本人能力偏低,对于各种理论都理解不够深刻,通过查询资料,闲来无事写的一个博客园的登录模拟程序。希望各位提提建议。
1 import java.io.BufferedReader; 2 import java.io.InputStreamReader; 3 import java.io.OutputStreamWriter; 4 import java.net.URL; 5 import java.security.GeneralSecurityException; 6 import java.util.List; 7 8 import javax.net.ssl.HostnameVerifier; 9 import javax.net.ssl.HttpsURLConnection; 10 import javax.net.ssl.SSLContext; 11 import javax.net.ssl.SSLSession; 12 import javax.net.ssl.X509TrustManager; 13 14 import com.dyf.test.LoginDemo; 15 16 17 public class MyBlong { 18 19 private static String url; 20 public static String realCookie; 21 22 23 private X509TrustManager xtm = new TrustVer(); 24 25 //创建一个类去信任所有的(主机(个人觉得翻译成主机)) 26 private HostnameVerifier hnv = new HostnameVerifier() { 27 public boolean verify(String hostname, SSLSession session) { 28 return false; 29 } 30 }; 31 32 //这个方法中我们假定我们的系统是不太严格的校验和信任管理的。代码一旦执行,就会调用静态方法HttpsURLConnection(); 33 public MyBlong(String url) { 34 this.url = url; 35 SSLContext sslContext = null; 36 37 try { 38 sslContext = SSLContext.getInstance("TLS"); 39 X509TrustManager[] xtmArray = new X509TrustManager[] { xtm }; 40 sslContext.init(null, xtmArray, new java.security.SecureRandom()); 41 } catch(GeneralSecurityException gse) { 42 gse.printStackTrace(); 43 } 44 45 if(sslContext != null) { 46 HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); 47 } 48 HttpsURLConnection.setDefaultHostnameVerifier(hnv); 49 50 } 51 52 public MyBlong() { 53 //这个不写好像有个程序里面会报错,所以就加上了 54 } 55 56 public void getHtml(String url,String data) { 57 new LoginDemo(url); 58 //主要获取信息参考http://www.jianshu.com/p/2cd5ba0bd7b3 59 try { 60 61 //首先通过get方法获取返回的cookie 通过firebug看到的有两次请求 返回两个cookie的是有用的, 62 //个人看了一下只是多了AspxAutoDetectCookieSupport=1,于是手动加上了 63 HttpsURLConnection urlCon = (HttpsURLConnection) (new URL(url)).openConnection(); 64 65 String cookie = urlCon.getHeaderField("Set-Cookie"); 66 cookie = "AspxAutoDetectCookieSupport=1; "+cookie.substring(0,cookie.indexOf(";")); 67 68 BufferedReader br = new BufferedReader(new InputStreamReader(urlCon.getInputStream(),"utf-8")); 69 String str = ""; 70 String verificationToken = ""; 71 while((str=br.readLine())!=null){ 72 //获取VerificationToken 73 if(str.contains("VerificationToken")){ 74 verificationToken = str.substring(str.indexOf(":")+3,str.lastIndexOf("'")); 75 } 76 } 77 br.close(); 78 urlCon.disconnect(); 79 80 //查看请求头信息 81 // Map<String, List<String>> headMap = urlCon.getHeaderFields(); 82 83 // Set<Map.Entry<String, List<String>>> headSet = headMap.entrySet(); 84 // Iterator<Entry<String, List<String>>> it = headSet.iterator(); 85 // while (it.hasNext()) { 86 // System.out.println(it.next()); 87 // } 88 //post请求吧用户名和密码加密后和之前获取的cookie还有VerificationToken以及X-Requested-With(经证明这个也是必须的)一同发送给服务器 89 HttpsURLConnection _urlCon = (HttpsURLConnection) (new URL(url)).openConnection(); 90 91 _urlCon.setDoInput(true); 92 _urlCon.setDoOutput(true); 93 _urlCon.setRequestProperty("VerificationToken", verificationToken); 94 _urlCon.setRequestProperty("Cookie", cookie); 95 _urlCon.setRequestProperty("X-Requested-With", "XMLHttpRequest"); 96 _urlCon.setRequestProperty("Content-Type", "application/json; charset=utf-8"); 97 OutputStreamWriter osw = new OutputStreamWriter(_urlCon.getOutputStream()); 98 osw.write(data); 99 osw.flush(); 100 osw.close(); 101 102 // System.out.println("==================这段只是查看响应的东西=========="); 103 // 104 // 105 // BufferedReader _br = new BufferedReader(new InputStreamReader(_urlCon.getInputStream(),"utf-8")); 106 // String line = ""; 107 // StringBuilder sb = new StringBuilder(); 108 // while ((line = _br.readLine()) != null) { 109 // sb.append(line); 110 // sb.append(" "); 111 // } 112 // _br.close(); 113 // 114 // System.out.println(sb.toString()); 115 116 List<String> temp_List = (_urlCon.getHeaderFields()).get("Set-Cookie"); 117 118 for (String s : temp_List) { 119 120 //.CNBlogsCookie这个才是关键的cookie 121 if(s.contains(".CNBlogsCookie")){ 122 realCookie = s.substring(s.indexOf("=")+1,s.indexOf(";")); 123 System.out.println(realCookie); 124 } 125 } 126 127 //只是查看请求头信息 128 // Map<String, List<String>> headMap = _urlCon.getHeaderFields(); 129 // Set<Map.Entry<String, List<String>>> headSet = headMap.entrySet(); 130 // Iterator<Entry<String, List<String>>> it = headSet.iterator(); 131 // while (it.hasNext()) { 132 // System.out.println(it.next()); 133 // } 134 135 _urlCon.disconnect(); 136 } catch(Exception mue) { 137 mue.printStackTrace(); 138 } 139 } 140 141 //just a kidding 142 // public static void main(String[] args) { 143 // LoginDemo lg = new LoginDemo("https://passport.cnblogs.com/user/signin"); 144 // String userName = KeyDemo.myencode("风清扬dyf"); 145 // String password = KeyDemo.myencode("ssss");//我会告诉你我的密码吗 146 // String jsonTest = "{"input1":"" + userName + "","input2":"" + password + "","remember":false}"; 147 // lg.getHtml("https://passport.cnblogs.com/user/signin",jsonTest); 148 // } 149 }
下面是类TrustVer
1 import java.security.cert.CertificateException; 2 import java.security.cert.X509Certificate; 3 4 import javax.net.ssl.X509TrustManager; 5 /* 6 *这个类是信任所有的证书 7 */ 8 public class TrustVer implements X509TrustManager{ 9 10 public void checkClientTrusted(X509Certificate[] chain, String authType) 11 throws CertificateException { 12 13 } 14 15 public void checkServerTrusted(X509Certificate[] chain, String authType) 16 throws CertificateException { 17 18 } 19 20 public X509Certificate[] getAcceptedIssuers() { 21 return null; 22 } 23 24 }
下面是类KeyDemo ,主要功能就是对输入的登录名和密码加密,公钥我是直接复制过来的
1 package com.dyf.test; 2 3 import java.security.KeyFactory; 4 import java.security.PublicKey; 5 import java.security.spec.X509EncodedKeySpec; 6 7 import javax.crypto.Cipher; 8 9 import sun.misc.BASE64Decoder; 10 import sun.misc.BASE64Encoder; 11 12 13 public class KeyDemo { 14 15 private static final String publicKeyStr = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCp0wHYbg/NOPO3nzMD3dndwS0MccuMeXCHgVlGOoYyFwLdS24Im2e7YyhB0wrUsyYf0/nhzCzBK8ZC9eCWqd0aHbdgOQT6CuFQBMjbyGYvlVYU2ZP7kG9Ft6YV6oc9ambuO7nPZh+bvXH0zDKfi02prknrScAKC0XhadTHT3Al0QIDAQAB"; 16 17 public static String myencode(String str) { 18 String result = ""; 19 try { 20 byte[] keyBytes = (new BASE64Decoder()).decodeBuffer(publicKeyStr);//这里可以换成其他的方法具体可以去网上查一查 21 X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); 22 KeyFactory keyFactory = KeyFactory.getInstance("RSA"); 23 PublicKey publicKey = keyFactory.generatePublic(keySpec); 24 Cipher cipher = Cipher.getInstance("RSA"); 25 cipher.init(Cipher.ENCRYPT_MODE,publicKey); 26 //这里获取字符串字节数组要标明编码类型不然会加密后的字符串会出错 27 byte[] data = cipher.doFinal(str.getBytes("utf-8")); 28 result = (new BASE64Encoder()).encode(data);//这里可以换成其他的方法具体可以去网上查一查 29 30 31 // System.out.println("原文:"+str); 32 // System.out.println("加密:"+result); 33 34 } catch (Exception e) { 35 System.out.println("解码出错"); 36 } 37 return result; 38 39 40 } 41 42 }
就只是简单实现了登录,返回值是true获取到了cookie值便于之后获取其他的信息,只是目前还没有完善
gui已经实现了客户端的编写,这里就不贴出来了,因为实在是太难看了。