前往小程序,Get更优阅读体验!
立即前往
首页
学习
活动
专区
工具
TVP
发布
社区首页 >专栏 >解密微信小程序加密信息

解密微信小程序加密信息

作者头像
allsmallpig
发布2021-02-25 15:22:46
9920
发布2021-02-25 15:22:46
举报
文章被收录于专栏:allsmallpi博客

  获取微信程序人员信息之后,会给一个加密字符串,这个时候,前端不太好解密,因为浪费性能,会请求后端解密,那么后端如何解密呢?demo来说话;

1、首先工具类

代码语言:javascript
复制
package com.XXX.member.utils;


import com.alibaba.fastjson.JSONObject;
import lombok.Data;

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.security.AlgorithmParameters;
import java.security.Key;
import java.security.Security;
import java.util.Base64;

/**
 * 小程序 AES 解密工具
 *
 * @author Kilde
 */
@Data
public class WXBizDataCrypt {

//    public static void main(String[] args) {
//
//        String appId = "wx4f4bc4dec97d474b";
//        String sessionKey = "tiihtNczf5v6AKRyjwEUhQ==";
//        String encryptedData = "CiyLU1Aw2KjvrjMdj8YKliAjtP4gsMZMQmRzooG2xrDcvSnxIMXFufNstNGTyaGS9uT5geRa0W4oTOb1WT7fJlAC+oNPdbB+3hVbJSRgv+4lGOETKUQz6OYStslQ142dNCuabNPGBzlooOmB231qMM85d2/fV6ChevvXvQP8Hkue1poOFtnEtpyxVLW1zAo6/1Xx1COxFvrc2d7UL/lmHInNlxuacJXwu0fjpXfz/YqYzBIBzD6WUfTIF9GRHpOn/Hz7saL8xz+W//FRAUid1OksQaQx4CMs8LOddcQhULW4ucetDf96JcR3g0gfRK4PC7E/r7Z6xNrXd2UIeorGj5Ef7b1pJAYB6Y5anaHqZ9J6nKEBvB4DnNLIVWSgARns/8wR2SiRS7MNACwTyrGvt9ts8p12PKFdlqYTopNHR1Vf7XjfhQlVsAJdNiKdYmYVoKlaRv85IfVunYzO0IKXsyl7JCUjCpoG20f0a04COwfneQAGGwd5oa+T8yO5hzuyDb/XcxxmK01EpqOyuxINew==";
//        String iv = "r7BXXKkLb8qrSNn05n0qiA==";
//
//        WXBizDataCrypt pc = new WXBizDataCrypt(appId,sessionKey);
//        JSONObject decrypt = pc.decrypt(encryptedData, iv);
//
//        System.out.println(decrypt.toString());
//
//    }


    public static JSONObject getMoreInfoFromEncryptedData(String appId, String sessionKey, String encryptedData, String iv) {
        WXBizDataCrypt pc = new WXBizDataCrypt(appId, sessionKey);
        JSONObject decrypt = pc.decrypt(encryptedData, iv);
        return decrypt;
    }

    private String appId;
    private String sessionKey;

    public WXBizDataCrypt(String appId, String sessionKey) {
        this.appId = appId;
        this.sessionKey = sessionKey;
    }


    /**
     * 解密成json
     *
     * @param encryptedData
     * @param iv
     * @return
     */
    public JSONObject decrypt(String encryptedData, String iv) {
        byte[] encryptedDataDecode = Base64.getDecoder().decode(encryptedData);
        byte[] sessionKeyDecode = Base64.getDecoder().decode(this.sessionKey);
        byte[] ivDecode = Base64.getDecoder().decode(iv);
        Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
        byte[] decodeData = decode(encryptedDataDecode, sessionKeyDecode, ivDecode);
        String stringData = new String(decodeData);
        JSONObject jsonObject = JSONObject.parseObject(stringData);
        return jsonObject;
    }


    /**
     * 解密算法 AES-128-CBC
     * 填充模式 PKCS#7
     *
     * @param encryptedDataDecode 目标密文
     * @return
     * @throws Exception
     */
    private byte[] decode(byte[] encryptedDataDecode, byte[] sessionKeyDecode, byte[] iv) {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            Key sKeySpec = new SecretKeySpec(sessionKeyDecode, "AES");
            cipher.init(Cipher.DECRYPT_MODE, sKeySpec, generateIV(iv));// 初始化
            byte[] result = cipher.doFinal(encryptedDataDecode);
            return result;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /**
     * 处理iv
     *
     * @param iv
     * @return
     * @throws Exception
     */
    private AlgorithmParameters generateIV(byte[] iv) throws Exception {
        AlgorithmParameters params = AlgorithmParameters.getInstance("AES");
        params.init(new IvParameterSpec(iv));
        return params;
    }

}

2、真正的代码

代码语言:javascript
复制
 @Transactional(rollbackFor = Exception.class)
    @Override
    public JsonResult saveAcode2SessionUserInfo(UserInfoVoWeChatInfoVO userInfoVoWeChatInfoVO) {
        if (Objects.isNull(userInfoVoWeChatInfoVO)) {
            return new JsonResult(JsonResultEnum.ARGS_NOT_FULL);
        }
        String encryptedData = userInfoVoWeChatInfoVO.getEncryptedData();
        Integer flag = userInfoVoWeChatInfoVO.getFlag();
        String iv = userInfoVoWeChatInfoVO.getIv();
        String sessionKey = userInfoVoWeChatInfoVO.getSessionKey();
        String openId = userInfoVoWeChatInfoVO.getOpenId();
        if (StringUtils.isBlank(encryptedData) ||
                StringUtils.isBlank(iv) ||
                StringUtils.isBlank(sessionKey) ||
                StringUtils.isBlank(openId) ||
                Objects.isNull(flag)) {
            return new JsonResult(JsonResultEnum.ARGS_NOT_FULL);
        }
        UserInfoVo userInfoVo = UserInfoVo.builder().build();
        String userPhone = userInfoVo.getUserPhone();
        String wechatAvatar = userInfoVo.getWechatAvatar();
        String wechatNickname = userInfoVo.getWechatNickname();
        String wechatOpenid = userInfoVo.getWechatOpenid();
        /**
         * 用户信息的
         * {"country":"CN","unionId":"ocMvos6NjeKLIBqg5Mr9QjxrP1FA","watermark":{"appid":"wx4f4bc4dec97d474b","timestamp":1477314187},"gender":1,"province":"Guangdong","city":"Guangzhou","avatarUrl":"http://wx.qlogo.cn/mmopen/vi_32/aSKcBBPpibyKNicHNTMM0qJVh8Kjgiak2AHWr8MHM4WgMEm7GFhsf8OYrySdbvAMvTsw3mo8ibKicsnfN5pRjl1p8HQ/0","openId":"oGZUI0egBJY1zhBYw2KhdUfwVJJE","nickName":"Band","language":"zh_CN"}
         *
         * 手机号的
         *
         * {"phoneNumber":"186168383*2","watermark":{"appid":"wxf0e8d778d88e861b","timestamp":1598263205},"purePhoneNumber":"18616838312","countryCode":"86"}
         *
         */
        if (flag.equals(NumberUtils.INTEGER_ONE)) {
            JSONObject moreInfoFromEncryptedDataJosn =
                    WXBizDataCrypt.getMoreInfoFromEncryptedData(appid, sessionKey, encryptedData, iv);
            //优先选这个
            userPhone = String.valueOf(moreInfoFromEncryptedDataJosn.get("phoneNumber"));
            userPhone = StringUtils.isBlank(userPhone) ? String.valueOf(moreInfoFromEncryptedDataJosn.get("purePhoneNumber")) : userPhone;
            wechatOpenid = openId;
        } else if (flag.equals(NumberUtils.INTEGER_TWO)) {
            JSONObject moreInfoFromEncryptedDataJosn =
                    WXBizDataCrypt.getMoreInfoFromEncryptedData(appid, sessionKey, encryptedData, iv);
            wechatAvatar = moreInfoFromEncryptedDataJosn.getString("avatarUrl");
            wechatNickname = moreInfoFromEncryptedDataJosn.getString("nickName");
            wechatOpenid = openId;
        }

        UserInfo userInfo = userInfoMapper.selectUserInfo(openId, userPhone);
        if (Objects.isNull(userInfo)) {
            //等获取到再补充更正
            UserInfo build = UserInfo.builder()
                    .userMoney(0)
                    .userName("0")
                    .userPhone(StringUtils.isBlank(userPhone) ? "0" : userPhone)
                    .wechatNickname(StringUtils.isBlank(wechatNickname) ? "0" : wechatNickname)
                    .wechatAvatar(StringUtils.isBlank(wechatAvatar) ? "0" : wechatAvatar)
                    .wechatOpenid(openId)
                    .build();
            int i = userInfoMapper.insertUser(build);
            if (i != 1) {
                log.error("小程序获取Acode2Session信息保存失败---build:{}", JSON.toJSONString(build));
                return JsonResult.error(JsonResultEnum.EXCEPTION_ERROR.getMsg());
            }

        } else if (Objects.nonNull(userInfo) && StringUtils.isNotBlank(wechatNickname) &&  StringUtils.isNotBlank(wechatAvatar)) {

            userInfo.setUserPhone(StringUtils.isBlank(userPhone) ? "0" : userPhone);
            userInfo.setWechatNickname(wechatNickname);
            userInfo.setWechatAvatar(wechatAvatar);
            int i = userInfoMapper.updateByPrimaryKeySelective(userInfo);
            if (i != 1) {
                log.error("完善微信授权信息失败---build:{}", JSON.toJSONString(userInfo));
                return JsonResult.error(JsonResultEnum.EXCEPTION_ERROR.getMsg());
            }
        }
        if (flag.equals(NumberUtils.INTEGER_ONE)) {
            UserInfoVoWeChatInfoDTO resultObject = UserInfoVoWeChatInfoDTO.builder()
                    .phone(userPhone)
                    .openId(openId)
                    .build();
            return new JsonResult(JsonResultEnum.SUCCESS, resultObject);
        } else if (flag.equals(NumberUtils.INTEGER_TWO)) {
            UserInfoVoWeChatInfoDTO resultObject = UserInfoVoWeChatInfoDTO.builder().phone(userPhone)
                    .wechatAvatar(wechatAvatar)
                    .wechatNickname(wechatNickname)
                    .phone(userInfo.getUserPhone())
                    .openId(openId).build();
            return new JsonResult(JsonResultEnum.SUCCESS, resultObject);
        }
        return JsonResult.seccess();
    }
本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
原始发表:2020/09/07 ,如有侵权请联系 cloudcommunity@tencent.com 删除

本文分享自 作者个人站点/博客 前往查看

如有侵权,请联系 cloudcommunity@tencent.com 删除。

本文参与 腾讯云自媒体同步曝光计划  ,欢迎热爱写作的你一起参与!

评论
登录后参与评论
0 条评论
热度
最新
推荐阅读
相关产品与服务
云开发 CloudBase
云开发(Tencent CloudBase,TCB)是腾讯云提供的云原生一体化开发环境和工具平台,为200万+企业和开发者提供高可用、自动弹性扩缩的后端云服务,可用于云端一体化开发多种端应用(小程序、公众号、Web 应用等),避免了应用开发过程中繁琐的服务器搭建及运维,开发者可以专注于业务逻辑的实现,开发门槛更低,效率更高。
领券
问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档