微信支付：小微商戶申請入駐第三步：平臺證書序列號解密和敏感詞加密

時間 2019-12-08

標籤微信支付商戶申請第三步平臺證書序列號解密敏感加密简体版

原文原文鏈接

首先，仍是上微信官方連接

微信官方平臺證書解密指引php

微信官方敏感詞加密指引java

平臺證書解密

定義接口

首先，因爲平臺證書獲取，跟解密，都是平臺證書這貨的，那就放在同一個service吧。對了，pom文件以前文章有，就不粘貼了，也能夠去github查看git

/** * 平臺序證書獲取 */
public interface CertFicatesService {
    String getCertFicates();

    /** * 平臺證書解密 * @param associatedData * @param nonce * @param cipherText * @param apiv3Key * @return */
    String decryptCertSN(String associatedData, String nonce, String cipherText, String apiv3Key)throws Exception;
}


複製代碼

參數確認

四個參數： associatedData， nonce， cipherText， apiv3Key。github

回顧一下獲取平臺證書序列號返回的結果，由於咱們須要對其解密api

<certificates><![CDATA[{"data":[{"serial_no":"42A5C4F7F70D57D0576BBEDA0E0928D6E5C4
F003","effective_time":"2017-08-18 14:52:04","expire_time":"2022-08-17
14:52:04","encrypt_certificate":{"algorithm":"AEAD_AES_256_GCM","nonce":"bfcb2bd59
c97","associated_data":"certificate","ciphertext":"vQ4N+lLNvtIhaV5Gqao44mbYBSaz3bZ
4Md3M4f+OuquEJrp+/v4gA//UZqnQ1G0roYqnSMfcsRFj7ItTCP0tbYregpYqBKd4NSLiF/m1o01JD/9nz
d3pBwBUJenUzvE1cuMO+fookaBYr+Z5AfesXUUmvl5qAbD3Yj+5GuMIkTCQcn4W6rls/W2YDo3o3T9sWtl
5A/5w+U/Wsb9/UefNow6ND+2MAWRm1GK5tRTkBGVKMt699SM4p0pUns3D4g3slz6zeYIFY3+x+NzrxNq+O
v7I4e/wkp1s3QJd3vctDC4j5btvpCvdEIrBmzzTKzmJ+qhHIRVpXqiMTtOWSpCcTCptUt4v/ZrIlMihESd
ruDv7Zj4984+4tzBqmQ/Mt1Bwbs8RyKYe2UufmXSMyOeCW06TtkXduZ7M2QSKE4kTlRerEGPatymglepMn
jpSMX/CnwaSaHcIBWN2oNjAcuBdMGFlbv05owBlkEZm4sRgZR9EMDIX/N469TUsJ3yXVLuN2k6XaAEM5wp
X/Hc15R1o1rhpnLjGZpZoKOVpmcyqw5/0uBQgAAaTXOGgr6L2mrSsp9Au4J0hIX/SjfrjaovXEZTvSM+1o
GlJmRVLZ+jxjTD/al7X2xsjTleYYggp4EN4aaC4DTwUNcAAzhHF9R7e+bIfyopa2FF+exXC9kZUYLywg9b
wKOJwhkykz7NM669gXLjlyEu6W9gIa8sa3HKSfeLfcpTan7Ev9BjRbowQYmn7RZEyvizKJHJU3ge04OIme
JFY4fT8JahzaOT8BQnvP4g2ZT65r4jQwXEbFqOJNH5SdRlTL+3oCqkgMx+1wccaj9ZKqxY9EFDwZgjLZWo
ySJvIbDQfEayo1pRzlcF9MbuFyGH0vblRLSx3viCc/q6oUkx2OjRw1Hp3sdtFGZMS2OE1+xICymLPglHuM
zGkGYwl7ZxbotiXKkqAN46Zd7hNcTwHhxMjQXcoaUoGNEKK1fRZrBv0eUjhES8GbZvzS7+Xm1SR8dKTNMQ
yEvFesUY143nFt1GK+/bJR+0l2dz0zgpJGAS4yKBkWdsTng0a/jzRbMryRy+fAjWGfvHlVcXXD5b51kx1P
3pxcQdMe3K0al+40gLilbegFUVPXhZ04BVgxiWHfeRPnDVwVXFzHG7MAjmPWS0PFzJupZExuy+jxIf5oyH
LcYjnl2jwNNcWdzm5AFWYqy5oQI88lcOBx1X+fGuZTKAopk8/2zCa7uu9ILSyVBf801wagINDhxSNemoDo
RPE0lvIYE/ax7RQehQ2Q3F2JNmpP6EfP1KZsT6nSWLBf1M5tvX/pAsPbYowNCgrwXLa68L5e03ScplSZrJ
WP7H3UcGxq9fRLgOYnF7ocRr0iviSRGVmSDqdtpIWwhb+UoAw4347hTQsEHRhYQdR6fTryiANB+H+6SnRJ
any/cozFV11J03w6h9Lmx95OJGYwF8Cei8S3pNkHpq90o7eUq2PmfS/wwxL3ZyJFPS8OY05zR4ykRnwir4
L2X1RyCVoV34AAzVsvr93fVNPHtY3yf+i6sDWb4yGaXaYMM/cOnNs7wrxME44in+YZtPduI+8MZ5EGTbaq
jJzrGnrbDnb515OOXg6gk+eV+bJkMXxxoNQGOkLCCI5pN+wrrokXRYhFZbYSkLd/rkg+T3JS23nO1TYOej
ewvatmQ97i9OFxNrwxOzDL9E87jLj26Wm+VSbm/SNafEh0eU0owwyVskg7evUe7XxcBErXC8M87MuK6AJo
/IhhivYlEb/d+wG2r0gV7VesAjYC2n3ZAI1oz78WMMTmj6IqXgDc20uNmGYX0IEB+cxpJwejEfV72ArStq
zumUzw3YhvD4L7Ozq0b6Y2gao88MONn9nevnydq5IvsG0bsGutXCFwjhYGxLyqigGIkVkXeq+BbxFpNxbo
gkB43cM"}}]}]]></certificates> 
複製代碼

裏面找到了associated_data，nonce，ciphertext 。都找到了微信

呃。。。。apiv3Key這玩意找不到，那沒辦法了，就這樣吧ide

apiv3Key

我直接上微信官方圖工具

你會發現，頁面很熟悉，這不就是大明湖畔的那個誰誰誰嗎？測試

快去重置獲取吧，哈哈，反正我是忘了放哪了。編碼

劃重點~這邊就有短短的密鑰，要保存好。

4個參數完成

編寫實現類

@Override
    public String decryptCertSN(String associatedData, String nonce, String cipherText, String apiv3Key) throws Exception{
        final Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "SunJCE");
        SecretKeySpec key = new SecretKeySpec(apiv3Key.getBytes(), "AES");
        GCMParameterSpec spec = new GCMParameterSpec(128, nonce.getBytes());
        cipher.init(Cipher.DECRYPT_MODE, key, spec);
        cipher.updateAAD(associatedData.getBytes());
        return new String(cipher.doFinal(Base64.getDecoder().decode(cipherText)));
    }
複製代碼

編寫測試類，開始測試

@RunWith(SpringRunner.class)
@SpringBootTest
@Slf4j
public class CertFicatesServiceImplTest {
    @Autowired
    private CertFicatesService certFicatesService;

    @Test
    public void decryptCertSNTest() {
        try {
            String decertContent = certFicatesService.decryptCertSN("associatedData", "nonce", "cipherText", "apiv3Key");
            log.info("content = {}",decertContent);
        } catch (Exception e) {
            log.error("解密異常啦 {}", e);
        }
    }

}
複製代碼

開始敏感詞加密工具類

丟代碼

import javax.crypto.Cipher;
import javax.security.cert.X509Certificate;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.PublicKey;
import java.util.Base64;

public class EncryptionUtils {
    private static final String CIPHER_PROVIDER = "SunJCE";
    private static final String TRANSFORMATION_PKCS1Paddiing = "RSA/ECB/PKCS1Padding";

    private static final String CHAR_ENCODING = "UTF-8";//固定值，無須修改


    //數據加密方法
    private static byte[] encryptPkcs1padding(PublicKey publicKey, byte[] data) throws Exception {
        Cipher ci = Cipher.getInstance(TRANSFORMATION_PKCS1Paddiing, CIPHER_PROVIDER);
        ci.init(Cipher.ENCRYPT_MODE, publicKey);
        return ci.doFinal(data);
    }
    //加密後的祕文，使用base64編碼方法
    private static String encodeBase64(byte[] bytes) throws Exception {
        return Base64.getEncoder().encodeToString(bytes);
    }
    /** * 對敏感內容（入參Content）加密 * path 爲平臺序列號接口解密後的密鑰 pem 路徑 */
    public static String rsaEncrypt(String Content, String path) throws Exception {
        final byte[] PublicKeyBytes = Files.readAllBytes(Paths.get(path));
        X509Certificate certificate = X509Certificate.getInstance(PublicKeyBytes);
        PublicKey publicKey = certificate.getPublicKey();

        return encodeBase64(encryptPkcs1padding(publicKey, Content.getBytes(CHAR_ENCODING)));
    }

    /** * 爲了本身方便，多加個個傳內容的，由於我解密後並無保存到文件裏，而是本身從新解密 * 要問爲何？ * 需求有多個服務商號，沒辦法 * @param Content * @param certStr * @return * @throws Exception */
    public static String rsaEncryptByCert(String Content, String certStr) throws Exception {
        X509Certificate certificate = X509Certificate.getInstance(certStr.getBytes());
        PublicKey publicKey = certificate.getPublicKey();
        return encodeBase64(encryptPkcs1padding(publicKey, Content.getBytes(CHAR_ENCODING)));
    }

}
複製代碼

你要問爲何？？ 官方給的

編寫測試類

@Test
    public void decryptCertSNTest() {
        try {
            String content = certFicatesService.decryptCertSN("associatedData", "nonce", "cipherText", "apiv3Key");
            String encrypt = EncryptionUtils.rsaEncryptByCert("個人身份證", content);
            log.info("身份證的密文了 {}",encrypt);
        } catch (Exception e) {
            log.error("解密異常啦 {}", e);
        }
    }
複製代碼