alibaba · KomachiSion · Jul 29, 2024 · Jul 28, 2024
diff --git a/...ault-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/jwt/NacosJwtParser.java b/...ault-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/jwt/NacosJwtParser.java
@@ -19,6 +19,8 @@
 import com.alibaba.nacos.plugin.auth.exception.AccessException;
 import com.alibaba.nacos.plugin.auth.impl.users.NacosUser;
 import com.alibaba.nacos.plugin.auth.impl.utils.Base64Decode;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import javax.crypto.spec.SecretKeySpec;
 import java.security.Key;
@@ -32,12 +34,15 @@
  */
 @SuppressWarnings("PMD.UndefineMagicConstantRule")
 public class NacosJwtParser {
+
+ private static final Logger LOG = LoggerFactory.getLogger(NacosJwtParser.class);
 
  private final NacosSignatureAlgorithm signatureAlgorithm;
 
  private final Key key;
 
  public NacosJwtParser(String base64edKey) {
+ this.validKey(base64edKey);
  byte[] decode = Base64Decode.decode(base64edKey);
  int bitLength = decode.length << 3;
  if (bitLength < 256) {
@@ -58,6 +63,14 @@ public NacosJwtParser(String base64edKey) {
  }
  this.key = new SecretKeySpec(decode, signatureAlgorithm.getJcaName());
  }
+
+ private void validKey(String base64edKey) {
+ int length = base64edKey.toCharArray().length;
+ if (length % 4 != 0) {
+ LOG.warn("The secret Key currently in use is not a standard Base64 encoding"
+ + " and will no longer be supported in future versions;");
+ }
+ }
 
  private String sign(NacosJwtPayload payload) {
  return signatureAlgorithm.sign(payload, key);