1

I'm currently using jasypt as my encryption tool, the problem is once a word has been encrypted, it produces '/', i want to avoid slashes in my encryptions. the reason for that is i'm using it in my url.

so for example jasypt produces this encrypted text:

String encryptedText = "/O0sJjPUFgRGfND1TpHrkbyCalgY/rSpE8nhJ/wYjYY=";

I will be appending this in my link..

example of that is:

String.format("%s%s", "youtube.com/videos/", encryptedText);

this will redirect me to another link, so instead of going to videos section, it will go to /O0sJjPUFgRGfND1TpHrkbyCalgY

here's my code:

public class EncryptionUtil {
    public static final String ENCRYPTION_KEY = "test-encryption";
    private static final String EMPTY_KEY_OR_TEXT = "Decryption key and text must not be empty.";

    public static String decrypt(final String encryptedText) {
        if (StringUtils.isAnyBlank(encryptedText)) {
            throw new ApiErrorException(EMPTY_KEY_OR_TEXT);
        }
        try {
            final char[] keyCharArray = ENCRYPTION_KEY.toCharArray();
            final BasicTextEncryptor textEncryptor = new BasicTextEncryptor();
            textEncryptor.setPasswordCharArray(keyCharArray);

            return textEncryptor.decrypt(encryptedText);
        } catch (EncryptionOperationNotPossibleException e) {
            throw new ApiErrorException(e.getMessage());
        }
    }

    public static String encrypt(final String plaintext) {
        if (StringUtils.isAnyBlank(plaintext)) {
            throw new ApiErrorException(EMPTY_KEY_OR_TEXT);
        }
        final char[] keyCharArray = ENCRYPTION_KEY.toCharArray();
        final BasicTextEncryptor textEncryptor = new BasicTextEncryptor();
        textEncryptor.setPasswordCharArray(keyCharArray);

        return textEncryptor.encrypt(plaintext);
    }
}

Here's my spring controller:

@GetMapping("/profile/client-users/{userId}")
    public ModelAndView getAccountAccess(
        @PathVariable String userId, ModelMap modelMap) {
        userId = EncryptionUtil.decrypt(userId);
}
KennethC
  • 746
  • 2
  • 10
  • 27

1 Answers1

2

The first (bad) approach would be to allow slash character in url like in the thread below

Encoded slash (%2F) with Spring RequestMapping path param gives HTTP 400

But i think encoding your encryted text using base64 seems a less twisted way. And base64 encoding is realy fit for this

Base64 encoding can be helpful when fairly lengthy identifying information is used in an HTTP environment. For example, a database persistence framework for Java objects might use Base64 encoding to encode a relatively large unique id (generally 128-bit UUIDs) into a string for use as an HTTP parameter in HTTP forms or HTTP GET URLs

Quoted from: https://en.wikipedia.org/wiki/Base64

Encode your encrypted text with the following:

String encryptedText = "/O0sJjPUFgRGfND1TpHrkbyCalgY/rSpE8nhJ/wYjYY=";
String encryptedTextAndEncoded = new String(java.util.Base64.getEncoder().encode(encryptedText.getBytes()));

try {
        // Using standard Base64 in URL requires encoding of '+', '/' and '=' 
        encryptedTextAndEncoded = URLEncoder.encode(encryptedTextAndEncoded, "UTF-8");
    } catch (UnsupportedEncodingException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

String.format("%s%s", "youtube.com/videos/", encryptedTextAndEncoded);

The resulting url will be:

youtube.com/videos/L08wc0pqUFVGZ1JHZk5EMVRwSHJrYnlDYWxnWS9yU3BFOG5oSi93WWpZWT0%3D

Which is a perfectly valid url

Then, server side, you will decode the string before using it:

@GetMapping("/profile/client-users/{userId}")
    public ModelAndView getAccountAccess(
        @PathVariable String userId, ModelMap modelMap) {
        String decoded = new String(java.util.Base64.getDecoder().decode(userId.getBytes()));
        userId = EncryptionUtil.decrypt(decoded);
}
Mumrah81
  • 2,034
  • 2
  • 16
  • 23