PHPor 的Blog – 第102页

关于cookie

缘起

如何在不发起一个Http请求的情况下删除一个Httponly的cookie？

探索：

1. 虽然JS无法读取Httponly的cookie，那么JS是否可以设置或删除Httponly的cookie呢？

答案是否定的

2. 使用http-equiv类型的meta标签是可以设置cookie的，那么是否可以cache一个带有http-equiv类型的meta标签的页面来操作cookie呢？

http-equiv类型的meta标签只能设置、删除、修改非Httponly类型的cookie

分析：

分析1：

JS无法访问Httponly的cookie，其中包括三层含义：

无法读取
无法设置和修改
无法删除

如：

无法通过如下方式设置、修改或删除一个已存在的Httponly的cookie：

document.cookie = "test=set_by_js; expires=Thu, 01-Jan-2070 00:00:01 GMT; path=/"

1	document.cookie = "test=set_by_js; expires=Thu, 01-Jan-2070 00:00:01 GMT; path=/"

无法通过如下方式设置、修改或删除一个已存在的Httponly的cookie：

document.cookie = "test=set_by_js; expires=Thu, 01-Jan-2070 00:00:01 GMT; path=/; Httponly"

1	document.cookie = "test=set_by_js; expires=Thu, 01-Jan-2070 00:00:01 GMT; path=/; Httponly"

注意：或许你通过第一种方式在一个Httponly的cookie已存在的情况下设置了一个新的test cookie，那么基本上是因为两个test的domain或path不同；如：一个Httponly的cookie设置在a.test.com域下，而这时通过document.domain=”test.com”，将domain修改为了 test.com；这时候可以通过第一种方式设置一个testcookie，和原有的Httponly的cookie并不冲突

分析2：

HTML中有一个meta标签，其中的一个用法是http-equiv，如，可以通过如下方式设置cookie：

<meta http-equiv="Set-Cookie" content="cookiename=cookievalue; expires=Friday, 12-Jan-2021 18:18:18 GMT； path=/">

1	<meta http-equiv="Set-Cookie" content="cookiename=cookievalue; expires=Friday, 12-Jan-2021 18:18:18 GMT； path=/">

但是，测试发现，似乎无法通过JS创建meta标签的方式来设置cookie

分析3：

测试发现，无法通过meta标签来设置、修改、删除一个Httponly的cookie

做人做事

做人的一些关键字：

尊重、理解、真诚

做事的一些关键字：

态度、方法、效率

人生座右铭：

仁、义、礼、智、信、忠、孝、和

成功迁移Blog从bluehost到hostmonster

迁移体会：

1. 使用wordpress的导出导入插件不太靠谱，因为有些数据没有导，会带来很多的麻烦；使用mysqldump + source命令比较靠谱

2. hostmonster开启ssh功能需要verify account，就是要提供身份证照片，这是注册之后才知道的，虽然不想提供，但是还是提供了；提供之后很快就验证完了，效率还是可以的

这是迁移之后的第一篇文章

五大美国虚拟主机比较对照表

http://www.us-webhosting.com/compare.shtml?wmbhf

JAVA使用openssl生成的公私钥做加密解密

使用openssl生成密钥对：

>openssl genrsa -out private.key
>openssl rsa -in private.key -pubout -outform PEM -out public.key
// 因为java里面不识别x509格式的私钥，所以必须转换为 pkcs8格式方可使用
// java异常描述为： java.security.spec.InvalidKeySpecException: Only RSAPrivate(Crt)KeySpec and PKCS8EncodedKeySpec supported for RSA private keys
// 虽然RSAPrivate(Crt)KeySpec 也支持，但是目前还不知道怎么用
>openssl pkcs8 -topk8 -inform PEM -outform PEM -in private.key -out pkcs8_priv.pem -nocrypt

>openssl genrsa -out private.key

>openssl rsa -in private.key -pubout -outform PEM -out public.key

// 因为java里面不识别x509格式的私钥，所以必须转换为 pkcs8格式方可使用

// java异常描述为： java.security.spec.InvalidKeySpecException: Only RSAPrivate(Crt)KeySpec and PKCS8EncodedKeySpec supported for RSA private keys

// 虽然RSAPrivate(Crt)KeySpec 也支持，但是目前还不知道怎么用

>openssl pkcs8 -topk8 -inform PEM -outform PEM -in private.key -out pkcs8_priv.pem -nocrypt

java代码：

1. 注意： java 语言本身没有实现base64编码，而openssl生成的密钥对一般做base64编码，便于维护，所以这里引用了 org.apache.commons.codec.binary.Base64;

import java.io.BufferedReader;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;

import javax.crypto.Cipher;

import org.apache.commons.codec.binary.Base64;
//下载地址： http://commons.apache.org/codec/download_codec.cgi

public static class MyRsa {
	/**
	 * String to hold name of the encryption algorithm.
	 */
	public static final String ALGORITHM = "RSA";

	/**
	 * String to hold the name of the private key file.
	 */
	public static final String PRIVATE_KEY_FILE = "D:/rsa/pkcs8_priv.pem";

	/**
	 * String to hold name of the public key file.
	 */
	public static final String PUBLIC_KEY_FILE = "D:/rsa/public.key";

	/**
	 * Encrypt the plain text using public key.
	 * 
	 * @param text
	 *            : original plain text
	 * @param key
	 *            :The public key
	 * @return Encrypted text
	 * @throws java.lang.Exception
	 */
	public static byte[] encrypt(String text, PublicKey key) {
		byte[] cipherText = null;
		try {
			// get an RSA cipher object and print the provider
			final Cipher cipher = Cipher.getInstance(ALGORITHM);
			// encrypt the plain text using the public key
			cipher.init(Cipher.ENCRYPT_MODE, key);
			cipherText = cipher.doFinal(text.getBytes());
		} catch (Exception e) {
			e.printStackTrace();
		}
		return cipherText;
	}

	/**
	 * Decrypt text using private key.
	 * 
	 * @param text
	 *            :encrypted text
	 * @param key
	 *            :The private key
	 * @return plain text
	 * @throws java.lang.Exception
	 */
	public static String decrypt(byte[] text, PrivateKey key) {
		byte[] dectyptedText = null;
		try {
			// get an RSA cipher object and print the provider
			final Cipher cipher = Cipher.getInstance(ALGORITHM);

			// decrypt the text using the private key
			cipher.init(Cipher.DECRYPT_MODE, key);
			dectyptedText = cipher.doFinal(text);

		} catch (Exception ex) {
			ex.printStackTrace();
		}

		return new String(dectyptedText);
	}

	public static void test() {
		String s = "Hello world";
		try {
			BufferedReader privateKey = new BufferedReader(new FileReader(
					PRIVATE_KEY_FILE));
			BufferedReader publicKey = new BufferedReader(new FileReader(
					PUBLIC_KEY_FILE));	
			String strPrivateKey = "";
			String strPublicKey = "";
			String line = "";
			while((line = privateKey.readLine()) != null){
				strPrivateKey += line;
			}
			while((line = publicKey.readLine()) != null){
				strPublicKey += line;
			}
			privateKey.close();
			publicKey.close();

			// 私钥需要使用pkcs8格式的，公钥使用x509格式的
			String strPrivKey = strPrivateKey.replace("-----BEGIN PRIVATE KEY-----", "")
					.replace("-----END PRIVATE KEY-----", "");				
			String strPubKey = strPublicKey.replace("-----BEGIN PUBLIC KEY-----", "")
					.replace("-----END PUBLIC KEY-----", "");
			//System.out.print(strPrivKey);
			//System.out.println(strPubKey);	

			byte [] privKeyByte = Base64.decodeBase64(strPrivKey);
			byte [] pubKeyByte = Base64.decodeBase64(strPubKey);
			PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(privKeyByte);
			//PKCS8EncodedKeySpec pubKeySpec = new PKCS8EncodedKeySpec(pubKeyByte);

			//X509EncodedKeySpec 	privKeySpec = new X509EncodedKeySpec(privKeyByte);
			X509EncodedKeySpec 	pubKeySpec = new X509EncodedKeySpec(pubKeyByte);

			KeyFactory kf = KeyFactory.getInstance("RSA");

			PrivateKey privKey = kf.generatePrivate(privKeySpec);
			PublicKey pubKey = kf.generatePublic(pubKeySpec);

			byte [] encryptByte = encrypt(s, pubKey);
			System.out.println(decrypt(encryptByte, privKey));

		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (InvalidKeySpecException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
	}
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

import java.io.BufferedReader;

import java.io.FileNotFoundException;

import java.io.FileReader;

import java.io.IOException;

import java.security.KeyFactory;

import java.security.NoSuchAlgorithmException;

import java.security.PrivateKey;

import java.security.PublicKey;

import java.security.spec.InvalidKeySpecException;

import java.security.spec.PKCS8EncodedKeySpec;

import java.security.spec.X509EncodedKeySpec;

import java.util.Arrays;

import javax.crypto.Cipher;

import org.apache.commons.codec.binary.Base64;

//下载地址： http://commons.apache.org/codec/download_codec.cgi

public static class MyRsa {

/**

* String to hold name of the encryption algorithm.

public static final String ALGORITHM = "RSA";

/**

* String to hold the name of the private key file.

public static final String PRIVATE_KEY_FILE = "D:/rsa/pkcs8_priv.pem";

/**

* String to hold name of the public key file.

public static final String PUBLIC_KEY_FILE = "D:/rsa/public.key";

/**

* Encrypt the plain text using public key.

* @param text

* : original plain text

* @param key

* :The public key

* @return Encrypted text

* @throws java.lang.Exception

public static byte[] encrypt(String text, PublicKey key) {

byte[] cipherText = null;

try {

// get an RSA cipher object and print the provider

final Cipher cipher = Cipher.getInstance(ALGORITHM);

// encrypt the plain text using the public key

cipher.init(Cipher.ENCRYPT_MODE, key);

cipherText = cipher.doFinal(text.getBytes());

} catch (Exception e) {

e.printStackTrace();

}

return cipherText;

}

/**

* Decrypt text using private key.

* @param text

* :encrypted text

* @param key

* :The private key

* @return plain text

* @throws java.lang.Exception

public static String decrypt(byte[] text, PrivateKey key) {

byte[] dectyptedText = null;

try {

// get an RSA cipher object and print the provider

final Cipher cipher = Cipher.getInstance(ALGORITHM);

// decrypt the text using the private key

cipher.init(Cipher.DECRYPT_MODE, key);

dectyptedText = cipher.doFinal(text);

} catch (Exception ex) {

ex.printStackTrace();

}

return new String(dectyptedText);

}

public static void test() {

String s = "Hello world";

try {

BufferedReader privateKey = new BufferedReader(new FileReader(

PRIVATE_KEY_FILE));

BufferedReader publicKey = new BufferedReader(new FileReader(

PUBLIC_KEY_FILE));

String strPrivateKey = "";

String strPublicKey = "";

String line = "";

while((line = privateKey.readLine()) != null){

strPrivateKey += line;

}

while((line = publicKey.readLine()) != null){

strPublicKey += line;

}

privateKey.close();

publicKey.close();

// 私钥需要使用pkcs8格式的，公钥使用x509格式的

String strPrivKey = strPrivateKey.replace("-----BEGIN PRIVATE KEY-----", "")

.replace("-----END PRIVATE KEY-----", "");

String strPubKey = strPublicKey.replace("-----BEGIN PUBLIC KEY-----", "")

.replace("-----END PUBLIC KEY-----", "");

//System.out.print(strPrivKey);

//System.out.println(strPubKey);

byte [] privKeyByte = Base64.decodeBase64(strPrivKey);

byte [] pubKeyByte = Base64.decodeBase64(strPubKey);

PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(privKeyByte);

//PKCS8EncodedKeySpec pubKeySpec = new PKCS8EncodedKeySpec(pubKeyByte);

//X509EncodedKeySpec privKeySpec = new X509EncodedKeySpec(privKeyByte);

X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(pubKeyByte);

KeyFactory kf = KeyFactory.getInstance("RSA");

PrivateKey privKey = kf.generatePrivate(privKeySpec);

PublicKey pubKey = kf.generatePublic(pubKeySpec);

byte [] encryptByte = encrypt(s, pubKey);

System.out.println(decrypt(encryptByte, privKey));

} catch (IOException e) {

// TODO Auto-generated catch block

e.printStackTrace();

} catch (NoSuchAlgorithmException e) {

// TODO Auto-generated catch block

e.printStackTrace();

} catch (InvalidKeySpecException e) {

// TODO Auto-generated catch block

e.printStackTrace();

}

稍后提供一个PHP加密Java解密的实现

参考资料：

http://stackoverflow.com/questions/11787571/how-to-read-pem-file-to-get-private-and-public-key

http://stackoverflow.com/questions/8647165/how-to-sign-a-generic-text-with-rsa-key-and-encode-with-base64-in-java

http://www.javamex.com/tutorials/cryptography/rsa_encryption.shtml

http://snowolf.iteye.com/blog/381767

密钥结构及格式： https://polarssl.org/kb/cryptography/asn1-key-structures-in-der-and-pem

ANT构建和部署项目

概述：

参考资料：

ANT简明教程[转载]: http://www.cnblogs.com/philander/articles/1782254.html

ANT命令总结： http://www.blogjava.net/sutao/articles/133961.html

ANT基本使用指南： http://www.iteye.com/topic/78973

Eclipse中配置ANT: http://www.cnblogs.com/QQParadise/articles/1622154.html

IPv6学习

windows上如何启用路由转发

http://support.microsoft.com/kb/99686

关于WebSocket

1. WebSocket rfc 中文翻译： http://blog.csdn.net/stoneson/article/details/8063802

2. http://o0211oo.iteye.com/blog/1671973

JSP中response.addCookie的问题

脚本：

import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class CookieExample extends HttpServlet {

    public void doGet(HttpServletRequest request, HttpServletResponse response)
    throws IOException, ServletException
    {
        response.setContentType("text/html");
        PrintWriter out = response.getWriter();

        // print out cookies

        Cookie[] cookies = request.getCookies();
        for (int i = 0; i < cookies.length; i++) {
            Cookie c = cookies[i];
            String name = c.getName();
            String value = c.getValue();
            out.println(name + " = " + value);
        }

        // set a cookie

        String name = request.getParameter("cookieName");
        if (name != null && name.length() > 0) {
            String value = request.getParameter("cookieValue");
            Cookie c = new Cookie(name, value);
            response.addCookie(c);
        }
    }
}

import java.io.*;

import javax.servlet.*;

import javax.servlet.http.*;

public class CookieExample extends HttpServlet {

public void doGet(HttpServletRequest request, HttpServletResponse response)

throws IOException, ServletException

{

response.setContentType("text/html");

PrintWriter out = response.getWriter();

// print out cookies

Cookie[] cookies = request.getCookies();

for (int i = 0; i < cookies.length; i++) {

Cookie c = cookies[i];

String name = c.getName();

String value = c.getValue();

out.println(name + " = " + value);

}

// set a cookie

String name = request.getParameter("cookieName");

if (name != null && name.length() > 0) {

String value = request.getParameter("cookieValue");

Cookie c = new Cookie(name, value);

response.addCookie(c);

}

如果cookie的name中含有 “;” 则会抛出异常，出现500错误，这个是没有问题的，但是，如果value中含有 “;” 会怎么处理呢？在PHP中setcookie()函数会将value做url编码，如果是setrawcookie()则会报错误。而在JSP中却出现了如下现象：

Content-Length:779
Content-Type:text/html;charset=ISO-8859-1
Date:Thu, 17 Jan 2013 15:01:41 GMT
Server:Apache-Coyote/1.1
Set-Cookie:m="M;n"; Version=1

Content-Length:779

Content-Type:text/html;charset=ISO-8859-1

Date:Thu, 17 Jan 2013 15:01:41 GMT

Server:Apache-Coyote/1.1

Set-Cookie:m="M;n"; Version=1

浏览器会因为给value添加了双引号而将cookie m的只是为 “M;n”吗？不会的：