Java Code Examples for cn.hutool.crypto.asymmetric.RSA#decrypt()

The following examples show how to use cn.hutool.crypto.asymmetric.RSA#decrypt() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: UserController.java    From sk-admin with Apache License 2.0 6 votes vote down vote up
@ApiOperation("修改密码")
@PostMapping(value = "/updatePass")
public ResponseEntity<Object> updatePass(@RequestBody UserPassVo passVo) {
    // 密码解密
    RSA rsa = new RSA(privateKey, null);
    String oldPass = new String(rsa.decrypt(passVo.getOldPass(), KeyType.PrivateKey));
    String newPass = new String(rsa.decrypt(passVo.getNewPass(), KeyType.PrivateKey));
    UserDTO user = userService.findByName(SecurityUtils.getCurrentUsername());
    if (!passwordEncoder.matches(oldPass, user.getPassword())) {
        throw new SkException("修改失败,旧密码错误");
    }
    if (passwordEncoder.matches(newPass, user.getPassword())) {
        throw new SkException("新密码不能与旧密码相同");
    }
    userService.updatePass(user.getUsername(), passwordEncoder.encode(newPass));
    return new ResponseEntity<>(HttpStatus.OK);
}
 
Example 2
Source File: UserController.java    From sk-admin with Apache License 2.0 6 votes vote down vote up
@Log("修改邮箱")
@ApiOperation("修改邮箱")
@PostMapping(value = "/updateEmail/{code}")
public ResponseEntity<Object> updateEmail(@PathVariable String code,@RequestBody User user){
    // 密码解密
    RSA rsa = new RSA(privateKey, null);
    String password = new String(rsa.decrypt(user.getPassword(), KeyType.PrivateKey));
    UserDTO userDto = userService.findByName(SecurityUtils.getCurrentUsername());
    if(!passwordEncoder.matches(password, userDto.getPassword())){
        throw new SkException("密码错误");
    }
    VerificationCode verificationCode = new VerificationCode(code, CommonConstant.RESET_MAIL,"email",user.getEmail());
    verificationCodeService.validated(verificationCode);
    userService.updateEmail(userDto.getUsername(),user.getEmail());
    return new ResponseEntity<>(HttpStatus.OK);
}
 
Example 3
Source File: SecurityTools.java    From jeecg-cloud with Apache License 2.0 6 votes vote down vote up
public static SecurityResp valid(SecurityReq req) {
    SecurityResp resp=new SecurityResp();
    String pubKey=req.getPubKey();
    String aesKey=req.getAesKey();
    String data=req.getData();
    String signData=req.getSignData();
    RSA rsa=new RSA(null, Base64Decoder.decode(pubKey));
    Sign sign= new Sign(SignAlgorithm.SHA1withRSA,null,pubKey);



    byte[] decryptAes = rsa.decrypt(aesKey, KeyType.PublicKey);
    //log.info("rsa解密后的秘钥"+ Base64Encoder.encode(decryptAes));
    AES aes = SecureUtil.aes(decryptAes);

    String dencrptValue =aes.decryptStr(data);
    //log.info("解密后报文"+dencrptValue);
    resp.setData(new JSONObject(dencrptValue));

    boolean verify = sign.verify(dencrptValue.getBytes(), Base64Decoder.decode(signData));
    resp.setSuccess(verify);
    return resp;
}
 
Example 4
Source File: SecurityTools.java    From jeecg-boot-with-activiti with MIT License 6 votes vote down vote up
public static SecurityResp valid(SecurityReq req) {
    SecurityResp resp=new SecurityResp();
    String pubKey=req.getPubKey();
    String aesKey=req.getAesKey();
    String data=req.getData();
    String signData=req.getSignData();
    RSA rsa=new RSA(null, Base64Decoder.decode(pubKey));
    Sign sign= new Sign(SignAlgorithm.SHA1withRSA,null,pubKey);



    byte[] decryptAes = rsa.decrypt(aesKey, KeyType.PublicKey);
    //log.info("rsa解密后的秘钥"+ Base64Encoder.encode(decryptAes));
    AES aes = SecureUtil.aes(decryptAes);

    String dencrptValue =aes.decryptStr(data);
    //log.info("解密后报文"+dencrptValue);
    resp.setData(new JSONObject(dencrptValue));

    boolean verify = sign.verify(dencrptValue.getBytes(), Base64Decoder.decode(signData));
    resp.setSuccess(verify);
    return resp;
}
 
Example 5
Source File: SysUserController.java    From yshopmall with Apache License 2.0 6 votes vote down vote up
@ApiOperation("修改密码")
@PostMapping(value = "/updatePass")
public ResponseEntity<Object> updatePass(@RequestBody UserPassVo passVo){

    // 密码解密
    RSA rsa = new RSA(privateKey, null);
    String oldPass = new String(rsa.decrypt(passVo.getOldPass(), KeyType.PrivateKey));
    String newPass = new String(rsa.decrypt(passVo.getNewPass(), KeyType.PrivateKey));
    UserDto user = userService.findByName(SecurityUtils.getUsername());
    if(!passwordEncoder.matches(oldPass, user.getPassword())){
        throw new BadRequestException("修改失败,旧密码错误");
    }
    if(passwordEncoder.matches(newPass, user.getPassword())){
        throw new BadRequestException("新密码不能与旧密码相同");
    }
    userService.updatePass(user.getUsername(),passwordEncoder.encode(newPass));
    return new ResponseEntity<>(HttpStatus.OK);
}
 
Example 6
Source File: SysUserController.java    From yshopmall with Apache License 2.0 6 votes vote down vote up
@Log("修改邮箱")
@ApiOperation("修改邮箱")
@PostMapping(value = "/updateEmail/{code}")
public ResponseEntity<Object> updateEmail(@PathVariable String code,@RequestBody User user){

    // 密码解密
    RSA rsa = new RSA(privateKey, null);
    String password = new String(rsa.decrypt(user.getPassword(), KeyType.PrivateKey));
    UserDto userDto = userService.findByName(SecurityUtils.getUsername());
    if(!passwordEncoder.matches(password, userDto.getPassword())){
        throw new BadRequestException("密码错误");
    }
    VerificationCode verificationCode = new VerificationCode(code, YshopConstant.RESET_MAIL,"email",user.getEmail());
    verificationCodeService.validated(verificationCode);
    userService.updateEmail(userDto.getUsername(),user.getEmail());
    return new ResponseEntity<>(HttpStatus.OK);
}
 
Example 7
Source File: SecurityTools.java    From teaching with Apache License 2.0 6 votes vote down vote up
public static SecurityResp valid(SecurityReq req) {
    SecurityResp resp=new SecurityResp();
    String pubKey=req.getPubKey();
    String aesKey=req.getAesKey();
    String data=req.getData();
    String signData=req.getSignData();
    RSA rsa=new RSA(null, Base64Decoder.decode(pubKey));
    Sign sign= new Sign(SignAlgorithm.SHA1withRSA,null,pubKey);



    byte[] decryptAes = rsa.decrypt(aesKey, KeyType.PublicKey);
    //log.info("rsa解密后的秘钥"+ Base64Encoder.encode(decryptAes));
    AES aes = SecureUtil.aes(decryptAes);

    String dencrptValue =aes.decryptStr(data);
    //log.info("解密后报文"+dencrptValue);
    resp.setData(new JSONObject(dencrptValue));

    boolean verify = sign.verify(dencrptValue.getBytes(), Base64Decoder.decode(signData));
    resp.setSuccess(verify);
    return resp;
}
 
Example 8
Source File: SecurityTools.java    From jeecg-boot with Apache License 2.0 6 votes vote down vote up
public static SecurityResp valid(SecurityReq req) {
    SecurityResp resp=new SecurityResp();
    String pubKey=req.getPubKey();
    String aesKey=req.getAesKey();
    String data=req.getData();
    String signData=req.getSignData();
    RSA rsa=new RSA(null, Base64Decoder.decode(pubKey));
    Sign sign= new Sign(SignAlgorithm.SHA1withRSA,null,pubKey);



    byte[] decryptAes = rsa.decrypt(aesKey, KeyType.PublicKey);
    //log.info("rsa解密后的秘钥"+ Base64Encoder.encode(decryptAes));
    AES aes = SecureUtil.aes(decryptAes);

    String dencrptValue =aes.decryptStr(data);
    //log.info("解密后报文"+dencrptValue);
    resp.setData(new JSONObject(dencrptValue));

    boolean verify = sign.verify(dencrptValue.getBytes(), Base64Decoder.decode(signData));
    resp.setSuccess(verify);
    return resp;
}
 
Example 9
Source File: AccoutResource.java    From albedo with GNU Lesser General Public License v3.0 6 votes vote down vote up
/**
 * 修改密码
 * POST  /account/changePassword : changes the current user's password
 *
 * @param passwordChangeVo the passwordVo
 */
@ApiOperation(value = "修改密码")
@PostMapping(path = "/account/change-password")
public Result changePassword(@Valid @RequestBody PasswordChangeVo passwordChangeVo) {
	// 密码解密
	RSA rsa = new RSA(applicationProperties.getRsa().getPrivateKey(), applicationProperties.getRsa().getPublicKey());
	String oldPass = new String(rsa.decrypt(passwordChangeVo.getOldPassword(), KeyType.PrivateKey));
	String newPass = new String(rsa.decrypt(passwordChangeVo.getNewPassword(), KeyType.PrivateKey));
	String confirmPass = new String(rsa.decrypt(passwordChangeVo.getConfirmPassword(), KeyType.PrivateKey));
	passwordChangeVo.setNewPassword(newPass);
	passwordChangeVo.setConfirmPassword(confirmPass);
	passwordChangeVo.setOldPassword(oldPass);
	userService.changePassword(SecurityUtil.getUser().getUsername(),
		passwordChangeVo);
	return Result.buildOk("密码修改成功,请重新登录");
}
 
Example 10
Source File: AuthController.java    From sk-admin with Apache License 2.0 5 votes vote down vote up
@Log("用户登录")
@ApiOperation("登录授权")
@AnonymousAccess
@PostMapping(value = "/login")
public ResponseEntity<Object> login(@Validated @RequestBody AuthUserDTO authUser, HttpServletRequest request) {
    // 密码解密
    RSA rsa = new RSA(privateKey, null);
    String password = new String(rsa.decrypt(authUser.getPassword(), KeyType.PrivateKey));
    // 查询验证码
    String code = (String) redisUtils.get(authUser.getUuid());
    // 清除验证码
    redisUtils.del(authUser.getUuid());
    if (StringUtils.isBlank(code)) {
        throw new SkException("验证码不存在或已过期");
    }
    if (StringUtils.isBlank(authUser.getCode()) || !authUser.getCode().equalsIgnoreCase(code)) {
        throw new SkException("验证码错误");
    }
    UsernamePasswordAuthenticationToken authenticationToken =
            new UsernamePasswordAuthenticationToken(authUser.getUsername(), password);

    Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken);
    SecurityContextHolder.getContext().setAuthentication(authentication);
    // 生成令牌
    String token = tokenProvider.createToken(authentication);
    final JwtUserDTO jwtUserDto = (JwtUserDTO) authentication.getPrincipal();
    // 保存在线信息
    onlineUserService.save(jwtUserDto, token, request);
    // 返回 token 与 用户信息
    Map<String, Object> authInfo = new HashMap<String, Object>(4) {{
        put("token", properties.getTokenStartWith() + token);
        put("user", jwtUserDto);
    }};
    if (singleLogin) {
        //踢掉之前已经登录的token
        onlineUserService.checkLoginOnUser(authUser.getUsername(), token);
    }
    return ResponseEntity.ok(authInfo);
}
 
Example 11
Source File: AuthController.java    From yshopmall with Apache License 2.0 5 votes vote down vote up
@Log("用户登录")
@ApiOperation("登录授权")
@AnonymousAccess
@PostMapping(value = "/login")
public ResponseEntity<Object> login(@Validated @RequestBody AuthUser authUser, HttpServletRequest request){
    // 密码解密
    RSA rsa = new RSA(privateKey, null);
    String password = new String(rsa.decrypt(authUser.getPassword(), KeyType.PrivateKey));
    // 查询验证码
    String code = (String) redisUtils.get(authUser.getUuid());
    // 清除验证码
    redisUtils.del(authUser.getUuid());
    if (StringUtils.isBlank(code)) {
        throw new BadRequestException("验证码不存在或已过期");
    }
    if (StringUtils.isBlank(authUser.getCode()) || !authUser.getCode().equalsIgnoreCase(code)) {
        throw new BadRequestException("验证码错误");
    }
    UsernamePasswordAuthenticationToken authenticationToken =
            new UsernamePasswordAuthenticationToken(authUser.getUsername(), password);

    Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken);
    SecurityContextHolder.getContext().setAuthentication(authentication);
    // 生成令牌
    String token = tokenProvider.createToken(authentication);
    final JwtUser jwtUser = (JwtUser) authentication.getPrincipal();
    // 保存在线信息
    onlineUserService.save(jwtUser, token, request);
    // 返回 token 与 用户信息
    Map<String,Object> authInfo = new HashMap<String,Object>(2){{
        put("token", properties.getTokenStartWith() + token);
        put("user", jwtUser);
    }};
    if(singleLogin){
        //踢掉之前已经登录的token
        onlineUserService.checkLoginOnUser(authUser.getUsername(),token);
    }
    return ResponseEntity.ok(authInfo);
}
 
Example 12
Source File: AccoutResource.java    From albedo with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Log("修改邮箱")
@ApiOperation("修改邮箱")
@PostMapping(value = "/account/change-email/{code}")
public ResponseEntity<Object> updateEmail(@PathVariable String code, @RequestBody UserEmailDto userEmailDto) {
	// 密码解密
	RSA rsa = new RSA(applicationProperties.getRsa().getPrivateKey(), applicationProperties.getRsa().getPublicKey());
	String password = new String(rsa.decrypt(userEmailDto.getPassword(), KeyType.PrivateKey));
	userEmailDto.setPassword(password);
	emailService.validated(CommonConstants.EMAIL_RESET_EMAIL_CODE + userEmailDto.getEmail(), code);
	userService.updateEmail(SecurityUtil.getUser().getUsername(), userEmailDto);
	return new ResponseEntity<>(HttpStatus.OK);
}