Oh boy.
I don't feel particularly intelligent this evening.
For the last several work days, I've been fighting a bug. A pernicious bug based around security...which I couldn't find.
I'd go forwards over my code, and then backwards. Up and down. I'd check web headers, recompile and run all my tests, etc... No joy, still couldn't see the bug.
What was it?
Picture that you've got a class like this:
The getName method should have been "protected"", at least, or maybe even "public", with a friendly and handy @Override annotation to indicate that we're overriding a method in the ancestor.
I said to myself, "Self," I says, "you done stepped on your crank."
This is an obvious bit of code, right?
But what if you had this:
c2l4OGMzMTk3NmItNWE4MC00YzVlLWE4NmYtOTU3MTJkMjY5OGFk
...or...
c2V2ZW44NjQzMGI0Zi02MmMwLTQ1NDctOTk2MC1iOWQ2MTY2NGRiMmE=
The fun thing is that there was a third party library handling encryption (that has caused us issues before), as well as a web API that is (by design) rather uncommunicative.
All it would say in this instance is "Bad signature." Exactly accurate, but not terribly helpful.
All the web request headers, as well as the other 6 arguments as well as those of the other 8 involved web calls were all correct.
The biggest cause (of my stupidity, I'll admit) is that everywhere else in the code, I did this:
Instead of using the common name manufacturing functions, I'd reimplemented them marking them private, for some reason. Private methods aren't, of course, overridden. Why would they be?
To make matters worse, I'd done it in a place where I was almost guaranteed to not find the issue.
Damn, another few grey hairs.
Don't be an Idiot (like me)...invent your own way. This one's mine.