package com.llny.controller; import com.google.gson.Gson; import com.google.gson.JsonObject; import com.llny.utils.AesCbcUtil; import com.llny.utils.DataResponse; import com.llny.utils.HttpRequest; import org.springframework.web.bind.annotation.*; import java.util.HashMap; import java.util.Map; @RestController @RequestMapping(value = "/wechat") public class WeChaConnView { /** * 解密用户敏感数据 * * @param encryptedData 明文,加密数据 * @param iv 加密算法的初始向量 * @param code 用户允许登录后,回调内容会带上 code(有效期五分钟),开发者需要将 code 发送到开发者服务器后台,使用code 换取 session_key api,将 code 换成 openid 和 session_key * @return */ @ResponseBody @PostMapping(value = "/decodeUser") public DataResponse decodeUser(@RequestParam("encryptedData")String encryptedData, @RequestParam("iv")String iv, @RequestParam("code")String code) { DataResponse response = new DataResponse(); Map<String, Object> map = new HashMap<>(); //登录凭证不能为空 if (code == null || code.length() == 0) { /*map.put("status", 0); map.put("msg", "code 不能为空"); return map;*/ response.setResult_code("failed"); response.setResult_msg("code 不能为空"); return response; } //小程序唯一标识 (在微信小程序管理后台获取) String wxspAppid = "appid"; //小程序的 app secret (在微信小程序管理后台获取) String wxspSecret = "appsecret"; //授权(必填) String grant_type = "authorization_code"; //////////////// 1、向微信服务器 使用登录凭证 code 获取 session_key 和 openid //////////////// //请求参数 String params = "appid=" + wxspAppid + "&secret=" + wxspSecret + "&js_code=" + code + "&grant_type=" + grant_type; //发送请求 String sr = HttpRequest.sendGet("https://api.weixin.qq.com/sns/jscode2session", params); //解析相应内容(转换成json对象) Gson gson = new Gson(); JsonObject json = gson.fromJson(sr, JsonObject.class); System.out.println(json); // JSONObject json = JSONObject.fromObject(sr); if (json.get("session_key") == null) { /*map.put("status", 0); map.put("msg", "解密失败"); return map;*/ response.setResult_code("failed"); response.setResult_msg("解密失败:" + json.get("errmsg").toString().replaceAll(""", "")); return response; } //获取会话密钥(session_key) String session_key = json.get("session_key").toString(); //用户的唯一标识(openid) // String openid = (String) json.get("openid"); String openid = json.get("openid").toString(); //////////////// 2、对encryptedData加密数据进行AES解密 //////////////// String data = encryptedData.replaceAll("[+]", "%2B"); try { String result = AesCbcUtil.decrypt(data, session_key, iv, "UTF-8"); if (null != result && result.length() > 0) { /*map.put("status", 1); map.put("msg", "解密成功"); */ JsonObject userInfoJSON = gson.fromJson(result, JsonObject.class); // JSONObject userInfoJSON = JSONObject.fromObject(result); System.out.println("user: " + userInfoJSON); Map<String, Object> userInfo = new HashMap<>(); userInfo.put("openId", openid.replaceAll(""", "")); userInfo.put("phoneNumber", userInfoJSON.get("phoneNumber").toString().replaceAll(""", "")); userInfo.put("purePhoneNumber", userInfoJSON.get("purePhoneNumber").toString().replaceAll(""", "")); userInfo.put("countryCode", userInfoJSON.get("countryCode").toString().replaceAll(""", "")); map.put("userInfo", userInfo); System.out.println("map: " + map); response.setResult_code("success"); response.setResult_msg("解密成功"); response.setData(userInfo); return response; } } catch (Exception e) { e.printStackTrace(); } /*map.put("status", 0); map.put("msg", "解密失败"); return map;*/ response.setResult_code("failed"); response.setResult_msg("解密失败"); return response; } }
package com.llny.utils; import org.apache.commons.codec.binary.Base64; import org.bouncycastle.jce.provider.BouncyCastleProvider; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import java.io.UnsupportedEncodingException; import java.security.*; import java.security.spec.InvalidParameterSpecException; /** * Created by lsh * AES-128-CBC 加密方式 * 注: * AES-128-CBC可以自己定义“密钥”和“偏移量“。 * AES-128是jdk自动生成的“密钥”。 */ public class AesCbcUtil { static { //BouncyCastle是一个开源的加解密解决方案,主页在http://www.bouncycastle.org/ Security.addProvider(new BouncyCastleProvider()); } /** * AES解密 * * @param data //密文,被加密的数据 * @param key //秘钥 * @param iv //偏移量 * @param encodingFormat //解密后的结果需要进行的编码 * @return * @throws Exception */ public static String decrypt(String data, String key, String iv, String encodingFormat) throws Exception { // initialize(); //被加密的数据 byte[] dataByte = Base64.decodeBase64(data); //加密秘钥 byte[] keyByte = Base64.decodeBase64(key); //偏移量 byte[] ivByte = Base64.decodeBase64(iv); try { Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding"); SecretKeySpec spec = new SecretKeySpec(keyByte, "AES"); AlgorithmParameters parameters = AlgorithmParameters.getInstance("AES"); parameters.init(new IvParameterSpec(ivByte)); cipher.init(Cipher.DECRYPT_MODE, spec, parameters);// 初始化 byte[] resultByte = cipher.doFinal(dataByte); if (null != resultByte && resultByte.length > 0) { String result = new String(resultByte, encodingFormat); return result; } return null; } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (NoSuchPaddingException e) { e.printStackTrace(); } catch (InvalidParameterSpecException e) { e.printStackTrace(); } catch (InvalidKeyException e) { e.printStackTrace(); } catch (InvalidAlgorithmParameterException e) { e.printStackTrace(); } catch (IllegalBlockSizeException e) { e.printStackTrace(); } catch (BadPaddingException e) { e.printStackTrace(); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } return null; } }
package com.llny.utils; import java.io.BufferedReader; import java.io.IOException; import java.io.InputStreamReader; import java.io.PrintWriter; import java.net.URL; import java.net.URLConnection; import java.util.List; import java.util.Map; public class HttpRequest { /** * 向指定URL发送GET方法的请求 * * @param url * 发送请求的URL * @param param * 请求参数,请求参数应该是 name1=value1&name2=value2 的形式。 * @return URL 所代表远程资源的响应结果 */ public static String sendGet(String url, String param) { String result = ""; BufferedReader in = null; try { String urlNameString = url + "?" + param; URL realUrl = new URL(urlNameString); // 打开和URL之间的连接 URLConnection connection = realUrl.openConnection(); // 设置通用的请求属性 connection.setRequestProperty("accept", "*/*"); connection.setRequestProperty("connection", "Keep-Alive"); connection.setRequestProperty("user-agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1)"); // 建立实际的连接 connection.connect(); // 获取所有响应头字段 Map<String, List<String>> map = connection.getHeaderFields(); // 遍历所有的响应头字段 for (String key : map.keySet()) { System.out.println(key + "--->" + map.get(key)); } // 定义 BufferedReader输入流来读取URL的响应 in = new BufferedReader(new InputStreamReader( connection.getInputStream())); String line; while ((line = in.readLine()) != null) { result += line; } } catch (Exception e) { System.out.println("发送GET请求出现异常!" + e); e.printStackTrace(); } // 使用finally块来关闭输入流 finally { try { if (in != null) { in.close(); } } catch (Exception e2) { e2.printStackTrace(); } } return result; } /** * 向指定 URL 发送POST方法的请求 * * @param url * 发送请求的 URL * @param param * 请求参数,请求参数应该是 name1=value1&name2=value2 的形式。 * @return 所代表远程资源的响应结果 */ public static String sendPost(String url, String param) { PrintWriter out = null; BufferedReader in = null; String result = ""; try { URL realUrl = new URL(url); // 打开和URL之间的连接 URLConnection conn = realUrl.openConnection(); // 设置通用的请求属性 conn.setRequestProperty("accept", "*/*"); conn.setRequestProperty("connection", "Keep-Alive"); conn.setRequestProperty("user-agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1)"); // 发送POST请求必须设置如下两行 conn.setDoOutput(true); conn.setDoInput(true); // 获取URLConnection对象对应的输出流 out = new PrintWriter(conn.getOutputStream()); // 发送请求参数 out.print(param); // flush输出流的缓冲 out.flush(); // 定义BufferedReader输入流来读取URL的响应 in = new BufferedReader( new InputStreamReader(conn.getInputStream())); String line; while ((line = in.readLine()) != null) { result += line; } } catch (Exception e) { System.out.println("发送 POST 请求出现异常!"+e); e.printStackTrace(); } //使用finally块来关闭输出流、输入流 finally{ try{ if(out!=null){ out.close(); } if(in!=null){ in.close(); } } catch(IOException ex){ ex.printStackTrace(); } } return result; } }
package com.llny.utils; import com.github.pagehelper.PageInfo; public class DataResponse { //信息详情 private String result_msg; //成功失败信息 private String result_code; //公共通知编码 private String result_num; private PageInfo page; private Object data; public DataResponse(){} public DataResponse(Object data){ this.data = data; } public DataResponse(String result_code,String result_msg){ this.result_code = result_code; this.result_msg = result_msg; } public DataResponse(String result_code,String result_msg,String result_num){ this.result_code = result_code; this.result_msg = result_msg; this.result_num = result_num; } public String getResult_num() { return result_num; } public void setResult_num(String result_num) { this.result_num = result_num; } public String getResult_msg() { return result_msg; } public void setResult_msg(String result_msg) { this.result_msg = result_msg; } public String getResult_code() { return result_code; } public void setResult_code(String result_code) { this.result_code = result_code; } public Object getData() { return data; } public void setData(Object data) { this.data = data; } public PageInfo getPage() { return page; } public void setPage(PageInfo page) { this.page = page; } }
注意:小程序传encryptedData到服务器时,encryptedData中的加号在传输到服务器时都变成了空格,导致解码失败。解决方法是传encryptedData时,把“+”用“%2B”替换。或者在服务器替换空格为加号!!!!!!
参考一位仁兄,成功,仅作记录