微信小程序用户数据解密

结合网上的搜索的教程和自己的需要，花了两天写出来的，初学者，相互借鉴，有错误之处，欢迎指正！

app.js小程序注册逻辑文件

onLaunch: function () {    //this代指app对象，回调函数中不能直接用this调用app，回调函数中this代表回调函数本身    var that = this;    //秘钥    var wxsessionKey = '';       //获取登录态    wx.login({      success: function (res) {if (res.code) {        //请求获取wxsession_key   wx.request({              url: 'http://' + that.globalData.ipAddress + ':8080/UniversityCareerPlanning/GetSessionId',              data: {                //微信js_code                code: res.code              },              method: 'POST',              header: {                'content-type': 'application/x-www-form-urlencoded'              },              success: function (res) {                wxsessionKey = res.data              }          });          //获取用户信息          wx.getUserInfo({            success: function (res) {              //请求解密wx.request({url: 'http://' + that.globalData.ipAddress + ':8080/UniversityCareerPlanning/DecodeUserInfo',data: { encryptedData:res.encryptedData, iv: res.iv, sessionKey: wxsessionKey }, method: 'POST',header: { 'content-type': 'application/x-www-form-urlencoded' }, success: function (res) {//获取解密的用户信息并打印console.log(res)},fail: function (res) {console.log('解密失败！')}           })          },            fail: function () {console.log('获取用户信息失败！')            }         })        } else {          console.log('获取用户登录态失败！' + res.errMsg)        }      }    })  }  

在后台的Servlet中，GetSessionId用户获取session_key，关键代码如下

response.setContentType("text/html;charset=UTF-8");response.setCharacterEncoding("UTF-8");request.setCharacterEncoding("UTF-8");PrintWriter out = response.getWriter();String code = request.getParameter("code");//appid微信公众号平台获得String appId = "xxx";//appserect,微信公众号平台获得String appSecret = "xxx";//获取codeString url = "https://api.weixin.qq.com/sns/jscode2session";String param = "appid="+ appId +"&secret=" + appSecret + "&js_code=" + code +"&grant_type=authorization_code";//通过Gson对象的fromJson方法将返回的json字符串转换为JavaBeanGson gson = new Gson();String result = HttpRequest.sendGet(url, param);OpenId oi = gson.fromJson(result, OpenId.class);String session_key = oi.getSession_key();String openid = oi.getOpenid();System.out.println("session_key: " + session_key);System.out.println("openid: " + openid);String thirdSessionId = UUID.randomUUID().toString();HttpSession session = request.getSession();session.setAttribute(thirdSessionId, session_key + openid);out.println(gson.toJson(session_key));

在后台的Servlet中，用于解密的servle的关键代码如下

response.setContentType("text/html;charset=UTF-8");response.setCharacterEncoding("UTF-8");request.setCharacterEncoding("UTF-8");PrintWriter out = response.getWriter();String encryptedData = request.getParameter("encryptedData").toString();System.out.println("encryptedData: " + encryptedData);String iv = request.getParameter("iv").toString();System.out.println("iv:"+iv);String sessionKey = request.getParameter("sessionKey").toString();System.out.println("sessionKey:" + sessionKey);@SuppressWarnings("rawtypes")Map map = new HashMap();try {           byte[] resultByte  = AesCbcUtil.decrypt(Base64.decodeBase64(encryptedData),             Base64.decodeBase64(sessionKey),Base64.decodeBase64(iv));            if(null != resultByte && resultByte.length > 0){                String userInfo = new String(resultByte, "UTF-8");                               map.put("status", 1);                map.put("msg", "解密成功");                               map.put("userInfo", userInfo);            }else{            map.put("status", 0);                map.put("msg", "解密失败");            }        }catch (InvalidAlgorithmParameterException e) {            e.printStackTrace();        } catch (UnsupportedEncodingException e) {            e.printStackTrace();        }                      Gson gson = new Gson();        String decodeJSON = gson.toJson(map);        System.out.println(decodeJSON);        out.println(decodeJSON);

Java中GET和POST类型的请求封装类如下

import java.io.BufferedReader;import java.io.IOException;import java.io.InputStreamReader;import java.io.PrintWriter;import java.net.URL;import java.net.URLConnection;public class HttpRequest { /**     * 向指定URL发送GET方法的请求     *      * @param url     *            发送请求的URL     * @param param     *            请求参数，请求参数应该是 name1=value1&name2=value2 的形式。     * @return URL 所代表远程资源的响应结果     */    public static String sendGet(String url, String param) {        String result = "";        BufferedReader in = null;        try {            String urlNameString = url + "?" + param;            URL realUrl = new URL(urlNameString);            // 打开和URL之间的连接            URLConnection connection = realUrl.openConnection();            // 设置通用的请求属性            connection.setRequestProperty("accept", "*/*");            connection.setRequestProperty("connection", "Keep-Alive");            connection.setRequestProperty("user-agent",                    "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1)");            // 建立实际的连接            connection.connect();                                  // 定义 BufferedReader输入流来读取URL的响应            in = new BufferedReader(new InputStreamReader(                    connection.getInputStream()));            String line;            while ((line = in.readLine()) != null) {                result += line;            }        } catch (Exception e) {            System.out.println("发送GET请求出现异常！" + e);            e.printStackTrace();        }        // 使用finally块来关闭输入流        finally {            try {                if (in != null) {                    in.close();                }            } catch (Exception e2) {                e2.printStackTrace();            }        }        return result;    }    /**     * 向指定 URL 发送POST方法的请求     *      * @param url     *            发送请求的 URL     * @param param     *            请求参数，请求参数应该是 name1=value1&name2=value2 的形式。     * @return 所代表远程资源的响应结果     */    public static String sendPost(String url, String param) {        PrintWriter out = null;        BufferedReader in = null;        String result = "";        try {            URL realUrl = new URL(url);            // 打开和URL之间的连接            URLConnection conn = realUrl.openConnection();            // 设置通用的请求属性            conn.setRequestProperty("accept", "*/*");            conn.setRequestProperty("connection", "Keep-Alive");            conn.setRequestProperty("user-agent",                    "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1)");            // 发送POST请求必须设置如下两行            conn.setDoOutput(true);            conn.setDoInput(true);            // 获取URLConnection对象对应的输出流            out = new PrintWriter(conn.getOutputStream());            // 发送请求参数            out.print(param);            // flush输出流的缓冲            out.flush();            // 定义BufferedReader输入流来读取URL的响应            in = new BufferedReader(                    new InputStreamReader(conn.getInputStream()));            String line;            while ((line = in.readLine()) != null) {                result += line;            }        } catch (Exception e) {            System.out.println("发送 POST 请求出现异常！"+e);            e.printStackTrace();        }        //使用finally块来关闭输出流、输入流        finally{            try{                if(out!=null){                    out.close();                }                if(in!=null){                    in.close();                }            }            catch(IOException ex){                ex.printStackTrace();            }        }        return result;    }    }

AES解密类封装如下

import org.bouncycastle.jce.provider.BouncyCastleProvider;import javax.crypto.BadPaddingException;import javax.crypto.Cipher;import javax.crypto.IllegalBlockSizeException;import javax.crypto.NoSuchPaddingException;import javax.crypto.spec.IvParameterSpec;import javax.crypto.spec.SecretKeySpec;import java.security.*;/** * Created by hxc on 2017/4/15. * <p> * AES-128-CBC 加密方式 * 注： * AES-128-CBC可以自己定义“密钥”和“偏移量“。 * AES-128是jdk自动生成的“密钥”。 */public class AesCbcUtil {public static boolean initialized = false;  /** * AES解密 * @param content 密文 * @return * @throws InvalidAlgorithmParameterException  * @throws NoSuchProviderException  */public static byte[] decrypt(byte[] content, byte[] keyByte, byte[] ivByte) throws InvalidAlgorithmParameterException {initialize();try {Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");Key sKeySpec = new SecretKeySpec(keyByte, "AES");cipher.init(Cipher.DECRYPT_MODE, sKeySpec, generateIV(ivByte));// 初始化 byte[] result = cipher.doFinal(content);return result;} catch (NoSuchAlgorithmException e) {e.printStackTrace();  } catch (NoSuchPaddingException e) {e.printStackTrace();  } catch (InvalidKeyException e) {e.printStackTrace();} catch (IllegalBlockSizeException e) {e.printStackTrace();} catch (BadPaddingException e) {e.printStackTrace();} catch (NoSuchProviderException e) {// TODO Auto-generated catch blocke.printStackTrace();} catch (Exception e) {// TODO Auto-generated catch blocke.printStackTrace();}return null;}  public static void initialize(){          if (initialized) return;          Security.addProvider(new BouncyCastleProvider());          initialized = true;      }//生成iv      public static AlgorithmParameters generateIV(byte[] iv) throws Exception{          AlgorithmParameters params = AlgorithmParameters.getInstance("AES");          params.init(new IvParameterSpec(iv));          return params;      } }

由于时间关系，写的很粗略，如想参考更详细的介绍，以下链接可供参考
http://www.cnblogs.com/nosqlcoco/p/6105749.html
https://zhuanlan.zhihu.com/p/25124713