new release 1.6.0

.gitlab-ci.yml

@@ -1,3 +1,41 @@
+variables:
+  # Product
+  PRODUCT: shared
+  BUILD_TYPE: MAVEN
+  MAVEN_IMAGE: "maven:3-jdk-11"
+  MVN_OPTS: "-DLOG_LEVEL=INFO -Dgpg.skip=true"
+  GITHUB_REPO_NAME: secure-strings #open sourced dependency
+  REPO_PATTERN: "V3 CI"
+
+stages:
+  - update-version
+  - code-quality
+  - code-test
+  - component-test
+  - application-build
+  - code-analysis
+  - library-publish
+  - update-project-metadata
+  - create-schedules
+  - open-source
+
 include:
-  - project: 'health-pdu/htds/pipeline/ci-scripts'
-    file: 'maven-base.yml'
+  - local: "/gitlab-ci/includes.yml"
+
+required-fragment-check:
+  variables:
+    RULESET: MAVEN_CI_LIBRARY
+
+create-project-badges:
+  dependencies:
+    - todo-check
+  variables:
+    ARTIFACT_BADGE: "false"
+
+create-develop-nightly-schedule:
+  extends: .add-schedule
+  variables:
+    SCHEDULE_NAME: Nightly-Develop-CI-Build
+    SCHEDULE_BRANCH: develop
+    SCHEDULE_CRON: "0 6 * * *"
+    RANDOMIZE_MINS: "true"

gitlab-ci/includes.yml

@@ -0,0 +1,66 @@
+include:
+    #.pre
+    - project: 'dwp/engineering/pipeline-fragments/credential-check'
+      ref: 2-0-0
+      file: 'ci-include-credential-check.yml'
+    - project: 'dwp/engineering/pipeline-fragments/fragment-version-check'
+      ref: 2-0-0
+      file: 'ci-include-fragment-version-check.yml'
+    - project: 'dwp/engineering/pipeline-fragments/required-fragment-check'
+      ref: 2-0-0
+      file: 'ci-include-required-fragment-check.yml'
+    #update-version
+    - project: 'dwp/engineering/pipeline-fragments/update-semver'
+      ref: 4-0-0
+      file: 'ci-include-update-semver.yml'
+    #code-quality
+    - project: 'dwp/engineering/pipeline-fragments/gitleaks'
+      ref: 2-0-0
+      file: 'ci-include-gitleaks.yml'
+    - project: 'dwp/engineering/pipeline-fragments/shell-check'
+      ref: 3-0-0
+      file: 'ci-include-shell-check.yml'
+    - project: 'dwp/engineering/pipeline-fragments/todo-checker'
+      ref: 2-0-0
+      file: 'ci-include-todo-checker.yml'
+    - project: 'dwp/engineering/pipeline-fragments/maven-checkstyle-lint'
+      ref: 3-1-0
+      file: 'ci-include-maven-checkstyle-lint.yml'
+    #code-test
+    - project: 'dwp/engineering/pipeline-fragments/maven-api-test'
+      ref: 3-1-0
+      file: 'ci-include-maven-api-test.yml'
+    #component-test
+    - project: 'dwp/engineering/pipeline-fragments/docker-compose-run'
+      ref: 2-0-0
+      file: 'ci-include-docker-compose-run.yml'
+    #application-build
+    - project: 'dwp/engineering/pipeline-fragments/maven-api-build'
+      ref: 3-1-0
+      file: 'ci-include-maven-api-build.yml'
+    #code-analysis
+    - project: 'dwp/engineering/pipeline-fragments/maven-api-pitest'
+      ref: 3-1-0
+      file: 'ci-include-maven-api-pitest.yml'
+    - project: 'dwp/engineering/pipeline-fragments/maven-api-spotbugs'
+      ref: 3-0-0
+      file: 'ci-include-maven-api-spotbugs.yml'
+    - project: 'dwp/engineering/pipeline-fragments/sonarqube'
+      ref: 4-0-2
+      file: 'ci-include-sonar_scanner.yml'
+    #nexus-publish
+    - project: 'dwp/engineering/pipeline-fragments/nexus-publish'
+      ref: 2-0-0
+      file: 'ci-include-nexus-publish.yml'
+    #update-project-metadata
+    - project: 'dwp/engineering/pipeline-fragments/create-project-badges'
+      ref: 2-0-0
+      file: 'ci-include-create-project-badges.yml'
+    #open-sourcing
+    - project: 'dwp/engineering/pipeline-fragments/open-source'
+      ref: 2-0-0
+      file: 'ci-include-open-source.yml'
+    #schedule create
+    - project: 'dwp/engineering/pipeline-fragments/schedule-creation'
+      ref: 2-0-0
+      file: 'ci-include-schedule-creation.yml'

pom.xml

@@ -6,7 +6,7 @@
 
   <groupId>uk.gov.dwp.crypto</groupId>
   <artifactId>secure-strings</artifactId>
-  <version>1.5.3</version>
+  <version>1.6.0</version>
 
   <name>${project.groupId}:${project.artifactId}</name>
   <description>Utility for storing passwords in memory encrypted form to prevent heap inspection
@@ -45,15 +45,18 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <maven.compiler.version>3.8.1</maven.compiler.version>
-    <jackson-data.version>2.10.0</jackson-data.version>
+    <jackson-data.version>2.12.3</jackson-data.version>
     <mvn-javadoc.version>3.2.0</mvn-javadoc.version>
     <mvn-source.version>3.0.1</mvn-source.version>
     <mvn-gpg.version>1.6</mvn-gpg.version>
     <jacoco.version>0.8.5</jacoco.version>
     <slf4j.version>1.7.25</slf4j.version>
-    <owasp.version>5.3.0</owasp.version>
+    <owasp.version>6.1.5</owasp.version>
     <junit.version>4.12</junit.version>
     <java.version>11</java.version>
+
+    <plugin.surefire.version>2.22.0</plugin.surefire.version>
+    <plugin.spotbugs.version>4.0.0</plugin.spotbugs.version>
   </properties>
 
   <dependencies>
@@ -117,20 +120,59 @@
         <version>${jacoco.version}</version>
         <executions>
           <execution>
-            <id>jacoco-initialize</id>
+            <id>default-prepare-agent</id>
             <goals>
               <goal>prepare-agent</goal>
             </goals>
+            <configuration>
+              <propertyName>jacocoArgLine</propertyName>
+            </configuration>
           </execution>
           <execution>
-            <id>jacoco-complete</id>
-            <phase>verify</phase>
+            <id>default-report</id>
             <goals>
               <goal>report</goal>
             </goals>
           </execution>
+          <execution>
+            <id>check</id>
+            <goals>
+              <goal>check</goal>
+            </goals>
+            <configuration>
+              <rules>
+                <!-- All classes must have 80% line and 75% branch coverage . Note we use 2 d.p so that we get can any check failure messages reported to 2 d.p  -->
+                <rule>
+                  <element>CLASS</element>
+                  <limits>
+                    <limit>
+                      <counter>LINE</counter>
+                      <value>COVEREDRATIO</value>
+                      <minimum>0.80</minimum>
+                    </limit>
+                    <limit>
+                      <counter>BRANCH</counter>
+                      <value>COVEREDRATIO</value>
+                      <minimum>0.75</minimum>
+                    </limit>
+                  </limits>
+                </rule>
+              </rules>
+            </configuration>
+          </execution>
         </executions>
       </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-surefire-plugin</artifactId>
+        <version>${plugin.surefire.version}</version>
+        <configuration>
+          <argLine>${jacocoArgLine} -Xmx256m</argLine>
+          <excludes>
+            <exclude>**/CryptoDataManagerTest*</exclude>
+          </excludes>
+        </configuration>
+      </plugin>
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-javadoc-plugin</artifactId>
@@ -180,6 +222,18 @@
           <target>${java.version}</target>
         </configuration>
       </plugin>
+      <plugin>
+        <groupId>com.github.spotbugs</groupId>
+        <artifactId>spotbugs-maven-plugin</artifactId>
+        <version>${plugin.spotbugs.version}</version>
+        <dependencies>
+          <dependency>
+            <groupId>com.github.spotbugs</groupId>
+            <artifactId>spotbugs</artifactId>
+            <version>${plugin.spotbugs.version}</version>
+          </dependency>
+        </dependencies>
+      </plugin>
     </plugins>
   </build>
 </project>

src/main/java/uk/gov/dwp/crypto/SecureStrings.java

@@ -1,8 +1,5 @@
 package uk.gov.dwp.crypto;
 
-import com.fasterxml.jackson.core.SerializableString;
-import com.fasterxml.jackson.core.io.CharacterEscapes;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -14,7 +11,6 @@
 import javax.crypto.SealedObject;
 import java.io.IOException;
 import java.security.InvalidKeyException;
-import java.security.InvalidParameterException;
 import java.security.Key;
 import java.security.NoSuchAlgorithmException;
 
@@ -25,6 +21,10 @@ public class SecureStrings {
 
   /**
    * Default constructor. Assumes AES encryption, generates a key and sets up the internal ciphers
+   *
+   * @throws NoSuchPaddingException : cipher exception
+   * @throws NoSuchAlgorithmException : cipher exception
+   * @throws InvalidKeyException : cipher exception
    */
   public SecureStrings()
       throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException {
@@ -99,34 +99,4 @@ public String revealString(SealedObject inputObject) {
 
     return null;
   }
-
-  public static <T> T escapedJSONObjectFromString(String inputString, Class<T> type)
-      throws IOException {
-    T returnValue;
-    if (inputString != null && inputString.trim().length() != 0) {
-      final CharacterEscapes jsonCharacterEscapes = generateJSONCharacterEscapes();
-      final ObjectMapper objectMapper = new ObjectMapper();
-      objectMapper.getFactory().setCharacterEscapes(jsonCharacterEscapes);
-      returnValue = objectMapper.readValue(inputString, type);
-    } else {
-      throw new InvalidParameterException("A JSON payload must be specified");
-    }
-    return returnValue;
-  }
-
-  private static CharacterEscapes generateJSONCharacterEscapes() {
-    return new CharacterEscapes() {
-      private static final long serialVersionUID = 11L;
-
-      @Override
-      public int[] getEscapeCodesForAscii() {
-        return standardAsciiEscapesForJSON();
-      }
-
-      @Override
-      public SerializableString getEscapeSequence(final int ch) {
-        return null;
-      }
-    };
-  }
 }

src/test/java/uk/gov/dwp/crypto/SecureStringsTest.java

@@ -31,6 +31,19 @@ public void setUp() throws NoSuchPaddingException, NoSuchAlgorithmException, Inv
     sealedObject = null;
   }
 
+  @Test(expected = NoSuchAlgorithmException.class)
+  public void exceptionConstructor()
+      throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException {
+    new SecureStrings("Not-Valid");
+  }
+
+  @Test
+  public void testSealStringPassingCryptoType()
+      throws IOException, IllegalBlockSizeException, NoSuchPaddingException,
+          NoSuchAlgorithmException, InvalidKeyException {
+    assertNotNull(new SecureStrings("DES").sealString("APassword"));
+  }
+
   @Test
   public void testSealString() throws IOException, IllegalBlockSizeException {
     assertNotNull(classInstance.sealString("APassword"));
@@ -73,31 +86,4 @@ public void testStoringStringAsNullCanBeDecrypted()
     sealedObject = classInstance.sealString(null);
     assertNull("This should return null", classInstance.revealString(sealedObject));
   }
-
-  @Test
-  public void testForEscapeJsonObjectWithValidJsonString() throws IOException {
-    String testJsonString =
-        "{" + "\"testBoolean\":true," + "\"testString\":\"string\"," + "\"testInteger\":42" + "}";
-    TestClassForSerialisation testing =
-        SecureStrings.escapedJSONObjectFromString(testJsonString, TestClassForSerialisation.class);
-    assertThat(testing.isTestBoolean(), is(true));
-    assertThat(testing.getTestString(), containsString("string"));
-    assertThat(testing.getTestInteger(), is(42));
-  }
-
-  @Test(expected = JsonParseException.class)
-  public void testForEscapeJsonObjectWithInvalidJsonString() throws IOException {
-    String testJsonString = "{" + "\"testBoolean\":true," + "}";
-
-    SecureStrings.escapedJSONObjectFromString(testJsonString, TestClassForSerialisation.class);
-    fail("Should have thrown a JsonParseException");
-  }
-
-  @Test(expected = InvalidParameterException.class)
-  public void testForEscapejsonobjectWithBlankJsonString() throws IOException {
-    String testJsonString = "";
-
-    SecureStrings.escapedJSONObjectFromString(testJsonString, TestClassForSerialisation.class);
-    fail("Should have thrown a InvalidParameterException");
-  }
 }