From a64da0530d02905c5277f7f2008f39ad7a61d83d Mon Sep 17 00:00:00 2001
From: FrozenWatermelon <frozenwatermelon@163.com>
Date: Tue, 28 Dec 2021 11:26:42 +0800
Subject: [PATCH] =?UTF-8?q?=E8=A7=A3=E5=86=B3Aes=20Key=20length=20?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../com/mall4j/cloud/auth/manager/TokenStore.java   | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/mall4cloud-auth/src/main/java/com/mall4j/cloud/auth/manager/TokenStore.java b/mall4cloud-auth/src/main/java/com/mall4j/cloud/auth/manager/TokenStore.java
index f241f250..d6681054 100644
--- a/mall4cloud-auth/src/main/java/com/mall4j/cloud/auth/manager/TokenStore.java
+++ b/mall4cloud-auth/src/main/java/com/mall4j/cloud/auth/manager/TokenStore.java
@@ -1,5 +1,6 @@
 package com.mall4j.cloud.auth.manager;
 
+import cn.hutool.core.codec.Base64;
 import cn.hutool.core.collection.CollUtil;
 import cn.hutool.core.util.BooleanUtil;
 import cn.hutool.core.util.IdUtil;
@@ -41,12 +42,6 @@ public class TokenStore {
 
 	private static final Logger logger = LoggerFactory.getLogger(TokenStore.class);
 
-	/**
-	 * 用于aes签名的key，16位
-	 */
-//	@Value("${auth.token.signKey}")
-	public static final String tokenSignKey = "-mall4j--mall4j-";
-
 	private final RedisTemplate<Object, Object> redisTemplate;
 
 	private final RedisSerializer<Object> redisSerializer;
@@ -245,16 +240,14 @@ private static String getApprovalKey(String appId, Long uid) {
 	}
 
 	private String encryptToken(String accessToken,Integer sysType) {
-		AES aes = new AES(tokenSignKey.getBytes(StandardCharsets.UTF_8));
-		return aes.encryptBase64(accessToken + System.currentTimeMillis() + sysType);
+		return Base64.encode(accessToken + System.currentTimeMillis() + sysType);
 	}
 
 	private ServerResponseEntity<String> decryptToken(String data) {
-		AES aes = new AES(tokenSignKey.getBytes(StandardCharsets.UTF_8));
 		String decryptStr;
 		String decryptToken;
 		try {
-			decryptStr = aes.decryptStr(data);
+			decryptStr = Base64.decodeStr(data);
 			decryptToken = decryptStr.substring(0,32);
 			// 创建token的时间，token使用时效性，防止攻击者通过一堆的尝试找到aes的密码，虽然aes是目前几乎最好的加密算法
 			long createTokenTime = Long.parseLong(decryptStr.substring(32,45));