From 0105d5a6f4d997939c07a02754689e4d614233ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=92=80=E5=A2=83=E7=9F=B3?= <Kuanlan@outlook.com>
Date: Fri, 12 Jan 2024 17:49:41 +0800
Subject: [PATCH] =?UTF-8?q?=E3=80=90=E4=BC=81=E4=B8=9A=E5=BE=AE=E4=BF=A1?=
 =?UTF-8?q?=E3=80=91=E4=BF=AE=E5=A4=8D=20sun.security.util=20=E5=9C=A8?=
 =?UTF-8?q?=E9=AB=98=E7=89=88=E6=9C=AC=20java=20=E4=B8=AD=E6=97=A0?=
 =?UTF-8?q?=E6=B3=95=E8=AE=BF=E9=97=AE=E7=9A=84=E9=97=AE=E9=A2=98=EF=BC=8C?=
 =?UTF-8?q?=E6=94=B9=E4=B8=BA=E9=80=9A=E8=BF=87=20bouncycastle=20=E5=BA=93?=
 =?UTF-8?q?=E8=A7=A3=E6=9E=90=E7=A7=81=E9=92=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 weixin-java-cp/pom.xml                        |  5 +++++
 .../weixin/cp/util/crypto/WxCpCryptUtil.java  | 20 ++++++++++++-------
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/weixin-java-cp/pom.xml b/weixin-java-cp/pom.xml
index d679cb1203..ddca16256d 100644
--- a/weixin-java-cp/pom.xml
+++ b/weixin-java-cp/pom.xml
@@ -81,6 +81,11 @@
       <groupId>org.projectlombok</groupId>
       <artifactId>lombok</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcprov-jdk18on</artifactId>
+      <version>1.77</version>
+    </dependency>
 
     <dependency>
       <groupId>org.assertj</groupId>
diff --git a/weixin-java-cp/src/main/java/me/chanjar/weixin/cp/util/crypto/WxCpCryptUtil.java b/weixin-java-cp/src/main/java/me/chanjar/weixin/cp/util/crypto/WxCpCryptUtil.java
index 08ea292b4f..ade65a4f43 100755
--- a/weixin-java-cp/src/main/java/me/chanjar/weixin/cp/util/crypto/WxCpCryptUtil.java
+++ b/weixin-java-cp/src/main/java/me/chanjar/weixin/cp/util/crypto/WxCpCryptUtil.java
@@ -4,8 +4,7 @@
 import me.chanjar.weixin.common.util.crypto.WxCryptUtil;
 import me.chanjar.weixin.cp.config.WxCpConfigStorage;
 import org.apache.commons.lang3.StringUtils;
-import sun.security.util.DerInputStream;
-import sun.security.util.DerValue;
+import org.bouncycastle.asn1.pkcs.RSAPrivateKey;
 
 import javax.crypto.Cipher;
 import java.nio.charset.StandardCharsets;
@@ -105,11 +104,18 @@ public static String decryptPriKeyByPKCS1(String encryptRandomKey, String msgAud
       .replace(" ", "");
 
     byte[] keyBytes = Base64.getDecoder().decode(privateKey);
-    DerValue[] seq = new DerInputStream(keyBytes).getSequence(0);
-    RSAPrivateCrtKeySpec keySpec = new RSAPrivateCrtKeySpec(seq[1].getBigInteger(), seq[2].getBigInteger(),
-      seq[3].getBigInteger(), seq[4].getBigInteger(),
-      seq[5].getBigInteger(), seq[6].getBigInteger(),
-      seq[7].getBigInteger(), seq[8].getBigInteger());
+    // Java 8 以后 sun.security.util.DerInputStream 和 sun.security.util.DerValue 无法使用
+    // 因此改为通过 org.bouncycastle:bcprov-jdk18on 来完成 ASN1 编码数据解析
+    final RSAPrivateKey key = RSAPrivateKey.getInstance(keyBytes);
+    final RSAPrivateCrtKeySpec keySpec = new RSAPrivateCrtKeySpec(
+      key.getModulus(),
+      key.getPublicExponent(),
+      key.getPrivateExponent(),
+      key.getPrime1(),
+      key.getPrime2(),
+      key.getExponent1(),
+      key.getExponent2(),
+      key.getCoefficient());
 
     PrivateKey priKey = KeyFactory.getInstance("RSA").generatePrivate(keySpec);
     Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");