Security 通过网络发送的哈希映射的完整性
我的servlet加密并发送HashMap及其MD5哈希。 然后,客户机接收它们,并将MD5与它从HashMap得到的MD5进行比较 这有时有效,但在其他情况下无效,例如,如果HashMap为:Security 通过网络发送的哈希映射的完整性,security,stream,hashmap,equals,digest,Security,Stream,Hashmap,Equals,Digest,我的servlet加密并发送HashMap及其MD5哈希。 然后,客户机接收它们,并将MD5与它从HashMap得到的MD5进行比较 这有时有效,但在其他情况下无效,例如,如果HashMap为: HashMap<String, Object> result = new HashMap<String, Object>(); result.put("error", 0); result.put("coun", 0); 客户有: //Decry
HashMap<String, Object> result = new HashMap<String, Object>();
result.put("error", 0);
result.put("coun", 0);
//Decrypt the httpURLConnection response stream
Cipher symmetricCipher = Cipher.getInstance("DES");
symmetricCipher.init(Cipher.DECRYPT_MODE, symmetricKey);
CipherInputStream cipherInput = new CipherInputStream(httpInput, symmetricCipher);
BufferedInputStream bufferedInput = new BufferedInputStream(cipherInput);
//read HashMap and MD5
ObjectInputStream objectInput = new ObjectInputStream(in);
HashMap<String, Object> result = (HashMap<String, Object>) objectInput.readObject();
byte[] hash1 = (byte[]) objectInput.readObject();
//workout hash of the Hashmap received.
MessageDigest messageDigest = MessageDigest.getInstance("MD5");
ByteArrayOutputStream bos = new ByteArrayOutputStream() ;
ObjectOutputStream out = new ObjectOutputStream(bos) ;
out.writeObject(result);
out.close();
byte[] hash2 = messageDigest.digest(bos.toByteArray();
// Compare two hashes
if (!Arrays.equals(hash1, hash2)) {
System.out.println("Result received does not match hash, stopping list operation");
return;
}
另外,我不确定我是否在流链的正确部分使用了缓冲流?不能保证Java的两个副本将产生与对象序列化完全相同的字节,只是它们将产生语义上等价的对象 您可以通过对键和值运行摘要来完成类似的工作,但是您需要决定如何散列对象值 如果您可以呈现为XML,并将其规范化,那么您可以从那里开始 您可以查看各种web服务标准以获得安全性,而不是使用自己的标准
建议:将哈希映射复制到一个有顺序的树映射中,然后尝试相同的技巧。可能只是从一个JVM发送带有键值对的JSON,在接收方,您可以反序列化并构建另一个哈希映射。您说,两个MD5哈希不同,您在这里谈论的是哪两个MD5哈希,具体来说?thx,只是假设有一个保证,因为它一直在为许多不同的hashmap工作,直到现在很好-认为它是好的,因为它们只包含整数和字符串…你知道为什么这个特定的hashmap是它停止工作的那个吗?我必须自己滚动,这是为了分配不保证,它正在以未定义的顺序遍历映射。好的,我将尝试treemap,否则我将只MD5哈希映射中的内容,而不是序列化的字节…谢谢
//Work out MD5 of the HashMap result (convert it to bytes with objectOutputStream, and MD5 the bytes)
MessageDigest messageDigest = MessageDigest.getInstance("MD5");
ByteArrayOutputStream bos = new ByteArrayOutputStream() ;
ObjectOutputStream out = new ObjectOutputStream(bos) ;
out.writeObject(result);
out.close();
byte[] md5 = messageDigest.digest(bos.toByteArray();
//Encrypt the httpURLConnection response stream, and send the HashMap result and the md5 over the stream
Cipher symmetricCipher = Cipher.getInstance("DES");
symmetricCipher.init(Cipher.ENCRYPT_MODE, symmetricKey);
CipherOutputStream cipherOutput = new CipherOutputStream(response.getOutputStream(), symmetricCipher);
BufferedOutputStream bufferedOutput = new BufferedOutputStream(cipherOutput);
ObjectOutputStream objectOutput = new ObjectOutputStream(out);
objectOutput.writeObject(result);
objectOutput.writeObject(md5);
objectOutput.flush();
//Decrypt the httpURLConnection response stream
Cipher symmetricCipher = Cipher.getInstance("DES");
symmetricCipher.init(Cipher.DECRYPT_MODE, symmetricKey);
CipherInputStream cipherInput = new CipherInputStream(httpInput, symmetricCipher);
BufferedInputStream bufferedInput = new BufferedInputStream(cipherInput);
//read HashMap and MD5
ObjectInputStream objectInput = new ObjectInputStream(in);
HashMap<String, Object> result = (HashMap<String, Object>) objectInput.readObject();
byte[] hash1 = (byte[]) objectInput.readObject();
//workout hash of the Hashmap received.
MessageDigest messageDigest = MessageDigest.getInstance("MD5");
ByteArrayOutputStream bos = new ByteArrayOutputStream() ;
ObjectOutputStream out = new ObjectOutputStream(bos) ;
out.writeObject(result);
out.close();
byte[] hash2 = messageDigest.digest(bos.toByteArray();
// Compare two hashes
if (!Arrays.equals(hash1, hash2)) {
System.out.println("Result received does not match hash, stopping list operation");
return;
}
if (!Arrays.equals(hash1, hash2)) {
System.out.println("Result received does not match hash, stopping get operation");
return;
}