From ff43ffa1d0d70c1932fc2f8926c5a2a999f8e368 Mon Sep 17 00:00:00 2001 From: Mark Paluch Date: Wed, 7 Aug 2024 08:45:16 +0200 Subject: [PATCH] Move off deprecated `Base64Utils`. Closes gh-874 --- .../authentication/AwsIamAuthentication.java | 10 ++++++---- .../authentication/PcfAuthentication.java | 5 +++-- .../vault/core/VaultTransformTemplate.java | 6 +++--- .../vault/security/VaultBytesKeyGenerator.java | 4 ++-- .../vault/support/Certificate.java | 4 ++-- .../vault/support/CertificateBundle.java | 4 ++-- .../vault/support/PemObject.java | 4 ++-- .../PlaintextToBase64StringConverter.java | 1 - ...VaultTemplateTransformIntegrationTests.java | 18 +++++++++++------- .../VaultTemplateTransitIntegrationTests.java | 12 ++++++------ 10 files changed, 37 insertions(+), 31 deletions(-) diff --git a/spring-vault-core/src/main/java/org/springframework/vault/authentication/AwsIamAuthentication.java b/spring-vault-core/src/main/java/org/springframework/vault/authentication/AwsIamAuthentication.java index 0f99f87d5..ee2a2636e 100644 --- a/spring-vault-core/src/main/java/org/springframework/vault/authentication/AwsIamAuthentication.java +++ b/spring-vault-core/src/main/java/org/springframework/vault/authentication/AwsIamAuthentication.java @@ -16,6 +16,7 @@ package org.springframework.vault.authentication; import java.io.ByteArrayInputStream; +import java.util.Base64; import java.util.Collections; import java.util.HashMap; import java.util.LinkedHashMap; @@ -37,7 +38,6 @@ import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; import org.springframework.util.Assert; -import org.springframework.util.Base64Utils; import org.springframework.util.ObjectUtils; import org.springframework.util.StringUtils; import org.springframework.vault.VaultException; @@ -80,7 +80,8 @@ public class AwsIamAuthentication implements ClientAuthentication, Authenticatio private static final String REQUEST_BODY = "Action=GetCallerIdentity&Version=2011-06-15"; - private static final String REQUEST_BODY_BASE64_ENCODED = Base64Utils.encodeToString(REQUEST_BODY.getBytes()); + private static final String REQUEST_BODY_BASE64_ENCODED = Base64.getEncoder() + .encodeToString(REQUEST_BODY.getBytes()); private final AwsIamAuthenticationOptions options; @@ -195,12 +196,13 @@ private static Map createRequestBody(AwsIamAuthenticationOptions Map login = new HashMap<>(); login.put("iam_http_request_method", "POST"); - login.put("iam_request_url", Base64Utils.encodeToString(options.getEndpointUri().toString().getBytes())); + login.put("iam_request_url", + Base64.getEncoder().encodeToString(options.getEndpointUri().toString().getBytes())); login.put("iam_request_body", REQUEST_BODY_BASE64_ENCODED); String headerJson = getSignedHeaders(options, credentials, region); - login.put("iam_request_headers", Base64Utils.encodeToString(headerJson.getBytes())); + login.put("iam_request_headers", Base64.getEncoder().encodeToString(headerJson.getBytes())); if (!ObjectUtils.isEmpty(options.getRole())) { login.put("role", options.getRole()); diff --git a/spring-vault-core/src/main/java/org/springframework/vault/authentication/PcfAuthentication.java b/spring-vault-core/src/main/java/org/springframework/vault/authentication/PcfAuthentication.java index 1b962b4af..e3ce8f314 100644 --- a/spring-vault-core/src/main/java/org/springframework/vault/authentication/PcfAuthentication.java +++ b/spring-vault-core/src/main/java/org/springframework/vault/authentication/PcfAuthentication.java @@ -20,6 +20,7 @@ import java.time.Clock; import java.time.LocalDateTime; import java.time.format.DateTimeFormatter; +import java.util.Base64; import java.util.HashMap; import java.util.Map; @@ -32,7 +33,6 @@ import org.bouncycastle.crypto.signers.PSSSigner; import org.springframework.util.Assert; -import org.springframework.util.Base64Utils; import org.springframework.vault.VaultException; import org.springframework.vault.support.PemObject; import org.springframework.vault.support.VaultResponse; @@ -165,7 +165,8 @@ private static String doSign(byte[] message, String instanceKeyPem) throws Crypt signer.update(message, 0, message.length); byte[] signature = signer.generateSignature(); - return Base64Utils.encodeToUrlSafeString(signature); + + return Base64.getUrlEncoder().encodeToString(signature); } } diff --git a/spring-vault-core/src/main/java/org/springframework/vault/core/VaultTransformTemplate.java b/spring-vault-core/src/main/java/org/springframework/vault/core/VaultTransformTemplate.java index 118b2b16c..847fa78af 100644 --- a/spring-vault-core/src/main/java/org/springframework/vault/core/VaultTransformTemplate.java +++ b/spring-vault-core/src/main/java/org/springframework/vault/core/VaultTransformTemplate.java @@ -16,13 +16,13 @@ package org.springframework.vault.core; import java.util.ArrayList; +import java.util.Base64; import java.util.Collections; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; import org.springframework.util.Assert; -import org.springframework.util.Base64Utils; import org.springframework.util.ObjectUtils; import org.springframework.util.StringUtils; import org.springframework.vault.VaultException; @@ -180,7 +180,7 @@ private static void applyTransformOptions(VaultTransformContext context, Map data, VaultTransf VaultTransformContext contextToUse = context; if (data.containsKey("tweak")) { - byte[] tweak = Base64Utils.decodeFromString((String) data.get("tweak")); + byte[] tweak = Base64.getDecoder().decode((String) data.get("tweak")); contextToUse = VaultTransformContext.builder() .transformation(context.getTransformation()) .tweak(tweak) diff --git a/spring-vault-core/src/main/java/org/springframework/vault/security/VaultBytesKeyGenerator.java b/spring-vault-core/src/main/java/org/springframework/vault/security/VaultBytesKeyGenerator.java index d7d567393..7f327b49c 100644 --- a/spring-vault-core/src/main/java/org/springframework/vault/security/VaultBytesKeyGenerator.java +++ b/spring-vault-core/src/main/java/org/springframework/vault/security/VaultBytesKeyGenerator.java @@ -15,11 +15,11 @@ */ package org.springframework.vault.security; +import java.util.Base64; import java.util.Collections; import org.springframework.security.crypto.keygen.BytesKeyGenerator; import org.springframework.util.Assert; -import org.springframework.util.Base64Utils; import org.springframework.vault.core.VaultOperations; import org.springframework.vault.support.VaultResponse; @@ -82,7 +82,7 @@ public byte[] generateKey() { Collections.singletonMap("format", "base64")); String randomBytes = (String) response.getRequiredData().get("random_bytes"); - return Base64Utils.decodeFromString(randomBytes); + return Base64.getDecoder().decode(randomBytes); } } diff --git a/spring-vault-core/src/main/java/org/springframework/vault/support/Certificate.java b/spring-vault-core/src/main/java/org/springframework/vault/support/Certificate.java index e69279d74..f3896bd0c 100644 --- a/spring-vault-core/src/main/java/org/springframework/vault/support/Certificate.java +++ b/spring-vault-core/src/main/java/org/springframework/vault/support/Certificate.java @@ -22,13 +22,13 @@ import java.security.cert.X509Certificate; import java.time.Instant; import java.util.ArrayList; +import java.util.Base64; import java.util.List; import com.fasterxml.jackson.annotation.JsonProperty; import org.springframework.lang.Nullable; import org.springframework.util.Assert; -import org.springframework.util.Base64Utils; import org.springframework.vault.VaultException; /** @@ -227,7 +227,7 @@ static List getCertificates(String certificates) throws Certifi } } else { - result.addAll(KeystoreUtil.getCertificates(Base64Utils.decodeFromString(certificates))); + result.addAll(KeystoreUtil.getCertificates(Base64.getDecoder().decode(certificates))); } return result; diff --git a/spring-vault-core/src/main/java/org/springframework/vault/support/CertificateBundle.java b/spring-vault-core/src/main/java/org/springframework/vault/support/CertificateBundle.java index 4e7900da2..9cfb91c76 100644 --- a/spring-vault-core/src/main/java/org/springframework/vault/support/CertificateBundle.java +++ b/spring-vault-core/src/main/java/org/springframework/vault/support/CertificateBundle.java @@ -21,6 +21,7 @@ import java.security.cert.X509Certificate; import java.security.spec.KeySpec; import java.util.ArrayList; +import java.util.Base64; import java.util.Collections; import java.util.List; import java.util.Locale; @@ -30,7 +31,6 @@ import org.springframework.lang.Nullable; import org.springframework.util.Assert; -import org.springframework.util.Base64Utils; import org.springframework.vault.VaultException; /** @@ -319,7 +319,7 @@ private static KeySpec getPrivateKey(String privateKey, String keyType) throw new IllegalArgumentException("No private key found in PEM-encoded key spec"); } - return getPrivateKey(Base64Utils.decodeFromString(privateKey), keyType); + return getPrivateKey(Base64.getDecoder().decode(privateKey), keyType); } private static KeySpec getPrivateKey(byte[] privateKey, String keyType) diff --git a/spring-vault-core/src/main/java/org/springframework/vault/support/PemObject.java b/spring-vault-core/src/main/java/org/springframework/vault/support/PemObject.java index a06c68ae7..0b6620950 100644 --- a/spring-vault-core/src/main/java/org/springframework/vault/support/PemObject.java +++ b/spring-vault-core/src/main/java/org/springframework/vault/support/PemObject.java @@ -24,6 +24,7 @@ import java.security.spec.RSAPrivateCrtKeySpec; import java.security.spec.RSAPublicKeySpec; import java.util.ArrayList; +import java.util.Base64; import java.util.Collections; import java.util.List; import java.util.regex.Matcher; @@ -31,7 +32,6 @@ import org.springframework.lang.Nullable; import org.springframework.util.Assert; -import org.springframework.util.Base64Utils; /** * Represents a PEM object that is internally decoded to a DER object. Typically, used to @@ -56,7 +56,7 @@ private PemObject(PemObjectType objectType, String content) { this.objectType = objectType; String sanitized = content.replaceAll("\r", "").replaceAll("\n", ""); - this.content = Base64Utils.decodeFromString(sanitized); + this.content = Base64.getDecoder().decode(sanitized); } /** diff --git a/spring-vault-core/src/main/java/org/springframework/vault/support/PlaintextToBase64StringConverter.java b/spring-vault-core/src/main/java/org/springframework/vault/support/PlaintextToBase64StringConverter.java index 265f10be1..f603738d6 100644 --- a/spring-vault-core/src/main/java/org/springframework/vault/support/PlaintextToBase64StringConverter.java +++ b/spring-vault-core/src/main/java/org/springframework/vault/support/PlaintextToBase64StringConverter.java @@ -16,7 +16,6 @@ package org.springframework.vault.support; import com.fasterxml.jackson.databind.util.StdConverter; -import org.springframework.util.Base64Utils; import java.util.Base64; diff --git a/spring-vault-core/src/test/java/org/springframework/vault/core/VaultTemplateTransformIntegrationTests.java b/spring-vault-core/src/test/java/org/springframework/vault/core/VaultTemplateTransformIntegrationTests.java index 6d83c083b..5b0352c44 100644 --- a/spring-vault-core/src/test/java/org/springframework/vault/core/VaultTemplateTransformIntegrationTests.java +++ b/spring-vault-core/src/test/java/org/springframework/vault/core/VaultTemplateTransformIntegrationTests.java @@ -24,7 +24,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit.jupiter.SpringExtension; -import org.springframework.util.Base64Utils; import org.springframework.vault.support.VaultMount; import org.springframework.vault.support.VaultResponse; import org.springframework.vault.util.IntegrationTestSupport; @@ -33,6 +32,8 @@ import static org.assertj.core.api.Assertions.assertThat; +import java.util.Base64; + /** * Integration tests for {@link VaultTemplate} using the {@code transform} backend. * @@ -77,8 +78,9 @@ void tearDown() { @Test void shouldEncode() { - VaultResponse response = this.vaultOperations.write("transform/encode/myrole", String.format( - "{\"value\": \"123-45-6789\", \"tweak\": \"%s\"}", Base64Utils.encodeToString("somenum".getBytes()))); + VaultResponse response = this.vaultOperations.write("transform/encode/myrole", + String.format("{\"value\": \"123-45-6789\", \"tweak\": \"%s\"}", + Base64.getEncoder().encodeToString("somenum".getBytes()))); assertThat((String) response.getRequiredData().get("encoded_value")).isNotEmpty(); } @@ -87,12 +89,14 @@ void shouldEncode() { void shouldEncodeAndDecode() { String value = "123-45-6789"; - VaultResponse response = this.vaultOperations.write("transform/encode/myrole", String - .format("{\"value\": \"%s\", \"tweak\": \"%s\"}", value, Base64Utils.encodeToString("somenum".getBytes()))); + VaultResponse response = this.vaultOperations.write("transform/encode/myrole", + String.format("{\"value\": \"%s\", \"tweak\": \"%s\"}", value, + Base64.getEncoder().encodeToString("somenum".getBytes()))); String encoded = (String) response.getRequiredData().get("encoded_value"); - VaultResponse decoded = this.vaultOperations.write("transform/decode/myrole", String.format( - "{\"value\": \"%s\", \"tweak\": \"%s\"}", encoded, Base64Utils.encodeToString("somenum".getBytes()))); + VaultResponse decoded = this.vaultOperations.write("transform/decode/myrole", + String.format("{\"value\": \"%s\", \"tweak\": \"%s\"}", encoded, + Base64.getEncoder().encodeToString("somenum".getBytes()))); assertThat((String) decoded.getRequiredData().get("decoded_value")).isEqualTo(value); } diff --git a/spring-vault-core/src/test/java/org/springframework/vault/core/VaultTemplateTransitIntegrationTests.java b/spring-vault-core/src/test/java/org/springframework/vault/core/VaultTemplateTransitIntegrationTests.java index 7865ff91c..f228bd6cb 100644 --- a/spring-vault-core/src/test/java/org/springframework/vault/core/VaultTemplateTransitIntegrationTests.java +++ b/spring-vault-core/src/test/java/org/springframework/vault/core/VaultTemplateTransitIntegrationTests.java @@ -15,6 +15,7 @@ */ package org.springframework.vault.core; +import java.util.Base64; import java.util.Collections; import java.util.List; @@ -26,7 +27,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit.jupiter.SpringExtension; -import org.springframework.util.Base64Utils; import org.springframework.vault.support.VaultMount; import org.springframework.vault.support.VaultResponse; import org.springframework.vault.support.VaultTransitKeyConfiguration; @@ -101,8 +101,8 @@ private void removeKeys() { @Test void shouldEncrypt() { - VaultResponse response = this.vaultOperations.write("transit/encrypt/mykey", - Collections.singletonMap("plaintext", Base64Utils.encodeToString("that message is secret".getBytes()))); + VaultResponse response = this.vaultOperations.write("transit/encrypt/mykey", Collections + .singletonMap("plaintext", Base64.getEncoder().encodeToString("that message is secret".getBytes()))); assertThat((String) response.getRequiredData().get("ciphertext")).isNotEmpty(); } @@ -110,14 +110,14 @@ void shouldEncrypt() { @Test void shouldEncryptAndDecrypt() { - VaultResponse response = this.vaultOperations.write("transit/encrypt/mykey", - Collections.singletonMap("plaintext", Base64Utils.encodeToString("that message is secret".getBytes()))); + VaultResponse response = this.vaultOperations.write("transit/encrypt/mykey", Collections + .singletonMap("plaintext", Base64.getEncoder().encodeToString("that message is secret".getBytes()))); VaultResponse decrypted = this.vaultOperations.write("transit/decrypt/mykey", Collections.singletonMap("ciphertext", response.getRequiredData().get("ciphertext"))); assertThat((String) decrypted.getRequiredData().get("plaintext")) - .isEqualTo(Base64Utils.encodeToString("that message is secret".getBytes())); + .isEqualTo(Base64.getEncoder().encodeToString("that message is secret".getBytes())); } }