Version 6.0.0-RC2-v2.1-24.2.00.00 release (#285)

Co-authored-by: root <[email protected]>

CHANGELOG.md

@@ -1,6 +1,11 @@
 # DocuSign Java Client Changelog
 See [DocuSign Support Center](https://support.docusign.com/en/releasenotes/) for Product Release Notes.
 
+## [v6.0.0-RC2] - eSignature API v2.1-24.2.00.00 - 2024-07-12
+### Changed
+- Deprecation of OLTU library: The OLTU library for handling OAuth is no longer used.
+- Upgradation of OWASP for vulnerability check of dependencies.
+- Updated the SDK release version.
 ## [v6.0.0-RC1] - eSignature API v2.1-24.2.00.00 - 2024-06-28
 ### Changed
 - Added support for version v2.1-24.2.00.00 of the DocuSign ESignature API.

README.md

@@ -57,7 +57,7 @@ This client SDK is provided as open source, which enables you to customize its f
     <dependency>
       <groupId>com.docusign</groupId>
       <artifactId>docusign-esign-java</artifactId>
-      <version>6.0.0-RC1</version>
+      <version>6.0.0-RC2</version>
     </dependency>
     ```
 8. If your project is still open, restart Eclipse.
@@ -71,7 +71,6 @@ This client has the following external dependencies:
 *   org.glassfish.jersey.media:jersey-media-json-jackson:3.1.6
 *   org.glassfish.jersey.inject:jersey-hk2:3.1.6
 *   com.fasterxml.jackson.jakarta.rs:jackson-jakarta-rs-base:2.14.2
-*   org.apache.oltu.oauth2:org.apache.oltu.oauth2.client:1.0.2
 *   com.auth0:java-jwt:3.4.1
 *   org.bouncycastle:bcprov-jdk18on:1.78.1
 *   com.fasterxml.jackson.dataformat:jackson-dataformat-csv:2.14.2

pom.xml

@@ -5,7 +5,7 @@
     <artifactId>docusign-esign-java</artifactId>
     <packaging>jar</packaging>
     <name>docusign-esign-java</name>
-    <version>6.0.0-RC1</version>
+    <version>6.0.0-RC2</version>
     <url>https://developers.docusign.com</url>
     <description>The official DocuSign eSignature JAVA client is based on version 2.1 of the DocuSign REST API and provides libraries for JAVA application integration. It is recommended that you use this version of the library for new development.</description>
 
@@ -230,7 +230,7 @@
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>9.2.0</version>
+                <version>10.0.2</version>
                 <configuration>
                     <failBuildOnCVSS>8</failBuildOnCVSS>
                 </configuration>
@@ -356,11 +356,6 @@
             <artifactId>jackson-jakarta-rs-base</artifactId>
             <version>${jackson-version}</version>
         </dependency>
-        <dependency>
-            <groupId>org.apache.oltu.oauth2</groupId>
-            <artifactId>org.apache.oltu.oauth2.client</artifactId>
-            <version>${oltu-version}</version>
-        </dependency>
         <!-- JWT signing and verifying -->
         <dependency>
             <groupId>com.auth0</groupId>
@@ -429,6 +424,5 @@
             <jersey-version>3.1.6</jersey-version>
         <jackson-version>2.14.2</jackson-version>
         <junit-version>4.13.1</junit-version>
-        <oltu-version>1.0.2</oltu-version>
     </properties>
 </project>

src/main/java/com/docusign/esign/client/ApiClient.java

@@ -9,10 +9,6 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.dataformat.csv.CsvMapper;
 import com.fasterxml.jackson.dataformat.csv.CsvSchema;
-import com.migcomponents.migbase64.Base64;
-import org.apache.oltu.oauth2.client.request.OAuthClientRequest.AuthenticationRequestBuilder;
-import org.apache.oltu.oauth2.client.request.OAuthClientRequest.TokenRequestBuilder;
-import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
 import org.glassfish.jersey.client.ClientConfig;
 import org.glassfish.jersey.client.ClientProperties;
 import org.glassfish.jersey.client.HttpUrlConnectorProvider;
@@ -34,6 +30,7 @@
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.net.*;
+import java.nio.charset.StandardCharsets;
 
 import java.nio.file.Files;
 import java.nio.file.StandardCopyOption;
@@ -84,6 +81,8 @@ public class ApiClient {
   protected DateFormat dateFormat;
   private SSLContext sslContext = null;
 
+  private final String HTTPS = "https://";
+
  /**
   * ApiClient constructor.
   *
@@ -96,11 +95,11 @@ public ApiClient() {
     String javaVersion = System.getProperty("java.version");
 
     // Set default User-Agent.
-    setUserAgent("Swagger-Codegen/v2.1/6.0.0-RC1/Java/" + javaVersion);
+    setUserAgent("Swagger-Codegen/v2.1/6.0.0-RC2/Java/" + javaVersion);
 
     // Setup authentications (key: authentication name, value: authentication).
     authentications = new HashMap<String, Authentication>();
-    authentications.put("docusignAccessCode", new OAuth());
+    authentications.put("docusignAccessCode", new OAuth(httpClient));
 
     // Derive the OAuth base path from the Rest API base url
     this.deriveOAuthBasePathFromRestBasePath();
@@ -138,7 +137,7 @@ public ApiClient(String oAuthBasePath, String[] authNames) {
     for(String authName : authNames) {
       Authentication auth;
       if ("docusignAccessCode".equals(authName)) {
-        auth = new OAuth(httpClient, OAuthFlow.accessCode, oAuthBasePath + "/oauth/auth", oAuthBasePath + "/oauth/token", "all");
+        auth = new OAuth(httpClient, OAuthFlow.accessCode, HTTPS + oAuthBasePath + "/oauth/auth", HTTPS + oAuthBasePath + "/oauth/token", "all");
       } else if ("docusignApiKey".equals(authName)) {
         auth = new ApiKeyAuth("header", "docusignApiKey");
       } else {
@@ -166,9 +165,11 @@ public ApiClient(String oAuthBasePath, String authName) {
    */
   public ApiClient(String oAuthBasePath, String authName, String clientId, String secret) {
      this(oAuthBasePath, authName);
-     this.getTokenEndPoint()
-            .setClientId(clientId)
-            .setClientSecret(secret);
+      Authentication auth = authentications.get(authName);
+      if (auth instanceof OAuth) {
+          ((OAuth) auth).setClientId(clientId);
+          ((OAuth) auth).setClientSecret(secret);
+      }
   }
 
   /**
@@ -378,7 +379,7 @@ public void setAccessToken(final String accessToken, final Long expiresIn) {
         return;
       }
     }
-    OAuth oAuth = new OAuth(null, null, null);
+    OAuth oAuth = new OAuth();
     oAuth.setAccessToken(accessToken, expiresIn);
     addAuthorization("docusignAccessCode", oAuth);
   }
@@ -523,35 +524,6 @@ public ApiClient setDateFormat(DateFormat dateFormat) {
     return this;
   }
 
-  /**
-   * Helper method to configure the token endpoint of the first oauth found in the authentications (there should be only one).
-   * @return
-   */
-  public TokenRequestBuilder getTokenEndPoint() {
-    for(Authentication auth : getAuthentications().values()) {
-      if (auth instanceof OAuth) {
-        OAuth oauth = (OAuth) auth;
-        return oauth.getTokenRequestBuilder();
-      }
-    }
-    return null;
-  }
-
-
-  /**
-    * Helper method to configure authorization endpoint of the first oauth found in the authentications (there should be only one).
-    * @return
-    */
-  public AuthenticationRequestBuilder getAuthorizationEndPoint() {
-    for(Authentication auth : authentications.values()) {
-     if (auth instanceof OAuth) {
-        OAuth oauth = (OAuth) auth;
-        return oauth.getAuthenticationRequestBuilder();
-      }
-    }
-    return null;
-  }
-
   /**
    * Helper method to configure the OAuth accessCode/implicit flow parameters.
    * @param clientId OAuth2 client ID
@@ -562,20 +534,22 @@ public void configureAuthorizationFlow(String clientId, String clientSecret, Str
     for(Authentication auth : authentications.values()) {
       if (auth instanceof OAuth) {
         OAuth oauth = (OAuth) auth;
-        oauth.getTokenRequestBuilder()
-              .setClientId(clientId)
-              .setClientSecret(clientSecret)
-              .setRedirectURI(redirectURI);
-        oauth.getAuthenticationRequestBuilder()
-              .setClientId(clientId)
-              .setRedirectURI(redirectURI);
+        ((OAuth) auth).setClientId(clientId);
+        ((OAuth) auth).setClientSecret(clientSecret);
+        ((OAuth) auth).setRedirectURI(redirectURI);
         return;
       }
     }
   }
 
-  public String getAuthorizationUri() throws OAuthSystemException {
-  	return getAuthorizationEndPoint().buildQueryMessage().getLocationUri();
+  public String getAuthorizationUri() {
+    for(Authentication auth : authentications.values()) {
+        if (auth instanceof OAuth) {
+            OAuth oauth = (OAuth) auth;
+            return oauth.getAuthorizationUrl();
+        }
+    }
+    return null;
   }
 
   /**
@@ -677,7 +651,7 @@ public OAuth.OAuthToken generateAccessToken(String clientId, String clientSecret
 
       Invocation.Builder invocationBuilder = target.request();
       invocationBuilder = invocationBuilder
-              .header("Authorization", "Basic " + Base64.encodeToString(clientStr.getBytes("UTF-8"), false))
+              .header("Authorization", "Basic " + Base64.getEncoder().encodeToString(clientStr.getBytes(StandardCharsets.UTF_8)))
               .header("Cache-Control", "no-store")
               .header("Pragma", "no-cache");
 

src/main/java/com/docusign/esign/client/auth/AccessTokenListener.java

@@ -1,7 +1,7 @@
 package com.docusign.esign.client.auth;
 
-import org.apache.oltu.oauth2.common.token.BasicOAuthToken;
+import com.docusign.esign.client.auth.OAuth.OAuthToken;
 
 public interface AccessTokenListener {
-  void notify(BasicOAuthToken token);
-}
+  void notify(OAuthToken token);
+}