azure-docs icon indicating copy to clipboard operation
azure-docs copied to clipboard

Published 20 hours ago verified publisher icon MicrosoftDocs

Authentication and security - Java code example in this page fails

Open aitzhak opened this issue 2 years ago • 2 comments

There are 3 problems in the Java code in this page, specifically this code:

import java.io.Console;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.nio.charset.StandardCharsets;

public static Boolean headerMatchesEnvVar(String headerValue) throws NoSuchAlgorithmException {
    MessageDigest digest = MessageDigest.getInstance("SHA-256");
    String envVar = System.getenv("WEBSITE_AUTH_ENCRYPTION_KEY");
    String hash = new String(Base64.getDecoder().decode(digest.digest(envVar.getBytes(StandardCharsets.UTF_8))));
    return hash == headerValue;
}
  1. It fails when trying to perform Base64.getDecoder().decode with the following Exception: java.lang.IllegalArgumentException: Illegal base64 character -5f It should instead activate Base64.getEncoder().encode as follows: String hash = new String(Base64.getEncoder().encode(digest.digest(envVar.getBytes(StandardCharsets.UTF_8))));
  2. The expression hash == headerValue returns false even if the Strings have the same value. It should be changed to hash.equals(headerValue)
  3. There is an unnecessary import java.io.Console

Thanks in advance, aitzhak

[Enter feedback here]

Document Details

Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

aitzhak avatar Dec 06 '22 11:12 aitzhak

@aitzhak Thanks for your feedback! We will investigate and update as appropriate.

AjayBathini-MSFT avatar Dec 06 '22 15:12 AjayBathini-MSFT

Thanks for the feedback! I have assigned the issue to the content author to investigate further and update the document as appropriate.

RyanHill-MSFT avatar Dec 12 '22 19:12 RyanHill-MSFT

#needs-sme-input

msangapu-msft avatar Jan 18 '23 20:01 msangapu-msft

@msangapu-msft can we assign this to @denverbrittain

btardif avatar Oct 11 '23 17:10 btardif

#reassign: denverbrittain

msangapu-msft avatar Oct 11 '23 17:10 msangapu-msft

@msangapu-msft The PR was merged to update the code with the corrections

jeffwmartinez avatar Mar 07 '24 14:03 jeffwmartinez

#please-close based on @jeffwmartinez comment this is now fixed

btardif avatar Mar 07 '24 19:03 btardif