【小程序】java 后台获取用户信息（解密encryptedData）

用户信息（解密encryptedData）"/>

【小程序】java 后台获取用户信息（解密encryptedData）

首先java 后端依赖两个jar

	<dependency><groupId>org.codehaus.xfire</groupId><artifactId>xfire-core</artifactId><version>1.2.6</version></dependency><dependency><groupId>org.bouncycastle</groupId><artifactId>bcprov-jdk16</artifactId><version>1.46</version></dependency>

流程：1.需要微信前端调用wx.login接口获取code。 然后再调用wx.getuserInfo接口获取用户的信息。

     获取到的信息包含有用户基本信息（这里面没有openid），以及encryptedData，这个encryptedData含有完整用户信息（含openid），但是数据是加密的，需要服务器端来解析。2. 前端调用服务器接口，将获取到的code，以及encryptedData，和iv一起发送到后端。3. 服务器在解密encryptedData之前，需要调用微信接口获取sessionkey. 有了encryptedData才能解密。

前端调用代码：

  wx.login({success: function (res_login) {if (res_login.code){wx.getUserInfo({success:function(res){console.log(res)var jsonData = {code: res_login.code,encryptedData: res.encryptedData,iv: res.iv};wx.request({url: 'http://domain/miniapp/login/userinfo',header: { 'Content-Type': 'application/json' },method:'POST',data: jsonData,success: res => {console.log(res.data)wx.hideLoading()this.setData({projectlist: res.data.content})}})}})}}})

服务器端代码：

import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.nio.channels.ScatteringByteChannel;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.spec.InvalidParameterSpecException;
import java.util.Arrays;import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;import org.apache.log4j.Logger;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.codehaus.xfire.util.Base64;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;import com.alibaba.fastjson.JSONObject;
import com.wqdata.miniapp.utils.CommonUtil;
import com.wqdata.miniapp.utils.WeChatConfig;
import com.wqdata.miniapp.utils.WeixinMessageDigest;@Controller
@RequestMapping("/wechat")
public class WeChatController {private Logger logger = Logger.getLogger(WeChatController.class);@RequestMapping("/init")@ResponseBodypublic void init(HttpServletRequest request, HttpServletResponse response) throws IOException {String echostr = this.initWechat(request);PrintWriter out = response.getWriter();out.print(echostr);out.close();out = null;}@RequestMapping(value = "/login/userinfo", method = RequestMethod.POST)@ResponseBodypublic void login(@RequestBody String infoData, HttpServletRequest request, HttpServletResponse response)throws IOException {System.out.println("infoData" + infoData);JSONObject dataObj = JSONObject.parseObject(infoData);String  code =  (String) dataObj.get("code");String  encryptedData =  (String) dataObj.get("encryptedData");String  iv =  (String) dataObj.get("iv");String sessionkey = getSessionKey(code);JSONObject userInfo = this.getUserInfo(encryptedData, sessionkey, iv);System.out.println(userInfo);}public String getSessionKey(String code) {String url = "=" + WeChatConfig.APP_ID + "&secret="+ WeChatConfig.APP_SECRET + "&js_code=" + code + "&grant_type=authorization_code";String reusult = CommonUtil.httpGet(url);JSONObject oppidObj = JSONObject.parseObject(reusult);String openid = (String) oppidObj.get("openid");String session_key = (String) oppidObj.get("session_key");return session_key;}public String initWechat(HttpServletRequest request) {String signature = request.getParameter("signature"); // 加密需要验证的签名String timestamp = request.getParameter("timestamp");// 时间戳String nonce = request.getParameter("nonce");// 随机数String echostr = request.getParameter("echostr");WeixinMessageDigest wxDigest = WeixinMessageDigest.getInstance();boolean bValid = wxDigest.validate(WeChatConfig.TOKEN, signature, timestamp, nonce);logger.info("initWechat  --- valid:" + bValid);if (bValid) {return echostr;}return "";}/*** 获取信息*/public JSONObject getUserInfo(String encryptedData,String sessionkey,String iv){// 被加密的数据byte[] dataByte = Base64.decode(encryptedData);// 加密秘钥byte[] keyByte = Base64.decode(sessionkey);// 偏移量byte[] ivByte = Base64.decode(iv);try {// 如果密钥不足16位，那么就补足.  这个if 中的内容很重要int base = 16;if (keyByte.length % base != 0) {int groups = keyByte.length / base + (keyByte.length % base != 0 ? 1 : 0);byte[] temp = new byte[groups * base];Arrays.fill(temp, (byte) 0);System.arraycopy(keyByte, 0, temp, 0, keyByte.length);keyByte = temp;}// 初始化Security.addProvider(new BouncyCastleProvider());Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding","BC");SecretKeySpec spec = new SecretKeySpec(keyByte, "AES");AlgorithmParameters parameters = AlgorithmParameters.getInstance("AES");parameters.init(new IvParameterSpec(ivByte));cipher.init(Cipher.DECRYPT_MODE, spec, parameters);// 初始化byte[] resultByte = cipher.doFinal(dataByte);if (null != resultByte && resultByte.length > 0) {String result = new String(resultByte, "UTF-8");return JSONObject.parseObject(result);}} catch (NoSuchAlgorithmException e) {e.printStackTrace();} catch (NoSuchPaddingException e) {e.printStackTrace();} catch (InvalidParameterSpecException e) {e.printStackTrace();} catch (IllegalBlockSizeException e) {e.printStackTrace();} catch (BadPaddingException e) {e.printStackTrace();} catch (UnsupportedEncodingException e) {e.printStackTrace();} catch (InvalidKeyException e) {e.printStackTrace();} catch (InvalidAlgorithmParameterException e) {e.printStackTrace();} catch (NoSuchProviderException e) {e.printStackTrace();}return null;}}

作者：Jacob-wj
来源：CSDN
原文：
版权声明：本文为博主原创文章，转载请附上博文链接！