CookieAuthenticator doesn't handle Unicode names and passwords correctly

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

CookieAuthenticator doesn't handle Unicode names and passwords correctly

Arjohn Kampman-2
Hi all,

We just ran into an issue with CookieAuthenticator not supporting
various Unicode names and passwords. We have debugged the issue to the
encrypt() and decrypt() methods in CryptoUtils. These methods converts
byte[] to String and back again using the platform's default character
encoding. If that default encoding is ISO-8859-1, for example, decoding
a cyrillic or Chinese character will result in '?' characters in the
resulting byte array.

A simple solution is to always use UTF-8 for the conversion:
1) replace calls to String.getBytes() with
String.getBytes(StandardCharsets.UTF_8)
2) replace calls to constructor String(byte[]) with String(byte[],
StandardCharsets.UTF_8)

Regards,

Arjohn Kampman

To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: CookieAuthenticator doesn't handle Unicode names and passwords correctly

Thierry Templier-3
Hi Arjohn,

I was able to reproduce the problem you found out. I created an issue for it within the github repository of Restlet: https://github.com/restlet/restlet-framework-java/issues/1159.

Thanks very much for pointing out the problem!

Thierry

2015-10-08 14:15 GMT+02:00 Arjohn Kampman <[hidden email]>:
Hi all,

We just ran into an issue with CookieAuthenticator not supporting various Unicode names and passwords. We have debugged the issue to the encrypt() and decrypt() methods in CryptoUtils. These methods converts byte[] to String and back again using the platform's default character encoding. If that default encoding is ISO-8859-1, for example, decoding a cyrillic or Chinese character will result in '?' characters in the resulting byte array.

A simple solution is to always use UTF-8 for the conversion:
1) replace calls to String.getBytes() with String.getBytes(StandardCharsets.UTF_8)
2) replace calls to constructor String(byte[]) with String(byte[], StandardCharsets.UTF_8)

Regards,

Arjohn Kampman



--
Best,
Thierry
--
Thierry Templier, Lead Architect


Restlet SAS, 6 rue Rose Dieng-Kuntz • 44300 Nantes  France

To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Loading...