尝试/捕获/最终使用加密资源
本文关键字:加密 资源 捕获 尝试 | 更新日期: 2023-09-27 18:35:34
我的网站上有以下代码。 它将 URL 查询作为名为命令加密的字符串。 我有一个 try/catch/finally 块,它将加密的命令复制到内存流,然后将其解密回字符串。如果 try 块中发生任何错误,则会在 catch 块中处理这些错误。 但是,我想确保使用的任何资源都在 finally 块中关闭。 当提供无效的 URL 查询命令时,我在尝试关闭 csencryptedcommand CryptoStream 时收到异常。 异常详细信息遵循代码。
// Resources used for storing and decrypting the encrypted client command
MemoryStream msencryptedcommand = null;
RijndaelManaged rmencryptedcommand = null;
CryptoStream csencryptedcommand = null;
StreamReader srdecryptedcommand = null;
MemoryStream msdecryptedcommand = null;
try
{
// Copy the encrypted client command (where two characters represent a byte) to a memorystream
msencryptedcommand = new MemoryStream();
for (int i = 0; i < encryptedcommand.Length; )
{
msencryptedcommand.WriteByte(Byte.Parse(encryptedcommand.Substring(i, 2), NumberStyles.HexNumber));
i = i + 2;
}
msencryptedcommand.Flush();
msencryptedcommand.Position = 0;
// Define parameters used for decryption
byte[] key = new byte[] { //bytes hidden// };
byte[] iv = new byte[] { //bytes hidden// };
rmencryptedcommand = new RijndaelManaged();
csencryptedcommand = new CryptoStream(msencryptedcommand, rmencryptedcommand.CreateDecryptor(key, iv), CryptoStreamMode.Read);
msdecryptedcommand = new MemoryStream();
// Decrypt the client command
int decrytptedbyte;
while ((decrytptedbyte = csencryptedcommand.ReadByte()) != -1)
{
msdecryptedcommand.WriteByte((byte)decrytptedbyte);
}
// Store the decrypted client command as a string
srdecryptedcommand = new StreamReader(msdecryptedcommand);
srdecryptedcommand.BaseStream.Position = 0;
string decryptedcommand = srdecryptedcommand.ReadToEnd();
}
catch (Exception ex)
{
ErrorResponse("Invalid URL Query", context, ex.ToString());
return;
}
finally
{
// If any resources were used, close or clear them
if (srdecryptedcommand != null)
{
srdecryptedcommand.Close();
}
if (msdecryptedcommand != null)
{
msdecryptedcommand.Close();
}
if (csencryptedcommand != null)
{
csencryptedcommand.Close();
}
if (rmencryptedcommand != null)
{
rmencryptedcommand.Clear();
}
if (msencryptedcommand != null)
{
msencryptedcommand.Close();
}
}
发生以下未经处理的异常:System.Security.Cryptography.CryptographicException:要解密的数据长度无效。 at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.FlushFinalBlock() at System.Security.Cryptography.CryptoStream.Dispose(Boolean disposing) at System.IO.Stream.Close() at dongleupdate.ProcessRequest(HttpContext context) in update.ashx:line 92 at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completeSyncally) URL 引用者: User Agent: Mozilla/5.0 (Windows NT 6.1;WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36 请求网址: update.ashx?aa
编辑:
我更改了代码以使用 using 语句。 这也是确保关闭所有资源的有效方法吗?
try
{
// Copy the encrypted client command (where two characters represent a byte) to a memorystream
using (MemoryStream msencryptedcommand = new MemoryStream())
{
for (int i = 0; i < encryptedcommand.Length; )
{
msencryptedcommand.WriteByte(Byte.Parse(encryptedcommand.Substring(i, 2), NumberStyles.HexNumber));
i = i + 2;
}
msencryptedcommand.Flush();
msencryptedcommand.Position = 0;
// Define parameters used for decryption
byte[] key = new byte[] { //bytes hidden// };
byte[] iv = new byte[] { //bytes hidden// };
using (RijndaelManaged rmencryptedcommand = new RijndaelManaged())
{
using (CryptoStream csencryptedcommand = new CryptoStream(msencryptedcommand, rmencryptedcommand.CreateDecryptor(key, iv), CryptoStreamMode.Read))
{
using (MemoryStream msdecryptedcommand = new MemoryStream())
{
// Decrypt the client command
int decrytptedbyte;
while ((decrytptedbyte = csencryptedcommand.ReadByte()) != -1)
{
msdecryptedcommand.WriteByte((byte)decrytptedbyte);
}
// Store the decrypted client command as a string
using (StreamReader srdecryptedcommand = new StreamReader(msdecryptedcommand))
{
srdecryptedcommand.BaseStream.Position = 0;
string decryptedcommand = srdecryptedcommand.ReadToEnd();
}
}
}
}
}
}
catch (Exception ex)
{
ErrorResponse("Invalid URL Query", context, ex.ToString());
return;
}
CryptoStream
包裹在using
块中,然后它将自动关闭并通过Dispose Pattern
为您处置,如下所示:
using(csencryptedcommand = new CryptoStream(msencryptedcommand,
rmencryptedcommand.CreateDecryptor(key, iv), CryptoStreamMode.Read))
{
// Do things with crypto stream here
}
有关详细信息,请阅读使用语句(C# 参考)文档。
更新:
使用反射器,下面是CryptoStream
Dispose
方法的代码:
protected override void Dispose(bool disposing)
{
try
{
if (disposing)
{
if (!this._finalBlockTransformed)
{
this.FlushFinalBlock();
}
this._stream.Close();
}
}
finally
{
try
{
this._finalBlockTransformed = true;
if (this._InputBuffer != null)
{
Array.Clear(this._InputBuffer, 0, this._InputBuffer.Length);
}
if (this._OutputBuffer != null)
{
Array.Clear(this._OutputBuffer, 0, this._OutputBuffer.Length);
}
this._InputBuffer = null;
this._OutputBuffer = null;
this._canRead = false;
this._canWrite = false;
}
finally
{
base.Dispose(disposing);
}
}
}
注意:如您所见,有一个显式调用通过此行关闭流:
this._stream.Close();
我认为您使用的所有对象都实现了 IDisposable,所以如果我是你,我会将它们全部包装在 using 语句中,这样它们就会自动为您清理,即
using(msencryptedcommand = new MemoryStream())
{
....
}