收藏
回答

视频号小店回调消息官方sdk解密失败?

Java 版本:1.8.0_172

官方 sdk 下载地址:https://developers.weixin.qq.com/doc/oplatform/Third-party_Platforms/2.0/api/Before_Develop/Message_encryption_and_decryption.html,通过示例代码-点击下载

问题:收到视频号小店回调消息,解密时出现堆溢出

原因:在方法 com.qq.weixin.mp.aes.WXBizMsgCrypt#decrypt 解密时,计算 xmlLength 错误,取值过大,导致 Arrays.copyOfRange 时创建 byte[] 过大,最后堆溢出

截图:

在解密之前我们是已经验证 signature 了,所以请求应该是对的,下面是测试用的 main 方法,AppID:wx946a0126faf05117

public static void main(String[] args) throws AesException {
   String token = "7tyam";
   String aesKey = "chwjjgre8aoqs85shbjxwn3q7eucsdprwgev6wx8an9";
   String msgSignature = "f7a3294c2d63c71fba4903dbaf59bcc299e93000";
   String timestamp = "1683744260";
   String nonce = "2039739693";
   String encrypt = "/CwHNJaI7TWZjv6HrvBN3OMWPck2Wmv+KimPFi2Z2PHpDd/T7p5Almay/bqRm/PgOTTHuKBSZbuqwkELV/u8PG30poUraIfu+Owok6lw2BA72pQ7maLPt6QmbZASlCpZRetGbNefupH+x01wzB5HIqcyhYUXKJyo771+TQsHpm+zEbadD+s3gMtiU6OxYBdnLp/HA1p/opUqnxXPs62JRIxUQpVKSBYsvLpUPwGiY9XoOXz1n1Pzeh6SkA+EpNafTyBmi51/CB0+mDjfcTTmZOdBfkRyRor13JTmgMz3S+T5D9hY/Ob0ntq1LR+Er66z/X7oAqXgbBonBmjHvOeMuJtDyWkSRfVkIcnxZwdoH93nZEQNIv00l+PZxJh6Uq+N";

   WXBizMsgCrypt pc = new WXBizMsgCrypt(token, aesKey, null);
   String decryptMsg = pc.VerifyURL(msgSignature, timestamp, nonce, encrypt);
   log.info("微信视频号小店回调入参,decryptMsg={}", decryptMsg);
}


回答关注问题邀请回答
收藏

2 个回答

登录 后发表内容