WeChat applet java implements AES decryption and obtains unionId

If you are using the mini program while also using the official account, you may use the unionId function. Due to the company's business needs, we need to use unionId. For specific usage methods, please refer to the instructions of the WeChat open platform, but in The WeChat applet documentation only provides the source code for some language implementations, and there is no java. How lazy are the developers of the applet? Doesn’t everyone use java to write the backend? ? ?

What the hell, then I started to embark on various AES pitfalls. In fact, I referred to a lot of online tutorials, and again I can’t list them all for everyone (because When I wrote this article, it was already a week after the problem was solved), and I also received a lot of help from the administrator. I will write a post again to give back to everyone. Here I only list the decryption methods of unionId. If you have any questions, please contact I can reply or reply.

Also a little bit of criticism,

https Do not use the free certificate provided by startcom!

https Do not use the free certificate provided by startcom !

https Do not use the free certificate provided by startcom!

Say important things three times! ! ! !

AES.java

import org.apache.commons.codec.binary.Base64;import org.bouncycastle.jce.provider.BouncyCastleProvider;import javax.crypto.BadPaddingException;import javax.crypto.Cipher;import javax.crypto.IllegalBlockSizeException;import javax.crypto.NoSuchPaddingException;import javax.crypto.spec.IvParameterSpec;import javax.crypto.spec.SecretKeySpec;import java.security.*;public class AES {    public static boolean initialized = false;    /**
     * AES解密
     * @param content 密文
     * @return
     * @throws InvalidAlgorithmParameterException
     * @throws NoSuchProviderException
     */
    public byte[] decrypt(byte[] content, byte[] keyByte, byte[] ivByte) throws InvalidAlgorithmParameterException {
        initialize();        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            Key sKeySpec = new SecretKeySpec(keyByte, "AES");
            cipher.init(Cipher.DECRYPT_MODE, sKeySpec, generateIV(ivByte));// 初始化
            byte[] result = cipher.doFinal(content);            return result;
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (NoSuchPaddingException e) {
            e.printStackTrace();
        } catch (InvalidKeyException e) {
            e.printStackTrace();
        } catch (IllegalBlockSizeException e) {
            e.printStackTrace();
        } catch (BadPaddingException e) {
            e.printStackTrace();
        } catch (NoSuchProviderException e) {            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (Exception e) {            // TODO Auto-generated catch block
            e.printStackTrace();
        }        return null;
    }    public static void initialize(){        if (initialized) return;
        Security.addProvider(new BouncyCastleProvider());
        initialized = true;
    }    //生成iv
    public static AlgorithmParameters generateIV(byte[] iv) throws Exception{
        AlgorithmParameters params = AlgorithmParameters.getInstance("AES");
        params.init(new IvParameterSpec(iv));        return params;
    }
}

WxPKCS7Encoder.java

import java.nio.charset.Charset;import java.util.Arrays;/**
* Created by Kevin Dong on 2017/1/5.
*/public class WxPKCS7Encoder {    private static final Charset CHARSET = Charset.forName("utf-8");    private static final int BLOCK_SIZE = 32;    /**
     * 获得对明文进行补位填充的字节.
     *
     * @param count 需要进行填充补位操作的明文字节个数
     * @return 补齐用的字节数组
     */
    public static byte[] encode(int count) {        // 计算需要填充的位数
        int amountToPad = BLOCK_SIZE - (count % BLOCK_SIZE);        if (amountToPad == 0) {
            amountToPad = BLOCK_SIZE;
        }        // 获得补位所用的字符
        char padChr = chr(amountToPad);
        String tmp = new String();        for (int index = 0; index < amountToPad; index++) {
            tmp += padChr;
        }        return tmp.getBytes(CHARSET);
    }    /**
     * 删除解密后明文的补位字符
     *
     * @param decrypted 解密后的明文
     * @return 删除补位字符后的明文
     */
    public static byte[] decode(byte[] decrypted) {        int pad = decrypted[decrypted.length - 1];        if (pad < 1 || pad > 32) {
            pad = 0;
        }        return Arrays.copyOfRange(decrypted, 0, decrypted.length - pad);
    }    /**
     * 将数字转化成ASCII码对应的字符，用于对明文进行补码
     *
     * @param a 需要转化的数字
     * @return 转化得到的字符
     */
    public static char chr(int a) {        byte target = (byte) (a & 0xFF);        return (char) target;
    }
}

Call the method to decrypt as follows:

WechatOpenIdRes wechatInfo  = getWehatInfoByCode(code);        if(wechatInfo != null && wechatInfo.isOk()){            boolean isNew = true;            try {
                AES aes = new AES();                byte[] resultByte = aes.decrypt(Base64.decodeBase64(encryptedData), Base64.decodeBase64(wechatInfo.getSession_key()), Base64.decodeBase64(iv));                if(null != resultByte && resultByte.length > 0){
                    String userInfo = new String(WxPKCS7Encoder.decode(resultByte));
                    WxInfo wxInfo = GsonUtil.fromGson(userInfo, WxInfo.class);                    if(wxInfo != null) {
                        logger.debug("xxxxxunionid===="+wxInfo.getUnionId());
                    }
                }
            } catch (InvalidAlgorithmParameterException e) {
                e.printStackTrace();
            } catch (Exception e) {
                e.printStackTrace();
            }

The compilation environment is java1.8

In addition, the support package I introduced is

bcprov-jdk16-139.jar. This package has been uploaded as an attachment.

Attached is the small program js I tried. The code in it,

var code ="";
wechat.login()
      .then(function(res){
        code = res.code;        
      })
      .then(function(){        return wechat.getUserInfo();
      })
      .then(function(res){var encryptedData = res.encryptedDatavar iv = res.iv;return userservice.getUserToken(code,encryptedData,iv);
      })

The above code uses promise, the last sentence userservice.getUserToken is the method of requesting the server, and the parameters are the obtained code+encrypted content+initialization vector

More Please pay attention to the PHP Chinese website for related articles on WeChat applet java to implement AES decryption and obtain unionId!