From 1cd3f633c91a75e0ebcaaae4e8fc5fe969fbc6a4 Mon Sep 17 00:00:00 2001 From: Looly Date: Tue, 13 Aug 2024 23:08:08 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8DSymmetricCrypto.setParams?= =?UTF-8?q?=E5=92=8CsetRandom=E6=B2=A1=E6=9C=89=E5=8A=A0=E9=94=81=E9=97=AE?= =?UTF-8?q?=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 3 +- .../crypto/asymmetric/AsymmetricCrypto.java | 37 ++++++++-- .../cn/hutool/crypto/asymmetric/Sign.java | 73 +++++++++++-------- .../crypto/symmetric/SymmetricCrypto.java | 36 +++++---- 4 files changed, 98 insertions(+), 51 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a3ff4228a..e277ab89a 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,11 +2,12 @@ # 🚀Changelog ------------------------------------------------------------------------------------------------------------- -# 5.8.32(2024-08-12) +# 5.8.32(2024-08-13) ### 🐣新特性 ### 🐞Bug修复 +* 【crypto 】 修复SymmetricCrypto.setParams和setRandom没有加锁问题(issue#IAJIY3@Github) ------------------------------------------------------------------------------------------------------------- # 5.8.31(2024-08-12) diff --git a/hutool-crypto/src/main/java/cn/hutool/crypto/asymmetric/AsymmetricCrypto.java b/hutool-crypto/src/main/java/cn/hutool/crypto/asymmetric/AsymmetricCrypto.java index 25f5661c4..86b59cef3 100644 --- a/hutool-crypto/src/main/java/cn/hutool/crypto/asymmetric/AsymmetricCrypto.java +++ b/hutool-crypto/src/main/java/cn/hutool/crypto/asymmetric/AsymmetricCrypto.java @@ -168,7 +168,12 @@ public class AsymmetricCrypto extends AbstractAsymmetricCrypto * @param encryptBlockSize 加密块大小 */ public void setEncryptBlockSize(int encryptBlockSize) { - this.encryptBlockSize = encryptBlockSize; + lock.lock(); + try{ + this.encryptBlockSize = encryptBlockSize; + }finally { + lock.unlock(); + } } /** @@ -186,7 +191,12 @@ public class AsymmetricCrypto extends AbstractAsymmetricCrypto * @param decryptBlockSize 解密块大小 */ public void setDecryptBlockSize(int decryptBlockSize) { - this.decryptBlockSize = decryptBlockSize; + lock.lock(); + try{ + this.decryptBlockSize = decryptBlockSize; + }finally { + lock.unlock(); + } } /** @@ -208,7 +218,12 @@ public class AsymmetricCrypto extends AbstractAsymmetricCrypto * @since 5.4.3 */ public void setAlgorithmParameterSpec(AlgorithmParameterSpec algorithmParameterSpec) { - this.cipherWrapper.setParams(algorithmParameterSpec); + lock.lock(); + try{ + this.cipherWrapper.setParams(algorithmParameterSpec); + }finally { + lock.unlock(); + } } /** @@ -219,14 +234,24 @@ public class AsymmetricCrypto extends AbstractAsymmetricCrypto * @since 5.7.17 */ public AsymmetricCrypto setRandom(SecureRandom random) { - this.cipherWrapper.setRandom(random); + lock.lock(); + try{ + this.cipherWrapper.setRandom(random); + }finally { + lock.unlock(); + } return this; } @Override public AsymmetricCrypto init(String algorithm, PrivateKey privateKey, PublicKey publicKey) { - super.init(algorithm, privateKey, publicKey); - initCipher(); + lock.lock(); + try{ + super.init(algorithm, privateKey, publicKey); + initCipher(); + }finally { + lock.unlock(); + } return this; } diff --git a/hutool-crypto/src/main/java/cn/hutool/crypto/asymmetric/Sign.java b/hutool-crypto/src/main/java/cn/hutool/crypto/asymmetric/Sign.java index c1eb53255..52e29ff19 100755 --- a/hutool-crypto/src/main/java/cn/hutool/crypto/asymmetric/Sign.java +++ b/hutool-crypto/src/main/java/cn/hutool/crypto/asymmetric/Sign.java @@ -31,10 +31,13 @@ import java.util.Set; public class Sign extends BaseAsymmetric { private static final long serialVersionUID = 1L; - /** 签名,用于签名和验证 */ + /** + * 签名,用于签名和验证 + */ protected Signature signature; // ------------------------------------------------------------------ Constructor start + /** * 构造,创建新的私钥公钥对 * @@ -57,9 +60,9 @@ public class Sign extends BaseAsymmetric { * 构造 私钥和公钥同时为空时生成一对新的私钥和公钥
* 私钥和公钥可以单独传入一个,如此则只能使用此钥匙来做签名或验证 * - * @param algorithm {@link SignAlgorithm} + * @param algorithm {@link SignAlgorithm} * @param privateKeyStr 私钥Hex或Base64表示 - * @param publicKeyStr 公钥Hex或Base64表示 + * @param publicKeyStr 公钥Hex或Base64表示 */ public Sign(SignAlgorithm algorithm, String privateKeyStr, String publicKeyStr) { this(algorithm.getValue(), SecureUtil.decode(privateKeyStr), SecureUtil.decode(publicKeyStr)); @@ -69,9 +72,9 @@ public class Sign extends BaseAsymmetric { * 构造 私钥和公钥同时为空时生成一对新的私钥和公钥
* 私钥和公钥可以单独传入一个,如此则只能使用此钥匙来做签名或验证 * - * @param algorithm {@link SignAlgorithm} + * @param algorithm {@link SignAlgorithm} * @param privateKey 私钥 - * @param publicKey 公钥 + * @param publicKey 公钥 */ public Sign(SignAlgorithm algorithm, byte[] privateKey, byte[] publicKey) { this(algorithm.getValue(), privateKey, publicKey); @@ -82,7 +85,7 @@ public class Sign extends BaseAsymmetric { * 私钥和公钥可以单独传入一个,如此则只能使用此钥匙来做签名或验证 * * @param algorithm {@link SignAlgorithm} - * @param keyPair 密钥对(包括公钥和私钥) + * @param keyPair 密钥对(包括公钥和私钥) */ public Sign(SignAlgorithm algorithm, KeyPair keyPair) { this(algorithm.getValue(), keyPair); @@ -92,9 +95,9 @@ public class Sign extends BaseAsymmetric { * 构造 私钥和公钥同时为空时生成一对新的私钥和公钥
* 私钥和公钥可以单独传入一个,如此则只能使用此钥匙来做签名或验证 * - * @param algorithm {@link SignAlgorithm} + * @param algorithm {@link SignAlgorithm} * @param privateKey 私钥 - * @param publicKey 公钥 + * @param publicKey 公钥 */ public Sign(SignAlgorithm algorithm, PrivateKey privateKey, PublicKey publicKey) { this(algorithm.getValue(), privateKey, publicKey); @@ -104,51 +107,50 @@ public class Sign extends BaseAsymmetric { * 构造 私钥和公钥同时为空时生成一对新的私钥和公钥
* 私钥和公钥可以单独传入一个,如此则只能使用此钥匙来做签名或验证 * - * @param algorithm 非对称加密算法 + * @param algorithm 非对称加密算法 * @param privateKeyBase64 私钥Base64 - * @param publicKeyBase64 公钥Base64 + * @param publicKeyBase64 公钥Base64 */ public Sign(String algorithm, String privateKeyBase64, String publicKeyBase64) { this(algorithm, Base64.decode(privateKeyBase64), Base64.decode(publicKeyBase64)); } /** - * 构造 - * + * 构造
* 私钥和公钥同时为空时生成一对新的私钥和公钥
* 私钥和公钥可以单独传入一个,如此则只能使用此钥匙来做签名或验证 * - * @param algorithm 算法 + * @param algorithm 算法 * @param privateKey 私钥 - * @param publicKey 公钥 + * @param publicKey 公钥 */ public Sign(String algorithm, byte[] privateKey, byte[] publicKey) { this(algorithm, // - SecureUtil.generatePrivateKey(algorithm, privateKey), // - SecureUtil.generatePublicKey(algorithm, publicKey)// + SecureUtil.generatePrivateKey(algorithm, privateKey), // + SecureUtil.generatePublicKey(algorithm, publicKey)// ); } /** - * 构造 私钥和公钥同时为空时生成一对新的私钥和公钥
+ * 构造
+ * 私钥和公钥同时为空时生成一对新的私钥和公钥
* 私钥和公钥可以单独传入一个,如此则只能使用此钥匙来做签名或验证 * * @param algorithm 算法,见{@link SignAlgorithm} - * @param keyPair 密钥对(包括公钥和私钥) + * @param keyPair 密钥对(包括公钥和私钥) */ public Sign(String algorithm, KeyPair keyPair) { this(algorithm, keyPair.getPrivate(), keyPair.getPublic()); } /** - * 构造 - * + * 构造
* 私钥和公钥同时为空时生成一对新的私钥和公钥
* 私钥和公钥可以单独传入一个,如此则只能使用此钥匙来做签名或验证 * - * @param algorithm 算法 + * @param algorithm 算法 * @param privateKey 私钥 - * @param publicKey 公钥 + * @param publicKey 公钥 */ public Sign(String algorithm, PrivateKey privateKey, PublicKey publicKey) { super(algorithm, privateKey, publicKey); @@ -158,15 +160,20 @@ public class Sign extends BaseAsymmetric { /** * 初始化 * - * @param algorithm 算法 + * @param algorithm 算法 * @param privateKey 私钥 - * @param publicKey 公钥 + * @param publicKey 公钥 * @return this */ @Override public Sign init(String algorithm, PrivateKey privateKey, PublicKey publicKey) { - signature = SecureUtil.createSignature(algorithm); - super.init(algorithm, privateKey, publicKey); + lock.lock(); + try { + signature = SecureUtil.createSignature(algorithm); + super.init(algorithm, privateKey, publicKey); + } finally { + lock.unlock(); + } return this; } @@ -178,19 +185,23 @@ public class Sign extends BaseAsymmetric { * @since 4.6.5 */ public Sign setParameter(AlgorithmParameterSpec params) { + lock.lock(); try { this.signature.setParameter(params); } catch (InvalidAlgorithmParameterException e) { throw new CryptoException(e); + } finally { + lock.unlock(); } return this; } // --------------------------------------------------------------------------------- Sign and Verify + /** * 生成文件签名 * - * @param data 被签名数据 + * @param data 被签名数据 * @param charset 编码 * @return 签名 * @since 5.7.0 @@ -213,7 +224,7 @@ public class Sign extends BaseAsymmetric { /** * 生成文件签名,并转为16进制字符串 * - * @param data 被签名数据 + * @param data 被签名数据 * @param charset 编码 * @return 签名 * @since 5.7.0 @@ -281,7 +292,7 @@ public class Sign extends BaseAsymmetric { * 生成签名,并转为16进制字符串
* 使用默认缓存大小,见 {@link IoUtil#DEFAULT_BUFFER_SIZE} * - * @param data 被签名数据 + * @param data 被签名数据 * @param bufferLength 缓存长度,不足1使用 {@link IoUtil#DEFAULT_BUFFER_SIZE} 做为默认值 * @return 签名 * @since 5.7.0 @@ -293,12 +304,12 @@ public class Sign extends BaseAsymmetric { /** * 生成签名 * - * @param data {@link InputStream} 数据流 + * @param data {@link InputStream} 数据流 * @param bufferLength 缓存长度,不足1使用 {@link IoUtil#DEFAULT_BUFFER_SIZE} 做为默认值 * @return 签名bytes * @since 5.7.0 */ - public byte[] sign(InputStream data, int bufferLength){ + public byte[] sign(InputStream data, int bufferLength) { if (bufferLength < 1) { bufferLength = IoUtil.DEFAULT_BUFFER_SIZE; } diff --git a/hutool-crypto/src/main/java/cn/hutool/crypto/symmetric/SymmetricCrypto.java b/hutool-crypto/src/main/java/cn/hutool/crypto/symmetric/SymmetricCrypto.java index ea4a7756d..c965755a9 100755 --- a/hutool-crypto/src/main/java/cn/hutool/crypto/symmetric/SymmetricCrypto.java +++ b/hutool-crypto/src/main/java/cn/hutool/crypto/symmetric/SymmetricCrypto.java @@ -170,14 +170,13 @@ public class SymmetricCrypto implements SymmetricEncryptor, SymmetricDecryptor, } /** - * 设置 {@link AlgorithmParameterSpec},通常用于加盐或偏移向量 + * 设置偏移向量 * - * @param params {@link AlgorithmParameterSpec} + * @param iv 偏移向量,加盐 * @return 自身 */ - public SymmetricCrypto setParams(AlgorithmParameterSpec params) { - this.cipherWrapper.setParams(params); - return this; + public SymmetricCrypto setIv(byte[] iv) { + return setIv(new IvParameterSpec(iv)); } /** @@ -191,13 +190,19 @@ public class SymmetricCrypto implements SymmetricEncryptor, SymmetricDecryptor, } /** - * 设置偏移向量 + * 设置 {@link AlgorithmParameterSpec},通常用于加盐或偏移向量 * - * @param iv 偏移向量,加盐 + * @param params {@link AlgorithmParameterSpec} * @return 自身 */ - public SymmetricCrypto setIv(byte[] iv) { - return setIv(new IvParameterSpec(iv)); + public SymmetricCrypto setParams(AlgorithmParameterSpec params) { + lock.lock(); + try { + this.cipherWrapper.setParams(params); + } finally { + lock.unlock(); + } + return this; } /** @@ -207,8 +212,13 @@ public class SymmetricCrypto implements SymmetricEncryptor, SymmetricDecryptor, * @return this * @since 5.7.17 */ - public SymmetricCrypto setRandom(SecureRandom random){ - this.cipherWrapper.setRandom(random); + public SymmetricCrypto setRandom(SecureRandom random) { + lock.lock(); + try { + this.cipherWrapper.setRandom(random); + } finally { + lock.unlock(); + } return this; } @@ -221,7 +231,7 @@ public class SymmetricCrypto implements SymmetricEncryptor, SymmetricDecryptor, * @return this * @since 5.7.12 */ - public SymmetricCrypto setMode(CipherMode mode){ + public SymmetricCrypto setMode(CipherMode mode) { lock.lock(); try { initMode(mode.getValue()); @@ -383,7 +393,7 @@ public class SymmetricCrypto implements SymmetricEncryptor, SymmetricDecryptor, private SymmetricCrypto initParams(String algorithm, AlgorithmParameterSpec paramsSpec) { if (null == paramsSpec) { byte[] iv = Opt.ofNullable(cipherWrapper) - .map(CipherWrapper::getCipher).map(Cipher::getIV).get(); + .map(CipherWrapper::getCipher).map(Cipher::getIV).get(); // 随机IV if (StrUtil.startWithIgnoreCase(algorithm, "PBE")) {