HttpComponents HttpClient
  1. HttpComponents HttpClient
  2. HTTPCLIENT-1305

GGSSchemeBase uses CHUNKED Base64 for Authorization header

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 4.2.3
    • Fix Version/s: 4.2.4, 4.3 Beta1
    • Component/s: HttpClient
    • Labels:
      None

      Description

      The GGSSchemeBase member variable base64codec should not use chunked instance of the Base64.
      Instead of

      this.base64codec = new Base64();
      

      there should be

      //constructor with lineLength int argument. If lineLength <= 0, then the output will not be divided into lines (chunks)
      this.base64codec = new Base64(0);
      

        Activity

        Hide
        Oleg Kalnichevski added a comment -

        I tweaked GGSSchemeBase and BasicSCheme classes to make sure they always explicitly disable chunking when applying BASE64 encoding.

        Please review / re-test

        http://svn.apache.org/viewvc?view=revision&revision=1438494

        Oleg

        Show
        Oleg Kalnichevski added a comment - I tweaked GGSSchemeBase and BasicSCheme classes to make sure they always explicitly disable chunking when applying BASE64 encoding. Please review / re-test http://svn.apache.org/viewvc?view=revision&revision=1438494 Oleg
        Hide
        Josef Cacek added a comment -

        OK, I see. We have in our project Maven dependency on commons-codec version 1.4, which uses another constructor:

        224 public Base64()

        { 225 this(false); 226 }

        http://svn.apache.org/viewvc/commons/proper/codec/tags/CODEC_1_4/src/java/org/apache/commons/codec/binary/Base64.java?view=markup

        The API compatibility is not very good there.

        I'll try to update our project dependency. Nevertheless, it's still more safe if the GGSSchemeBase uses the Base64(int) constructor - then other users will not fall into this.

        Show
        Josef Cacek added a comment - OK, I see. We have in our project Maven dependency on commons-codec version 1.4, which uses another constructor: 224 public Base64() { 225 this(false); 226 } http://svn.apache.org/viewvc/commons/proper/codec/tags/CODEC_1_4/src/java/org/apache/commons/codec/binary/Base64.java?view=markup The API compatibility is not very good there. I'll try to update our project dependency. Nevertheless, it's still more safe if the GGSSchemeBase uses the Base64(int) constructor - then other users will not fall into this.
        Hide
        Oleg Kalnichevski added a comment -

        Josef
        Are you sure about that? By default no-arg Base64 constructor appears to disable chunking.


        public Base64()

        { this(0); }

        Oleg

        Show
        Oleg Kalnichevski added a comment - Josef Are you sure about that? By default no-arg Base64 constructor appears to disable chunking. — public Base64() { this(0); } — Oleg

          People

          • Assignee:
            Unassigned
            Reporter:
            Josef Cacek
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development