Java 版本:1.8.0_172
官方 sdk 下载地址:https://developers.weixin.qq.com/doc/oplatform/Third-party_Platforms/2.0/api/Before_Develop/Message_encryption_and_decryption.html,通过示例代码-点击下载
问题:收到视频号小店回调消息,解密时出现堆溢出
原因:在方法 com.qq.weixin.mp.aes.WXBizMsgCrypt#decrypt 解密时,计算 xmlLength 错误,取值过大,导致 Arrays.copyOfRange 时创建 byte[] 过大,最后堆溢出
截图:
在解密之前我们是已经验证 signature 了,所以请求应该是对的,下面是测试用的 main 方法,AppID:wx946a0126faf05117
public static void main(String[] args) throws AesException {
String token = "7tyam";
String aesKey = "chwjjgre8aoqs85shbjxwn3q7eucsdprwgev6wx8an9";
String msgSignature = "f7a3294c2d63c71fba4903dbaf59bcc299e93000";
String timestamp = "1683744260";
String nonce = "2039739693";
String encrypt = "/CwHNJaI7TWZjv6HrvBN3OMWPck2Wmv+KimPFi2Z2PHpDd/T7p5Almay/bqRm/PgOTTHuKBSZbuqwkELV/u8PG30poUraIfu+Owok6lw2BA72pQ7maLPt6QmbZASlCpZRetGbNefupH+x01wzB5HIqcyhYUXKJyo771+TQsHpm+zEbadD+s3gMtiU6OxYBdnLp/HA1p/opUqnxXPs62JRIxUQpVKSBYsvLpUPwGiY9XoOXz1n1Pzeh6SkA+EpNafTyBmi51/CB0+mDjfcTTmZOdBfkRyRor13JTmgMz3S+T5D9hY/Ob0ntq1LR+Er66z/X7oAqXgbBonBmjHvOeMuJtDyWkSRfVkIcnxZwdoH93nZEQNIv00l+PZxJh6Uq+N";
WXBizMsgCrypt pc = new WXBizMsgCrypt(token, aesKey, null);
String decryptMsg = pc.VerifyURL(msgSignature, timestamp, nonce, encrypt);
log.info("微信视频号小店回调入参,decryptMsg={}", decryptMsg);
}
视频号小店与商品相关问题,可以附上帐号资料与问题描述发送到邮箱 weixinliveshop@tencent.com 进行咨询了解。