diff --git a/CHANGELOG.md b/CHANGELOG.md
index 22f6468..26de3b2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,4 +17,8 @@
+ Update templates
### V1.1.2-SNAPSHOT
+ Minor refactoring
-+ Update documentation
\ No newline at end of file
++ Update documentation
+### V1.2.0-SNAPSHOT
++ Bug fixes for null value checking
++ Update basestring method to suppport use-case where value of queryparam or form value is empty
++ Update nonce method to generate base64 encoded string value of 32 bytes characters
\ No newline at end of file
diff --git a/README.md b/README.md
index 94ae386..883f224 100644
--- a/README.md
+++ b/README.md
@@ -65,7 +65,7 @@ mvn install
com.api.util
ApiSecurity
- 1.1.2-SNAPSHOT
+ 1.2.0-SNAPSHOT
```
diff --git a/build.gradle b/build.gradle
index 190200d..6ceb64f 100644
--- a/build.gradle
+++ b/build.gradle
@@ -4,7 +4,7 @@ plugins {
id 'com.github.kt3k.coveralls' version '2.6.3'
}
-version '1.1.1-SNAPSHOT'
+version '1.2.0-SNAPSHOT'
tasks.withType(JavaCompile) {
options.encoding = "UTF-8"
diff --git a/pom.xml b/pom.xml
index 517ecd2..71747d8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2,7 +2,7 @@
4.0.0
com.api.util
ApiSecurity
- 1.1.1-SNAPSHOT
+ 1.2.0-SNAPSHOT
diff --git a/src/main/java/com/api/util/ApiSecurity/ApiList.java b/src/main/java/com/api/util/ApiSecurity/ApiList.java
index ff4b641..03068d5 100644
--- a/src/main/java/com/api/util/ApiSecurity/ApiList.java
+++ b/src/main/java/com/api/util/ApiSecurity/ApiList.java
@@ -21,15 +21,15 @@ public void add(String key, String value)
this.add(item);
}
- public String toString() {
+ public String toString(Boolean isBaseString) {
String delimiter = "&";
Boolean sort = true;
Boolean quote = false;
- return this.toString(delimiter, sort, quote);
+ return this.toString(delimiter, sort, quote, isBaseString);
}
- public String toString(String delimiter, Boolean sort, Boolean quote)
+ public String toString(String delimiter, Boolean sort, Boolean quote, Boolean isBaseString)
{
List list = new ArrayList();
@@ -43,7 +43,7 @@ public String toString(String delimiter, Boolean sort, Boolean quote)
return l1.getKey().equals(l2.getKey()) ? l1.getValue().compareTo(l2.getValue())
: l1.getKey().compareTo(l2.getKey());
})
- .map(e -> String.format(format, e.getKey(), e.getValue()))
+ .map(e -> (null!= e.getValue() && e.getValue().equals("") && isBaseString) ? e.getKey() : String.format(format, e.getKey(), e.getValue()) )
.collect(Collectors.toList());
} else{
list = this.stream().map(e -> String.format(format, e.getKey(), e.getValue()))
diff --git a/src/main/java/com/api/util/ApiSecurity/ApiSigning.java b/src/main/java/com/api/util/ApiSecurity/ApiSigning.java
index 466b9bd..cd342a0 100644
--- a/src/main/java/com/api/util/ApiSecurity/ApiSigning.java
+++ b/src/main/java/com/api/util/ApiSecurity/ApiSigning.java
@@ -5,8 +5,6 @@
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
@@ -27,7 +25,6 @@
public class ApiSigning {
private static final Logger log = LoggerFactory.getLogger(ApiSigning.class);
- private final static String USER_AGENT = "Mozilla/5.0";
/**
* Create HMACRSA256 Signature (L1) with a given basestring
@@ -411,16 +408,21 @@ public static String getBaseString(String authPrefix
ApiList paramList = new ApiList();
// process QueryString from url by transfering it to paramList
- if (siteUri.getQuery().length() > 1) {
+ if (null != siteUri.getQuery()) {
String queryString = siteUri.getRawQuery();
log.debug("queryString:: {}", queryString);
String[] paramArr = queryString.split("&");
for (String item : paramArr) {
- log.debug("item:: {}", item);
+ log.debug("queryItem:: {}", item);
String[] itemArr = item.split("=");
try {
- paramList.add(itemArr[0], java.net.URLDecoder.decode(itemArr[1], StandardCharsets.UTF_8.toString()));
+ if(itemArr.length == 1) {
+ paramList.add(itemArr[0], "");
+ }else {
+ paramList.add(itemArr[0], java.net.URLDecoder.decode(itemArr[1], StandardCharsets.UTF_8.toString()));
+ }
+ //paramList.add(itemArr[0], java.net.URLDecoder.decode(itemArr[1], StandardCharsets.UTF_8.toString()));
} catch (UnsupportedEncodingException e) {
throw e;
}
@@ -439,7 +441,7 @@ public static String getBaseString(String authPrefix
paramList.add(authPrefix + "_signature_method", signatureMethod);
paramList.add(authPrefix + "_version", "1.0");
- baseString = httpMethod.toUpperCase() + "&" + url + "&" + paramList.toString();
+ baseString = httpMethod.toUpperCase() + "&" + url + "&" + paramList.toString(true);
} catch (ApiUtilException ae) {
log.error("Error :: getBaseString :: " + ae.getMessage());
@@ -499,7 +501,7 @@ public static String getSignatureToken(
// Generate the nonce value
try {
- nonce = nonce != null ? nonce : Long.toString(getNewNonce());
+ nonce = (nonce != null && !nonce.isEmpty()) ? nonce : getNewNonce();
} catch (NoSuchAlgorithmException nsae) {
throw nsae;
}
@@ -534,7 +536,7 @@ public static String getSignatureToken(
tokenList.add(authPrefix + "_signature", base64Token);
tokenList.add(authPrefix + "_version", "1.0");
- authorizationToken = String.format("%s %s", authPrefix.substring(0, 1).toUpperCase() + authPrefix.substring(1), tokenList.toString(", ", false, true));
+ authorizationToken = String.format("%s %s", authPrefix.substring(0, 1).toUpperCase() + authPrefix.substring(1), tokenList.toString(", ", false, true, false));
} catch (ApiUtilException ae) {
log.error("Error :: getToken :: " + ae.getMessage());
@@ -553,33 +555,13 @@ private static long getNewTimestamp() {
return System.currentTimeMillis();
}
- private static long getNewNonce() throws NoSuchAlgorithmException {
- long nonce = 0;
-
- nonce = SecureRandom.getInstance("SHA1PRNG").nextLong();
-
+ private static String getNewNonce() throws NoSuchAlgorithmException {
+ String nonce = null;
+ byte[] b = new byte[32];
+ SecureRandom.getInstance("SHA1PRNG").nextBytes(b);
+ nonce = Base64.getEncoder().encodeToString(b);
+
return nonce;
}
- private static TrustManager[] getTrustManager() {
- // Create a trust manager that does not validate certificate chains
- TrustManager[] trustAllCerts = new TrustManager[]{
- new X509TrustManager() {
- public java.security.cert.X509Certificate[] getAcceptedIssuers() {
- return null;
- }
-
- public void checkClientTrusted(
- java.security.cert.X509Certificate[] certs, String authType) {
- }
-
- public void checkServerTrusted(
- java.security.cert.X509Certificate[] certs, String authType) {
- }
- }
- };
-
- return trustAllCerts;
- }
-
}