String decrypt(String text) { byte[] original; try { // 设置解密模式为AES的CBC模式 Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding"); SecretKeySpec key_spec = new SecretKeySpec(aesKey, "AES"); IvParameterSpec iv = new IvParameterSpec(Arrays.copyOfRange(aesKey, 0, 16)); cipher.init(Cipher.DECRYPT_MODE, key_spec, iv); // 使用BASE64对密文进行解码 byte[] encrypted = Base64.decodeBase64(text); // 解密 original = cipher.doFinal(encrypted); } catch (Exception e) { e.printStackTrace(); throw new AesException(AesException.DecryptAESError); } String xmlContent, from_id; try { // 去除补位字符 byte[] bytes = PKCS7Encoder.decode(original); // 分离16位随机字符串,网络字节序和AppId byte[] networkOrder = Arrays.copyOfRange(bytes, 16, 20); int xmlLength = recoverNetworkBytesOrder(networkOrder); System.out.println("xmlLength = " + xmlLength); xmlContent = new String(Arrays.copyOfRange(bytes, 20, 20 + xmlLength), CHARSET); from_id = new String(Arrays.copyOfRange(bytes, 20 + xmlLength, bytes.length), CHARSET); } catch (Exception e) { e.printStackTrace(); throw new AesException(AesException.IllegalBuffer); } // appid不相同的情况 if (StringUtils.isBlank(appid) && !from_id.equals(receiveid)) { throw new AesException(AesException.ValidateAppidError); } return xmlContent; } 说明：企业微信消息回调解密正常，xmlLength 二三百；公众号消息解密时，xmlLength 是一个正负十位整数。创建URL时，企业微信需要解密echostr并返回解密后的字符串，而微信公众号直接返回无需解密，是否不是一个解密体系？为什么企业微信公众平台——公众号的上文档中的解密SDK，企业微信消息可以使用，公众号却使用不了，企业项目比较急！急需要解决！ 日志： 2022-03-15 11:07:56.762  INFO 11212 --- [nio-8001-exec-1] c.g.wx.cp.controller.WXKeFuController    : 接收到回调：keFuId 1001, msg_signature e6e1869e1f94cf73f140ba0c96719956eddaf762, timestamp 1647313676, nonce 699393265 sPostData = <xml>     <ToUserName><![CDATA[gh_251e2d32914a]]></ToUserName>     <Encrypt><![CDATA[DF8rpixK6xQaLGPCM2QECCmQ1aNVCeDDr4ByF1r4ZoINJWpYwtBp8KMHCplPFTvf3Cv/wKjsCEDUxoZQpQyntIZIExeEr7glp4N+4+v+wCkWd0Kodm2cBkXPV6wXwW8aaiwWAIkqPKMU+ki5u+xqySVHAwhUg4KnQOw5XGhbrGC5JDCCPd6XtHT48aQ0xFdkzHoeVgyDDnqp4e4d4zPDVx6UIyTOh3tXd6NvAHIOEG1Gn2g8trZvrs88bBCXjtS2tY/1+ETGTZI7Bj+iu2m/l/eGyvQmEMAJlV6D2GZL/uPFXvrzdm2ThSZfz5epPcjWu6NbxyyFrT0UKMHkEmNccWxvGiasLG7/T6gGiqJzyhQN48NcN33Q2wp9q6WUARkUacC3sFNwI1dPQsaXjmmXgO/hDJrJVotkSv1D5sP+J0c=]]></Encrypt> </xml> encrypt = DF8rpixK6xQaLGPCM2QECCmQ1aNVCeDDr4ByF1r4ZoINJWpYwtBp8KMHCplPFTvf3Cv/wKjsCEDUxoZQpQyntIZIExeEr7glp4N+4+v+wCkWd0Kodm2cBkXPV6wXwW8aaiwWAIkqPKMU+ki5u+xqySVHAwhUg4KnQOw5XGhbrGC5JDCCPd6XtHT48aQ0xFdkzHoeVgyDDnqp4e4d4zPDVx6UIyTOh3tXd6NvAHIOEG1Gn2g8trZvrs88bBCXjtS2tY/1+ETGTZI7Bj+iu2m/l/eGyvQmEMAJlV6D2GZL/uPFXvrzdm2ThSZfz5epPcjWu6NbxyyFrT0UKMHkEmNccWxvGiasLG7/T6gGiqJzyhQN48NcN33Q2wp9q6WUARkUacC3sFNwI1dPQsaXjmmXgO/hDJrJVotkSv1D5sP+J0c= appid = wxde9c540c3328dbcc 第三方收到URL中的签名：e6e1869e1f94cf73f140ba0c96719956eddaf762 第三方校验签名：e6e1869e1f94cf73f140ba0c96719956eddaf762 xmlLength = -566866243 java.lang.IllegalArgumentException: 20 > -566866223 at java.util.Arrays.copyOfRange(Arrays.java:3519) at com.gyhn.wx.cp.model.qywx.WXBizMsgCrypt.decrypt(WXBizMsgCrypt.java:281) at com.gyhn.wx.cp.model.qywx.WXBizMsgCrypt.decryptMsg(WXBizMsgCrypt.java:365) ........................... 2022-03-15 11:07:56.799 ERROR 11212 --- [nio-8001-exec-1] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is com.gyhn.wx.cp.model.AesException: 解密后得到的buffer非法] with root cause com.gyhn.wx.cp.model.AesException: 解密后得到的buffer非法 at com.gyhn.wx.cp.model.qywx.WXBizMsgCrypt.decrypt(WXBizMsgCrypt.java:286) ~[classes/:na] at com.gyhn.wx.cp.model.qywx.WXBizMsgCrypt.decryptMsg(WXBizMsgCrypt.java:365) ~[classes/:na] ........................... 出错代码 int xmlLength = recoverNetworkBytesOrder(networkOrder); xmlContent = new String(Arrays.copyOfRange(bytes, 20, 20 + xmlLength), CHARSET);

recoverNetworkBytesOrder这个方法获取的数值太大了，导致oom [图片]