接收微信加密消息时解密报错-java.security.InvalidKeyException: Illegal key size（本机解密正常，服务器解密报错）

墨蓝 2023-10-10 21:30 26阅读 0赞

#### 目录 ####

*   *  一、报错信息
     *  为什么会产生这样的错误？
     *  二、解决
     *   *  情况一：security\`没有\`policy目录
         *  情况二：security\`存在\`policy目录

--------------------

记录在对接微信接口时出现的问题，对微信消息进行解密时报错，在本地进行解密是正常的，但部署到服务器进行解密就会报错

--------------------

### 一、报错信息 ###

java.security.InvalidKeyException: Illegal key size
    	at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1039)
    	at javax.crypto.Cipher.implInit(Cipher.java:805)
    	at javax.crypto.Cipher.chooseProvider(Cipher.java:864)
    	at javax.crypto.Cipher.init(Cipher.java:1396)
    	at javax.crypto.Cipher.init(Cipher.java:1327)
    	at qq.weixin.mp.aes.WXBizMsgCrypt.decrypt(WXBizMsgCrypt.java:162)
    	at qq.weixin.mp.aes.WXBizMsgCrypt.decryptMsg(WXBizMsgCrypt.java:267)
    	at com.xxx.util.MessageUtil.buildMsg4Receive(MessageUtil.java:228)
    	at com.xxx.util.RocketMQMessageUtil.wechatInfo4Xml(RocketMQMessageUtil.java:181)
    	at com.xxx.util.RocketMQMessageUtil.put2RocketWorkQueue(RocketMQMessageUtil.java:45)
    	at com.xxx.wechat.controller.WechatMessageController.wechatMessagePost(WechatMessageController.java:154)
    	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    	at java.lang.reflect.Method.invoke(Method.java:498)
    	at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:189)
    	at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)
    	at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102)
    	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
    	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:800)
    	at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
    	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1038)
    	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942)
    	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005)
    	at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:908)
    	at javax.servlet.http.HttpServlet.service(HttpServlet.java:681)
    	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882)
    	at javax.servlet.http.HttpServlet.service(HttpServlet.java:764)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:123)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:130)
    	at org.springframework.boot.web.servlet.support.ErrorPageFilter.access$000(ErrorPageFilter.java:66)
    	at org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:105)
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    	at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:123)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
    	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
    	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)
    	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
    	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
    	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698)
    	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
    	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:367)
    	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:639)
    	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
    	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:882)
    	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1647)
    	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
    	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
    	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    	at java.lang.Thread.run(Thread.java:748)

--------------------

### 为什么会产生这样的错误？ ###

我们做Java开发，或是Android开发，都会先在电脑上安装JDK(Java Development Kit) 并配置环境变量，JDK也就是 Java 语言的软件开发工具包，JDK中包含有JRE（Java Runtime Environment，即：Java运行环境），JRE中包括Java虚拟机（Java Virtual Machine）、Java核心类库和支持文件，而我们今天要说的主角就在Java的核心类库中。在Java的核心类库中有一个JCE（Java Cryptography Extension），JCE是一组包，它们提供用于加密、密钥生成和协商以及 Message Authentication Code（MAC）算法的框架和实现，所以这个是实现加密解密的重要类库。

在我们安装的JRE目录下有这样一个文件夹：%JAVE\_HOME%\\jre\\lib\\security（%JAVE\_HOME%是自己电脑的Java路径，一版默认是：C:\\Program Files\\Java，具体看自己当时安装JDK和JRE时选择的路径是什么），其中包含有两个.jar文件：“local\_policy.jar ”和“US\_export\_policy.jar”，也就是我们平时说的jar包，再通俗一点说就是Java中包含的类库（Sun公司的程序大牛封装的类库，供使用Java开发的程序员使用），这两个jar包就是我们JCE中的核心类库了。JRE中自带的“local\_policy.jar ”和“US\_export\_policy.jar”是支持128位密钥的加密算法，而当我们要使用256位密钥算法的时候，已经超出它的范围，无法支持，所以才会报：“java.security.InvalidKeyException: Illegal key size or default parameters”的异常

--------------------

### 二、解决 ###

**到官方下载JCE无限制权限策略文件**

JDK5: [http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-java-plat-419418.html\#jce\_policy-1.5.0-oth-JPR][http_www.oracle.com_technetwork_java_javasebusiness_downloads_java-archive-downloads-java-plat-419418.html_jce_policy-1.5.0-oth-JPR]

JDK6: [http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html][http_www.oracle.com_technetwork_java_javase_downloads_jce-6-download-429243.html]

JDK7的下载地址: [http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html][http_www.oracle.com_technetwork_java_javase_downloads_jce-7-download-432124.html]

JDK8的下载地址: [http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html][http_www.oracle.com_technetwork_java_javase_downloads_jce8-download-2133166.html]

这里以JDK1.8为例，进入下载页面，选择下载即可（`没有Oracle账户的话需要进行注册`）

![在这里插入图片描述][b3ddd9bbe3f2412da017738b19e7e54a.png]

将文件解压后，文件结构如下

![在这里插入图片描述][3d7491a1dd884984b35d699fc0ef2c47.png]

下载后解压，可以看到local\_policy.jar和US\_export\_policy.jar以及readme.txt

如果安装了JRE，要将两个jar文件放到%JRE\_HOME%\\lib\\security目录下覆盖原来的文件

如果安装了JDK，还要将两个jar文件也放到%JDK\_HOME%\\jre\\lib\\security目录下覆盖原来文件

**具体操作**

#### 情况一：security`没有`policy目录 ####

![在这里插入图片描述][52c407e0f306401a84a5f9d1f5685008.png]

#### 情况二：security`存在`policy目录 ####

![在这里插入图片描述][10c60fa05a9740de89e0185656c32375.png]

替换完成后重启tomcat即可

[http_www.oracle.com_technetwork_java_javasebusiness_downloads_java-archive-downloads-java-plat-419418.html_jce_policy-1.5.0-oth-JPR]: http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-java-plat-419418.html#jce_policy-1.5.0-oth-JPR
[http_www.oracle.com_technetwork_java_javase_downloads_jce-6-download-429243.html]: http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
[http_www.oracle.com_technetwork_java_javase_downloads_jce-7-download-432124.html]: http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
[http_www.oracle.com_technetwork_java_javase_downloads_jce8-download-2133166.html]: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
[b3ddd9bbe3f2412da017738b19e7e54a.png]: https://img-blog.csdnimg.cn/b3ddd9bbe3f2412da017738b19e7e54a.png
[3d7491a1dd884984b35d699fc0ef2c47.png]: https://img-blog.csdnimg.cn/3d7491a1dd884984b35d699fc0ef2c47.png
[52c407e0f306401a84a5f9d1f5685008.png]: https://img-blog.csdnimg.cn/52c407e0f306401a84a5f9d1f5685008.png
[10c60fa05a9740de89e0185656c32375.png]: https://img-blog.csdnimg.cn/10c60fa05a9740de89e0185656c32375.png