fix(wxapi): 修复 AES 解密结果结尾有冗余的空白字符问题

2026-02-11 10:16:20 +08:00 · 2021-10-18 17:31:32 +08:00
parent 9e801ce419
commit b6c9d9885a
1 changed files with 9 additions and 12 deletions
--- a/src/SKIT.FlurlHttpClient.Wechat.Api/Utilities/AESUtility.cs
+++ b/src/SKIT.FlurlHttpClient.Wechat.Api/Utilities/AESUtility.cs
@@ -11,13 +11,13 @@ namespace SKIT.FlurlHttpClient.Wechat.Api.Utilities
    public static class AESUtility
    {
        /// <summary>
-        /// 解密数据。
+        /// 基于 CBC 模式解密数据。
        /// </summary>
        /// <param name="keyBytes">AES 密钥字节数组。</param>
        /// <param name="ivBytes">加密使用的初始化向量字节数组。</param>
        /// <param name="cipherBytes">待解密数据字节数组。</param>
        /// <returns>解密后的数据字节数组。</returns>
-        public static byte[] Decrypt(byte[] keyBytes, byte[] ivBytes, byte[] cipherBytes)
+        public static byte[] DecryptWithCBC(byte[] keyBytes, byte[] ivBytes, byte[] cipherBytes)
        {
            if (keyBytes == null) throw new ArgumentNullException(nameof(keyBytes));
            if (ivBytes == null) throw new ArgumentNullException(nameof(ivBytes));
@@ -25,32 +25,29 @@ namespace SKIT.FlurlHttpClient.Wechat.Api.Utilities

            using (SymmetricAlgorithm aes = Aes.Create())
            {
+                aes.Mode = CipherMode.CBC;
+                aes.Padding = PaddingMode.PKCS7;
                aes.Key = keyBytes;
                aes.IV = ivBytes;

-                using (Stream ms = new MemoryStream(cipherBytes))
-                using (Stream cs = new CryptoStream(ms, aes.CreateDecryptor(), CryptoStreamMode.Read))
-                {
-                    byte[] plainBytes = new byte[cipherBytes.Length];
-                    cs.Read(plainBytes, 0, plainBytes.Length);
-                    return plainBytes;
-                }
+                using ICryptoTransform transform = aes.CreateDecryptor();
+                return transform.TransformFinalBlock(cipherBytes, 0, cipherBytes.Length);
            }
        }

        /// <summary>
-        /// 解密数据。
+        /// 基于 CBC 模式解密数据。
        /// </summary>
        /// <param name="encodingKey">经 Base64 编码后的 AES 密钥。</param>
        /// <param name="encodingIV">经 Base64 编码后的 AES 初始化向量。</param>
        /// <param name="encodingCipherText">经 Base64 编码后的待解密数据。</param>
        /// <returns>解密后的文本数据。</returns>
-        public static string Decrypt(string encodingKey, string encodingIV, string encodingCipherText)
+        public static string DecryptWithCBC(string encodingKey, string encodingIV, string encodingCipherText)
        {
            if (encodingKey == null) throw new ArgumentNullException(nameof(encodingKey));
            if (encodingCipherText == null) throw new ArgumentNullException(nameof(encodingCipherText));

-            byte[] plainBytes = Decrypt(
+            byte[] plainBytes = DecryptWithCBC(
                keyBytes: Convert.FromBase64String(encodingKey),
                ivBytes: Convert.FromBase64String(encodingIV),
                cipherBytes: Convert.FromBase64String(encodingCipherText)