微信小程序用户数据解密详细介绍

微信小程序 用户数据解密

官方指引图：

引导图一步一步操作

页面初始化 options为页面跳转所带来的参数 let that = this wx.login({ success: function (res) { // success let code = res.code that.setData({ code: code }) wx.getUserInfo({ success: function (res) { // success that.setData({ userInfo: res.userInfo }) that.setData({ iv: res.iv }) that.setData({ encryptedData: res.encryptedData }) that.get3rdSession() } }) } }) }

2、发送code到第三方服务器，获取3rd_session

3、在第三方服务器上发送appid、appsecret、code到微信服务器换取session_key和openid

这里使用JFinal搭建的服务器

Redis配置

获取第三方session

获取名为userInfo的Redis Cache对象 Cache userInfoCache = Redis.use("userInfo"); String sessionId = ""; JSONObject json = new JSONObject(); String code = getPara("code"); String url = "https://api.weixin.qq.com/sns/jscode2session?appid=wx7560b8008e2c445d&secret=f1af3312b7038513fd17dd9cbc3b357c&js_code=" + code + "&grant_type=authorization_code"; //执行命令生成3rd_session String session = ExecLinuxCMDUtil.instance.exec("cat /dev/urandom |od -x | tr -d ' '| head -n 1").toString(); json.put("session",session); //创建默认的httpClient实例 CloseableHttpClient httpClient = getHttpClient(); try { //用get方法发送http请求 HttpGet get = new HttpGet(url); System.out.println("执行get请求:...." + get.getURI()); CloseableHttpResponse httpResponse = null; //发送get请求 httpResponse = httpClient.execute(get); try { //response实体 HttpEntity entity = httpResponse.getEntity(); if (null != entity) { String result = EntityUtils.toString(entity); System.out.println(result); JSONObject resultJson = JSONObject.fromObject(result); String session_key = resultJson.getString("session_key"); String openid = resultJson.getString("openid"); //session存储 userInfoCache.set(session,session_key+","+openid); } } finally { httpResponse.close(); } } catch (Exception e) { e.printStackTrace(); } finally { try { closeHttpClient(httpClient); } catch (IOException e) { e.printStackTrace(); } } renderJson(json); } private CloseableHttpClient getHttpClient() { return HttpClients.createDefault(); }

private void closeHttpClient(CloseableHttpClient client) throws IOException {
if (client != null) {
client.close();
}
}

ExecLinuxCMDUtil.Java

/**

java在linux环境下执行linux命令，然后返回命令返回值。
Created by LJaer on 16/12/22.
*/
public class ExecLinuxCMDUtil {
public static final ExecLinuxCMDUtil instance = new ExecLinuxCMDUtil();

public static Object exec(String cmd) {
try {
String[] cmdA = { "/bin/sh","-c",cmd };
Process process = Runtime.getRuntime().exec(cmdA);
LineNumberReader br = new LineNumberReader(new InputStreamReader(
process.getInputStream()));
StringBuffer sb = new StringBuffer();
String line;
while ((line = br.readLine()) != null) {
System.out.println(line);
sb.append(line).append("\n");
}
return sb.toString();
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
}

4、解密用户数据

console输出结果：

后端解密代码

try {
byte[] resultByte = AESUtil.instance.decrypt(Base64.decodeBase64(encryptedData),Base64.decodeBase64(session_key),Base64.decodeBase64(iv));
if(null != resultByte && resultByte.length > 0){
String userInfo = new String(resultByte,"UTF-8");
System.out.println(userInfo);
JSONObject json = JSONObject.fromObject(userInfo); //将字符串{“id”：1}
renderJson(json);
}
} catch (InvalidAlgorithmParameterException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
}

AESUtil.java

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.security.*;

public class AESUtil {
public static final AESUtil instance = new AESUtil();

public static boolean initialized = false;

/**

AES解密
@param content 密文
@return
@throws InvalidAlgorithmParameterException
@throws NoSuchProviderException
*/
public byte[] decrypt(byte[] content,byte[] keyByte,byte[] ivByte) throws InvalidAlgorithmParameterException {
initialize();
try {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
Key sKeySpec = new SecretKeySpec(keyByte,"AES");

cipher.init(Cipher.DECRYPT_MODE,sKeySpec,generateIV(ivByte));// 初始化
byte[] result = cipher.doFinal(content);
return result;
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return null;
}

public static void initialize(){
if (initialized) return;
Security.addProvider(new BouncyCastleProvider());
initialized = true;
}
//生成iv
public static AlgorithmParameters generateIV(byte[] iv) throws Exception{
AlgorithmParameters params = AlgorithmParameters.getInstance("AES");
params.init(new IvParameterSpec(iv));
return params;
}
}

感谢阅读，希望能帮助到大家，谢谢大家对本站的支持！

原文链接：https://www.f2er.com/weapp/42724.html

微信小程序 用户数据解密详细介绍