AES加密，前后端互解

應(yīng)用場景： 有兩個應(yīng)用系統(tǒng)a,b。其中a系統(tǒng)中某一部分導(dǎo)航功能需要跳轉(zhuǎn)至b系統(tǒng)（簡單的說就是a系統(tǒng)現(xiàn)在要把b系統(tǒng)中的所有功能包含進來，為了前期快速上線，采用js重定向跳轉(zhuǎn)實現(xiàn)），這里就涉及到a系統(tǒng)登錄后的權(quán)限要同步到b系統(tǒng)，實現(xiàn)單點登錄。其中對于內(nèi)網(wǎng)用戶，采用了idm的單點登錄。但是針對外部用戶就采用了aes加密的方式驗證。 實現(xiàn)思路： 在登錄a系統(tǒng)的情況下，外部用戶點擊跳轉(zhuǎn)至b系統(tǒng)的時候免登錄，同步權(quán)限。這里是在跳轉(zhuǎn)時，前后端協(xié)商采用aes的加解密對該用戶進行校驗。

實現(xiàn)的核心代碼：

<code class="language-html"><!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <title>Title</title>  
  
</head>  
  
<!-- <script src="https://sellpow-html.oss-cn-beijing.aliyuncs.com/public/js/aes.js" rel="external nofollow" ></script>  --> 
<script type="text/javascript" src="http://react.file.alimmdn.com/aes.js" rel="external nofollow" ></script>
<body>
<script>
    var key = CryptoJS.enc.Utf8.parse("cyh@201812345678");//密鑰為16字節(jié)
  
    var plaintText = 'cyh@123456789'; // 明文  
  
    var encryptedData = CryptoJS.AES.encrypt(plaintText, key, {  
        mode: CryptoJS.mode.ECB,  
        padding: CryptoJS.pad.Pkcs7  
    });  
  
    console.log("加密前："+plaintText);  
    console.log("加密后："+encryptedData.ciphertext.toString());   
  
    encryptedData = encryptedData.ciphertext.toString();  
  
    console.log("base64加密后:"+encryptedData);
    var encryptedHexStr = CryptoJS.enc.Hex.parse('5a6dcc986133465954e1072471f8d2e2');  
    var encryptedBase64Str = CryptoJS.enc.Base64.stringify(encryptedHexStr);  
  
    var decryptedData = CryptoJS.AES.decrypt(encryptedBase64Str, key, {  
        mode: CryptoJS.mode.ECB,  
        padding: CryptoJS.pad.Pkcs7  
    });  
  
    var decryptedStr = decryptedData.toString(CryptoJS.enc.Utf8);  
  
    console.log("解密后:"+decryptedStr);    
      
     var pwd = "PCsUFtgog9/qpqmqXsuCRQ==";  
    //加密服務(wù)端返回的數(shù)據(jù)  
    var decryptedData = CryptoJS.AES.decrypt(pwd, key, {  
        mode: CryptoJS.mode.ECB,  
        padding: CryptoJS.pad.Pkcs7  
    });  
      
    console.log("解密服務(wù)端返回的數(shù)據(jù):"+decryptedStr);  
  
</script>  
</body>  
</html></code>

后端解密核心代碼：

public class AccessHtmlFilter implements Filter {
    private static final Logger logger = Logger.getLogger(AccessHtmlFilter.class);
    private static String  VENTOLKENID = "cyh@*srm#";
    //密鑰
    private static final String  TOKEN_KEY = "cyh@201812345678";
    //算法
    private static final String ALGORITHMSTR = "AES/ECB/PKCS5Padding";
....
    public boolean judgeToken(String ventolkenid, String userId){
        Boolean b = false;
        String tokenid = VENTOLKENID.replace("*", userId);
        byte[] bt = parseHexStr2Byte(ventolkenid);
        Object encoded = Base64.encodeBase64String(bt);
        String decrypt = "";
        try {
            decrypt = aesDecrypt(encoded.toString(), TOKEN_KEY);
        } catch (Exception e) {
            return b;
        }
        System.out.println("解密后：" + decrypt);
        if(tokenid.equals(decrypt.substring(0, decrypt.indexOf("#")+1))){
            b = true;
        }
        return b;
    }
    
    
     /** 
     * AES解密 
     * @param encryptBytes 待解密的byte[] 
     * @param decryptKey 解密密鑰 
     * @return 解密后的String 
     * @throws Exception 
     */  
    public static String aesDecryptByBytes(byte[] encryptBytes, String decryptKey) throws Exception {  
        KeyGenerator kgen = KeyGenerator.getInstance("AES");  
        kgen.init(128);  
        Cipher cipher = Cipher.getInstance(ALGORITHMSTR);  
        cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(decryptKey.getBytes(), "AES"));  
        byte[] decryptBytes = cipher.doFinal(encryptBytes);  
        return new String(decryptBytes);  
    }  
  
    /** 
     * 將base 64 code AES解密 
     * @param encryptStr 待解密的base 64 code 
     * @param decryptKey 解密密鑰 
     * @return 解密后的string 
     * @throws Exception 
     */  
    public static String aesDecrypt(String encryptStr, String decryptKey) throws Exception {  
        return StringUtils.isEmpty(encryptStr) ? null : aesDecryptByBytes(base64Decode(encryptStr), decryptKey);  
    }  
    /** 
     * base 64 decode 
     * @param base64Code 待解碼的base 64 code 
     * @return 解碼后的byte[] 
     * @throws Exception 
     */  
    public static byte[] base64Decode(String base64Code) throws Exception{  
        return StringUtils.isEmpty(base64Code) ? null : new BASE64Decoder().decodeBuffer(base64Code);  
    }  
  
    /**將二進制轉(zhuǎn)換成16進制
     * @param buf
     * @return
     */
    public String parseByte2HexStr(byte buf[]) {
            StringBuffer sb = new StringBuffer();
            for (int i = 0; i < buf.length; i++) {
                    String hex = Integer.toHexString(buf[i] & 0xFF);
                    if (hex.length() == 1) {
                            hex = '0' + hex;
                    }
                    sb.append(hex.toUpperCase());
            }
            return sb.toString();
    }
    
    
    /**將16進制轉(zhuǎn)換為二進制
     * @param hexStr
     * @return
     */
    private byte[] parseHexStr2Byte(String hexStr) {
            if (hexStr.length() < 1)
                    return null;
            byte[] result = new byte[hexStr.length()/2];
            for (int i = 0;i< hexStr.length()/2; i++) {
                    int high = Integer.parseInt(hexStr.substring(i*2, i*2+1), 16);
                    int low = Integer.parseInt(hexStr.substring(i*2+1, i*2+2), 16);
                    result[i] = (byte) (high * 16 + low);
            }
            return result;
    }