GovTechSG · kelvinwijaya · Sep 11, 2018 · Sep 10, 2018 · Sep 10, 2018 · Sep 11, 2018
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,4 +17,8 @@
 + Update templates
 ### V1.1.2-SNAPSHOT
 + Minor refactoring
-+ Update documentation
++ Update documentation
+### V1.2.0-SNAPSHOT
++ Bug fixes for null value checking
++ Update basestring method to suppport use-case where value of queryparam or form value is empty
++ Update nonce method to generate base64 encoded string value of 32 bytes characters
diff --git a/README.md b/README.md
@@ -65,7 +65,7 @@ mvn install
 <dependency>
     <groupId>com.api.util</groupId>
     <artifactId>ApiSecurity</artifactId>
-    <version>1.1.2-SNAPSHOT</version>
+    <version>1.2.0-SNAPSHOT</version>
 </dependency>
 
 ```

diff --git a/build.gradle b/build.gradle
@@ -4,7 +4,7 @@ plugins {
     id 'com.github.kt3k.coveralls' version '2.6.3'
 }
 
-version '1.1.1-SNAPSHOT'
+version '1.2.0-SNAPSHOT'
 
 tasks.withType(JavaCompile) {
     options.encoding = "UTF-8"

diff --git a/pom.xml b/pom.xml
@@ -2,7 +2,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>com.api.util</groupId>
   <artifactId>ApiSecurity</artifactId>
-  <version>1.1.1-SNAPSHOT</version>
+  <version>1.2.0-SNAPSHOT</version>
   <build>
     <plugins>
       <plugin>

diff --git a/src/main/java/com/api/util/ApiSecurity/ApiList.java b/src/main/java/com/api/util/ApiSecurity/ApiList.java
@@ -21,15 +21,15 @@ public void add(String key, String value)
 		this.add(item);
 	}
 
-	public String toString() {
+	public String toString(Boolean isBaseString) {
 		String delimiter = "&";
 		Boolean sort = true;
 		Boolean quote = false;
 
-		return this.toString(delimiter, sort, quote);
+		return this.toString(delimiter, sort, quote, isBaseString);
 	}
 
-	public String toString(String delimiter, Boolean sort, Boolean quote)
+	public String toString(String delimiter, Boolean sort, Boolean quote, Boolean isBaseString)
 	{
 		List<String> list = new ArrayList<String>();
 
@@ -43,7 +43,7 @@ public String toString(String delimiter, Boolean sort, Boolean quote)
 						return l1.getKey().equals(l2.getKey()) ? l1.getValue().compareTo(l2.getValue())
 									: l1.getKey().compareTo(l2.getKey());
 					})
-					.map(e -> String.format(format, e.getKey(), e.getValue()))
+					.map(e -> (null!= e.getValue() && e.getValue().equals("") && isBaseString) ? e.getKey() : String.format(format, e.getKey(), e.getValue())  )
 					.collect(Collectors.toList());
 		} else{
 			list = this.stream().map(e -> String.format(format, e.getKey(), e.getValue()))

diff --git a/src/main/java/com/api/util/ApiSecurity/ApiSigning.java b/src/main/java/com/api/util/ApiSecurity/ApiSigning.java
@@ -5,8 +5,6 @@
 
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
@@ -27,7 +25,6 @@
 public class ApiSigning {
 
     private static final Logger log = LoggerFactory.getLogger(ApiSigning.class);
-    private final static String USER_AGENT = "Mozilla/5.0";
 
     /**
      * Create HMACRSA256 Signature (L1) with a given basestring
@@ -411,16 +408,21 @@ public static String getBaseString(String authPrefix
             ApiList paramList = new ApiList();
 
             // process QueryString from url by transfering it to paramList
-            if (siteUri.getQuery().length() > 1) {
+            if (null != siteUri.getQuery()) {
                 String queryString = siteUri.getRawQuery();
                 log.debug("queryString:: {}", queryString);
 
                 String[] paramArr = queryString.split("&");
                 for (String item : paramArr) {
-                    log.debug("item:: {}", item);
+                    log.debug("queryItem:: {}", item);
                     String[] itemArr = item.split("=");
                     try {
-                        paramList.add(itemArr[0], java.net.URLDecoder.decode(itemArr[1], StandardCharsets.UTF_8.toString()));
+                    	if(itemArr.length == 1) {
+                    		paramList.add(itemArr[0], "");
+                    	}else {
+                    		paramList.add(itemArr[0], java.net.URLDecoder.decode(itemArr[1], StandardCharsets.UTF_8.toString()));
+                    	}
+                        //paramList.add(itemArr[0], java.net.URLDecoder.decode(itemArr[1], StandardCharsets.UTF_8.toString()));
                     } catch (UnsupportedEncodingException e) {
                         throw e;
                     }
@@ -439,7 +441,7 @@ public static String getBaseString(String authPrefix
             paramList.add(authPrefix + "_signature_method", signatureMethod);
             paramList.add(authPrefix + "_version", "1.0");
 
-            baseString = httpMethod.toUpperCase() + "&" + url + "&" + paramList.toString();
+            baseString = httpMethod.toUpperCase() + "&" + url + "&" + paramList.toString(true);
 
         } catch (ApiUtilException ae) {
             log.error("Error :: getBaseString :: " + ae.getMessage());
@@ -499,7 +501,7 @@ public static String getSignatureToken(
 
             // Generate the nonce value
             try {
-                nonce = nonce != null ? nonce : Long.toString(getNewNonce());
+                nonce = (nonce != null && !nonce.isEmpty())  ? nonce : getNewNonce();
             } catch (NoSuchAlgorithmException nsae) {
                 throw nsae;
             }
@@ -534,7 +536,7 @@ public static String getSignatureToken(
             tokenList.add(authPrefix + "_signature", base64Token);
             tokenList.add(authPrefix + "_version", "1.0");
 
-            authorizationToken = String.format("%s %s", authPrefix.substring(0, 1).toUpperCase() + authPrefix.substring(1), tokenList.toString(", ", false, true));
+            authorizationToken = String.format("%s %s", authPrefix.substring(0, 1).toUpperCase() + authPrefix.substring(1), tokenList.toString(", ", false, true, false));
 
         } catch (ApiUtilException ae) {
             log.error("Error :: getToken :: " + ae.getMessage());
@@ -553,33 +555,13 @@ private static long getNewTimestamp() {
         return System.currentTimeMillis();
     }
 
-    private static long getNewNonce() throws NoSuchAlgorithmException {
-        long nonce = 0;
-
-        nonce = SecureRandom.getInstance("SHA1PRNG").nextLong();
-
+    private static String getNewNonce() throws NoSuchAlgorithmException {
+        String nonce = null;
+        byte[] b = new byte[32];
+        SecureRandom.getInstance("SHA1PRNG").nextBytes(b);
+        nonce = Base64.getEncoder().encodeToString(b);
+
         return nonce;
     }
 
-    private static TrustManager[] getTrustManager() {
-        // Create a trust manager that does not validate certificate chains
-        TrustManager[] trustAllCerts = new TrustManager[]{
-                new X509TrustManager() {
-                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
-                        return null;
-                    }
-
-                    public void checkClientTrusted(
-                            java.security.cert.X509Certificate[] certs, String authType) {
-                    }
-
-                    public void checkServerTrusted(
-                            java.security.cert.X509Certificate[] certs, String authType) {
-                    }
-                }
-        };
-
-        return trustAllCerts;
-    }
-
 }