chen, Yi-Cyuan 2014-2017
* @license MITjs代码加密软件
*/
/*jslint bitwise: true */
'use strict';
var root =typeof window ==='object'? window :{};
var NODE_JS=!root.HI_BASE64_NO_NODE_JS&&typeof process ==='object'&& process.versions && de; if(NODE_JS)
{
root = global;
}
var COMMON_JS=!root.HI_BASE64_NO_COMMON_JS&&typeof module ==='object'&& ports;
var AMD=typeof define ==='function'&& define.amd;
var BASE64_ENCODE_CHAR='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'.split('');
var BASE64_DECODE_CHAR=
{
'A':0,
'B':1,
'C':2,
'D':3,
'E':4,
'F':5,
'G':6,
'H':7,
'I':8,
'J':9,
'K':10,
'L':11,
'M':12,
'N':13,
'O':14,
'P':15,
'Q':16,
'R':17,
'S':18,
'T':19,
'U':20,
'V':21,
'W':22,
'X':23,
'Y':24,
'Z':25,
'a':26,
'b':27,
'c':28,
'd':29,
'd':29,
'e':30,
'f':31,
'g':32,
'h':33,
'i':34,
'j':35,
'k':36,
'l':37,
'm':38,
'n':39,
'o':40,
'p':41,
'q':42,
'r':43,
's':44,
't':45,
'u':46,
'v':47,
'w':48,
'x':49,
'y':50,
'z':51,
'0':52,
'1':53,
'2':54,
'3':55,
'4':56,
'5':57,
'6':58,
'7':59,
'8':60,
'9':61,
'+':62,
'/':63,
'-':62,
'_':63
};
var utf8ToBytes=function(str)
{
var bytes =[];
for(var i =0; i < str.length; i++)
{
var c = str.charCodeAt(i);
if(c <0x80)
{
bytes[bytes.length]= c;
}
else if(c <0x800)
{
bytes[bytes.length]=0xc0|(c >>6);
bytes[bytes.length]=0x80|(c &0x3f);
}
else if(c <0xd800|| c >=0xe000)
{
bytes[bytes.length]=0xe0|(c >>12);
bytes[bytes.length]=0x80|((c >>6)&0x3f);
bytes[bytes.length]=0x80|(c &0x3f);
}
else
{
c =0x10000+(((c &0x3ff)<<10)|(str.charCodeAt(++i)&0x3ff)); bytes[bytes.length]=0xf0|(c >>18);
bytes[bytes.length]=0x80|((c >>12)&0x3f);
bytes[bytes.length]=0x80|((c >>6)&0x3f);
bytes[bytes.length]=0x80|((c >>6)&0x3f);
bytes[bytes.length]=0x80|(c &0x3f);
}
}
return bytes;
};
var decodeAsBytes=function(base64Str)
{
var v1,
v2,
v3,
v4,
bytes =[],
index =0,
length = base64Str.length;
if(base64Str.charAt(length -2)==='=')
{
length -=2;
}
else if(base64Str.charAt(length -1)==='=')
{
length -=1;
}
// 4 char to 3 bytes
for(var i =0, count = length >>2<<2; i < count;)
{
v1 =BASE64_DECODE_CHAR[base64Str.charAt(i++)]; v2 =BASE64_DECODE_CHAR[base64Str.charAt(i++)]; v3 =BASE64_DECODE_CHAR[base64Str.charAt(i++)]; v4 =BASE64_DECODE_CHAR[base64Str.charAt(i++)]; bytes[index++]=(v1 <<2| v2 >>>4)&255;
bytes[index++]=(v2 <<4| v3 >>>2)&255;
bytes[index++]=(v3 <<6| v4)&255;
}
/
/ remain bytes
var remain = length - count;
if(remain ===2)
{
v1 =BASE64_DECODE_CHAR[base64Str.charAt(i++)]; v2 =BASE64_DECODE_CHAR[base64Str.charAt(i++)]; bytes[index++]=(v1 <<2| v2 >>>4)&255;
}
else if(remain ===3)
{
v1 =BASE64_DECODE_CHAR[base64Str.charAt(i++)]; v2 =BASE64_DECODE_CHAR[base64Str.charAt(i++)]; v3 =BASE64_DECODE_CHAR[base64Str.charAt(i++)]; bytes[index++]=(v1 <<2| v2 >>>4)&255;
bytes[index++]=(v2 <<4| v3 >>>2)&255;
}
return bytes;
};
var encodeFromBytes=function(bytes)
{
var v1,
v2,
v3,
base64Str ='',
length = bytes.length;
for(var i =0, count =parseInt(length /3)*3; i < count;) {
v1 = bytes[i++];
v1 = bytes[i++];
v2 = bytes[i++];
v3 = bytes[i++];
base64Str +=BASE64_ENCODE_CHAR[v1 >>>2]+
BASE64_ENCODE_CHAR[(v1 <<4| v2 >>>4)&63]+
BASE64_ENCODE_CHAR[(v2 <<2| v3 >>>6)&63]+
BASE64_ENCODE_CHAR[v3 &63];
}
// remain char
var remain = length - count;
if(remain ===1)
{
v1 = bytes[i];
base64Str +=BASE64_ENCODE_CHAR[v1 >>>2]+
BASE64_ENCODE_CHAR[(v1 <<4)&63]+
'==';
}
else if(remain ===2)
{
v1 = bytes[i++];
v2 = bytes[i];
base64Str +=BASE64_ENCODE_CHAR[v1 >>>2]+
BASE64_ENCODE_CHAR[(v1 <<4| v2 >>>4)&63]+
BASE64_ENCODE_CHAR[(v2 <<2)&63]+
'=';
}
return base64Str;
};
var btoa = root.btoa, atob = root.atob, utf8Base64Encode, utf8Base64Decode; if(NODE_JS)
{
var Buffer =require('buffer').Buffer;
btoa=function(str)
{
return new Buffer(str,'ascii').toString('base64');
};
utf8Base64Encode=function(str)
{
return new Buffer(str).toString('base64');
};
encodeFromBytes = utf8Base64Encode;
atob=function(base64Str)
{
return new Buffer(base64Str,'base64').toString('ascii');
};
utf8Base64Decode=function(base64Str)
{
return new Buffer(base64Str,'base64').toString();
};
}
else if(!btoa)
{
btoa=function(str)
{
var v1,
v2,
v3,
base64Str ='',
length = str.length;
for(var i =0, count =parseInt(length /3)*3; i < count;)
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论