[JSP] RSA 로그인 암호화, 복호화

JAVA, JSP 2022. 5. 22. 11:36

rsa javascript 라이블러리

rsa.jsp - 로그인 암호화

<%@page import="java.security.PublicKey"%>
<%@page import="java.security.spec.RSAPublicKeySpec"%>
<%@page import="java.security.PrivateKey"%>
<%@page import="java.security.KeyFactory"%>
<%@page import="java.security.KeyPair"%>
<%@page import="java.security.KeyPairGenerator"%>
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
<%

	KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
	generator.initialize(2048);
	
	KeyPair keyPair = generator.genKeyPair();
	KeyFactory keyFactory = KeyFactory.getInstance("RSA");
	
	PublicKey publicKey = keyPair.getPublic();
	PrivateKey privateKey = keyPair.getPrivate();
	
	session.setAttribute("__RSA_Private_Key__", privateKey);
	
	RSAPublicKeySpec publicSpec = keyFactory.getKeySpec(publicKey, RSAPublicKeySpec.class);
	
	String publicKeyModulus = publicSpec.getModulus().toString(16);
	String publicKeyExponent = publicSpec.getPublicExponent().toString(16);

%>    

<!DOCTYPE html> 
<html lang="ko">
<head>
<meta charset="utf-8">
<title>RSA</title>

<script type="text/javascript" src="/resources/lib/rsa/rsa.js"></script>
<script type="text/javascript" src="/resources/lib/rsa/jsbn.js"></script>
<script type="text/javascript" src="/resources/lib/rsa/prng4.js"></script>
<script type="text/javascript" src="/resources/lib/rsa/rng.js"></script>
</head>

<body>
  
	<label for="username">사용자ID : <input type="text" id="username" size="16"/></label>
	<label for="password">비밀번호 : <input type="password" id="password" size="16" /></label>
	<a href="./rsa_proc.jsp" onclick="validateRSA(); return false;">로그인</a>
	
	<form id="frm" name="frm" action="./rsa_proc.jsp" method="post" style="display: none;">
	    <input type="hidden" name="securedUsername" id="securedUsername" value="" />
	    <input type="hidden" name="securedPassword" id="securedPassword" value="" />
	</form>   
  
	<script type="text/javascript">
	
		function validateRSA() {
		
			var username = document.getElementById("username").value;
			var password = document.getElementById("password").value;
			
			try {
			    
			    var rsaPublicKeyModulus = "<%=publicKeyModulus%>";
			    var rsaPublicKeyExponent = "<%=publicKeyExponent%>";
			    
			    var rsa = new RSAKey();
			    rsa.setPublic(rsaPublicKeyModulus, rsaPublicKeyExponent);
			
			    // 사용자ID, 비밀번호를 RSA로 암호화
			    var securedUsername = rsa.encrypt(username);
			    var securedPassword = rsa.encrypt(password);
			
			    var frm = document.getElementById("frm");
			    frm.securedUsername.value = securedUsername;
			    frm.securedPassword.value = securedPassword;
			    frm.submit();           
			    
			} catch(e) {
			    alert(e);
			}
		}
	
	</script> 
</body>
</html>

rsa_proc.jsp - 복호화 처리

<%@page import="javax.crypto.Cipher"%>
<%@page import="java.security.PrivateKey"%>
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>

<%!
private String decryptRsa(PrivateKey privateKey, String securedValue) throws Exception {
    //System.out.println("privateKey : " + privateKey);
    System.out.println("securedValue : " + securedValue);
    Cipher cipher = Cipher.getInstance("RSA");
    byte[] encryptedBytes = hexToByteArray(securedValue);
    cipher.init(Cipher.DECRYPT_MODE, privateKey);
    byte[] decryptedBytes = cipher.doFinal(encryptedBytes);
    String decryptedValue = new String(decryptedBytes, "utf-8"); 
    return decryptedValue;
}

/**
 * 16진 문자열을 byte 배열로 변환한다.
 */
public static byte[] hexToByteArray(String hex) {
    if (hex == null || hex.length() % 2 != 0) {
        return new byte[]{};
    }

    byte[] bytes = new byte[hex.length() / 2];
    for (int i = 0; i < hex.length(); i += 2) {
        byte value = (byte)Integer.parseInt(hex.substring(i, i + 2), 16);
        bytes[(int) Math.floor(i / 2)] = value;
    }
    return bytes;
}
%>

<%

String securedUsername = request.getParameter("securedUsername");
String securedPassword = request.getParameter("securedPassword");

PrivateKey privateKey = (PrivateKey)session.getAttribute("__RSA_Private_Key__");

// 키의 재사용을 막는다. 항상 새로운 키를 받도록 강제.
session.removeAttribute("__RSA_Private_Key__"); 

if (privateKey == null) {
	System.out.println("암호화 비밀키 정보를 찾을 수 없습니다.");
}

try {
    
	String username = decryptRsa(privateKey, securedUsername);
    String password = decryptRsa(privateKey, securedPassword);
    System.out.println("username : " + username);
    System.out.println("password : " + password);
    
    request.setAttribute("username", username);
    request.setAttribute("password", password);
    request.getRequestDispatcher("/login.jsp").forward(request, response);
    
} catch (Exception e) {
	e.printStackTrace();
}

%>