users@jersey.java.net

Base64.encode() ok to use?

From: Christopher Piggott <cpiggott_at_gmail.com>
Date: Thu, 10 Jun 2010 17:16:38 -0400

I have some passwords stored in what's essentially the apache
.htpasswd file format, if you use SHA hashes.. the format is something
like:

     user:{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=

I thought that, as long as the class com.sun.jersey.core.util.Base64
was there, I would use it. But, it bombs.

        public boolean check(String actual, String given) {
            /* MessageDigest md = MessageDigest.getInstance("SHA1");
// was created earlier */

            md.reset();
            byte[] digest = md.digest(given.getBytes());
            String encoded = "{SHA}" + new String(Base64.encode(digest));
            return encoded.equals(actual);
        }


digest is an array of 20 bytes (tested this, it works).
Base64.encode() crashes with:

java.lang.ArrayIndexOutOfBoundsException: -6
        at com.sun.jersey.core.util.Base64.encode(Base64.java:181)

which corresponds Base64.java:

             encodedData[encodedIndex + 1] = lookUpBase64Alphabet[(b2 >> 4) |
                    (k << 4)];

Wondering ... should I not depend on this? (Previously was using
org.apache.commons.ssl.Base64 but I don't need apache commons ssl any
more).

--C