关于微信小程序中用户数据解密的介绍

这篇文章主要介绍了微信小程序 用户数据解密详细介绍的相关资料,需要的朋友可以参考下

微信小程序 用户数据解密

官方指引图：

引导图一步一步操作

1、获取code

onLoad: function (options) {
 // 页面初始化 options为页面跳转所带来的参数
 let that = this
 wx.login({
 success: function (res) {
 // success
 let code = res.code
 that.setData({ code: code })
 wx.getUserInfo({
 success: function (res) {
 // success
 that.setData({ userInfo: res.userInfo })
 that.setData({ iv: res.iv })
 that.setData({ encryptedData: res.encryptedData })
 that.get3rdSession()
}

2、发送code到第三方服务器，获取3rd_session

get3rdSession:function(){
 let that = this
 wx.request({
 url: #39;https://localhost:8443/get3rdSession #39;,
 data: {
 code: this.data.code
 method: #39;GET #39;, // OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT
 // header: {}, // 设置请求的 header
 success: function (res) {
 // success
 var sessionId = res.data.session;
 that.setData({ sessionId: sessionId })
 wx.setStorageSync( #39;sessionId #39;, sessionId)
 that.decodeUserInfo()
 }

3、在第三方服务器上发送appid、appsecret、code到微信服务器换取session_key和openid

这里使用JFinal搭建的服务器

Redis配置

public void configPlugin(Plugins me) {
 //用于缓存userinfo模块的redis服务
 RedisPlugin userInfoRedis = new RedisPlugin( userInfo , localhost 
 me.add(userInfoRedis);
}

获取第三方session

public void get3rdSession() {
 //获取名为userInfo的Redis Cache对象
 Cache userInfoCache = Redis.use( userInfo 
 String sessionId = 
 JSONObject json = new JSONObject();
 String code = getPara( code 
 String url = https://api.weixin.qq.com/sns/jscode2session?appid=wx7560b8008e2c445d secret=f1af3312b7038513fd17dd9cbc3b357c js_code= + code + grant_type=authorization_code 
 //执行命令生成3rd_session
 String session = ExecLinuxCMDUtil.instance.exec( cat /dev/urandom |od -x | tr -d #39; #39;| head -n 1 ).toString();
 json.put( session , session);
 //创建默认的httpClient实例
 CloseableHttpClient httpClient = getHttpClient();
 try {
 //用get方法发送http请求
 HttpGet get = new HttpGet(url);
 System.out.println( 执行get请求:.... + get.getURI());
 CloseableHttpResponse httpResponse = null;
 //发送get请求
 httpResponse = httpClient.execute(get);
 try {
 //response实体
 HttpEntity entity = httpResponse.getEntity();
 if (null != entity) {
 String result = EntityUtils.toString(entity);
 System.out.println(result);
 JSONObject resultJson = JSONObject.fromObject(result);
 String session_key = resultJson.getString( session_key 
 String openid = resultJson.getString( openid 
 //session存储
 userInfoCache.set(session,session_key+ , +openid);
 } finally {
 httpResponse.close();
 } catch (Exception e) {
 e.printStackTrace();
 } finally {
 try {
 closeHttpClient(httpClient);
 } catch (IOException e) {
 e.printStackTrace();
 renderJson(json);
private CloseableHttpClient getHttpClient() {
 return HttpClients.createDefault();
private void closeHttpClient(CloseableHttpClient client) throws IOException {
 if (client != null) {
 client.close();
}

ExecLinuxCMDUtil.Java

import java.io.InputStreamReader;
import java.io.LineNumberReader;
 * java在linux环境下执行linux命令，然后返回命令返回值。
 * Created by LJaer on 16/12/22.
public class ExecLinuxCMDUtil {
 public static final ExecLinuxCMDUtil instance = new ExecLinuxCMDUtil();
 public static Object exec(String cmd) {
 try {
 String[] cmdA = { /bin/sh , -c , cmd };
 Process process = Runtime.getRuntime().exec(cmdA);
 LineNumberReader br = new LineNumberReader(new InputStreamReader(
 process.getInputStream()));
 StringBuffer sb = new StringBuffer();
 String line;
 while ((line = br.readLine()) != null) {
 System.out.println(line);
 sb.append(line).append( \n 
 return sb.toString();
 } catch (Exception e) {
 e.printStackTrace();
 return null;
}

4、解密用户数据

decodeUserInfo:function(){
 let that = this
 wx.request({
 url: #39;https://localhost:8443/decodeUserInfo #39;,
 data: {
 encryptedData: that.data.encryptedData,
 iv: that.data.iv,
 session: wx.getStorageSync( #39;sessionId #39;)
 method: #39;GET #39;, // OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT
 // header: {}, // 设置请求的 header
 success: function (res) {
 // success
 console.log(res)
}

console输出结果：

后端解密代码

/**
 * 解密用户敏感数据
public void decodeUserInfo(){
 String encryptedData = getPara( encryptedData 
 String iv = getPara( iv 
 String session = getPara( session 
 //从缓存中获取session_key
 //获取名称为userInfo的Redis Cache对象
 Cache userInfoRedis = Redis.use( userInfo 
 Object wxSessionObj = userInfoRedis.get(session);
 if(null==wxSessionObj){
 renderNull();
 String wxSessionStr = (String)wxSessionObj;
 String session_key = wxSessionStr.split( , )[0];
 try {
 byte[] resultByte = AESUtil.instance.decrypt(Base64.decodeBase64(encryptedData), Base64.decodeBase64(session_key), Base64.decodeBase64(iv));
 if(null != resultByte resultByte.length 0){
 String userInfo = new String(resultByte, UTF-8 
 System.out.println(userInfo);
 JSONObject json = JSONObject.fromObject(userInfo); //将字符串{“id”：1}
 renderJson(json);
 } catch (InvalidAlgorithmParameterException e) {
 e.printStackTrace();
 } catch (UnsupportedEncodingException e) {
 e.printStackTrace();
}

AESUtil.java

import org.bouncycastle.jce.provider.BouncyCastleProvider;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.security.*;
public class AESUtil {
 public static final AESUtil instance = new AESUtil();
 public static boolean initialized = false;
 * AES解密
 * @param content 密文
 * @return
 * @throws InvalidAlgorithmParameterException
 * @throws NoSuchProviderException
 public byte[] decrypt(byte[] content, byte[] keyByte, byte[] ivByte) throws InvalidAlgorithmParameterException {
 initialize();
 try {
 Cipher cipher = Cipher.getInstance( AES/CBC/PKCS7Padding 
 Key sKeySpec = new SecretKeySpec(keyByte, AES 
 cipher.init(Cipher.DECRYPT_MODE, sKeySpec, generateIV(ivByte));// 初始化
 byte[] result = cipher.doFinal(content);
 return result;
 } catch (NoSuchAlgorithmException e) {
 e.printStackTrace();
 } catch (NoSuchPaddingException e) {
 e.printStackTrace();
 } catch (InvalidKeyException e) {
 e.printStackTrace();
 } catch (IllegalBlockSizeException e) {
 e.printStackTrace();
 } catch (BadPaddingException e) {
 e.printStackTrace();
 } catch (NoSuchProviderException e) {
 // TODO Auto-generated catch block
 e.printStackTrace();
 } catch (Exception e) {
 // TODO Auto-generated catch block
 e.printStackTrace();
 return null;
 public static void initialize(){
 if (initialized) return;
 Security.addProvider(new BouncyCastleProvider());
 initialized = true;
 //生成iv
 public static AlgorithmParameters generateIV(byte[] iv) throws Exception{
 AlgorithmParameters params = AlgorithmParameters.getInstance( AES 
 params.init(new IvParameterSpec(iv));
 return params;
}

以上就是本文的全部内容，希望对大家的学习有所帮助，更多相关内容请关注PHP中文网！

相关推荐：

微信小程序通过保存图片分享到朋友圈的功能实现

关于微信小程序收藏功能的实现

微信小程序如何获取openid及用户信息

以上就是关于微信小程序中用户数据解密的介绍的详细内容，更多请关注php中文网其它相关文章！

微信app下载

微信是一款手机通信软件，支持通过手机网络发送语音短信、视频、图片和文字。微信可以单聊及群聊，还能根据地理位置找到附近的人，带给大家全新的移动沟通体验，有需要的小伙伴快来保存下载体验吧！