Doorgaan naar hoofdcontent

Java String toBytes and from Bytes

Last week I was trying to encode some encrypted data as a cookie. After encrypting the data, I was left with a byte[] array. So all that was left was to create a string, and then fix all the strange characters... preferably by base64 encoding it, for example.
That worked fine, until I wanted to decode the string. All of a sudden the byte[] array was no longer the same... well, sometimes, it wasn't.

  byte[] data = new byte[20];
  new Random().nextBytes[data]; // fill with some random data.
  String myString = new String(data);
  byte[] fromString = myString.getBytes();
  for(int i = 0; i < data.length; i++) 
    assert(data[i] == fromString[i])
The code above will fail... from time to time. This is rather strange, and not directly obvious from the javadoc. First I considered if it was an encoding problem. This only compounded the issue, as 
  new String(data, "UTF-16" ).getBytes().length
is twice the size of the original data. That was leading nowhere. After looking and testing I finally figured it out: Java String constructor with bytes assumed those bytes are from a string! If they are not, then the (logical) idempotence of new String().getBytes() does not hold!
What was actually necessary was encoding those bytes to a string... say a base64 string! Most base64 libraries support encoding bytes to a base64 byte[] array, and the apache commons codec also allows encoding to a string.
Better yet, they allow encoding to an url safe string, which does not contain +,= or /. And it has a proper decoding of such a string too. Presto!
Labels:

Reacties

Een reactie posten

Populaire posts van deze blog

Spring's conditional annotation with properties

Spring has a nice @Conditional annotation, to have the option to have beans be available in the context depending a specific condition (Of course, this can also be realized by using @Configuration objects, but that's a different post). Ideally, we'd have the option to have a condition evaluate to true or false depending on a property. Sadly, Spring does not support that out of the box. Googling and looking around gives a partial solution, but the complete one here, so we won't forget: /** * Components annotated with ConditionalOnProperty will be registered in the spring context depending on the value of a * property defined in the propertiesBeanName properties Bean. */ @Target({ ElementType.TYPE, ElementType.METHOD }) @Retention(RetentionPolicy.RUNTIME) @Conditional(OnPropertyCondition.class) public @interface ConditionalOnProperty { /** * The name of the property. If not found, it will evaluate to false. */ String value(); /** * if the p...
Een reactie posten
Meer lezen

On SSL certificate generation

 So, more stuff I always forget... how to properly generate SSL certs. Well, easiest is with openssl (of course) Something like: openssl req -new -newkey rsa:2048 -nodes  -sha256 -subj "/C=NL/ST=Utrecht/L=Utrecht/O=Cooperatieve Rabobank U.A./OU=RASS Groep ICT/CN=my-common-name.host.nl" -keyout somename-prod.key -out somename-prod.csr   That can get you a certificate sign request (csr) and the appropriate key.   Of course, you want to then import those keys into a keystore. The trick to doing that is to convert it to a pkcs12 format where it can have the certificate and the key combined.   openssl pkcs12 -export -inkey somename-prod.key -in somename-prod.rabobank.nl.crt -out somename-prod.p12  Note that the crt is the signed certificate, acquired through getting the csr generated above approved..   This p12 file you can import using something like KeyStore Explorer.   After that, you can also append the root certificates of the original cert, to en...
Een reactie posten
Meer lezen

Using spring's @transactional to only roll back when you really want to

In spring you can use the @Transactional annotation to marcate public methods as transactions. Any exception thrown in such an exception causes a rollback... Any exception? No, spring only does so on runtime exceptions. Checked exceptions are allowed and do not result in a rollback. And even then, you can allow some transactions to rollback, or not, with the proper properties for the transactions. For examle, @Transactional(rollbackFor="MyCheckedException.class") will rollback for a specific checked exception, and similarly, you can use @Transactional(noRollbackFor="MyUncheckedException.class") for unchecked exceptions. Of course, you might want to make it a little simpler on yourself. This article on stackoverflow shows us a different way: we can use our own transaction handler by overriding spring's. Let's have a sample interface which defines whether an exception should perform a rollback: interface ConfigurableRollback shouldRollbackOnE...
Een reactie posten
Meer lezen