Home Explore Help
Sign In
githab
/
jfinal
2
0
Fork 0
Files
Browse Source

jfinal 2.3 ^_^

James 9 years ago
parent
15064f54a9
commit
da87d5d966
2 changed files with 39 additions and 8 deletions
Split View Show Diff Stats
  1. 29 6
      src/com/jfinal/kit/HashKit.java
  2. 10 2
      src/com/jfinal/render/CaptchaRender.java

+ 29 - 6
src/com/jfinal/kit/HashKit.java
View File 

@@ -22,6 +22,7 @@ public class HashKit {
 
 	

 	private static final java.security.SecureRandom random = new java.security.SecureRandom();

 	private static final char[] HEX_DIGITS = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};

+	private static final char[] CHAR_ARRAY = "_-0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ".toCharArray();

 	

 	public static String md5(String srcStr){

 		return hash("MD5", srcStr);

@@ -67,14 +68,36 @@ public class HashKit {
 
 	 * md5 128bit 16bytes

 	 * sha1 160bit 20bytes

 	 * sha256 256bit 32bytes

-	 * sha384 384bit 48bites

-	 * sha512 512bit 64bites

+	 * sha384 384bit 48bytes

+	 * sha512 512bit 64bytes

 	 */

-	public static String generateSalt(int numberOfBytes) {

-		byte[] salt = new byte[numberOfBytes];

-		random.nextBytes(salt);

-		return toHex(salt);

+	public static String generateSalt(int saltLength) {

+		StringBuilder salt = new StringBuilder();

+		for (int i=0; i<saltLength; i++) {

+			salt.append(CHAR_ARRAY[random.nextInt(CHAR_ARRAY.length)]);

+		}

+		return salt.toString();

+	}

+	

+	public static String generateSaltForSha256() {

+		return generateSalt(32);

+	}

+	

+	public static String generateSaltForSha512() {

+		return generateSalt(64);

 	}

+	

+	public static boolean slowEquals(byte[] a, byte[] b) {

+		if (a == null || b == null) {

+			return false;

+		}

+		

+		int diff = a.length ^ b.length;

+		for(int i=0; i<a.length && i<b.length; i++) {

+			diff |= a[i] ^ b[i];

+		}

+		return diff == 0;

+    }

 }

+ 10 - 2
src/com/jfinal/render/CaptchaRender.java
View File 

@@ -40,6 +40,14 @@ import com.jfinal.render.Render;
 
 public class CaptchaRender extends Render {

 

 	private static String captchaName = "_jfinal_captcha";

+	private static String salt = HashKit.generateSaltForSha256();

+	

+	public static void setSalt(String salt) {

+		if (StrKit.isBlank(salt)) {

+			throw new IllegalArgumentException("salt can not be blank.");

+		}

+		CaptchaRender.salt = salt;

+	}

 

 	// 默认的验证码大小

 	private static final int WIDTH = 108, HEIGHT = 40;

@@ -72,7 +80,7 @@ public class CaptchaRender extends Render {
 
 		BufferedImage image = new BufferedImage(WIDTH, HEIGHT, BufferedImage.TYPE_INT_RGB);

 		String vCode = drawGraphic(image);

 		vCode = vCode.toUpperCase();	// 转成大写重要

-		vCode = HashKit.md5(vCode);

+		vCode = HashKit.md5(salt + vCode);

 		Cookie cookie = new Cookie(captchaName, vCode);

 		cookie.setMaxAge(-1);

 		cookie.setPath("/");

@@ -196,7 +204,7 @@ public class CaptchaRender extends Render {
 
 		}

 		

 		userInputCaptcha = userInputCaptcha.toUpperCase();	// 转成大写重要

-		userInputCaptcha = HashKit.md5(userInputCaptcha);

+		userInputCaptcha = HashKit.md5(salt + userInputCaptcha);

 		boolean result = userInputCaptcha.equals(controller.getCookie(captchaName));

 		if (result == true) {

 			controller.removeCookie(captchaName);