JavaScript-side Encryption Java service-side decryption

Source: Internet
Author: User
Tags auth oauth

We usually use HTTs to secure the transport, but if we don't use HTTPS, we can use JavaScript to ensure that the parameters sent by the browser are encrypted and processed by the RSA algorithm.

Here we can use a jquery encryption plug-in jcryption to handle, you can refer to

http://jcryption.org/#examples

Now the version is 3.0 but there is no Java side implementation, the next time to study. Now, this is a 1.1 version.

This can be in

Http://linkwithweb.googlecode.com/svn/trunk/Utilities/jCryptionTutorial get

But there was a flaw in his service, and I modified it.

The following is a general introduction:

1. First the server has a servlet that generates PUBLICKEY:

Package com.gsh.oauth.auth.servlet;

Import java.io.IOException;

Import Java.security.KeyPair;

Import javax.servlet.ServletException;

Import Javax.servlet.http.HttpServlet;

Import Javax.servlet.http.HttpServletRequest;

Import Javax.servlet.http.HttpServletResponse;

Import Com.gsh.oauth.auth.util.JCryptionUtil;

/**

* Servlet Implementation Class Encryptionservlet

*/

public class Encryptionservlet extends HttpServlet {

Private static final long serialversionuid = 1L;

/**

* Default constructor.

*/

Public Encryptionservlet () {

TODO auto-generated Constructor stub

}

/**

* @see Httpservlet#service (httpservletrequest request, httpservletresponse response)

*/

protected void Service (HttpServletRequest request,

HttpServletResponse response) throws Servletexception, IOException {

int key_size = 1024;

if (Request.getparameter ("generatekeypair") = null) {

Jcryptionutil jcryptionutil = new Jcryptionutil ();

KeyPair keys = null;

if (Request.getsession (). getattribute ("keys") = = null) {//commented out here otherwise the second request will be 500

Keys = Jcryptionutil.generatekeypair (key_size);

Request.getsession (). SetAttribute ("Keys", keys);

//}

StringBuffer output = new StringBuffer ();

String e = jcryptionutil.getpublickeyexponent (keys);

String n = jcryptionutil.getpublickeymodulus (keys);

String MD = string.valueof (jcryptionutil.getmaxdigits (key_size));

Output.append ("{\" e\ ": \" ");

Output.append (e);/files/linugb118/bcprov-jdk15-1.46.jar.zip

Output.append ("\", \ "n\": \ "");

Output.append (n);

Output.append ("\", \ "maxdigits\": \ "");

Output.append (MD);

Output.append ("\"} ");

Output.tostring ();

Response.getoutputstream (). Print (

Output.tostring (). ReplaceAll ("\ R", ""). ReplaceAll ("\ n", "")

. Trim ());

} else {

Response.getoutputstream (). Print (String.valueof (false));

}

}

}

2. Client Example

<title>login form</title>

<meta http-equiv="Content-type"

content="text/html; Charset=utf-8 ">

<script src=". /js/jquery-1.4.2.min.js "type="text/javascript"></script>

<script src=". /js/jquery-ui-1.8.2.custom.min.js "

Type="Text/javascript"></script>

<script type="Text/javascript"

Src=". /js/security/jquery.jcryption-1.1.min.js "></script>

<script type="Text/javascript">

$ (document). Ready (function() {

var $statusText = $ (' <span id= ' status ></span> '). Hide ();

$ ("#status_container"). Append ($statusText);

$ ("#lf"). Jcryption ({

Getkeysurl: "/gsh/oauth/encryption?generatekeypair=true",

Beforeencryption: function() {

$statusText

. Text ("Test Code")

. Show ();

return true;

},

Encryptionfinished: function(

Encryptedstring,

Objectlength) {

$statusText

. text (encryptedstring);

return true;

}

});

});

</script>

<body>

<form id="LF" action="/gsh/oauth/authorization"

method="POST">

<fieldset><legend>login</legend>

<div>

<div>client_id:<br>

<input type="text" size= "name=" client_id "value=""></div>

<div>redirect_uri:<br>

<input type="text" size= "name=" Redirect_uri "value=""></div>

</div>

<div>loginID:<br>

<input type="text" size= "name=" loginID "value=""></div>

</ Div >

<div>password:<br>

<input type="password" size=" " name= " password" value= ""></div>

</ Div >

<div>

<p><input type="Submit" /><span id="Status_container"></span></p >

</div>

</fieldset>

</form>

</body>

As you can see from the code above, he/gsh/oauth/encryption?generatekeypair=true to ask for public and then encrypt it through jcryption . then Post to the service side. encryption is the encryptionservlet above.

From the browser tool, you can see that the data inside the form is encrypted

jcryption= 95f1589502288050e08b4bd8b1a360341cf616d9054531b85a6ef85783c1723b46686ec454ee81f1304fa2370ce24c4d9c06f84d47aa4bdf99310ae12 B514db19bfcc325f3a39a584c23b1546550f4e0635c12486f2fd84dec137e1c61cfa775dfa3057a1f0154712aaba0af0cc61810282780f15bed909c24 a184e66ab39f2e

3. decryption of the target servlet(authorization)

Public class Authorization extends httpservlet {

protected void doget (HttpServletRequest httpservletrequest,

HttpServletResponse HttpServletResponse) throws Servletexception,

IOException {

PrintWriter out = Httpservletresponse.getwriter ();

KeyPair keys = (KeyPair) httpservletrequest.getsession (). getattribute ("Keys");

String encrypted = Httpservletrequest.getparameter ("epcryption");

String client_id = null;

String Redirect_uri = null;

String loginID = null;

String password = null;

Try {

String data = Jcryptionutil. Decrypt (encrypted, keys);

Httpservletrequest.getsession (). removeattribute ("Keys");

Map params = jcryptionutil. Parse (Data, "UTF-8");

client_id = (String) params.get ("client_id");

Redirect_uri = (String) params.get ("Redirect_uri");

loginID = (String) params.get ("loginID");

Password = (String) params.get ("password");

} catch (Throwable e) {

E.printstacktrace();

}

}

}

above at least fragments that need to be relevant JS and the Java problem, please SVN obtained above. In addition, we need Bcprov-jdk15-1.46.jar

can be in http://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15/1.46

Get.

JavaScript-Side encryption Java service-side decryption

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.