方法 getDeskey() 被我改成如下所示:
实现了,将密钥存入数据库的功能,虽然用流可以实现存入java object 到 DB(即,可以直接把密钥存入数据库,具体的代码还不会,誰告诉我下?)但该方法没有对密钥加密,所以我采用了下面的方法,将密钥拆分后并打乱顺序再存入数据库,我们再只要保证该CLASS文件不被反编译,那么这个加密就比较安全了.
我没读过什么书,所以一开始以为密钥的长度不固定,所以代码有些庸余,但实际运行却发现每次生成的密钥都是8字节.
/**
* 生成密钥并存入数据库OR从数据库取出密钥
* */
public SecretKey getDeskey() {
try {
SecretKey deskey = null;
String orclURL = null;
//读XML配置文件,取得ORACLE的URL
SAXReader reader = new SAXReader();
try {
Document doc = reader.read(new File("E:\\SWECTool\\bea\\user_projects\\domains\\default\\config.xml"));
Element connPoolEle = (Element) doc.selectSingleNode("/Domain/JDBCConnectionPool");
orclURL = connPoolEle.attributeValue("URL");
//System.out.println(orclURL);
} catch (DocumentException e) {
e.printStackTrace();
}
try {
//Oracle的连接
Class.forName("oracle.jdbc.driver.OracleDriver").newInstance();
String user = "smile";
String password = "smile";
Connection conn = DriverManager.getConnection(orclURL,user,password);
if(conn != null){
System.out.println("Connection Success "+conn);
}else{
System.out.println("Connection failed "+conn);
}
Statement stmt = conn.createStatement();
try {
//SQL文,从表DESKEY中检索出deskey的被拆分的各部分
StringBuffer statement3 = new StringBuffer();
statement3.append("SELECT B.*, A.COUNT ");
statement3.append("FROM (SELECT COUNT
AS COUNT FROM USER_TAB_COLUMNS ");
statement3.append("WHERE TABLE_NAME='DESKEY') A, DESKEY B");
//执行,从表DESKEY中检索出deskey的被拆分的各部分
ResultSet resultKey = stmt.executeQuery(statement3.toString());
if (resultKey.next()) {
int fieldNumber2 = Integer.parseInt(resultKey.getString("COUNT"));
String[] strdeskeyArray2 = new String[fieldNumber2];
for (int i = 1; i <= fieldNumber2; i++) {
strdeskeyArray2[i-1] = resultKey.getString
;
}
//还原顺序
if (fieldNumber2 > 2) {
String strTemp1 = resultKey.getString(1);
String strTemp2 = resultKey.getString(fieldNumber2 - 1);
strdeskeyArray2[0] = strdeskeyArray2[fieldNumber2 - 1];
strdeskeyArray2[fieldNumber2 - 2] = strTemp1;
strdeskeyArray2[fieldNumber2 - 1] = strTemp2;
}
//测试用
StringBuffer aa = new StringBuffer();
for (int i = 0; i < fieldNumber2; i++) {
if (i < fieldNumber2 - 1) {
aa.append(strdeskeyArray2[i] + ":");
} else {
aa.append(strdeskeyArray2[i]);
}
}
System.out.println("密钥数组顺序被整理成: " +aa.toString());
StringBuffer str = new StringBuffer();
for (int i = 1; i <= fieldNumber2; i++) {
if (i < fieldNumber2) {
str.append(strdeskeyArray2[i - 1] + ":");
} else {
str.append(strdeskeyArray2[i - 1]);
}
}
//The bytes can be converted back to a SecretKey
SecretKey deskey2 = new SecretKeySpec(hexToByte(str.toString()), "DES");
//测试用
System.out.println("这次取得的密钥是从数据库中取出来地!");
return deskey2;
}
} catch (Exception e) {
//e.printStackTrace();
//生成密钥
KeyGenerator keygen = KeyGenerator.getInstance("DES");
deskey = keygen.generateKey();
//测试用
System.out.println("首次获得的密钥是: " + deskey.toString());
//Get the bytes of the key
byte[] deskeyBytes = deskey.getEncoded();
String strdeskey = byte2hex(deskeyBytes);
//测试用
System.out.println("密钥被转换成字符串: " + strdeskey);
String strdeskeyArray[] = strdeskey.split(":");
int fieldNumber = strdeskeyArray.length;
//打乱顺序后再存入数据库
if (fieldNumber > 2) {
String strTemp1 = strdeskeyArray[0];
String strTemp2 = strdeskeyArray[fieldNumber - 2];
strdeskeyArray[fieldNumber - 2] = strdeskeyArray[fieldNumber - 1];
strdeskeyArray[fieldNumber - 1] = strTemp1;
strdeskeyArray[0] = strTemp2;
}
//测试用
StringBuffer bb = new StringBuffer();
for (int i = 0; i < fieldNumber; i++) {
if (i < fieldNumber - 1) {
bb.append(strdeskeyArray[i] + ":");
} else {
bb.append(strdeskeyArray[i]);
}
}
System.out.println("打乱顺序后的密钥数组为: " +bb.toString());
//SQL文,建立存放密钥的表
StringBuffer statement = new StringBuffer();
statement.append("CREATE TABLE DESKEY ");
statement.append("( ");
for (int i = 0; i < fieldNumber; i++) {
statement.append("KEY_" + i);
if (i < fieldNumber -1) {
statement.append(" CHAR(2), ");
} else {
statement.append(" CHAR(2) ");
}
}
statement.append(")");
//SQL文插入语句,把deskey拆开分别插入不同的字段中
StringBuffer statement2 = new StringBuffer();
statement2.append("INSERT INTO DESKEY ");
statement2.append("( ");
for (int i = 0; i < fieldNumber; i++) {
if (i < fieldNumber -1) {
statement2.append("KEY_" + i + ", ");
} else {
statement2.append("KEY_" + i);
}
}
statement2.append(" ) ");
statement2.append(" VALUES( ");
for (int i = 0; i < fieldNumber; i++) {
if (i < fieldNumber -1) {
statement2.append("'" + strdeskeyArray[i] + "', ");
} else {
statement2.append("'" + strdeskeyArray[i] + "'");
}
}
statement2.append(" )");
//DESKEY表的建立
stmt.executeUpdate(statement.toString());
//提交
conn.commit();
//deskey的插入
int result = stmt.executeUpdate(statement2.toString());
//提交
conn.commit();
//测试用
if (result > 0) {
System.out.println("密钥已被成功插入到数据库,result = " + result);
}
}
} catch (SQLException e) {
e.printStackTrace();
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (InstantiationException e) {
e.printStackTrace();
} catch (IllegalAccessException e) {
e.printStackTrace();
}
//测试用
System.out.println("这次取得的密钥是首次生成的!");
return deskey;
} catch (Exception e) {
e.printStackTrace();
System.out.println("生成密钥失败");
return null;
}
}
打印话题
寄给朋友
订阅主题
于 2006-08-08 12:08
新的帖子
被删除的帖子
