Resolve VCSWP-21889 (#49)

* Fix for Signature Information class method bug

* Implement seconds testing over milliseconds testing

* Resolve dependabot alerts

* Resolve dependabot alerts part 2

.github/workflows/gradle-build.yml

@@ -33,7 +33,7 @@ jobs:
           java-version: "17"
           distribution: "temurin"
       - name: Build with Gradle
-        uses: gradle/gradle-build-action@v2
+        uses: gradle/gradle-build-action@v2.4.2
         with:
           gradle-version: current
           arguments: --refresh-dependencies clean build --info

.github/workflows/gradle-publish.yml

@@ -34,15 +34,15 @@ jobs:
           settings-path: ${{ github.workspace }} # location for the settings.xml file
 
       - name: Build with Gradle
-        uses: gradle/gradle-build-action@v2
+        uses: gradle/gradle-build-action@v2.4.2
         with:
           gradle-version: current
           arguments: --refresh-dependencies clean build
 
       # The USERNAME and TOKEN need to correspond to the credentials environment variables used in
       # the publishing section of your build.gradle
       - name: Publish to GitHub Packages
-        uses: gradle/gradle-build-action@v2
+        uses: gradle/gradle-build-action@v2.4.2
         with:
           arguments: publish
         env:

CHANGELOG.md

@@ -9,6 +9,14 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 None
 
+<a name="5.5.4"></a>
+
+## [5.5.4] - 2024-04-09
+
+### Added
+
+- Fix for Signature Information class method bug
+
 <a name="5.5.3"></a>
 
 ## [5.5.3] - 2023-09-11

README.md

@@ -40,7 +40,7 @@ Add this dependency to your project's POM:
 <dependency>
   <groupId>com.github.freeclimbapi</groupId>
   <artifactId>freeclimb-java-client</artifactId>
-  <version>5.5.3</version>
+  <version>5.5.4</version>
   <scope>compile</scope>
 </dependency>
 ```
@@ -56,7 +56,7 @@ Add this dependency to your project's build file:
   }
 
   dependencies {
-     implementation "com.github.freeclimbapi:freeclimb-java-client:5.5.3"
+     implementation "com.github.freeclimbapi:freeclimb-java-client:5.5.4"
      implementation("com.squareup.okhttp3:okhttp:4.9.3")
      implementation("com.squareup.okhttp3:logging-interceptor:4.9.3")
   }
@@ -72,7 +72,7 @@ mvn clean package
 
 Then manually install the following JARs:
 
-* `target/freeclimb-java-client-5.5.3.jar`
+* `target/freeclimb-java-client-5.5.4.jar`
 * `target/lib/*.jar`
 
 ## Getting Started

build.gradle

@@ -4,7 +4,7 @@ apply plugin: 'java'
 apply plugin: 'com.diffplug.spotless'
 
 group = 'com.github.freeclimbapi'
-version = '5.5.3'
+version = '5.5.4'
 
 buildscript {
     repositories {

build.sbt

@@ -2,7 +2,7 @@ lazy val root = (project in file(".")).
   settings(
     organization := "com.github.freeclimbapi",
     name := "freeclimb-java-client",
-    version := "5.5.3",
+    version := "5.5.4",
     scalaVersion := "2.11.4",
     scalacOptions ++= Seq("-feature"),
     javacOptions in compile ++= Seq("-Xlint:deprecation"),

pom.xml

@@ -5,7 +5,7 @@
     <artifactId>freeclimb-java-client</artifactId>
     <packaging>jar</packaging>
     <name>freeclimb-java-client</name>
-    <version>5.5.3</version>
+    <version>5.5.4</version>
     <url>https://github.com/freeclimbapi/java-sdk</url>
     <description>FreeClimb Java Client</description>
     <scm>

src/main/java/com/github/freeclimbapi/ApiClient.java

@@ -131,7 +131,7 @@ private void init() {
         json = new JSON();
 
         // Set default User-Agent.
-        setUserAgent("OpenAPI-Generator/5.5.3/java");
+        setUserAgent("OpenAPI-Generator/5.5.4/java");
 
         authentications = new HashMap<String, Authentication>();
     }

src/main/java/com/github/freeclimbapi/utils/SignatureInformation.java

@@ -34,7 +34,7 @@ public SignatureInformation(String requestHeader) {
 
     public boolean isRequestTimeValid(Integer tolerance) {
         Integer currentUnixTimestamp = getCurrentUnixTime();
-        return (requestTimestamp + tolerance) < currentUnixTimestamp;
+        return currentUnixTimestamp < (requestTimestamp + tolerance);
     }
 
     public boolean isSignatureSafe(String requestBody, String signingSecret)

src/test/java/com/github/freeclimbapi/RequestVerifierTest.java

@@ -146,24 +146,31 @@ public void checkToleranceTest3() {
     public void verifyToleranceTest() {
         String requestBody = "{\"accountId\":\"AC1334ffb694cd8d969f51cddf5f7c9b478546d50c\",\"callId\":\"CAccb0b00506553cda09b51c5477f672a49e0b2213\",\"callStatus\":\"ringing\",\"conferenceId\":null,\"direction\":\"inbound\",\"from\":\"+13121000109\",\"parentCallId\":null,\"queueId\":null,\"requestType\":\"inboundCall\",\"to\":\"+13121000096\"}";
         String signingSecret = "sigsec_ead6d3b6904196c60835d039e91b3341c77a7793";
-        String requestHeader = "t=1900871395,v1=1d798c86e977ff734dec3a8b8d67fe8621dcc1df46ef4212e0bfe2e122b01bfd,v1=1ba18712726898fbbe48cd862dd096a709f7ad761a5bab14bda9ac24d963a6a8";
-        Integer tolerance = 5 * 60;
         Integer currentTime = (int) (System.currentTimeMillis() / 1000L);
+        Integer timeCalcuation = currentTime - (6 * 60);
+        String requestHeader = "t=" + timeCalcuation.toString()
+                + ",v1=1d798c86e977ff734dec3a8b8d67fe8621dcc1df46ef4212e0bfe2e122b01bfd,v1=1ba18712726898fbbe48cd862dd096a709f7ad761a5bab14bda9ac24d963a6a8";
+        Integer tolerance = 5 * 60;
+
         RuntimeException exception = assertThrows(
                 RuntimeException.class,
                 () -> {
                     RequestVerifier.verifyRequestSignature(requestBody, requestHeader, signingSecret, tolerance);
                 });
 
-        assertEquals("Request time exceeded tolerance threshold. Request: 1900871395, CurrentTime: "
-                + Integer.toString(currentTime) + ", tolerance: " + tolerance, exception.getMessage());
+        assertEquals(
+                "Request time exceeded tolerance threshold. Request: " + timeCalcuation.toString() + ", CurrentTime: "
+                        + Integer.toString(currentTime) + ", tolerance: " + tolerance,
+                exception.getMessage());
     }
 
     @Test
     public void verifySignatureTest() {
         String requestBody = "{\"accountId\":\"AC1334ffb694cd8d969f51cddf5f7c9b478546d50c\",\"callId\":\"CAccb0b00506553cda09b51c5477f672a49e0b2213\",\"callStatus\":\"ringing\",\"conferenceId\":null,\"direction\":\"inbound\",\"from\":\"+13121000109\",\"parentCallId\":null,\"queueId\":null,\"requestType\":\"inboundCall\",\"to\":\"+13121000096\"}";
         String signingSecret = "sigsec_ead6d3b6904196c60835d039e91b3341c77a7794";
-        String requestHeader = "t=1679944186,v1=1d798c86e977ff734dec3a8b8d67fe8621dcc1df46ef4212e0bfe2e122b01bfd,v1=1ba18712726898fbbe48cd862dd096a709f7ad761a5bab14bda9ac24d963a6a8";
+        Integer currentTime = (int) (System.currentTimeMillis() / 1000L);
+        String requestHeader = "t=" + currentTime.toString()
+                + ",v1=1d798c86e977ff734dec3a8b8d67fe8621dcc1df46ef4212e0bfe2e122b01bfd,v1=1ba18712726898fbbe48cd862dd096a709f7ad761a5bab14bda9ac24d963a6a8";
         Integer tolerance = 5 * 60;
         RuntimeException exception = assertThrows(
                 RuntimeException.class,
@@ -180,7 +187,7 @@ public void verifySignatureTest() {
     public void verifyRequestSignatureTest() throws NoSuchAlgorithmException, InvalidKeyException {
         String requestBody = "{\"accountId\":\"AC1334ffb694cd8d969f51cddf5f7c9b478546d50c\",\"callId\":\"CAccb0b00506553cda09b51c5477f672a49e0b2213\",\"callStatus\":\"ringing\",\"conferenceId\":null,\"direction\":\"inbound\",\"from\":\"+13121000109\",\"parentCallId\":null,\"queueId\":null,\"requestType\":\"inboundCall\",\"to\":\"+13121000096\"}";
         String signingSecret = "sigsec_ead6d3b6904196c60835d039e91b3341c77a7793";
-        String requestHeader = "t=1679944186,v1=c3957749baf61df4b1506802579cc69a74c77a1ae21447b930e5a704f9ec4120,v1=1ba18712726898fbbe48cd862dd096a709f7ad761a5bab14bda9ac24d963a6a8";
+        String requestHeader = "t=2130000000,v1=c3957749baf61df4b1506802579cc69a74c77a1ae21447b930e5a704f9ec4120,v1=6835006e70c9b9f610e8fb3a8b36b52b3f28c12d0a2dab75091c46ca7ec11b20";
         Integer tolerance = 5 * 60;
         RequestVerifier.verifyRequestSignature(requestBody, requestHeader, signingSecret, tolerance);
     }

src/test/java/com/github/freeclimbapi/SignatureInformationTest.java

@@ -23,14 +23,25 @@ public class SignatureInformationTest {
 
     @Test
     public void isRequestTimeValidTest() {
+        Long timeCalcuation = (System.currentTimeMillis() / 1000L);
+        Integer currentTime = Integer.valueOf(timeCalcuation.intValue());
+        String requestHeader = "t=" + Integer.toString(currentTime)
+                + ",v1=c3957749baf61df4b1506802579cc69a74c77a1ae21447b930e5a704f9ec4120,v1=1ba18712726898fbbe48cd862dd096a709f7ad761a5bab14bda9ac24d963a6a8";
+        SignatureInformation instance = new SignatureInformation(requestHeader);
         Integer tolerance = 5 * 60;
         Boolean isRequestTimeValid = instance.isRequestTimeValid(tolerance);
         Assert.assertEquals(isRequestTimeValid, true);
     }
 
     @Test
     public void isRequestTimeValidTest2() {
-        Integer tolerance = Integer.MAX_VALUE - timestamp;
+        Long timeCalcuation = (System.currentTimeMillis() / 1000L);
+        Integer currentTime = Integer.valueOf(timeCalcuation.intValue()) - (600 * 60);
+        // Integer tolerance = Integer.MAX_VALUE - timestamp;
+        Integer tolerance = 500 * 60;
+        String requestHeader = "t=" + Integer.toString(currentTime)
+                + ",v1=c3957749baf61df4b1506802579cc69a74c77a1ae21447b930e5a704f9ec4120,v1=1ba18712726898fbbe48cd862dd096a709f7ad761a5bab14bda9ac24d963a6a8";
+        SignatureInformation instance = new SignatureInformation(requestHeader);
         Boolean isRequestTimeValid = instance.isRequestTimeValid(tolerance);
         Assert.assertEquals(isRequestTimeValid, false);
     }