From c0aa835d19eb6a542ab853f6f16f9988415ff550 Mon Sep 17 00:00:00 2001
From: sh <sh@zkr.com>
Date: Mon, 20 Oct 2025 17:07:59 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E5=BE=AE=E4=BF=A1=E6=8E=88?=
 =?UTF-8?q?=E6=9D=83=E7=99=BB=E5=BD=95=E5=8F=82=E6=95=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/com/ruoyi/cms/util/WechatUtil.java   | 20 ++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/ruoyi-bussiness/src/main/java/com/ruoyi/cms/util/WechatUtil.java b/ruoyi-bussiness/src/main/java/com/ruoyi/cms/util/WechatUtil.java
index afe1266..d43ac00 100644
--- a/ruoyi-bussiness/src/main/java/com/ruoyi/cms/util/WechatUtil.java
+++ b/ruoyi-bussiness/src/main/java/com/ruoyi/cms/util/WechatUtil.java
@@ -205,6 +205,20 @@ public class WechatUtil {
         return tokenConent;
     }
 
+    /**
+     * 获取appid和session_key
+     * @param url
+     * @return
+     */
+    private String getAccessData(String url) {
+        String str = "";
+        String result = HttpUtil.get(url, CharsetUtil.CHARSET_UTF_8);
+        System.out.println("result=============="+result);
+        if (StringUtils.isEmpty(result))
+            return str;
+        return result;
+    }
+
     private String byteToHex(final byte[] hash) {
         Formatter formatter = new Formatter();
         for (byte b : hash) {
@@ -223,7 +237,7 @@ public class WechatUtil {
      */
     public JSONObject code2Session(String code) {
         try {
-            String response = getAccessTokenData("https://api.weixin.qq.com/sns/jscode2session?appid="+appid+"&secret="+secret+"&js_code="+code+"&grant_type=authorization_code");
+            String response = getAccessData("https://api.weixin.qq.com/sns/jscode2session?appid="+appid+"&secret="+secret+"&js_code="+code+"&grant_type=authorization_code");
             JSONObject result = JSONObject.parseObject(response);
             // 微信返回错误码处理
             if (result.containsKey("errcode") && result.getInteger("errcode") != 0) {
@@ -250,8 +264,8 @@ public class WechatUtil {
             byte[] sessionKeyBytes = Base64.getDecoder().decode(sessionKey);
             byte[] ivBytes = Base64.getDecoder().decode(iv);
 
-            // 2. 初始化 AES-128-CBC 解密器（微信固定加密算法）
-            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
+            // 2. 初始化 AES-128-CBC 解密器（使用PKCS5Padding替换PKCS7Padding，两者在AES中效果一致）
+            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
             SecretKeySpec keySpec = new SecretKeySpec(sessionKeyBytes, "AES");
             IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);
             cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);