为什么我的对象流被破坏了? StreamCorruptedException

时间:2015-10-12 20:31:27

标签: java encryption serialization stream

当我尝试读取和解密先前已经序列化并加密并保存到文件的arraylist时,我收到以下错误。我无法弄清楚为什么它说数据已被破坏。

java.io.StreamCorruptedException: invalid stream header: EFBEACEF
at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:806)
at java.io.ObjectInputStream.<init>(ObjectInputStream.java:299)
at amnesty.FileHandling.fileOpen(FileHandling.java:65)
at amnesty.ViewCampaignEvents.open(ViewCampaignEvents.java:183)
at amnesty.MainWindow.valueChanged(MainWindow.java:147)
at javax.swing.JTree.fireValueChanged(JTree.java:2926)
at javax.swing.JTree$TreeSelectionRedirector.valueChanged(JTree.java:3387)
at javax.swing.tree.DefaultTreeSelectionModel.fireValueChanged(DefaultTreeSelectionModel.java:635)
at javax.swing.tree.DefaultTreeSelectionModel.notifyPathChange(DefaultTreeSelectionModel.java:1093)
at javax.swing.tree.DefaultTreeSelectionModel.setSelectionPaths(DefaultTreeSelectionModel.java:294)
at javax.swing.tree.DefaultTreeSelectionModel.setSelectionPath(DefaultTreeSelectionModel.java:188)
at javax.swing.JTree.setSelectionPath(JTree.java:1633)
at javax.swing.plaf.basic.BasicTreeUI.selectPathForEvent(BasicTreeUI.java:2393)
at javax.swing.plaf.basic.BasicTreeUI$Handler.handleSelection(BasicTreeUI.java:3609)
at javax.swing.plaf.basic.BasicTreeUI$Handler.mousePressed(BasicTreeUI.java:3548)
at java.awt.Component.processMouseEvent(Component.java:6522)
at javax.swing.JComponent.processMouseEvent(JComponent.java:3321)
at java.awt.Component.processEvent(Component.java:6290)
at java.awt.Container.processEvent(Container.java:2234)
at java.awt.Component.dispatchEventImpl(Component.java:4881)
at java.awt.Container.dispatchEventImpl(Container.java:2292)
at java.awt.Component.dispatchEvent(Component.java:4703)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4898)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4530)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4462)
at java.awt.Container.dispatchEventImpl(Container.java:2278)
at java.awt.Window.dispatchEventImpl(Window.java:2739)
at java.awt.Component.dispatchEvent(Component.java:4703)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:746)
at java.awt.EventQueue.access$400(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:697)
at java.awt.EventQueue$3.run(EventQueue.java:691)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:75)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:86)
at java.awt.EventQueue$4.run(EventQueue.java:719)
at java.awt.EventQueue$4.run(EventQueue.java:717)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:75)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:716)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)

错误发生在下面的fileOpen方法中,fileClose方法是保存文件的方法。

    public static ArrayList<FileHandling> fileOpen(String fileName) {
    ArrayList<FileHandling> recordsArray = new ArrayList<FileHandling>();

    char fileType = getFileType(fileName);

    try {
        String fileContents = "";
        FileReader text = new FileReader(fileName);
        int inByte;

        inByte = text.read();
        while (inByte != -1) {
            fileContents += (char)inByte;
            inByte = text.read();
        } 
        text.close();

        fileContents = SecurityMethods.decrypt(fileContents, getFileType(fileName));

        InputStream fileStream = new ByteArrayInputStream(fileContents.getBytes());

        if (fileStream.available() > 0) {
            ObjectInputStream objStream = new ObjectInputStream(fileStream);    //error occurs on this line
            recordsArray = (ArrayList<FileHandling>) objStream.readObject();
            objStream.close();
        }
        fileStream.close();

    } catch (IOException | ClassNotFoundException e) {
        e.printStackTrace();
    }

    return recordsArray;
}

public static void fileClose(ArrayList<FileHandling> records, String fileName) {
    try {
        OutputStream fileStream = new ByteArrayOutputStream();
        ObjectOutputStream objStream = new ObjectOutputStream(fileStream);

        objStream.writeObject(records);
        objStream.flush();
        fileStream.flush();
        FileOutputStream fileOutputStream = (new FileOutputStream(fileName));
        byte[] plainTextBytes = ((ByteArrayOutputStream)fileStream).toByteArray();
        String plainText = "";

        for (int i = 0; i < plainTextBytes.length; i++) {
            plainText += (char)plainTextBytes[i];
        } 

        fileOutputStream.write(SecurityMethods.encrypt(plainText, getFileType(fileName)).getBytes());
        fileOutputStream.flush();
        fileOutputStream.close();
        fileStream.close();
        objStream.close();
    } catch (IOException e) {
        e.printStackTrace();
    }
}

加密和解密方法如下

public static String encrypt(String plainText, Character fileType) {
    String encryptedString = "";
    if (!isValidFile(fileType))
        throw new IllegalArgumentException("Invalid fileType.");
    else 
        try {
            Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");  
            SecretKeySpec secretKey = new SecretKeySpec(keys.get(fileType), "AES");
            cipher.init(Cipher.ENCRYPT_MODE, secretKey);
            encryptedString = Base64.encode(cipher.doFinal((plainText).getBytes()));

        }   catch (Exception e) {
            e.printStackTrace();
        }
    return encryptedString;
}

private static boolean isValidFile(Character type) {
    return (type == CAMPAIGN || type == EVENT || type == TRANSACTION || type == ACCOUNT || type == EXEC || type == PASSWORD);
}

public static String decrypt(String cipherText, Character fileType) {
    String decryptedString = "";

    if (!isValidFile(fileType))
        throw new IllegalArgumentException("Invalid fileType.");
    else 
        try {
            com.sun.org.apache.xml.internal.security.Init.init();
            Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
            SecretKeySpec secretKey = new SecretKeySpec(keys.get(fileType), "AES");
            cipher.init(Cipher.DECRYPT_MODE, secretKey);
            decryptedString = new String(cipher.doFinal(Base64.decode(cipherText)));

        }   catch (Exception e) {
            e.printStackTrace();
        }
    return decryptedString;
}

由于

1 个答案:

答案 0 :(得分:3)

您正在将records序列化为ByteArrayOutputStream。结果:二进制数据。

然后您将字节转换为char ????你不能这样做。

您应该直接加密byte[],而不在其间进行任何奇怪的字符串转换。

创建以下两种方法:

class SecurityMethods {
    String encryptBytes(byte[] data, Character fileType)
    byte[] decryptBytes(String cipherText, Character fileType)
}

如果您还需要在其他地方加密/解密字符串,那么您可以使用以下两种方法包装它们:

String encryptString(String text, Character fileType) {
    return encryptBytes(text.getBytes(StandardCharsets.UTF_8), fileType);
}
String decryptString(String cipherText, Character fileType) {
    return new String(decryptBytes(cipherText, fileType), StandardCharsets.UTF_8);
}

哎呀,你甚至可以为序列化创建可重复使用的助手:

String encryptObject(Serializable obj, Character fileType) {
    // serialize here
    return encryptBytes(bytes, fileType);
}
Serializable decryptObject(String cipherText, Character fileType) {
    byte[] bytes = decryptBytes(cipherText, fileType);
    // deserialize here
}