开发中常用的工具类：加密类、非法字符过滤类 _JAVA

您所在的位置：程序员俱乐部 > 编程开发 > JAVA > 开发中常用的工具类：加密类、非法字符过滤类

开发中常用的工具类：加密类、非法字符过滤类

2012/3/1 9:34:57 hack_zhang 程序员俱乐部我要评论(0)

摘要：下面的类用于字符。有4个方法。1、将字符转化为GBK编码2、将字符转化为GB2312编码3、md5加密字符串4、md5加密文件[java:showcolumns]viewplaincopy·········10········20········30········40········50········60········70········80········90········100·······110·······120·······130·······140······
标签：常用工具开发

?下面的类用于字符。有4个方法。

1、将字符转化为GBK编码

2、将字符转化为GB2312编码

3、md5加密字符串

4、md5加密文件

[java:showcolumns] view plain copy ·········10········20········30········40········50········60········70········80········90········100·······110·······120·······130·······140·······150

import ?java.io.File;??
import ?java.io.FileInputStream;??
import ?java.io.IOException;??
import ?java.nio.MappedByteBuffer;??
import ?java.nio.channels.FileChannel.MapMode;??
import ?java.security.MessageDigest;??
import ?java.security.NoSuchAlgorithmException;??
??
??
public ? final ? class ?CodingTool??
{??
????/** ?
?????*? ?
?????*?{将字符转化为GBK编码} ?
?????*? ?
?????*?@param?str ?
?????*?@return ?
?????*?@see:?{参照的方法} ?
?????*?@author:{pilove310} ?
?????*/ ??
????public ? static ?String?convertToGBK(String?str)??
????{??
??
????????try ??
????????{??
??
????????????byte []?bytes?=?str.getBytes( "ISO-8859-1" );??
??
????????????return ? new ?String(bytes,? "GBK" );??
??
????????}??
??
????????catch ?(Exception?e)??
????????{??
??
????????????return ?str;??
??
????????}??
??
????}??
??
????/** ?
?????*? ?
?????*?{将字符转化为GB2312编码} ?
?????*? ?
?????*?@param?str ?
?????*?@return ?
?????*?@see:?{参照的方法} ?
?????*?@author:{pilove310} ?
?????*/ ??
????public ? static ?String?convertToGB2312(String?str)??
????{??
??
????????try ??
????????{??
??
????????????byte []?bytes?=?str.getBytes( "ISO-8859-1" );??
??
????????????return ? new ?String(bytes,? "gb2312" );??
??
????????}??
??
????????catch ?(Exception?e)??
????????{??
??
????????????return ?str;??
??
????????}??
??
????}??
??
????/** ?
?????*? ?
?????*?{md5加密字符串} ?
?????*? ?
?????*?@param?input ?
?????*?@return ?
?????*?@see:?{参照的方法} ?
?????*?@author:{pilove310} ?
?????*/ ??
????public ? static ? final ?String?toMD5(String?input)??
????{??
????????byte []?inputByte?=?input.getBytes();??
????????StringBuffer?buf?=?new ?StringBuffer();??
????????MessageDigest?md;//MessageDigest包含md5、SHA等算法 ??
????????try ??
????????{??
????????????//返回实现指定md5算法的?MessageDigest?对象。 ??
????????????md?=?MessageDigest.getInstance("md5" );??
??????????????
????????????md.update(inputByte);??
??????????????
????????????byte []?digest?=?md.digest(); //通过执行诸如填充之类的最终操作完成哈希计算。 ??
??
????????????for ?( int ?i?=? 0 ;?i?<?digest.length;?i++)??
????????????{??
????????????????int ?val?=?(( int )?digest[i])?&? 0xff ;??
????????????????if ?(val?<? 16 )??
????????????????{??
????????????????????buf.append("0" );??
????????????????}??
????????????????buf.append(Integer.toHexString(val));??
????????????}??
????????}??
????????catch ?(NoSuchAlgorithmException?e)??
????????{??
??
????????????e.printStackTrace();??
????????}??
??
????????return ?buf.toString();??
????}??
??????
????/** ?
?????*? ?
?????*?{md5加密文件的} ?
?????*? ?
?????*?@param?file ?
?????*?@return ?
?????*?@throws?NoSuchAlgorithmException ?
?????*?@throws?IOException ?
?????*?@see:?{参照的方法} ?
?????*?@author:{pilove310} ?
?????*/ ??
????public ? final ? static ?String?md5(File?file)? throws ?NoSuchAlgorithmException,???
????IOException{??
???????MessageDigest?md=MessageDigest.getInstance("md5" );??
???????FileInputStream?fin=new ?FileInputStream(file);??
???????MappedByteBuffer?mappedByte?=?fin.getChannel().map(MapMode.READ_ONLY,???
????0 ,?file.length());??
???????md.update(mappedByte);??
???????StringBuffer?buf=new ?StringBuffer();??
???????byte []?digest?=?md.digest();??
???????for ( int ?i= 0 ;i<digest.length;i++){??
????????int ?val=(( int )digest[i])?&? 0xff ;??
????????if (val?<? 16 ){??
?????????buf.append("0" );??
????????}??
????????buf.append(Integer.toHexString(val));??
???????}??
???????fin.close();??
???????return ?buf.toString();??
????}??
??
}??

下面方法用于过滤sql注入和Xss攻击（方法过滤考虑的攻击方式有限，待完善）

[java] view plain copy

/** ?
?*? ?
?*?application?name:{系统安全工具类} ?
?*?application?describing:{处理字符串，把sql注入、xss跨站等字段去除} ?
?*?Copyright：Copyright?? ?
?*?company:neusoft ?
?*?time:{时间，如2007.11.16} ?
?*?@author?{pilove310} ?
?*?@version?{v1.0} ?
?*/ ??
public ? final ? class ?SecTool??
{??
/** ?
?*? ?
?*?{去除字符串中的sql注入字段} ?
?*? ?
?*?@param?str?传入一个String ?
?*?@return??返回一个不包含sql注入字段的String ?
?*?@see:?{参?的方法} ?
?*?@author:{pilove310} ?
?*/ ??
????public ? static ?String?filterSQLInjection(String?str)??
????{??
????????String?flt?="'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char |declare|;|or|-??
??
|+|,|drop";??
????????String?filter[]?=?flt.split("|" );??
????????for ( int ?i= 0 ;i<filter.length?;?i++)??
????????{??
??????????str.replace(filter[i],?"" );??
????????}??
????????return ?str;??
????}??
????/** ?
?????*? ?
?????*?{去除字符串中的xss跨站字段} ?
?????*? ?
?????*?@param?str?传入一个String ?
?????*?@return?返回一个不包含XSS跨站字段的String ?
?????*?@see:?{参照的方法} ?
?????*?@author:{pilove310} ?
?????*/ ??
????public ? static ?String?filterXSS(String?str)??
????{??
????????String?flt="<|>|script|&|%23|/n|/0|<scirpt|<scirpt>" ;??
????????String?filter[]?=?flt.split("|" );??
?????????
??????????
???????//-------说明：两次循环处理是防止使用拼接进行，实现跨站代码传入------- ??
??????????
????????for ( int ?i= 0 ;i<filter.length?;?i++)??
????????{??
??????????str.replace(filter[i],?"" );??
??????????System.out.println(filter[i]+"..." );??
???????????
????????}??
//????????for(int?i=0;i<filter.length?;?i++) ??
//????????{ ??
//??????????str.replace(filter[i],?""); ??
//????????} ??
????????return ?str;??
????}??
}?