web项目加解密

环境:tomcat6.X+struts2.X+MyIbatis+Spring3.x

加密:使用AES加密,将文件的字节码读取,对字节码进行加密后替换源文件

/**
	 * 
	 * 字节加密
	 */
	public static byte[] encrypt(byte[] data, String key) throws Exception {
		Key k = toKey(Base64.decode(key));
		byte[] raw = k.getEncoded();
		SecretKeySpec secretKeySpec = new SecretKeySpec(raw, ALGORITHM);
		Cipher cipher = Cipher.getInstance(ALGORITHM);
		cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);
		return cipher.doFinal(data);
	}

 解密:

1、在tomcat的WebappClassLoader中修改源码(自动义类加载器);

2、修改spring源码Code包源码。

加密方法

public static byte[] decrypt(byte[] data, String key) throws Exception {
		Key k = toKey(Base64.decode(key));
		byte[] raw = k.getEncoded();
		SecretKeySpec secretKeySpec = new SecretKeySpec(raw, ALGORITHM);
		Cipher cipher = Cipher.getInstance(ALGORITHM);
		cipher.init(Cipher.DECRYPT_MODE, secretKeySpec);
		return cipher.doFinal(data);
	}

在 WebappClassLoader中解密

/**
			 * 判断如需是需要解密的类进行数据处理
			 * */
            //--------------------------------------start----------------------------------//
            byte []data=null;
            try {
				if(isDecode(name)){
					System.out.println("2818:--&&&-"+name);
					data=AESUtils.decrypt(entry.binaryContent, key);
				}else{
					data=entry.binaryContent;
				}
			} catch (Exception e) {
				e.printStackTrace();
			}
            try {
            	  clazz = defineClass(name, data, 0,
            			  data.length, 
                          new CodeSource(entry.codeBase, entry.certificates));
            	  //--------------------------------------end----------------------------------//

 在spring的code包的SimpleMetadataReader修改器构造函数

// TODO 修改源码判断是否需要解密
	SimpleMetadataReader(Resource resource, ClassLoader classLoader)
			throws IOException {
		InputStream is = resource.getInputStream();
		ClassReader classReader = null;
		try {
			String name = "";
			if (resource.getURI().toString().indexOf("jar:file") == -1) {
				name = resource.getFile().getAbsolutePath();
				if (!"".equals(name) && isDecode(name, cams)) {
					byte[] data = inputStreamToByte(is);
					try {
						is = new ByteArrayInputStream(AESUtils.decrypt(data,
								key));
//						 is = new ByteArrayInputStream(data);
					} catch (Exception e) {
						e.printStackTrace();
					}
				}
			}
			classReader = new ClassReader(is);
		} finally {
			is.close();
		}

 在LocalVariableTableParameterNameDiscoverer同样需要进行解密。

注:(此加密有弊端)

1、加密解密算法需保持一致。

2、加密加密密钥需是同一密钥。     

 

你可能感兴趣的:(spring,tomcat,Web,算法,struts)