Replace Apache Commons Base64 Decoding

Issue gh-10923
4 years ago · 040a28a8c9
4 changed files with 15 additions and 15 deletions
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
@ -223,7 +223,7 @@ public class Saml2LoginConfigurerTests {
				@@ -223,7 +223,7 @@ public class Saml2LoginConfigurerTests {
 	public void authenticateWithInvalidDeflatedSAMLResponseThenFailureHandlerUses() throws Exception {
 		this.spring.register(CustomAuthenticationFailureHandler.class).autowire();
 		byte[] invalidDeflated = "invalid".getBytes();
-		String encoded = Saml2Utils.samlEncode(invalidDeflated);
+		String encoded = Saml2Utils.samlEncodeNotRfc2045(invalidDeflated);
 		MockHttpServletRequestBuilder request = get("/login/saml2/sso/registration-id").queryParam("SAMLResponse",
 				encoded);
 		this.mvc.perform(request);
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
@ -19,13 +19,12 @@ package org.springframework.security.saml2.provider.service.authentication;
				@@ -19,13 +19,12 @@ package org.springframework.security.saml2.provider.service.authentication;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
+import java.util.Base64;
 import java.util.zip.Deflater;
 import java.util.zip.DeflaterOutputStream;
 import java.util.zip.Inflater;
 import java.util.zip.InflaterOutputStream;

-import org.apache.commons.codec.binary.Base64;
-
 import org.springframework.security.saml2.Saml2Exception;

 /**
@ -33,17 +32,15 @@ import org.springframework.security.saml2.Saml2Exception;
				@@ -33,17 +32,15 @@ import org.springframework.security.saml2.Saml2Exception;
 */
 final class Saml2Utils {

-	private static Base64 BASE64 = new Base64(0, new byte[] { '\n' });
-
 	private Saml2Utils() {
 	}

 	static String samlEncode(byte[] b) {
-		return BASE64.encodeAsString(b);
+		return Base64.getMimeEncoder().encodeToString(b);
 	}

 	static byte[] samlDecode(String s) {
-		return BASE64.decode(s);
+		return Base64.getMimeDecoder().decode(s);
 	}

 	static byte[] samlDeflate(String s) {
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
@ -19,28 +19,30 @@ package org.springframework.security.saml2.core;
				@@ -19,28 +19,30 @@ package org.springframework.security.saml2.core;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
+import java.util.Base64;
 import java.util.zip.Deflater;
 import java.util.zip.DeflaterOutputStream;
 import java.util.zip.Inflater;
 import java.util.zip.InflaterOutputStream;

-import org.apache.commons.codec.binary.Base64;
-
 import org.springframework.security.saml2.Saml2Exception;

 public final class Saml2Utils {

-	private static Base64 BASE64 = new Base64(0, new byte[] { '\n' });
-
 	private Saml2Utils() {
 	}

+	@Deprecated
+	public static String samlEncodeNotRfc2045(byte[] b) {
+		return Base64.getEncoder().encodeToString(b);
+	}
+
 	public static String samlEncode(byte[] b) {
-		return BASE64.encodeAsString(b);
+		return Base64.getMimeEncoder().encodeToString(b);
 	}

 	public static byte[] samlDecode(String s) {
-		return BASE64.decode(s);
+		return Base64.getMimeDecoder().decode(s);
 	}

 	public static byte[] samlDeflate(String s) {
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
@ -60,7 +60,8 @@ public class Saml2AuthenticationTokenConverterTests {
				@@ -60,7 +60,8 @@ public class Saml2AuthenticationTokenConverterTests {
 		given(this.relyingPartyRegistrationResolver.convert(any(HttpServletRequest.class)))
 				.willReturn(this.relyingPartyRegistration);
 		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.setParameter("SAMLResponse", Saml2Utils.samlEncode("response".getBytes(StandardCharsets.UTF_8)));
+		request.setParameter("SAMLResponse",
+				Saml2Utils.samlEncodeNotRfc2045("response".getBytes(StandardCharsets.UTF_8)));
 		Saml2AuthenticationToken token = converter.convert(request);
 		assertThat(token.getSaml2Response()).isEqualTo("response");
 		assertThat(token.getRelyingPartyRegistration().getRegistrationId())
@ -111,7 +112,7 @@ public class Saml2AuthenticationTokenConverterTests {
				@@ -111,7 +112,7 @@ public class Saml2AuthenticationTokenConverterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setMethod("GET");
 		byte[] deflated = Saml2Utils.samlDeflate("response");
-		String encoded = Saml2Utils.samlEncode(deflated);
+		String encoded = Saml2Utils.samlEncodeNotRfc2045(deflated);
 		request.setParameter("SAMLResponse", encoded);
 		Saml2AuthenticationToken token = converter.convert(request);
 		assertThat(token.getSaml2Response()).isEqualTo("response");