The following test fails:
This is because the value of the decrypted variable has a null byte (%00) at the end. To get the test to pass, I called trim():
I'm not sure why this is happening at this stage, or the appropriate resolution. The AesBytesEncryptor is using AES with PKCS5 which should care for padding handling for both encrypt/decrypt operations. I'm puzzled as to why a null byte is being tacked on.
This problem manifested itself in the Greenhouse reference application as a OAuth Signature Verification Failure. The NUL (%00) byte is the culprit.