From 7a02bd14c195e2ffbf9564e19f77940adef6bf6b Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Tue, 1 Mar 2022 15:02:32 -0700 Subject: [PATCH] Replace Apache Commons Base64 Decoding Issue gh-10923 --- .../saml2/Saml2LoginConfigurerTests.java | 2 +- .../service/authentication/Saml2Utils.java | 9 +++------ .../service/web/authentication/Saml2Utils.java | 9 +++------ .../security/saml2/core/Saml2Utils.java | 14 ++++++++------ .../Saml2AuthenticationTokenConverterTests.java | 4 ++-- 5 files changed, 17 insertions(+), 21 deletions(-) diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java index 52eb77f0be..cda7ccc4bf 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java @@ -293,7 +293,7 @@ public class Saml2LoginConfigurerTests { public void authenticateWithInvalidDeflatedSAMLResponseThenFailureHandlerUses() throws Exception { this.spring.register(CustomAuthenticationFailureHandler.class).autowire(); byte[] invalidDeflated = "invalid".getBytes(); - String encoded = Saml2Utils.samlEncode(invalidDeflated); + String encoded = Saml2Utils.samlEncodeNotRfc2045(invalidDeflated); MockHttpServletRequestBuilder request = get("/login/saml2/sso/registration-id").queryParam("SAMLResponse", encoded); this.mvc.perform(request); diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java index f8f1066a79..3ca272ac34 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java @@ -19,13 +19,12 @@ package org.springframework.security.saml2.provider.service.authentication; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.nio.charset.StandardCharsets; +import java.util.Base64; import java.util.zip.Deflater; import java.util.zip.DeflaterOutputStream; import java.util.zip.Inflater; import java.util.zip.InflaterOutputStream; -import org.apache.commons.codec.binary.Base64; - import org.springframework.security.saml2.Saml2Exception; /** @@ -33,17 +32,15 @@ import org.springframework.security.saml2.Saml2Exception; */ final class Saml2Utils { - private static Base64 BASE64 = new Base64(0, new byte[] { '\n' }); - private Saml2Utils() { } static String samlEncode(byte[] b) { - return BASE64.encodeAsString(b); + return Base64.getMimeEncoder().encodeToString(b); } static byte[] samlDecode(String s) { - return BASE64.decode(s); + return Base64.getMimeDecoder().decode(s); } static byte[] samlDeflate(String s) { diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2Utils.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2Utils.java index 15ba3da8df..e98a4bb9ec 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2Utils.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2Utils.java @@ -19,13 +19,12 @@ package org.springframework.security.saml2.provider.service.web.authentication; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.nio.charset.StandardCharsets; +import java.util.Base64; import java.util.zip.Deflater; import java.util.zip.DeflaterOutputStream; import java.util.zip.Inflater; import java.util.zip.InflaterOutputStream; -import org.apache.commons.codec.binary.Base64; - import org.springframework.security.saml2.Saml2Exception; /** @@ -37,17 +36,15 @@ import org.springframework.security.saml2.Saml2Exception; */ final class Saml2Utils { - private static Base64 BASE64 = new Base64(0, new byte[] { '\n' }); - private Saml2Utils() { } static String samlEncode(byte[] b) { - return BASE64.encodeAsString(b); + return Base64.getMimeEncoder().encodeToString(b); } static byte[] samlDecode(String s) { - return BASE64.decode(s); + return Base64.getMimeDecoder().decode(s); } static byte[] samlDeflate(String s) { diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java index 6f5d9e48d0..031878b2b1 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java @@ -19,28 +19,30 @@ package org.springframework.security.saml2.core; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.nio.charset.StandardCharsets; +import java.util.Base64; import java.util.zip.Deflater; import java.util.zip.DeflaterOutputStream; import java.util.zip.Inflater; import java.util.zip.InflaterOutputStream; -import org.apache.commons.codec.binary.Base64; - import org.springframework.security.saml2.Saml2Exception; public final class Saml2Utils { - private static Base64 BASE64 = new Base64(0, new byte[] { '\n' }); - private Saml2Utils() { } + @Deprecated + public static String samlEncodeNotRfc2045(byte[] b) { + return Base64.getEncoder().encodeToString(b); + } + public static String samlEncode(byte[] b) { - return BASE64.encodeAsString(b); + return Base64.getMimeEncoder().encodeToString(b); } public static byte[] samlDecode(String s) { - return BASE64.decode(s); + return Base64.getMimeDecoder().decode(s); } public static byte[] samlDeflate(String s) { diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java index 02b4692961..cc33b499fc 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java @@ -64,7 +64,7 @@ public class Saml2AuthenticationTokenConverterTests { .willReturn(this.relyingPartyRegistration); MockHttpServletRequest request = new MockHttpServletRequest(); request.setParameter(Saml2ParameterNames.SAML_RESPONSE, - Saml2Utils.samlEncode("response".getBytes(StandardCharsets.UTF_8))); + Saml2Utils.samlEncodeNotRfc2045("response".getBytes(StandardCharsets.UTF_8))); Saml2AuthenticationToken token = converter.convert(request); assertThat(token.getSaml2Response()).isEqualTo("response"); assertThat(token.getRelyingPartyRegistration().getRegistrationId()) @@ -115,7 +115,7 @@ public class Saml2AuthenticationTokenConverterTests { MockHttpServletRequest request = new MockHttpServletRequest(); request.setMethod("GET"); byte[] deflated = Saml2Utils.samlDeflate("response"); - String encoded = Saml2Utils.samlEncode(deflated); + String encoded = Saml2Utils.samlEncodeNotRfc2045(deflated); request.setParameter(Saml2ParameterNames.SAML_RESPONSE, encoded); Saml2AuthenticationToken token = converter.convert(request); assertThat(token.getSaml2Response()).isEqualTo("response");