AES256加密相关问题

AES加密时抛出：java.security.InvalidKeyException: Illegal key size or default parameter

    使用AES加密时，当密钥大于128时，代码会抛出java.security.InvalidKeyException: Illegal key size or default parameters

    Illegal key size or default parameters是指密钥长度是受限制的，java运行时环境读到的是受限的policy文件。文件位于${java_home}/jre/lib/security 

解决办法：

    替换${java_home}/jre/lib/security/ 下面的local_policy.jar和US_export_policy.jar

下载地址：

    jdk 5: http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-java-plat-419418.html#jce_policy-1.5.0-oth-JPR 

    jdk6: http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html 

另外参考：http://www.cnblogs.com/freeliver54/archive/2011/10/08/2202136.html

下面展示AES加密工具类以作参考：

AESUtil 类：

package com.nenglong.rrt.openapi.service.utils;
import org.apache.commons.lang3.StringUtils;
import com.nenglong.rrt.openapi.bean.system.TimedSystemSetting;
import com.nenglong.rrt.openapi.common.encrypt.EnhaceAES;
import com.nenglong.rrt.openapi.service.system.sps.SystemSettingFactory;

/**
 * 
 * @author cyh
 *
 */
public class AESUtil {
    
    private final static String AESKEY = "user.oabind.aes.key";

    public final static String encrypt(String content){
        TimedSystemSetting systemSetting = SystemSettingFactory.getInstance();
        String keyStr = systemSetting.getSettings().get(AESKEY);
        if (StringUtils.isNotEmpty(keyStr)) return EnhaceAES.encrypt(content, keyStr);
        return null;
    }
}

TimedSystemSetting类：

package com.nenglong.rrt.openapi.bean.system;
import java.io.Serializable;
import java.sql.Timestamp;
import java.util.HashMap;
import java.util.Map;

/**
 * 包含获取时间的系统设置值Bean
 * @author cyh
 */
public class TimedSystemSetting implements Serializable{

    private static final long serialVersionUID = 6509776572707295391L;
    
    private Map<String,String> settings = new HashMap<String,String>();
    private Timestamp createTime;
    
    public TimedSystemSetting(Map<String, String> settings, Timestamp createTime) {
        super();
        this.settings = settings;
        this.createTime = createTime;
    }
    public Timestamp getCreateTime() {
        return createTime;
    }

    public void setCreateTime(Timestamp createTime) {
        this.createTime = createTime;
    }

    public Map<String, String> getSettings() {
        return settings;
    }

    public void setSettings(Map<String, String> settings) {
        this.settings = settings;
    }
}

SystemSettingFactory类：

package com.nenglong.rrt.openapi.service.system.sps;
import java.sql.Timestamp;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import com.nenglong.rrt.openapi.bean.system.TimedSystemSetting;
import com.nenglong.rrt.openapi.common.SpringUtil;
import com.nenglong.rrt.openapi.dao.system.SystemSettingDao;
import com.nenglong.rrt.openapi.po.basic.SystemSetting;

/**
 * 
 * @author cyh
 *
 */
public class SystemSettingFactory {

    private static TimedSystemSetting setting;

    protected SystemSettingFactory(){}
    
    public static synchronized TimedSystemSetting getInstance(){
        if (setting == null) {
            createSettingBean();
            return setting;
        }else{
            if(setting.getCreateTime().getTime() < (System.currentTimeMillis()-60000*30)){//对设置进行30分钟缓存，超过重新加载
                createSettingBean();
                return setting;
            }else{
                return setting;
            }
        }
    }
    
    private static void createSettingBean(){
        List<SystemSetting> settings = ((SystemSettingDao)SpringUtil.getBean("systemSettingDao")).findAll();
        if (settings != null) {
            Map<String,String> settings_map = new HashMap<String,String>();
            for (SystemSetting sendSetting : settings) {
                settings_map.put(sendSetting.getCode(), sendSetting.getValue());
            }
            setting = new TimedSystemSetting(settings_map, new Timestamp(System.currentTimeMillis()));
        }
    }
}

EnhaceAES类：

package com.nenglong.rrt.openapi.common.encrypt;
import java.security.Key;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;

/**
 * 加强版AES
 * @author cyh
 */
public class EnhaceAES {

    private static Key key;
    private static Object lock = new Object();
    
    public final static String encrypt(String content, String keyStr) {
        if (key == null) {//可使用字符串指定KEY
            synchronized (lock) {
                SecretKeySpec secretKeySpec 
                    = new SecretKeySpec(Base64.decodeBase64(keyStr), "AES");
                key = secretKeySpec;
            }
        }
        try {
            Cipher cipher = Cipher.getInstance("AES");// 创建密码器
            byte[] byteContent = content.getBytes("utf-8");
            cipher.init(Cipher.ENCRYPT_MODE, key);// 初始化
            byte[] result = cipher.doFinal(byteContent);
            return Base64.encodeBase64String(result);
        } catch (Exception e) {
            e.printStackTrace();
        } 
        return null;
    }
}