微信小程序用户信息解密
问题描述
当小程序在获取用户信息或者获取手机号的时候,用户微信接口返回的是AES加密之后的数据,所以需要解决
方法
就拿获取手机号来讲,前端通过微信接口:
Page({
getPhoneNumber (e) {
console.log(e.detail.errMsg)
console.log(e.detail.iv)
console.log(e.detail.encryptedData)
}
})
返回结果为:
{
...
"detail": {
"cloudID": "28_xrg3EUUOKQBLxLaBGrtYkDa7JuRH8...",
"encryptedData": "..Bb3cK/KI3hbqk0m5QhoQ==",
"errMsg": "getPhoneNumber:ok",
"iv": "S92Ox1zXQeSaFOWw==",
}
...
}
public static String userDataDecrypt(String appId, String encryptedData,
String sessionKey, String iv) {
try {
byte[] base64DecryptData = Base64Utils.decodeFromString(encryptedData);
byte[] base64DecryptIv = Base64Utils.decodeFromString(iv);
byte[] base64DecryptSk = Base64Utils.decodeFromString(sessionKey);
AlgorithmParameterSpec alpSpec = new IvParameterSpec(base64DecryptIv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKey secretKey = new SecretKeySpec(base64DecryptSk, "AES");
cipher.init(Cipher.DECRYPT_MODE, secretKey, alpSpec);
String result = new String(cipher.doFinal(base64DecryptData), "UTF-8");
JSONObject jsonObject = JSON.parseObject(result);
if (jsonObject.containsKey("watermark")){
JSONObject watermark = jsonObject.getJSONObject("watermark");
if (watermark.containsKey("appid")
&& Objects.equals(watermark.getString("appid"), appId)){
return result;
}
}
return null;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
测试:
public static void main(String[] args) {
String encryptData ="u/xOW9eZ9Hc1xhNugVwAYPA/t04F3ssXGQnn4uApCXBa1AQv";
String iv = "6y9KiP232YdaxeyUw==";
String appId = "wx1723293idois9";
String sessionKey = "CRSSV432JvObMQ==";
String result = userDataDecrypt(appId,encryptData,sessionKey,iv);
System.out.println(result);
}
解密结果:
{
"phoneNumber": "13580006666",
"purePhoneNumber": "13580006666",
"countryCode": "86",
"watermark":
{
"appid":"APPID",
"timestamp":"TIMESTAMP"
}
}