Merge pull request #113 from DivyaDosibhatla/future

Future

Author: mahendya1002

README.md

@@ -10,7 +10,7 @@ To install the `cybersource-sdk-java` from central repository, add dependency to
 <dependency>
   <groupId>com.cybersource</groupId>
   <artifactId>cybersource-sdk-java</artifactId>
-  <version>6.2.6</version>
+  <version>6.2.7</version>
 </dependency> 
 ```
 Run `mvn install` to install dependency
@@ -183,6 +183,16 @@ Retry Pattern allows to retry sending a failed request and it will only work wit
 
 ## Changes
 
+Version Cybersource-sdk-java 6.2.7 (MAR,2019)
+_______________________________
+
+1)Fixed security vulnerabilities found in the jar dependencies. 1)xmlsec 2)opensaml 3)bcprov
+xmlsec jar :-upgraded from version 1.4.3 to version 2.0.7
+opensaml jar :- Removed this jar as its not impacting our code base
+bcprov jar :- upgraded from version 1.54 to version 1.61
+
+_______________________________
+
 Version Cybersource-sdk-java 6.2.6 (MAY,2018)
 _______________________________
   1) Added certificateCacheEnabled optional feature. certificateCacheEnabled parameter is set to false (default is true), the p12 certificate of a merchant will be reloaded from filesystem every time a transaction is made.If the certificateCacheEnabled is true then only at the first time certificate of a merchant will loaded from filesystem.

java/pom.xml

@@ -188,7 +188,7 @@
         <dependency>
     		<groupId>org.apache.santuario</groupId>
     		<artifactId>xmlsec</artifactId>
-    		<version>1.4.3</version>
+    		<version>2.0.7</version>
 		</dependency>
         <dependency>
             <groupId>commons-httpclient</groupId>
@@ -204,12 +204,18 @@
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
-            <version>1.54</version>
+            <version>1.61</version>
         </dependency>
         <dependency>
             <groupId>org.apache.ws.security</groupId>
             <artifactId>wss4j</artifactId>
             <version>1.6.19</version>
+	<exclusions>
+                <exclusion>
+                    <groupId>org.opensaml</groupId>
+                    <artifactId>opensaml</artifactId>
+                </exclusion>
+         </exclusions>
         </dependency>     
         <dependency>
             <groupId>org.apache.commons</groupId>

java/src/main/java/com/cybersource/ws/client/Utility.java

@@ -48,7 +48,7 @@ private Utility() {
     /**
      * Version number of this release.
      */
-    public static final String VERSION = "6.2.6";
+    public static final String VERSION = "6.2.7";
 
     /**
      * If in the Request map, a key called "_has_escapes" is present and is set

java/src/test/java/com/cybersource/ws/client/UtilityTest.java

@@ -9,20 +9,20 @@
 import java.io.*;
 import java.net.URL;
 import java.util.*;
+import java.util.stream.Collectors;
 
 public class UtilityTest extends BaseTest {
     String propertiesFilename;
     Properties properties;
 
     @Before
     public void setUp() {
-        URL fileUrl = Thread.currentThread().getContextClassLoader().getResource("test_cybs.properties");
-        String filepath = "";
-        if(fileUrl != null) {
-            propertiesFilename = fileUrl.getFile();
+      InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream("test_cybs.properties");
+        if(is != null) {
+            propertiesFilename = new BufferedReader(new InputStreamReader(is)).lines().collect(Collectors.joining("\n"));
             try {
                 properties = new Properties();
-                properties.load(new FileReader(propertiesFilename));
+                properties.load(is);
             } catch (IOException e) {
                 fail("Unable to load properties file");
             }

pom.xml

@@ -22,7 +22,7 @@
 
     <groupId>com.cybersource</groupId>
     <artifactId>cybersource-sdk-master</artifactId>
-    <version>6.2.7</version>
+    <version>6.2.7-SNAPSHOT</version>
 
 
 </project>

samples/nvp/compileSample.bat

@@ -2,15 +2,15 @@
 
 set LOCAL_CP=
 rem ----------------------------------------------------------------------------
-rem Replace this with cybersource-sdk-java-6.2.6.jar when using Java SDK 1.6 or later.
+rem Replace this with cybersource-sdk-java-6.2.7.jar when using Java SDK 1.6 or later.
 rem If using this scripts outside zip package then give maven clean install. 
 rem This will generate all required dependencies under target/dependencies.These dependencies are used in CLASSPATH.
 rem ----------------------------------------------------------------------------
 
-if exist ../../lib set LOCAL_CP=%LOCAL_CP%;../../lib/cybersource-sdk-java-6.2.6.jar
+if exist ../../lib set LOCAL_CP=%LOCAL_CP%;../../lib/cybersource-sdk-java-6.2.7.jar
 if not exist ../../lib (
 	if not exist target goto error
-	set LOCAL_CP=%LOCAL_CP%;target/dependencies/cybersource-sdk-java-6.2.6.jar
+	set LOCAL_CP=%LOCAL_CP%;target/dependencies/cybersource-sdk-java-6.2.7.jar
 )
 
 if not exist classes mkdir classes

samples/nvp/compileSample.sh

@@ -2,13 +2,13 @@
 
 LOCAL_CP=
 # -----------------------------------------------------------------------------
-# Replace this with cybersource-sdk-java-6.2.6.jar when using Java SDK 1.6 or later.
+# Replace this with cybersource-sdk-java-6.2.7.jar when using Java SDK 1.6 or later.
 # If using this scripts outside zip package then give maven clean install.
 # This will generate all required dependencies under target/dependencies.These dependencies are used in CLASSPATH.
 # -----------------------------------------------------------------------------
 
 if test -d ../../lib
-then LOCAL_CP=$LOCAL_CP:../../lib/cybersource-sdk-java-6.2.6.jar
+then LOCAL_CP=$LOCAL_CP:../../lib/cybersource-sdk-java-6.2.7.jar
 fi
 
 if test ! -d ../../lib
@@ -19,7 +19,7 @@ then
 		echo "Execute maven clean install , This will generate all required dependencies under target/dependencies!!"
 		exit 1
 	fi
-LOCAL_CP=$LOCAL_CP:target/dependencies/cybersource-sdk-java-6.2.6.jar
+LOCAL_CP=$LOCAL_CP:target/dependencies/cybersource-sdk-java-6.2.7.jar
 fi
 
 if test ! -d ./classes

samples/nvp/pom.xml

@@ -7,11 +7,14 @@
     <version>1.0.0</version>
     <name>RunSample</name>
     <url>http://maven.apache.org</url>
+     <properties>
+      <javasdk.version>[6.2.0, 6.2.8-SNAPSHOT]</javasdk.version>
+    </properties>
     <dependencies>
         <dependency>
             <groupId>com.cybersource</groupId>
             <artifactId>cybersource-sdk-java</artifactId>
-            <version>6.2.6</version>
+            <version>${javasdk.version}</version>
         </dependency>
         <dependency>
             <groupId>commons-httpclient</groupId>
@@ -27,12 +30,18 @@
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
-            <version>1.54</version>
+            <version>1.61</version>
         </dependency>
         <dependency>
             <groupId>org.apache.ws.security</groupId>
             <artifactId>wss4j</artifactId>
             <version>1.6.19</version>
+	<exclusions>
+                <exclusion>
+                    <groupId>org.opensaml</groupId>
+                    <artifactId>opensaml</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>

samples/nvp/runSample.bat

@@ -4,7 +4,7 @@ set LOCAL_CP=
 set LOCAL_CP=%LOCAL_CP%;classes
 
 rem ----------------------------------------------------------------------------
-rem Replace cybersource-sdk-java-6.2.6.jar when using Java SDK 1.6 or later.
+rem Replace cybersource-sdk-java-6.2.7.jar when using Java SDK 1.6 or later.
 rem If using this scripts outside zip package then give maven clean install. 
 rem This will generate all required dependencies under target/dependencies.These dependencies are used in CLASSPATH.
 rem ----------------------------------------------------------------------------

samples/nvp/runSample.sh

@@ -4,7 +4,7 @@ LOCAL_CP=
 LOCAL_CP=$LOCAL_CP:./classes
 
 # -----------------------------------------------------------------------------
-# Replace this with cybersource-sdk-java-6.2.6.jar when using Java SDK 1.6 or later.
+# Replace this with cybersource-sdk-java-6.2.7.jar when using Java SDK 1.6 or later.
 # If using this scripts outside zip package then give maven clean install.
 # This will generate all required dependencies under target/dependencies.These dependencies are used in CLASSPATH.
 # -----------------------------------------------------------------------------