From 449703fa7f1a54067e4a3a93cd9b5adba67bf694 Mon Sep 17 00:00:00 2001 From: Shaik Saifuddin Date: Thu, 6 Apr 2023 02:14:43 -0300 Subject: [PATCH 1/5] add method connectURl to Configuration method from OAuthGateway - Move method refactoring and push down method from Request to search criteria --- src/main/java/com/braintreegateway/Configuration.java | 6 ++++++ src/main/java/com/braintreegateway/OAuthGateway.java | 5 ----- src/main/java/com/braintreegateway/Request.java | 7 ------- src/main/java/com/braintreegateway/SearchCriteria.java | 4 ++++ .../com/braintreegateway/integrationtest/OAuthIT.java | 10 +++++----- 5 files changed, 15 insertions(+), 17 deletions(-) diff --git a/src/main/java/com/braintreegateway/Configuration.java b/src/main/java/com/braintreegateway/Configuration.java index 3afe85dd..64e86873 100644 --- a/src/main/java/com/braintreegateway/Configuration.java +++ b/src/main/java/com/braintreegateway/Configuration.java @@ -155,4 +155,10 @@ public int getConnectTimeout() { public void setConnectTimeout(Integer timeout) { this.connectTimeout = timeout; } + + public String connectUrl(OAuthConnectUrlRequest request) { + request.clientId(getClientId()); + String queryString = request.toQueryString(); + return getBaseURL() + "/oauth/connect?" + queryString; + } } diff --git a/src/main/java/com/braintreegateway/OAuthGateway.java b/src/main/java/com/braintreegateway/OAuthGateway.java index de7e88e1..1c5dacce 100644 --- a/src/main/java/com/braintreegateway/OAuthGateway.java +++ b/src/main/java/com/braintreegateway/OAuthGateway.java @@ -35,9 +35,4 @@ public Result revokeAccessToken(String accessToken) { return new Result(response, OAuthResult.class); } - public String connectUrl(OAuthConnectUrlRequest request) { - request.clientId(configuration.getClientId()); - String queryString = request.toQueryString(); - return configuration.getBaseURL() + "/oauth/connect?" + queryString; - } } diff --git a/src/main/java/com/braintreegateway/Request.java b/src/main/java/com/braintreegateway/Request.java index 42908503..df7ad04c 100644 --- a/src/main/java/com/braintreegateway/Request.java +++ b/src/main/java/com/braintreegateway/Request.java @@ -26,11 +26,4 @@ public String getKind() { return null; } - protected String buildXMLElement(Object element) { - return RequestBuilder.buildXMLElement(element); - } - - protected String buildXMLElement(String name, Object element) { - return RequestBuilder.buildXMLElement(name, element); - } } diff --git a/src/main/java/com/braintreegateway/SearchCriteria.java b/src/main/java/com/braintreegateway/SearchCriteria.java index af5a0aa9..08a61b24 100644 --- a/src/main/java/com/braintreegateway/SearchCriteria.java +++ b/src/main/java/com/braintreegateway/SearchCriteria.java @@ -5,6 +5,10 @@ public class SearchCriteria extends Request { private String xml; + protected String buildXMLElement(String name, Object element) { + return RequestBuilder.buildXMLElement(name, element); + } + public SearchCriteria(String type, Object value) { this.xml = buildXMLElement(type, value); } diff --git a/src/test/java/com/braintreegateway/integrationtest/OAuthIT.java b/src/test/java/com/braintreegateway/integrationtest/OAuthIT.java index 9744c13f..1ee5d3e9 100644 --- a/src/test/java/com/braintreegateway/integrationtest/OAuthIT.java +++ b/src/test/java/com/braintreegateway/integrationtest/OAuthIT.java @@ -140,7 +140,7 @@ public void connectUrlReturnsCorrectUrl() { establishedOn("1988-10"). done(); - String urlString = gateway.oauth().connectUrl(request); + String urlString = gateway.getConfiguration().connectUrl(request); URL url; @@ -203,7 +203,7 @@ public void connectUrlReturnsCorrectUrl() { public void connectUrlReturnsCorrectUrlWithoutOptionalParams() { OAuthConnectUrlRequest request = new OAuthConnectUrlRequest(); - String urlString = gateway.oauth().connectUrl(request); + String urlString = gateway.getConfiguration().connectUrl(request); URL url; @@ -225,7 +225,7 @@ public void connectUrlReturnsCorrectPaymentMethods() { OAuthConnectUrlRequest request = new OAuthConnectUrlRequest(). paymentMethods(new String[] {"credit_card", "paypal"}); - String urlString = gateway.oauth().connectUrl(request); + String urlString = gateway.getConfiguration().connectUrl(request); URL url; @@ -248,7 +248,7 @@ public void connectUrlCanIncludeSignupOnly() { OAuthConnectUrlRequest request = new OAuthConnectUrlRequest() .signupOnly(true); - String urlString = gateway.oauth().connectUrl(request); + String urlString = gateway.getConfiguration().connectUrl(request); try { URL url = new URL(urlString); @@ -269,7 +269,7 @@ public void connectUrlOnlyIncludesLoginOnlyIfBothLoginOnlyAndSignupOnlyAreSpecif .loginOnly(true) .signupOnly(true); - String urlString = gateway.oauth().connectUrl(request); + String urlString = gateway.getConfiguration().connectUrl(request); try { URL url = new URL(urlString); From 5927f1f212eb41d5aabf2b5889f882042573ad8f Mon Sep 17 00:00:00 2001 From: Shaik Saifuddin Date: Thu, 6 Apr 2023 03:22:22 -0300 Subject: [PATCH 2/5] refactoring complex condition in Crypto class --- src/main/java/com/braintreegateway/util/Crypto.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/braintreegateway/util/Crypto.java b/src/main/java/com/braintreegateway/util/Crypto.java index 4761d342..00311e73 100644 --- a/src/main/java/com/braintreegateway/util/Crypto.java +++ b/src/main/java/com/braintreegateway/util/Crypto.java @@ -2,7 +2,7 @@ public class Crypto { public Boolean secureCompare(String left, String right) { - if (left == null || right == null || (left.length() != right.length())) { + if (checkSecureCompareDirections(left, right)) { return false; } @@ -15,4 +15,8 @@ public Boolean secureCompare(String left, String right) { } return result == 0; } + + public Boolean checkSecureCompareDirections(String left, String right) { + return left == null || right == null || (left.length() != right.length()); + } } From 7c55b6e1f5cda5402387c3475acd8464de147bda Mon Sep 17 00:00:00 2001 From: Shaik Saifuddin Date: Thu, 6 Apr 2023 03:41:51 -0300 Subject: [PATCH 3/5] refactored complex method in Customer class - extract method refactoring --- src/main/java/com/braintreegateway/Customer.java | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/main/java/com/braintreegateway/Customer.java b/src/main/java/com/braintreegateway/Customer.java index 3803811d..5aaf532e 100644 --- a/src/main/java/com/braintreegateway/Customer.java +++ b/src/main/java/com/braintreegateway/Customer.java @@ -32,6 +32,11 @@ public class Customer { private Map customFields; public Customer(NodeWrapper node) { + setCustomerNodeWrapperStrings(node); + setCustomerNodeWrapperResponses(node); + } + + private void setCustomerNodeWrapperStrings(NodeWrapper node) { company = node.findString("company"); createdAt = node.findDateTime("created-at"); customFields = node.findMap("custom-fields/*"); @@ -44,6 +49,9 @@ public Customer(NodeWrapper node) { phone = node.findString("phone"); updatedAt = node.findDateTime("updated-at"); website = node.findString("website"); + } + + private void setCustomerNodeWrapperResponses(NodeWrapper node) { creditCards = new ArrayList(); for (NodeWrapper creditCardResponse : node.findAll("credit-cards/credit-card")) { creditCards.add(new CreditCard(creditCardResponse)); From 741e351ff48b8af9ff3fa068351e0206b594be07 Mon Sep 17 00:00:00 2001 From: Shaik Saifuddin Date: Thu, 6 Apr 2023 03:47:54 -0300 Subject: [PATCH 4/5] refactored update method in MerchantAccountGateway class - introducing explaining variable refactoring --- src/main/java/com/braintreegateway/MerchantAccountGateway.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/braintreegateway/MerchantAccountGateway.java b/src/main/java/com/braintreegateway/MerchantAccountGateway.java index 833200b6..ce206fae 100644 --- a/src/main/java/com/braintreegateway/MerchantAccountGateway.java +++ b/src/main/java/com/braintreegateway/MerchantAccountGateway.java @@ -37,7 +37,8 @@ public MerchantAccount find(String id) { } public Result update(String id, MerchantAccountRequest request) { - final NodeWrapper response = http.put(configuration.getMerchantPath() + "/merchant_accounts/" + id + "/update_via_api", request); + String updateUrl = "/merchant_accounts/" + id + "/update_via_api"; + final NodeWrapper response = http.put(configuration.getMerchantPath() + updateUrl, request); return new Result(response, MerchantAccount.class); } From 762b7abb69ace713599002a02e0a145b340c41fb Mon Sep 17 00:00:00 2001 From: Shaik Saifuddin Date: Thu, 6 Apr 2023 19:27:38 -0300 Subject: [PATCH 5/5] created a new class to remove the duplicate code from Sha1 and Sha256 Hasher classes - pull up method refactoring --- .../com/braintreegateway/util/Hasher.java | 4 +- .../com/braintreegateway/util/Sha1Hasher.java | 26 +----------- .../braintreegateway/util/Sha256Hasher.java | 26 +----------- .../braintreegateway/util/ShaTypeHasher.java | 41 +++++++++++++++++++ .../util/SignatureService.java | 7 +++- 5 files changed, 53 insertions(+), 51 deletions(-) create mode 100644 src/main/java/com/braintreegateway/util/ShaTypeHasher.java diff --git a/src/main/java/com/braintreegateway/util/Hasher.java b/src/main/java/com/braintreegateway/util/Hasher.java index 3f2784b2..ad6eb9fb 100644 --- a/src/main/java/com/braintreegateway/util/Hasher.java +++ b/src/main/java/com/braintreegateway/util/Hasher.java @@ -2,6 +2,8 @@ public interface Hasher { - public String hmacHash(String privateKey, String content); + public String hmacHash(String privateKey, String content, String shaAlgorithm); + + public byte[] shaTypeBytes(String string, String shaAlgorithm); } diff --git a/src/main/java/com/braintreegateway/util/Sha1Hasher.java b/src/main/java/com/braintreegateway/util/Sha1Hasher.java index d465901c..0715786a 100644 --- a/src/main/java/com/braintreegateway/util/Sha1Hasher.java +++ b/src/main/java/com/braintreegateway/util/Sha1Hasher.java @@ -5,30 +5,8 @@ import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; -public class Sha1Hasher implements Hasher { +public class Sha1Hasher extends ShaTypeHasher { public String hmacHash(String privateKey, String content) { - String hash = ""; - try { - SecretKeySpec signingKey = new SecretKeySpec(sha1Bytes(privateKey), "SHA1"); - Mac mac = Mac.getInstance("HmacSHA1"); - mac.init(signingKey); - - byte[] rawMac = mac.doFinal(content.getBytes("UTF-8")); - byte[] hexBytes = new Hex().encode(rawMac); - hash = new String(hexBytes, "ISO-8859-1"); - } catch (Exception e) { - throw new RuntimeException(e); - } - return hash; - } - - private byte[] sha1Bytes(String string) { - try { - MessageDigest md = MessageDigest.getInstance("SHA1"); - md.update(string.getBytes("UTF-8")); - return md.digest(); - } catch (Exception e) { - throw new RuntimeException(e); - } + return super.hmacHash(privateKey, content, "SHA1"); } } diff --git a/src/main/java/com/braintreegateway/util/Sha256Hasher.java b/src/main/java/com/braintreegateway/util/Sha256Hasher.java index 91a80d54..6c1d957c 100644 --- a/src/main/java/com/braintreegateway/util/Sha256Hasher.java +++ b/src/main/java/com/braintreegateway/util/Sha256Hasher.java @@ -5,31 +5,9 @@ import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; -public class Sha256Hasher implements Hasher { +public class Sha256Hasher extends ShaTypeHasher { public String hmacHash(String privateKey, String content) { - String hash = ""; - try { - SecretKeySpec signingKey = new SecretKeySpec(sha256Bytes(privateKey), "SHA-256"); - Mac mac = Mac.getInstance("HmacSHA256"); - mac.init(signingKey); - - byte[] rawMac = mac.doFinal(content.getBytes("UTF-8")); - byte[] hexBytes = new Hex().encode(rawMac); - hash = new String(hexBytes, "ISO-8859-1"); - } catch (Exception e) { - throw new RuntimeException(e); - } - return hash; - } - - private byte[] sha256Bytes(String string) { - try { - MessageDigest md = MessageDigest.getInstance("SHA-256"); - md.update(string.getBytes("UTF-8")); - return md.digest(); - } catch (Exception e) { - throw new RuntimeException(e); - } + return super.hmacHash(privateKey, content, "SHA-256"); } } diff --git a/src/main/java/com/braintreegateway/util/ShaTypeHasher.java b/src/main/java/com/braintreegateway/util/ShaTypeHasher.java new file mode 100644 index 00000000..2b0e254c --- /dev/null +++ b/src/main/java/com/braintreegateway/util/ShaTypeHasher.java @@ -0,0 +1,41 @@ +package com.braintreegateway.util; + +import com.braintreegateway.org.apache.commons.codec.binary.Hex; + +import javax.crypto.Mac; +import javax.crypto.spec.SecretKeySpec; +import java.security.MessageDigest; + +public class ShaTypeHasher implements Hasher{ + public String hmacHash(String privateKey, String content, String shaAlgorithm) { + String hash = ""; + try { + SecretKeySpec signingKey = new SecretKeySpec(shaTypeBytes(privateKey, shaAlgorithm), shaAlgorithm); + String macShaInstance = ""; + if(shaAlgorithm.equals("SHA1")) { + macShaInstance = "HmacSHA1"; + } else { + macShaInstance = "HmacSHA256"; + } + Mac mac = Mac.getInstance(macShaInstance); + mac.init(signingKey); + + byte[] rawMac = mac.doFinal(content.getBytes("UTF-8")); + byte[] hexBytes = new Hex().encode(rawMac); + hash = new String(hexBytes, "ISO-8859-1"); + } catch (Exception e) { + throw new RuntimeException(e); + } + return hash; + } + + public byte[] shaTypeBytes(String string, String shaAlgorithm) { + try { + MessageDigest md = MessageDigest.getInstance(shaAlgorithm); + md.update(string.getBytes("UTF-8")); + return md.digest(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } +} diff --git a/src/main/java/com/braintreegateway/util/SignatureService.java b/src/main/java/com/braintreegateway/util/SignatureService.java index e9782ea3..648c3ab7 100644 --- a/src/main/java/com/braintreegateway/util/SignatureService.java +++ b/src/main/java/com/braintreegateway/util/SignatureService.java @@ -4,9 +4,12 @@ public class SignatureService { private final String key; private final Hasher hasher; - public SignatureService(String key, Hasher hasher) { + private final String shaAlgorithm; + + public SignatureService(String key, Hasher hasher, String shaAlgorithm) { this.key = key; this.hasher = hasher; + this.shaAlgorithm = shaAlgorithm; } public String sign(String query) { @@ -14,6 +17,6 @@ public String sign(String query) { } private String hash(String string) { - return hasher.hmacHash(key, string); + return hasher.hmacHash(key, string, shaAlgorithm); } }