I am completely befuddled.
My java code generates a large random number. Then I have javascript in a firefox extension that reads the challenge element. The issue is that when served by tomcat, I can view the source and see the value. When the javascript reads it, the value is all messed up. It is still a number but is completely wrong.
If I take the source of the page and put it into a regular html page, the javascript reads it correctly. I thought maybe it was a text encoding issue but I really can't figure this out.
Java Code issuing HTML in Tomcat:
HttpSession session = req.getSession(true);
session.setAttribute("challenge", new BigInteger(300, new SecureRandom()));
PrintWriter out = resp.getWriter();
out.println("<html><head><title>Welcome!</title></head><body>");
out.println("<p><h2>Please Log In: </h2></p>");
out.println("<OBJECT type=\"application/dfiProof\" name=\"xmlToken\">");
out.println("<PARAM Name=\"challenge\" Value=\""+ session.getAttribute("challenge") + "\" />");
out.println("<PARAM Name=\"respondToUrl\" Value=\""+ respondToUrl + "\" />");
out.println("<PARAM Name=\"requiredClaims\" Value=\""+ getClaims() +"\" /></OBJECT>");
out.println("</body></html>");
Javascript in firefox extension:
var challenge=(getBrowser().contentWindow.document.getElementsByName("challenge")[0].value);
One Example.
Actual source challenge value: 1573047205860927699465578874450528905857828953560456458632239717134483305400897673940458509
Challenge value as read by javascript: 1245807227210499025856138365598085190914625518168094677726393336360228998958714778778363081
My java code generates a large random number. Then I have javascript in a firefox extension that reads the challenge element. The issue is that when served by tomcat, I can view the source and see the value. When the javascript reads it, the value is all messed up. It is still a number but is completely wrong.
If I take the source of the page and put it into a regular html page, the javascript reads it correctly. I thought maybe it was a text encoding issue but I really can't figure this out.
Java Code issuing HTML in Tomcat:
HttpSession session = req.getSession(true);
session.setAttribute("challenge", new BigInteger(300, new SecureRandom()));
PrintWriter out = resp.getWriter();
out.println("<html><head><title>Welcome!</title></head><body>");
out.println("<p><h2>Please Log In: </h2></p>");
out.println("<OBJECT type=\"application/dfiProof\" name=\"xmlToken\">");
out.println("<PARAM Name=\"challenge\" Value=\""+ session.getAttribute("challenge") + "\" />");
out.println("<PARAM Name=\"respondToUrl\" Value=\""+ respondToUrl + "\" />");
out.println("<PARAM Name=\"requiredClaims\" Value=\""+ getClaims() +"\" /></OBJECT>");
out.println("</body></html>");
Javascript in firefox extension:
var challenge=(getBrowser().contentWindow.document.getElementsByName("challenge")[0].value);
One Example.
Actual source challenge value: 1573047205860927699465578874450528905857828953560456458632239717134483305400897673940458509
Challenge value as read by javascript: 1245807227210499025856138365598085190914625518168094677726393336360228998958714778778363081
