Merge branch 'main' into dependabot/maven/org.json-json-20231013

Author: karen-avetisyan-mc

.github/workflows/maven-test.yml

@@ -15,14 +15,10 @@ jobs:
     strategy:
       matrix:
         java:
-          - 8
-          - 9
           - 11
-          - 12
-          - 13
-          - 14
+          - 17
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v1
         with:
           fetch-depth: 0
       - name: 'Set up JDK ${{ matrix.java }}'

.github/workflows/sonar-scan.yml

@@ -14,20 +14,27 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+    
+      - name: Set up JDK
+        uses: actions/setup-java@v1
+        with:
+          java-version: 17
+          java-package: jdk
+      
+      - uses: actions/checkout@v1
         with:
           fetch-depth: 0
+      
       - name: Check for external PR
         if: ${{ !(contains(github.event.pull_request.labels.*.name, 'safe') ||
           github.event.pull_request.head.repo.full_name == github.repository ||
           github.event_name != 'pull_request_target') }}
         run: echo "Unsecure PR, must be labelled with the 'safe' label, then run the workflow again" && exit 1
-      - name: Set up JDK
-        uses: actions/setup-java@v1
-        with:
-          java-version: 11
+
       - name: Build with Maven
-        run: mvn clean install -Dgpg.signature.skip=true --file pom.xml
+        run: >-
+          mvn clean install -Dgpg.signature.skip=true --file pom.xml
+      
       - name: Sonar Scan
         env:
           GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'

README.md

@@ -12,6 +12,7 @@
 - [Overview](#overview)
   * [Compatibility](#compatibility)
   * [References](#references)
+  * [Versioning and Deprecation Policy](#versioning)
 - [Usage](#usage)
   * [Prerequisites](#prerequisites)
   * [Adding the Library to Your Project](#adding-the-library-to-your-project)
@@ -28,12 +29,15 @@
 Library for Mastercard API compliant payload encryption/decryption.
 
 ### Compatibility <a name="compatibility"></a>
-Java 8+
+Java 11+
 
 ### References <a name="references"></a>
 * [JSON Web Encryption (JWE)](https://datatracker.ietf.org/doc/html/rfc7516)
 * [Securing Sensitive Data Using Payload Encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/)
 
+### Versioning and Deprecation Policy <a name="versioning"></a>
+* [Mastercard Versioning and Deprecation Policy](https://github.com/Mastercard/.github/blob/main/CLIENT_LIBRARY_DEPRECATION_POLICY.md)
+
 ## Usage <a name="usage"></a>
 ### Prerequisites <a name="prerequisites"></a>
 Before using this library, you will need to set up a project in the [Mastercard Developers Portal](https://developer.mastercard.com). 
@@ -67,7 +71,7 @@ See: https://search.maven.org/artifact/com.mastercard.developer/client-encryptio
 
 This library requires one of the following dependencies to be added to your classpath:
 
-* [Jackson](https://search.maven.org/artifact/com.fasterxml.jackson.core/jackson-databind) 2.4.5+
+* [Jackson](https://search.maven.org/artifact/com.fasterxml.jackson.core/jackson-databind) 2.5.0+
 * [Google Gson](https://search.maven.org/artifact/com.google.code.gson/gson) 2.3.1+
 * [Json-smart](https://search.maven.org/artifact/net.minidev/json-smart) 2.1.1+
 * [Jettison](https://search.maven.org/artifact/org.codehaus.jettison/jettison) 1.0+
@@ -166,6 +170,7 @@ JweConfig config = JweConfigBuilder.aJweEncryptionConfig()
     .withEncryptionPath("$.path.to.foo", "$.path.to.encryptedFoo")
     .withDecryptionPath("$.path.to.encryptedFoo.encryptedValue", "$.path.to.foo")
     .withEncryptedValueFieldName("encryptedValue")
+    .withIVSize(16) // available values are 12 or 16. If not specified, default value is 16.
     .build();
 ```
 

pom.xml

@@ -6,17 +6,16 @@
 
     <groupId>com.mastercard.developer</groupId>
     <artifactId>client-encryption</artifactId>
-    <version>1.7.10</version>
+    <version>1.8.2</version>
     <packaging>jar</packaging>
     <description>Library for Mastercard API compliant payload encryption/decryption</description>
     <url>https://github.com/Mastercard/client-encryption-java</url>
     <name>client-encryption</name>
 
     <properties>
-        <okhttp2-version>2.7.5</okhttp2-version>
-        <okhttp3-version>4.8.1</okhttp3-version>
-        <google-api-client-version>1.23.0</google-api-client-version>
-        <feign-version>9.7.0</feign-version>
+        <okhttp3-version>4.12.0</okhttp3-version>
+        <google-api-client-version>2.4.0</google-api-client-version>
+        <feign-version>13.2.1</feign-version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <gpg.signature.skip>false</gpg.signature.skip>
     </properties>
@@ -52,7 +51,7 @@
         <dependency>
             <groupId>com.jayway.jsonpath</groupId>
             <artifactId>json-path</artifactId>
-            <version>2.6.0</version>
+            <version>2.9.0</version>
         </dependency>
 
         <dependency>
@@ -69,13 +68,6 @@
             <scope>provided</scope>
         </dependency>
 
-        <dependency>
-            <groupId>com.squareup.okhttp</groupId>
-            <artifactId>okhttp</artifactId>
-            <version>${okhttp2-version}</version>
-            <scope>provided</scope>
-        </dependency>
-
         <dependency>
             <groupId>com.google.api-client</groupId>
             <artifactId>google-api-client</artifactId>
@@ -96,7 +88,6 @@
             <version>4.13.1</version>
             <scope>test</scope>
         </dependency>
-
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-params</artifactId>
@@ -107,7 +98,7 @@
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>3.5.5</version>
+            <version>5.10.0</version>
             <scope>test</scope>
         </dependency>
 
@@ -135,7 +126,7 @@
         <dependency>
             <groupId>net.minidev</groupId>
             <artifactId>json-smart</artifactId>
-            <version>2.4.9</version>
+            <version>2.5.0</version>
             <scope>test</scope>
         </dependency>
 
@@ -163,9 +154,23 @@
 
     <profiles>
         <profile>
-            <id>java11+</id>
+            <id>java11</id>
+            <activation>
+                <jdk>11</jdk>
+            </activation>
+            <properties>
+                <!-- The Javadoc generation started to fail with OpenJDK 11.0.2 (11.0.1 was OK) and OpenJDK 12-ea:
+                     "The code being documented uses modules but the packages defined in
+                     https://docs.oracle.com/javase/7/docs/api/ are in the unnamed module."
+                     See: https://bugs.openjdk.java.net/browse/JDK-8212233
+                -->
+                <maven.javadoc.skip>true</maven.javadoc.skip>
+            </properties>
+        </profile>
+        <profile>
+            <id>java17</id>
             <activation>
-                <jdk>[11,)</jdk>
+                <jdk>17</jdk>
             </activation>
             <properties>
                 <!-- The Javadoc generation started to fail with OpenJDK 11.0.2 (11.0.1 was OK) and OpenJDK 12-ea:
@@ -184,7 +189,7 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-compiler-plugin</artifactId>
-                    <version>3.8.1</version>
+                    <version>3.12.1</version>
                     <configuration>
                         <source>1.8</source>
                         <target>1.8</target>
@@ -196,7 +201,7 @@
             <plugin>
                 <groupId>org.jacoco</groupId>
                 <artifactId>jacoco-maven-plugin</artifactId>
-                <version>0.8.5</version>
+                <version>0.8.7</version>
                 <executions>
                     <execution>
                         <id>pre-unit-test</id>
@@ -216,7 +221,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-gpg-plugin</artifactId>
-                <version>1.6</version>
+                <version>3.1.0</version>
                 <executions>
                     <execution>
                         <id>sign-artifacts</id>
@@ -233,7 +238,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-source-plugin</artifactId>
-                <version>3.2.1</version>
+                <version>3.3.0</version>
                 <executions>
                     <execution>
                         <id>attach-sources</id>
@@ -246,7 +251,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.2.0</version>
+                <version>3.6.3</version>
                 <executions>
                     <execution>
                         <id>generate-javadoc</id>

src/main/java/com/mastercard/developer/encryption/EncryptionConfig.java

@@ -46,6 +46,13 @@ public enum Scheme {
      */
     PrivateKey decryptionKey;
 
+
+    /**
+     * IV size in bytes
+     */
+
+    Integer ivSize = 16;
+
     /**
      * A list of JSON paths to encrypt in request payloads.
      * Example:
@@ -107,4 +114,6 @@ Map<String, String> getDecryptionPaths() {
     String getEncryptedValueFieldName() {
         return encryptedValueFieldName;
     }
+
+    public Integer getIVSize() { return ivSize; }
 }

src/main/java/com/mastercard/developer/encryption/EncryptionConfigBuilder.java

@@ -23,6 +23,8 @@ abstract class EncryptionConfigBuilder {
     protected Map<String, String> decryptionPaths = new HashMap<>();
     protected String encryptedValueFieldName;
 
+    protected Integer ivSize = 16;
+
     void computeEncryptionKeyFingerprintWhenNeeded() throws EncryptionException {
         try {
             if ((encryptionCertificate == null && encryptionKey == null) || !isNullOrEmpty(encryptionKeyFingerprint)) {

src/main/java/com/mastercard/developer/encryption/FieldLevelEncryption.java

@@ -210,7 +210,7 @@ private static Object readAndDeleteJsonKey(DocumentContext context, String objec
         }
         JsonProvider jsonProvider = JsonParser.jsonPathConfig.jsonProvider();
         Object value = jsonProvider.getMapValue(object, key);
-        context.delete(objectPath + "." + key);
+        JsonParser.deleteIfExists(context, objectPath + "." + key);
         return value;
     }
 }

src/main/java/com/mastercard/developer/encryption/FieldLevelEncryptionConfigBuilder.java

@@ -186,6 +186,16 @@ public FieldLevelEncryptionConfigBuilder withEncryptionKeyFingerprintHeaderName(
         return this;
     }
 
+    /**
+     * See: {@link EncryptionConfig#ivSize}.
+     */
+    public FieldLevelEncryptionConfigBuilder withEncryptionIVSize(Integer ivSize) {
+        if (ivSize == 12 || ivSize == 16) {
+            this.ivSize = ivSize;
+            return this;
+        }
+        throw new IllegalArgumentException("Supported IV Sizes are either 12 or 16!");
+    }
     /**
      * Build a {@link com.mastercard.developer.encryption.FieldLevelEncryptionConfig}.
      * @throws EncryptionException
@@ -209,6 +219,7 @@ public FieldLevelEncryptionConfig build() throws EncryptionException {
         config.encryptionCertificate = this.encryptionCertificate;
         config.oaepPaddingDigestAlgorithm = this.oaepPaddingDigestAlgorithm;
         config.ivFieldName = this.ivFieldName;
+        config.ivSize = this.ivSize;
         config.oaepPaddingDigestAlgorithmFieldName = this.oaepPaddingDigestAlgorithmFieldName;
         config.decryptionPaths = this.decryptionPaths;
         config.encryptedKeyFieldName = this.encryptedKeyFieldName;

src/main/java/com/mastercard/developer/encryption/FieldLevelEncryptionParams.java

@@ -43,7 +43,7 @@ public FieldLevelEncryptionParams(String ivValue, String encryptedKeyValue, Stri
     public static FieldLevelEncryptionParams generate(FieldLevelEncryptionConfig config) throws EncryptionException {
 
         // Generate a random IV
-        IvParameterSpec ivParameterSpec = AESEncryption.generateIv();
+        IvParameterSpec ivParameterSpec = AESEncryption.generateIv(config.getIVSize());
         String ivSpecValue = encodeBytes(ivParameterSpec.getIV(), config.fieldValueEncoding);
 
         // Generate an AES secret key

src/main/java/com/mastercard/developer/encryption/JsonParser.java

@@ -47,7 +47,7 @@ static void addDecryptedDataToPayload(DocumentContext payloadContext, String dec
         int length = jsonProvider.length(decryptedValueJsonElement);
         Collection<String> propertyKeys = (0 == length) ? Collections.emptyList() : jsonProvider.getPropertyKeys(decryptedValueJsonElement);
         for (String key : propertyKeys) {
-            payloadContext.delete(jsonPathOut + "." + key);
+            deleteIfExists( payloadContext, jsonPathOut + "." + key);
             payloadContext.put(jsonPathOut, key, jsonProvider.getMapValue(decryptedValueJsonElement, key));
         }
     }
@@ -86,4 +86,11 @@ static Object readJsonObject(DocumentContext context, String jsonPathString) {
         }
         return jsonElement;
     }
+
+    static void deleteIfExists(DocumentContext context, String jsonPathString){
+       Object value = context.read(jsonPathString);
+       if(value != null){
+           context.delete(jsonPathString);
+       }
+    }
 }