fix: AuthConfigs illegal base64 character: '$' (#7209)
- Add catch block, return getBytes result if base64 decode failed - Add JwtTokenManager unit test Closes #7203
This commit is contained in:
parent
c6adbcaa20
commit
d0b2c69d5e
@ -24,11 +24,13 @@ import com.alibaba.nacos.common.notify.listener.Subscriber;
|
|||||||
import com.alibaba.nacos.common.utils.ConvertUtils;
|
import com.alibaba.nacos.common.utils.ConvertUtils;
|
||||||
import com.alibaba.nacos.sys.env.EnvUtil;
|
import com.alibaba.nacos.sys.env.EnvUtil;
|
||||||
import io.jsonwebtoken.io.Decoders;
|
import io.jsonwebtoken.io.Decoders;
|
||||||
|
import io.jsonwebtoken.io.DecodingException;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
|
||||||
|
import java.nio.charset.StandardCharsets;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -90,7 +92,12 @@ public class AuthConfigs extends Subscriber<ServerConfigChangeEvent> {
|
|||||||
|
|
||||||
public byte[] getSecretKeyBytes() {
|
public byte[] getSecretKeyBytes() {
|
||||||
if (secretKeyBytes == null) {
|
if (secretKeyBytes == null) {
|
||||||
|
try {
|
||||||
secretKeyBytes = Decoders.BASE64.decode(secretKey);
|
secretKeyBytes = Decoders.BASE64.decode(secretKey);
|
||||||
|
} catch (DecodingException e) {
|
||||||
|
secretKeyBytes = secretKey.getBytes(StandardCharsets.UTF_8);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
return secretKeyBytes;
|
return secretKeyBytes;
|
||||||
}
|
}
|
||||||
@ -148,7 +155,8 @@ public class AuthConfigs extends Subscriber<ServerConfigChangeEvent> {
|
|||||||
cachingEnabled = EnvUtil.getProperty("nacos.core.auth.caching.enabled", Boolean.class, true);
|
cachingEnabled = EnvUtil.getProperty("nacos.core.auth.caching.enabled", Boolean.class, true);
|
||||||
serverIdentityKey = EnvUtil.getProperty("nacos.core.auth.server.identity.key", "");
|
serverIdentityKey = EnvUtil.getProperty("nacos.core.auth.server.identity.key", "");
|
||||||
serverIdentityValue = EnvUtil.getProperty("nacos.core.auth.server.identity.value", "");
|
serverIdentityValue = EnvUtil.getProperty("nacos.core.auth.server.identity.value", "");
|
||||||
enableUserAgentAuthWhite = EnvUtil.getProperty("nacos.core.auth.enable.userAgentAuthWhite", Boolean.class, false);
|
enableUserAgentAuthWhite = EnvUtil.getProperty("nacos.core.auth.enable.userAgentAuthWhite", Boolean.class,
|
||||||
|
false);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
LOGGER.warn("Upgrade auth config from env failed, use old value", e);
|
LOGGER.warn("Upgrade auth config from env failed, use old value", e);
|
||||||
}
|
}
|
||||||
|
@ -0,0 +1,60 @@
|
|||||||
|
/*
|
||||||
|
* Copyright 1999-2018 Alibaba Group Holding Ltd.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package com.alibaba.nacos.console.security.nacos;
|
||||||
|
|
||||||
|
import com.alibaba.nacos.auth.common.AuthConfigs;
|
||||||
|
import io.jsonwebtoken.lang.Assert;
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.junit.runner.RunWith;
|
||||||
|
import org.mockito.junit.MockitoJUnitRunner;
|
||||||
|
|
||||||
|
import java.lang.reflect.Field;
|
||||||
|
|
||||||
|
@RunWith(MockitoJUnitRunner.class)
|
||||||
|
public class JwtTokenManagerTest {
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testCreateTokenAndSecretKeyWithoutSpecialSymbol() throws NoSuchFieldException, IllegalAccessException {
|
||||||
|
createToken("SecretKey0123$567890$234567890123456789012345678901234567890123456789");
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testCreateTokenAndSecretKeyWithSpecialSymbol() throws NoSuchFieldException, IllegalAccessException {
|
||||||
|
createToken("SecretKey012345678901234567890123456789012345678901234567890123456789");
|
||||||
|
}
|
||||||
|
|
||||||
|
private void createToken(String secretKey) throws NoSuchFieldException, IllegalAccessException {
|
||||||
|
AuthConfigs authConfigs = new AuthConfigs();
|
||||||
|
injectProperty(authConfigs, "secretKey", secretKey);
|
||||||
|
injectProperty(authConfigs, "tokenValidityInSeconds", 300);
|
||||||
|
JwtTokenManager jwtTokenManager = new JwtTokenManager();
|
||||||
|
injectProperty(jwtTokenManager, "authConfigs", authConfigs);
|
||||||
|
String nacosToken = jwtTokenManager.createToken("nacos");
|
||||||
|
Assert.notNull(nacosToken);
|
||||||
|
jwtTokenManager.validateToken(nacosToken);
|
||||||
|
}
|
||||||
|
|
||||||
|
private void injectProperty(Object o, String propertyName, Object value)
|
||||||
|
throws NoSuchFieldException, IllegalAccessException {
|
||||||
|
Class<?> aClass = o.getClass();
|
||||||
|
Field declaredField = aClass.getDeclaredField(propertyName);
|
||||||
|
declaredField.setAccessible(true);
|
||||||
|
declaredField.set(o, value);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user