MD5 Java Bean implementation

zhaozj2021-02-08  425

MD5 Java Bean implementation

Promise

Editor's words:

Although the MD5 signature algorithm has been implemented in JDK, the author is analyzed from MD5's principle to the Java implementation of MD5 specific algorithm and gives a complete sample program. I think this will still have it for our readers. A lot of help.

Content: MD5 Introduction Implementation Policy Implementation Process Test Java Bean Brief Reporting Java Bean into JSP in the end, can it be compatible? Reference Author

Introduction to MD5

The full name of MD5 is Message-Digest Algorithm 5, in the 1990s by Mit's computer science laboratories, invented by MD2, MD3 and MD4.

Message-Digest's Hash transform of the message is to convert an arbitrary length byte string into a certain long integer. Please note that I use the word "byte string" instead of "string" because this transformation is only related to the value of the byte, regardless of the character set or encoding method.

MD5 converts any length of "byte string" into a 128bit big integer, and it is an irreversible string transform algorithm. SOLMINAL, even if you see the source program and algorithm description, it is impossible to put a MD5 The value change back to the original string, from the principle of mathematics, because the original string has endless, this is a bit like a mathematical function that does not exist in the reverse function.

The typical application of MD5 is to generate FingerPrint (fingerprints) for a Message to prevent tampering. For example, you write a word in a readme.txt file, and generate a MD5 value for this readme.txt and record it, then you can spread this file to others, others modify the file Anything, you will find this file to recalculate MD5. If there is another third party certification body, use MD5 to prevent "reliability" of the author, this is the so-called digital signature application.

MD5 is also widely used in encryption and decryption techniques. In many operating systems, the user's password is saved in MD5 value (or similar algorithm), when the user login, the system is calculated into the user input. The MD5 value is then compared to the MD5 value saved in the system, and the system does not "know" what the user's password is.

Some hacking methods of cracked this password are a method called "running". There are two ways to get a dictionary, one is a character string table for daily collections, the other is to generate the MD5 value of these dictionaries with the MD5 program, and then use the target The MD5 value is retrieved in this dictionary.

Even if the maximum length of the password is assumed to be 8, the password can only be a letter and a number, a total of 26 26 10 = 62 characters, and the number of items that are arranged in combination is P (62, 1) p (62, 2) .... P (62, 8), it is already a very an astronomical number, storing this dictionary requires a TB level disk group, and this method has a premise, it is to get the password of the target account. MD5 value can be used.

In many e-commerce and community applications, manage users' Account is the most common basic feature, although many Application Server provides these basic components, but many application developers are more flexible to manage, but also use relational databases. To manage users, lazy approach is that the user's password is often saved directly in the database after using clear text or simple transform, so these users can say that the software developer or system administrator can say that there is no confidentiality, this article The purpose is to introduce the implementation of the Java Bean of the MD5, and give examples of the MD5 to handle the user's Account password, which makes the administrator and programmer can't see the user's password, although they can initialize them. But important points are the protection of habits for user passwords. Interested readers can get MD5 herein is the text of RFC 1321. http://www.ietf.org/rfc/rfc1321.txt

Implementation strategy

The MD5 algorithm actually provides C's implementation in RFC1321. We can think of it immediately. At least two ways to implement it with Java, the first is to rewrite the entire algorithm with Java language, or to say simple points It is to rewrite the C program into a Java program. The second is that the JNI Native Interface is implemented, and the core algorithm still uses this C program, with the Java class to package a shell.

But I personally think that JNI should be a way Java has no way to solve certain types of problems (such as applications closely related to operating systems or I / O devices), while providing one means of providing interoperability and other languages. The biggest problem brought by JNi is to introduce the platform's dependence, breaking the "one written to run" Java benefits in Sun. Therefore, I decided to take the first method, and I tried to try "Once I'm running everywhere", I've examined Java 2's efficiency problem of comparing intensive calculations.

Implementation process

Limited to this article, but also for more readers to truly focus on the problem itself, I don't want to introduce this Java Bean's production process, introducing a method, introducing a method, I found the steps and commands very Clear, I believe that there is a reader who has more than three days of experience in Java integrated environments, will know how to compile and run this code in an integrated environment. Telling problems with integrated environments often requires a lot of screenshots, which is why I have always been a headache for integrated environment. I used an ordinary text editor and used Sun's standard JDK 1.3.0 for Windows NT.

In fact, convert C into Java for a programmer with a certain C language basis, the basic syntax of these two languages ​​is almost entirely consistent. I spent an hour's time to complete the conversion of the code, I mainly made a few things:

Turn some #define macros that must be used into Final Static in Class, which guarantees that multiple instance sharing of these data in a process space is deleted some useless #if define, because I only care about MD5, this recommendation The C realization simultaneously implements MD2 MD3 and MD4, and some #if define also communicates some compiled macros to the Final Static member function with different compilers. All variable namings are consistent with the original C implementation. Do some of the cases in line with Java habits, and the C function in the calculation process becomes a private method (member function). Character adjustment of key variables defines classes and methods

It should be noted that many early C compilers' int types are 16 bits, and MD5 uses unsigned long int and think it is a 32bit unsigned integer. In Java Int is 32 bit, long is 64 bit. In the C implementation of the MD5, a large number of bits are used. The point you need to point out is that although Java provides a bit operation, because Java does not have a unsigned type, there is no symbol right shift for the right shift operation: >>>, equivalent to C >> For unsigned numbers deal with. Because Java does not provide an aligned number of operations, the two large INT numbers will overflow to get a negative or exception, so I will change some key variables in Java into long type (64bit). I personally think that it is more convenient than you to redefine a group of unsigned numbers, while overloading those operators, and the efficiency is much more efficient, and the code is easy to read. It will result in low efficiency.

Limited to the space, the original C code is no longer given, and the reader friend who is interested in the control can go to the RFC 1321. Md5.java source code

test

In RFC 1321, Test Suite is used to verify that your implementation is correct:

MD5 ("") = D41D8CD98F00B204E9800998ECF8427E

MD5 ("a") = 0cc175b9c0f1b6a831c399e269772661

MD5 ("ABC") = 900150983cd24fb0d6963f7d28e17f72

MD5 ("Message Digest") = F96B697D7CB7938D525A2F31AAF161D0

MD5 ("AbcdefghijklmnopqrStuvwxyz") = C3FCD3D76192E4007DFB496CCA67E13B

... The meaning of these output results refers to the empty string "" MD5 value is D41D8CD98F00B204E9800998ECF8427E, the string "a" MD5 value is 0cc175b9c0f1b6a831c399e269772661 ......

Compile and run our program:

Javac -d. md5.java

Java beartool.md5

In order to conflict with the same name procedures with others, I use package beartool in my first line;

Therefore, the compile command javac -d. Md5.java command automatically establishes a beartool directory in our working directory, and puts the successful MD5.class in the catalog.

We will get the same result as Test Suite. Of course, you can continue to test other MD5 transformations you are interested in, for example:

Java beartool.md5 1234

The 1234 MD5 value will be given.

Maybe my computer knowledge is starting from the Apple II and Z80 board machine, I have a preference to the upper-write hexadecimal code, if you want to use your lowercase Digest String just need to put the A, B, C in the ByteHex function. D, E, f are changed to A, B, C, D, E, F.

MD5 is said to be a time-consuming calculation. Our Java version of MD5 flashed, did not encounter any obstacles, and did not feel the Java version of the MD5 than C version with the naked eye.

In order to test its compatibility, I copied this md5.class file to the machine of my other Linux IBM JDK 1.3, and after execution, I did the same results, it is indeed "written everywhere everywhere".

Java bean

Now, we have completed and simply test this Java Class, the title of our article is to be a Java Bean. In fact, ordinary Java Bean is simple, not a new or great concept, is a Java Class, although Sun specifies some methods that need to be realized, but not forced. EJB (Enterprise Java Bean) does not specify some methods that must be implemented (very similar to response events), which are used for EJB Container (call).

Using this bean in a Java Application or Applet is very simple, the easiest way is to use this class's source code work directory to create a beartool directory, copy this class file in, then in your program Import beartool.md5 Yes. Finally, pack it .jar or .war is to keep this relative directory relationship.

Java has a small benefit that you don't need to remove the main method in our MD5 class, which is already a Java Bean that you can work. Java has a very big advantage that she allows easy to make a variety of running forms in the same group of code, for example, you can write a class, which is a console Application and GUI Application, at the same time is an applet, At the same time, it is also a Java Bean, which provides great convenience for testing, maintenance, and publishing programs. The test method main here can also put it in an internal class, interested readers can refer to: http://www.cn. IBM.com/developerWorks/java/jw-tips/tip106/index.shtml

Here is the advantage of putting tests and sample code in an internal static class, is a good engineering skills and way.

Push Java Bean to JSP

As we explained in this article, our application for this MD5 bean is based on a user management. Here we assume a user login process for a virtual community, and the user's information is saved in the table named Users. This table has two fields and our example. Userid: char (20) and pwdmd5: char (32), userid is the primary key, PWDMD5 saved MD5 string of this table, MD5 value is a 128bit big integer The ASCII indicating 16-based ASCI is 32 characters.

Here is two files, login.html is used to accept FORMs entered by the user, login.jsp is used to simulate the Login process using the MD5 bean.

In order to make our test environment simply, we used JDK built-in JDBC-ODBC Bridge Driver in JSP, and Community is the name of the ODBC's DSN. If you use other JDBC Driver, replace the Connection CON = in Login.jsp = DriverManager.getConnection ("JDBC: ODBC: Community", "" "");

Login.jsp works very simple, receive user-entered userid and password, then transform Password into MD5 strings, then look for userid and pwdmd5 in the UserS table, because userid is the useers table Primary Key, if the transformation PWDMD5 does not match the record in the table, then the SQL query gets an empty result set.

Here you need brief introduction, using this bean only needs to create a beartool directory under your JSP application's web-inf / class, and then copy the md5.class to that directory. If you use some integrated development environments, please refer to their Deploy tools. A statement in JSP uses a Java Bean key is the second line in the program: This is all JSP specifications required JSP container development Standard TAG must be provided.

ID = actually indicates an instance variable name when JSP Container creates a bean instance. In the Java program between <% and%>, you can reference it. As can be seen in the program, the only public method provided by our MD5 Java Bean is referenced by PWDMD5 = OMD5.GETMD5OFSTR (Password): getMD5ofstr.

Java Application Server executes. JSP process is to prepare it into .java (those tags will become a Java statement when pre-transder), and then compile into .class. These are all system automatic completion and maintenance, that .CLASS is also called a servlet. Of course, if you like, you can also help Java Application Server to do what you do, you can write the servlet directly, but use servlet to output HTML. It is simply returned to write the Dream era of writing CGI programs.

If your output is a complex form, it is more convenient to write a "template" with an HTML editor you are familiar with, and then "embed" embedding JSP code ". Although this JSP code is accused "hollow powder" by some experts, it has a disadvantage that the code is more difficult to manage and reuse, but the program design will always need such a trade-off. I personally think that for medium, small projects, the more ideal structure is part of the data representing data (or unscrupulously referred to as web interface), and the interface is not related to the bean, in general Need to write a servlet directly.

If you think this method is not very oo (Object Oriented), you can inherit it, and write a bean into the function of the user.

Can you comply with it?

I tested three Java application server environments, resin 1.2.3, Sun J2EE 1.2, IBM WebSphere 3.5, fortunately, this Java Bean has no problem, because it is just a computing program, does not involve the operating system, i / O device. In fact, in other languages ​​can also simply implement its compatibility, Java's only advantage is that you only need to provide a form of running code. Note "Form" two words, now many computing structures and operating systems define a large number of code forms in addition to the language itself, very simple C language core code, converted into different forms to consider many problems, using a lot of tools, At the same time, it is subject to many restrictions, and sometimes the energy spent on a new "form" may be more than the problem itself. For example, if the light Windows has an exe, service, there are OCX, etc. before the COM DLL, etc., although it is simple to be simple in UNIX, but must also provide a lot of macros, but also consider different Platform compiler version of the bit length problem. I think this is a very important charm of Java for me.

Reference

IETF RFC 1321 http: // http://www.ietf.org/rfc/rfc1321.txt This is the most original and authoritative documentation of MD5, and contains a complete C language implementation. This document is submitted in 1992. Its C procedure is not an ANSI standard grammar, and some old Unix is ​​intimate. Compiling this C program under Windows to change. J2EE tutorial http://java.sun.com/J2ee/tutorial/doc/information/Resources.html sun's J2EE tutorial is very good, concise, to fully understand the architecture behind Java Bean and JSP provides a good Start or index.

Bruce Eckel "Think in Java 2nd Edition" This is also a nice Java textbook recommended by developer Works. I personally think this book is written to at least one programmer in programming language experience.

转载请注明原文地址:https://www.9cbs.com/read-921.html

New Post(0)