From fd067be1aaea0aa69570e043dbe04e3921e24da4 Mon Sep 17 00:00:00 2001
From: Brad Rydzewski <brad.rydzewski@gmail.com>
Date: Thu, 20 Aug 2015 09:39:34 -0700
Subject: [PATCH] tweak to use alt URL-compatible base64 encoding

---
 pkg/server/hooks.go          | 9 +++++++--
 pkg/utils/sshutil/sshutil.go | 6 ++----
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/pkg/server/hooks.go b/pkg/server/hooks.go
index b2d1ab46..5a5561ad 100644
--- a/pkg/server/hooks.go
+++ b/pkg/server/hooks.go
@@ -101,14 +101,19 @@ func PostHook(c *gin.Context) {
 	if repo.Params != nil && len(repo.Params) != 0 {
 		raw = []byte(inject.InjectSafe(string(raw), repo.Params))
 	}
-	encrypted, _ := secure.Parse(repo.Keys.Private, repo.Hash, string(raw))
+	encrypted, err := secure.Parse(repo.Keys.Private, repo.Hash, string(raw))
+	if err != nil {
+		log.Errorf("failure to decrypt secure parameters for %s. %s", repo.FullName, err)
+		c.Fail(400, err)
+		return
+	}
 	if encrypted != nil && len(encrypted) != 0 {
 		raw = []byte(inject.InjectSafe(string(raw), encrypted))
 	}
 	axes, err := matrix.Parse(string(raw))
 	if err != nil {
 		log.Errorf("failure to calculate matrix for %s. %s", repo.FullName, err)
-		c.Fail(404, err)
+		c.Fail(400, err)
 		return
 	}
 	if len(axes) == 0 {
diff --git a/pkg/utils/sshutil/sshutil.go b/pkg/utils/sshutil/sshutil.go
index 4348b7b4..4796c6fb 100644
--- a/pkg/utils/sshutil/sshutil.go
+++ b/pkg/utils/sshutil/sshutil.go
@@ -56,19 +56,17 @@ func UnMarshalPrivateKey(privateKeyPEM []byte) *rsa.PrivateKey {
 // an RSA public key.
 func Encrypt(hash hash.Hash, pubkey *rsa.PublicKey, msg string) (string, error) {
 	src, err := rsa.EncryptOAEP(hash, rand.Reader, pubkey, []byte(msg), nil)
-
-	return base64.StdEncoding.EncodeToString(src), err
+	return base64.RawURLEncoding.EncodeToString(src), err
 }
 
 // Decrypt is helper function to encrypt a plain-text string using
 // an RSA public key.
 func Decrypt(hash hash.Hash, privkey *rsa.PrivateKey, secret string) (string, error) {
-	decoded, err := base64.StdEncoding.DecodeString(secret)
+	decoded, err := base64.RawURLEncoding.DecodeString(secret)
 	if err != nil {
 		return "", err
 	}
 
 	out, err := rsa.DecryptOAEP(hash, rand.Reader, privkey, decoded, nil)
-
 	return string(out), err
 }