GoogleOAuthService: Decode JWTs as UTF-8 Change-Id: I7430de510f3883715ec0654fca615e52d5cbdb40
diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/GoogleOAuthService.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/GoogleOAuthService.java index b63ba33..997db0d 100644 --- a/src/main/java/com/googlesource/gerrit/plugins/oauth/GoogleOAuthService.java +++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/GoogleOAuthService.java
@@ -154,13 +154,21 @@ throw new IOException(String.format("Invalid JSON '%s': not a JSON Object", userJson)); } - private JsonObject retrieveJWTToken(OAuthToken token) { + private JsonObject retrieveJWTToken(OAuthToken token) throws IOException { JsonElement idToken = JSON.newGson().fromJson(token.getRaw(), JsonElement.class); if (idToken != null && idToken.isJsonObject()) { JsonObject idTokenObj = idToken.getAsJsonObject(); JsonElement idTokenElement = idTokenObj.get("id_token"); if (idTokenElement != null && !idTokenElement.isJsonNull()) { - String payload = decodePayload(idTokenElement.getAsString()); + String payload; + try { + payload = decodePayload(idTokenElement.getAsString()); + } catch (UnsupportedEncodingException e) { + throw new IOException( + String.format( + "%s support is required to interact with JWTs", StandardCharsets.UTF_8.name()), + e); + } if (!Strings.isNullOrEmpty(payload)) { JsonElement tokenJsonElement = JSON.newGson().fromJson(payload, JsonElement.class); if (tokenJsonElement.isJsonObject()) { @@ -189,13 +197,13 @@ * @param idToken Base64 encoded tripple, separated with dot * @return openid_id part of payload, when contained, null otherwise */ - private static String decodePayload(String idToken) { + private static String decodePayload(String idToken) throws UnsupportedEncodingException { Preconditions.checkNotNull(idToken); String[] jwtParts = idToken.split("\\."); Preconditions.checkState(jwtParts.length == 3); String payloadStr = jwtParts[1]; Preconditions.checkNotNull(payloadStr); - return new String(Base64.decodeBase64(payloadStr)); + return new String(Base64.decodeBase64(payloadStr), StandardCharsets.UTF_8.name()); } @Override