auth0 · lbalmaceda · Jun 23, 2021 · Jun 22, 2021
@@ -16,6 +16,7 @@
 
 import java.io.IOException;
 import java.math.BigInteger;
+import java.nio.charset.StandardCharsets;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.KeyPairGenerator;
@@ -367,7 +368,7 @@ byte[] getAESKey() throws IncompatibleDeviceException, CryptoException {
             byte[] aes = keyGen.generateKey().getEncoded();
             //Save encrypted encoded version
             byte[] encryptedAES = RSAEncrypt(aes);
-            String encodedEncryptedAESText = new String(Base64.encode(encryptedAES, Base64.DEFAULT));
+            String encodedEncryptedAESText = new String(Base64.encode(encryptedAES, Base64.DEFAULT), StandardCharsets.UTF_8);
             storage.store(KEY_ALIAS, encodedEncryptedAESText);
             return aes;
         } catch (NoSuchAlgorithmException e) {
@@ -453,7 +454,7 @@ public byte[] encrypt(byte[] decryptedInput) throws CryptoException, Incompatibl
             byte[] encrypted = cipher.doFinal(decryptedInput);
             byte[] encodedIV = Base64.encode(cipher.getIV(), Base64.DEFAULT);
             //Save IV for Decrypt stage
-            storage.store(KEY_IV_ALIAS, new String(encodedIV));
+            storage.store(KEY_IV_ALIAS, new String(encodedIV, StandardCharsets.UTF_8));
             return encrypted;
         } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException e) {
             /*

@@ -5,7 +5,7 @@
 import androidx.annotation.NonNull;
 import androidx.annotation.Nullable;
 
-import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.PublicKey;
@@ -39,7 +39,7 @@ class AsymmetricSignatureVerifier extends SignatureVerifier {
     @Override
     protected void checkSignature(@NonNull String[] tokenParts) throws TokenValidationException {
         String content = tokenParts[0] + "." + tokenParts[1];
-        byte[] contentBytes = content.getBytes(Charset.defaultCharset());
+        byte[] contentBytes = content.getBytes(StandardCharsets.UTF_8);
         boolean valid = false;
         try {
             byte[] signatureBytes = Base64.decode(tokenParts[2], Base64.URL_SAFE | Base64.NO_WRAP);

@@ -4,7 +4,7 @@ import com.auth0.android.Auth0Exception
 import com.auth0.android.callback.Callback
 import com.auth0.android.request.*
 import java.io.IOException
-import java.nio.charset.Charset
+import java.nio.charset.StandardCharsets
 
 /**
  * Base class for every request on this library.
@@ -93,7 +93,7 @@ internal open class BaseRequest<T, U : Auth0Exception>(
             throw error
         }
 
-        val reader = AwareInputStreamReader(response.body, Charset.defaultCharset())
+        val reader = AwareInputStreamReader(response.body, StandardCharsets.UTF_8)
         if (response.isSuccess()) {
             //2. Successful scenario. Response of type T
             val result: T = resultAdapter.fromJson(reader)

@@ -126,7 +126,7 @@ static PrivateKey getPrivateKey() throws Exception {
         dis.readFully(keyBytes);
         dis.close();
 
-        String temp = new String(keyBytes);
+        String temp = new String(keyBytes, StandardCharsets.UTF_8);
         String privKeyPEM = temp.replace("-----BEGIN PRIVATE KEY-----\n", "");
         privKeyPEM = privKeyPEM.replace("-----END PRIVATE KEY-----", "");
 
@@ -146,7 +146,7 @@ static PublicKey getPublicKey() throws Exception {
         dis.readFully(keyBytes);
         dis.close();
 
-        String temp = new String(keyBytes);
+        String temp = new String(keyBytes, StandardCharsets.UTF_8);
         String pubKeyPEM = temp.replace("-----BEGIN PUBLIC KEY-----\n", "");
         pubKeyPEM = pubKeyPEM.replace("-----END PUBLIC KEY-----", "");