Fwd: RFR: (JDK-8005406) HTTP server implementation should use Base64 API

Chris Hegarty chris.hegarty at oracle.com
Fri Jan 11 13:54:44 PST 2013 

The source changes look fine to me Mark.

I think you may the the wrong bug number, or synopsis. The changes are 
in the basic and negotiate authenticators used by the Http client, 
HttpURLConnection. Anyway, the source changes look good to me.

I can sponsor this for you.

-Chris.

On 11/01/2013 18:14, Mark Sheppard wrote:
>
> A review request for JDK-8005406: HTTP server implementation should use Base64 API
>
> Description:
> jdk8 has java.util.Base64 to define a standard API for base64 encoding/decoding. It would be good to investigate whether this API could be used in the com.sun.net.httpserver implementation to replace the existing code in BasicAuthentication.
>
> Changes have been made to two files sun/net/www/protocol/http/BasicAuthentication.java
> and sun/net/www/protocol/http/NegotiateAuthentication.java to refactor the
> classes to use java.util.Base64 (Base64.Encoder&  Base64.Decoder)
> rather than sun.misc.BASE64Encoder&  sun.misc.BASE64Decoder
>
> Diffs inline
>
> regards
> Mark Sheppard.
>
> ---------------------------------BasicAuthnetication------------------------------------
>
>
> @@ -32,7 +32,8 @@ import java.io.IOException;
>   import java.io.IOException;
>   import java.io.OutputStream;
>   import sun.net.www.HeaderParser;
> -import sun.misc.BASE64Encoder;
> +import java.util.Base64;
> +import java.util.Base64.Encoder;
>
>   /**
>    * BasicAuthentication: Encapsulate an http server authentication using
> @@ -76,7 +77,7 @@ class BasicAuthentication extends Authen
>           System.arraycopy(nameBytes, 0, concat, 0, nameBytes.length);
>           System.arraycopy(passwdBytes, 0, concat, nameBytes.length,
>                            passwdBytes.length);
> -        this.auth = "Basic " + (new BasicBASE64Encoder()).encode(concat);
> +        this.auth = "Basic " + Base64.getEncoder().encodeToString(concat);
>           this.pw = pw;
>       }
>
> @@ -116,7 +117,7 @@ class BasicAuthentication extends Authen
>           System.arraycopy(nameBytes, 0, concat, 0, nameBytes.length);
>           System.arraycopy(passwdBytes, 0, concat, nameBytes.length,
>                            passwdBytes.length);
> -        this.auth = "Basic " + (new BasicBASE64Encoder()).encode(concat);
> +        this.auth = "Basic " + Base64.getEncoder().encodeToString(concat);
>           this.pw = pw;
>       }
>
> @@ -202,11 +203,4 @@ class BasicAuthentication extends Authen
>           return npath;
>       }
>
> -    /* It is never expected that the header value will exceed the bytesPerLine */
> -    private class BasicBASE64Encoder extends BASE64Encoder {
> -        @Override
> -        protected int bytesPerLine() {
> -            return (10000);
> -        }
> -    }
>   }
>
>
> ---------------------------------NegotiateAuthentication--------------------------------
>
> @@ -30,8 +30,9 @@ import java.net.Authenticator.RequestorT
>   import java.net.Authenticator.RequestorType;
>   import java.util.HashMap;
>   import sun.net.www.HeaderParser;
> -import sun.misc.BASE64Decoder;
> -import sun.misc.BASE64Encoder;
> +import java.util.Base64;
> +import java.util.Base64.Decoder;
> +import java.util.Base64.Encoder;
>   import static sun.net.www.protocol.http.AuthScheme.NEGOTIATE;
>   import static sun.net.www.protocol.http.AuthScheme.KERBEROS;
>
> @@ -151,9 +152,10 @@ class NegotiateAuthentication extends Au
>               byte[] incoming = null;
>               String[] parts = raw.split("\\s+");
>               if (parts.length>  1) {
> -                incoming = new BASE64Decoder().decodeBuffer(parts[1]);
> +                incoming = Base64.getDecoder().decode(parts[1]);
>               }
> -            response = hci.scheme + " " + new B64Encoder().encode(
> +            response = hci.scheme + " "
> +                + Base64.getEncoder().encodeToString(
>                           incoming==null?firstToken():nextToken(incoming));
>
>               conn.setAuthenticationProperty(getHeaderName(), response);
> @@ -201,11 +203,6 @@ class NegotiateAuthentication extends Au
>           return negotiator.nextToken(token);
>       }
>
> -    class B64Encoder extends BASE64Encoder {
> -        protected int bytesPerLine () {
> -            return 100000;  // as big as it can be, maybe INT_MAX
> -        }
> -    }
>
>       // MS will send a final WWW-Authenticate even if the status is already
>       // 200 OK. The token can be fed into initSecContext() again to determine

More information about the net-dev mailing list