Java 如何在android studio中伪装或加密gmail发件人的硬编码密码
正在为我的“忘记密码”活动寻找一些安全解决方案。我正在使用的当前代码要求我将密码硬编码到源代码中,以便任何反编译的人都可以访问 公共类ForgotPassavity扩展了AppPassavity活动{Java 如何在android studio中伪装或加密gmail发件人的硬编码密码,java,android,security,encryption,Java,Android,Security,Encryption,正在为我的“忘记密码”活动寻找一些安全解决方案。我正在使用的当前代码要求我将密码硬编码到源代码中,以便任何反编译的人都可以访问 公共类ForgotPassavity扩展了AppPassavity活动{ private Button sendRequest; @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentVie
private Button sendRequest;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_forgot_pass);
sendRequest = (Button) findViewById(R.id.btn_send);
sendRequest.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
new Thread(new Runnable() {
public void run() {
try {
GMailSender sender = new GMailSender(
"sender@gmail.com",
"myPassword");
sender.sendMail("Test mail", "This mail has been sent from android app",
"sender@gmail.com",
"recipient@gmail.com");
} catch (Exception e) {
Toast.makeText(getApplicationContext(),"Error",Toast.LENGTH_LONG).show();
}
}
}).start();
}
});
}
}
公共类GMailSender扩展javax.mail.Authenticator{
private String mailhost = "smtp.gmail.com";
private String user;
private String password;
private Session session;
static {
Security.addProvider(new com.provider.JSSEProvider());
}
public GMailSender(String user, String password) {
this.user = user;
this.password = password;
Properties props = new Properties();
props.setProperty("mail.transport.protocol", "smtp");
props.setProperty("mail.host", mailhost);
props.put("mail.smtp.auth", "true");
props.put("mail.smtp.port", "465");
props.put("mail.smtp.socketFactory.port", "465");
props.put("mail.smtp.socketFactory.class",
"javax.net.ssl.SSLSocketFactory");
props.put("mail.smtp.socketFactory.fallback", "false");
props.setProperty("mail.smtp.quitwait", "false");
session = Session.getDefaultInstance(props, this);
}
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(user, password);
}
public synchronized void sendMail(String subject, String body, String sender, String recipients) throws Exception {
try{
MimeMessage message = new MimeMessage(session);
DataHandler handler = new DataHandler(new ByteArrayDataSource(body.getBytes(), "text/plain"));
message.setSender(new InternetAddress(sender));
message.setSubject(subject);
message.setDataHandler(handler);
if (recipients.indexOf(',') > 0)
message.setRecipients(Message.RecipientType.TO, InternetAddress.parse(recipients));
else
message.setRecipient(Message.RecipientType.TO, new InternetAddress(recipients));
Transport.send(message);
}catch(Exception e){
Log.e("SendMail", e.getMessage(), e);
}
}
public class ByteArrayDataSource implements DataSource {
private byte[] data;
private String type;
public ByteArrayDataSource(byte[] data, String type) {
super();
this.data = data;
this.type = type;
}
public ByteArrayDataSource(byte[] data) {
super();
this.data = data;
}
public void setType(String type) {
this.type = type;
}
public String getContentType() {
if (type == null)
return "application/octet-stream";
else
return type;
}
public InputStream getInputStream() throws IOException {
return new ByteArrayInputStream(data);
}
public String getName() {
return "ByteArrayDataSource";
}
public OutputStream getOutputStream() throws IOException {
throw new IOException("Not Supported");
}
}
}
/*
*根据一个或多个许可证颁发给Apache软件基金会(ASF)
*贡献者许可协议。请参阅随附的通知文件
*本作品提供了有关版权所有权的更多信息。
*ASF根据Apache许可证2.0版将此文件许可给您
*(以下简称“许可证”);除非符合以下要求,否则不得使用此文件
*执照。您可以通过以下方式获得许可证副本:
*
*
*
*除非适用法律要求或书面同意,软件
*根据许可证进行的分发是按“原样”进行分发的,
*无任何明示或暗示的保证或条件。
*请参阅许可证以了解管理权限和权限的特定语言
*许可证下的限制。
*/
导入java.security.AccessController;
导入java.security.Provider
公共最终类JSSEProvider扩展提供程序{
public JSSEProvider() {
super("HarmonyJSSE", 1.0, "Harmony JSSE Provider");
AccessController.doPrivileged(new java.security.PrivilegedAction<Void>() {
public Void run() {
put("SSLContext.TLS",
"org.apache.harmony.xnet.provider.jsse.SSLContextImpl");
put("Alg.Alias.SSLContext.TLSv1", "TLS");
put("KeyManagerFactory.X509",
"org.apache.harmony.xnet.provider.jsse.KeyManagerFactoryImpl");
put("TrustManagerFactory.X509",
"org.apache.harmony.xnet.provider.jsse.TrustManagerFactoryImpl");
return null;
}
});
}
publicjsseprovider(){
超级(“HarmonyJSSE”,1.0,“Harmony JSSE提供商”);
AccessController.doPrivileged(新的java.security.PrivilegedAction(){
公开募捐{
put(“SSLContext.TLS”,
“org.apache.harmony.xnet.provider.jsse.SSLContextImpl”);
put(“Alg.Alias.SSLContext.TLSv1”、“TLS”);
放置(“KeyManagerFactory.X509”,
“org.apache.harmony.xnet.provider.jsse.KeyManagerFactoryImpl”);
放置(“TrustManagerFactory.X509”,
“org.apache.harmony.xnet.provider.jsse.TrustManagerFactoryImpl”);
返回null;
}
});
}
}您不能在android应用程序中保留密钥
您可能希望在后端服务器中实现该功能。只需将电子邮件发送到服务器,服务器就会将电子邮件发送到该地址。我喜欢您的解决方案!在我问了这个问题之后,我正在考虑自己做这件事。谢谢你的回答。