From d941fa85a7006e8eefc6a76874d6894953639921 Mon Sep 17 00:00:00 2001
From: Looly <loolly@aliyun.com>
Date: Fri, 11 Oct 2024 18:04:28 +0800
Subject: [PATCH] add base64 check

---
 .../dromara/hutool/core/codec/binary/Base64Decoder.java    | 3 ++-
 .../main/java/org/dromara/hutool/crypto/SecureUtil.java    | 7 ++++++-
 .../java/org/dromara/hutool/crypto/symmetric/AESTest.java  | 3 ++-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/hutool-core/src/main/java/org/dromara/hutool/core/codec/binary/Base64Decoder.java b/hutool-core/src/main/java/org/dromara/hutool/core/codec/binary/Base64Decoder.java
index aebf5014a..4baa0836b 100644
--- a/hutool-core/src/main/java/org/dromara/hutool/core/codec/binary/Base64Decoder.java
+++ b/hutool-core/src/main/java/org/dromara/hutool/core/codec/binary/Base64Decoder.java
@@ -24,7 +24,8 @@ import java.io.Serializable;
 
 /**
  * Base64解码实现<br>
- * 此解码保留的原因是，JDK提供的解码需要指定是否为URL安全的或是否换行，此解码无需区分
+ * 此解码保留的原因是，JDK提供的解码需要指定是否为URL安全的或是否换行，此解码无需区分<br>
+ * 此解码对非Base64字符忽略
  *
  * @author looly
  *
diff --git a/hutool-crypto/src/main/java/org/dromara/hutool/crypto/SecureUtil.java b/hutool-crypto/src/main/java/org/dromara/hutool/crypto/SecureUtil.java
index d7761615c..a51a43181 100644
--- a/hutool-crypto/src/main/java/org/dromara/hutool/crypto/SecureUtil.java
+++ b/hutool-crypto/src/main/java/org/dromara/hutool/crypto/SecureUtil.java
@@ -540,7 +540,12 @@ public class SecureUtil {
 		// issue#I90M9D
 		// 某些特殊字符串会无法区分Hex还是Base64，此处使用系统属性强制关闭Hex解析
 		final boolean decodeHex = SystemUtil.getBoolean(HUTOOL_CRYPTO_DECODE_HEX, true);
-		return (decodeHex && Validator.isHex(key)) ? Hex.decode(key) : Base64.decode(key);
+		if(decodeHex && Validator.isHex(key)){
+			return Hex.decode(key);
+		}else if(Base64.isTypeBase64(key)){
+			return Base64.decode(key);
+		}
+		throw new IllegalArgumentException("Value is not hex or base64!");
 	}
 
 	/**
diff --git a/hutool-crypto/src/test/java/org/dromara/hutool/crypto/symmetric/AESTest.java b/hutool-crypto/src/test/java/org/dromara/hutool/crypto/symmetric/AESTest.java
index f7f5d8aa2..066cc2dc6 100644
--- a/hutool-crypto/src/test/java/org/dromara/hutool/crypto/symmetric/AESTest.java
+++ b/hutool-crypto/src/test/java/org/dromara/hutool/crypto/symmetric/AESTest.java
@@ -149,7 +149,8 @@ public class AESTest {
 
 	@Test
 	void issue3766Test() {
-		Assertions.assertThrows(CryptoException.class, ()->
+		Assertions.assertThrows(IllegalArgumentException.class, ()->
+			// data必须为hex或base64
 			SecureUtil.aes("8888888888888888".getBytes()).decryptStr("哈哈"));
 	}
 }