Strange Base64 encode/decode problem - html

I'm using Grails 1.3.7. I have some code that uses the built-in base64Encode function and base64Decode function. It all works fine in simple test cases where I encode some binary data and then decode the resulting string and write it to a new file. In this case the files are identical.
But then I wrote a web service that took the base64 encoded data as a parameter in a POST call. Although the length of the base64 data is identical to the string I passed into the function, the contents of the base64 data are being modified. I spend DAYS debugging this and finally wrote a test controller that passed the data in base64 to post and also took the name of a local file with the correct base64 encoded data, as in:
data=AAA-base-64-data...&testFilename=/name/of/file/with/base64data
Within the test function I compared every byte in the incoming data parameter with the appropriate byte in the test file. I found that somehow every "+" character in the input data parameter had been replaced with a " " (space, ordinal ascii 32). Huh? What could have done that?
To be sure I was correct, I added a line that said:
data = data.replaceAll(' ', '+')
and sure enough the data decoded exactly right. I tried it with arbitrarily long binary files and it now works every time. But I can't figure out for the life of me what would be modifying the data parameter in the post to convert the ord(43) character to ord(32)? I know that the plus sign is one of the 2 somewhat platform dependent characters in the base64 spec, but given that I am doing the encoding and decoding on the same machine for now I am super puzzled what caused this. Sure I have a "fix" since I can make it work, but I am nervous about "fixes" that I don't understand.
The code is too big to post here, but I get the base64 encoding like so:
def inputFile = new File(inputFilename)
def rawData = inputFile.getBytes()
def encoded = rawData.encodeBase64().toString()
I then write that encoded string out to new a file so I can use it for testing later. If I load that file back in as so I get the same rawData:
def encodedFile = new File(encodedFilename)
String encoded = encodedFile.getText()
byte[] rawData = encoded.decodeBase64()
So all that is good. Now assume I take the "encoded" variable and add it to a param to a POST function like so:
String queryString = "data=$encoded"
String url = "http://localhost:8080/some_web_service"
def results = urlPost(url, queryString)
def urlPost(String urlString, String queryString) {
def url = new URL(urlString)
def connection = url.openConnection()
connection.setRequestMethod("POST")
connection.doOutput = true
def writer = new OutputStreamWriter(connection.outputStream)
writer.write(queryString)
writer.flush()
writer.close()
connection.connect()
return (connection.responseCode == 200) ? connection.content.text : "error $connection.responseCode, $connection.responseMessage"
}
on the web service side, in the controller I get the parameter like so:
String data = params?.data
println "incoming data parameter has length of ${data.size()}" //confirm right size
//unless I run the following line, the data does not decode to the same source
data = data.replaceAll(' ', '+')
//as long as I replace spaces with plus, this decodes correctly, why?
byte[] bytedata = data.decodeBase64()
Sorry for the long rant, but I'd really love to understand why I had to do the "replace space with plus sign" to get this to decode correctly. Is there some problem with the plus sign being used in a request parameter?

Whatever populates params expects the request to be a URL-encoded form (specifically, application/x-www-form-urlencoded, where "+" means space), but you didn't URL-encode it. I don't know what functions your language provides, but in pseudo code, queryString should be constructed from
concat(uri_escape("data"), "=", uri_escape(base64_encode(rawBytes)))
which simplifies to
concat("data=", uri_escape(base64_encode(rawBytes)))
The "+" characters will be replaced with "%2B".

You have to use a special base64encode which is also url-safe. The problem is that standard base64encode includes +, / and = characters which are replaced by the percent-encoded version.
http://en.wikipedia.org/wiki/Base64#URL_applications
I'm using the following code in php:
/**
* Custom base64 encoding. Replace unsafe url chars
*
* #param string $val
* #return string
*/
static function base64_url_encode($val) {
return strtr(base64_encode($val), '+/=', '-_,');
}
/**
* Custom base64 decode. Replace custom url safe values with normal
* base64 characters before decoding.
*
* #param string $val
* #return string
*/
static function base64_url_decode($val) {
return base64_decode(strtr($val, '-_,', '+/='));
}

Because it is a parameter to a POST you must URL encode the data.
See http://en.wikipedia.org/wiki/Percent-encoding

paraquote from the wikipedia link
The encoding used by default is based
on a very early version of the general
URI percent-encoding rules, with a
number of modifications such as
newline normalization and replacing
spaces with "+" instead of "%20"
another hidden pitfall everyday web developers like myself know little about

Related

Calling an API returns expected JSONArray, found JSONObject

I'm calling an API from Go and trying to push json string data from another api call into it.
I can hand craft the calls using a payload like
payload := strings.NewReader('[{"value1":333, "value2":444}]'
and everything is happy.
I'm now trying to covert this to take the json string {"value1":333, "value2":444} as an input parameter of type string to a function, but when I try and use that as the payload, the api is responding with
expected type: JSONArray, found: JSONObject
I naively tried setting the input to the function as []string and appending the data to an array as the input, but then strings.NewReader complained that it was being fed an array.. which is was.
I'm at a loss to work out how to convert a string of json into a json array that the api will be happy with.
I tried just surrounding the string with [] but the compiler threw a fit about incorrect line termination.
Must have been doing something wrong with the string, surrounding the {} with [] let the function pass the data, but there must be a better way than this.
Any ideas, or am I making this harder than it should be?
You were on the right track with the brackets, but you actually need to append the characters to the string. For example:
str := `{"value1":333, "value2":444}`
str = "[" + str + "]"
// [{"value1":333, "value2":444}]
https://play.golang.org/p/rWHCLDCAngd
If you use brackets outside a string or rune literal, then it is parsed as Go language syntax.

Roku ParseJSON gives Unknow Identifier error when loading json via AJAX

I'm trying to write a simple Roku application.
When I load the JSON file via roURLTransfer ParseJSON function gives me BRIGHTSCRIPT: ERROR: ParseJSON: Unknown identifier.
If I load the JSON file via ReadAsciiFile("pkg:/feed/feed.json") it works.
The JSON file is the same and I'm pretty sure that my JSON is correct.
url = "http://192.168.1.36/misc/roku/ifilm/feed.json"
result = ""
timeout = 10000
ut = CreateObject("roURLTransfer")
ut.SetPort(CreateObject("roMessagePort"))
ut.SetURL(url)
if ut.AsyncGetToString()
event = wait(timeout, ut.GetPort())
if type(event) = "roUrlEvent"
result = event.GetString()
elseif event = invalid
ut.AsyncCancel()
else
print "roUrlTransfer::AsyncGetToString(): unknown event"
end if
end if
' `print result` shows the correct lintable JSON
' print result
' Next line gives me: BRIGHTSCRIPT: ERROR: ParseJSON: Unknown identifier
json = ParseJSON(result)
But putting the JSON file inside the app works:
feed = ReadAsciiFile("pkg:/feed/feed.json")
sleep(2000)
json = ParseJson(feed)
I need to load the data from the Internet and using the embedded version doesn't help me. Does anyone know what should I do to make it work?
The "Unknown identifier" error is usually because there's a character in the json string that ParseJson() does not support. The reason why ReadAsciiFile() works is likely because the function "cleans up" the json string by applying UTF-8 encoding.
A common character that's present at the beginning of some JSON responses that causes this issue is the unicode character Byte Order Mark (BOM)
If you google "byte order mark json" you'll see lots of cases where this affects other platforms as well.
You can just do a simple find and replace to get rid of that character before attempting to parse the string.
bomChar = Chr(65279)
if result.left(len(bomChar)) = bomChar ' Check if the string has the BOM char prefix
result = result.replace(bomChar, "")
end if
If that doesn't work, then your response may have some other conflicting character, in that case I would advise using ifUrlTransfer::AsyncGetToFile() instead of AsyncGetToString() and then use ReadAsciiFile() which should guarantee a properly formatted json string every time (as long as your json is valid).

HttpStringContent Making JSON Invalid?

httpClient = new HttpClient();
stringContent = new HttpStringContent(postBody, UnicodeEncoding.Utf8, "application/json");
httpResponse = await httpClient.PostAsync(uri, stringContent);
String responseString = await httpResponse.Content.ReadAsStringAsync();
Writing a UWP app and trying to send JSON data to a web server. In another method when I serialize an object to JSON postBody = JsonConvert.SerializeObject(parentModel);, I get valid JSON:
"{\"ParentId\":\"uwp#test.com\",\"ParentPrimaryId\":\"uwp#test.com\",\"ParentPassword\":\"n78mG2LB18ANtzr7gd2X/fILNELjbjOMuTWbhWoDvcg=\",\"ParentFirstName\":\"Bill\",\"ParentLastName\":\"Gates\",\"AddChildDistrictId\":\"\",\"RemoveChildDistrictId\":\"\",\"ParentToken\":null,\"ParentDistrictId\":\"\",\"ParentChildDistricts\":\"\",\"AppPlatform\":\"Windows 10.0.15063.138\",\"AppVersion\":10000,\"ParentAccountStatus\":1,\"ParentStatusCode\":0,\"ParentFailedSignInAttempt\":0}"
However, when I pass the post body to HttpStringContent, it gives me:
{{"ParentId":"uwp#test.com","ParentPrimaryId":"uwp#test.com","ParentPassword":"n78mG2LB18ANtzr7gd2X/fILNELjbjOMuTWbhWoDvcg=","ParentFirstName":"Bill","ParentLastName":"Gates","AddChildDistrictId":"","RemoveChildDistrictId":"","ParentToken":null,"ParentDistrictId":"","ParentChildDistricts":"","AppPlatform":"Windows 10.0.15063.138","AppVersion":10000,"ParentAccountStatus":1,"ParentStatusCode":0,"ParentFailedSignInAttempt":0}}
Which is invalid JSON. Is this what is being sent? Why does it add the extra outer brace and remove the beginning quotation marks?
I suspect those are actually the same string at the byte level, and the difference is in how Visual Studio is displaying them to you.
The first example is a syntactically correct C# literal string, surrounded in quotes with internal quotes escaped. The actual string of course doesn't contain backslash characters or starting/ending quotes; those are just required to represent the string in C#.
The second example looks like how Visual Studio's debugging tools display an object and its contents. In this case, the outer {} are how VS tells you it's a object; those characters aren't in the actual string.
So again, I think they are byte-for-byte the same actual string, just represented differently by the IDE.

cordova readAsText returns json string that can't be parsed to JSON object

I read my json file using http and cordova file readAsText functions.
http request returns an object which is ok.
cordova file readAsText function return 'string' which contain extra "r\n\" symbols. This make it impossible to use JSON.parse(evt.target.result)
function readJson(absPath, success, failed){
window.resolveLocalFileSystemURL(absPath, function (entry) {
entry.file(function (file) {
var reader = new FileReader();
reader.onloadend = function (evt) {
success(evt.target.result);
};
reader.readAsText(file);
}, failed);
}, failed);
}
readJson(cordova.file.dataDirectory + 'my.json', function(res){
console.log(JSON.parse(res)); //here I've got an parsing error due to presence of r\n\ symbols
}, failed );
How to read JSON files using cordova?
UPDATE:
funny thing that the following works:
a = '{\r\n"a":"1",\r\n"b":"2"\r\n}';
b = JSON.parse(a);
so the problem not only with \r\n... there is something else that is added by cordova readAsText
UPDATE2
as a workaround I use now var object = eval("(" + res + ")")
Still search for a common way to load json objects...
No one has answered this and I just had to solve it for my project, so I will post my solution.
The readAsText method outputs a string, so you CAN actually run a replace on it, but what you need to do is use a RegExp to find the newline character. here's my solution:
var sanitizerRegex = new RegExp(String.fromCharCode(10), 'g');
var sanitizedData = JSON.parse(result.replace(sanitizerRegex, ''));
I've used the String method fromCharCode to get the specific newline character and the "g" flag to match all instances in the entire string. The problem with your string solution is that you can't do a string replace using the characters for backslash and "n" because the issue is the actual new line character, which is merely represented as "\n".
I do not know the reason JSON.parse can't handle the newline character, or why the file plugin introduces this problem, but this solution seems to work for me.
Also, NEVER use eval like this if you can avoid it, especially on input from a source like a JSON file. Even in a cordova app, using eval is potentially very unsafe.
I found out the solution after debug deeply. readAsText function returned text has one more letter at the first position of text.
Example:
{"name":"John"} => ?{"name":"John"} (?: API didn't return ?, just one string)
I confirmed this with length of result, so we need to use substr(1) before parse JSON.
fileContent = fileContent.substr(1);
var jData = jQuery.parseJSON(fileContent);

Using as3Crypto to encrypt/decrypt with only URL Query save chars

I was using as3Crypto with no probs
http://www.zedia.net/2009/as3crypto-and-php-what-a-fun-ride/
but it produces a string which includes equal (and probably other URL Query unsafe characters). Is there a way to encrypt like this?
Current code below:
public function encrypt(txt:String = ''):String
{
var data:ByteArray = Hex.toArray(Hex.fromString(txt));
var pad:IPad = new PKCS5;
var mode:ICipher = Crypto.getCipher(type, key, pad);
pad.setBlockSize(mode.getBlockSize());
mode.encrypt(data);
return ''+Base64.encodeByteArray(data);
}
Yes, base 64 encoding is the normal way to do this, although you must still URL escape the result, because Base64 contains unsafe characters as well ('/', '+' and '=' to be precise).