Merge pull request #13 from blasttoys/development

v2.1.1

Author: blasttoys

CHANGELOG.md

@@ -1,5 +1,14 @@
 # Change Log
 
+### V2.1.1
+
+- Fixed vulnerability CVE-2021-44228
+- Update to log4j version 2.15.0
+
+### V2.1
+
+- Release for APEX 2
+
 ### V2.0.0-SNAPSHOT
 
 - Library to use authParam

README.md

@@ -45,8 +45,8 @@ mvn package
 ```
 
 The compiled _jar_ file will be located in the **target** folder
-+ java-apex-api-security-<version>-SNAPSHOT.jar
-+ java-apex-api-security-<version>-SNAPSHOT-jar-with-dependencies.jar (this includes log4j libraries)
++ java-apex-api-security-<version>.jar
++ java-apex-api-security-<version>-jar-with-dependencies.jar (this includes log4j libraries)
 
 Import this jar file into your java classpath to use the utility class
 
@@ -64,7 +64,7 @@ mvn install
 <dependency>
     <groupId>com.api.util</groupId>
     <artifactId>ApiSecurity</artifactId>
-    <version>2.0.0-SNAPSHOT</version>
+    <version>2.1.1</version>
 </dependency>
 ```
 
@@ -76,12 +76,12 @@ mvn install
 <dependency>
 	<groupId>org.apache.logging.log4j</groupId>
 	<artifactId>log4j-api</artifactId>
-	<version>2.14.1</version>
+	<version>2.15.0</version>
 </dependency>
 <dependency>
 	<groupId>org.apache.logging.log4j</groupId>
 	<artifactId>log4j-core</artifactId>
-	<version>2.14.1</version>
+	<version>2.15.0</version>
 </dependency>
 ```
 
@@ -125,7 +125,7 @@ gradle test jacocoTestReport
 ```
 
 The compiled _jar_ file will be located in the **build/libs** folder
-+ java-apex-api-security-2.0.0-SNAPSHOT.jar
++ java-apex-api-security-2.1.1.jar
 
 Import this jar into your java classpath to use the utility class
 
@@ -140,7 +140,7 @@ repositories {
     mavenLocal()
 }
 dependencies {
-    compile group: 'com.api.util', name: 'ApiSecurity', version: '2.0.0-SNAPSHOT'
+    compile group: 'com.api.util', name: 'ApiSecurity', version: '2.1.1'
 }
 	
 ```
@@ -166,23 +166,6 @@ Authorization: Apex_l1_eg realm="https://XYZ.api.gov.sg/abc/def", apex_l1_eg_app
 
 ### Parameters
 
-#### realm
-This is an identifier for the caller. Any value can be used here.
-
-**Note:** This is currently handled by the library
-
-#### authPrefix
-
-Authorization Header scheme prefix. There are 4 possible values for this
-depending on the zone and the authentication method.
-
-1. Apex_l1_ig
-2. Apex_l1_eg
-3. Apex_l2_ig
-4. Apex_l2_eg
-
-**Note:** This is currently handled by the library
-
 #### httpMethod
 
 The HTTP method, i.e. `GET`, `POST`, etc.

build.gradle

@@ -4,7 +4,8 @@ plugins {
     id 'com.github.kt3k.coveralls' version '2.6.3'
 }
 
-version '2.0.0-SNAPSHOT'
+
+version '2.1.1'
 
 tasks.withType(JavaCompile) {
     options.encoding = "UTF-8"
@@ -19,8 +20,8 @@ dependencies {
 
     //gradle 4.0
     compile group: 'commons-lang', name: 'commons-lang', version: '2.4'
-    compile group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.14.1'
-    compile group: 'org.apache.logging.log4j', name: 'log4j-core', version: '2.14.1'
+    compile group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.15.0'
+    compile group: 'org.apache.logging.log4j', name: 'log4j-core', version: '2.15.0'
     compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.10.5.1'
     compile group: 'com.googlecode.json-simple', name: 'json-simple', version: '1.1.1'
     compile group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.69'

pom.xml

@@ -2,7 +2,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>com.api.util</groupId>
   <artifactId>ApiSecurity</artifactId>
-  <version>2.0.0-SNAPSHOT</version>
+  <version>2.1.1</version>
   <build>
     <plugins>
       <plugin>
@@ -80,12 +80,12 @@
   	<dependency>
 		    <groupId>org.apache.logging.log4j</groupId>
 		    <artifactId>log4j-api</artifactId>
-		    <version>2.14.1</version>
+		    <version>2.15.0</version>
 	</dependency>
   	<dependency>
 		    <groupId>org.apache.logging.log4j</groupId>
 		    <artifactId>log4j-core</artifactId>
-		    <version>2.14.1</version>
+		    <version>2.15.0</version>
 	</dependency>
   	<dependency>
             <groupId>commons-lang</groupId>

src/main/java/com/api/util/ApiSecurity/ApiSigning.java

@@ -16,6 +16,10 @@
 import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
 
 
+import org.bouncycastle.operator.InputDecryptorProvider;
+import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
+
+
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
 
@@ -612,6 +616,7 @@ public static String getBaseString(String authPrefix
 
         String baseString = null;
 
+
         try {
             authPrefix = authPrefix.toLowerCase();