Fix some Coverity scan warnings.

jmacaroons-core/src/main/java/com/github/nitram509/jmacaroons/MacaroonJSONV2.java

@@ -101,7 +101,7 @@ public byte[] parseSignature() {
         if (this.getSignature().equals(""))  {
             return Base64.decode(this.getSignature64());
         }
-        return this.getSignature().getBytes();
+        return this.getSignature().getBytes(RAW_BYTE_CHARSET);
     }
 
     @JsonIgnore

jmacaroons-core/src/main/java/com/github/nitram509/jmacaroons/MacaroonsDeSerializer.java

@@ -42,8 +42,9 @@ class MacaroonsDeSerializer {
       0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
       0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0,
       0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+  private static final String MACAROON_IS_NULL = "Macaroon cannot be null";
 
-    public static List<Macaroon> deserialize(String serializedMacaroon) throws NotDeSerializableException {
+  public static List<Macaroon> deserialize(String serializedMacaroon) throws NotDeSerializableException {
         assert serializedMacaroon != null;
 
         // Determine which format to use
@@ -74,6 +75,10 @@ private static List<Macaroon> deserializeMaybeJSONArray(String macaroonBytes) {
       throw new NotDeSerializableException(e.getCause());
     }
 
+    if (jsonValue == null) {
+      throw new NotDeSerializableException(MACAROON_IS_NULL);
+    }
+
     final List<Macaroon> macaroons = new ArrayList<>();
 
     // If it's an array, iterate over all the children and convert them
@@ -110,6 +115,11 @@ private static Macaroon deserializeV2JSON(JsonNode json) {
       throw new NotDeSerializableException(e.getCause());
     }
 
+
+    if (jsonMacaroon == null) {
+      throw new NotDeSerializableException(MACAROON_IS_NULL);
+    }
+
     // Extract the caveats
     return new Macaroon(jsonMacaroon.getLocation(),
             jsonMacaroon.parseIdentifier(),
@@ -141,7 +151,7 @@ private static Macaroon deserializeStream(StatefulPacketReader packetReader) {
         signature = parseSignature(packet, SIGNATURE_BYTES);
       }
     }
-    return new Macaroon(location, identifier, signature, caveats.toArray(new CaveatPacket[caveats.size()]), MacaroonVersion.VERSION_1);
+    return new Macaroon(location, identifier, signature, caveats.toArray(new CaveatPacket[0]), MacaroonVersion.VERSION_1);
   }
 
   private static byte[] parseSignature(Packet packet, byte[] signaturePacketData) {

jmacaroons-core/src/main/java/com/github/nitram509/jmacaroons/MacaroonsSerializer.java

@@ -105,10 +105,10 @@ private static String serializeV2JSON(Macaroon macaroon) {
         serialized.setLocation(macaroon.location);
 
         // Identifier
-        if (UTF8.validUTF8(macaroon.identifier.getBytes())) {
+        if (UTF8.validUTF8(macaroon.identifier.getBytes(IDENTIFIER_CHARSET))) {
             serialized.setIdentifier(macaroon.identifier);
         } else {
-            serialized.setIdentifier64(Base64.encodeUrlSafeToString(macaroon.identifier.getBytes()));
+            serialized.setIdentifier64(Base64.encodeUrlSafeToString(macaroon.identifier.getBytes(IDENTIFIER_CHARSET)));
         }
 
         // Signature

jmacaroons-core/src/main/java/com/github/nitram509/jmacaroons/crypto/neilalexander/jnacl/verify_16.java

@@ -1,17 +1,17 @@
 //
 //  Copyright (c) 2011, Neil Alexander T.
 //  All rights reserved.
-// 
+//
 //  Redistribution and use in source and binary forms, with
 //  or without modification, are permitted provided that the following
 //  conditions are met:
-// 
+//
 //  - Redistributions of source code must retain the above copyright notice,
 //    this list of conditions and the following disclaimer.
 //  - Redistributions in binary form must reproduce the above copyright notice,
 //    this list of conditions and the following disclaimer in the documentation
 //    and/or other materials provided with the distribution.
-// 
+//
 //  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 //  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 //  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -29,15 +29,15 @@
 
 public class verify_16
 {
-	final int crypto_verify_16_ref_BYTES = 16;
+	final static int CRYPTO_VERIFY_16_REF_BYTES = 16;
 
 	public static int crypto_verify(byte[] x, int xoffset, byte[] y)
 	{
 		int differentbits = 0;
-		
+
 		for (int i = 0; i < 15; i++)
 			differentbits |= ((int)(x[xoffset + i] ^ y[i])) & 0xff;
-		
+
 		return (1 & (((int)differentbits - 1) >>> 8)) - 1;
 	}
 }

jmacaroons-core/src/main/java/com/github/nitram509/jmacaroons/crypto/neilalexander/jnacl/xsalsa20poly1305.java

@@ -1,17 +1,17 @@
 //
 //  Copyright (c) 2011, Neil Alexander T.
 //  All rights reserved.
-// 
+//
 //  Redistribution and use in source and binary forms, with
 //  or without modification, are permitted provided that the following
 //  conditions are met:
-// 
+//
 //  - Redistributions of source code must retain the above copyright notice,
 //    this list of conditions and the following disclaimer.
 //  - Redistributions in binary form must reproduce the above copyright notice,
 //    this list of conditions and the following disclaimer in the documentation
 //    and/or other materials provided with the distribution.
-// 
+//
 //  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 //  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 //  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -29,10 +29,10 @@
 
 public class xsalsa20poly1305
 {
-	final int crypto_secretbox_KEYBYTES = 32;
-	final int crypto_secretbox_NONCEBYTES = 24;
-	final int crypto_secretbox_ZEROBYTES = 32;
-	final int crypto_secretbox_BOXZEROBYTES = 16;
+	final static int CRYPTO_SECRETBOX_KEYBYTES = 32;
+	final static int CRYPTO_SECRETBOX_NONCEBYTES = 24;
+	final static int CRYPTO_SECRETBOX_ZEROBYTES = 32;
+	final static int CRYPTO_SECRETBOX_BOXZEROBYTES = 16;
 
 	static public int crypto_secretbox(byte[] c, byte[] m, long mlen, byte[] n, byte[] k)
 	{
@@ -41,30 +41,30 @@ static public int crypto_secretbox(byte[] c, byte[] m, long mlen, byte[] n, byte
 
 		xsalsa20.crypto_stream_xor(c, m, mlen, n, k);
 		poly1305.crypto_onetimeauth(c, 16, c, 32, mlen - 32, c);
-		
+
 		for (int i = 0; i < 16; ++i)
 			c[i] = 0;
-		
+
 		return 0;
 	}
 
 	static public int crypto_secretbox_open(byte[] m, byte[] c, long clen, byte[] n, byte[] k)
 	{
 		if (clen < 32)
 			return -1;
-	
+
 		byte[] subkeyp = new byte[32];
-		
+
 		xsalsa20.crypto_stream(subkeyp, 32, n, k);
-		
+
 		if (poly1305.crypto_onetimeauth_verify(c, 16, c, 32, clen - 32, subkeyp) != 0)
 			return -1;
-		
+
 		xsalsa20.crypto_stream_xor(m, c, clen, n, k);
-		
+
 		for (int i = 0; i < 32; ++i)
 			m[i] = 0;
-		
+
 		return 0;
 	}
 }

jmacaroons-core/src/test/java/com/github/nitram509/jmacaroons/MacaroonsPrepareRequestAndVerifyComplexTest.java

@@ -26,19 +26,16 @@ public class MacaroonsPrepareRequestAndVerifyComplexTest {
 
   private String identifier;
   private String secret;
-  private String location;
   private String caveat_key;
-  private String publicIdentifier;
   private Macaroon M;
   private Macaroon DP;
   private Macaroon D;
-  private Macaroon E;
 
   @BeforeClass
-  public void setUp() throws Exception {
-    location = "http://mybank/";
+  public void setUp() {
+    String location = "http://mybank/";
     secret = "this is a different super-secret key; never use the same secret twice";
-    publicIdentifier = "we used our other secret key";
+    String publicIdentifier = "we used our other secret key";
     M = new MacaroonsBuilder(location, secret, publicIdentifier)
         .add_first_party_caveat("account = 3735928559")
         .getMacaroon();

jmacaroons-core/src/test/java/com/github/nitram509/jmacaroons/MacaroonsVerifierTest.java

@@ -29,8 +29,6 @@
 
 public class MacaroonsVerifierTest {
 
-  private static SimpleDateFormat ISO_DateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm");
-
   private String identifier;
   private String secret;
   private String location;
@@ -132,7 +130,8 @@ public void verification_general() {
   }
 
   private String createTimeStamp1WeekInFuture() {
-    return ISO_DateFormat.format(new Date(System.currentTimeMillis() + (1000 * 60 * 60 * 24 * 7)));
+    final SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm");
+    return df.format(new Date(System.currentTimeMillis() + (1000 * 60 * 60 * 24 * 7)));
   }
 
 }