Fixed encoding issue when using CookieAuthenticator. Issue #1159. Reported by Arjohn Kampman.

Author: thboileau

Diff for: build/tmpl/text/changes.txt

@@ -8,6 +8,8 @@ Changes log
        - Fixed NullPointerException when requestind a Directory with a query string. Issue #1206.
          Reported by Ralph van Etten.
        - Fixed support of non-bytes ranges. Issue #1132.
+       - Fixed encoding issue when using CookieAuthenticator. Issue #1159.
+         Reported by Arjohn Kampman.
 
 - 2.3.7 (03/14/2016)
     - Bugs fixed

Diff for: modules/org.restlet.ext.crypto/src/org/restlet/ext/crypto/CookieAuthenticator.java

@@ -266,7 +266,7 @@ public void challenge(Response response, boolean stale) {
      * @return The raw credentials.
      * @throws GeneralSecurityException
      */
-    protected String formatCredentials(ChallengeResponse challenge)
+    public String formatCredentials(ChallengeResponse challenge)
             throws GeneralSecurityException {
         // Data buffer
         StringBuffer sb = new StringBuffer();
@@ -542,16 +542,16 @@ protected int logout(Request request, Response response) {
      * @return The credentials as a proper challenge response.
      */
     protected ChallengeResponse parseCredentials(String cookieValue) {
-        // 1) Decode Base64 string
-        byte[] encrypted = Base64.decode(cookieValue);
-
-        if (encrypted == null) {
-            getLogger().warning(
-                    "Cannot decode cookie credentials : " + cookieValue);
-        }
-
-        // 2) Decrypt the credentials
         try {
+            // 1) Decode Base64 string
+            byte[] encrypted = Base64.decode(cookieValue);
+            
+            if (encrypted == null) {
+                getLogger().warning(
+                        "Cannot decode cookie credentials : " + cookieValue);
+            }
+            
+            // 2) Decrypt the credentials
             String decrypted = CryptoUtils.decrypt(getEncryptAlgorithm(),
                     getEncryptSecretKey(), encrypted);
 

Diff for: modules/org.restlet.ext.crypto/src/org/restlet/ext/crypto/internal/CryptoUtils.java

@@ -24,6 +24,7 @@
 
 package org.restlet.ext.crypto.internal;
 
+import java.nio.charset.Charset;
 import java.security.GeneralSecurityException;
 
 import javax.crypto.Cipher;
@@ -76,7 +77,7 @@ public static String decrypt(String algo, byte[] secretKey, byte[] encrypted)
             throws GeneralSecurityException {
         byte[] original = doFinal(algo, secretKey, Cipher.DECRYPT_MODE,
                 encrypted);
-        return new String(original);
+        return new String(original, Charset.forName("UTF-8"));
     }
 
     /**
@@ -130,7 +131,7 @@ private static byte[] doFinal(String algo, byte[] secretKey, int mode,
      */
     public static byte[] encrypt(String algo, byte[] secretKey, String content)
             throws GeneralSecurityException {
-        return doFinal(algo, secretKey, Cipher.ENCRYPT_MODE, content.getBytes());
+        return doFinal(algo, secretKey, Cipher.ENCRYPT_MODE, content.getBytes(Charset.forName("UTF-8")));
     }
 
     /**

Diff for: modules/org.restlet/src/org/restlet/representation/BufferingRepresentation.java

@@ -136,9 +136,9 @@ public String getText() throws IOException {
         buffer();
 
         if (getBuffer() != null) {
-            return (getCharacterSet() != null) ? new String(getBuffer(),
-                    getCharacterSet().toCharset().name()) : new String(
-                    getBuffer());
+            return (getCharacterSet() != null) ? 
+                    new String(getBuffer(), getCharacterSet().toCharset().name()) : 
+                    new String(getBuffer());
         }
 
         return null;