8006153: HTTP protocol handler authenication should use Base64 API

Reviewed-by: chegar, alanb

jdk/src/share/classes/sun/net/www/protocol/http/BasicAuthentication.java

@@ -31,8 +31,9 @@ import java.net.URISyntaxException;
 import java.net.PasswordAuthentication;
 import java.io.IOException;
 import java.io.OutputStream;
+import java.util.Base64;
+import java.util.Base64.Encoder;
 import sun.net.www.HeaderParser;
-import sun.misc.BASE64Encoder;
 
 /**
  * BasicAuthentication: Encapsulate an http server authentication using
@@ -76,7 +77,7 @@ class BasicAuthentication extends AuthenticationInfo {
         System.arraycopy(nameBytes, 0, concat, 0, nameBytes.length);
         System.arraycopy(passwdBytes, 0, concat, nameBytes.length,
                          passwdBytes.length);
-        this.auth = "Basic " + (new BasicBASE64Encoder()).encode(concat);
+        this.auth = "Basic " + Base64.getEncoder().encodeToString(concat);
         this.pw = pw;
     }
 
@@ -116,7 +117,7 @@ class BasicAuthentication extends AuthenticationInfo {
         System.arraycopy(nameBytes, 0, concat, 0, nameBytes.length);
         System.arraycopy(passwdBytes, 0, concat, nameBytes.length,
                          passwdBytes.length);
-        this.auth = "Basic " + (new BasicBASE64Encoder()).encode(concat);
+        this.auth = "Basic " + Base64.getEncoder().encodeToString(concat);
         this.pw = pw;
     }
 
@@ -201,12 +202,5 @@ class BasicAuthentication extends AuthenticationInfo {
         /*should not reach here. If we do simply return npath*/
         return npath;
     }
-
-    /* It is never expected that the header value will exceed the bytesPerLine */
-    private class BasicBASE64Encoder extends BASE64Encoder {
-        @Override
-        protected int bytesPerLine() {
-            return (10000);
-        }
-    }
 }
+

jdk/src/share/classes/sun/net/www/protocol/http/NegotiateAuthentication.java

@@ -28,10 +28,9 @@ package sun.net.www.protocol.http;
 import java.net.URL;
 import java.io.IOException;
 import java.net.Authenticator.RequestorType;
+import java.util.Base64;
 import java.util.HashMap;
 import sun.net.www.HeaderParser;
-import sun.misc.BASE64Decoder;
-import sun.misc.BASE64Encoder;
 import static sun.net.www.protocol.http.AuthScheme.NEGOTIATE;
 import static sun.net.www.protocol.http.AuthScheme.KERBEROS;
 
@@ -151,9 +150,9 @@ class NegotiateAuthentication extends AuthenticationInfo {
             byte[] incoming = null;
             String[] parts = raw.split("\\s+");
             if (parts.length > 1) {
-                incoming = new BASE64Decoder().decodeBuffer(parts[1]);
+                incoming = Base64.getDecoder().decode(parts[1]);
             }
-            response = hci.scheme + " " + new B64Encoder().encode(
+            response = hci.scheme + " " + Base64.getEncoder().encodeToString(
                         incoming==null?firstToken():nextToken(incoming));
 
             conn.setAuthenticationProperty(getHeaderName(), response);
@@ -201,12 +200,6 @@ class NegotiateAuthentication extends AuthenticationInfo {
         return negotiator.nextToken(token);
     }
 
-    class B64Encoder extends BASE64Encoder {
-        protected int bytesPerLine () {
-            return 100000;  // as big as it can be, maybe INT_MAX
-        }
-    }
-
     // MS will send a final WWW-Authenticate even if the status is already
     // 200 OK. The token can be fed into initSecContext() again to determine
     // if the server can be trusted. This is not the same concept as Digest's