search

papiayeee / oauth-signpost

Automatically exported from code.google.com/p/oauth-signpost
0 stars 0 forks source link

HmacSha1MessageSigner.java needs to trim the bas64Encode signature. #18

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Go through an entire request/access token against a python-oauth server.
2. Use the access token to try to access something.
3. The python-oauth library (the reference implementation for OAuth) barfs
because the signature is "IYALjIZeGwFri8xtv4uIaDBO3Ow%3D%0D%0A" which
decodes to 'IYALjIZeGwFri8xtv4uIaDBO3Ow=\r\n'.

What is the expected output? What do you see instead?

'IYALjIZeGwFri8xtv4uIaDBO3Ow='

What version of the product are you using? On what operating system?

Latest from svn.

Please provide any additional information below.

Change line 49 to be:

            return base64Encode(mac.doFinal(text)).trim();

And it all works.

Original issue reported on code.google.com by zed.s...@gmail.com on 7 Oct 2009 at 9:57

GoogleCodeExporter commented 8 years ago 
Any chance you're using commons-codec-1.4? This problem has been mentioned on 
the
mailing list before.

This appears to be a bug in commons-codec-1.4. Why would a Base64 encoder always
append a new line? This used to work with CC-1.3.

Original comment by m.kaepp...@gmail.com on 8 Oct 2009 at 7:52

GoogleCodeExporter commented 8 years ago 
Yep, I just tried with commons codec 1.3 (after reverting my change on 
signpost) and
it works.  So the culprit is commons.  In our server we're going to be 
stripping the
input base64 just in case (since this seems to be a common error), so I suggest 
that
signpost probably do this too.

Now, do you want to report the bug to commons codec or should I? :-)

Original comment by zed.s...@gmail.com on 8 Oct 2009 at 7:04

GoogleCodeExporter commented 8 years ago 
Go for it :-)

Could you please post the ticket link here afterwards?

Cheers
Matthias

Original comment by m.kaepp...@gmail.com on 9 Oct 2009 at 7:55

GoogleCodeExporter commented 8 years ago 
https://issues.apache.org/jira/browse/CODEC-89

Original comment by juliusda...@gmail.com on 28 Oct 2009 at 6:17

GoogleCodeExporter commented 8 years ago 
This issue was closed by revision r65.

Original comment by m.kaepp...@gmail.com on 28 Oct 2009 at 8:01