首先借鉴了两篇文章:
http://www.cnblogs.com/nosqlcoco/p/6105749.html
http://blog.csdn.net/sinat_29519243/article/details/70186622
首先吐槽一下,微信小程序这个设计,其实密文中包含的用于开发的有用信息并不是很多。...
解密后的类似:
{"openId":"oy9H90Nqxxxxxxxxxxx0BJmuw",
"nickName":"xxxxxxxxx",
"gender":1,
"language":"zh_CN",
"city":"city",
"province":"province",
"country":"country",
"avatarUrl":"https://wx.qlogo.cn/mmopen/vi_32/xxxxxxxxOcvbibeJxx0",
"watermark":{"timestamp":timestamp,"appid":"wx58b6xxxxxxxxx627"
}
解密需要登录的时候 提供的几个参数:
1. 密文:encryptedData
2. session_key
3. 偏移向量 iv
登录的几个东西如何获取这里简单说下:
1. session_ID的获取:wx.login()函数的返回里面包含了CODE.利用这个CODE,到这个地址去交换:
https://api.weixin.qq.com/sns/jscode2session?grant_type=authorization_code&js_code=CODE&appid=APPID&secret=APP_SRCRET。
2. iv和encryptedData的获取:wx.getUserInfo()的调用的时候,同时设置属性withCredentials: true,
wx.getUserInfo({ withCredentials: true, success: function(res) { console.log(res) that.globalData.userInfo = res.userInfo typeof cb == "function" && cb(that.globalData.userInfo) } })
就可以获取到所有的参数。
============================= 分割线 ========================================
java侧实现解密需要如下的包:
1. bcprov-jdk15on-157.jar ----主要是AES解码
2. commons-codec-1.10.jar ----主要是base64编码
核心代码:
Map map = new HashMap();
try {
byte[] resultByte = AES.decrypt(Base64.decodeBase64(encryptedData),
Base64.decodeBase64(session_key),
Base64.decodeBase64(iv));
if(null != resultByte && resultByte.length > 0){
String userInfo = new String(resultByte, "UTF-8");
map.put("status", "1");
map.put("msg", "解密成功");
map.put("userInfo", userInfo);
}else{
map.put("status", "0");
map.put("msg", "解密失败");
}
}catch (InvalidAlgorithmParameterException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
Gson gson = new Gson();
String decodeJSON = gson.toJson(map);
System.out.println(decodeJSON);
其中
AES代码:
package com.aes;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
public class AES {
public static boolean initialized = false;
/**
* AES解密
* @param content 密文
* @return
* @throws InvalidAlgorithmParameterException
* @throws NoSuchProviderException
*/
public static byte[] decrypt(byte[] content, byte[] keyByte, byte[] ivByte) throws InvalidAlgorithmParameterException {
initialize();
try {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
Key sKeySpec = new SecretKeySpec(keyByte, "AES");
cipher.init(Cipher.DECRYPT_MODE, sKeySpec, generateIV(ivByte));// 初始化
byte[] result = cipher.doFinal(content);
return result;
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return null;
}
public static void initialize(){
if (initialized) return;
Security.addProvider(new BouncyCastleProvider());
initialized = true;
}
//生成iv
public static AlgorithmParameters generateIV(byte[] iv) throws Exception{
AlgorithmParameters params = AlgorithmParameters.getInstance("AES");
params.init(new IvParameterSpec(iv));
return params;
}
}