001/* 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * https://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 018package org.apache.commons.codec.binary; 019 020import java.math.BigInteger; 021import java.util.Arrays; 022import java.util.Objects; 023 024import org.apache.commons.codec.CodecPolicy; 025 026/** 027 * Provides Base64 encoding and decoding as defined by <a href="http://www.ietf.org/rfc/rfc2045.txt">RFC 2045</a>. 028 * 029 * <p> 030 * This class implements section <cite>6.8. Base64 Content-Transfer-Encoding</cite> from RFC 2045 <cite>Multipurpose 031 * Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies</cite> by Freed and Borenstein. 032 * </p> 033 * <p> 034 * The class can be parameterized in the following manner with various constructors: 035 * </p> 036 * <ul> 037 * <li>URL-safe mode: Default off.</li> 038 * <li>Line length: Default 76. Line length that aren't multiples of 4 will still essentially end up being multiples of 039 * 4 in the encoded data. 040 * <li>Line separator: Default is CRLF ("\r\n")</li> 041 * </ul> 042 * <p> 043 * The URL-safe parameter is only applied to encode operations. Decoding seamlessly handles both modes. 044 * </p> 045 * <p> 046 * Since this class operates directly on byte streams, and not character streams, it is hard-coded to only 047 * encode/decode character encodings which are compatible with the lower 127 ASCII chart (ISO-8859-1, Windows-1252, 048 * UTF-8, etc). 049 * </p> 050 * <p> 051 * This class is thread-safe. 052 * </p> 053 * <p> 054 * You can configure instances with the {@link Builder}. 055 * </p> 056 * <pre> 057 * Base64 base64 = Base64.builder() 058 * .setDecodingPolicy(DecodingPolicy.LENIENT) // default is lenient, null resets to default 059 * .setEncodeTable(customEncodeTable) // default is built in, null resets to default 060 * .setLineLength(0) // default is none 061 * .setLineSeparator('\r', '\n') // default is CR LF, null resets to default 062 * .setPadding('=') // default is = 063 * .setUrlSafe(false) // default is false 064 * .get() 065 * </pre> 066 * 067 * @see <a href="http://www.ietf.org/rfc/rfc2045.txt">RFC 2045</a> 068 * @since 1.0 069 */ 070public class Base64 extends BaseNCodec { 071 072 /** 073 * Builds {@link Base64} instances. 074 * 075 * @since 1.17.0 076 */ 077 public static class Builder extends AbstractBuilder<Base64, Builder> { 078 079 /** 080 * Constructs a new instance. 081 */ 082 public Builder() { 083 super(STANDARD_ENCODE_TABLE); 084 } 085 086 @Override 087 public Base64 get() { 088 return new Base64(getLineLength(), getLineSeparator(), getPadding(), getEncodeTable(), getDecodingPolicy()); 089 } 090 091 /** 092 * Sets the URL-safe encoding policy. 093 * 094 * @param urlSafe URL-safe encoding policy, null resets to the default. 095 * @return {@code this} instance. 096 */ 097 public Builder setUrlSafe(final boolean urlSafe) { 098 return setEncodeTable(toUrlSafeEncodeTable(urlSafe)); 099 } 100 101 } 102 103 /** 104 * BASE64 characters are 6 bits in length. 105 * They are formed by taking a block of 3 octets to form a 24-bit string, 106 * which is converted into 4 BASE64 characters. 107 */ 108 private static final int BITS_PER_ENCODED_BYTE = 6; 109 private static final int BYTES_PER_UNENCODED_BLOCK = 3; 110 private static final int BYTES_PER_ENCODED_BLOCK = 4; 111 private static final int DECODING_TABLE_LENGTH = 256; 112 113 /** 114 * This array is a lookup table that translates 6-bit positive integer index values into their "Base64 Alphabet" equivalents as specified in Table 1 of RFC 115 * 2045. 116 * <p> 117 * Thanks to "commons" project in ws.apache.org for this code. https://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/ 118 * </p> 119 */ 120 // @formatter:off 121 private static final byte[] STANDARD_ENCODE_TABLE = { 122 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 123 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 124 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 125 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 126 '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/' 127 }; 128 /** 129 * This is a copy of the STANDARD_ENCODE_TABLE above, but with + and / changed to - and _ to make the encoded Base64 results more URL-SAFE. This table is 130 * only used when the Base64's mode is set to URL-SAFE. 131 */ 132 // @formatter:off 133 private static final byte[] URL_SAFE_ENCODE_TABLE = { 134 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 135 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 136 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 137 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 138 '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '-', '_' 139 }; 140 // @formatter:on 141 /** 142 * This array is a lookup table that translates Unicode characters drawn from the "Base64 Alphabet" (as specified 143 * in Table 1 of RFC 2045) into their 6-bit positive integer equivalents. Characters that are not in the Base64 144 * alphabet but fall within the bounds of the array are translated to -1. 145 * <p> 146 * Note: '+' and '-' both decode to 62. '/' and '_' both decode to 63. This means decoder seamlessly handles both 147 * URL_SAFE and STANDARD base64. (The encoder, on the other hand, needs to know ahead of time what to emit). 148 * </p> 149 * <p> 150 * Thanks to "commons" project in ws.apache.org for this code. 151 * https://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/ 152 * </p> 153 */ 154 private static final byte[] DECODE_TABLE = { 155 // 0 1 2 3 4 5 6 7 8 9 A B C D E F 156 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, // 00-0f 157 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, // 10-1f 158 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, 62, -1, 63, // 20-2f + - / 159 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, // 30-3f 0-9 160 -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, // 40-4f A-O 161 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, 63, // 50-5f P-Z _ 162 -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, // 60-6f a-o 163 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51 // 70-7a p-z 164 }; 165 166 /** 167 * Base64 uses 6-bit fields. 168 */ 169 /** Mask used to extract 6 bits, used when encoding */ 170 private static final int MASK_6_BITS = 0x3f; 171 172 // The static final fields above are used for the original static byte[] methods on Base64. 173 // The private member fields below are used with the new streaming approach, which requires 174 // some state be preserved between calls of encode() and decode(). 175 176 /** Mask used to extract 4 bits, used when decoding final trailing character. */ 177 private static final int MASK_4_BITS = 0xf; 178 /** Mask used to extract 2 bits, used when decoding final trailing character. */ 179 private static final int MASK_2_BITS = 0x3; 180 181 /** 182 * Creates a new Builder. 183 * 184 * @return a new Builder. 185 * @since 1.17.0 186 */ 187 public static Builder builder() { 188 return new Builder(); 189 } 190 191 /** 192 * Decodes Base64 data into octets. 193 * <p> 194 * <strong>Note:</strong> this method seamlessly handles data encoded in URL-safe or normal mode. 195 * </p> 196 * 197 * @param base64Data 198 * Byte array containing Base64 data 199 * @return Array containing decoded data. 200 */ 201 public static byte[] decodeBase64(final byte[] base64Data) { 202 return new Base64().decode(base64Data); 203 } 204 205 /** 206 * Decodes a Base64 String into octets. 207 * <p> 208 * <strong>Note:</strong> this method seamlessly handles data encoded in URL-safe or normal mode. 209 * </p> 210 * 211 * @param base64String 212 * String containing Base64 data 213 * @return Array containing decoded data. 214 * @since 1.4 215 */ 216 public static byte[] decodeBase64(final String base64String) { 217 return new Base64().decode(base64String); 218 } 219 220 /** 221 * Decodes a byte64-encoded integer according to crypto standards such as W3C's XML-Signature. 222 * 223 * @param array 224 * a byte array containing base64 character data 225 * @return A BigInteger 226 * @since 1.4 227 */ 228 public static BigInteger decodeInteger(final byte[] array) { 229 return new BigInteger(1, decodeBase64(array)); 230 } 231 232 /** 233 * Encodes binary data using the base64 algorithm but does not chunk the output. 234 * 235 * @param binaryData 236 * binary data to encode 237 * @return byte[] containing Base64 characters in their UTF-8 representation. 238 */ 239 public static byte[] encodeBase64(final byte[] binaryData) { 240 return encodeBase64(binaryData, false); 241 } 242 243 /** 244 * Encodes binary data using the base64 algorithm, optionally chunking the output into 76 character blocks. 245 * 246 * @param binaryData 247 * Array containing binary data to encode. 248 * @param isChunked 249 * if {@code true} this encoder will chunk the base64 output into 76 character blocks 250 * @return Base64-encoded data. 251 * @throws IllegalArgumentException 252 * Thrown when the input array needs an output array bigger than {@link Integer#MAX_VALUE} 253 */ 254 public static byte[] encodeBase64(final byte[] binaryData, final boolean isChunked) { 255 return encodeBase64(binaryData, isChunked, false); 256 } 257 258 /** 259 * Encodes binary data using the base64 algorithm, optionally chunking the output into 76 character blocks. 260 * 261 * @param binaryData 262 * Array containing binary data to encode. 263 * @param isChunked 264 * if {@code true} this encoder will chunk the base64 output into 76 character blocks 265 * @param urlSafe 266 * if {@code true} this encoder will emit - and _ instead of the usual + and / characters. 267 * <strong>Note: No padding is added when encoding using the URL-safe alphabet.</strong> 268 * @return Base64-encoded data. 269 * @throws IllegalArgumentException 270 * Thrown when the input array needs an output array bigger than {@link Integer#MAX_VALUE} 271 * @since 1.4 272 */ 273 public static byte[] encodeBase64(final byte[] binaryData, final boolean isChunked, final boolean urlSafe) { 274 return encodeBase64(binaryData, isChunked, urlSafe, Integer.MAX_VALUE); 275 } 276 277 /** 278 * Encodes binary data using the base64 algorithm, optionally chunking the output into 76 character blocks. 279 * 280 * @param binaryData 281 * Array containing binary data to encode. 282 * @param isChunked 283 * if {@code true} this encoder will chunk the base64 output into 76 character blocks 284 * @param urlSafe 285 * if {@code true} this encoder will emit - and _ instead of the usual + and / characters. 286 * <strong>Note: No padding is added when encoding using the URL-safe alphabet.</strong> 287 * @param maxResultSize 288 * The maximum result size to accept. 289 * @return Base64-encoded data. 290 * @throws IllegalArgumentException 291 * Thrown when the input array needs an output array bigger than maxResultSize 292 * @since 1.4 293 */ 294 public static byte[] encodeBase64(final byte[] binaryData, final boolean isChunked, 295 final boolean urlSafe, final int maxResultSize) { 296 if (BinaryCodec.isEmpty(binaryData)) { 297 return binaryData; 298 } 299 // Create this so can use the super-class method 300 // Also ensures that the same roundings are performed by the ctor and the code 301 final Base64 b64 = isChunked ? new Base64(urlSafe) : new Base64(0, CHUNK_SEPARATOR, urlSafe); 302 final long len = b64.getEncodedLength(binaryData); 303 if (len > maxResultSize) { 304 throw new IllegalArgumentException("Input array too big, the output array would be bigger (" + 305 len + 306 ") than the specified maximum size of " + 307 maxResultSize); 308 } 309 return b64.encode(binaryData); 310 } 311 312 /** 313 * Encodes binary data using the base64 algorithm and chunks the encoded output into 76 character blocks 314 * 315 * @param binaryData 316 * binary data to encode 317 * @return Base64 characters chunked in 76 character blocks 318 */ 319 public static byte[] encodeBase64Chunked(final byte[] binaryData) { 320 return encodeBase64(binaryData, true); 321 } 322 323 /** 324 * Encodes binary data using the base64 algorithm but does not chunk the output. 325 * 326 * NOTE: We changed the behavior of this method from multi-line chunking (commons-codec-1.4) to 327 * single-line non-chunking (commons-codec-1.5). 328 * 329 * @param binaryData 330 * binary data to encode 331 * @return String containing Base64 characters. 332 * @since 1.4 (NOTE: 1.4 chunked the output, whereas 1.5 does not). 333 */ 334 public static String encodeBase64String(final byte[] binaryData) { 335 return StringUtils.newStringUsAscii(encodeBase64(binaryData, false)); 336 } 337 338 /** 339 * Encodes binary data using a URL-safe variation of the base64 algorithm but does not chunk the output. The 340 * url-safe variation emits - and _ instead of + and / characters. 341 * <strong>Note: No padding is added.</strong> 342 * @param binaryData 343 * binary data to encode 344 * @return byte[] containing Base64 characters in their UTF-8 representation. 345 * @since 1.4 346 */ 347 public static byte[] encodeBase64URLSafe(final byte[] binaryData) { 348 return encodeBase64(binaryData, false, true); 349 } 350 351 /** 352 * Encodes binary data using a URL-safe variation of the base64 algorithm but does not chunk the output. The 353 * url-safe variation emits - and _ instead of + and / characters. 354 * <strong>Note: No padding is added.</strong> 355 * @param binaryData 356 * binary data to encode 357 * @return String containing Base64 characters 358 * @since 1.4 359 */ 360 public static String encodeBase64URLSafeString(final byte[] binaryData) { 361 return StringUtils.newStringUsAscii(encodeBase64(binaryData, false, true)); 362 } 363 364 /** 365 * Encodes to a byte64-encoded integer according to crypto standards such as W3C's XML-Signature. 366 * 367 * @param bigInteger 368 * a BigInteger 369 * @return A byte array containing base64 character data 370 * @throws NullPointerException 371 * if null is passed in 372 * @since 1.4 373 */ 374 public static byte[] encodeInteger(final BigInteger bigInteger) { 375 Objects.requireNonNull(bigInteger, "bigInteger"); 376 return encodeBase64(toIntegerBytes(bigInteger), false); 377 } 378 379 /** 380 * Tests a given byte array to see if it contains only valid characters within the Base64 alphabet. Currently the 381 * method treats whitespace as valid. 382 * 383 * @param arrayOctet 384 * byte array to test 385 * @return {@code true} if all bytes are valid characters in the Base64 alphabet or if the byte array is empty; 386 * {@code false}, otherwise 387 * @deprecated 1.5 Use {@link #isBase64(byte[])}, will be removed in 2.0. 388 */ 389 @Deprecated 390 public static boolean isArrayByteBase64(final byte[] arrayOctet) { 391 return isBase64(arrayOctet); 392 } 393 394 /** 395 * Returns whether or not the {@code octet} is in the base 64 alphabet. 396 * 397 * @param octet 398 * The value to test 399 * @return {@code true} if the value is defined in the base 64 alphabet, {@code false} otherwise. 400 * @since 1.4 401 */ 402 public static boolean isBase64(final byte octet) { 403 return octet == PAD_DEFAULT || octet >= 0 && octet < DECODE_TABLE.length && DECODE_TABLE[octet] != -1; 404 } 405 406 /** 407 * Tests a given byte array to see if it contains only valid characters within the Base64 alphabet. Currently the 408 * method treats whitespace as valid. 409 * 410 * @param arrayOctet 411 * byte array to test 412 * @return {@code true} if all bytes are valid characters in the Base64 alphabet or if the byte array is empty; 413 * {@code false}, otherwise 414 * @since 1.5 415 */ 416 public static boolean isBase64(final byte[] arrayOctet) { 417 for (final byte element : arrayOctet) { 418 if (!isBase64(element) && !Character.isWhitespace(element)) { 419 return false; 420 } 421 } 422 return true; 423 } 424 425 /** 426 * Tests a given String to see if it contains only valid characters within the Base64 alphabet. Currently the 427 * method treats whitespace as valid. 428 * 429 * @param base64 430 * String to test 431 * @return {@code true} if all characters in the String are valid characters in the Base64 alphabet or if 432 * the String is empty; {@code false}, otherwise 433 * @since 1.5 434 */ 435 public static boolean isBase64(final String base64) { 436 return isBase64(StringUtils.getBytesUtf8(base64)); 437 } 438 439 /** 440 * Returns a byte-array representation of a {@code BigInteger} without sign bit. 441 * 442 * @param bigInt 443 * {@code BigInteger} to be converted 444 * @return a byte array representation of the BigInteger parameter 445 */ 446 static byte[] toIntegerBytes(final BigInteger bigInt) { 447 int bitlen = bigInt.bitLength(); 448 // round bitlen 449 bitlen = bitlen + 7 >> 3 << 3; 450 final byte[] bigBytes = bigInt.toByteArray(); 451 452 if (bigInt.bitLength() % 8 != 0 && bigInt.bitLength() / 8 + 1 == bitlen / 8) { 453 return bigBytes; 454 } 455 // set up params for copying everything but sign bit 456 int startSrc = 0; 457 int len = bigBytes.length; 458 459 // if bigInt is exactly byte-aligned, just skip signbit in copy 460 if (bigInt.bitLength() % 8 == 0) { 461 startSrc = 1; 462 len--; 463 } 464 final int startDst = bitlen / 8 - len; // to pad w/ nulls as per spec 465 final byte[] resizedBytes = new byte[bitlen / 8]; 466 System.arraycopy(bigBytes, startSrc, resizedBytes, startDst, len); 467 return resizedBytes; 468 } 469 470 private static byte[] toUrlSafeEncodeTable(final boolean urlSafe) { 471 return urlSafe ? URL_SAFE_ENCODE_TABLE : STANDARD_ENCODE_TABLE; 472 } 473 474 /** 475 * Encode table to use: either STANDARD or URL_SAFE or custom. 476 * Note: the DECODE_TABLE above remains static because it is able 477 * to decode both STANDARD and URL_SAFE streams, but the encodeTable must be a member variable so we can switch 478 * between the two modes. 479 */ 480 private final byte[] encodeTable; 481 482 /** 483 * Decode table to use. 484 */ 485 private final byte[] decodeTable; 486 487 /** 488 * Line separator for encoding. Not used when decoding. Only used if lineLength > 0. 489 */ 490 private final byte[] lineSeparator; 491 492 /** 493 * Convenience variable to help us determine when our buffer is going to run out of room and needs resizing. 494 * {@code encodeSize = 4 + lineSeparator.length;} 495 */ 496 private final int encodeSize; 497 498 private final boolean isUrlSafe; 499 500 /** 501 * Constructs a Base64 codec used for decoding (all modes) and encoding in URL-unsafe mode. 502 * <p> 503 * When encoding the line length is 0 (no chunking), and the encoding table is STANDARD_ENCODE_TABLE. 504 * </p> 505 * <p> 506 * When decoding all variants are supported. 507 * </p> 508 */ 509 public Base64() { 510 this(0); 511 } 512 513 /** 514 * Constructs a Base64 codec used for decoding (all modes) and encoding in the given URL-safe mode. 515 * <p> 516 * When encoding the line length is 76, the line separator is CRLF, and the encoding table is STANDARD_ENCODE_TABLE. 517 * </p> 518 * <p> 519 * When decoding all variants are supported. 520 * </p> 521 * 522 * @param urlSafe 523 * if {@code true}, URL-safe encoding is used. In most cases this should be set to 524 * {@code false}. 525 * @since 1.4 526 */ 527 public Base64(final boolean urlSafe) { 528 this(MIME_CHUNK_SIZE, CHUNK_SEPARATOR, urlSafe); 529 } 530 531 /** 532 * Constructs a Base64 codec used for decoding (all modes) and encoding in URL-unsafe mode. 533 * <p> 534 * When encoding the line length is given in the constructor, the line separator is CRLF, and the encoding table is 535 * STANDARD_ENCODE_TABLE. 536 * </p> 537 * <p> 538 * Line lengths that aren't multiples of 4 will still essentially end up being multiples of 4 in the encoded data. 539 * </p> 540 * <p> 541 * When decoding all variants are supported. 542 * </p> 543 * 544 * @param lineLength 545 * Each line of encoded data will be at most of the given length (rounded down to the nearest multiple of 546 * 4). If lineLength <= 0, then the output will not be divided into lines (chunks). Ignored when 547 * decoding. 548 * @since 1.4 549 */ 550 public Base64(final int lineLength) { 551 this(lineLength, CHUNK_SEPARATOR); 552 } 553 554 /** 555 * Constructs a Base64 codec used for decoding (all modes) and encoding in URL-unsafe mode. 556 * <p> 557 * When encoding the line length and line separator are given in the constructor, and the encoding table is 558 * STANDARD_ENCODE_TABLE. 559 * </p> 560 * <p> 561 * Line lengths that aren't multiples of 4 will still essentially end up being multiples of 4 in the encoded data. 562 * </p> 563 * <p> 564 * When decoding all variants are supported. 565 * </p> 566 * 567 * @param lineLength 568 * Each line of encoded data will be at most of the given length (rounded down to the nearest multiple of 569 * 4). If lineLength <= 0, then the output will not be divided into lines (chunks). Ignored when 570 * decoding. 571 * @param lineSeparator 572 * Each line of encoded data will end with this sequence of bytes. 573 * @throws IllegalArgumentException 574 * Thrown when the provided lineSeparator included some base64 characters. 575 * @since 1.4 576 */ 577 public Base64(final int lineLength, final byte[] lineSeparator) { 578 this(lineLength, lineSeparator, false); 579 } 580 581 /** 582 * Constructs a Base64 codec used for decoding (all modes) and encoding in URL-unsafe mode. 583 * <p> 584 * When encoding the line length and line separator are given in the constructor, and the encoding table is 585 * STANDARD_ENCODE_TABLE. 586 * </p> 587 * <p> 588 * Line lengths that aren't multiples of 4 will still essentially end up being multiples of 4 in the encoded data. 589 * </p> 590 * <p> 591 * When decoding all variants are supported. 592 * </p> 593 * 594 * @param lineLength 595 * Each line of encoded data will be at most of the given length (rounded down to the nearest multiple of 596 * 4). If lineLength <= 0, then the output will not be divided into lines (chunks). Ignored when 597 * decoding. 598 * @param lineSeparator 599 * Each line of encoded data will end with this sequence of bytes. 600 * @param urlSafe 601 * Instead of emitting '+' and '/' we emit '-' and '_' respectively. urlSafe is only applied to encode 602 * operations. Decoding seamlessly handles both modes. 603 * <strong>Note: No padding is added when using the URL-safe alphabet.</strong> 604 * @throws IllegalArgumentException 605 * Thrown when the {@code lineSeparator} contains Base64 characters. 606 * @since 1.4 607 */ 608 public Base64(final int lineLength, final byte[] lineSeparator, final boolean urlSafe) { 609 this(lineLength, lineSeparator, PAD_DEFAULT, toUrlSafeEncodeTable(urlSafe), DECODING_POLICY_DEFAULT); 610 } 611 612 /** 613 * Constructs a Base64 codec used for decoding (all modes) and encoding in URL-unsafe mode. 614 * <p> 615 * When encoding the line length and line separator are given in the constructor, and the encoding table is 616 * STANDARD_ENCODE_TABLE. 617 * </p> 618 * <p> 619 * Line lengths that aren't multiples of 4 will still essentially end up being multiples of 4 in the encoded data. 620 * </p> 621 * <p> 622 * When decoding all variants are supported. 623 * </p> 624 * 625 * @param lineLength 626 * Each line of encoded data will be at most of the given length (rounded down to the nearest multiple of 627 * 4). If lineLength <= 0, then the output will not be divided into lines (chunks). Ignored when 628 * decoding. 629 * @param lineSeparator 630 * Each line of encoded data will end with this sequence of bytes. 631 * @param urlSafe 632 * Instead of emitting '+' and '/' we emit '-' and '_' respectively. urlSafe is only applied to encode 633 * operations. Decoding seamlessly handles both modes. 634 * <strong>Note: No padding is added when using the URL-safe alphabet.</strong> 635 * @param decodingPolicy The decoding policy. 636 * @throws IllegalArgumentException 637 * Thrown when the {@code lineSeparator} contains Base64 characters. 638 * @since 1.15 639 */ 640 public Base64(final int lineLength, final byte[] lineSeparator, final boolean urlSafe, final CodecPolicy decodingPolicy) { 641 this(lineLength, lineSeparator, PAD_DEFAULT, toUrlSafeEncodeTable(urlSafe), decodingPolicy); 642 } 643 644 /** 645 * Constructs a Base64 codec used for decoding (all modes) and encoding in URL-unsafe mode. 646 * <p> 647 * When encoding the line length and line separator are given in the constructor, and the encoding table is STANDARD_ENCODE_TABLE. 648 * </p> 649 * <p> 650 * Line lengths that aren't multiples of 4 will still essentially end up being multiples of 4 in the encoded data. 651 * </p> 652 * <p> 653 * When decoding all variants are supported. 654 * </p> 655 * 656 * @param lineLength Each line of encoded data will be at most of the given length (rounded down to the nearest multiple of 4). If lineLength <= 0, 657 * then the output will not be divided into lines (chunks). Ignored when decoding. 658 * @param lineSeparator Each line of encoded data will end with this sequence of bytes; the constructor makes a defensive copy. May be null. 659 * @param padding padding byte. 660 * @param encodeTable The manual encodeTable - a byte array of 64 chars. 661 * @param decodingPolicy The decoding policy. 662 * @throws IllegalArgumentException Thrown when the {@code lineSeparator} contains Base64 characters. 663 */ 664 private Base64(final int lineLength, final byte[] lineSeparator, final byte padding, final byte[] encodeTable, final CodecPolicy decodingPolicy) { 665 super(BYTES_PER_UNENCODED_BLOCK, BYTES_PER_ENCODED_BLOCK, lineLength, toLength(lineSeparator), padding, decodingPolicy); 666 Objects.requireNonNull(encodeTable, "encodeTable"); 667 if (encodeTable.length != STANDARD_ENCODE_TABLE.length) { 668 throw new IllegalArgumentException("encodeTable must have exactly 64 entries."); 669 } 670 // same array first or equal contents second 671 this.isUrlSafe = encodeTable == URL_SAFE_ENCODE_TABLE || Arrays.equals(encodeTable, URL_SAFE_ENCODE_TABLE); 672 if (encodeTable == STANDARD_ENCODE_TABLE || this.isUrlSafe) { 673 decodeTable = DECODE_TABLE; 674 // No need of a defensive copy of an internal table. 675 this.encodeTable = encodeTable; 676 } else { 677 this.encodeTable = encodeTable.clone(); 678 this.decodeTable = calculateDecodeTable(this.encodeTable); 679 } 680 // TODO could be simplified if there is no requirement to reject invalid line sep when length <=0 681 // @see test case Base64Test.testConstructors() 682 if (lineSeparator != null) { 683 final byte[] lineSeparatorCopy = lineSeparator.clone(); 684 if (containsAlphabetOrPad(lineSeparatorCopy)) { 685 final String sep = StringUtils.newStringUtf8(lineSeparatorCopy); 686 throw new IllegalArgumentException("lineSeparator must not contain base64 characters: [" + sep + "]"); 687 } 688 if (lineLength > 0) { // null line-sep forces no chunking rather than throwing IAE 689 this.encodeSize = BYTES_PER_ENCODED_BLOCK + lineSeparatorCopy.length; 690 this.lineSeparator = lineSeparatorCopy; 691 } else { 692 this.encodeSize = BYTES_PER_ENCODED_BLOCK; 693 this.lineSeparator = null; 694 } 695 } else { 696 this.encodeSize = BYTES_PER_ENCODED_BLOCK; 697 this.lineSeparator = null; 698 } 699 } 700 701 /** 702 * Calculates a decode table for a given encode table. 703 * 704 * @param encodeTable that is used to determine decode lookup table 705 * @return decodeTable 706 */ 707 private byte[] calculateDecodeTable(final byte[] encodeTable) { 708 final byte[] decodeTable = new byte[DECODING_TABLE_LENGTH]; 709 Arrays.fill(decodeTable, (byte) -1); 710 for (int i = 0; i < encodeTable.length; i++) { 711 decodeTable[encodeTable[i]] = (byte) i; 712 } 713 return decodeTable; 714 } 715 716 /** 717 * <p> 718 * Decodes all of the provided data, starting at inPos, for inAvail bytes. Should be called at least twice: once 719 * with the data to decode, and once with inAvail set to "-1" to alert decoder that EOF has been reached. The "-1" 720 * call is not necessary when decoding, but it doesn't hurt, either. 721 * </p> 722 * <p> 723 * Ignores all non-base64 characters. This is how chunked (for example 76 character) data is handled, since CR and LF are 724 * silently ignored, but has implications for other bytes, too. This method subscribes to the garbage-in, 725 * garbage-out philosophy: it will not check the provided data for validity. 726 * </p> 727 * <p> 728 * Thanks to "commons" project in ws.apache.org for the bitwise operations, and general approach. 729 * https://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/ 730 * </p> 731 * 732 * @param input 733 * byte[] array of ASCII data to base64 decode. 734 * @param inPos 735 * Position to start reading data from. 736 * @param inAvail 737 * Amount of bytes available from input for decoding. 738 * @param context 739 * the context to be used 740 */ 741 @Override 742 void decode(final byte[] input, int inPos, final int inAvail, final Context context) { 743 if (context.eof) { 744 return; 745 } 746 if (inAvail < 0) { 747 context.eof = true; 748 } 749 final int decodeSize = this.encodeSize - 1; 750 for (int i = 0; i < inAvail; i++) { 751 final byte[] buffer = ensureBufferSize(decodeSize, context); 752 final byte b = input[inPos++]; 753 if (b == pad) { 754 // We're done. 755 context.eof = true; 756 break; 757 } 758 if (b >= 0 && b < decodeTable.length) { 759 final int result = decodeTable[b]; 760 if (result >= 0) { 761 context.modulus = (context.modulus + 1) % BYTES_PER_ENCODED_BLOCK; 762 context.ibitWorkArea = (context.ibitWorkArea << BITS_PER_ENCODED_BYTE) + result; 763 if (context.modulus == 0) { 764 buffer[context.pos++] = (byte) (context.ibitWorkArea >> 16 & MASK_8BITS); 765 buffer[context.pos++] = (byte) (context.ibitWorkArea >> 8 & MASK_8BITS); 766 buffer[context.pos++] = (byte) (context.ibitWorkArea & MASK_8BITS); 767 } 768 } 769 } 770 } 771 772 // Two forms of EOF as far as base64 decoder is concerned: actual 773 // EOF (-1) and first time '=' character is encountered in stream. 774 // This approach makes the '=' padding characters completely optional. 775 if (context.eof && context.modulus != 0) { 776 final byte[] buffer = ensureBufferSize(decodeSize, context); 777 778 // We have some spare bits remaining 779 // Output all whole multiples of 8 bits and ignore the rest 780 switch (context.modulus) { 781// case 0 : // impossible, as excluded above 782 case 1 : // 6 bits - either ignore entirely, or raise an exception 783 validateTrailingCharacter(); 784 break; 785 case 2 : // 12 bits = 8 + 4 786 validateCharacter(MASK_4_BITS, context); 787 context.ibitWorkArea = context.ibitWorkArea >> 4; // dump the extra 4 bits 788 buffer[context.pos++] = (byte) (context.ibitWorkArea & MASK_8BITS); 789 break; 790 case 3 : // 18 bits = 8 + 8 + 2 791 validateCharacter(MASK_2_BITS, context); 792 context.ibitWorkArea = context.ibitWorkArea >> 2; // dump 2 bits 793 buffer[context.pos++] = (byte) (context.ibitWorkArea >> 8 & MASK_8BITS); 794 buffer[context.pos++] = (byte) (context.ibitWorkArea & MASK_8BITS); 795 break; 796 default: 797 throw new IllegalStateException("Impossible modulus " + context.modulus); 798 } 799 } 800 } 801 802 /** 803 * <p> 804 * Encodes all of the provided data, starting at inPos, for inAvail bytes. Must be called at least twice: once with 805 * the data to encode, and once with inAvail set to "-1" to alert encoder that EOF has been reached, to flush last 806 * remaining bytes (if not multiple of 3). 807 * </p> 808 * <p><strong>Note: No padding is added when encoding using the URL-safe alphabet.</strong></p> 809 * <p> 810 * Thanks to "commons" project in ws.apache.org for the bitwise operations, and general approach. 811 * https://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/ 812 * </p> 813 * 814 * @param in 815 * byte[] array of binary data to base64 encode. 816 * @param inPos 817 * Position to start reading data from. 818 * @param inAvail 819 * Amount of bytes available from input for encoding. 820 * @param context 821 * the context to be used 822 */ 823 @Override 824 void encode(final byte[] in, int inPos, final int inAvail, final Context context) { 825 if (context.eof) { 826 return; 827 } 828 // inAvail < 0 is how we're informed of EOF in the underlying data we're 829 // encoding. 830 if (inAvail < 0) { 831 context.eof = true; 832 if (0 == context.modulus && lineLength == 0) { 833 return; // no leftovers to process and not using chunking 834 } 835 final byte[] buffer = ensureBufferSize(encodeSize, context); 836 final int savedPos = context.pos; 837 switch (context.modulus) { // 0-2 838 case 0 : // nothing to do here 839 break; 840 case 1 : // 8 bits = 6 + 2 841 // top 6 bits: 842 buffer[context.pos++] = encodeTable[context.ibitWorkArea >> 2 & MASK_6_BITS]; 843 // remaining 2: 844 buffer[context.pos++] = encodeTable[context.ibitWorkArea << 4 & MASK_6_BITS]; 845 // URL-SAFE skips the padding to further reduce size. 846 if (encodeTable == STANDARD_ENCODE_TABLE) { 847 buffer[context.pos++] = pad; 848 buffer[context.pos++] = pad; 849 } 850 break; 851 852 case 2 : // 16 bits = 6 + 6 + 4 853 buffer[context.pos++] = encodeTable[context.ibitWorkArea >> 10 & MASK_6_BITS]; 854 buffer[context.pos++] = encodeTable[context.ibitWorkArea >> 4 & MASK_6_BITS]; 855 buffer[context.pos++] = encodeTable[context.ibitWorkArea << 2 & MASK_6_BITS]; 856 // URL-SAFE skips the padding to further reduce size. 857 if (encodeTable == STANDARD_ENCODE_TABLE) { 858 buffer[context.pos++] = pad; 859 } 860 break; 861 default: 862 throw new IllegalStateException("Impossible modulus " + context.modulus); 863 } 864 context.currentLinePos += context.pos - savedPos; // keep track of current line position 865 // if currentPos == 0 we are at the start of a line, so don't add CRLF 866 if (lineLength > 0 && context.currentLinePos > 0) { 867 System.arraycopy(lineSeparator, 0, buffer, context.pos, lineSeparator.length); 868 context.pos += lineSeparator.length; 869 } 870 } else { 871 for (int i = 0; i < inAvail; i++) { 872 final byte[] buffer = ensureBufferSize(encodeSize, context); 873 context.modulus = (context.modulus + 1) % BYTES_PER_UNENCODED_BLOCK; 874 int b = in[inPos++]; 875 if (b < 0) { 876 b += 256; 877 } 878 context.ibitWorkArea = (context.ibitWorkArea << 8) + b; // BITS_PER_BYTE 879 if (0 == context.modulus) { // 3 bytes = 24 bits = 4 * 6 bits to extract 880 buffer[context.pos++] = encodeTable[context.ibitWorkArea >> 18 & MASK_6_BITS]; 881 buffer[context.pos++] = encodeTable[context.ibitWorkArea >> 12 & MASK_6_BITS]; 882 buffer[context.pos++] = encodeTable[context.ibitWorkArea >> 6 & MASK_6_BITS]; 883 buffer[context.pos++] = encodeTable[context.ibitWorkArea & MASK_6_BITS]; 884 context.currentLinePos += BYTES_PER_ENCODED_BLOCK; 885 if (lineLength > 0 && lineLength <= context.currentLinePos) { 886 System.arraycopy(lineSeparator, 0, buffer, context.pos, lineSeparator.length); 887 context.pos += lineSeparator.length; 888 context.currentLinePos = 0; 889 } 890 } 891 } 892 } 893 } 894 895 /** 896 * Gets the line separator (for testing only). 897 * 898 * @return the line separator. 899 */ 900 byte[] getLineSeparator() { 901 return lineSeparator; 902 } 903 904 /** 905 * Returns whether or not the {@code octet} is in the Base64 alphabet. 906 * 907 * @param octet 908 * The value to test 909 * @return {@code true} if the value is defined in the Base64 alphabet {@code false} otherwise. 910 */ 911 @Override 912 protected boolean isInAlphabet(final byte octet) { 913 return octet >= 0 && octet < decodeTable.length && decodeTable[octet] != -1; 914 } 915 916 /** 917 * Returns our current encode mode. True if we're URL-safe, false otherwise. 918 * 919 * @return true if we're in URL-safe mode, false otherwise. 920 * @since 1.4 921 */ 922 public boolean isUrlSafe() { 923 return isUrlSafe; 924 } 925 926 /** 927 * Validates whether decoding the final trailing character is possible in the context 928 * of the set of possible base 64 values. 929 * <p> 930 * The character is valid if the lower bits within the provided mask are zero. This 931 * is used to test the final trailing base-64 digit is zero in the bits that will be discarded. 932 * </p> 933 * 934 * @param emptyBitsMask The mask of the lower bits that should be empty 935 * @param context the context to be used 936 * @throws IllegalArgumentException if the bits being checked contain any non-zero value 937 */ 938 private void validateCharacter(final int emptyBitsMask, final Context context) { 939 if (isStrictDecoding() && (context.ibitWorkArea & emptyBitsMask) != 0) { 940 throw new IllegalArgumentException( 941 "Strict decoding: Last encoded character (before the paddings if any) is a valid " + 942 "base 64 alphabet but not a possible encoding. " + 943 "Expected the discarded bits from the character to be zero."); 944 } 945 } 946 947 /** 948 * Validates whether decoding allows an entire final trailing character that cannot be 949 * used for a complete byte. 950 * 951 * @throws IllegalArgumentException if strict decoding is enabled 952 */ 953 private void validateTrailingCharacter() { 954 if (isStrictDecoding()) { 955 throw new IllegalArgumentException( 956 "Strict decoding: Last encoded character (before the paddings if any) is a valid " + 957 "base 64 alphabet but not a possible encoding. " + 958 "Decoding requires at least two trailing 6-bit characters to create bytes."); 959 } 960 } 961 962}