[JIRA] (JENKINS-14492) IAE "Illegal character(s) in message header value" from com.saucelabs.rest.Credential.call

Wed, 18 Jul 2012 13:08:49 -0700

Issue Type: Bug Bug
Assignee: Kohsuke Kawaguchi
Components: sauce-ondemand
Created: 18/Jul/12 8:08 PM
Description:

A user reports getting an error message when attempting to use the Test Connection button. The meat of the exception is

java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic someLongBase64EncodedMessHereEtcEtcEtcEtcEtcEtcEtcEtcEtcEtcEtcEtcEtcAndAnEOL

	sun.net.www.protocol.http.HttpURLConnection.checkMessageHeader(HttpURLConnection.java:428)
	sun.net.www.protocol.http.HttpURLConnection.isExternalMessageHeaderAllowed(HttpURLConnection.java:394)
	sun.net.www.protocol.http.HttpURLConnection.setRequestProperty(HttpURLConnection.java:2374)
	sun.net.www.protocol.https.HttpsURLConnectionImpl.setRequestProperty(HttpsURLConnectionImpl.java:296)
	com.saucelabs.rest.Credential.call(Credential.java:167)
	com.saucelabs.rest.Credential.call(Credential.java:151)
	com.saucelabs.rest.SauceTunnelFactory.list(SauceTunnelFactory.java:88)
	hudson.plugins.sauce_ondemand.PluginImpl$DescriptorImpl.doValidate(PluginImpl.java:137)

Note that HttpURLConnection is complaining rightly that the authentication string contains a newline. Credential.call has

String userpassword = username + ":" + key;
con.setRequestProperty("Authorization", "Basic " + new BASE64Encoder().encode(userpassword.getBytes()));

You can see that this will fail in some cases:

public class Demo {
    public static void main(String... args) {
        System.out.println("got: '" + new sun.misc.BASE64Encoder().encode(new String("someusername:apiKeyEtc01234567890123456789012345678901234").getBytes()) + "'");
    }
}

produces

got: 'c29tZXVzZXJuYW1lOmFwaUtleUV0YzAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0
'

http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6947917 discusses a similar bug in the JRE, and suggests the workaround:

public class Demo {
    public static void main(String... args) {
        System.out.println("got: '" + new sun.misc.BASE64Encoder() {
            @Override protected int bytesPerLine() {
                return 9999;
            }
        }.encode(new String("someusername:apiKeyEtc01234567890123456789012345678901234").getBytes()) + "'");
    }
}

producing

got: 'c29tZXVzZXJuYW1lOmFwaUtleUV0YzAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0'

By the way https://github.com/infradna/saucerest-java/ seems to be the source of the REST API, but this appears long out of date whereas https://github.com/saucelabs/saucerest-java/ looks to be the authoritative library (which however still appears to suffer from this same bug, at least according to an inspection of sources).
Environment: 1.14
Project: Jenkins
Priority: Major Major
Reporter: jglick
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to