Merge "GoogleOAuthService: Decode JWTs as UTF-8"

commit: 4aa7322db5ec221b2419e12a9ec7af5b8c66659c [log] [tgz]
author: David Ostrovsky <david.ostrovsky@gmail.com> Fri Jan 15 19:34:00 2021 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Jan 15 19:34:00 2021 +0000
tree: 3607bafd8a3adca8632549fcff453372165ddd16
parent: c0b24d802a918433bc842127a3d7e817137707f8 [diff]
parent: 9ebbdfff2af74842f678ea543f3325323e02ab92 [diff]
diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/GoogleOAuthService.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/GoogleOAuthService.java
index b63ba33..997db0d 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/GoogleOAuthService.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/GoogleOAuthService.java

@@ -154,13 +154,21 @@
     throw new IOException(String.format("Invalid JSON '%s': not a JSON Object", userJson));
   }
 
-  private JsonObject retrieveJWTToken(OAuthToken token) {
+  private JsonObject retrieveJWTToken(OAuthToken token) throws IOException {
     JsonElement idToken = JSON.newGson().fromJson(token.getRaw(), JsonElement.class);
     if (idToken != null && idToken.isJsonObject()) {
       JsonObject idTokenObj = idToken.getAsJsonObject();
       JsonElement idTokenElement = idTokenObj.get("id_token");
       if (idTokenElement != null && !idTokenElement.isJsonNull()) {
-        String payload = decodePayload(idTokenElement.getAsString());
+        String payload;
+        try {
+          payload = decodePayload(idTokenElement.getAsString());
+        } catch (UnsupportedEncodingException e) {
+          throw new IOException(
+              String.format(
+                  "%s support is required to interact with JWTs", StandardCharsets.UTF_8.name()),
+              e);
+        }
         if (!Strings.isNullOrEmpty(payload)) {
           JsonElement tokenJsonElement = JSON.newGson().fromJson(payload, JsonElement.class);
           if (tokenJsonElement.isJsonObject()) {
@@ -189,13 +197,13 @@
    * @param idToken Base64 encoded tripple, separated with dot
    * @return openid_id part of payload, when contained, null otherwise
    */
-  private static String decodePayload(String idToken) {
+  private static String decodePayload(String idToken) throws UnsupportedEncodingException {
     Preconditions.checkNotNull(idToken);
     String[] jwtParts = idToken.split("\\.");
     Preconditions.checkState(jwtParts.length == 3);
     String payloadStr = jwtParts[1];
     Preconditions.checkNotNull(payloadStr);
-    return new String(Base64.decodeBase64(payloadStr));
+    return new String(Base64.decodeBase64(payloadStr), StandardCharsets.UTF_8.name());
   }
 
   @Override
commit	4aa7322db5ec221b2419e12a9ec7af5b8c66659c	[log] [tgz]
author	David Ostrovsky <david.ostrovsky@gmail.com>	Fri Jan 15 19:34:00 2021 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri Jan 15 19:34:00 2021 +0000
tree	3607bafd8a3adca8632549fcff453372165ddd16
parent	c0b24d802a918433bc842127a3d7e817137707f8 [diff]
parent	9ebbdfff2af74842f678ea543f3325323e02ab92 [diff]