一.概述
微信推出了小程序,很多公司的客户端应用不仅具有了APP、H5、还接入了小程序开发。但是,小程序中竟然没有提供Java版本的加密数据解密算法。
微信小程序提供的加密数据解密算法链接为:https://mp.weixin.qq.com/debug/wxadoc/dev/api/signature.html
我们下载的算法示例如下:
真的没有java实现示例。
?
二.实现Java版本的微信小程序加密数据解密算法
1.创建项目
这里,我们创建一个Maven工程,具体创建步骤略。
?
2.配置pom.xml
我们在pom.xml中加入如下配置,其中bcprov-jdk15on是为了支持AES的BouncyCastleProvider,而commons-codec则是为了顺利的对session_key,iv,encryptData进行Base64的编解码。
class="java" name="code"><dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk16</artifactId>
<version>1.46</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.10</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.29</version>
</dependency>
?
3.实现AES类
package com.bijian.test;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
/**
* AES加密
*/
public class AES {
public static boolean initialized = false;
/**
* AES解密
*
* @param content
* 密文
* @return
* @throws InvalidAlgorithmParameterException
* @throws NoSuchProviderException
*/
public byte[] decrypt(byte[] content, byte[] keyByte, byte[] ivByte) throws InvalidAlgorithmParameterException {
initialize();
try {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
Key sKeySpec = new SecretKeySpec(keyByte, "AES");
cipher.init(Cipher.DECRYPT_MODE, sKeySpec, generateIV(ivByte));// 初始化
byte[] result = cipher.doFinal(content);
return result;
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
public static void initialize() {
if (initialized)
return;
Security.addProvider(new BouncyCastleProvider());
initialized = true;
}
// 生成iv
public static AlgorithmParameters generateIV(byte[] iv) throws Exception {
AlgorithmParameters params = AlgorithmParameters.getInstance("AES");
params.init(new IvParameterSpec(iv));
return params;
}
}
?
4.实现WxPKCS7Encoder类
package com.bijian.test;
import java.nio.charset.Charset;
import java.util.Arrays;
/**
* 微信小程序加解密
*/
public class WxPKCS7Encoder {
private static final Charset CHARSET = Charset.forName("utf-8");
private static final int BLOCK_SIZE = 32;
/**
* 获得对明文进行补位填充的字节.
*
* @param count
* 需要进行填充补位操作的明文字节个数
* @return 补齐用的字节数组
*/
public static byte[] encode(int count) {
// 计算需要填充的位数
int amountToPad = BLOCK_SIZE - (count % BLOCK_SIZE);
if (amountToPad == 0) {
amountToPad = BLOCK_SIZE;
}
// 获得补位所用的字符
char padChr = chr(amountToPad);
String tmp = new String();
for (int index = 0; index < amountToPad; index++) {
tmp += padChr;
}
return tmp.getBytes(CHARSET);
}
/**
* 删除解密后明文的补位字符
*
* @param decrypted
* 解密后的明文
* @return 删除补位字符后的明文
*/
public static byte[] decode(byte[] decrypted) {
int pad = decrypted[decrypted.length - 1];
if (pad < 1 || pad > 32) {
pad = 0;
}
return Arrays.copyOfRange(decrypted, 0, decrypted.length - pad);
}
/**
* 将数字转化成ASCII码对应的字符,用于对明文进行补码
*
* @param a
* 需要转化的数字
* @return 转化得到的字符
*/
public static char chr(int a) {
byte target = (byte) (a & 0xFF);
return (char) target;
}
}
?
5.实现WXCore类
package com.bijian.test; import org.apache.commons.codec.binary.Base64; import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSONObject; /** * 封装对外访问方法 */ public class WXCore { private static final String WATERMARK = "watermark"; private static final String APPID = "appid"; /** * 解密数据 * * @return * @throws Exception */ public static String decrypt(String appId, String encryptedData, String sessionKey, String iv) { String result = ""; try { AES aes = new AES(); byte[] resultByte = aes.decrypt(Base64.decodeBase64(encryptedData), Base64.decodeBase64(sessionKey), Base64.decodeBase64(iv)); if (null != resultByte && resultByte.length > 0) { result = new String(WxPKCS7Encoder.decode(resultByte)); JSONObject jsonObject = JSON.parseObject(result); String decryptAppid = jsonObject.getJSONObject(WATERMARK) .getString(APPID); if (!appId.equals(decryptAppid)) { result = ""; } } } catch (Exception e) { result = ""; e.printStackTrace(); } return result; } public static void main(String[] args) throws Exception { String appId = "wx4f4bc4dec97d474b"; String encryptedData = "CiyLU1Aw2KjvrjMdj8YKliAjtP4gsMZMQmRzooG2xrDcvSnxIMXFufNstNGTyaGS9uT5geRa0W4oTOb1WT7fJlAC+oNPdbB+3hVbJSRgv+4lGOETKUQz6OYStslQ142dNCuabNPGBzlooOmB231qMM85d2/fV6ChevvXvQP8Hkue1poOFtnEtpyxVLW1zAo6/1Xx1COxFvrc2d7UL/lmHInNlxuacJXwu0fjpXfz/YqYzBIBzD6WUfTIF9GRHpOn/Hz7saL8xz+W//FRAUid1OksQaQx4CMs8LOddcQhULW4ucetDf96JcR3g0gfRK4PC7E/r7Z6xNrXd2UIeorGj5Ef7b1pJAYB6Y5anaHqZ9J6nKEBvB4DnNLIVWSgARns/8wR2SiRS7MNACwTyrGvt9ts8p12PKFdlqYTopNHR1Vf7XjfhQlVsAJdNiKdYmYVoKlaRv85IfVunYzO0IKXsyl7JCUjCpoG20f0a04COwfneQAGGwd5oa+T8yO5hzuyDb/XcxxmK01EpqOyuxINew=="; String sessionKey = "tiihtNczf5v6AKRyjwEUhQ=="; String iv = "r7BXXKkLb8qrSNn05n0qiA=="; System.out.println(decrypt(appId, encryptedData, sessionKey, iv)); } }
这个类主要是对具体算法的封装,统一对外提供方法。
?
三.测试
1.运行Java版微信小程序加密数据解密算法
这里我就直接运行WXcore类的main方法,这里的测试数据都是从Node.js版微信小程序加密数据解密算法的示例程序中提出来的。我们的运行结果如下:
{"openId":"oGZUI0egBJY1zhBYw2KhdUfwVJJE","nickName":"Band","gender":1,"language":"zh_CN","city":"Guangzhou","province":"Guangdong","country":"CN","avatarUrl":"http://wx.qlogo.cn/mmopen/vi_32/aSKcBBPpibyKNicHNTMM0qJVh8Kjgiak2AHWr8MHM4WgMEm7GFhsf8OYrySdbvAMvTsw3mo8ibKicsnfN5pRjl1p8HQ/0","unionId":"ocMvos6NjeKLIBqg5Mr9QjxrP1FA","watermark":{"timestamp":1477314187,"appid":"wx4f4bc4dec97d474b"}}
?
2.运行Node.js版微信小程序加密数据解密算法
我在Node.js环境中直接运行微信官方提供的Node.js版小程序加密数据解密算法,结果如下:
通过对比以上结果可知,我们自行使用Java实现的Java版微信小程序加密数据解密算法与微信官方提供的Node.js版小程序加密数据解密算法结果一致。
?
四.javax.crypto.Cipher实现
package com.bijian.test;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import javax.crypto.*;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.security.*;
public class Test {
private static final String WATERMARK = "watermark";
private static final String APPID = "appid";
private static boolean hasInited = false;
public static void init() {
if (hasInited) {
return;
}
Security.addProvider(new BouncyCastleProvider());
hasInited = true;
}
public static String decrypt(String session_key, String iv, String encryptData) {
String decryptString = "";
init();
byte[] sessionKeyByte = Base64.decodeBase64(session_key);
byte[] ivByte = Base64.decodeBase64(iv);
byte[] encryptDataByte = Base64.decodeBase64(encryptData);
try {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
Key key = new SecretKeySpec(sessionKeyByte, "AES");
AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("AES");
algorithmParameters.init(new IvParameterSpec(ivByte));
cipher.init(Cipher.DECRYPT_MODE, key, algorithmParameters);
byte[] bytes = cipher.doFinal(encryptDataByte);
decryptString = new String(bytes);
} catch (Exception e) {
e.printStackTrace();
}
return decryptString;
}
public static void main(String[] args) {
String appId = "wx4f4bc4dec97d474b";
String session_key = "tiihtNczf5v6AKRyjwEUhQ==";
String iv = "r7BXXKkLb8qrSNn05n0qiA==";
String encryptData =
"CiyLU1Aw2KjvrjMdj8YKliAjtP4gsMZM"+
"QmRzooG2xrDcvSnxIMXFufNstNGTyaGS"+
"9uT5geRa0W4oTOb1WT7fJlAC+oNPdbB+"+
"3hVbJSRgv+4lGOETKUQz6OYStslQ142d"+
"NCuabNPGBzlooOmB231qMM85d2/fV6Ch"+
"evvXvQP8Hkue1poOFtnEtpyxVLW1zAo6"+
"/1Xx1COxFvrc2d7UL/lmHInNlxuacJXw"+
"u0fjpXfz/YqYzBIBzD6WUfTIF9GRHpOn"+
"/Hz7saL8xz+W//FRAUid1OksQaQx4CMs"+
"8LOddcQhULW4ucetDf96JcR3g0gfRK4P"+
"C7E/r7Z6xNrXd2UIeorGj5Ef7b1pJAYB"+
"6Y5anaHqZ9J6nKEBvB4DnNLIVWSgARns"+
"/8wR2SiRS7MNACwTyrGvt9ts8p12PKFd"+
"lqYTopNHR1Vf7XjfhQlVsAJdNiKdYmYV"+
"oKlaRv85IfVunYzO0IKXsyl7JCUjCpoG"+
"20f0a04COwfneQAGGwd5oa+T8yO5hzuy"+
"Db/XcxxmK01EpqOyuxINew==";
String decrypt = decrypt(session_key, iv, encryptData);
JSONObject jsonObject = JSON.parseObject(decrypt);
String decryptAppid = jsonObject.getJSONObject(WATERMARK).getString(APPID);
if(!appId.equals(decryptAppid)){
decrypt = "";
}
System.out.println(decrypt);
}
}
运行结果和上面的运行结果是一致的。
?
附:
jar包下载地址:http://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk16/1.46
?
文章来源:
https://blog.csdn.net/l1028386804/article/details/79450115
https://blog.csdn.net/u013187628/article/details/80665574
相关文章
