【小程序】java 后台获取用户信息(解密encryptedData)

首先java 后端依赖两个jar

	
		    org.codehaus.xfire
		    xfire-core
		    1.2.6
		
		
		
		    org.bouncycastle
		    bcprov-jdk16
		    1.46
		

流程:1.需要微信前端调用wx.login接口获取code。 然后再调用wx.getuserInfo接口获取用户的信息。

         获取到的信息包含有用户基本信息(这里面没有openid),以及encryptedData,这个encryptedData含有完整用户信息(含openid),但是数据是加密的,需要服务器端来解析。

        2. 前端调用服务器接口,将获取到的code,以及encryptedData,和iv一起发送到后端。

        3. 服务器在解密encryptedData之前,需要调用微信接口获取sessionkey. 有了encryptedData才能解密。

前端调用代码:

  wx.login({
        success: function (res_login) {
          if (res_login.code){
            wx.getUserInfo({
              success:function(res){
                console.log(res)
                var jsonData = {
                  code: res_login.code,
                  encryptedData: res.encryptedData,
                  iv: res.iv
                };
               wx.request({
                 url: 'http://domain/miniapp/login/userinfo',
                 header: { 'Content-Type': 'application/json' },
                 method:'POST',
                 data: jsonData,
                 success: res => {
                   console.log(res.data)
                   wx.hideLoading()
                   this.setData({
                     projectlist: res.data.content
                   })
                 }
               })
              }
            })
       
          }
        }
      })

服务器端代码:



import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.nio.channels.ScatteringByteChannel;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.spec.InvalidParameterSpecException;
import java.util.Arrays;

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.log4j.Logger;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.codehaus.xfire.util.Base64;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

import com.alibaba.fastjson.JSONObject;
import com.wqdata.miniapp.utils.CommonUtil;
import com.wqdata.miniapp.utils.WeChatConfig;
import com.wqdata.miniapp.utils.WeixinMessageDigest;

@Controller
@RequestMapping("/wechat")
public class WeChatController {
	private Logger logger = Logger.getLogger(WeChatController.class);

	@RequestMapping("/init")
	@ResponseBody
	public void init(HttpServletRequest request, HttpServletResponse response) throws IOException {
		String echostr = this.initWechat(request);
		PrintWriter out = response.getWriter();
		out.print(echostr);
		out.close();
		out = null;
	}

	@RequestMapping(value = "/login/userinfo", method = RequestMethod.POST)
	@ResponseBody
	public void login(@RequestBody String infoData, HttpServletRequest request, HttpServletResponse response)
			throws IOException {
		System.out.println("infoData" + infoData);
		JSONObject dataObj = JSONObject.parseObject(infoData);
		String  code =  (String) dataObj.get("code");
		String  encryptedData =  (String) dataObj.get("encryptedData");
		String  iv =  (String) dataObj.get("iv");
		String sessionkey = getSessionKey(code);
		JSONObject userInfo = this.getUserInfo(encryptedData, sessionkey, iv);
		System.out.println(userInfo);
		
	}

	public String getSessionKey(String code) {
		String url = "https://api.weixin.qq.com/sns/jscode2session?appid=" + WeChatConfig.APP_ID + "&secret="
				+ WeChatConfig.APP_SECRET + "&js_code=" + code + "&grant_type=authorization_code";
		String reusult = CommonUtil.httpGet(url);
		JSONObject oppidObj = JSONObject.parseObject(reusult);
		String openid = (String) oppidObj.get("openid");
		String session_key = (String) oppidObj.get("session_key");
		return session_key;
	}

	public String initWechat(HttpServletRequest request) {
		String signature = request.getParameter("signature"); // 加密需要验证的签名
		String timestamp = request.getParameter("timestamp");// 时间戳
		String nonce = request.getParameter("nonce");// 随机数
		String echostr = request.getParameter("echostr");
		WeixinMessageDigest wxDigest = WeixinMessageDigest.getInstance();
		boolean bValid = wxDigest.validate(WeChatConfig.TOKEN, signature, timestamp, nonce);
		logger.info("initWechat  --- valid:" + bValid);
		if (bValid) {
			return echostr;
		}
		return "";
	}
	
	/**
     * 获取信息
     */
    public JSONObject getUserInfo(String encryptedData,String sessionkey,String iv){
        // 被加密的数据
        byte[] dataByte = Base64.decode(encryptedData);
        // 加密秘钥
        byte[] keyByte = Base64.decode(sessionkey);
        // 偏移量
        byte[] ivByte = Base64.decode(iv);
        try {
               // 如果密钥不足16位,那么就补足.  这个if 中的内容很重要
            int base = 16;
            if (keyByte.length % base != 0) {
                int groups = keyByte.length / base + (keyByte.length % base != 0 ? 1 : 0);
                byte[] temp = new byte[groups * base];
                Arrays.fill(temp, (byte) 0);
                System.arraycopy(keyByte, 0, temp, 0, keyByte.length);
                keyByte = temp;
            }
            // 初始化
            Security.addProvider(new BouncyCastleProvider());
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding","BC");
            SecretKeySpec spec = new SecretKeySpec(keyByte, "AES");
            AlgorithmParameters parameters = AlgorithmParameters.getInstance("AES");
            parameters.init(new IvParameterSpec(ivByte));
            cipher.init(Cipher.DECRYPT_MODE, spec, parameters);// 初始化
            byte[] resultByte = cipher.doFinal(dataByte);
            if (null != resultByte && resultByte.length > 0) {
                String result = new String(resultByte, "UTF-8");
                return JSONObject.parseObject(result);
            }
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (NoSuchPaddingException e) {
            e.printStackTrace();
        } catch (InvalidParameterSpecException e) {
            e.printStackTrace();
        } catch (IllegalBlockSizeException e) {
            e.printStackTrace();
        } catch (BadPaddingException e) {
            e.printStackTrace();
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        } catch (InvalidKeyException e) {
            e.printStackTrace();
        } catch (InvalidAlgorithmParameterException e) {
            e.printStackTrace();
        } catch (NoSuchProviderException e) {
            e.printStackTrace();
        }
        return null;
    }

}

你可能感兴趣的:(小程序)