技术开发 频道

用Java加密机制来保护你的数据

  【IT168 技术文档】

  Java开发工具包 (JDK)对加密和安全性有很好的支持。其中一个优势就是其内置的对Socket通信的支持。因此,很容易做到在服务器和客户之间建立安全的数据流。

  流

  Java streams 是一个强大的编程工具。java.io包提供了很多标准的流类型,并能很容易的建立自己的流类型。流的一个有用的特点是和链表一样的简单处理过程。表 A是一个用链表读取文本的例子。

  ufferedReader br =   new BufferedReader(   new FileReader(“c:\foo.txt”));   String line = null;   while((line = br.readLine()) != null) {   System.out.println(line);   }

  这段代码将 FileReader和 BufferedReader链接起来。我们在用客户机/服务器应用程序的时候也会用到类似的概念。

  关键字

  对于验证来说,关键字很重要,表 B (KeyGen.java)提供了一个称为 getSecretKey的标准方法。通过运行KeyGen来产生一个关键字。因为我们采用同步方法,所以客户机和服务器必须用相同的关键字。

  isting B?KeyGen.java

  /*   * Created by IntelliJ IDEA.   * User: jbirchfield   * Date: Mar 19, 2002   * Time: 9:33:22 AM   */   import com.sun.crypto.provider.SunJCE;   import javax.crypto.KeyGenerator;   import java.io.FileInputStream;   import java.io.FileNotFoundException;   import java.io.FileOutputStream;   import java.io.IOException;   import java.io.ObjectInputStream;   import java.io.ObjectOutputStream;   import java.security.Key;   import java.security.NoSuchAlgorithmException;   import java.security.Security;   public class KeyGen {   public static final String KEY_FILE = "secret.key";   public static final String ALGORITHM = "DES";   public static void main(String[] args) {   Security.addProvider(new SunJCE());   new KeyGen();   }   public KeyGen() {   KeyGenerator kg = null;   try {   kg = KeyGenerator.getInstance(ALGORITHM);   Key key = kg.generateKey();   writeKey(KEY_FILE, key);   }   catch (NoSuchAlgorithmException e) {   e.printStackTrace();   }   }   private void writeKey(String filename, Object o) {   try {   FileOutputStream fos = new FileOutputStream(filename);   ObjectOutputStream oos = new ObjectOutputStream(fos);   oos.writeObject(o);   oos.flush();   fos.close();   }   catch (IOException e) {   e.printStackTrace();   }   }   public static Key getSecretKey() {   Security.addProvider(new SunJCE());   FileInputStream fis = null;   try {   fis = new FileInputStream(KEY_FILE);   }   catch (FileNotFoundException e) {   e.printStackTrace();   }   Key key = null;   try {   ObjectInputStream ois = null;   ois = new ObjectInputStream(fis);   key = null;   key = (Key) ois.readObject();   }   catch (IOException e) {   e.printStackTrace();   }   catch (ClassNotFoundException e) {   e.printStackTrace();   }   System.out.println("key = " + key);   return key;   }   }

  安全socket

  我们从一个简单的类开始,它提供我们在普通socket对象之上的加密。表 C (SecretSocket.java) 包含了两段代码-Socket和Key对象。我们的构造器创建了变量并初始化了密码:

  outCipher = Cipher.getInstance(algorithm);   outCipher.init(Cipher.ENCRYPT_MODE, key);   inCipher = Cipher.getInstance(algorithm);   inCipher.init(Cipher.DECRYPT_MODE, key);   isting C?SecretSocket.java   /*   * Created by IntelliJ IDEA.   * User: jbirchfield   * Date: Mar 20, 2002   * Time: 9:07:51 AM   */   import org.bouncycastle.jce.provider.BouncyCastleProvider;   import javax.crypto.Cipher;   import javax.crypto.CipherInputStream;   import javax.crypto.CipherOutputStream;   import javax.crypto.KeyGenerator;   import javax.crypto.NoSuchPaddingException;   import java.io.IOException;   import java.io.InputStream;   import java.io.OutputStream;   import java.net.Socket;   import java.net.UnknownHostException;   import java.security.InvalidKeyException;   import java.security.Key;   import java.security.NoSuchAlgorithmException;   import java.security.NoSuchProviderException;   import java.security.Security;   public class SecretSocket {   private Key key = null;   private Cipher outCipher = null;   private Cipher inCipher = null;   private CipherInputStream cis = null;   private CipherOutputStream cos = null;   private Socket socket = null;   private String algorithm = "DES";   public SecretSocket(Socket socket, Key key) {   this.socket = socket;   this.key = key;   algorithm = key.getAlgorithm();   initializeCipher();   }   private void initializeCipher() {   try {   outCipher = Cipher.getInstance(algorithm);   outCipher.init(Cipher.ENCRYPT_MODE, key);   inCipher = Cipher.getInstance(algorithm);   inCipher.init(Cipher.DECRYPT_MODE, key);   }   catch (NoSuchAlgorithmException e) {   e.printStackTrace();   }   catch (NoSuchPaddingException e) {   e.printStackTrace();   }   catch (InvalidKeyException e) {   e.printStackTrace();   }   }   public InputStream getInputStream() throws IOException {   InputStream is = socket.getInputStream();   cis = new CipherInputStream(is, inCipher);   return cis;   }   public OutputStream getOutputStream() throws IOException {   OutputStream os = socket.getOutputStream();   cos = new CipherOutputStream(os, outCipher);   return cos;   }   }

  因为socket是双向的通信,所以我们采用两个密码。加密输出的数据并解密输入的数据。我们使用getInputStream()和 getOutputStream(),这两种方法来加密合解密通用的输入和输出的经过包装的数据流。见 表 D 。

  isting D

 

  public InputStream getInputStream() throws IOException {   InputStream is = socket.getInputStream();   cis = new CipherInputStream(is, inCipher);   return cis;   }   public OutputStream getOutputStream() throws IOException {   OutputStream os = socket.getOutputStream();   cos = new CipherOutputStream(os, outCipher);   return cos;   }

 

  在JCE的javax.crypto包中包含CipherInputStream和 CipherOutputStream这两种流类型。他们接收输入输出的流对象和密码对象。

  Socket 服务器

  开始写我们的socket服务器类吧。 表 E (SecretSocketServer.java)是一个完整的列表。SecretSocketServer在一个端口打开ServerSocket,当接收到连接时,使用SocketHandler产生一个线程来操作连接。

  isting E?SecretSocketServer.java

  /*   * Created by IntelliJ IDEA.   * User: jbirchfield   * Date: Mar 20, 2002   * Time: 9:32:17 AM   */   import java.net.ServerSocket;   import java.net.Socket;   import java.io.IOException;   public class SecretSocketServer {   public static void main(String[] args) {   new SecretSocketServer();   }   public SecretSocketServer() {   ServerSocket ss = null;   try {   ss = new ServerSocket(4444);   }   catch (IOException e) {   e.printStackTrace();   }   while(true) {   try {   System.out.println("Waiting...");   Socket s = ss.accept();   SocketHandler h = new SocketHandler(s);   Thread t = new Thread(h);   t.start();   }   catch (IOException e) {   e.printStackTrace();   }   }   }   }

  Socket 句柄

  表 F (SocketHandler.java) 确定一个socket对象,通过KeyGen来定位关键字,并建立一个 SecretSocket 对象。.

 

  Key key = KeyGen.getSecretKey();   this.ss = new SecretSocket(s, key);   isting F?SocketHandler.java   /*   * Created by IntelliJ IDEA.   * User: jbirchfield   * Date: Mar 20, 2002   * Time: 9:34:22 AM   */   import java.io.IOException;   import java.io.InputStream;   import java.net.Socket;   import java.security.Key;   public class SocketHandler implements Runnable {   private Socket s = null;   private SecretSocket ss = null;   private InputStream in = null;   public SocketHandler(Socket s) {   this.s = s;   Key key = KeyGen.getSecretKey();   this.ss = new SecretSocket(s, key);   try {   in = ss.getInputStream();   }   catch (IOException e) {   e.printStackTrace();   }   }   public void run() {   boolean bool = true;   while (bool) {   bool = listen();   }   try {   s.close();   }   catch (IOException e) {   e.printStackTrace();   }   }   public boolean listen() {   int aByte;   try {   while ((aByte = in.read()) >= 0) {   System.out.println((char)aByte);   }   }   catch (IOException e) {   System.out.println("returning false...");   }   return false;   }   }

 

  注意表F中的 ss对SocketHandler来说是一个实变量。所有的socket 处理都是通过SecretSocket而不是Socket对象。然后我们使用下面的代码:

  in = ss.getInputStream();

  记住,在SecretSocket中,getInputStream是和CipherInputStream以及 InputStream相结合的。因为SocketHandler 是一个可执行的界面,我们为它生成一个 run()方法。这个方法只是在等待socket的数据:

  boolean bool = true;   while (bool) {   bool = listen();   }

  listen方法用来监听socket 。

  int aByte;   while ((aByte = in.read()) >= 0) {   system.out.println((char)aByte);   }

  Socket 客户

  现在我们来看看客户端。见 表 G 。客户端的工作和服务器端很相似,只是反过来了。首先,我们创立一个套接字连接到服务器。使用KeyGen 找到关键字,创立一个安全套接字(SecretSocket)。然后我们利用它的OutputStream给服务器发送数据:

  Key key = KeyGen.getSecretKey();   Socket s = new Socket("localhost", 4444);   SecretSocket ss = new SecretSocket(s, key);   OutputStream os = ss.getOutputStream();   os.write("Hello World!".getBytes());   os.flush();   os.close();   s.close();

  总结

  通过JCE中的java流和链表,我们可以轻松的加密基于socket的网络通信。

0
相关文章