问题描述
我试图在 Java 中解码 JWT 有效负载,但此有效负载被压缩/放气
"zip": "DEF"
java.util.zip.DataFormatException: 不正确的标头检查
private static byte[] decompress(byte[] value) throws DataFormatException {
ByteArrayOutputStream bos = new ByteArrayOutputStream(value.length);
Inflater decompressor = new Inflater();
try {
decompressor.setInput(value);
final byte[] buf = new byte[1024];
while (!decompressor.finished()) {
int count = decompressor.inflate(buf);
bos.write(buf,count);
}
} finally {
decompressor.end();
}
return bos.toByteArray();
}
public static void main(String[] args) throws Exception {
String payload = "7VPbjtMwEP2X4TUXO9CumjdYkFghoZVaFiHUB9eZNka-RLYTUVb5d8ZuKxW09AuQ8jL2mTPnHGeeYZLQPkM8Dgjtd-hjHEJb18EIH3sUOvaVFL4Lr6SbVMdXUNzAnIoyFTdxypjRql8iKmdhW4D02KGNSuj1uPuBMiZJ-175J_QhYVp4U7GKE2k6fTfaTmPCeAxu9BI3WT6cL4qzHZBOa2JLDAXQAH8kj8Q8av3FawJc-ltGgEvxAvEjSaV-Allh8EQijNLEB-vN280HujmoCW3K8OvHh_Wnb7CdydlOkfX3IiYSvlqxkr2mD-a5eFEGvy3j4Tq3AkIUcQzZpxk0RkypT0JKZfhedZlBuk7ZQ1YcjiGiIXh6GHqXXt9Vzh_qFGkdVFfL6ScRyNwJDbuDeTsXMJy9Zzl79GiTtuvoEgj93nmDPk8SMjqfGjoVBi1SSvdP68deeCPkkdxTMk7K0WeyFM9GmdPQhpdsWTZLEqJd_DyaXeIE_s_Imv-RnSJb_BUZS5ltZ8oNlCAtfNks2HLBOKe_eLf_80CFcHaZN1ZFXopBVXIKl8V15nqR64nXec3n3w";
byte[] byt = Base64.getUrlDecoder().decode(new String(payload).getBytes("UTF-8"));
byte[] b = decompress(byt);
String s = new String(b,StandardCharsets.UTF_8);
}
其他一些使用其他编程语言的人能够使用它来破解这个问题,想知道我将如何在 Java 中实现它?
const decompressedCard = zlib.inflaterawSync(decodedPayload);
const card = JSON.parse(decompressedCard.toString());
解决方法
通常压缩的有效负载是 used in encrypted JWTs (JWE),但 SMART Health Cards 也在签名令牌 (JWS) 中使用它。在这两种情况下,都使用 RFC1951 中定义的 DEFLATE 格式。对于 Zlib(如问题底部的示例所示),您必须使用 function fetchThings<
KEYS extends keyof IDS,IDS extends { [key: string]: any },SERVICES extends Record<keyof IDS,CustomisationProvider>
>(
sources: KEYS[],ids: IDS,services: SERVICES
) {
for (const s in sources) {
services[s].fetch(ids[s]);
}
}
// works
fetchThings(['two'],{
'one': 1,'two': 'two',},'two': 2,})
// throws an error
fetchThings(['two','three'],{ // "three" is not assignable to "two" | "one"
'one': 1,})
// throws an error
fetchThings(['two'],// missing key 'two' in object
})
/deflateRaw(DEFLATE 没有任何 Zlib 或 gz 标头)。
在 inflateRaw 的情况下,用
java.util.zip.Inflater正在将 Inflater decompressor = new Inflater(true);
参数设置为 true 以在原始模式(无标题)数据下解压缩,
这相当于在 Node.js 中使用 nowrap。
(另见https://docs.oracle.com/javase/7/docs/api/java/util/zip/Inflater.html)
使用此设置,问题中的代码可以正常工作,并且可以将给定的示例数据膨胀为 JSON。
,我认为关于 nowrap 的事情是正确的,但尽管如此,在我修复损坏的输入(如上所述)并执行此操作之前,我无法使您的代码正常工作:
import java.util.Base64;
import java.util.zip.GZIPInputStream;
import java.io.ByteArrayOutputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
public class Decomp2 {
public static byte[] gunzip(byte[] value) throws IOException {
byte[] result = null;
ByteArrayOutputStream out = new ByteArrayOutputStream();
byte[] buf = new byte[1024];
int numRead = -1;
try (GZIPInputStream in = new GZIPInputStream(new ByteArrayInputStream(value))) {
while ((numRead = in.read(buf)) > -1) {
out.write(buf,numRead);
}
result = out.toByteArray();
}
return result;
}
public static void main(String[] args) throws Exception {
// Data gzipped and b64url-encoded
String payload = "H4sIAKow-GAAA-1Ty27bMBC89zO2Vz1ItXZg3dokQIICRQC7CYrCB5paWwxIUSApoW6gf--StgG3SPwFAXRZcnZ2Zqh9gVFC_QJh3yPUv6ANofd1WXojXGhR6NAWUrjGf5R2VA1fQHYBcyjyWFzEKWOGTv0RQdkO1hlIhw12QQm9HDbPKEOUtG2Ve0TnI6aGzwUrOJHG069D12iMGIfeDk7iKsmH40V2tAPSak1skSEDGuD25JGYB61_OE2AU3_NCHAqXiF-IKnUT6BOGDyQCKM08cFy9WV1Szc7NWIXM3y6u19--wnriZxtFFm_ESGS8MWC5ewTfTBN2asy-GUZ9-e5ZeCDCINPPk2vMWBMfRRSqg6vbZMYpG1Ut0uK_d4HNASPD0Pv0uqrwrpdGSMtvWpKOf4mApk6oWJXMK2nDPqj9yRniw67qO08ughCt7XOoEuThAzWxYZG-V6LmNL14_KhFc4IuSf3lIyVcnCJLMazUuYwtOI5m-fVnIRoG74PZhM5gb8ZWfUe2SGy2X-RsZjZeqLcQAnSwufVjM1njHP6izfbfw-U90eXaWNV4LnoVSFHf1pca84XuRx5mdZ8-vAX5R6TWUMEAAA=";
byte[] byt = Base64.getUrlDecoder().decode(payload.getBytes("UTF-8"));
byte[] b = gunzip(byt);
String s = new String(b,StandardCharsets.UTF_8);
System.out.println(s);
}
}