Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Decoding error when cookie is encrypted #103

Closed
svenkubiak opened this issue Dec 21, 2015 · 2 comments
Closed

Decoding error when cookie is encrypted #103

svenkubiak opened this issue Dec 21, 2015 · 2 comments
Labels
confirmed bug
Milestone
2.1.0

Comments

@svenkubiak
Copy link
Owner

When cookie encryption is enable the following errors is thrown:

        Exception in thread "XNIO-1 task-24" org.bouncycastle.util.encoders.DecoderException: unable to decode base64 string: invalid characters encountered in base64 data
        at org.bouncycastle.util.encoders.Base64.decode(Unknown Source)
        at io.mangoo.crypto.Crypto.decrypt(Crypto.java:74)
        at io.mangoo.crypto.Crypto.decrypt(Crypto.java:55)
        at io.mangoo.utils.RequestUtils.hasValidAuthentication(RequestUtils.java:185)
        at io.mangoo.routing.handlers.ServerSentEventHandler.connected(ServerSentEventHandler.java:33)
        at io.undertow.server.handlers.sse.ServerSentEventHandler.handleConnect(ServerSentEventHandler.java:93)
        at io.undertow.server.handlers.sse.ServerSentEventHandler.access$000(ServerSentEventHandler.java:38)
        at io.undertow.server.handlers.sse.ServerSentEventHandler$2.run(ServerSentEventHandler.java:71)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: invalid characters encountered in base64 data
        at org.bouncycastle.util.encoders.Base64Encoder.decode(Unknown Source)
        ... 11 more

First investigation suggest, that this happens when cookie encryption is enable and an unencrypted cookie is passed to the decrypt function.
@svenkubiak svenkubiak added this to the 2.1.0 milestone Dec 21, 2015
@MarkVink
Copy link
Contributor

Please note; this also accursed when I did clear my cookies on forehand. In my experience this behaviour shows after a few requests when cookie encryption is enabled.

@svenkubiak
Copy link
Owner Author

Probably found it. setSessionCookie was calling

if (this.config.isAuthenticationCookieEncrypt()) {
    value = Application.getInstance(Crypto.class).encrypt(value);
}

which should be

if (this.config.isSessionCookieEncrypt()) {
    value = Application.getInstance(Crypto.class).encrypt(value);
}

svenkubiak added a commit that referenced this issue Dec 21, 2015
@svenkubiak
#103 Fixed bug when cookie encryption was enabled
beb52d0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
confirmed bug
Projects
None yet
Milestone
2.1.0
Development

No branches or pull requests
2 participants
@svenkubiak @MarkVink