Skip to content

feat(miniapp): 实现小程序加密网络通道服务端支持,修复 HMAC 签名与错误处理 Bug#3969

Draft
Copilot wants to merge 3 commits intodevelopfrom
copilot/add-encrypted-network-channel
Draft

feat(miniapp): 实现小程序加密网络通道服务端支持,修复 HMAC 签名与错误处理 Bug#3969
Copilot wants to merge 3 commits intodevelopfrom
copilot/add-encrypted-network-channel

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 22, 2026
edited
Loading

微信小程序加密网络通道(getUserEncryptKey)API 已有基础实现,但存在签名计算错误、错误码判断缺陷,且缺少配套的 AES 加解密工具方法。

Bug 修复

WxMaInternetServiceImpl

  • HMAC-SHA256 key 格式错误sha256() 原先用 sessionKey.getBytes(UTF_8)(base64 字符串的 UTF-8 字节)作为 HMAC key,应改为 Base64.decodeBase64(sessionKey)(原始密钥字节),与微信其他加密 API 惯例一致
  • 错误码判断不完整errcode == -1 仅捕获单一错误码且有 NPE 风险,改为 errcode != null && errcode != 0

新增功能

WxMaCryptUtils 新增针对加密网络通道的 AES-128-CBC 工具方法,支持 getUserEncryptKey 返回的 Base64 编码 key 和 Hex 编码 iv:

// 服务端解密小程序加密请求体
String encryptKey = keyInfo.getEncryptKey();  // Base64,来自 getUserEncryptKey
String hexIv      = keyInfo.getIv();          // Hex
String plainText  = WxMaCryptUtils.decryptWithEncryptKey(encryptKey, hexIv, encryptedBody);

// 服务端加密响应体
String encrypted = WxMaCryptUtils.encryptWithEncryptKey(encryptKey, hexIv, responseJson);

hexToBytes() 内部辅助方法含输入校验(奇数长度、非法字符),非法输入抛出 IllegalArgumentException

Copilot AI linked an issue Apr 22, 2026 that may be closed by this pull request
小程序加密网络通道 #3967
Open
Copilot AI changed the title [WIP] Add encrypted network channel for mini program feat(miniapp): 实现小程序加密网络通道服务端支持,修复 HMAC 签名与错误处理 Bug Apr 22, 2026
Copilot AI requested a review from binarywang April 22, 2026 13:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@binarywang binarywang Awaiting requested review from binarywang

Assignees

@binarywang binarywang

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

小程序加密网络通道

2 participants

@binarywang