Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

[#762] Always use utf-8 when converting Strings to bytes in Crypto

  • Loading branch information...
commit 3e43eca21f361609658bbc0c19689de789a2ac09 1 parent c012847
James Roper jroper authored
Showing with 8 additions and 9 deletions.
  1. +8 −9 framework/src/play/src/main/scala/play/api/libs/Crypto.scala
17 framework/src/play/src/main/scala/play/api/libs/Crypto.scala
View
@@ -1,6 +1,5 @@
package play.api.libs
-import java.security._
import javax.crypto._
import javax.crypto.spec.SecretKeySpec
@@ -27,7 +26,7 @@ object Crypto {
* Signs the given String with HMAC-SHA1 using the application’s secret key.
*/
def sign(message: String): String = {
- secret.map(secret => sign(message, secret.getBytes)).getOrElse {
+ secret.map(secret => sign(message, secret.getBytes("utf-8"))).getOrElse {
throw new PlayException("Configuration error", "Missing application.secret")
}
}
@@ -50,11 +49,11 @@ object Crypto {
* @return An hexadecimal encrypted string
*/
def encryptAES(value: String, privateKey: String): String = {
- val raw = privateKey.getBytes()
+ val raw = privateKey.getBytes("utf-8")
val skeySpec = new SecretKeySpec(raw, "AES")
val cipher = Cipher.getInstance("AES")
cipher.init(Cipher.ENCRYPT_MODE, skeySpec)
- Codecs.toHexString(cipher.doFinal(value.getBytes()))
+ Codecs.toHexString(cipher.doFinal(value.getBytes("utf-8")))
}
/**
@@ -75,11 +74,11 @@ object Crypto {
* @return The decrypted String
*/
def decryptAES(value: String, privateKey: String): String = {
- val raw = privateKey.getBytes();
- val skeySpec = new SecretKeySpec(raw, "AES");
- val cipher = Cipher.getInstance("AES");
- cipher.init(Cipher.DECRYPT_MODE, skeySpec);
- new String(cipher.doFinal(Codecs.hexStringToByte(value)));
+ val raw = privateKey.getBytes("utf-8")
+ val skeySpec = new SecretKeySpec(raw, "AES")
+ val cipher = Cipher.getInstance("AES")
+ cipher.init(Cipher.DECRYPT_MODE, skeySpec)
+ new String(cipher.doFinal(Codecs.hexStringToByte(value)))
}
}
Please sign in to comment.
Something went wrong with that request. Please try again.