开发中我们经常会和服务器打交道:最终的目的就是和数据打交道,但是这往往出现一个问题就是
数据的安全性问题,比如说我们把数据发送给服务器,服务器返回数据给我们,
这其中牵涉到很重要的安全性问题:分3步来解决这个问题
1:首先我们新建一个类用来加密和解密如下所示:
*
* Created by acer-pc on 2018/6/22.
*/
public class EncryptUtil {
private static final String ALGORITHM = "AES/ECB/PKCS5Padding";
// 加密秘钥
private static final String AES_KEY = "XXX(我们自己设置)";
private static SecretKeySpec secretKeySpec;
/**
* 前台传输数据解密
*
* @param rawJson 原始JSON
* @return 解密后的Map
*/
public static <T extends BaseResult> T decrypt(String rawJson, Class<T> tClass) {
T result=null;
try {
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, getAesKey());
byte[] paramBytes = cipher.doFinal(Base64.decode(rawJson.getBytes("UTF-8"), Base64.NO_WRAP));
String paramJson = new String(paramBytes);
result = GsonUtil.fromJson(paramJson, tClass);
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return result;
}
/**
* 数据传输过程中需要加密设置
* @param rawMap
* @return
*/
public static String encrypt(Map<String, String> rawMap) {
String result = "";
try {
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, getAesKey());
String rawJson = GsonUtil.toJson(rawMap);
byte[] paramBytes = cipher.doFinal(rawJson.getBytes("UTF-8"));
result = Base64.encodeToString(paramBytes, Base64.NO_WRAP);
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return result;
}
private static SecretKeySpec getAesKey() {
if (secretKeySpec != null) {
return secretKeySpec;
}
try {
secretKeySpec = new SecretKeySpec(AES_KEY.getBytes("UTF-8"), "AES");
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return secretKeySpec;
}
}
2:其中的BaseResult如下(要解析的数据的根类,放数据的类要继承这个类):
public class BaseResult {
private int result;
private String message;
public int getResult() {
return result;
}
public void setResult(int result) {
this.result = result;
}
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
}
3:当我们在主类中(或者Fragment中)使用的时候如下:
//加载数据
public void initData() {
//这里利用线程池使得线程在线程池中运行防止程序卡死
APIConfig.getDataIntoView(new Runnable() {
@Override
public void run() {
Map<String, String> map = new HashMap<>();
map.put("token", RuntimeConfig.user.getToken());
String paramJson = EncryptUtil.encrypt(map);
String url = "http://这里是我们的目标网址";
String rs = HttpUtil.GetDataFromNetByPost(url,
new ParamsBuilder().addParam("paramJson", paramJson).getParams());
// rs判空
final DiaryDetailResult result = EncryptUtil.decrypt(rs, DiaryDetailResult.class);
UIUtils.runOnUIThread(new Runnable() {
@Override
public void run() {
//这里禁用
if (result != null && result.getResult() == APIConfig.CODE_SUCCESS) {
Diary diaryData = result.getData().getContent();
//接下来对解析出的数据进行自己的操作
。。。。。。。。。。。。
} else {
// Toast弹出加载失败;
}
}
});
}
});
}
3:大功告成!