Home > Back-end >  Java decryption WeChat authorization when there will be a part of the code? The accidental
Java decryption WeChat authorization when there will be a part of the code? The accidental

Time:09-19

WeChat small programs called backend interface, POST
1. The small program passed three parameters of
 
Public void miniRegister (String code, String encriptData, String iv) {
}


2. Through the code to obtain the openid and session_key
 
Private JSONObject getMiniOpenId (String code) throws the Exception {
//public static String REQUEST_URL="HTTP://https://api.weixin.qq.com/sns/jscode2session? APP_ID appid="+ +" & amp; Secret="+ +" secret & amp; Js_code=";
The String url=WXMiniProgram. REQUEST_URL + code;
Url +="& amp; Grant_type=authorization_code ";
HttpClientResult result=HttpClientUtils. DoGet (url);
Return JSONObject. ParseObject (result. GetContent ());
}


3. After the access to the sessionkey, decrypt
 
The String result=WechatUtil. WxDecrypt (encriptData session_key, iv);


4. Decryption tool
 
Package com.mjs.com mon. Util;

The import lombok. Extern. Slf4j. Slf4j;
The import org.apache.com mons. Codec. Binary. Base64;

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
The import javax.mail. Crypto. Spec. IvParameterSpec;
The import javax.mail. Crypto. Spec. SecretKeySpec;
Import the Java. Nio. Charset. StandardCharsets;
Import the Java. Security. AlgorithmParameters;
Import the Java. Security. The Key;
Import the Java. Security. Security;

@ Slf4j
Public class AESUtil {
//algorithm name
Public static final String KEY_NAME="AES";
//encryption algorithm/model/filling way
//the ECB mode can be key to encrypt data decryption, only need to add a CBC mode iv
Public static final String CIPHER_ALGORITHM="AES/CBC/PKCS7Padding";

/* *
* WeChat data decryption & lt; br/>
* symmetric decrypt using the algorithm for AES - 128 - CBC, data using PKCS # 7 filling & lt; br/>
* symmetric cipher decryption target: encrypted=Base64_Decode (encryptData) & lt; br/>
* symmetric solutions of the secret key: key=Base64_Decode (session_key), aeskey is 16 bytes & lt; br/>
* initial vector symmetric decryption algorithm: iv=Base64_Decode (iv), the same is 16 bytes & lt; br/>
*
* @ param encrypted target ciphertext
* @ param session_key session ID
* @ param iv encryption algorithm initialization vector
*/
Public static String wxDecrypt (String, encrypted String session_key, String iv) {
String json=null;
Byte [] encrypted64=Base64. DecodeBase64 (encrypted);
Byte [] key64=Base64. DecodeBase64 (session_key);
Byte [] iv64=Base64. DecodeBase64 (iv);
Byte [] data;
Try {
init();
Json=new String (decrypt (encrypted64 key64, generateIV (iv64)), StandardCharsets, UTF_8);
} the catch (Exception e) {
//pad block corrupted
The log. The debug (um participant etLocalizedMessage ());
//throw new CustomException (1010, "data decryption error");
return null;
}
//the error (json);
return json;
}

/* *
* initialize the keys
*/
Public static void init () throws the Exception {
Security. AddProvider (new org. Bouncycastle. Jce. Provider. BouncyCastleProvider ());
KeyGenerator. GetInstance (KEY_NAME). The init (128);
}

/* *
* generation iv
*/
Public static AlgorithmParameters generateIV (byte [] iv) throws the Exception {
//iv as a 16 byte array, it USES the same constructor and iOS, all data is 0
//Arrays. The fill (iv, 0 x00 (byte));
AlgorithmParameters params=AlgorithmParameters. GetInstance (KEY_NAME);
Params. Init (new IvParameterSpec (iv));
Return the params.
}

/* *
* generate decryption
*/
Public static byte [] decrypt (byte [] encryptedData, byte [] keyBytes, AlgorithmParameters iv)
Throws the Exception {
The Key Key=new SecretKeySpec (keyBytes KEY_NAME);
Cipher Cipher=Cipher. GetInstance (CIPHER_ALGORITHM);
//set to decrypt mode
Cipher. The init (cipher DECRYPT_MODE, key, iv);
Return cipher. DoFinal (encryptedData);
}


/* *
* AES decryption WeChat refund callback information
* method of
* decryption steps are as follows:
* (1) the encrypted string A base64 decoding, receive encrypted string B
* (2) the merchant do md5 key, 32-bit lowercase key * (key set path: WeChat merchant platform (pay.weixin.qq.com) -- & gt; Account Settings - & gt; The API security - & gt; The key Settings)
*
* @ param base64Data
* @ return
* @ throws the Exception
*/
Public static String decryptData (String base64Data, String PAY_APP_KEY) throws the Exception {
//this place called BouncyCastleProvider let Java support PKCS7Padding
Security. AddProvider (new org. Bouncycastle. Jce. Provider. BouncyCastleProvider ());
Cipher Cipher=Cipher. GetInstance (" AES/the ECB/PKCS7Padding ");
SecretKeySpec key=new SecretKeySpec (MD5Utils MD5Encode (PAY_APP_KEY). ToLowerCase () getBytes (), KEY_NAME);
Cipher. The init (cipher DECRYPT_MODE, key);
Byte [] decode=Base64. DecodeBase64 (base64Data);
Byte [] doFinal=cipher. DoFinal (decode);
Return a new String (doFinal, "utf-8");
}

}


* * * * * * * * * * * * * * * * * problem to the * * * * * * *
A part of the user to return when parsing is the code information,



Occasional


Consult everybody, how should I solve this problem
Thank you thank you thank you thank you thank you thank you

CodePudding user response:

Looked from the statement may be a string of character set wrong, may also have GBK and utf-8

CodePudding user response:

nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull
  • Related