fix: 加解密工具bug修复

1. AES解密方法,当加密内容为假值时,抛出异常 2. 微信消息解密方法,当推送xml没有Encrypt节点时,抛出异常
baaxl9vh · Aug 31, 2024 · efaabf2 · efaabf2
1 parent 12d1d1d
commit efaabf2
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/lib/utils/message-crypto.ts b/lib/utils/message-crypto.ts
@@ -55,13 +55,16 @@ export class MessageCrypto {
    * 对给定的密文进行AES解密
    * @param {Buffer} aesKey 
    * @param {Buffer} iv 
-   * @param {String} str 
+   * @param {String} encryptMessage 
    * @returns 
    */
-  public static decrypt (aesKey: Buffer, iv: Buffer, str: string) {
+  public static decrypt (aesKey: Buffer, iv: Buffer, encryptMessage: string) {
+    if (!encryptMessage) {
+      throw new Error('no encrypt message');
+    }
     const aesCipher = crypto.createDecipheriv('aes-256-cbc', aesKey, iv);
     aesCipher.setAutoPadding(false);
-    const decipheredBuff = MessageCrypto.PKCS7Decoder(Buffer.concat([aesCipher.update(str, 'base64'), aesCipher.final()]));
+    const decipheredBuff = MessageCrypto.PKCS7Decoder(Buffer.concat([aesCipher.update(encryptMessage, 'base64'), aesCipher.final()]));
     const data = decipheredBuff.slice(16);
     const msgLen = data.slice(0, 4).readUInt32BE(0);
     return data.slice(4, msgLen + 4).toString();
@@ -158,6 +161,9 @@ export class MessageCrypto {
     const parser = new XMLParser();
     const xml = parser.parse(encryptXml).xml;
     const encryptMessage = xml.Encrypt;
+    if (!encryptMessage) {
+      throw new Error('No Encrypt');
+    }
     if (signature !== MessageCrypto.sha1(token || '', timestamp, nonce, encryptMessage)) {
       throw new Error('signature incorrect');
     }