[#XMLRPC-103] CLONE -Base64 encoder wraps lines (HTTP auth not possible)

XML-RPC

CLONE -Base64 encoder wraps lines (HTTP auth not possible)

Created: 17/Aug/06 03:42 AM Updated: 05/Oct/06 08:57 PM

Return to search

Component/s:

Source

Affects Version/s:

3.0a1

Fix Version/s:

3.0

Time Tracking:

Not Specified

Environment:

this bug affects all environments.

Issue Links:

Cloners

This issue is a clone of:

~~XMLRPC-77~~ Base64 encoder wraps lines (HTTP auth not possible)

Duplicate

This issue is duplicated by:

~~XMLRPC-106~~ Basic Authentication bug

Resolution Date:

18/Aug/06 09:52 AM

Description

« Hide

I am using xmlrpc 3.0a1 and when I try to do http auth I always get
Exception in thread "main" java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic ZnM6dGVzdA==
at sun.net.www.protocol.http.HttpURLConnection.checkMessageHeader(HttpURLConnection.java:301)
at sun.net.www.protocol.http.HttpURLConnection.setRequestProperty(HttpURLConnection.java:1936)
at org.apache.xmlrpc.client.XmlRpcSunHttpTransport.setRequestHeader(XmlRpcSunHttpTransport.java:30)
at org.apache.xmlrpc.client.XmlRpcHttpTransport.setCredentials(XmlRpcHttpTransport.java:37)
at org.apache.xmlrpc.client.XmlRpcHttpTransport.initConnection(XmlRpcHttpTransport.java:68)
at org.apache.xmlrpc.client.XmlRpcStreamTransport.sendRequest(XmlRpcStreamTransport.java:188)
at org.apache.xmlrpc.client.XmlRpcClientWorker.execute(XmlRpcClientWorker.java:53)
at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:166)
at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:136)
at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:125)
at SnSnXmlRpcAuth.main(SnSnXmlRpcAuth.java:36)

code snippet is like:
server = new URL("http://localhost/RPC2");
config.setServerURL(server);
config.setBasicEncoding("iso-8859-1");
config.setBasicUserName("fs");
config.setBasicPassword("test");
XmlRpcClient client = new XmlRpcClient();
client.setConfig(config);
Object[] parameters = new Object[] { rootElement };
client.execute("functionname", parameters);

After some examination I found that the problem is
related to encodeBasicAuthentication (org.apache.xmlrpc.util.httpUtil).

"return new String(Base64.encode(s.getBytes(pEncoding)))" appends a
"\n" to the string which is not allowed by the Sun libraries (see bug
4615330 [1] for a bug report to Sun which has some more details in the
evaluation). Unfortunately bug 4447135 [2] is not publicly accessible.

I noticed that xmlrpc 3 uses the Base64 class from common-utils
instead of codec.binary. The later does not add a newline to the end
of the encoded string which is the correct behavior.

Further investigation revealed that the problem is in the call to:
/** Converts the given byte array into a base64 encoded character
  * array with the line size {@link #LINE_SIZE} and the separator
  * {@link #LINE_SEPARATOR}.
  * @param pBuffer The buffer being encoded.
  * @return Character array of encoded bytes.
  */
public static String encode(byte[] pBuffer) {
        return encode(pBuffer, 0, pBuffer.length);
}

As stated in the javadoc the message will perform a line wrap after
LINE_SIZE - which is defined as
/** Default size for line wrapping.
*/
public static final int LINE_SIZE = 76;

As your encoded string is shorter than 76 characters, why does a line
wrap occur?
     Obviously the first problem is that there a line wrap at all -
     but if the wrapping would occur only after 76 characters,
     probably nobody would ever have noticed the bug...

In order to explain that, look at the following method
public void flush() throws IOException {
which contains the following statement:
if (wrapSize > 0 && lineChars > 0) {
   wrap();
}

At there it is: If LINE_SIZE is not set to 0 (no wrapping), the Base64
encoder will *always* add a newline at the end.

I don't know if the authors wanted to have a base64 encoder which does
wrapping by default (most encoders I know do not) but posted a
test case which reveals both bugs (you will have to adapt the import
statement though) in the user mailing

If the wrapping for encode(byte[] pBuffer) is a feature, I propose the
addition of
        /** Converts the given byte array into a base64 encoded character
         * array without line wrapping.
         * @param pBuffer The buffer being encoded.
         * @return Character array of encoded bytes.
         */
        public static String encode_nowrap(byte[] pBuffer) {
                return encode(pBuffer, 0, pBuffer.length, 0, null);
        }
which does no wrapping at all.

Furthermore I consider the javadoc for encode(byte[] pBuffer) to be
broken as it does not state clearly that the call will append a
newline every time.

[1] http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4615330
[2] http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4447135

Description

I am using xmlrpc 3.0a1 and when I try to do http auth I always get Exception in thread "main" java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic ZnM6dGVzdA== at sun.net.www.protocol.http.HttpURLConnection.checkMessageHeader(HttpURLConnection.java:301) at sun.net.www.protocol.http.HttpURLConnection.setRequestProperty(HttpURLConnection.java:1936) at org.apache.xmlrpc.client.XmlRpcSunHttpTransport.setRequestHeader(XmlRpcSunHttpTransport.java:30) at org.apache.xmlrpc.client.XmlRpcHttpTransport.setCredentials(XmlRpcHttpTransport.java:37) at org.apache.xmlrpc.client.XmlRpcHttpTransport.initConnection(XmlRpcHttpTransport.java:68) at org.apache.xmlrpc.client.XmlRpcStreamTransport.sendRequest(XmlRpcStreamTransport.java:188) at org.apache.xmlrpc.client.XmlRpcClientWorker.execute(XmlRpcClientWorker.java:53) at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:166) at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:136) at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:125) at SnSnXmlRpcAuth.main(SnSnXmlRpcAuth.java:36) code snippet is like: server = new URL("http://localhost/RPC2"); config.setServerURL(server); config.setBasicEncoding("iso-8859-1"); config.setBasicUserName("fs"); config.setBasicPassword("test"); XmlRpcClient client = new XmlRpcClient(); client.setConfig(config); Object[] parameters = new Object[] { rootElement }; client.execute("functionname", parameters); After some examination I found that the problem is related to encodeBasicAuthentication (org.apache.xmlrpc.util.httpUtil). "return new String(Base64.encode(s.getBytes(pEncoding)))" appends a "\n" to the string which is not allowed by the Sun libraries (see bug 4615330 [1] for a bug report to Sun which has some more details in the evaluation). Unfortunately bug 4447135 [2] is not publicly accessible. I noticed that xmlrpc 3 uses the Base64 class from common-utils instead of codec.binary. The later does not add a newline to the end of the encoded string which is the correct behavior. Further investigation revealed that the problem is in the call to: /** Converts the given byte array into a base64 encoded character * array with the line size {@link #LINE_SIZE} and the separator * {@link #LINE_SEPARATOR}. * @param pBuffer The buffer being encoded. * @return Character array of encoded bytes. */ public static String encode(byte[] pBuffer) { return encode(pBuffer, 0, pBuffer.length); } As stated in the javadoc the message will perform a line wrap after LINE_SIZE - which is defined as /** Default size for line wrapping. */ public static final int LINE_SIZE = 76; As your encoded string is shorter than 76 characters, why does a line wrap occur? Obviously the first problem is that there a line wrap at all - but if the wrapping would occur only after 76 characters, probably nobody would ever have noticed the bug... In order to explain that, look at the following method public void flush() throws IOException { which contains the following statement: if (wrapSize > 0 && lineChars > 0) { wrap(); } At there it is: If LINE_SIZE is not set to 0 (no wrapping), the Base64 encoder will *always* add a newline at the end. I don't know if the authors wanted to have a base64 encoder which does wrapping by default (most encoders I know do not) but posted a test case which reveals both bugs (you will have to adapt the import statement though) in the user mailing If the wrapping for encode(byte[] pBuffer) is a feature, I propose the addition of /** Converts the given byte array into a base64 encoded character * array without line wrapping. * @param pBuffer The buffer being encoded. * @return Character array of encoded bytes. */ public static String encode_nowrap(byte[] pBuffer) { return encode(pBuffer, 0, pBuffer.length, 0, null); } which does no wrapping at all. Furthermore I consider the javadoc for encode(byte[] pBuffer) to be broken as it does not state clearly that the call will append a newline every time. [1] http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4615330 [2] http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4447135

Show »

All

Comments

Work Log

Change History

Subversion Commits

Sort Order:

Repository	Revision	Date	User	Message
ASF	#432537	Fri Aug 18 09:55:18 UTC 2006	jochen	Various fixes related to basic authentication. PR: ~~XMLRPC-103~~ PR: ~~XMLRPC-104~~ Submitted by: Landon Fuller, landonf@threerings.net
				Files Changed
				MODIFY /webservices/xmlrpc/trunk/client/src/main/java/org/apache/xmlrpc/client/XmlRpcHttpTransport.java MODIFY /webservices/xmlrpc/trunk/client/src/main/java/org/apache/xmlrpc/client/XmlRpcLocalStreamTransport.java MODIFY /webservices/xmlrpc/trunk/client/src/main/java/org/apache/xmlrpc/client/XmlRpcLocalStreamTransportFactory.java MODIFY /webservices/xmlrpc/trunk/src/changes/changes.xml MODIFY /webservices/xmlrpc/trunk/pom.xml MODIFY /webservices/xmlrpc/trunk/tests/src/test/java/org/apache/xmlrpc/test/XmlRpcTestCase.java MODIFY /webservices/xmlrpc/trunk/client/src/main/java/org/apache/xmlrpc/client/XmlRpcCommonsTransportFactory.java MODIFY /webservices/xmlrpc/trunk/client/src/main/java/org/apache/xmlrpc/client/XmlRpcStreamTransport.java MODIFY /webservices/xmlrpc/trunk/common/src/main/java/org/apache/xmlrpc/util/HttpUtil.java MODIFY /webservices/xmlrpc/trunk/client/src/main/java/org/apache/xmlrpc/client/XmlRpcSunHttpTransport.java MODIFY /webservices/xmlrpc/trunk/client/src/main/java/org/apache/xmlrpc/client/XmlRpcTransportFactory.java MODIFY /webservices/xmlrpc/trunk/client/src/main/java/org/apache/xmlrpc/client/XmlRpcCommonsTransport.java MODIFY /webservices/xmlrpc/trunk/client/src/main/java/org/apache/xmlrpc/client/XmlRpcLiteHttpTransport.java MODIFY /webservices/xmlrpc/trunk/.classpath

Repository	Revision	Date	User	Message
ASF	#432539	Fri Aug 18 10:07:21 UTC 2006	jochen	Various fixes related to basic authentication. PR: ~~XMLRPC-103~~ PR: ~~XMLRPC-104~~ Submitted by: Landon Fuller, landonf@threerings.net
				Files Changed
				ADD /webservices/xmlrpc/trunk/tests/src/test/resources/org/apache/xmlrpc/test/AuthenticationTest.properties ADD /webservices/xmlrpc/trunk/tests/src/test/java/org/apache/xmlrpc/test/AuthenticationTest.java