修复SymmetricCrypto.setParams和setRandom没有加锁问题

2025-04-05 17:37:59 +08:00 · 2024-08-13 23:08:08 +08:00 · 2024-08-13 23:08:08 +08:00 · 1cd3f633c9
commit 1cd3f633c9
parent 67b8bc1332
4 changed files with 98 additions and 51 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,11 +2,12 @@
 # 🚀Changelog

 -------------------------------------------------------------------------------------------------------------
-# 5.8.32(2024-08-12)
+# 5.8.32(2024-08-13)

 ### 🐣新特性

 ### 🐞Bug修复
+* 【crypto 】      修复SymmetricCrypto.setParams和setRandom没有加锁问题（issue#IAJIY3@Github）

 -------------------------------------------------------------------------------------------------------------
 # 5.8.31(2024-08-12)
--- a/hutool-crypto/src/main/java/cn/hutool/crypto/asymmetric/AsymmetricCrypto.java
+++ b/hutool-crypto/src/main/java/cn/hutool/crypto/asymmetric/AsymmetricCrypto.java
@ -168,7 +168,12 @@ public class AsymmetricCrypto extends AbstractAsymmetricCrypto<AsymmetricCrypto>
 	 * @param encryptBlockSize 加密块大小
 	 */
 	public void setEncryptBlockSize(int encryptBlockSize) {
-		this.encryptBlockSize = encryptBlockSize;
+		lock.lock();
+		try{
+			this.encryptBlockSize = encryptBlockSize;
+		}finally {
+			lock.unlock();
+		}
 	}

 	/**
@ -186,7 +191,12 @@ public class AsymmetricCrypto extends AbstractAsymmetricCrypto<AsymmetricCrypto>
 	 * @param decryptBlockSize 解密块大小
 	 */
 	public void setDecryptBlockSize(int decryptBlockSize) {
-		this.decryptBlockSize = decryptBlockSize;
+		lock.lock();
+		try{
+			this.decryptBlockSize = decryptBlockSize;
+		}finally {
+			lock.unlock();
+		}
 	}

 	/**
@ -208,7 +218,12 @@ public class AsymmetricCrypto extends AbstractAsymmetricCrypto<AsymmetricCrypto>
 	 * @since 5.4.3
 	 */
 	public void setAlgorithmParameterSpec(AlgorithmParameterSpec algorithmParameterSpec) {
-		this.cipherWrapper.setParams(algorithmParameterSpec);
+		lock.lock();
+		try{
+			this.cipherWrapper.setParams(algorithmParameterSpec);
+		}finally {
+			lock.unlock();
+		}
 	}

 	/**
@ -219,14 +234,24 @@ public class AsymmetricCrypto extends AbstractAsymmetricCrypto<AsymmetricCrypto>
 	 * @since 5.7.17
 	 */
 	public AsymmetricCrypto setRandom(SecureRandom random) {
-		this.cipherWrapper.setRandom(random);
+		lock.lock();
+		try{
+			this.cipherWrapper.setRandom(random);
+		}finally {
+			lock.unlock();
+		}
 		return this;
 	}

 	@Override
 	public AsymmetricCrypto init(String algorithm, PrivateKey privateKey, PublicKey publicKey) {
-		super.init(algorithm, privateKey, publicKey);
-		initCipher();
+		lock.lock();
+		try{
+			super.init(algorithm, privateKey, publicKey);
+			initCipher();
+		}finally {
+			lock.unlock();
+		}
 		return this;
 	}

--- a/hutool-crypto/src/main/java/cn/hutool/crypto/asymmetric/Sign.java
+++ b/hutool-crypto/src/main/java/cn/hutool/crypto/asymmetric/Sign.java
@ -31,10 +31,13 @@ import java.util.Set;
 public class Sign extends BaseAsymmetric<Sign> {
 	private static final long serialVersionUID = 1L;

-	/** 签名，用于签名和验证 */
+	/**
+	 * 签名，用于签名和验证
+	 */
 	protected Signature signature;

 	// ------------------------------------------------------------------ Constructor start
+
 	/**
 	 * 构造，创建新的私钥公钥对
 	 *
@ -57,9 +60,9 @@ public class Sign extends BaseAsymmetric<Sign> {
 	 * 构造 私钥和公钥同时为空时生成一对新的私钥和公钥<br>
 	 * 私钥和公钥可以单独传入一个，如此则只能使用此钥匙来做签名或验证
 	 *
-	 * @param algorithm {@link SignAlgorithm}
+	 * @param algorithm     {@link SignAlgorithm}
 	 * @param privateKeyStr 私钥Hex或Base64表示
-	 * @param publicKeyStr 公钥Hex或Base64表示
+	 * @param publicKeyStr  公钥Hex或Base64表示
 	 */
 	public Sign(SignAlgorithm algorithm, String privateKeyStr, String publicKeyStr) {
 		this(algorithm.getValue(), SecureUtil.decode(privateKeyStr), SecureUtil.decode(publicKeyStr));
@ -69,9 +72,9 @@ public class Sign extends BaseAsymmetric<Sign> {
 	 * 构造 私钥和公钥同时为空时生成一对新的私钥和公钥<br>
 	 * 私钥和公钥可以单独传入一个，如此则只能使用此钥匙来做签名或验证
 	 *
-	 * @param algorithm {@link SignAlgorithm}
+	 * @param algorithm  {@link SignAlgorithm}
 	 * @param privateKey 私钥
-	 * @param publicKey 公钥
+	 * @param publicKey  公钥
 	 */
 	public Sign(SignAlgorithm algorithm, byte[] privateKey, byte[] publicKey) {
 		this(algorithm.getValue(), privateKey, publicKey);
@ -82,7 +85,7 @@ public class Sign extends BaseAsymmetric<Sign> {
 	 * 私钥和公钥可以单独传入一个，如此则只能使用此钥匙来做签名或验证
 	 *
 	 * @param algorithm {@link SignAlgorithm}
-	 * @param keyPair 密钥对（包括公钥和私钥）
+	 * @param keyPair   密钥对（包括公钥和私钥）
 	 */
 	public Sign(SignAlgorithm algorithm, KeyPair keyPair) {
 		this(algorithm.getValue(), keyPair);
@ -92,9 +95,9 @@ public class Sign extends BaseAsymmetric<Sign> {
 	 * 构造 私钥和公钥同时为空时生成一对新的私钥和公钥<br>
 	 * 私钥和公钥可以单独传入一个，如此则只能使用此钥匙来做签名或验证
 	 *
-	 * @param algorithm {@link SignAlgorithm}
+	 * @param algorithm  {@link SignAlgorithm}
 	 * @param privateKey 私钥
-	 * @param publicKey 公钥
+	 * @param publicKey  公钥
 	 */
 	public Sign(SignAlgorithm algorithm, PrivateKey privateKey, PublicKey publicKey) {
 		this(algorithm.getValue(), privateKey, publicKey);
@ -104,51 +107,50 @@ public class Sign extends BaseAsymmetric<Sign> {
 	 * 构造 私钥和公钥同时为空时生成一对新的私钥和公钥<br>
 	 * 私钥和公钥可以单独传入一个，如此则只能使用此钥匙来做签名或验证
 	 *
-	 * @param algorithm 非对称加密算法
+	 * @param algorithm        非对称加密算法
 	 * @param privateKeyBase64 私钥Base64
-	 * @param publicKeyBase64 公钥Base64
+	 * @param publicKeyBase64  公钥Base64
 	 */
 	public Sign(String algorithm, String privateKeyBase64, String publicKeyBase64) {
 		this(algorithm, Base64.decode(privateKeyBase64), Base64.decode(publicKeyBase64));
 	}

 	/**
-	 * 构造
-	 *
+	 * 构造<br>
 	 * 私钥和公钥同时为空时生成一对新的私钥和公钥<br>
 	 * 私钥和公钥可以单独传入一个，如此则只能使用此钥匙来做签名或验证
 	 *
-	 * @param algorithm 算法
+	 * @param algorithm  算法
 	 * @param privateKey 私钥
-	 * @param publicKey 公钥
+	 * @param publicKey  公钥
 	 */
 	public Sign(String algorithm, byte[] privateKey, byte[] publicKey) {
 		this(algorithm, //
-				SecureUtil.generatePrivateKey(algorithm, privateKey), //
-				SecureUtil.generatePublicKey(algorithm, publicKey)//
+			SecureUtil.generatePrivateKey(algorithm, privateKey), //
+			SecureUtil.generatePublicKey(algorithm, publicKey)//
 		);
 	}

 	/**
-	 * 构造 私钥和公钥同时为空时生成一对新的私钥和公钥<br>
+	 * 构造<br>
+	 * 私钥和公钥同时为空时生成一对新的私钥和公钥<br>
 	 * 私钥和公钥可以单独传入一个，如此则只能使用此钥匙来做签名或验证
 	 *
 	 * @param algorithm 算法，见{@link SignAlgorithm}
-	 * @param keyPair 密钥对（包括公钥和私钥）
+	 * @param keyPair   密钥对（包括公钥和私钥）
 	 */
 	public Sign(String algorithm, KeyPair keyPair) {
 		this(algorithm, keyPair.getPrivate(), keyPair.getPublic());
 	}

 	/**
-	 * 构造
-	 *
+	 * 构造<br>
 	 * 私钥和公钥同时为空时生成一对新的私钥和公钥<br>
 	 * 私钥和公钥可以单独传入一个，如此则只能使用此钥匙来做签名或验证
 	 *
-	 * @param algorithm 算法
+	 * @param algorithm  算法
 	 * @param privateKey 私钥
-	 * @param publicKey 公钥
+	 * @param publicKey  公钥
 	 */
 	public Sign(String algorithm, PrivateKey privateKey, PublicKey publicKey) {
 		super(algorithm, privateKey, publicKey);
@ -158,15 +160,20 @@ public class Sign extends BaseAsymmetric<Sign> {
 	/**
 	 * 初始化
 	 *
-	 * @param algorithm 算法
+	 * @param algorithm  算法
 	 * @param privateKey 私钥
-	 * @param publicKey 公钥
+	 * @param publicKey  公钥
 	 * @return this
 	 */
 	@Override
 	public Sign init(String algorithm, PrivateKey privateKey, PublicKey publicKey) {
-		signature = SecureUtil.createSignature(algorithm);
-		super.init(algorithm, privateKey, publicKey);
+		lock.lock();
+		try {
+			signature = SecureUtil.createSignature(algorithm);
+			super.init(algorithm, privateKey, publicKey);
+		} finally {
+			lock.unlock();
+		}
 		return this;
 	}

@ -178,19 +185,23 @@ public class Sign extends BaseAsymmetric<Sign> {
 	 * @since 4.6.5
 	 */
 	public Sign setParameter(AlgorithmParameterSpec params) {
+		lock.lock();
 		try {
 			this.signature.setParameter(params);
 		} catch (InvalidAlgorithmParameterException e) {
 			throw new CryptoException(e);
+		} finally {
+			lock.unlock();
 		}
 		return this;
 	}

 	// --------------------------------------------------------------------------------- Sign and Verify
+
 	/**
 	 * 生成文件签名
 	 *
-	 * @param data 被签名数据
+	 * @param data    被签名数据
 	 * @param charset 编码
 	 * @return 签名
 	 * @since 5.7.0
@ -213,7 +224,7 @@ public class Sign extends BaseAsymmetric<Sign> {
 	/**
 	 * 生成文件签名，并转为16进制字符串
 	 *
-	 * @param data 被签名数据
+	 * @param data    被签名数据
 	 * @param charset 编码
 	 * @return 签名
 	 * @since 5.7.0
@ -281,7 +292,7 @@ public class Sign extends BaseAsymmetric<Sign> {
 	 * 生成签名，并转为16进制字符串<br>
 	 * 使用默认缓存大小，见 {@link IoUtil#DEFAULT_BUFFER_SIZE}
 	 *
-	 * @param data 被签名数据
+	 * @param data         被签名数据
 	 * @param bufferLength 缓存长度，不足1使用 {@link IoUtil#DEFAULT_BUFFER_SIZE} 做为默认值
 	 * @return 签名
 	 * @since 5.7.0
@ -293,12 +304,12 @@ public class Sign extends BaseAsymmetric<Sign> {
 	/**
 	 * 生成签名
 	 *
-	 * @param data {@link InputStream} 数据流
+	 * @param data         {@link InputStream} 数据流
 	 * @param bufferLength 缓存长度，不足1使用 {@link IoUtil#DEFAULT_BUFFER_SIZE} 做为默认值
 	 * @return 签名bytes
 	 * @since 5.7.0
 	 */
-	public byte[] sign(InputStream data, int bufferLength){
+	public byte[] sign(InputStream data, int bufferLength) {
 		if (bufferLength < 1) {
 			bufferLength = IoUtil.DEFAULT_BUFFER_SIZE;
 		}
--- a/hutool-crypto/src/main/java/cn/hutool/crypto/symmetric/SymmetricCrypto.java
+++ b/hutool-crypto/src/main/java/cn/hutool/crypto/symmetric/SymmetricCrypto.java
@ -170,14 +170,13 @@ public class SymmetricCrypto implements SymmetricEncryptor, SymmetricDecryptor,
 	}

 	/**
-	 * 设置 {@link AlgorithmParameterSpec}，通常用于加盐或偏移向量
+	 * 设置偏移向量
 	 *
-	 * @param params {@link AlgorithmParameterSpec}
+	 * @param iv 偏移向量，加盐
 	 * @return 自身
 	 */
-	public SymmetricCrypto setParams(AlgorithmParameterSpec params) {
-		this.cipherWrapper.setParams(params);
-		return this;
+	public SymmetricCrypto setIv(byte[] iv) {
+		return setIv(new IvParameterSpec(iv));
 	}

 	/**
@ -191,13 +190,19 @@ public class SymmetricCrypto implements SymmetricEncryptor, SymmetricDecryptor,
 	}

 	/**
-	 * 设置偏移向量
+	 * 设置 {@link AlgorithmParameterSpec}，通常用于加盐或偏移向量
 	 *
-	 * @param iv 偏移向量，加盐
+	 * @param params {@link AlgorithmParameterSpec}
 	 * @return 自身
 	 */
-	public SymmetricCrypto setIv(byte[] iv) {
-		return setIv(new IvParameterSpec(iv));
+	public SymmetricCrypto setParams(AlgorithmParameterSpec params) {
+		lock.lock();
+		try {
+			this.cipherWrapper.setParams(params);
+		} finally {
+			lock.unlock();
+		}
+		return this;
 	}

 	/**
@ -207,8 +212,13 @@ public class SymmetricCrypto implements SymmetricEncryptor, SymmetricDecryptor,
 	 * @return this
 	 * @since 5.7.17
 	 */
-	public SymmetricCrypto setRandom(SecureRandom random){
-		this.cipherWrapper.setRandom(random);
+	public SymmetricCrypto setRandom(SecureRandom random) {
+		lock.lock();
+		try {
+			this.cipherWrapper.setRandom(random);
+		} finally {
+			lock.unlock();
+		}
 		return this;
 	}

@ -221,7 +231,7 @@ public class SymmetricCrypto implements SymmetricEncryptor, SymmetricDecryptor,
 	 * @return this
 	 * @since 5.7.12
 	 */
-	public SymmetricCrypto setMode(CipherMode mode){
+	public SymmetricCrypto setMode(CipherMode mode) {
 		lock.lock();
 		try {
 			initMode(mode.getValue());
@ -383,7 +393,7 @@ public class SymmetricCrypto implements SymmetricEncryptor, SymmetricDecryptor,
 	private SymmetricCrypto initParams(String algorithm, AlgorithmParameterSpec paramsSpec) {
 		if (null == paramsSpec) {
 			byte[] iv = Opt.ofNullable(cipherWrapper)
-					.map(CipherWrapper::getCipher).map(Cipher::getIV).get();
+				.map(CipherWrapper::getCipher).map(Cipher::getIV).get();

 			// 随机IV
 			if (StrUtil.startWithIgnoreCase(algorithm, "PBE")) {