From 482b624e4d02857ea10dd76fb35a00c87b9d0379 Mon Sep 17 00:00:00 2001
From: Matthias Ervens <matthias.ervens@gft.com>
Date: Thu, 23 Jun 2022 12:17:02 +0200
Subject: [PATCH 1/2] Updated dependencies (esp. google.zxing) - changed
 filehandling in ZxingPngQrGeneratorTest to work cross platform - enabled
 strict mode for Base32-Decoder (new with commons-codec 1.15, uses lenient by
 default, ie discard remaining bytes)

---
 pom.xml                                       |  2 +-
 totp-spring-boot-starter/pom.xml              | 10 +++---
 totp/pom.xml                                  | 18 +++++------
 .../totp/code/DefaultCodeGenerator.java       |  4 ++-
 .../java/dev/samstevens/totp/IOUtils.java     | 16 ----------
 .../totp/qr/ZxingPngQrGeneratorTest.java      | 31 +++++++++++--------
 6 files changed, 36 insertions(+), 45 deletions(-)
 delete mode 100644 totp/src/test/java/dev/samstevens/totp/IOUtils.java

diff --git a/pom.xml b/pom.xml
index 4c7da9d..91e5af9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
   <groupId>dev.samstevens.totp</groupId>
   <artifactId>totp-parent</artifactId>
   <packaging>pom</packaging>
-  <version>1.7.1</version>
+  <version>1.7.2</version>
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/totp-spring-boot-starter/pom.xml b/totp-spring-boot-starter/pom.xml
index e9bc952..cb8d644 100644
--- a/totp-spring-boot-starter/pom.xml
+++ b/totp-spring-boot-starter/pom.xml
@@ -6,7 +6,7 @@
   <parent>
     <groupId>dev.samstevens.totp</groupId>
     <artifactId>totp-parent</artifactId>
-    <version>1.7.1</version>
+    <version>1.7.2</version>
   </parent>
 
   <name>${project.groupId}:${project.artifactId}</name>
@@ -18,17 +18,17 @@
     <dependency>
       <groupId>${project.groupId}</groupId>
       <artifactId>totp</artifactId>
-      <version>1.7.1</version>
+      <version>1.7.2</version>
     </dependency>
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-autoconfigure</artifactId>
-      <version>2.2.5.RELEASE</version>
+      <version>2.7.0</version>
     </dependency>
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-configuration-processor</artifactId>
-      <version>2.2.5.RELEASE</version>
+      <version>2.7.0</version>
       <optional>true</optional>
     </dependency>
   </dependencies>
@@ -43,7 +43,7 @@
             <annotationProcessorPath>
               <groupId>org.springframework.boot</groupId>
               <artifactId>spring-boot-configuration-processor</artifactId>
-              <version>2.2.5.RELEASE</version>
+              <version>2.7.0</version>
             </annotationProcessorPath>
           </annotationProcessorPaths>
         </configuration>
diff --git a/totp/pom.xml b/totp/pom.xml
index 3f3b915..1e719d2 100644
--- a/totp/pom.xml
+++ b/totp/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <groupId>dev.samstevens.totp</groupId>
         <artifactId>totp-parent</artifactId>
-        <version>1.7.1</version>
+        <version>1.7.2</version>
     </parent>
 
     <artifactId>totp</artifactId>
@@ -17,47 +17,47 @@
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-api</artifactId>
-            <version>5.6.0</version>
+            <version>5.8.2</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-engine</artifactId>
-            <version>5.6.0</version>
+            <version>5.8.2</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-params</artifactId>
-            <version>5.6.0</version>
+            <version>5.8.2</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>3.2.4</version>
+            <version>3.12.4</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>commons-codec</groupId>
             <artifactId>commons-codec</artifactId>
-            <version>1.13</version>
+            <version>1.15</version>
         </dependency>
         <dependency>
             <groupId>commons-net</groupId>
             <artifactId>commons-net</artifactId>
-            <version>3.6</version>
+            <version>3.8.0</version>
             <optional>true</optional>
         </dependency>
         <dependency>
             <groupId>com.google.zxing</groupId>
             <artifactId>core</artifactId>
-            <version>3.4.0</version>
+            <version>3.5.0</version>
         </dependency>
         <dependency>
             <groupId>com.google.zxing</groupId>
             <artifactId>javase</artifactId>
-            <version>3.4.0</version>
+            <version>3.5.0</version>
         </dependency>
     </dependencies>
 </project>
diff --git a/totp/src/main/java/dev/samstevens/totp/code/DefaultCodeGenerator.java b/totp/src/main/java/dev/samstevens/totp/code/DefaultCodeGenerator.java
index e87a69e..a2ff89f 100644
--- a/totp/src/main/java/dev/samstevens/totp/code/DefaultCodeGenerator.java
+++ b/totp/src/main/java/dev/samstevens/totp/code/DefaultCodeGenerator.java
@@ -1,7 +1,9 @@
 package dev.samstevens.totp.code;
 
 import dev.samstevens.totp.exceptions.CodeGenerationException;
+import org.apache.commons.codec.CodecPolicy;
 import org.apache.commons.codec.binary.Base32;
+
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
 import java.security.InvalidKeyException;
@@ -54,7 +56,7 @@ private byte[] generateHash(String key, long counter) throws InvalidKeyException
         }
 
         // Create a HMAC-SHA1 signing key from the shared key
-        Base32 codec = new Base32();
+        Base32 codec = new Base32(0, (byte[]) null, false, (byte) '=', CodecPolicy.STRICT);
         byte[] decodedKey = codec.decode(key);
         SecretKeySpec signKey = new SecretKeySpec(decodedKey, algorithm.getHmacAlgorithm());
         Mac mac = Mac.getInstance(algorithm.getHmacAlgorithm());
diff --git a/totp/src/test/java/dev/samstevens/totp/IOUtils.java b/totp/src/test/java/dev/samstevens/totp/IOUtils.java
deleted file mode 100644
index 1562b59..0000000
--- a/totp/src/test/java/dev/samstevens/totp/IOUtils.java
+++ /dev/null
@@ -1,16 +0,0 @@
-package dev.samstevens.totp;
-
-import java.io.FileOutputStream;
-import java.io.IOException;
-
-public class IOUtils {
-
-    /**
-     * Helper method to write data to a file.
-     */
-    public static void writeFile(byte[] contents, String filePath) throws IOException {
-        try (FileOutputStream stream = new FileOutputStream(filePath)) {
-            stream.write(contents);
-        }
-    }
-}
diff --git a/totp/src/test/java/dev/samstevens/totp/qr/ZxingPngQrGeneratorTest.java b/totp/src/test/java/dev/samstevens/totp/qr/ZxingPngQrGeneratorTest.java
index 88dc5d0..22fada0 100644
--- a/totp/src/test/java/dev/samstevens/totp/qr/ZxingPngQrGeneratorTest.java
+++ b/totp/src/test/java/dev/samstevens/totp/qr/ZxingPngQrGeneratorTest.java
@@ -4,12 +4,16 @@
 import com.google.zxing.WriterException;
 import dev.samstevens.totp.exceptions.QrGenerationException;
 import org.junit.jupiter.api.Test;
+
 import javax.imageio.ImageIO;
 import java.awt.image.BufferedImage;
-import java.io.File;
 import java.io.IOException;
-import static dev.samstevens.totp.IOUtils.*;
-import static org.junit.jupiter.api.Assertions.*;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.mockito.ArgumentMatchers.*;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
@@ -28,7 +32,7 @@ public void testSomething() throws QrGenerationException, IOException {
                 .period(30)
                 .build();
 
-        writeFile(generator.generate(data), "./test_qr.png");
+        Files.write(Paths.get("./test_qr.png"), generator.generate(data));
     }
 
     @Test
@@ -43,17 +47,18 @@ public void testImageSize() throws QrGenerationException, IOException {
         byte[] data = generator.generate(getData());
 
         // Write the data to a temp file and read it into a BufferedImage to get the dimensions
-        String filename = "/tmp/test_qr.png";
-        writeFile(data, filename);
-        File file = new File(filename);
-        BufferedImage image = ImageIO.read(file);
 
-        assertEquals(500, generator.getImageSize());
-        assertEquals(500, image.getWidth());
-        assertEquals(500, image.getHeight());
+        final Path filepath = Files.createTempFile("test_qr", ".png");
+        try {
+            Files.write(filepath, data);
+            BufferedImage image = ImageIO.read(filepath.toFile());
 
-        // Delete the temp file
-        file.delete();
+            assertEquals(500, generator.getImageSize());
+            assertEquals(500, image.getWidth());
+            assertEquals(500, image.getHeight());
+        } finally {
+            filepath.toFile().delete();
+        }
     }
 
     @Test

From b2524de0e07ad1bfab98472a7139e2f434912786 Mon Sep 17 00:00:00 2001
From: Matthias Ervens <matthias.ervens@gft.com>
Date: Tue, 24 Jan 2023 10:12:07 +0100
Subject: [PATCH 2/2] Updated dependencies (Spring 2.7.8, ..)

---
 pom.xml                                            | 14 +++++++++-----
 totp-spring-boot-starter/pom.xml                   |  6 +++---
 totp/pom.xml                                       | 14 +++++++-------
 .../samstevens/totp/code/DefaultCodeGenerator.java |  2 +-
 4 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/pom.xml b/pom.xml
index 91e5af9..c2f9030 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
-  <groupId>dev.samstevens.totp</groupId>
+  <groupId>com.github.moddx.totp</groupId>
   <artifactId>totp-parent</artifactId>
   <packaging>pom</packaging>
   <version>1.7.2</version>
@@ -22,12 +22,16 @@
       <email>samdjstevens@googlemail.com</email>
       <organizationUrl>https://github.com/samdjstevens</organizationUrl>
     </developer>
+      <developer>
+          <name>moddx</name>
+          <organizationUrl>https://github.com/moddx</organizationUrl>
+      </developer>
   </developers>
 
   <scm>
-    <developerConnection>scm:git:git@github.com:samdjstevens/java-totp.git</developerConnection>
-    <tag>totp-1.7.1</tag>
-    <url>https://github.com/samdjstevens/java-totp</url>
+    <developerConnection>scm:git:git@github.com:moddx/java-totp.git</developerConnection>
+    <tag>totp-1.7.2</tag>
+    <url>https://github.com/moddx/java-totp</url>
   </scm>
 
   <licenses>
@@ -157,7 +161,7 @@
           <executions>
               <execution>
                   <id>sign-artifacts</id>
-                  <phase>verify</phase>
+                  <phase>deploy</phase>
                   <goals>
                       <goal>sign</goal>
                   </goals>
diff --git a/totp-spring-boot-starter/pom.xml b/totp-spring-boot-starter/pom.xml
index cb8d644..536c8f2 100644
--- a/totp-spring-boot-starter/pom.xml
+++ b/totp-spring-boot-starter/pom.xml
@@ -23,12 +23,12 @@
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-autoconfigure</artifactId>
-      <version>2.7.0</version>
+      <version>2.7.8</version>
     </dependency>
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-configuration-processor</artifactId>
-      <version>2.7.0</version>
+      <version>2.7.8</version>
       <optional>true</optional>
     </dependency>
   </dependencies>
@@ -43,7 +43,7 @@
             <annotationProcessorPath>
               <groupId>org.springframework.boot</groupId>
               <artifactId>spring-boot-configuration-processor</artifactId>
-              <version>2.7.0</version>
+              <version>2.7.8</version>
             </annotationProcessorPath>
           </annotationProcessorPaths>
         </configuration>
diff --git a/totp/pom.xml b/totp/pom.xml
index 1e719d2..bc2bb93 100644
--- a/totp/pom.xml
+++ b/totp/pom.xml
@@ -17,25 +17,25 @@
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-api</artifactId>
-            <version>5.8.2</version>
+            <version>5.9.2</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-engine</artifactId>
-            <version>5.8.2</version>
+            <version>5.9.2</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-params</artifactId>
-            <version>5.8.2</version>
+            <version>5.9.2</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>3.12.4</version>
+            <version>5.0.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -46,18 +46,18 @@
         <dependency>
             <groupId>commons-net</groupId>
             <artifactId>commons-net</artifactId>
-            <version>3.8.0</version>
+            <version>3.9.0</version>
             <optional>true</optional>
         </dependency>
         <dependency>
             <groupId>com.google.zxing</groupId>
             <artifactId>core</artifactId>
-            <version>3.5.0</version>
+            <version>3.5.1</version>
         </dependency>
         <dependency>
             <groupId>com.google.zxing</groupId>
             <artifactId>javase</artifactId>
-            <version>3.5.0</version>
+            <version>3.5.1</version>
         </dependency>
     </dependencies>
 </project>
diff --git a/totp/src/main/java/dev/samstevens/totp/code/DefaultCodeGenerator.java b/totp/src/main/java/dev/samstevens/totp/code/DefaultCodeGenerator.java
index a2ff89f..c2760f6 100644
--- a/totp/src/main/java/dev/samstevens/totp/code/DefaultCodeGenerator.java
+++ b/totp/src/main/java/dev/samstevens/totp/code/DefaultCodeGenerator.java
@@ -56,7 +56,7 @@ private byte[] generateHash(String key, long counter) throws InvalidKeyException
         }
 
         // Create a HMAC-SHA1 signing key from the shared key
-        Base32 codec = new Base32(0, (byte[]) null, false, (byte) '=', CodecPolicy.STRICT);
+        Base32 codec = new Base32(0, null, false, (byte) '=', CodecPolicy.STRICT);
         byte[] decodedKey = codec.decode(key);
         SecretKeySpec signKey = new SecretKeySpec(decodedKey, algorithm.getHmacAlgorithm());
         Mac mac = Mac.getInstance(algorithm.getHmacAlgorithm());