NutzCN Logo
问答 Nutz内集成的Base64与ApacheBase64的解码如何对应呢?
发布于 3203天前 作者 elkan1788 3473 次浏览 复制 上一个帖子 下一个帖子
标签:

在项目中原来引用的Apache Base64, 现换成Nutz内集成的Base64, 但发现解码好像有问题, 是自己与错了么?

原先代码写法:

// token 是字符串
Base64.decodeBase64(token));

换成Nutz后:

Base64.decode(token.getBytes("UTF-8"));

运行代码时发现, 这个解码一直返回NULL,@Wendal, 应该如何正确引用, 谢谢。

9 回复

提供一下token的明文和密文

明文:

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1bmlxdWVfbmFtZSI6IlpoYUJlaVBsYXRmb3JtU2VydmljZUFjY291bnQiLCJ6YjphdXRoOnNhIjp0cnVlLCJ1cm46b2F1dGg6ZXhwIjoiMTQ1ODY1ODI0NiIsInVybjpvYXV0aDppYXQiOiIxNDU4MDUzNDQ2IiwiaXNzIjoiaHR0cHM6Ly9hdXRoLnRjYy5zby8iLCJhdWQiOiJodHRwczovL3RjYy5zby8ifQ

密文:

ZLhtk4rP4cSOL26JzhCop67xIPv4Adh5zEauieVk4W9HF3IsdpXCS1wAwKOhnMyVMowxJ9NpuPAtfoiqsWzl-AQ_8iAhR6QWAcelWkKk_QZvs-0DI8XcSeFjFgKSwBjvmcs1aXNrLDUtReVx09jukjaxtv02AH_SC8wkKTkE03mnmYEfEx7mDw7QQ8ZhYunKnFRejKXjwI62bcQU5tGCjIg97QiFlEUeNK1njfyuzGUM_AFGfWk3509TU5r97h_XdzSp2I3jfLYwHJGPW3GLZJZpq9FkmUqhwC3ER2mSxGQSfInRRdKzuZWx33wXJfXWd_BI49n7UqdiXyv_HuohzA

恩,我试试

	public static void main(String[] args) throws Exception {
		String source = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1bmlxdWVfbmFtZSI6IlpoYUJlaVBsYXRmb3JtU2VydmljZUFjY291bnQiLCJ6YjphdXRoOnNhIjp0cnVlLCJ1cm46b2F1dGg6ZXhwIjoiMTQ1ODY1ODI0NiIsInVybjpvYXV0aDppYXQiOiIxNDU4MDUzNDQ2IiwiaXNzIjoiaHR0cHM6Ly9hdXRoLnRjYy5zby8iLCJhdWQiOiJodHRwczovL3RjYy5zby8ifQ";
		String target = "ZLhtk4rP4cSOL26JzhCop67xIPv4Adh5zEauieVk4W9HF3IsdpXCS1wAwKOhnMyVMowxJ9NpuPAtfoiqsWzl-AQ_8iAhR6QWAcelWkKk_QZvs-0DI8XcSeFjFgKSwBjvmcs1aXNrLDUtReVx09jukjaxtv02AH_SC8wkKTkE03mnmYEfEx7mDw7QQ8ZhYunKnFRejKXjwI62bcQU5tGCjIg97QiFlEUeNK1njfyuzGUM_AFGfWk3509TU5r97h_XdzSp2I3jfLYwHJGPW3GLZJZpq9FkmUqhwC3ER2mSxGQSfInRRdKzuZWx33wXJfXWd_BI49n7UqdiXyv_HuohzA";
		//System.out.println(Base64.encodeToString(source.getBytes(), false));
		byte[] buf = org.apache.commons.codec.binary.Base64.decodeBase64(target.getBytes());
		System.out.println(Base64.encodeToString(buf, false));
		//System.out.println(new String(org.apache.commons.codec.binary.Base64.encodeBase64(buf, true)));
		System.out.println(new String(org.apache.commons.codec.binary.Base64.encodeBase64(buf, false)));
		System.out.println(target);
		System.out.println(Base64.encodeToString(buf, false).equals(target));
	}

输出

ZLhtk4rP4cSOL26JzhCop67xIPv4Adh5zEauieVk4W9HF3IsdpXCS1wAwKOhnMyVMowxJ9NpuPAtfoiqsWzlAQ8iAhR6QWAcelWkKkQZvs0DI8XcSeFjFgKSwBjvmcs1aXNrLDUtReVx09jukjaxtv02AHSC8wkKTkE03mnmYEfEx7mDw7QQ8ZhYunKnFRejKXjwI62bcQU5tGCjIg97QiFlEUeNK1njfyuzGUMAFGfWk3509TU5r97hXdzSp2I3jfLYwHJGPW3GLZJZpq9FkmUqhwC3ER2mSxGQSfInRRdKzuZWx33wXJfXWdBI49n7UqdiXyvHuohzAA==
ZLhtk4rP4cSOL26JzhCop67xIPv4Adh5zEauieVk4W9HF3IsdpXCS1wAwKOhnMyVMowxJ9NpuPAtfoiqsWzlAQ8iAhR6QWAcelWkKkQZvs0DI8XcSeFjFgKSwBjvmcs1aXNrLDUtReVx09jukjaxtv02AHSC8wkKTkE03mnmYEfEx7mDw7QQ8ZhYunKnFRejKXjwI62bcQU5tGCjIg97QiFlEUeNK1njfyuzGUMAFGfWk3509TU5r97hXdzSp2I3jfLYwHJGPW3GLZJZpq9FkmUqhwC3ER2mSxGQSfInRRdKzuZWx33wXJfXWdBI49n7UqdiXyvHuohzAA==
ZLhtk4rP4cSOL26JzhCop67xIPv4Adh5zEauieVk4W9HF3IsdpXCS1wAwKOhnMyVMowxJ9NpuPAtfoiqsWzl-AQ_8iAhR6QWAcelWkKk_QZvs-0DI8XcSeFjFgKSwBjvmcs1aXNrLDUtReVx09jukjaxtv02AH_SC8wkKTkE03mnmYEfEx7mDw7QQ8ZhYunKnFRejKXjwI62bcQU5tGCjIg97QiFlEUeNK1njfyuzGUM_AFGfWk3509TU5r97h_XdzSp2I3jfLYwHJGPW3GLZJZpq9FkmUqhwC3ER2mSxGQSfInRRdKzuZWx33wXJfXWd_BI49n7UqdiXyv_HuohzA
false

有点诡异, 密文里面带下划线和横杠, 用apache的库解密后的byte[], 用apache库和nutz库重新加密得到的字符串,是一样的, 无法跟原文对应.

可知道密文是哪种代码生成的吗?

这个也不太清楚, token是在服务端生成的, 下面是客户端签名的原代码:

 private boolean containsValidSignature(String[] tokens) {
        String data = tokens[0] + "." + tokens[1];
        byte[] dataAsBytes = null;

        try {
            dataAsBytes = data.getBytes("utf-8");
            // The token could be RSA signed
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initVerify(_signatureCert);
            signature.update(dataAsBytes);
            if (signature.verify(Base64.decodeBase64(tokens[2]))) {
                return true;
            }
        } catch (Exception e) {
            logger.error("valid signature failed.", e);
        }

        return false;
    }

从服务端得到的token为:

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1bmlxdWVfbmFtZSI6IlpoYUJlaVBsYXRmb3JtU2VydmljZUFjY291bnQiLCJ6YjphdXRoOnNhIjp0cnVlLCJ1cm46b2F1dGg6ZXhwIjoiMTQ1ODY1ODI0NiIsInVybjpvYXV0aDppYXQiOiIxNDU4MDUzNDQ2IiwiaXNzIjoiaHR0cHM6Ly9hdXRoLnRjYy5zby8iLCJhdWQiOiJodHRwczovL3RjYy5zby8ifQ.ZLhtk4rP4cSOL26JzhCop67xIPv4Adh5zEauieVk4W9HF3IsdpXCS1wAwKOhnMyVMowxJ9NpuPAtfoiqsWzl-AQ_8iAhR6QWAcelWkKk_QZvs-0DI8XcSeFjFgKSwBjvmcs1aXNrLDUtReVx09jukjaxtv02AH_SC8wkKTkE03mnmYEfEx7mDw7QQ8ZhYunKnFRejKXjwI62bcQU5tGCjIg97QiFlEUeNK1njfyuzGUM_AFGfWk3509TU5r97h_XdzSp2I3jfLYwHJGPW3GLZJZpq9FkmUqhwC3ER2mSxGQSfInRRdKzuZWx33wXJfXWd_BI49n7UqdiXyv_HuohzA

https://zh.wikipedia.org/wiki/Base64

标准的base64并没有下划线和横杠, 看来得特别处理一下

分析了一下, 按下面的规则处理之后能解码

  1. target = target.replace('-', '+').replace('_', '=');
  2. 长度补齐到4的整数, target += "=="
  3. 解码成功

嗯, 应该是这个问题的, 问了服务端的人员加了规则过滤和补码还是有问题的, 自己再看看吧。

那种应该是url safe模式

添加回复
请先登陆
回到顶部