文件上传加密
在很多应用场景中,出于安全考虑,我们不得不实行上传文件时对文件进行加密,
存入服务器的文件就会变成二进制文件,当别人直接冲服务器拿到文件时,也无法查看,这就保证了安全性。
但是我们需要在页面上查看自己上传的文件,这时候就需要再次请求服务器文件的解密接口,
通过解密代码,获得原来的图片,这样对于一些银行等相关业务可有效的保证安全性。
首先导入文件加密解密工具类
public class AES {
/**
* 块大小固定为8字节
*/
private final static String AES_CBC_PKCS5PADDING = "AES/ECB/PKCS5Padding";
/**
* KeyGenerator Init params
*/
private final static int KGEN_256 = 256;
private final static String SHA_256 = "SHA-256";
private final static String S_KEY = "9538172738539384";
private final static String SHA1PRNG = "SHA1PRNG";
// private static AlgorithmParameters params = null;
/**
* 字符串加密
* @param content
* @return
*/
public static String encrypt(String content) {
if (StringUtils.isNotBlank(content)) {
try {
byte[] byteContent = content.getBytes(Constant.ConfigConsts.ENCODE_UTF_8);
byte[] cryptograph = getCipher(Cipher.ENCRYPT_MODE, S_KEY).doFinal(byteContent);
return new Base64().encodeToString(cryptograph);
} catch (Exception e) {
e.printStackTrace();
}
}
return "";
}
/**
* 字符串解密
* @param content
* @return
*/
public static String decrypt(String content) {
if (StringUtils.isNotBlank(content)) {
try {
byte[] byteContent = new Base64().decode(content);
byte[] result = getCipher(Cipher.DECRYPT_MODE, S_KEY).doFinal(byteContent);
return new String(result);
} catch (Exception e) {
e.printStackTrace();
}
}
return "";
}
/**
* 通过Skey得到秘钥算法对象
* @param sKey
* @return
*/
private static SecretKeySpec getSecretKeySpec (String sKey) {
SecretKeySpec key = null;
try {
//"AES":请求的密钥算法的标准名称
KeyGenerator kgen = KeyGenerator.getInstance(Constant.ConfigConsts.SECRET_AES);
//256:密钥生成参数;securerandom:密钥生成器的随机源
SecureRandom securerandom = SecureRandom.getInstance(SHA1PRNG);
securerandom.setSeed(sKey.getBytes());
kgen.init(KGEN_256, securerandom);
//生成秘密(对称)密钥
SecretKey secretKey = kgen.generateKey();
//返回基本编码格式的密钥
byte[] enCodeFormat = secretKey.getEncoded();
//根据给定的字节数组构造一个密钥。enCodeFormat:密钥内容;"AES":与给定的密钥内容相关联的密钥算法的名称
key = new SecretKeySpec(enCodeFormat, Constant.ConfigConsts.SECRET_AES);
//将提供程序添加到下一个可用位置
Security.addProvider(new BouncyCastleProvider());
} catch (Exception e) {
e.printStackTrace();
}
return key;
}
/**
* get Cipher
* @param mode
* @param sKey
* @return
*/
private static Cipher getCipher(int mode, String sKey) {
byte[] IV = new byte[16];
SecureRandom random = new SecureRandom();
random.nextBytes(IV);
Cipher cipher = null;
try {
// params = AlgorithmParameters.getInstance("IV", "LunaProvider");
// params.init(new IvParameterSpec(IV));
cipher = Cipher.getInstance(AES_CBC_PKCS5PADDING);
cipher.init(mode, getSecretKeySpec(sKey));
} catch(Exception e) {
e.printStackTrace();
}
return cipher;
}
/**
* 上传文件加密(传入文件流,输出流对象后直接处理即加密文件流后存储文件)
* @param inputStream
* @param outputStream
* @return
*/
public static boolean encryptFile(InputStream inputStream, OutputStream outputStream) {
try {
CipherInputStream cipherInputStream = new CipherInputStream(
inputStream, getCipher(Cipher.ENCRYPT_MODE, S_KEY));
byte[] cache = new byte[1024];
int nRead = 0;
while ((nRead = cipherInputStream.read(cache)) != -1) {
outputStream.write(cache, 0, nRead);
outputStream.flush();
}
cipherInputStream.close();
} catch (Exception e) {
e.printStackTrace();
}
return true;
}
/**
* **上传文件加密(传入字节,加密后返回字节)**
* @param plainFile
* @return
* @throws Exception
*/
public static byte[] encryptFile(byte[] plainFile) throws Exception {
byte[] cipherText = getCipher(Cipher.ENCRYPT_MODE, S_KEY).doFinal(plainFile);
return cipherText;
}
/**
* 下载文件解密(传入文件流,输出流对象后直接处理即解密文件流后输出文件)
* @param inputStream
* @param outputStream
* @return
*/
public static boolean decryptFile(InputStream inputStream, OutputStream outputStream) {
try {
CipherOutputStream cipherOutputStream = new CipherOutputStream(
outputStream, getCipher(Cipher.DECRYPT_MODE, S_KEY));
byte[] buffer = new byte[1024];
int r;
while ((r = inputStream.read(buffer)) >= 0) {
cipherOutputStream.write(buffer, 0, r);
}
cipherOutputStream.close();
} catch (Exception e) {
e.printStackTrace();
}
return true;
}
/**
* 下载文件解密(传入字节,解密后返回字节)
* @param cipherFile
* @return
* @throws Exception
*/
public static byte[] decryptFile(byte[] cipherFile) throws Exception {
byte[] cipherText = getCipher(Cipher.DECRYPT_MODE, S_KEY).doFinal(cipherFile);
return cipherText;
}
/**
* 获得指定文件的byte数组
*/
private static byte[] getBytes(String filePath){
byte[] buffer = null;
try {
File file = new File(filePath);
FileInputStream fis = new FileInputStream(file);
ByteArrayOutputStream bos = new ByteArrayOutputStream(1000);
byte[] b = new byte[1000];
int n;
while ((n = fis.read(b)) != -1) {
bos.write(b, 0, n);
}
fis.close();
bos.close();
buffer = bos.toByteArray();
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return buffer;
}
/**
* 根据byte数组,生成文件
*/
public static void getFile(byte[] bfile, String filePath,String fileName) {
BufferedOutputStream bos = null;
FileOutputStream fos = null;
File file = null;
try {
File dir = new File(filePath);
if(!dir.exists()&&dir.isDirectory()){ //判断文件目录是否存在
dir.mkdirs();
}
file = new File(filePath+"\\"+fileName);
fos = new FileOutputStream(file);
bos = new BufferedOutputStream(fos);
bos.write(bfile);
} catch (Exception e) {
e.printStackTrace();
} finally {
if (bos != null) {
try {
bos.close();
} catch (IOException e1) {
e1.printStackTrace();
}
}
if (fos != null) {
try {
fos.close();
} catch (IOException e1) {
e1.printStackTrace();
}
}
}
}
}
在这个工具方法中,我们使用 encryptFile(InputStream inputStream, OutputStream outputStream)对文件加密,在这个方法中需要把文件转成流的形式,并以byte【】的形式输出到指定位置。其中用到了类CipherInputStream,CipherInputStream由InputStream和Cipher组成,它允许我们自定义一个key,同时把key的信息揉进文件流中。解密的时候再次输入key,才能完成解密。
文件上传加密代码
@RequestMapping(value = "/upload", method = RequestMethod.POST)
public RtnResult springUpload(HttpServletRequest request) throws IllegalStateException, IOException {
RtnResult result = new RtnResult(RtnResultCode.SUCCESS);
Map<String, String> map = new HashMap<>();
// 将request变成多部分request
MultipartHttpServletRequest multiRequest = (MultipartHttpServletRequest) request;
// 获取multiRequest 中所有的文件名
Iterator iter = multiRequest.getFileNames();
while (iter.hasNext()) {
//一次遍历所有文件
MultipartFile file = multiRequest.getFile(iter.next().toString());
if (file != null) {
// 取得当前上传文件的文件名称
String originalFileName = file.getOriginalFilename().replace(",", ";");
// 文件名前缀
int lastIndexOf = originalFileName.lastIndexOf(".");
String name = originalFileName;
String extension = "";
if (lastIndexOf != -1) {
name = originalFileName.substring(0, originalFileName.lastIndexOf("."));
extension = originalFileName.substring(originalFileName.lastIndexOf(".") + 1);
}
if (!extension.equalsIgnoreCase("png") && !extension.equalsIgnoreCase("jpg")
&& !extension.equalsIgnoreCase("jpeg") && !extension.equalsIgnoreCase("gif")
&& !extension.equalsIgnoreCase("pdf") && !extension.equalsIgnoreCase("xlsx")
&& !extension.equalsIgnoreCase("lsx") && !extension.equalsIgnoreCase("docx")
&& !extension.equalsIgnoreCase("doc")) {
return RtnResult.Fail(RtnResultCode.FILE_TYPE_ERROR);
}
// 时间戳
long timeStr = (new Date()).getTime();
// 4位随机数
int random = new Random().nextInt(10000);
// 文件后缀名
String fileName =timeStr + random + "." + extension;
//上传
String dateStr = DateUtils.getDateTime("yyyyMMdd");
//上传 ,替代掉常量类中的数据
String path = PathConstants.DIRECTORY_UPLOAD_TEMP_SUB
.replace("{yyyyMMdd}", dateStr)
.replace("{fileName}", fileName);
File temp = new File(configProperties.getFileLocation() + PathConstants.DIRECTORY_UPLOAD_TEMP + path);
if (!temp.getParentFile().exists()) {
temp.getParentFile().mkdirs();
}
//上传文件加密
OutputStream enOutputStream = new FileOutputStream(temp);
boolean b = AES.encryptFile(file.getInputStream(), enOutputStream);
if (!b){
return RtnResult.Fail("文件上传失败!");
}
logger.info("文件上传成功!------------------");
// file.transferTo(temp);
map.put("fileName", file.getOriginalFilename());
map.put("filePath", path);
String dowUrl = PathConstants.URL_FILE_TEMP_ORIGIN.replace("{date}", dateStr).replace("{fileName}", fileName);
map.put("downUrl", dowUrl);
}
}
result.setData(map);
return result;
}
下载文件解密
传入文件名,根据配置文件拼装出文件地址,通过new file(path) ,得到真实文件。通过HttpServletResponse.getOutputStream以及相关设置可以向页面输出文件内容,再调用机密方法即可
@RequestMapping(value = "/download/temp", method = RequestMethod.GET)
@ResponseBody
public void downloadTemp(@RequestParam("date") String date,@RequestParam("fileName") String fileName,HttpServletResponse response) throws IOException {
logger.info("FileController.downloadTemp=========>start");
if (StringUtils.isNotBlank(fileName) && StringUtils.isNotBlank(date)) {
String path =
configProperties.getFileLocation()+PathConstants.DIRECTORY_UPLOAD_TEMP +
PathConstants.DIRECTORY_UPLOAD_TEMP_SUB.replace("{yyyyMMdd}", date)
.replace("{fileName}", fileName);
//通过路径得到文件
File file = new File(path);
logger.info("FileController.downloadTemp=========File:{},exits:{}",path,file.exists());
if (file.exists()) {
//浏览器接受图片设置
String contentType = Files.probeContentType(Paths.get(path));
contentType = StringUtils.isBlank(contentType) ? MediaType.ALL_VALUE : contentType;
response.setContentType(contentType);
response.setHeader("Content-Disposition", "attachment; filename=" + URLEncoder.encode(file.getName()));
response.setCharacterEncoding("UTF-8");
OutputStream outputStream = response.getOutputStream();
FileInputStream fis = FileUtils.openInputStream(file);
//文件解密
boolean b = AES.decryptFile(fis, outputStream);
if (b){
logger.info("文件解密成功-----------------------");
}else {
logger.info("文件解密失败!----------------------");
}
//IOUtils.copy(fis, outputStream);
outputStream.flush();
outputStream.close();
IOUtils.closeQuietly(fis);
}
}
}
