修改微信授权逻辑

2025-10-20 19:49:28 +08:00
parent 418c22d78d
commit e56a8a285d
8 changed files with 66 additions and 32 deletions
--- a/ruoyi-bussiness/src/main/java/com/ruoyi/cms/util/WechatUtil.java
+++ b/ruoyi-bussiness/src/main/java/com/ruoyi/cms/util/WechatUtil.java
@@ -266,6 +266,15 @@ public class WechatUtil {
            byte[] sessionKeyBytes = Base64.getDecoder().decode(sessionKey);
            byte[] ivBytes = Base64.getDecoder().decode(iv);

+            // 2. 验证session_key长度（AES-128要求密钥长度为16字节）
+            if (sessionKeyBytes.length != 16) {
+                throw new RuntimeException("session_key长度错误，应为16字节");
+            }
+            // 验证iv长度（CBC模式下iv长度必须与块大小一致，AES为16字节）
+            if (ivBytes.length != 16) {
+                throw new RuntimeException("iv长度错误，应为16字节");
+            }
+
            // 2. 初始化 AES-128-CBC 解密器（使用PKCS5Padding替换PKCS7Padding，两者在AES中效果一致）
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            SecretKeySpec keySpec = new SecretKeySpec(sessionKeyBytes, "AES");