Be explicit about charset when calling String.getBytes()
This commit is contained in:
@@ -14,6 +14,8 @@ import java.security.Signature;
|
||||
import com.threerings.getdown.data.Digest;
|
||||
import com.threerings.getdown.util.Base64;
|
||||
|
||||
import static java.nio.charset.StandardCharsets.UTF_8;
|
||||
|
||||
/**
|
||||
* Produces a signed hash of the appbase, appname, and image path to ensure that signed copies of
|
||||
* Getdown are not hijacked to run malicious code.
|
||||
@@ -45,7 +47,7 @@ public class AppletParamSigner
|
||||
PrivateKey key = (PrivateKey)store.getKey(alias, keypass.toCharArray());
|
||||
Signature sig = Signature.getInstance(Digest.sigAlgorithm(Digest.VERSION));
|
||||
sig.initSign(key);
|
||||
sig.update(params.getBytes());
|
||||
sig.update(params.getBytes(UTF_8));
|
||||
String signed = Base64.encodeToString(sig.sign(), Base64.DEFAULT);
|
||||
System.out.println("<param name=\"appbase\" value=\"" + appbase + "\" />");
|
||||
System.out.println("<param name=\"appname\" value=\"" + appname + "\" />");
|
||||
|
||||
@@ -107,7 +107,7 @@ public class Base64 {
|
||||
* if any are present, there must be the correct number of them.
|
||||
*
|
||||
* @param str the input String to decode, which is converted to
|
||||
* bytes using the default charset
|
||||
* bytes using ASCII
|
||||
* @param flags controls certain features of the decoded output.
|
||||
* Pass {@code DEFAULT} to decode standard Base64.
|
||||
*
|
||||
@@ -115,7 +115,7 @@ public class Base64 {
|
||||
* incorrect padding
|
||||
*/
|
||||
public static byte[] decode(String str, int flags) {
|
||||
return decode(str.getBytes(), flags);
|
||||
return decode(str.getBytes(US_ASCII), flags);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user