Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-30 16:52:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

remove 32-byte minimum keyLength restriction in Base64StringKeyGenerator (#17012)

Browse Source 
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
This commit is contained in:
Andrey Litvitski 2025-05-12 22:43:34 +03:00 committed by Rob Winch
parent c22091d8be
commit 3b492a9628
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
crypto/src/main/java/org/springframework/security/crypto/keygen/Base64StringKeyGenerator.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2018 the original author or authors.
* Copyright 2002-2025 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -24,6 +24,7 @@ import java.util.Base64;
*
* @author Joe Grandja
* @author Rob Winch
* @author Andrey Litvitski
* @since 5.0
*/
public class Base64StringKeyGenerator implements StringKeyGenerator {
@ -67,8 +68,8 @@ public class Base64StringKeyGenerator implements StringKeyGenerator {
if (encoder == null) {
throw new IllegalArgumentException("encode cannot be null");
}
if (keyLength < DEFAULT_KEY_LENGTH) {
throw new IllegalArgumentException("keyLength must be greater than or equal to " + DEFAULT_KEY_LENGTH);
if (keyLength <= 0) {
throw new IllegalArgumentException("keyLength must be greater than 0");
}
this.encoder = encoder;
this.keyGenerator = KeyGenerators.secureRandom(keyLength);

7
crypto/src/test/java/org/springframework/security/crypto/keygen/Base64StringKeyGeneratorTests.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2017 the original author or authors.
* Copyright 2002-2025 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -25,13 +25,14 @@ import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException
/**
* @author Rob Winch
* @author Andrey Litvitski
* @since 5.0
*/
public class Base64StringKeyGeneratorTests {
@Test
public void constructorIntWhenLessThan32ThenIllegalArgumentException() {
assertThatIllegalArgumentException().isThrownBy(() -> new Base64StringKeyGenerator(31));
public void constructorIntWhenEqual0ThenIllegalArgumentException() {
assertThatIllegalArgumentException().isThrownBy(() -> new Base64StringKeyGenerator(0));
}
@Test