8006153: HTTP protocol handler authenication should use Base64 API
Reviewed-by: chegar, alanb
Contributed-by: Mark Sheppard <mark.sheppard@oracle.com>
--- a/jdk/src/share/classes/sun/net/www/protocol/http/BasicAuthentication.java Fri Jan 11 22:45:42 2013 -0800
+++ b/jdk/src/share/classes/sun/net/www/protocol/http/BasicAuthentication.java Sun Jan 13 22:09:50 2013 +0000
@@ -31,8 +31,9 @@
import java.net.PasswordAuthentication;
import java.io.IOException;
import java.io.OutputStream;
+import java.util.Base64;
+import java.util.Base64.Encoder;
import sun.net.www.HeaderParser;
-import sun.misc.BASE64Encoder;
/**
* BasicAuthentication: Encapsulate an http server authentication using
@@ -76,7 +77,7 @@
System.arraycopy(nameBytes, 0, concat, 0, nameBytes.length);
System.arraycopy(passwdBytes, 0, concat, nameBytes.length,
passwdBytes.length);
- this.auth = "Basic " + (new BasicBASE64Encoder()).encode(concat);
+ this.auth = "Basic " + Base64.getEncoder().encodeToString(concat);
this.pw = pw;
}
@@ -116,7 +117,7 @@
System.arraycopy(nameBytes, 0, concat, 0, nameBytes.length);
System.arraycopy(passwdBytes, 0, concat, nameBytes.length,
passwdBytes.length);
- this.auth = "Basic " + (new BasicBASE64Encoder()).encode(concat);
+ this.auth = "Basic " + Base64.getEncoder().encodeToString(concat);
this.pw = pw;
}
@@ -201,12 +202,5 @@
/*should not reach here. If we do simply return npath*/
return npath;
}
+}
- /* It is never expected that the header value will exceed the bytesPerLine */
- private class BasicBASE64Encoder extends BASE64Encoder {
- @Override
- protected int bytesPerLine() {
- return (10000);
- }
- }
-}
--- a/jdk/src/share/classes/sun/net/www/protocol/http/NegotiateAuthentication.java Fri Jan 11 22:45:42 2013 -0800
+++ b/jdk/src/share/classes/sun/net/www/protocol/http/NegotiateAuthentication.java Sun Jan 13 22:09:50 2013 +0000
@@ -28,10 +28,9 @@
import java.net.URL;
import java.io.IOException;
import java.net.Authenticator.RequestorType;
+import java.util.Base64;
import java.util.HashMap;
import sun.net.www.HeaderParser;
-import sun.misc.BASE64Decoder;
-import sun.misc.BASE64Encoder;
import static sun.net.www.protocol.http.AuthScheme.NEGOTIATE;
import static sun.net.www.protocol.http.AuthScheme.KERBEROS;
@@ -151,9 +150,9 @@
byte[] incoming = null;
String[] parts = raw.split("\\s+");
if (parts.length > 1) {
- incoming = new BASE64Decoder().decodeBuffer(parts[1]);
+ incoming = Base64.getDecoder().decode(parts[1]);
}
- response = hci.scheme + " " + new B64Encoder().encode(
+ response = hci.scheme + " " + Base64.getEncoder().encodeToString(
incoming==null?firstToken():nextToken(incoming));
conn.setAuthenticationProperty(getHeaderName(), response);
@@ -201,12 +200,6 @@
return negotiator.nextToken(token);
}
- class B64Encoder extends BASE64Encoder {
- protected int bytesPerLine () {
- return 100000; // as big as it can be, maybe INT_MAX
- }
- }
-
// MS will send a final WWW-Authenticate even if the status is already
// 200 OK. The token can be fed into initSecContext() again to determine
// if the server can be trusted. This is not the same concept as Digest's