From 163f1efd43b37882858bb44c7379bb59d631103b Mon Sep 17 00:00:00 2001 From: Looly Date: Sat, 10 Feb 2024 08:37:13 +0800 Subject: [PATCH] =?UTF-8?q?=E9=80=9A=E8=BF=87=E6=B7=BB=E5=8A=A0=E7=B3=BB?= =?UTF-8?q?=E7=BB=9F=E5=B1=9E=E6=80=A7hutool.crypto.decodeHex=E5=BC=BA?= =?UTF-8?q?=E5=88=B6=E5=85=B3=E9=97=ADhex=E8=AF=86=E5=88=AB=E4=BB=A5?= =?UTF-8?q?=E8=A7=A3=E5=86=B3hex=E5=92=8CBase64=E6=AD=A7=E4=B9=89=E9=97=AE?= =?UTF-8?q?=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 1 + .../src/main/java/cn/hutool/crypto/SecureUtil.java | 13 ++++++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ceb863ea8..7ebb247df 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ * 【http 】 修复HtmlUtil.removeHtmlAttr处理空格问题(issue#I8YV0K@Gitee) * 【core 】 修复CollUtil.containsAll在coll2长度大于coll1时逻辑歧义问题(issue#I8Z2Q4@Gitee) * 【poi 】 修复当sheetName 不存在时,ExcelUtil.getReader方法不会释放文件问题(issue#I8ZIQC@Gitee) +* 【crypto】 通过添加系统属性hutool.crypto.decodeHex强制关闭hex识别以解决hex和Base64歧义问题(issue#I90M9D@Gitee) ------------------------------------------------------------------------------------------------------------- # 5.8.25(2024-01-11) diff --git a/hutool-crypto/src/main/java/cn/hutool/crypto/SecureUtil.java b/hutool-crypto/src/main/java/cn/hutool/crypto/SecureUtil.java index b27280777..bb901d683 100755 --- a/hutool-crypto/src/main/java/cn/hutool/crypto/SecureUtil.java +++ b/hutool-crypto/src/main/java/cn/hutool/crypto/SecureUtil.java @@ -3,10 +3,7 @@ package cn.hutool.crypto; import cn.hutool.core.codec.Base64; import cn.hutool.core.io.FileUtil; import cn.hutool.core.lang.Validator; -import cn.hutool.core.util.ArrayUtil; -import cn.hutool.core.util.HexUtil; -import cn.hutool.core.util.ObjectUtil; -import cn.hutool.core.util.StrUtil; +import cn.hutool.core.util.*; import cn.hutool.crypto.asymmetric.AsymmetricAlgorithm; import cn.hutool.crypto.asymmetric.RSA; import cn.hutool.crypto.asymmetric.Sign; @@ -56,6 +53,9 @@ import java.util.Map; */ public class SecureUtil { + /** Hutool自定义系统属性:是否解码Hex字符 issue#I90M9D */ + public static String HUTOOL_CRYPTO_DECODE_HEX = "hutool.crypto.decodeHex"; + /** * 默认密钥字节数 * @@ -1014,7 +1014,10 @@ public class SecureUtil { * @since 4.3.3 */ public static byte[] decode(String key) { - return Validator.isHex(key) ? HexUtil.decodeHex(key) : Base64.decode(key); + // issue#I90M9D + // 某些特殊字符串会无法区分Hex还是Base64,此处使用系统属性强制关闭Hex解析 + final boolean decodeHex = SystemPropsUtil.getBoolean(HUTOOL_CRYPTO_DECODE_HEX, true); + return (decodeHex && Validator.isHex(key)) ? HexUtil.decodeHex(key) : Base64.decode(key); } /**