java 微信小程序登录 验证登录并获取用户信息

public class WeChatAppLoginReq
{
private String code;

private String rawData;

private String encryptedData;

private String iv;

private String signature;

public String getCode() {
return code;
}

public void setCode(String code) {
this.code = code;
}

public String getRawData() {
return rawData;
}

public void setRawData(String rawData) {
this.rawData = rawData;
}

public String getEncryptedData() {
return encryptedData;
}

public void setEncryptedData(String encryptedData) {
this.encryptedData = encryptedData;
}

public String getIv() {
return iv;
}

public void setIv(String iv) {
this.iv = iv;
}

public String getSignature() {
return signature;
}

public void setSignature(String signature) {
this.signature = signature;
}
}

import java.io.UnsupportedEncodingException;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.util.Date;
import java.util.Map;

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jose4j.base64url.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Component;
import org.springframework.web.client.RestTemplate;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.xiaoyi.sns.bean.dto.req.WeChatAppLoginReq;
import com.xiaoyi.sns.bean.po.spo.UserInfoPo;
import com.xiaoyi.sns.business.constant.Constants.UserType;
import com.xiaoyi.sns.business.impl.spo.UserInfoBiz;
import com.xiaoyi.sns.common.constant.ResponseMsg;
import com.xiaoyi.sns.common.exception.SystemException;
import com.xiaoyi.sns.common.util.HmacUtil;

/**
* Project Name: sns-business
* File Name: WeAppLoginBiz.java
* Date: 2017年1月13日下午1:06:17
* Author: zhao.zhibo@xiaoyi.com
* Explain: 微信小程序登录
*/
@Component
public class WeChatAppLoginBiz
{
private static final Logger logger = LoggerFactory.getLogger(WeChatAppLoginBiz.class);

@Autowired
private UserInfoBiz userInfoBiz;

public static boolean initialized = false;

private static final String APPID = "wx3c************b8";
private static final String SECRET = "75324***************500ae89726";

public Map<String,Object> login(WeChatAppLoginReq req)
{
//获取 session_key 和 openId
String url = "https://api.weixin.qq.com/sns/jscode2session?appid="+APPID+"&secret="+SECRET+"&js_code="+req.getCode()+"&grant_type=authorization_code";
RestTemplate restTemplate = new RestTemplate();
ResponseEntity<String>  responseEntity = restTemplate.exchange(url, HttpMethod.GET, null, String.class);
if(responseEntity != null && responseEntity.getStatusCode() == HttpStatus.OK)
{
String sessionData = responseEntity.getBody();
logger.info("sessionData = "+ sessionData);
JSONObject jsonObj = JSON.parseObject(sessionData);
String openId = jsonObj.getString("openid");
String sessionKey = jsonObj.getString("session_key");

String signature = HmacUtil.SHA1(req.getRawData()+sessionKey);
if(!signature.equals(req.getSignature()))
{
logger.info(" req signature="+req.getSignature());
logger.info(" java signature="+req.getSignature());
throw new SystemException(ResponseMsg.WECHAT_LOGIN_SIGNATURE_ERROR);
}
byte[] resultByte = null;
try {
resultByte = decrypt(Base64.decode(req.getEncryptedData()), Base64.decode(sessionKey), Base64.decode(req.getIv()));
} catch (Exception e) {
throw new SystemException(ResponseMsg.WECHAT_LOGIN_USER_ERROR);
}
if(null != resultByte && resultByte.length > 0)
{
String userInfoStr = "";
try {
userInfoStr = new String(resultByte, "UTF-8");
} catch (UnsupportedEncodingException e)
{
logger.error(e.getMessage());
}
logger.info("userInfo = "+ userInfoStr);
JSONObject userInfoObj = JSON.parseObject(userInfoStr);
UserInfoPo userPo = new UserInfoPo();
userPo.setName(userInfoObj.getString("nickName"));
userPo.setCreatedTime(new Date());
userPo.setGender(userInfoObj.getString("gender"));
userPo.setIcon(userInfoObj.getString("avatarUrl"));
userPo.setLoginId(userInfoObj.getString("unionId"));
userPo.setType((short)UserType.WeiXin);
userPo.setLoginType(UserType.WeChatApp);
//userPo.setNation(userInfoObj.getString("city"));

//userInfoObj.getString("city");
//userInfoObj.getString("province");
//userInfoObj.getString("country");
Map<String,Object> data = userInfoBiz.insertOrUpdate(userPo);

return data;
}else
{
throw new SystemException(ResponseMsg.WECHAT_LOGIN_USER_ERROR);
}

}else
{
throw new SystemException(ResponseMsg.WECHAT_LOGIN_CODE_ERROR);
}
}

private byte[] decrypt(byte[] content, byte[] keyByte, byte[] ivByte) throws InvalidAlgorithmParameterException {
initialize();
try {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
Key sKeySpec = new SecretKeySpec(keyByte, "AES");

cipher.init(Cipher.DECRYPT_MODE, sKeySpec, generateIV(ivByte));// 初始化
byte[] result = cipher.doFinal(content);
return result;
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
9d35

} catch (NoSuchProviderException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return null;
}

public static void initialize(){
if (initialized) return;
Security.addProvider(new BouncyCastleProvider());
initialized = true;
}
//生成iv
public static AlgorithmParameters generateIV(byte[] iv) throws Exception{
AlgorithmParameters params = AlgorithmParameters.getInstance("AES");
params.init(new IvParameterSpec(iv));
return params;
}
}

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class HmacUtil {

public static String SHA1(String str){
try {
//指定sha1算法
MessageDigest digest = MessageDigest.getInstance("SHA-1");
digest.update(str.getBytes());
//获取字节数组
byte messageDigest[] = digest.digest();
// Create Hex String
StringBuffer hexString = new StringBuffer();
// 字节数组转换为 十六进制 数
for (int i = 0; i < messageDigest.length; i++) {
String shaHex = Integer.toHexString(messageDigest[i] & 0xFF);
if (shaHex.length() < 2) {
hexString.append(0);
}
hexString.append(shaHex);
}
return hexString.toString().toLowerCase();

} catch (NoSuchAlgorithmException e) {
return "";
}
}
}