Move off deprecated Base64Utils.

Closes gh-874

Author: mp911de

spring-vault-core/src/main/java/org/springframework/vault/authentication/AwsIamAuthentication.java

@@ -16,6 +16,7 @@
 package org.springframework.vault.authentication;
 
 import java.io.ByteArrayInputStream;
+import java.util.Base64;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.LinkedHashMap;
@@ -37,7 +38,6 @@
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.util.Assert;
-import org.springframework.util.Base64Utils;
 import org.springframework.util.ObjectUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.vault.VaultException;
@@ -80,7 +80,8 @@ public class AwsIamAuthentication implements ClientAuthentication, Authenticatio
 
 	private static final String REQUEST_BODY = "Action=GetCallerIdentity&Version=2011-06-15";
 
-	private static final String REQUEST_BODY_BASE64_ENCODED = Base64Utils.encodeToString(REQUEST_BODY.getBytes());
+	private static final String REQUEST_BODY_BASE64_ENCODED = Base64.getEncoder()
+		.encodeToString(REQUEST_BODY.getBytes());
 
 	private final AwsIamAuthenticationOptions options;
 
@@ -195,12 +196,13 @@ private static Map<String, String> createRequestBody(AwsIamAuthenticationOptions
 		Map<String, String> login = new HashMap<>();
 
 		login.put("iam_http_request_method", "POST");
-		login.put("iam_request_url", Base64Utils.encodeToString(options.getEndpointUri().toString().getBytes()));
+		login.put("iam_request_url",
+				Base64.getEncoder().encodeToString(options.getEndpointUri().toString().getBytes()));
 		login.put("iam_request_body", REQUEST_BODY_BASE64_ENCODED);
 
 		String headerJson = getSignedHeaders(options, credentials, region);
 
-		login.put("iam_request_headers", Base64Utils.encodeToString(headerJson.getBytes()));
+		login.put("iam_request_headers", Base64.getEncoder().encodeToString(headerJson.getBytes()));
 
 		if (!ObjectUtils.isEmpty(options.getRole())) {
 			login.put("role", options.getRole());

spring-vault-core/src/main/java/org/springframework/vault/authentication/PcfAuthentication.java

@@ -20,6 +20,7 @@
 import java.time.Clock;
 import java.time.LocalDateTime;
 import java.time.format.DateTimeFormatter;
+import java.util.Base64;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -32,7 +33,6 @@
 import org.bouncycastle.crypto.signers.PSSSigner;
 
 import org.springframework.util.Assert;
-import org.springframework.util.Base64Utils;
 import org.springframework.vault.VaultException;
 import org.springframework.vault.support.PemObject;
 import org.springframework.vault.support.VaultResponse;
@@ -165,7 +165,8 @@ private static String doSign(byte[] message, String instanceKeyPem) throws Crypt
 		signer.update(message, 0, message.length);
 
 		byte[] signature = signer.generateSignature();
-		return Base64Utils.encodeToUrlSafeString(signature);
+
+		return Base64.getUrlEncoder().encodeToString(signature);
 	}
 
 }

spring-vault-core/src/main/java/org/springframework/vault/core/VaultTransformTemplate.java

@@ -16,13 +16,13 @@
 package org.springframework.vault.core;
 
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 
 import org.springframework.util.Assert;
-import org.springframework.util.Base64Utils;
 import org.springframework.util.ObjectUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.vault.VaultException;
@@ -180,7 +180,7 @@ private static void applyTransformOptions(VaultTransformContext context, Map<Str
 		}
 
 		if (!ObjectUtils.isEmpty(context.getTweak())) {
-			request.put("tweak", Base64Utils.encodeToString(context.getTweak()));
+			request.put("tweak", Base64.getEncoder().encodeToString(context.getTweak()));
 		}
 	}
 
@@ -260,7 +260,7 @@ private static TransformCiphertext toCiphertext(Map<String, ?> data, VaultTransf
 
 		VaultTransformContext contextToUse = context;
 		if (data.containsKey("tweak")) {
-			byte[] tweak = Base64Utils.decodeFromString((String) data.get("tweak"));
+			byte[] tweak = Base64.getDecoder().decode((String) data.get("tweak"));
 			contextToUse = VaultTransformContext.builder()
 				.transformation(context.getTransformation())
 				.tweak(tweak)

spring-vault-core/src/main/java/org/springframework/vault/security/VaultBytesKeyGenerator.java

@@ -15,11 +15,11 @@
  */
 package org.springframework.vault.security;
 
+import java.util.Base64;
 import java.util.Collections;
 
 import org.springframework.security.crypto.keygen.BytesKeyGenerator;
 import org.springframework.util.Assert;
-import org.springframework.util.Base64Utils;
 import org.springframework.vault.core.VaultOperations;
 import org.springframework.vault.support.VaultResponse;
 
@@ -82,7 +82,7 @@ public byte[] generateKey() {
 				Collections.singletonMap("format", "base64"));
 
 		String randomBytes = (String) response.getRequiredData().get("random_bytes");
-		return Base64Utils.decodeFromString(randomBytes);
+		return Base64.getDecoder().decode(randomBytes);
 	}
 
 }

spring-vault-core/src/main/java/org/springframework/vault/support/Certificate.java

@@ -22,13 +22,13 @@
 import java.security.cert.X509Certificate;
 import java.time.Instant;
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.List;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 
 import org.springframework.lang.Nullable;
 import org.springframework.util.Assert;
-import org.springframework.util.Base64Utils;
 import org.springframework.vault.VaultException;
 
 /**
@@ -227,7 +227,7 @@ static List<X509Certificate> getCertificates(String certificates) throws Certifi
 			}
 		}
 		else {
-			result.addAll(KeystoreUtil.getCertificates(Base64Utils.decodeFromString(certificates)));
+			result.addAll(KeystoreUtil.getCertificates(Base64.getDecoder().decode(certificates)));
 		}
 
 		return result;

spring-vault-core/src/main/java/org/springframework/vault/support/CertificateBundle.java

@@ -21,6 +21,7 @@
 import java.security.cert.X509Certificate;
 import java.security.spec.KeySpec;
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.Collections;
 import java.util.List;
 import java.util.Locale;
@@ -30,7 +31,6 @@
 
 import org.springframework.lang.Nullable;
 import org.springframework.util.Assert;
-import org.springframework.util.Base64Utils;
 import org.springframework.vault.VaultException;
 
 /**
@@ -319,7 +319,7 @@ private static KeySpec getPrivateKey(String privateKey, String keyType)
 			throw new IllegalArgumentException("No private key found in PEM-encoded key spec");
 		}
 
-		return getPrivateKey(Base64Utils.decodeFromString(privateKey), keyType);
+		return getPrivateKey(Base64.getDecoder().decode(privateKey), keyType);
 	}
 
 	private static KeySpec getPrivateKey(byte[] privateKey, String keyType)

spring-vault-core/src/main/java/org/springframework/vault/support/PemObject.java

@@ -24,14 +24,14 @@
 import java.security.spec.RSAPrivateCrtKeySpec;
 import java.security.spec.RSAPublicKeySpec;
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.Collections;
 import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 import org.springframework.lang.Nullable;
 import org.springframework.util.Assert;
-import org.springframework.util.Base64Utils;
 
 /**
  * Represents a PEM object that is internally decoded to a DER object. Typically, used to
@@ -56,7 +56,7 @@ private PemObject(PemObjectType objectType, String content) {
 
 		this.objectType = objectType;
 		String sanitized = content.replaceAll("\r", "").replaceAll("\n", "");
-		this.content = Base64Utils.decodeFromString(sanitized);
+		this.content = Base64.getDecoder().decode(sanitized);
 	}
 
 	/**

spring-vault-core/src/main/java/org/springframework/vault/support/PlaintextToBase64StringConverter.java

@@ -16,7 +16,6 @@
 package org.springframework.vault.support;
 
 import com.fasterxml.jackson.databind.util.StdConverter;
-import org.springframework.util.Base64Utils;
 
 import java.util.Base64;
 

spring-vault-core/src/test/java/org/springframework/vault/core/VaultTemplateTransformIntegrationTests.java

@@ -24,7 +24,6 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
-import org.springframework.util.Base64Utils;
 import org.springframework.vault.support.VaultMount;
 import org.springframework.vault.support.VaultResponse;
 import org.springframework.vault.util.IntegrationTestSupport;
@@ -33,6 +32,8 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 
+import java.util.Base64;
+
 /**
  * Integration tests for {@link VaultTemplate} using the {@code transform} backend.
  *
@@ -77,8 +78,9 @@ void tearDown() {
 	@Test
 	void shouldEncode() {
 
-		VaultResponse response = this.vaultOperations.write("transform/encode/myrole", String.format(
-				"{\"value\": \"123-45-6789\", \"tweak\": \"%s\"}", Base64Utils.encodeToString("somenum".getBytes())));
+		VaultResponse response = this.vaultOperations.write("transform/encode/myrole",
+				String.format("{\"value\": \"123-45-6789\", \"tweak\": \"%s\"}",
+						Base64.getEncoder().encodeToString("somenum".getBytes())));
 
 		assertThat((String) response.getRequiredData().get("encoded_value")).isNotEmpty();
 	}
@@ -87,12 +89,14 @@ void shouldEncode() {
 	void shouldEncodeAndDecode() {
 
 		String value = "123-45-6789";
-		VaultResponse response = this.vaultOperations.write("transform/encode/myrole", String
-			.format("{\"value\": \"%s\", \"tweak\": \"%s\"}", value, Base64Utils.encodeToString("somenum".getBytes())));
+		VaultResponse response = this.vaultOperations.write("transform/encode/myrole",
+				String.format("{\"value\": \"%s\", \"tweak\": \"%s\"}", value,
+						Base64.getEncoder().encodeToString("somenum".getBytes())));
 
 		String encoded = (String) response.getRequiredData().get("encoded_value");
-		VaultResponse decoded = this.vaultOperations.write("transform/decode/myrole", String.format(
-				"{\"value\": \"%s\", \"tweak\": \"%s\"}", encoded, Base64Utils.encodeToString("somenum".getBytes())));
+		VaultResponse decoded = this.vaultOperations.write("transform/decode/myrole",
+				String.format("{\"value\": \"%s\", \"tweak\": \"%s\"}", encoded,
+						Base64.getEncoder().encodeToString("somenum".getBytes())));
 
 		assertThat((String) decoded.getRequiredData().get("decoded_value")).isEqualTo(value);
 	}

spring-vault-core/src/test/java/org/springframework/vault/core/VaultTemplateTransitIntegrationTests.java

@@ -15,6 +15,7 @@
  */
 package org.springframework.vault.core;
 
+import java.util.Base64;
 import java.util.Collections;
 import java.util.List;
 
@@ -26,7 +27,6 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
-import org.springframework.util.Base64Utils;
 import org.springframework.vault.support.VaultMount;
 import org.springframework.vault.support.VaultResponse;
 import org.springframework.vault.support.VaultTransitKeyConfiguration;
@@ -101,23 +101,23 @@ private void removeKeys() {
 	@Test
 	void shouldEncrypt() {
 
-		VaultResponse response = this.vaultOperations.write("transit/encrypt/mykey",
-				Collections.singletonMap("plaintext", Base64Utils.encodeToString("that message is secret".getBytes())));
+		VaultResponse response = this.vaultOperations.write("transit/encrypt/mykey", Collections
+			.singletonMap("plaintext", Base64.getEncoder().encodeToString("that message is secret".getBytes())));
 
 		assertThat((String) response.getRequiredData().get("ciphertext")).isNotEmpty();
 	}
 
 	@Test
 	void shouldEncryptAndDecrypt() {
 
-		VaultResponse response = this.vaultOperations.write("transit/encrypt/mykey",
-				Collections.singletonMap("plaintext", Base64Utils.encodeToString("that message is secret".getBytes())));
+		VaultResponse response = this.vaultOperations.write("transit/encrypt/mykey", Collections
+			.singletonMap("plaintext", Base64.getEncoder().encodeToString("that message is secret".getBytes())));
 
 		VaultResponse decrypted = this.vaultOperations.write("transit/decrypt/mykey",
 				Collections.singletonMap("ciphertext", response.getRequiredData().get("ciphertext")));
 
 		assertThat((String) decrypted.getRequiredData().get("plaintext"))
-			.isEqualTo(Base64Utils.encodeToString("that message is secret".getBytes()));
+			.isEqualTo(Base64.getEncoder().encodeToString("that message is secret".getBytes()));
 	}
 
 }