<html>
<body>
Heh. You and I have a different understanding of
silent! I meant that the base64 decoder doesn't actually
complain if the base64 is malformed by either the insertion of extraneous
characters, or by the omission of the ending pad characters if
any.<br><br>
Later, Mike<br><br>
<br><br>
At 12:22 PM 2/15/2013, Xueming Shen wrote:<br>
<blockquote type=cite class=cite cite="">On 2/15/13 8:52 AM, Michael
StJohns wrote:<br>
<blockquote type=cite class=cite cite=""><br>
<pre>Is the "mime" variant of Base64 the correct one for
this? I ask because that variant ignores extraneous characters
rather than throwing an error on decode. Also, reading the
code for the Base64 implementation, it silently "fixes" the
case where there are missing padding "=" characters.
Neither of these seem ideal for security related
processing.</pre><font face="Courier New, Courier"></font></blockquote>
<br>
Just want to point out that the latest Base64.Decoder spec has been
updated to "explicitly" says<br><br>
"The Base64 padding character '=' is accepted and interpreted as the
end of the encoded byte data, but is not required. So if the final unit
of the encoded byte data only has two or three Base64 characters (without
the corresponding padding character(s) padded), they are decoded as if
followed by padding character(s). "<br><br>
So it's no longer "silently" anymore:-)<br><br>
-Sherman<br><br>
<blockquote type=cite class=cite cite=""><br>
<pre>
It may be reasonable to add a PEM variant to the Base64 code that deals
with the above.
Mike
At 08:24 AM 2/14/2013, Mark Sheppard wrote:
</pre><font face="Courier New, Courier"></font>
<blockquote type=cite class=cite cite=""><br>
<pre>Hi,
as part of a refactoring of the jdk codebase to use the base64
capabilities of java.util.Base64, the following modifications,
as per the webrev,
<a href="http://cr.openjdk.java.net/~chegar/8006182/webrev.00/">
http://cr.openjdk.java.net/~chegar/8006182/webrev.00/</a>
have been made to complete task JDK-8006182.
Could you oblige and review these changes, please?
Description:
jdk8 has java.util.Base64 to define a standard API for base64
encoding/decoding. It would be good to investigate whether this API could
be used in the security components, providers and regression tests.
In the main this work involved replacing the sun.misc.BASE64Encoder and
sun.misc.BASE64Decoder with the
corresponding Mime Base64 Encoder/Decoder (as per rfc2045) from the
java.util.Base64 class.
This is a like for like replacement.
As such, sun.misc.BASE64Encoder maps to the encoder returned by
java.util.Base64.getMimeEncoder()
sun.misc.BASE64Decoder maps to the decoder returned by
java.util.Base64.getMimeDecoder()
However a couple of items worth noting:
In the jarsigner (Main.java) the standard Base64 encoder (rfc
4648), java.util.Base64.getEncoder(), has been used to replace the
JarBASE64Encoder, which was a package private extension of BASE64Encoder,
which avoids writing newline to the encoded data.
In the keytool (Main.java), methods such as dumpCert, printCert.
printCRL, and so on, write a Base64 encoding to an OutputStream,
typically std out.
This is achieved in the BASE64Encoder, by passing the OutputStream to
methods such as encodeBuffer().
A couple of options exist to do this under the new Base64 utilities,
which include:
* using a Mime Encoder encodeToString() and output to the stream
via println()
* use the wrap capabilities of the Base64.Encoder:
- define a package private class, which extends
FilterOutputStream (e.g. NoCloseWrapperOutputStream) and, overrides
close() to do nothing
- inject the OutputStream, passed to the keytool
method, into the NoCloseWrapperOutputStreamwapper,
- wrap() the NoCloseWrapperOutputStreamwrapper in the Mime
Encoder, which will in turn return an encapsulating OutputStream;
- write the data buffer to be encoded to the encoder's
OutputStream;
- close the encoder's OutputStream, which completes the
base64 encoding;
- append a newline to the initial OutputStream.
pragmatics and the simplest thing that works, went for the first option.
regards
Mark
</pre><font face="Courier New, Courier"></font></blockquote><br>
<pre>
</pre><font face="Courier New, Courier"></font></blockquote></blockquote>
</body>
<br>
</html>