fixing the security issues

pom.xml

@@ -13,10 +13,9 @@
     <name>client-encryption</name>
 
     <properties>
-        <okhttp2-version>2.7.5</okhttp2-version>
         <okhttp3-version>4.12.0</okhttp3-version>
-        <google-api-client-version>2.3.0</google-api-client-version>
-        <feign-version>9.7.0</feign-version>
+        <google-api-client-version>2.4.0</google-api-client-version>
+        <feign-version>13.2.1</feign-version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <gpg.signature.skip>false</gpg.signature.skip>
     </properties>
@@ -69,13 +68,6 @@
             <scope>provided</scope>
         </dependency>
 
-        <dependency>
-            <groupId>com.squareup.okhttp</groupId>
-            <artifactId>okhttp</artifactId>
-            <version>${okhttp2-version}</version>
-            <scope>provided</scope>
-        </dependency>
-
         <dependency>
             <groupId>com.google.api-client</groupId>
             <artifactId>google-api-client</artifactId>

src/main/java/com/mastercard/developer/interceptors/OkHttp2EncryptionInterceptor.java

@@ -2,11 +2,11 @@
 
 import com.mastercard.developer.encryption.EncryptionConfig;
 import com.mastercard.developer.encryption.EncryptionException;
-import com.squareup.okhttp.Request;
-import com.squareup.okhttp.RequestBody;
-import com.squareup.okhttp.Response;
-import com.squareup.okhttp.ResponseBody;
-import com.squareup.okhttp.Interceptor;
+import okhttp3.Request;
+import okhttp3.RequestBody;
+import okhttp3.Response;
+import okhttp3.ResponseBody;
+import okhttp3.Interceptor;
 import okio.Buffer;
 import java.io.IOException;
 import static com.mastercard.developer.utils.StringUtils.isNullOrEmpty;
@@ -15,7 +15,7 @@ public abstract class OkHttp2EncryptionInterceptor implements Interceptor {
 
     protected abstract String encryptPayload(Request request, Request.Builder newBuilder, String requestPayload) throws EncryptionException;
 
-    protected abstract String decryptPayload(com.squareup.okhttp.Response response, com.squareup.okhttp.Response.Builder newBuilder, String responsePayload) throws EncryptionException;
+    protected abstract String decryptPayload(Response response, Response.Builder newBuilder, String responsePayload) throws EncryptionException;
 
     public static OkHttp2EncryptionInterceptor from(EncryptionConfig config) {
         return config.getScheme().equals(EncryptionConfig.Scheme.JWE) ? new OkHttp2JweInterceptor(config) : new OkHttp2FieldLevelEncryptionInterceptor(config);
@@ -89,4 +89,5 @@ private Response handleResponse(Response response) throws IOException {
             throw new IOException("Failed to intercept and decrypt response!", e);
         }
     }
+
 }

src/main/java/com/mastercard/developer/interceptors/OkHttp2FieldLevelEncryptionInterceptor.java

@@ -1,7 +1,9 @@
 package com.mastercard.developer.interceptors;
 
 import com.mastercard.developer.encryption.*;
-import com.squareup.okhttp.*;
+import okhttp3.Request;
+import okhttp3.Response;
+
 
 /**
  * An OkHttp2 interceptor for encrypting/decrypting parts of HTTP payloads.

src/main/java/com/mastercard/developer/interceptors/OkHttp2JweInterceptor.java

@@ -4,8 +4,9 @@
 import com.mastercard.developer.encryption.EncryptionException;
 import com.mastercard.developer.encryption.JweConfig;
 import com.mastercard.developer.encryption.JweEncryption;
-import com.squareup.okhttp.Request;
-import com.squareup.okhttp.Response;
+import okhttp3.Request;
+import okhttp3.Response;
+
 
 /**
  * An OkHttp2 JWE interceptor for encrypting/decrypting parts of HTTP payloads.

src/main/java/com/mastercard/developer/interceptors/OpenFeignDecoderExecutor.java

@@ -53,7 +53,7 @@ public Object decode(Response response, Type type) throws IOException {
                     .body(decryptedPayload, StandardCharsets.UTF_8)
                     .build();
         } catch (EncryptionException e) {
-            throw new DecodeException("Failed to intercept and decrypt response!", e);
+            throw new DecodeException(response.status(), "Failed to intercept and decrypt response!", response.request(), e);
         }
 
         // Call the regular decoder

src/test/java/com/mastercard/developer/interceptors/OkHttp2FieldLevelEncryptionInterceptorTest.java

@@ -4,7 +4,7 @@
 import com.mastercard.developer.encryption.EncryptionException;
 import com.mastercard.developer.encryption.FieldLevelEncryptionConfig;
 import com.mastercard.developer.test.TestUtils;
-import com.squareup.okhttp.*;
+import okhttp3.*;
 import okio.Buffer;
 import org.junit.Rule;
 import org.junit.Test;
@@ -15,7 +15,7 @@
 
 import static com.mastercard.developer.test.TestUtils.assertPayloadEquals;
 import static com.mastercard.developer.test.TestUtils.getTestFieldLevelEncryptionConfigBuilder;
-import static com.squareup.okhttp.Interceptor.Chain;
+import static okhttp3.Interceptor.Chain;
 import static org.hamcrest.core.Is.isA;
 import static org.junit.Assert.*;
 import static org.mockito.Mockito.*;
@@ -143,6 +143,7 @@ public void testIntercept_ShouldDecryptResponsePayloadAndUpdateContentLengthHead
                 .request(request)
                 .code(200)
                 .protocol(Protocol.HTTP_1_1)
+                .message("")
                 .build();
         Chain chain = mock(Chain.class);
         when(request.body()).thenReturn(null);

src/test/java/com/mastercard/developer/interceptors/OkHttp2JweInterceptorTest.java

@@ -1,7 +1,7 @@
 package com.mastercard.developer.interceptors;
 
 import com.mastercard.developer.encryption.*;
-import com.squareup.okhttp.*;
+import okhttp3.*;
 import okio.Buffer;
 import org.junit.Rule;
 import org.junit.Test;
@@ -12,7 +12,7 @@
 
 import static com.mastercard.developer.test.TestUtils.assertPayloadEquals;
 import static com.mastercard.developer.test.TestUtils.getTestJweConfigBuilder;
-import static com.squareup.okhttp.Interceptor.Chain;
+import static okhttp3.Interceptor.Chain;
 import static org.hamcrest.core.Is.isA;
 import static org.junit.Assert.*;
 import static org.mockito.Mockito.*;
@@ -106,6 +106,7 @@ public void testIntercept_ShouldDecryptResponsePayloadAndUpdateContentLengthHead
                 .request(request)
                 .code(200)
                 .protocol(Protocol.HTTP_1_1)
+                .message("")
                 .build();
         Chain chain = mock(Chain.class);
         when(request.body()).thenReturn(null);
@@ -136,6 +137,7 @@ public void testInterceptResponse_ShouldDecryptWithA128CBC_HS256Encryption() thr
                 .body(ResponseBody.create(JSON_MEDIA_TYPE, encryptedPayload))
                 .request(request)
                 .code(200)
+                .message("")
                 .protocol(Protocol.HTTP_1_1)
                 .build();
         Chain chain = mock(Chain.class);

src/test/java/com/mastercard/developer/interceptors/OpenFeignFieldLevelEncryptionDecoderTest.java

@@ -2,6 +2,7 @@
 
 import com.mastercard.developer.encryption.EncryptionException;
 import com.mastercard.developer.encryption.FieldLevelEncryptionConfig;
+import com.mastercard.developer.utils.HttpHelpers;
 import feign.Response;
 import feign.Util;
 import feign.codec.DecodeException;
@@ -20,6 +21,8 @@
 import static com.mastercard.developer.test.TestUtils.assertPayloadEquals;
 import static com.mastercard.developer.test.TestUtils.getTestFieldLevelEncryptionConfigBuilder;
 import static com.mastercard.developer.utils.FeignUtils.readHeader;
+import static com.mastercard.developer.utils.HttpHelpers.buildDummyRequest;
+import static com.mastercard.developer.utils.HttpHelpers.buildResponse;
 import static org.hamcrest.core.Is.isA;
 import static org.junit.Assert.*;
 import static org.mockito.ArgumentMatchers.any;
@@ -52,11 +55,7 @@ public void testDecode_ShouldDecryptResponsePayloadAndUpdateContentLengthHeader(
                 put("content-length", Collections.singleton("100"));
             }
         };
-        Response response = Response.builder()
-                .status(200)
-                .headers(headers)
-                .body(encryptedPayload, StandardCharsets.UTF_8)
-                .build();
+        Response response = buildResponse(encryptedPayload);
         Decoder delegate = mock(Decoder.class);
 
         // WHEN
@@ -99,7 +98,7 @@ public void testDecode_ShouldDoNothing_WhenEmptyPayload() throws Exception {
         FieldLevelEncryptionConfig config = getTestFieldLevelEncryptionConfigBuilder().build();
         Type type = mock(Type.class);
         Response response = mock(Response.class);
-        when(response.body()).thenReturn(buildResponseBody(""));
+        when(response.body()).thenReturn(buildResponse("").body());
         Decoder delegate = mock(Decoder.class);
 
         // WHEN
@@ -128,7 +127,8 @@ public void testDecode_ShouldThrowDecodeException_WhenDecryptionFails() throws E
                 .build();
         Type type = mock(Type.class);
         Response response = mock(Response.class);
-        when(response.body()).thenReturn(buildResponseBody(encryptedPayload));
+        when(response.body()).thenReturn(buildResponse(encryptedPayload).body());
+        when(response.request()).thenReturn(buildDummyRequest(encryptedPayload));
         Decoder delegate = mock(Decoder.class);
 
         // THEN
@@ -170,11 +170,7 @@ public void testDecode_ShouldDecryptResponsePayloadAndRemoveEncryptionHttpHeader
                 put("x-encryption-certificate-fingerprint", Collections.singleton("80810fc13a8319fcf0e2ec322c82a4c304b782cc3ce671176343cfe8160c2279"));
             }
         };
-        Response response = Response.builder()
-                .status(200)
-                .headers(headers)
-                .body(encryptedPayload, StandardCharsets.UTF_8)
-                .build();
+        Response response = buildResponse(encryptedPayload, headers);
         Decoder delegate = mock(Decoder.class);
 
         // WHEN
@@ -195,12 +191,4 @@ public void testDecode_ShouldDecryptResponsePayloadAndRemoveEncryptionHttpHeader
         assertNull(readHeader(responseValue, "x-encryption-certificate-fingerprint"));
     }
 
-    private static Response.Body buildResponseBody(String payload) {
-        Response response = Response.builder()
-                .status(200)
-                .headers(new HashMap<>())
-                .body(payload, StandardCharsets.UTF_8)
-                .build();
-        return response.body();
-    }
 }

src/test/java/com/mastercard/developer/interceptors/OpenFeignJweDecoderTest.java

@@ -13,14 +13,15 @@
 import org.mockito.ArgumentCaptor;
 
 import java.lang.reflect.Type;
-import java.nio.charset.StandardCharsets;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
 
 import static com.mastercard.developer.test.TestUtils.assertPayloadEquals;
 import static com.mastercard.developer.test.TestUtils.getTestJweConfigBuilder;
 import static com.mastercard.developer.utils.FeignUtils.readHeader;
+import static com.mastercard.developer.utils.HttpHelpers.buildDummyRequest;
+import static com.mastercard.developer.utils.HttpHelpers.buildResponse;
 import static org.hamcrest.core.Is.isA;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
@@ -60,11 +61,7 @@ public void testDecode_ShouldDecryptResponsePayloadAndUpdateContentLengthHeader(
                 put("content-length", Collections.singleton("100"));
             }
         };
-        Response response = Response.builder()
-                .status(200)
-                .headers(headers)
-                .body(encryptedPayload, StandardCharsets.UTF_8)
-                .build();
+        Response response = buildResponse(encryptedPayload, headers);
         Decoder delegate = mock(Decoder.class);
 
         // WHEN
@@ -97,11 +94,7 @@ public void testDecode_ShouldDecryptWithA128CBC_HS256Encryption() throws Excepti
                 put("content-length", Collections.singleton("100"));
             }
         };
-        Response response = Response.builder()
-                .status(200)
-                .headers(headers)
-                .body(encryptedPayload, StandardCharsets.UTF_8)
-                .build();
+        Response response = buildResponse(encryptedPayload, headers);
         Decoder delegate = mock(Decoder.class);
 
         // WHEN
@@ -126,6 +119,7 @@ public void testDecode_ShouldDoNothing_WhenNoPayload() throws Exception {
         Response response = mock(Response.class);
         Decoder delegate = mock(Decoder.class);
         when(response.body()).thenReturn(null);
+        when(response.request()).thenReturn(buildDummyRequest(""));
 
         // WHEN
         OpenFeignJweDecoder instanceUnderTest = new OpenFeignJweDecoder(config, delegate);
@@ -144,7 +138,8 @@ public void testDecode_ShouldDoNothing_WhenEmptyPayload() throws Exception {
         JweConfig config = getTestJweConfigBuilder().build();
         Type type = mock(Type.class);
         Response response = mock(Response.class);
-        when(response.body()).thenReturn(buildResponseBody(""));
+        when(response.body()).thenReturn(buildResponse("").body());
+        when(response.request()).thenReturn(buildDummyRequest(""));
         Decoder delegate = mock(Decoder.class);
 
         // WHEN
@@ -170,7 +165,8 @@ public void testDecode_ShouldThrowDecodeException_WhenDecryptionFails() throws E
 
         Type type = mock(Type.class);
         Response response = mock(Response.class);
-        when(response.body()).thenReturn(buildResponseBody(encryptedPayload));
+        when(response.body()).thenReturn(buildResponse(encryptedPayload).body());
+        when(response.request()).thenReturn(buildDummyRequest(encryptedPayload));
         Decoder delegate = mock(Decoder.class);
 
         // THEN
@@ -182,13 +178,7 @@ public void testDecode_ShouldThrowDecodeException_WhenDecryptionFails() throws E
         OpenFeignJweDecoder instanceUnderTest = new OpenFeignJweDecoder(config, delegate);
         instanceUnderTest.decode(response, type);
     }
-
-    private static Response.Body buildResponseBody(String payload) {
-        Response response = Response.builder()
-                .status(200)
-                .headers(new HashMap<>())
-                .body(payload, StandardCharsets.UTF_8)
-                .build();
-        return response.body();
-    }
 }
+
+
+

src/test/java/com/mastercard/developer/utils/HttpHelpers.java

@@ -0,0 +1,35 @@
+package com.mastercard.developer.utils;
+
+import feign.Request;
+import feign.Response;
+
+import java.nio.charset.StandardCharsets;
+import java.util.Collection;
+import java.util.HashMap;
+
+public class HttpHelpers {
+
+    public static Response buildResponse(String payload) {
+        Response response = Response.builder()
+                .status(200)
+                .headers(new HashMap<String, Collection<String>>())
+                .body(payload, StandardCharsets.UTF_8)
+                .request(buildDummyRequest(payload))
+                .build();
+        return response;
+    }
+
+    public static Response buildResponse(String payload,   HashMap<String, Collection<String>> headers) {
+        Response response = Response.builder()
+                .status(200)
+                .headers(headers)
+                .body(payload, StandardCharsets.UTF_8)
+                .request(buildDummyRequest(payload))
+                .build();
+        return response;
+    }
+    public static Request buildDummyRequest(String payload) {
+        return Request.create(Request.HttpMethod.GET, "http://example.com", new HashMap<>(), payload.getBytes(),StandardCharsets.UTF_8);
+    }
+}
+