diff --git a/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/jwt/NacosJwtParser.java b/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/jwt/NacosJwtParser.java index 4adfa6f3ec0..0a18bfbbaae 100644 --- a/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/jwt/NacosJwtParser.java +++ b/plugin-default-impl/nacos-default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/jwt/NacosJwtParser.java @@ -19,6 +19,8 @@ import com.alibaba.nacos.plugin.auth.exception.AccessException; import com.alibaba.nacos.plugin.auth.impl.users.NacosUser; import com.alibaba.nacos.plugin.auth.impl.utils.Base64Decode; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import javax.crypto.spec.SecretKeySpec; import java.security.Key; @@ -32,12 +34,15 @@ */ @SuppressWarnings("PMD.UndefineMagicConstantRule") public class NacosJwtParser { + + private static final Logger LOG = LoggerFactory.getLogger(NacosJwtParser.class); private final NacosSignatureAlgorithm signatureAlgorithm; private final Key key; public NacosJwtParser(String base64edKey) { + this.validKey(base64edKey); byte[] decode = Base64Decode.decode(base64edKey); int bitLength = decode.length << 3; if (bitLength < 256) { @@ -58,6 +63,14 @@ public NacosJwtParser(String base64edKey) { } this.key = new SecretKeySpec(decode, signatureAlgorithm.getJcaName()); } + + private void validKey(String base64edKey) { + int length = base64edKey.toCharArray().length; + if (length % 4 != 0) { + LOG.warn("The secret Key currently in use is not a standard Base64 encoding" + + " and will no longer be supported in future versions;"); + } + } private String sign(NacosJwtPayload payload) { return signatureAlgorithm.sign(payload, key);