微信小程序 用户数据解密
官方指引图:
引导图一步一步操作
1、获取code
onLoad: function (options) { // 页面初始化 options为页面跳转所带来的参数 let that = this wx.login({ success: function (res) { // success let code = res.code that.setData({ code: code }) wx.getUserInfo({ success: function (res) { // success that.setData({ userInfo: res.userInfo }) that.setData({ iv: res.iv }) that.setData({ encryptedData: res.encryptedData }) that.get3rdSession() } }) } }) }
2、发送code到第三方服务器,获取3rd_session
get3rdSession:function(){ let that = this wx.request({ url: 'https://localhost:8443/get3rdSession', data: { code: this.data.code }, method: 'GET', // OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT // header: {}, // 设置请求的 header success: function (res) { // success var sessionId = res.data.session; that.setData({ sessionId: sessionId }) wx.setStorageSync('sessionId', sessionId) that.decodeUserInfo() } }) }
3、在第三方服务器上发送appid、appsecret、code到微信服务器换取session_key和openid
这里使用JFinal搭建的服务器
Redis配置
public void configPlugin(Plugins me) { //用于缓存userinfo模块的redis服务 RedisPlugin userInfoRedis = new RedisPlugin("userInfo","localhost"); me.add(userInfoRedis); }
获取第三方session
public void get3rdSession() { //获取名为userInfo的Redis Cache对象 Cache userInfoCache = Redis.use("userInfo"); String sessionId = ""; JSONObject json = new JSONObject(); String code = getPara("code"); String url = "https://api.weixin.qq.com/sns/jscode2session" + code + "&grant_type=authorization_code"; //执行命令生成3rd_session String session = ExecLinuxCMDUtil.instance.exec("cat /dev/urandom |od -x | tr -d ' '| head -n 1").toString(); json.put("session", session); //创建默认的httpClient实例 CloseableHttpClient httpClient = getHttpClient(); try { //用get方法发送http请求 HttpGet get = new HttpGet(url); System.out.println("执行get请求:...." + get.getURI()); CloseableHttpResponse httpResponse = null; //发送get请求 httpResponse = httpClient.execute(get); try { //response实体 HttpEntity entity = httpResponse.getEntity(); if (null != entity) { String result = EntityUtils.toString(entity); System.out.println(result); JSONObject resultJson = JSONObject.fromObject(result); String session_key = resultJson.getString("session_key"); String openid = resultJson.getString("openid"); //session存储 userInfoCache.set(session,session_key+","+openid); } } finally { httpResponse.close(); } } catch (Exception e) { e.printStackTrace(); } finally { try { closeHttpClient(httpClient); } catch (IOException e) { e.printStackTrace(); } } renderJson(json); } private CloseableHttpClient getHttpClient() { return HttpClients.createDefault(); } private void closeHttpClient(CloseableHttpClient client) throws IOException { if (client != null) { client.close(); } }
ExecLinuxCMDUtil.Java
import java.io.InputStreamReader; import java.io.LineNumberReader; /** * java在linux环境下执行linux命令,然后返回命令返回值。 * Created by LJaer on 16/12/22. */ public class ExecLinuxCMDUtil { public static final ExecLinuxCMDUtil instance = new ExecLinuxCMDUtil(); public static Object exec(String cmd) { try { String[] cmdA = { "/bin/sh", "-c", cmd }; Process process = Runtime.getRuntime().exec(cmdA); LineNumberReader br = new LineNumberReader(new InputStreamReader( process.getInputStream())); StringBuffer sb = new StringBuffer(); String line; while ((line = br.readLine()) != null) { System.out.println(line); sb.append(line).append("\n"); } return sb.toString(); } catch (Exception e) { e.printStackTrace(); } return null; } }
4、解密用户数据
decodeUserInfo:function(){ let that = this wx.request({ url: 'https://localhost:8443/decodeUserInfo', data: { encryptedData: that.data.encryptedData, iv: that.data.iv, session: wx.getStorageSync('sessionId') }, method: 'GET', // OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT // header: {}, // 设置请求的 header success: function (res) { // success console.log(res) } }) }
console输出结果:
后端解密代码
/** * 解密用户敏感数据 */ public void decodeUserInfo(){ String encryptedData = getPara("encryptedData"); String iv = getPara("iv"); String session = getPara("session"); //从缓存中获取session_key //获取名称为userInfo的Redis Cache对象 Cache userInfoRedis = Redis.use("userInfo"); Object wxSessionObj = userInfoRedis.get(session); if(null==wxSessionObj){ renderNull(); } String wxSessionStr = (String)wxSessionObj; String session_key = wxSessionStr.split(",")[0]; try { byte[] resultByte = AESUtil.instance.decrypt(Base64.decodeBase64(encryptedData), Base64.decodeBase64(session_key), Base64.decodeBase64(iv)); if(null != resultByte && resultByte.length > 0){ String userInfo = new String(resultByte, "UTF-8"); System.out.println(userInfo); JSONObject json = JSONObject.fromObject(userInfo); //将字符串{“id”:1} renderJson(json); } } catch (InvalidAlgorithmParameterException e) { e.printStackTrace(); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } }
AESUtil.java
import org.bouncycastle.jce.provider.BouncyCastleProvider; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import java.security.*; public class AESUtil { public static final AESUtil instance = new AESUtil(); public static boolean initialized = false; /** * AES解密 * @param content 密文 * @return * @throws InvalidAlgorithmParameterException * @throws NoSuchProviderException */ public byte[] decrypt(byte[] content, byte[] keyByte, byte[] ivByte) throws InvalidAlgorithmParameterException { initialize(); try { Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding"); Key sKeySpec = new SecretKeySpec(keyByte, "AES"); cipher.init(Cipher.DECRYPT_MODE, sKeySpec, generateIV(ivByte));// 初始化 byte[] result = cipher.doFinal(content); return result; } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (NoSuchPaddingException e) { e.printStackTrace(); } catch (InvalidKeyException e) { e.printStackTrace(); } catch (IllegalBlockSizeException e) { e.printStackTrace(); } catch (BadPaddingException e) { e.printStackTrace(); } catch (NoSuchProviderException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } return null; } public static void initialize(){ if (initialized) return; Security.addProvider(new BouncyCastleProvider()); initialized = true; } //生成iv public static AlgorithmParameters generateIV(byte[] iv) throws Exception{ AlgorithmParameters params = AlgorithmParameters.getInstance("AES"); params.init(new IvParameterSpec(iv)); return params; } }
感谢阅读,希望能帮助到大家,谢谢大家对本站的支持!
华山资源网 Design By www.eoogi.com
广告合作:本站广告合作请联系QQ:858582 申请时备注:广告合作(否则不回)
免责声明:本站资源来自互联网收集,仅供用于学习和交流,请遵循相关法律法规,本站一切资源不代表本站立场,如有侵权、后门、不妥请联系本站删除!
免责声明:本站资源来自互联网收集,仅供用于学习和交流,请遵循相关法律法规,本站一切资源不代表本站立场,如有侵权、后门、不妥请联系本站删除!
华山资源网 Design By www.eoogi.com
暂无评论...
稳了!魔兽国服回归的3条重磅消息!官宣时间再确认!
昨天有一位朋友在大神群里分享,自己亚服账号被封号之后居然弹出了国服的封号信息对话框。
这里面让他访问的是一个国服的战网网址,com.cn和后面的zh都非常明白地表明这就是国服战网。
而他在复制这个网址并且进行登录之后,确实是网易的网址,也就是我们熟悉的停服之后国服发布的暴雪游戏产品运营到期开放退款的说明。这是一件比较奇怪的事情,因为以前都没有出现这样的情况,现在突然提示跳转到国服战网的网址,是不是说明了简体中文客户端已经开始进行更新了呢?
更新日志
2024年09月24日
2024年09月24日
- 范文芳1999-真心话电影原声带[HYPE][WAV+CUE]
- 袁培华.1990-我写不出一首情歌给我最爱的你【可登】【WAV+CUE】
- 群星.2007-歌林10年流行岁月12CD【歌林】【WAV+CUE】
- 软硬天师.2006-LONG.TIME.NO.SEE【金牌大风】【WAV+CUE】
- 卓依娜姆《美人谋 网剧影视原声带》[FLAC/分轨][162.27MB]
- 国风大师纯音系列《蒋倩 :古筝演奏家》1CD[MP3][160.7MB]
- 国风大师纯音系列《王中山古筝》1CD[MP3][519MB]
- 徐玮1986-走自己的路[台湾复刻版][WAV+CUE]
- 黄思婷2004-情缘[豪记唱片][WAV+CUE]
- 群星《左耳·听见爱情》星文唱片[WAV+CUE]
- 陈美玲.1987-孤单的心【EMI百代】【WAV+CUE】
- 黄乙玲.2005-甲你作伴【亚律音乐】【WAV+CUE】
- 张雨生.1997-口是心非【丰华】【WAV+CUE】
- 群星《右耳·聆听私语》星文唱片[WAV+CUE]
- VitoCadonau-ramur-encasaveglia(2024)[24-44,1]FLAC