View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    *
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  
18  package org.apache.commons.codec.binary;
19  
20  import java.math.BigInteger;
21  
22  /**
23   * Provides Base64 encoding and decoding as defined by <a href="http://www.ietf.org/rfc/rfc2045.txt">RFC 2045</a>.
24   *
25   * <p>
26   * This class implements section <cite>6.8. Base64 Content-Transfer-Encoding</cite> from RFC 2045 <cite>Multipurpose
27   * Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies</cite> by Freed and Borenstein.
28   * </p>
29   * <p>
30   * The class can be parameterized in the following manner with various constructors:
31   * </p>
32   * <ul>
33   * <li>URL-safe mode: Default off.</li>
34   * <li>Line length: Default 76. Line length that aren't multiples of 4 will still essentially end up being multiples of
35   * 4 in the encoded data.
36   * <li>Line separator: Default is CRLF ("\r\n")</li>
37   * </ul>
38   * <p>
39   * Since this class operates directly on byte streams, and not character streams, it is hard-coded to only
40   * encode/decode character encodings which are compatible with the lower 127 ASCII chart (ISO-8859-1, Windows-1252,
41   * UTF-8, etc).
42   * </p>
43   * <p>
44   * This class is thread-safe.
45   * </p>
46   *
47   * @see <a href="http://www.ietf.org/rfc/rfc2045.txt">RFC 2045</a>
48   * @since 1.0
49   * @version $Id: Base64.java 1563226 2014-01-31 19:38:06Z ggregory $
50   */
51  public class Base64 extends BaseNCodec {
52  
53      /**
54       * BASE32 characters are 6 bits in length.
55       * They are formed by taking a block of 3 octets to form a 24-bit string,
56       * which is converted into 4 BASE64 characters.
57       */
58      private static final int BITS_PER_ENCODED_BYTE = 6;
59      private static final int BYTES_PER_UNENCODED_BLOCK = 3;
60      private static final int BYTES_PER_ENCODED_BLOCK = 4;
61  
62      /**
63       * Chunk separator per RFC 2045 section 2.1.
64       *
65       * <p>
66       * N.B. The next major release may break compatibility and make this field private.
67       * </p>
68       *
69       * @see <a href="http://www.ietf.org/rfc/rfc2045.txt">RFC 2045 section 2.1</a>
70       */
71      static final byte[] CHUNK_SEPARATOR = {'\r', '\n'};
72  
73      /**
74       * This array is a lookup table that translates 6-bit positive integer index values into their "Base64 Alphabet"
75       * equivalents as specified in Table 1 of RFC 2045.
76       *
77       * Thanks to "commons" project in ws.apache.org for this code.
78       * http://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/
79       */
80      private static final byte[] STANDARD_ENCODE_TABLE = {
81              'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
82              'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
83              'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
84              'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
85              '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/'
86      };
87  
88      /**
89       * This is a copy of the STANDARD_ENCODE_TABLE above, but with + and /
90       * changed to - and _ to make the encoded Base64 results more URL-SAFE.
91       * This table is only used when the Base64's mode is set to URL-SAFE.
92       */
93      private static final byte[] URL_SAFE_ENCODE_TABLE = {
94              'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
95              'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
96              'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
97              'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
98              '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '-', '_'
99      };
100 
101     /**
102      * This array is a lookup table that translates Unicode characters drawn from the "Base64 Alphabet" (as specified
103      * in Table 1 of RFC 2045) into their 6-bit positive integer equivalents. Characters that are not in the Base64
104      * alphabet but fall within the bounds of the array are translated to -1.
105      *
106      * Note: '+' and '-' both decode to 62. '/' and '_' both decode to 63. This means decoder seamlessly handles both
107      * URL_SAFE and STANDARD base64. (The encoder, on the other hand, needs to know ahead of time what to emit).
108      *
109      * Thanks to "commons" project in ws.apache.org for this code.
110      * http://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/
111      */
112     private static final byte[] DECODE_TABLE = {
113             -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
114             -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
115             -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, 62, -1, 63, 52, 53, 54,
116             55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4,
117             5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23,
118             24, 25, -1, -1, -1, -1, 63, -1, 26, 27, 28, 29, 30, 31, 32, 33, 34,
119             35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51
120     };
121 
122     /**
123      * Base64 uses 6-bit fields.
124      */
125     /** Mask used to extract 6 bits, used when encoding */
126     private static final int MASK_6BITS = 0x3f;
127 
128     // The static final fields above are used for the original static byte[] methods on Base64.
129     // The private member fields below are used with the new streaming approach, which requires
130     // some state be preserved between calls of encode() and decode().
131 
132     /**
133      * Encode table to use: either STANDARD or URL_SAFE. Note: the DECODE_TABLE above remains static because it is able
134      * to decode both STANDARD and URL_SAFE streams, but the encodeTable must be a member variable so we can switch
135      * between the two modes.
136      */
137     private final byte[] encodeTable;
138 
139     // Only one decode table currently; keep for consistency with Base32 code
140     private final byte[] decodeTable = DECODE_TABLE;
141 
142     /**
143      * Line separator for encoding. Not used when decoding. Only used if lineLength &gt; 0.
144      */
145     private final byte[] lineSeparator;
146 
147     /**
148      * Convenience variable to help us determine when our buffer is going to run out of room and needs resizing.
149      * <code>decodeSize = 3 + lineSeparator.length;</code>
150      */
151     private final int decodeSize;
152 
153     /**
154      * Convenience variable to help us determine when our buffer is going to run out of room and needs resizing.
155      * <code>encodeSize = 4 + lineSeparator.length;</code>
156      */
157     private final int encodeSize;
158 
159     /**
160      * Creates a Base64 codec used for decoding (all modes) and encoding in URL-unsafe mode.
161      * <p>
162      * When encoding the line length is 0 (no chunking), and the encoding table is STANDARD_ENCODE_TABLE.
163      * </p>
164      *
165      * <p>
166      * When decoding all variants are supported.
167      * </p>
168      */
169     public Base64() {
170         this(0);
171     }
172 
173     /**
174      * Creates a Base64 codec used for decoding (all modes) and encoding in the given URL-safe mode.
175      * <p>
176      * When encoding the line length is 76, the line separator is CRLF, and the encoding table is
177      * STANDARD_ENCODE_TABLE.
178      * </p>
179      *
180      * <p>
181      * When decoding all variants are supported.
182      * </p>
183      *
184      * @param urlSafe
185      *            if {@code true}, URL-safe encoding is used. In most cases this should be set to {@code false}.
186      * @since 1.4
187      */
188     public Base64(final boolean urlSafe) {
189         this(MIME_CHUNK_SIZE, CHUNK_SEPARATOR, urlSafe);
190     }
191 
192     /**
193      * Creates a Base64 codec used for decoding (all modes) and encoding in URL-unsafe mode.
194      * <p>
195      * When encoding the line length is given in the constructor, the line separator is CRLF, and the encoding table is
196      * STANDARD_ENCODE_TABLE.
197      * </p>
198      * <p>
199      * Line lengths that aren't multiples of 4 will still essentially end up being multiples of 4 in the encoded data.
200      * </p>
201      * <p>
202      * When decoding all variants are supported.
203      * </p>
204      *
205      * @param lineLength
206      *            Each line of encoded data will be at most of the given length (rounded down to nearest multiple of
207      *            4). If lineLength &lt;= 0, then the output will not be divided into lines (chunks). Ignored when
208      *            decoding.
209      * @since 1.4
210      */
211     public Base64(final int lineLength) {
212         this(lineLength, CHUNK_SEPARATOR);
213     }
214 
215     /**
216      * Creates a Base64 codec used for decoding (all modes) and encoding in URL-unsafe mode.
217      * <p>
218      * When encoding the line length and line separator are given in the constructor, and the encoding table is
219      * STANDARD_ENCODE_TABLE.
220      * </p>
221      * <p>
222      * Line lengths that aren't multiples of 4 will still essentially end up being multiples of 4 in the encoded data.
223      * </p>
224      * <p>
225      * When decoding all variants are supported.
226      * </p>
227      *
228      * @param lineLength
229      *            Each line of encoded data will be at most of the given length (rounded down to nearest multiple of
230      *            4). If lineLength &lt;= 0, then the output will not be divided into lines (chunks). Ignored when
231      *            decoding.
232      * @param lineSeparator
233      *            Each line of encoded data will end with this sequence of bytes.
234      * @throws IllegalArgumentException
235      *             Thrown when the provided lineSeparator included some base64 characters.
236      * @since 1.4
237      */
238     public Base64(final int lineLength, final byte[] lineSeparator) {
239         this(lineLength, lineSeparator, false);
240     }
241 
242     /**
243      * Creates a Base64 codec used for decoding (all modes) and encoding in URL-unsafe mode.
244      * <p>
245      * When encoding the line length and line separator are given in the constructor, and the encoding table is
246      * STANDARD_ENCODE_TABLE.
247      * </p>
248      * <p>
249      * Line lengths that aren't multiples of 4 will still essentially end up being multiples of 4 in the encoded data.
250      * </p>
251      * <p>
252      * When decoding all variants are supported.
253      * </p>
254      *
255      * @param lineLength
256      *            Each line of encoded data will be at most of the given length (rounded down to nearest multiple of
257      *            4). If lineLength &lt;= 0, then the output will not be divided into lines (chunks). Ignored when
258      *            decoding.
259      * @param lineSeparator
260      *            Each line of encoded data will end with this sequence of bytes.
261      * @param urlSafe
262      *            Instead of emitting '+' and '/' we emit '-' and '_' respectively. urlSafe is only applied to encode
263      *            operations. Decoding seamlessly handles both modes.
264      *            <b>Note: no padding is added when using the URL-safe alphabet.</b>
265      * @throws IllegalArgumentException
266      *             The provided lineSeparator included some base64 characters. That's not going to work!
267      * @since 1.4
268      */
269     public Base64(final int lineLength, final byte[] lineSeparator, final boolean urlSafe) {
270         super(BYTES_PER_UNENCODED_BLOCK, BYTES_PER_ENCODED_BLOCK,
271                 lineLength,
272                 lineSeparator == null ? 0 : lineSeparator.length);
273         // TODO could be simplified if there is no requirement to reject invalid line sep when length <=0
274         // @see test case Base64Test.testConstructors()
275         if (lineSeparator != null) {
276             if (containsAlphabetOrPad(lineSeparator)) {
277                 final String sep = StringUtils.newStringUtf8(lineSeparator);
278                 throw new IllegalArgumentException("lineSeparator must not contain base64 characters: [" + sep + "]");
279             }
280             if (lineLength > 0){ // null line-sep forces no chunking rather than throwing IAE
281                 this.encodeSize = BYTES_PER_ENCODED_BLOCK + lineSeparator.length;
282                 this.lineSeparator = new byte[lineSeparator.length];
283                 System.arraycopy(lineSeparator, 0, this.lineSeparator, 0, lineSeparator.length);
284             } else {
285                 this.encodeSize = BYTES_PER_ENCODED_BLOCK;
286                 this.lineSeparator = null;
287             }
288         } else {
289             this.encodeSize = BYTES_PER_ENCODED_BLOCK;
290             this.lineSeparator = null;
291         }
292         this.decodeSize = this.encodeSize - 1;
293         this.encodeTable = urlSafe ? URL_SAFE_ENCODE_TABLE : STANDARD_ENCODE_TABLE;
294     }
295 
296     /**
297      * Returns our current encode mode. True if we're URL-SAFE, false otherwise.
298      *
299      * @return true if we're in URL-SAFE mode, false otherwise.
300      * @since 1.4
301      */
302     public boolean isUrlSafe() {
303         return this.encodeTable == URL_SAFE_ENCODE_TABLE;
304     }
305 
306     /**
307      * <p>
308      * Encodes all of the provided data, starting at inPos, for inAvail bytes. Must be called at least twice: once with
309      * the data to encode, and once with inAvail set to "-1" to alert encoder that EOF has been reached, to flush last
310      * remaining bytes (if not multiple of 3).
311      * </p>
312      * <p><b>Note: no padding is added when encoding using the URL-safe alphabet.</b></p>
313      * <p>
314      * Thanks to "commons" project in ws.apache.org for the bitwise operations, and general approach.
315      * http://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/
316      * </p>
317      *
318      * @param in
319      *            byte[] array of binary data to base64 encode.
320      * @param inPos
321      *            Position to start reading data from.
322      * @param inAvail
323      *            Amount of bytes available from input for encoding.
324      * @param context
325      *            the context to be used
326      */
327     @Override
328     void encode(final byte[] in, int inPos, final int inAvail, final Context context) {
329         if (context.eof) {
330             return;
331         }
332         // inAvail < 0 is how we're informed of EOF in the underlying data we're
333         // encoding.
334         if (inAvail < 0) {
335             context.eof = true;
336             if (0 == context.modulus && lineLength == 0) {
337                 return; // no leftovers to process and not using chunking
338             }
339             final byte[] buffer = ensureBufferSize(encodeSize, context);
340             final int savedPos = context.pos;
341             switch (context.modulus) { // 0-2
342                 case 0 : // nothing to do here
343                     break;
344                 case 1 : // 8 bits = 6 + 2
345                     // top 6 bits:
346                     buffer[context.pos++] = encodeTable[(context.ibitWorkArea >> 2) & MASK_6BITS];
347                     // remaining 2:
348                     buffer[context.pos++] = encodeTable[(context.ibitWorkArea << 4) & MASK_6BITS];
349                     // URL-SAFE skips the padding to further reduce size.
350                     if (encodeTable == STANDARD_ENCODE_TABLE) {
351                         buffer[context.pos++] = PAD;
352                         buffer[context.pos++] = PAD;
353                     }
354                     break;
355 
356                 case 2 : // 16 bits = 6 + 6 + 4
357                     buffer[context.pos++] = encodeTable[(context.ibitWorkArea >> 10) & MASK_6BITS];
358                     buffer[context.pos++] = encodeTable[(context.ibitWorkArea >> 4) & MASK_6BITS];
359                     buffer[context.pos++] = encodeTable[(context.ibitWorkArea << 2) & MASK_6BITS];
360                     // URL-SAFE skips the padding to further reduce size.
361                     if (encodeTable == STANDARD_ENCODE_TABLE) {
362                         buffer[context.pos++] = PAD;
363                     }
364                     break;
365                 default:
366                     throw new IllegalStateException("Impossible modulus "+context.modulus);
367             }
368             context.currentLinePos += context.pos - savedPos; // keep track of current line position
369             // if currentPos == 0 we are at the start of a line, so don't add CRLF
370             if (lineLength > 0 && context.currentLinePos > 0) {
371                 System.arraycopy(lineSeparator, 0, buffer, context.pos, lineSeparator.length);
372                 context.pos += lineSeparator.length;
373             }
374         } else {
375             for (int i = 0; i < inAvail; i++) {
376                 final byte[] buffer = ensureBufferSize(encodeSize, context);
377                 context.modulus = (context.modulus+1) % BYTES_PER_UNENCODED_BLOCK;
378                 int b = in[inPos++];
379                 if (b < 0) {
380                     b += 256;
381                 }
382                 context.ibitWorkArea = (context.ibitWorkArea << 8) + b; //  BITS_PER_BYTE
383                 if (0 == context.modulus) { // 3 bytes = 24 bits = 4 * 6 bits to extract
384                     buffer[context.pos++] = encodeTable[(context.ibitWorkArea >> 18) & MASK_6BITS];
385                     buffer[context.pos++] = encodeTable[(context.ibitWorkArea >> 12) & MASK_6BITS];
386                     buffer[context.pos++] = encodeTable[(context.ibitWorkArea >> 6) & MASK_6BITS];
387                     buffer[context.pos++] = encodeTable[context.ibitWorkArea & MASK_6BITS];
388                     context.currentLinePos += BYTES_PER_ENCODED_BLOCK;
389                     if (lineLength > 0 && lineLength <= context.currentLinePos) {
390                         System.arraycopy(lineSeparator, 0, buffer, context.pos, lineSeparator.length);
391                         context.pos += lineSeparator.length;
392                         context.currentLinePos = 0;
393                     }
394                 }
395             }
396         }
397     }
398 
399     /**
400      * <p>
401      * Decodes all of the provided data, starting at inPos, for inAvail bytes. Should be called at least twice: once
402      * with the data to decode, and once with inAvail set to "-1" to alert decoder that EOF has been reached. The "-1"
403      * call is not necessary when decoding, but it doesn't hurt, either.
404      * </p>
405      * <p>
406      * Ignores all non-base64 characters. This is how chunked (e.g. 76 character) data is handled, since CR and LF are
407      * silently ignored, but has implications for other bytes, too. This method subscribes to the garbage-in,
408      * garbage-out philosophy: it will not check the provided data for validity.
409      * </p>
410      * <p>
411      * Thanks to "commons" project in ws.apache.org for the bitwise operations, and general approach.
412      * http://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/
413      * </p>
414      *
415      * @param in
416      *            byte[] array of ascii data to base64 decode.
417      * @param inPos
418      *            Position to start reading data from.
419      * @param inAvail
420      *            Amount of bytes available from input for encoding.
421      * @param context
422      *            the context to be used
423      */
424     @Override
425     void decode(final byte[] in, int inPos, final int inAvail, final Context context) {
426         if (context.eof) {
427             return;
428         }
429         if (inAvail < 0) {
430             context.eof = true;
431         }
432         for (int i = 0; i < inAvail; i++) {
433             final byte[] buffer = ensureBufferSize(decodeSize, context);
434             final byte b = in[inPos++];
435             if (b == PAD) {
436                 // We're done.
437                 context.eof = true;
438                 break;
439             } else {
440                 if (b >= 0 && b < DECODE_TABLE.length) {
441                     final int result = DECODE_TABLE[b];
442                     if (result >= 0) {
443                         context.modulus = (context.modulus+1) % BYTES_PER_ENCODED_BLOCK;
444                         context.ibitWorkArea = (context.ibitWorkArea << BITS_PER_ENCODED_BYTE) + result;
445                         if (context.modulus == 0) {
446                             buffer[context.pos++] = (byte) ((context.ibitWorkArea >> 16) & MASK_8BITS);
447                             buffer[context.pos++] = (byte) ((context.ibitWorkArea >> 8) & MASK_8BITS);
448                             buffer[context.pos++] = (byte) (context.ibitWorkArea & MASK_8BITS);
449                         }
450                     }
451                 }
452             }
453         }
454 
455         // Two forms of EOF as far as base64 decoder is concerned: actual
456         // EOF (-1) and first time '=' character is encountered in stream.
457         // This approach makes the '=' padding characters completely optional.
458         if (context.eof && context.modulus != 0) {
459             final byte[] buffer = ensureBufferSize(decodeSize, context);
460 
461             // We have some spare bits remaining
462             // Output all whole multiples of 8 bits and ignore the rest
463             switch (context.modulus) {
464 //              case 0 : // impossible, as excluded above
465                 case 1 : // 6 bits - ignore entirely
466                     // TODO not currently tested; perhaps it is impossible?
467                     break;
468                 case 2 : // 12 bits = 8 + 4
469                     context.ibitWorkArea = context.ibitWorkArea >> 4; // dump the extra 4 bits
470                     buffer[context.pos++] = (byte) ((context.ibitWorkArea) & MASK_8BITS);
471                     break;
472                 case 3 : // 18 bits = 8 + 8 + 2
473                     context.ibitWorkArea = context.ibitWorkArea >> 2; // dump 2 bits
474                     buffer[context.pos++] = (byte) ((context.ibitWorkArea >> 8) & MASK_8BITS);
475                     buffer[context.pos++] = (byte) ((context.ibitWorkArea) & MASK_8BITS);
476                     break;
477                 default:
478                     throw new IllegalStateException("Impossible modulus "+context.modulus);
479             }
480         }
481     }
482 
483     /**
484      * Tests a given byte array to see if it contains only valid characters within the Base64 alphabet. Currently the
485      * method treats whitespace as valid.
486      *
487      * @param arrayOctet
488      *            byte array to test
489      * @return {@code true} if all bytes are valid characters in the Base64 alphabet or if the byte array is empty;
490      *         {@code false}, otherwise
491      * @deprecated 1.5 Use {@link #isBase64(byte[])}, will be removed in 2.0.
492      */
493     @Deprecated
494     public static boolean isArrayByteBase64(final byte[] arrayOctet) {
495         return isBase64(arrayOctet);
496     }
497 
498     /**
499      * Returns whether or not the <code>octet</code> is in the base 64 alphabet.
500      *
501      * @param octet
502      *            The value to test
503      * @return {@code true} if the value is defined in the the base 64 alphabet, {@code false} otherwise.
504      * @since 1.4
505      */
506     public static boolean isBase64(final byte octet) {
507         return octet == PAD_DEFAULT || (octet >= 0 && octet < DECODE_TABLE.length && DECODE_TABLE[octet] != -1);
508     }
509 
510     /**
511      * Tests a given String to see if it contains only valid characters within the Base64 alphabet. Currently the
512      * method treats whitespace as valid.
513      *
514      * @param base64
515      *            String to test
516      * @return {@code true} if all characters in the String are valid characters in the Base64 alphabet or if
517      *         the String is empty; {@code false}, otherwise
518      *  @since 1.5
519      */
520     public static boolean isBase64(final String base64) {
521         return isBase64(StringUtils.getBytesUtf8(base64));
522     }
523 
524     /**
525      * Tests a given byte array to see if it contains only valid characters within the Base64 alphabet. Currently the
526      * method treats whitespace as valid.
527      *
528      * @param arrayOctet
529      *            byte array to test
530      * @return {@code true} if all bytes are valid characters in the Base64 alphabet or if the byte array is empty;
531      *         {@code false}, otherwise
532      * @since 1.5
533      */
534     public static boolean isBase64(final byte[] arrayOctet) {
535         for (int i = 0; i < arrayOctet.length; i++) {
536             if (!isBase64(arrayOctet[i]) && !isWhiteSpace(arrayOctet[i])) {
537                 return false;
538             }
539         }
540         return true;
541     }
542 
543     /**
544      * Encodes binary data using the base64 algorithm but does not chunk the output.
545      *
546      * @param binaryData
547      *            binary data to encode
548      * @return byte[] containing Base64 characters in their UTF-8 representation.
549      */
550     public static byte[] encodeBase64(final byte[] binaryData) {
551         return encodeBase64(binaryData, false);
552     }
553 
554     /**
555      * Encodes binary data using the base64 algorithm but does not chunk the output.
556      *
557      * NOTE:  We changed the behaviour of this method from multi-line chunking (commons-codec-1.4) to
558      * single-line non-chunking (commons-codec-1.5).
559      *
560      * @param binaryData
561      *            binary data to encode
562      * @return String containing Base64 characters.
563      * @since 1.4 (NOTE:  1.4 chunked the output, whereas 1.5 does not).
564      */
565     public static String encodeBase64String(final byte[] binaryData) {
566         return StringUtils.newStringUtf8(encodeBase64(binaryData, false));
567     }
568 
569     /**
570      * Encodes binary data using a URL-safe variation of the base64 algorithm but does not chunk the output. The
571      * url-safe variation emits - and _ instead of + and / characters.
572      * <b>Note: no padding is added.</b>
573      * @param binaryData
574      *            binary data to encode
575      * @return byte[] containing Base64 characters in their UTF-8 representation.
576      * @since 1.4
577      */
578     public static byte[] encodeBase64URLSafe(final byte[] binaryData) {
579         return encodeBase64(binaryData, false, true);
580     }
581 
582     /**
583      * Encodes binary data using a URL-safe variation of the base64 algorithm but does not chunk the output. The
584      * url-safe variation emits - and _ instead of + and / characters.
585      * <b>Note: no padding is added.</b>
586      * @param binaryData
587      *            binary data to encode
588      * @return String containing Base64 characters
589      * @since 1.4
590      */
591     public static String encodeBase64URLSafeString(final byte[] binaryData) {
592         return StringUtils.newStringUtf8(encodeBase64(binaryData, false, true));
593     }
594 
595     /**
596      * Encodes binary data using the base64 algorithm and chunks the encoded output into 76 character blocks
597      *
598      * @param binaryData
599      *            binary data to encode
600      * @return Base64 characters chunked in 76 character blocks
601      */
602     public static byte[] encodeBase64Chunked(final byte[] binaryData) {
603         return encodeBase64(binaryData, true);
604     }
605 
606     /**
607      * Encodes binary data using the base64 algorithm, optionally chunking the output into 76 character blocks.
608      *
609      * @param binaryData
610      *            Array containing binary data to encode.
611      * @param isChunked
612      *            if {@code true} this encoder will chunk the base64 output into 76 character blocks
613      * @return Base64-encoded data.
614      * @throws IllegalArgumentException
615      *             Thrown when the input array needs an output array bigger than {@link Integer#MAX_VALUE}
616      */
617     public static byte[] encodeBase64(final byte[] binaryData, final boolean isChunked) {
618         return encodeBase64(binaryData, isChunked, false);
619     }
620 
621     /**
622      * Encodes binary data using the base64 algorithm, optionally chunking the output into 76 character blocks.
623      *
624      * @param binaryData
625      *            Array containing binary data to encode.
626      * @param isChunked
627      *            if {@code true} this encoder will chunk the base64 output into 76 character blocks
628      * @param urlSafe
629      *            if {@code true} this encoder will emit - and _ instead of the usual + and / characters.
630      *            <b>Note: no padding is added when encoding using the URL-safe alphabet.</b>
631      * @return Base64-encoded data.
632      * @throws IllegalArgumentException
633      *             Thrown when the input array needs an output array bigger than {@link Integer#MAX_VALUE}
634      * @since 1.4
635      */
636     public static byte[] encodeBase64(final byte[] binaryData, final boolean isChunked, final boolean urlSafe) {
637         return encodeBase64(binaryData, isChunked, urlSafe, Integer.MAX_VALUE);
638     }
639 
640     /**
641      * Encodes binary data using the base64 algorithm, optionally chunking the output into 76 character blocks.
642      *
643      * @param binaryData
644      *            Array containing binary data to encode.
645      * @param isChunked
646      *            if {@code true} this encoder will chunk the base64 output into 76 character blocks
647      * @param urlSafe
648      *            if {@code true} this encoder will emit - and _ instead of the usual + and / characters.
649      *            <b>Note: no padding is added when encoding using the URL-safe alphabet.</b>
650      * @param maxResultSize
651      *            The maximum result size to accept.
652      * @return Base64-encoded data.
653      * @throws IllegalArgumentException
654      *             Thrown when the input array needs an output array bigger than maxResultSize
655      * @since 1.4
656      */
657     public static byte[] encodeBase64(final byte[] binaryData, final boolean isChunked,
658                                       final boolean urlSafe, final int maxResultSize) {
659         if (binaryData == null || binaryData.length == 0) {
660             return binaryData;
661         }
662 
663         // Create this so can use the super-class method
664         // Also ensures that the same roundings are performed by the ctor and the code
665         final Base64 b64 = isChunked ? new Base64(urlSafe) : new Base64(0, CHUNK_SEPARATOR, urlSafe);
666         final long len = b64.getEncodedLength(binaryData);
667         if (len > maxResultSize) {
668             throw new IllegalArgumentException("Input array too big, the output array would be bigger (" +
669                 len +
670                 ") than the specified maximum size of " +
671                 maxResultSize);
672         }
673 
674         return b64.encode(binaryData);
675     }
676 
677     /**
678      * Decodes a Base64 String into octets
679      *
680      * @param base64String
681      *            String containing Base64 data
682      * @return Array containing decoded data.
683      * @since 1.4
684      */
685     public static byte[] decodeBase64(final String base64String) {
686         return new Base64().decode(base64String);
687     }
688 
689     /**
690      * Decodes Base64 data into octets
691      *
692      * @param base64Data
693      *            Byte array containing Base64 data
694      * @return Array containing decoded data.
695      */
696     public static byte[] decodeBase64(final byte[] base64Data) {
697         return new Base64().decode(base64Data);
698     }
699 
700     // Implementation of the Encoder Interface
701 
702     // Implementation of integer encoding used for crypto
703     /**
704      * Decodes a byte64-encoded integer according to crypto standards such as W3C's XML-Signature
705      *
706      * @param pArray
707      *            a byte array containing base64 character data
708      * @return A BigInteger
709      * @since 1.4
710      */
711     public static BigInteger decodeInteger(final byte[] pArray) {
712         return new BigInteger(1, decodeBase64(pArray));
713     }
714 
715     /**
716      * Encodes to a byte64-encoded integer according to crypto standards such as W3C's XML-Signature
717      *
718      * @param bigInt
719      *            a BigInteger
720      * @return A byte array containing base64 character data
721      * @throws NullPointerException
722      *             if null is passed in
723      * @since 1.4
724      */
725     public static byte[] encodeInteger(final BigInteger bigInt) {
726         if (bigInt == null) {
727             throw new NullPointerException("encodeInteger called with null parameter");
728         }
729         return encodeBase64(toIntegerBytes(bigInt), false);
730     }
731 
732     /**
733      * Returns a byte-array representation of a <code>BigInteger</code> without sign bit.
734      *
735      * @param bigInt
736      *            <code>BigInteger</code> to be converted
737      * @return a byte array representation of the BigInteger parameter
738      */
739     static byte[] toIntegerBytes(final BigInteger bigInt) {
740         int bitlen = bigInt.bitLength();
741         // round bitlen
742         bitlen = ((bitlen + 7) >> 3) << 3;
743         final byte[] bigBytes = bigInt.toByteArray();
744 
745         if (((bigInt.bitLength() % 8) != 0) && (((bigInt.bitLength() / 8) + 1) == (bitlen / 8))) {
746             return bigBytes;
747         }
748         // set up params for copying everything but sign bit
749         int startSrc = 0;
750         int len = bigBytes.length;
751 
752         // if bigInt is exactly byte-aligned, just skip signbit in copy
753         if ((bigInt.bitLength() % 8) == 0) {
754             startSrc = 1;
755             len--;
756         }
757         final int startDst = bitlen / 8 - len; // to pad w/ nulls as per spec
758         final byte[] resizedBytes = new byte[bitlen / 8];
759         System.arraycopy(bigBytes, startSrc, resizedBytes, startDst, len);
760         return resizedBytes;
761     }
762 
763     /**
764      * Returns whether or not the <code>octet</code> is in the Base64 alphabet.
765      *
766      * @param octet
767      *            The value to test
768      * @return {@code true} if the value is defined in the the Base64 alphabet {@code false} otherwise.
769      */
770     @Override
771     protected boolean isInAlphabet(final byte octet) {
772         return octet >= 0 && octet < decodeTable.length && decodeTable[octet] != -1;
773     }
774 
775 }