首页 发现 帮助
注册 登录
github
/
spring-security
镜像自地址 https://github.com/spring-projects/spring-security
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

remove 32-byte minimum keyLength restriction in `Base64StringKeyGenerator` (#17012)

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
Andrey Litvitski 3 月之前
父节点
c22091d8be
当前提交
3b492a9628
共有 2 个文件被更改,包括 8 次插入6 次删除
分列视图 显示文件统计
  1. 4 3
      crypto/src/main/java/org/springframework/security/crypto/keygen/Base64StringKeyGenerator.java
  2. 4 3
      crypto/src/test/java/org/springframework/security/crypto/keygen/Base64StringKeyGeneratorTests.java

+ 4 - 3
crypto/src/main/java/org/springframework/security/crypto/keygen/Base64StringKeyGenerator.java
查看文件 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright 2002-2018 the original author or authors.
 
+ * Copyright 2002-2025 the original author or authors.
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
@@ -24,6 +24,7 @@ import java.util.Base64;
 
  *
 
  * @author Joe Grandja
 
  * @author Rob Winch
 
+ * @author Andrey Litvitski
 
  * @since 5.0
 
  */
 
 public class Base64StringKeyGenerator implements StringKeyGenerator {
 
@@ -67,8 +68,8 @@ public class Base64StringKeyGenerator implements StringKeyGenerator {
 
 		if (encoder == null) {
 
 			throw new IllegalArgumentException("encode cannot be null");
 
 		}
 
-		if (keyLength < DEFAULT_KEY_LENGTH) {
 
-			throw new IllegalArgumentException("keyLength must be greater than or equal to " + DEFAULT_KEY_LENGTH);
 
+		if (keyLength <= 0) {
 
+			throw new IllegalArgumentException("keyLength must be greater than 0");
 
 		}
 
 		this.encoder = encoder;
 
 		this.keyGenerator = KeyGenerators.secureRandom(keyLength);

+ 4 - 3
crypto/src/test/java/org/springframework/security/crypto/keygen/Base64StringKeyGeneratorTests.java
查看文件 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright 2002-2017 the original author or authors.
 
+ * Copyright 2002-2025 the original author or authors.
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
@@ -25,13 +25,14 @@ import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException
 
 
 /**
 
  * @author Rob Winch
 
+ * @author Andrey Litvitski
 
  * @since 5.0
 
  */
 
 public class Base64StringKeyGeneratorTests {
 
 
 	@Test
 
-	public void constructorIntWhenLessThan32ThenIllegalArgumentException() {
 
-		assertThatIllegalArgumentException().isThrownBy(() -> new Base64StringKeyGenerator(31));
 
+	public void constructorIntWhenEqual0ThenIllegalArgumentException() {
 
+		assertThatIllegalArgumentException().isThrownBy(() -> new Base64StringKeyGenerator(0));
 
 	}
 
 
 	@Test