outter_encryptclassOperation.jsp
11.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
<%@ page language="java" contentType="text/html; charset=UTF-8" %>
<%@ page import="weaver.general.*" %>
<%@ page import="weaver.hrm.*" %>
<%@ page import="weaver.file.FileUpload" %>
<%@ page import="java.util.*" %>
<%@ page import="java.lang.reflect.*" %>
<jsp:useBean id="RecordSet" class="weaver.conn.RecordSet" scope="page" />
<%
User user = HrmUserVarify.getUser (request , response) ;
if(user == null) return ;
if(!HrmUserVarify.checkUserRight("intergration:outtersyssetting", user)){
response.sendRedirect("/notice/noright.jsp");
return;
}
FileUpload fu = new FileUpload(request);
String isDialog = Util.null2String(fu.getParameter("isdialog"));
String backto = Util.null2String(fu.getParameter("backto"));
String mode = Util.fromScreen(fu.getParameter("mode"),user.getLanguage());
String operation = Util.fromScreen(fu.getParameter("operation"),user.getLanguage());
String id = Util.fromScreen(fu.getParameter("id"),user.getLanguage());
if("add".equals(operation) || "edit".equals(operation) || "delete".equals(operation)) {
String encryptclass = Util.fromScreen(fu.getParameter("encryptclass"),user.getLanguage());
String encryptmethod = Util.fromScreen(fu.getParameter("encryptmethod"),user.getLanguage());
String decryptmethod = Util.fromScreen(fu.getParameter("decryptmethod"),user.getLanguage());
String isneedpwd = Util.fromScreen(fu.getParameter("isneedpwd"),user.getLanguage());
String password = Util.fromScreen(fu.getParameter("password"),user.getLanguage());
String isneediv = Util.fromScreen(fu.getParameter("isneediv"),user.getLanguage());
String ivparam = Util.fromScreen(fu.getParameter("ivparam"),user.getLanguage());
/*QC308828 [90][优化]集成登录-自定义加密算法设置中增加一个字段【算法名称】,集成登录配置中自定义加密算法选择相应的算法名称 start*/
String encryptname = Util.fromScreen(fu.getParameter("encryptname"),user.getLanguage());
String oldencryptname = Util.fromScreen(fu.getParameter("oldencryptname"),user.getLanguage());
/*QC308828 [90][优化]集成登录-自定义加密算法设置中增加一个字段【算法名称】,集成登录配置中自定义加密算法选择相应的算法名称 end*/
if("".equals(isneedpwd)) {
isneedpwd = "0";
}
if(!"".equals(password)) {
password = SecurityHelper.encryptSimple(password);
}
if("".equals(isneediv)) {
isneediv = "0";
}
if(!"".equals(ivparam)) {
ivparam = SecurityHelper.encryptSimple(ivparam);
}
if("add".equals(operation)) {
if("0".equals(isneedpwd)) {
password = "";
}
if("0".equals(isneediv)) {
ivparam = "";
}
String datatype = "1";
if("0".equals(isDialog)) {// 老数据的新建outter_encryptclassAdd_Old.jsp,不提供入口,只能输入地址进入
datatype = "0";
}
/*QC308828 [90][优化]集成登录-自定义加密算法设置中增加一个字段【算法名称】,集成登录配置中自定义加密算法选择相应的算法名称 start*/
String sql = "select * from outter_encryptclass where encryptname = '"+encryptname+"'";
RecordSet.executeSql(sql);
if(RecordSet.next()){
if(isDialog.equals("1")){
response.sendRedirect("outter_encryptclassAdd.jsp?isexist="+"true"+"&backto="+backto+"&isdialog="+isDialog+"&encryptname="+encryptname
+"&encryptmethod="+encryptmethod+"&encryptclass="+encryptclass+"&decryptmethod="+decryptmethod+"&isneediv="+isneediv
+"&isneedpwd="+isneedpwd+"&password"+password+"&ivparam"+ivparam);
}else{
response.sendRedirect("outter_encryptclassAdd_Old.jsp?isexist="+"true"+"&backto="+backto+"&isdialog="+isDialog+"&encryptname="+encryptname
+"&encryptmethod="+encryptmethod+"&encryptclass="+encryptclass);
}
return;
}else{
RecordSet.executeSql("insert into outter_encryptclass(encryptclass,encryptmethod,encryptname,decryptmethod,isneedpwd,password,isneediv,ivparam,datatype) "+
" values('"+encryptclass+"','"+encryptmethod+"','"+encryptname+"','"+decryptmethod+"','"+isneedpwd+"','"+password+"','"+isneediv+"','"+ivparam+"','"+datatype+"')");
}
/*QC308828 [90][优化]集成登录-自定义加密算法设置中增加一个字段【算法名称】,集成登录配置中自定义加密算法选择相应的算法名称 end*/
}
else if("edit".equals(operation)) {
if(Integer.valueOf(id).intValue() > 0) {
if("0".equals(isneedpwd)) {
password = "";
}
if("0".equals(isneediv)) {
ivparam = "";
}
/*QC308828 [90][优化]集成登录-自定义加密算法设置中增加一个字段【算法名称】,集成登录配置中自定义加密算法选择相应的算法名称 start*/
String sql = "select * from outter_encryptclass where encryptname = '"+encryptname+"' and encryptname<>'"+oldencryptname+"'";
RecordSet.executeSql(sql);
if(RecordSet.next()){
response.sendRedirect("outter_encryptclassEdit.jsp?isexist="+"true"+"&id="+id+"&backto="+backto+"&isdialog="+isDialog);
return;
}else{
RecordSet.execute("update outter_encryptclass set encryptclass = '"+encryptclass+"',encryptmethod = '"+encryptmethod+"',encryptname='"+encryptname+"',decryptmethod = '"+decryptmethod+
"',isneedpwd = '"+isneedpwd+"',password = '"+password+"',isneediv = '"+isneediv+"',ivparam = '"+ivparam+"' where id= "+id);
}
/*QC308828 [90][优化]集成登录-自定义加密算法设置中增加一个字段【算法名称】,集成登录配置中自定义加密算法选择相应的算法名称 end*/
} else {
RecordSet.execute("update outter_encryptclass_sys set password = '"+password+"',ivparam = '"+ivparam+"' where id= "+id.substring(1));
}
}
else if("delete".equals(operation)) {
List ids = Util.TokenizerString(id,",");
if(null != ids && ids.size() > 0) {
for(int i = 0; i < ids.size(); i++) {
String tempsysid = Util.null2String((String)ids.get(i));
if(!"".equals(tempsysid)) {
RecordSet.execute("delete from outter_encryptclass where id = "+tempsysid);
}
}
}
}
}
else if("test".equals(operation)) {
Class clazz = null;
Object object = null;
Method methodEncode = null;// 加密方法
Method methodDecode = null;// 解密方法
Method methodSetpwd = null;// 设置密钥方法
Method methodSetiv = null;// 设置向量方法
String encryptStr = "";// 加密后
String decryptStr = "";// 解密后
String status = "0";
String plaintext = Util.fromScreen(fu.getParameter("plaintext"),user.getLanguage());
RecordSet.executeSql("select * from outter_encryptclass where id = " + id + "");
if(RecordSet.next()) {
String encryptclass = Util.toScreenToEdit(RecordSet.getString("encryptclass"),user.getLanguage());
String encryptmethod = Util.toScreenToEdit(RecordSet.getString("encryptmethod"),user.getLanguage());
String decryptmethod = Util.toScreenToEdit(RecordSet.getString("decryptmethod"),user.getLanguage());
String isneedpwd = Util.toScreenToEdit(RecordSet.getString("isneedpwd"),user.getLanguage());
String isneediv = Util.toScreenToEdit(RecordSet.getString("isneediv"),user.getLanguage());
String datatype = Util.toScreenToEdit(RecordSet.getString("datatype"),user.getLanguage());
if("1".equals(datatype)) {
if(!"".equals(encryptclass) && !"".equals(encryptmethod) && !"".equals(decryptmethod)) {
try {
clazz = Class.forName(encryptclass);
object = clazz.newInstance();
Class [] paramtype = new Class[1];
paramtype[0] = java.lang.String.class;
methodEncode = clazz.getMethod(encryptmethod, paramtype);
methodDecode = clazz.getMethod(decryptmethod, paramtype);
methodSetpwd = clazz.getMethod("setPwd", paramtype);// 设置密钥方法固定为setPwd
methodSetiv = clazz.getMethod("setIv", paramtype);// 设置向量方法固定为setIv
if("1".equals(isneedpwd)) {
String password = Util.fromScreen(fu.getParameter("password"),user.getLanguage());
Object [] pwd = new Object[1];
pwd[0] = password;
methodSetpwd.invoke(object, pwd);
}
if("1".equals(isneediv)) {
String ivparam = Util.fromScreen(fu.getParameter("ivparam"),user.getLanguage());
Object [] iv = new Object[1];
iv[0] = ivparam;
methodSetiv.invoke(object, iv);
}
Object [] param1 = new Object[1];
param1[0] = plaintext;
encryptStr = (String) methodEncode.invoke(object, param1);
if(encryptStr == null) {
status = "1";// 加密异常
} else {
Object [] param2 = new Object[1];
param2[0] = encryptStr;
decryptStr = (String) methodDecode.invoke(object, param2);
if(decryptStr == null) {
status = "2";// 解密异常
} else if("".equals(decryptStr)) {
status = "3";// 没有解密方法,如MD5算法
}
}
} catch(Exception e) {
status = "1";// 加密异常
}
}
} else {
if(!"".equals(encryptclass) && !"".equals(encryptmethod)) {
try {
clazz = Class.forName(encryptclass);
object = clazz.newInstance();
Class [] paramtype = new Class[1];
paramtype[0] = java.lang.String.class;
methodEncode = clazz.getMethod(encryptmethod, paramtype);
Object [] param1 = new Object[1];
param1[0] = plaintext;
encryptStr = (String) methodEncode.invoke(object, param1);
if(encryptStr == null) {
status = "1";// 加密异常
}
} catch(Exception e) {
status = "1";// 加密异常
}
}
}
}
out.print("{\"status\":\""+status+"\",\"encryptStr\":\""+encryptStr+"\",\"decryptStr\":\""+decryptStr+"\"}");
return;
}
else if("check".equals(operation)) {
Class clazz = null;
Object object = null;
Method methodEncode = null;
Method methodDecode = null;
String status = "0";
String encryptclass = Util.fromScreen(fu.getParameter("encryptclass"),user.getLanguage());
String encryptmethod = Util.fromScreen(fu.getParameter("encryptmethod"),user.getLanguage());
String decryptmethod = Util.fromScreen(fu.getParameter("decryptmethod"),user.getLanguage());
if(!"".equals(encryptclass) && !"".equals(encryptmethod) && !"".equals(decryptmethod)) {
try {
clazz = Class.forName(encryptclass);
object = clazz.newInstance();
if (!(object instanceof weaver.interfaces.encode.IEncode)) {
status = "2";// 类没有实现weaver.interfaces.encode.IEncode接口
out.print(status);
return;
}
} catch (Exception e) {
status = "1";// 类不存在
out.print(status);
return;
}
Class [] paramtype = new Class[1];
paramtype[0] = java.lang.String.class;
try {
methodEncode = clazz.getMethod(encryptmethod, paramtype);
} catch (Exception e) {
status = "3";// 加密方法不存在
out.print(status);
return;
}
try {
methodDecode = clazz.getMethod(decryptmethod, paramtype);
} catch (Exception e) {
status = "4";// 解密方法不存在
out.print(status);
return;
}
}
out.print(status);
return;
}
if("1".equals(isDialog)) {
if(!mode.equals("1")) {
%>
<script language=javascript >
try {
//var parentWin = parent.getParentWindow(window);
var parentWin = parent.parent.getParentWindow(parent);
parentWin.location.href="/interface/outter/outter_encryptclass.jsp?backto=<%=backto%>";
parentWin.closeDialog();
} catch(e) {
}
</script>
<%
} else {
%>
<script language=javascript >
try {
var dialog = parent.parent.getDialog(parent);
dialog.callback();
dialog.close();
} catch(e) {
}
</script>
<%
}
} else {
response.sendRedirect("/interface/outter/outter_encryptclass.jsp?backto="+backto);
}
%>