[ISSUE #11887] add some tips for upgrade (#12434)

alibaba · Jul 29, 2024 · 927fbfd · 927fbfd
1 parent 3e28b58
commit 927fbfd
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/...ault-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/jwt/NacosJwtParser.java b/...ault-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/jwt/NacosJwtParser.java
@@ -19,6 +19,8 @@
 import com.alibaba.nacos.plugin.auth.exception.AccessException;
 import com.alibaba.nacos.plugin.auth.impl.users.NacosUser;
 import com.alibaba.nacos.plugin.auth.impl.utils.Base64Decode;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import javax.crypto.spec.SecretKeySpec;
 import java.security.Key;
@@ -32,12 +34,15 @@
  */
 @SuppressWarnings("PMD.UndefineMagicConstantRule")
 public class NacosJwtParser {
+
+    private static final Logger LOG = LoggerFactory.getLogger(NacosJwtParser.class);
 
     private final NacosSignatureAlgorithm signatureAlgorithm;
 
     private final Key key;
 
     public NacosJwtParser(String base64edKey) {
+        this.validKey(base64edKey);
         byte[] decode = Base64Decode.decode(base64edKey);
         int bitLength = decode.length << 3;
         if (bitLength < 256) {
@@ -58,6 +63,14 @@ public NacosJwtParser(String base64edKey) {
         }
         this.key = new SecretKeySpec(decode, signatureAlgorithm.getJcaName());
     }
+
+    private void validKey(String base64edKey) {
+        int length = base64edKey.toCharArray().length;
+        if (length % 4 != 0) {
+            LOG.warn("The secret Key currently in use is not a standard Base64 encoding"
+                    + " and will no longer be supported in future versions;");
+        }
+    }
 
     private String sign(NacosJwtPayload payload) {
         return signatureAlgorithm.sign(payload, key);