Foreword:
Recently, the company made an Alipay small program project, using Alipay userId as the unique user id, and decryptedData in the background decrypted the mobile phone number information bound to the user Alipay.
Parameters: authToken and encryptedData are both imported from the front end, and need to be developed in coordination with the front end.
The text begins:
Post code:
1.authtoken get userId front-end document back-end document
public String findUserId(String authCode) throws AdminException, AlipayApiException {
AlipayClient alipayClient = new DefaultAlipayClient(AlipayConfig.url, AlipayConfig.app_id, AlipayConfig.private_key, AlipayConfig.format, AlipayConfig.charset, AlipayConfig.public_key, AlipayConfig.signtype);
AlipaySystemOauthTokenRequest request = new AlipaySystemOauthTokenRequest();
request.setGrantType("authorization_code");
request.setCode(authCode);
// request.setRefreshToken("201208134b203fe6c11548bcabd8da5bb087a83b");
AlipaySystemOauthTokenResponse response = alipayClient.execute(request);
//String accessToken = response.getAccessToken();
if (response.isSuccess()) {
//log.info("调用成功");
//log.info("支付宝用户唯一id:" + response.getUserId());
// log.info("token令牌:" + response.getAccessToken()); //访问令牌。通过该令牌调用需要授权类接口
return response.getUserId();
}
return null;
}I haven't used the accessToken in it, you can use it to uncomment it, you can get it by pro test.
2.encryptedData decrypt the phone number:
//解密手机号
JSONObject jsonObject =JSONObject.parseObject(userSmallLoginRequest.getEncryptedData());
String phoneResult = AESCBCUtil.RealDecrypt(jsonObject.getString("response"), AlipayConfig.aesSecretKey);
JSONObject jsonObject1 = JSONObject.parseObject(phoneResult);
if(!"10000".equals(jsonObject1.getString("code"))){
throw new AdminException("用户手机号解密失败");
}
String phone = jsonObject1.getString("mobile");AlipayConfig.aesSecretKey is the key set by Alipay applet
Sticker tools:
package com.dq.utils;
import com.alipay.api.internal.util.codec.Base64;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
/**
* @author: martin
* @date: 2018/8/21 20:11
* @description:
*/
public class AESCBCUtil {
/**
*
* @param content 密文
* @param key aes密钥
* @return 原文
*/
public static String RealDecrypt(String content, String key) throws Exception {
//反序列化AES密钥
SecretKeySpec keySpec = new SecretKeySpec(Base64.decodeBase64(key.getBytes()), "AES");
//128bit全零的IV向量
byte[] iv = new byte[16];
for (int i = 0; i < iv.length; i++) {
iv[i] = 0;
}
IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
//初始化加密器并加密
Cipher deCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
deCipher.init(Cipher.DECRYPT_MODE, keySpec, ivParameterSpec);
byte[] encryptedBytes = Base64.decodeBase64(content.getBytes());
byte[] bytes = deCipher.doFinal(encryptedBytes);
return new String(bytes);
}
}
Which userSmallLoginRequest.getEncryptedData () for incoming encrypted string, phone is to get the phone number, JSONObject Ali Baba fastjson, the front end of the code is to obtain official link :
my.getPhoneNumber({
success: (res) => {
let encryptedData = res.response;
my.request({
url: '你的后端服务端',
data: encryptedData,
});
},
fail: (res) => {
console.log(res);
console.log('getPhoneNumber_fail');
},
});The data format passed into the backend should be:
{"response": "","xx":"xxx"}The format parsed by our business logic should be:
{
"code": "10000",
"msg": "Success",
"mobile": "1597671905"
}Mobile is the mobile phone number, it's gone.
