小程序端登录后,得到登录时获取的 code(仅可使用一次)
App({
onLaunch: function () {//登录
wx.login({
success: res=>{//发送 res.code 到后台换取 openId, sessionKey, unionId
console.log(res.code)
}
})
}
})
2.后端访问微信登录凭证校验API
小程序官方文档地址-登录凭证.
通过官方提供的接口,获取到会话密钥session_key和openid
https://api./sns/jscode2session?appid=‘小程序id’&secret='小程序AppSecret '&js_code=‘步骤1中得到的code’&grant_type=authorization_code
3.小程序请求客户授权获取手机号
小程序官方文档地址-获取手机号
(1)页面上增加一个按钮,用户点击后获取到敏感数据
获取手机号
(2)将e.detail传到后端
Page({
getPhoneNumber (e) {
console.log(e.detail.errMsg)
console.log(e.detail.iv)
console.log(e.detail.encryptedData)
}
})
4.结合sessionKey、encryptedData、iv三个参数,进行解密操作
二、Java后端解密数据
基于jdk1.8,低于1.8版本需要创建一个base64解密工具类
1、实体类
(1)微信手机号信息解密后的对象
public classWeixinPhoneDecryptInfo {privateString phoneNumber;privateString purePhoneNumber;private intcountryCode;privateString weixinWaterMark;privateWaterMark watermark;
}
public classWaterMark {privateLong timestamp;// 时间戳做转换的时候,记得先乘以1000,再通过simpledateformat完成date类型转换privateString appid;
...
}
2、解密工具类
这一部分的代码,参考链接博客链接书写,感谢博主!
实际使用中,由于特殊字符存在,可能导致base64解密失败,推荐引入org.apache.xmlbeans.impl.util.Base64,而不是java.util.Base64,感谢Prometheus_K反馈!
importjava.nio.charset.StandardCharsets;importjava.security.AlgorithmParameters;importjava.security.Key;importjava.security.NoSuchAlgorithmException;importjava.security.Security;importjava.security.spec.InvalidParameterSpecException;importjava.util.Base64;importjavax.crypto.Cipher;importjavax.crypto.spec.IvParameterSpec;importjavax.crypto.spec.SecretKeySpec;importorg.bouncycastle.jce.provider.BouncyCastleProvider;importcom.alibaba.fastjson.JSON;public classAESForWeixinGetPhoneNumber {//加密方式
private static String keyAlgorithm = "AES";//避免重复new生成多个BouncyCastleProvider对象,因为GC回收不了,会造成内存溢出//只在第一次调用decrypt()方法时才new 对象
private static boolean initialized = false;//用于Base64解密
private Base64.Decoder decoder =Base64.getDecoder();//待解密的数据
privateString originalContent;//会话密钥sessionKey
privateString encryptKey;//加密算法的初始向量
privateString iv;publicAESForWeixinGetPhoneNumber(String originalContent,String encryptKey,String iv) {this.originalContent =originalContent;this.encryptKey =encryptKey;this.iv =iv;
}/*** AES解密
* 填充模式AES/CBC/PKCS7Padding
* 解密模式128
*
*@return解密后的信息对象*/
publicWeixinPhoneDecryptInfo decrypt() {
initialize();try{//数据填充方式//Cipher cipher = Cipher.getInstance(“AES/CBC/PKCS7Padding”,”BC”);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
Key sKeySpec= new SecretKeySpec(decoder.decode(this.encryptKey), keyAlgorithm);//初始化
cipher.init(Cipher.DECRYPT_MODE, sKeySpec, generateIV(decoder.decode(this.iv)));byte[]data = cipher.doFinal(decoder.decode(this.originalContent));
String datastr= newString(data, StandardCharsets.UTF_8);return JSON.toJavaObject(JSON.parseObject(datastr),WeixinPhoneDecryptInfo.class);
}catch(Exception e) {
System.out.println(e.getMessage());
System.out.println(222);return null;
}
}/**BouncyCastle作为安全提供,防止我们加密解密时候因为jdk内置的不支持改模式运行报错。**/
private static voidinitialize() {if(initialized) {return;
}
Security.addProvider(newBouncyCastleProvider());
initialized= true;
}//生成iv
private static AlgorithmParameters generateIV(byte[] iv) throwsNoSuchAlgorithmException, InvalidParameterSpecException {
AlgorithmParameters params=AlgorithmParameters.getInstance(keyAlgorithm);
params.init(newIvParameterSpec(iv));returnparams;
}
}
需要引入的jar包
com.alibaba
fastjson
1.2.61
org.bouncycastle
bcprov-jdk16
1.46
测试
publicObject a(String encryptedData,String iv,String sessionKey){
System.out.println("加密的敏感数据:" +encryptedData);
System.out.println("初始向量:" +iv);
System.out.println("会话密钥:" +sessionKey);
String appId= "XXXXXXXXX";
AESForWeixinGetPhoneNumber aes= newAESForWeixinGetPhoneNumber(encryptedData,sessionKey,iv);
WeixinPhoneDecryptInfo info=aes.decrypt();if (null==info){
System.out.println("error");
}else{
System.out.println(info.toString());if (!info.getWatermark().getAppid().equals(appId)){
System.out.println("wrong appId");
}
}returninfo;
}
WeixinPhoneDecryptInfo [phoneNumber=152XXXXXXXX, purePhoneNumber=152XXXXXXXX, countryCode=86, watermark={"appid":"XXXXXXXXXXXXX","timestamp":1600413039}, weixinWaterMark=null]
原文链接:/weixin_42792301/article/details/101540668