開發中我們經常會和伺服器打交道:最終的目的就是和資料打交道,但是這往往出現一個問題就是
資料的安全性問題,比如說我們把資料發送給伺服器,伺服器傳回資料給我們,
這其中牽涉到很重要的安全性問題:分3步來解決這個問題
1:首先我們建立一個類用來加密和解密如下所示:
*
* Created by acer-pc on 2018/6/22.
*/
public class EncryptUtil {
private static final String ALGORITHM = "AES/ECB/PKCS5Padding";
// 加密秘鑰
private static final String AES_KEY = "XXX(我們自己設定)";
private static SecretKeySpec secretKeySpec;
/**
* 前台傳輸資料解密
*
* @param rawJson 原始JSON
* @return 解密後的Map
*/
public static <T extends BaseResult> T decrypt(String rawJson, Class<T> tClass) {
T result=null;
try {
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, getAesKey());
byte[] paramBytes = cipher.doFinal(Base64.decode(rawJson.getBytes("UTF-8"), Base64.NO_WRAP));
String paramJson = new String(paramBytes);
result = GsonUtil.fromJson(paramJson, tClass);
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return result;
}
/**
* 資料傳輸過程中需要加密設定
* @param rawMap
* @return
*/
public static String encrypt(Map<String, String> rawMap) {
String result = "";
try {
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, getAesKey());
String rawJson = GsonUtil.toJson(rawMap);
byte[] paramBytes = cipher.doFinal(rawJson.getBytes("UTF-8"));
result = Base64.encodeToString(paramBytes, Base64.NO_WRAP);
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return result;
}
private static SecretKeySpec getAesKey() {
if (secretKeySpec != null) {
return secretKeySpec;
}
try {
secretKeySpec = new SecretKeySpec(AES_KEY.getBytes("UTF-8"), "AES");
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return secretKeySpec;
}
}
2:其中的BaseResult如下(要解析的資料的根類,放資料的類要繼承這個類):
public class BaseResult {
private int result;
private String message;
public int getResult() {
return result;
}
public void setResult(int result) {
this.result = result;
}
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
}
3:當我們在主類中(或者Fragment中)使用的時候如下:
//加載資料
public void initData() {
//這裡利用線程池使得線程線上程池中運作防止程式卡死
APIConfig.getDataIntoView(new Runnable() {
@Override
public void run() {
Map<String, String> map = new HashMap<>();
map.put("token", RuntimeConfig.user.getToken());
String paramJson = EncryptUtil.encrypt(map);
String url = "http://這裡是我們的目标網址";
String rs = HttpUtil.GetDataFromNetByPost(url,
new ParamsBuilder().addParam("paramJson", paramJson).getParams());
// rs判空
final DiaryDetailResult result = EncryptUtil.decrypt(rs, DiaryDetailResult.class);
UIUtils.runOnUIThread(new Runnable() {
@Override
public void run() {
//這裡禁用
if (result != null && result.getResult() == APIConfig.CODE_SUCCESS) {
Diary diaryData = result.getData().getContent();
//接下來對解析出的資料進行自己的操作
。。。。。。。。。。。。
} else {
// Toast彈出加載失敗;
}
}
});
}
});
}
3:大功告成!