-1
我使用所示ESAPI Base64編碼加密和解密的是: http://www.programcreek.com/java-api-examples/index.php?api=org.owasp.esapi.codecs.Base64ESAPI加密和解密
這是我的代碼的外觀:
import org.owasp.esapi.crypto.CipherText;
import org.owasp.esapi.crypto.PlainText;
import org.owasp.esapi.errors.EncryptionException;
import org.owasp.esapi.reference.crypto.JavaEncryptor;
import javax.crypto.EncryptedPrivateKeyInfo
import org.owasp.esapi.ESAPI
import org.owasp.esapi.ValidationErrorList
import org.owasp.esapi.Validator
import org.apache.commons.codec.binary.Base64;
class SampleMain {
public String decrypt2(String cryptedText){
String clearText=null;
try {
CipherText cipherText=CipherText.fromPortableSerializedBytes(Base64.decodeBase64(cryptedText));
clearText=ESAPI.encryptor().decrypt(cipherText).toString();
}
catch ( EncryptionException e) {
System.out.println("EsapiEncryptor.decrypt: " + e.getMessage(),e);
}
return clearText.toString();
}
public String encrypt2(String clearText){
String cryptedText=null;
try {
CipherText cipherText=ESAPI.encryptor().encrypt(new PlainText(clearText));
cryptedText=Base64.encodeBase64(cipherText.asPortableSerializedByteArray());
}
catch ( EncryptionException e) {
System.out.println("EsapiEncryptor.encrypt: " + e.getMessage(),e);
}
return cryptedText;
}
public static void main(String[] args) throws EncryptionException{
String myplaintext = "MyPlaintext";
SampleMain sample = new SampleMain();
String enString = sample.encrypt2(myplaintext);
System.out.println("-----------enString-----------: " + enString);
String deString = sample.decrypt2(enString);
System.out.println("-----------deString-----------: " + deString);
}
}
但是當我嘗試運行這個簡單的程序我得到以下例外:
Apr 01, 2017 12:43:30 PM org.owasp.esapi.reference.JavaLogFactory$JavaLogger log
WARNING: [SECURITY FAILURE Anonymous:[email protected] -> /DefaultName/IntrusionDetector] Likely tampering with KDF version on serialized ciphertext.KDF version read from serialized ciphertext (123190483) is out of range. Valid range for KDF version is [20110203, 99991231].
org.owasp.esapi.errors.EncryptionException: Version info from serialized ciphertext not in valid range.
at org.owasp.esapi.crypto.CipherTextSerializer.convertToCipherText(CipherTextSerializer.java:299)
at org.owasp.esapi.crypto.CipherTextSerializer.<init>(CipherTextSerializer.java:80)
at org.owasp.esapi.crypto.CipherText.fromPortableSerializedBytes(CipherText.java:176)
at org.owasp.esapi.crypto.CipherText$fromPortableSerializedBytes$0.call(Unknown Source)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
at gov.gsa.dss.test.SampleMain.decrypt2(SampleMain.groovy:30)
at gov.gsa.dss.test.SampleMain$decrypt2$0.call(Unknown Source)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
at gov.gsa.dss.test.SampleMain.main(SampleMain.groovy:59)
任何想法,爲什麼我會得到這個錯誤或這樣一個簡單的程序。謝謝。
爲什麼不顯示程序的輸出?你只顯示異常。 –
這是輸出的樣子:---------- enString -----------:[B @ 1e800aaa Apr 01,2017 12:43:30 PM org.owasp。 esapi.reference.JavaLogFactory $ JavaLogger log 警告:[安全失敗匿名:null @ unknown - >/DefaultName/CryptoHelper]可能的數據篡改。遇到無效的KDF版本#。 2017年4月1日下午12時43分30秒Org.owasp.esapi.reference.JavaLogFactory $ JavaLogger日誌.... – TechDiva
你的代碼甚至沒有編譯,但你已經提供了堆棧跟蹤成功編譯的運行時異常碼。爲什麼不顯示實際導致問題的代碼,而不是一些無關的代碼? –