Release Java SDK v16.6.5 (#643)

* upgraded package dependencies to latest version and switched to gradle-8.10 (#642) * Make sure autogenerated UIDs don't start with '-' (#644) * KSM-553 Added new and updated PAM field types (#650) * Added latest ServiceNow versions (washingtondc, xanadu) to the GHA * switched EOL from CRLF to LF
Keeper-Security · Sep 19, 2024 · 274db14 · 274db14
1 parent 4a7fae7
commit 274db14
Show file tree

Hide file tree

Showing 13 changed files with 394 additions and 213 deletions.
diff --git a/.github/workflows/publish.servicenow.plugin.yml b/.github/workflows/publish.servicenow.plugin.yml
@@ -42,8 +42,8 @@ jobs:
         if: ${{ false }} # disable for now
         run: |
           TAG="${{ github.event.inputs.tagname }}"
-          GRADLE_CFG=./build.gradle
-          BUILD_VERSION=`fgrep version $GRADLE_CFG | sed -r 's/^version\s+//g' | sed "s/'//g"`
+          GRADLE_CFG=./build.gradle.kts
+          BUILD_VERSION=`fgrep version $GRADLE_CFG | sed -r 's/^version\s+//g' | sed 's/"//g'`
           if [[ "$TAG" == *"-$BUILD_VERSION"* ]]; then
             echo "Build version $BUILD_VERSION is included in the tag $TAG"
           else
@@ -56,6 +56,8 @@ jobs:
           cat <<'EOF' > build.sh
           #!/usr/bin/env bash
           MID_SERVER_URLS=''
+          MID_SERVER_URLS=${MID_SERVER_URLS},https://install.service-now.com/glide/distribution/builds/package/mid/2024/09/01/mid.xanadu-07-02-2024__patch1-08-24-2024_09-01-2024_1853.linux.x86-64.zip
+          MID_SERVER_URLS=${MID_SERVER_URLS},https://install.service-now.com/glide/distribution/builds/package/mid/2024/08/31/mid.washingtondc-12-20-2023__patch7-08-21-2024_08-31-2024_1809.linux.x86-64.zip
           MID_SERVER_URLS=${MID_SERVER_URLS},https://install.service-now.com/glide/distribution/builds/package/mid/2023/07/26/mid.vancouver-07-06-2023__patch0-07-18-2023_07-26-2023_1029.linux.x86-64.zip
           MID_SERVER_URLS=${MID_SERVER_URLS},https://install.service-now.com/glide/distribution/builds/package/mid/2023/08/20/mid.utah-12-21-2022__patch6-08-09-2023_08-20-2023_0545.linux.x86-64.zip
           MID_SERVER_URLS=${MID_SERVER_URLS},https://install.service-now.com/glide/distribution/builds/package/mid/2023/06/23/mid.tokyo-07-08-2022__patch9-hotfix2-06-07-2023_06-23-2023_1740.linux.x86-64.zip
@@ -69,11 +71,11 @@ jobs:
           buildroot=`pwd`
           
           chmod u+x ${buildroot}/gradlew
-          gradlecfg=${buildroot}/build.gradle
+          gradlecfg=${buildroot}/build.gradle.kts
           
-          buildname=`fgrep archivesName ${gradlecfg} | sed -r 's/^\s*archivesName\s*=\s*//g' | sed "s/'//g"`
-          buildversion=`fgrep version ${gradlecfg} | sed -r 's/^version\s+//g' | sed "s/'//g"`
-          srcjarpath=${buildroot}/build/libs/${buildname}-${buildversion}.jar
+          buildname=`fgrep archivesName ${gradlecfg} | sed -r 's/^\s*archivesName\s*=\s*//g' | sed 's/"//g'`
+          buildversion=`fgrep version ${gradlecfg} | sed -r 's/^version\s+//g' | sed 's/"//g'`
+          srcjarpath=${buildroot}/build/libs/${buildname}.jar
           
           IFS="," read -a urls <<< ${MID_SERVER_URLS}
           for url in "${urls[@]}"; do
@@ -88,7 +90,7 @@ jobs:
               
               libpath=${midsdir}/${version}/agent/lib
               elibpath=${libpath//\//\\/}
-              sed -i "s/def midserver_agent_dir =.*/def midserver_agent_dir = \'${elibpath}\'/" ${gradlecfg}
+              sed -i "s/val midServerAgentDir =.*/val midServerAgentDir = \"${elibpath}\"/" ${gradlecfg}
               
               cd ${buildroot}
               gradlew_return_code=0
@@ -117,8 +119,8 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           TAG="${{ github.event.inputs.tagname }}"
-          GRADLE_CFG=./build.gradle
-          BUILD_NAME=`fgrep archivesName $GRADLE_CFG | sed -r 's/^\s*archivesName\s*=\s*//g' | sed "s/'//g"`
-          BUILD_VERSION=`fgrep version $GRADLE_CFG | sed -r 's/^version\s+//g' | sed "s/'//g"`
+          GRADLE_CFG=./build.gradle.kts
+          BUILD_NAME=`fgrep archivesName $GRADLE_CFG | sed -r 's/^\s*archivesName\s*=\s*//g' | sed 's/"//g'`
+          BUILD_VERSION=`fgrep version $GRADLE_CFG | sed -r 's/^version\s+//g' | sed 's/"//g'`
           RELEASE_NAME=${BUILD_NAME}-${BUILD_VERSION}.jar
           gh release create ${TAG} `pwd`/releases/*.jar --repo="$GITHUB_REPOSITORY" --title="$RELEASE_NAME" --generate-notes
diff --git a/integration/servicenow-external-credential-resolver/build.gradle b/integration/servicenow-external-credential-resolver/build.gradle
diff --git a/integration/servicenow-external-credential-resolver/build.gradle.kts b/integration/servicenow-external-credential-resolver/build.gradle.kts
@@ -0,0 +1,69 @@
+group "com.keepersecurity"
+version "0.1.0"
+
+plugins {
+    base
+    java
+}
+
+base {
+    archivesName = "keeper-external-credentials"
+}
+
+java {
+    toolchain {
+        // Vancouver-- built with OpenJDK 11.x
+        languageVersion = JavaLanguageVersion.of(11)
+
+        // Washington DC: A ServiceNow build of OpenJDK 17.0.8.1 is Supported and Included (17.0.8.1-sncmid1)
+        // Administrators will need to make sure any 3rd party JAR files for Credential resolvers, JDBC drivers, etc.
+        // are compatible with Java 17 and 'strong encapsulation', before upgrading.
+        // More information: KB1273036 MID Server - JRE 17 Upgrade
+
+        // Washington DC, Xanadu++ built with OpenJDK 17.x
+        //languageVersion = JavaLanguageVersion.of(17)
+    }
+}
+
+// This must point to the MID Server installation location (agent directory path).
+val midServerAgentDir = "/opt/servicenow/mid/agent/lib"
+
+repositories {
+    mavenCentral()
+    flatDir {
+        dirs(midServerAgentDir)
+    }
+}
+
+dependencies {
+    implementation ("com.keepersecurity.secrets-manager:core:16.6.4+")
+
+    // MID server dependencies, not required to be uploaded
+    // MID jar dependency for config APIs
+    compileOnly("com.snc:mid")
+    compileOnly("com.snc:commons-glide")
+    compileOnly("com.snc:commons-core-automation")
+    compileOnly("com.snc:snc-automation-api")
+
+    // NB! JDK16+/Vancouver+ may require: export _JAVA_OPTIONS="--add-opens=java.base/sun.security.util=ALL-UNNAMED"
+    // Vancouver and newer: IFileSystem is in the new mid-api.jar
+    if (file("${midServerAgentDir}/mid-api.jar").exists()) {
+        compileOnly("com.snc:mid-api")
+    }
+}
+
+tasks.jar {
+    duplicatesStrategy = DuplicatesStrategy.EXCLUDE
+    manifest {
+        attributes("Main-Class" to "com.snc.discovery.CredentialResolver")
+    }
+    from(configurations
+        .runtimeClasspath
+        .get()  // Gradle 6+
+        .files  // Gradle 6+
+        .map { if (it.isDirectory) it else zipTree(it) }
+    )
+    exclude("META-INF/*.SF")
+    exclude("META-INF/*.DSA")
+    exclude("META-INF/*.RSA")
+}
diff --git a/integration/servicenow-external-credential-resolver/gradle/wrapper/gradle-wrapper.properties b/integration/servicenow-external-credential-resolver/gradle/wrapper/gradle-wrapper.properties
@@ -1,6 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-bin.zip
-networkTimeout=10000
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.1-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
diff --git a/integration/servicenow-external-credential-resolver/settings.gradle.kts b/integration/servicenow-external-credential-resolver/settings.gradle.kts
@@ -0,0 +1,16 @@
+rootProject.name = "keeper-external-credentials"
+
+plugins {
+    id("org.gradle.toolchains.foojay-resolver") version "0.8.0"
+}
+
+@Suppress("UnstableApiUsage")
+toolchainManagement {
+    jvm {
+        javaRepositories {
+            repository("foojay") {
+                resolverClass.set(org.gradle.toolchains.foojay.FoojayToolchainResolver::class.java)
+            }
+        }
+    }
+}
diff --git a/sdk/java/core/README.md b/sdk/java/core/README.md
@@ -4,6 +4,11 @@ For more information see our official documentation page https://docs.keeper.io/
 
 # Change Log
 
+## 16.6.5
+- KSM-548 - Make sure autogenerated UIDs don't start with '-'
+- KSM-553 - Added new field types and updated PAM field types
+- Upgraded package dependencies to latest versions and switched to gradle-8.10.1
+
 ## 16.6.4
 - KSM-501 - Switched to non-strict JSON parser
 - KSM-506 - Adding support for Privacy screen in the passkey field type
@@ -28,7 +33,7 @@ For more information see our official documentation page https://docs.keeper.io/
 - KSM-421 - Improved Logging
 
 ## 16.5.3
-- KSM-401 - Update PAM Record types and Field types to have latest updates
+- KSM-401 - Update PAM Record types and Field types to have the latest updates
 - KSM-406 - New field type: Passkey
 - KSM-382 - Support for record Transactions
 

diff --git a/sdk/java/core/build.gradle.kts b/sdk/java/core/build.gradle.kts
@@ -1,20 +1,21 @@
 import org.gradle.api.publish.maven.MavenPublication
 import org.gradle.kotlin.dsl.`maven-publish`
 import org.gradle.kotlin.dsl.signing
+import org.jetbrains.kotlin.gradle.dsl.JvmTarget
 import java.util.*
 
 group = "com.keepersecurity.secrets-manager"
 
 // During publishing, If version ends with '-SNAPSHOT' then it will be published to Maven snapshot repository
-version = "16.6.4"
+version = "16.6.5"
 
 plugins {
     `java-library`
-    kotlin("jvm") version "1.9.23"
-    kotlin("plugin.serialization") version "1.9.23"
+    kotlin("jvm") version "2.0.20"
+    kotlin("plugin.serialization") version "2.0.20"
     `maven-publish`
     signing
-    id("io.github.gradle-nexus.publish-plugin") version "1.3.0"
+    id("io.github.gradle-nexus.publish-plugin") version "2.0.0"
 }
 
 java {
@@ -29,8 +30,8 @@ tasks.withType<JavaCompile>().configureEach {
 }
 
 tasks.withType<org.jetbrains.kotlin.gradle.tasks.KotlinCompile>().configureEach {
-    kotlinOptions {
-        jvmTarget = "1.8"
+    compilerOptions {
+        jvmTarget.set(JvmTarget.JVM_1_8)
     }
 }
 
@@ -42,20 +43,20 @@ repositories {
 
 dependencies {
     // Align versions of all Kotlin components
-    implementation(platform("org.jetbrains.kotlin:kotlin-bom:1.9.23"))
+    implementation(platform("org.jetbrains.kotlin:kotlin-bom:2.0.20"))
 
     // Use the Kotlin JDK 8 standard library.
-    api("org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.9.23")
-    implementation("org.jetbrains.kotlinx:kotlinx-serialization-json:1.6.3")
-    implementation("org.jetbrains.kotlin:kotlin-reflect:1.9.23")
+    api("org.jetbrains.kotlin:kotlin-stdlib-jdk8:2.0.20")
+    implementation("org.jetbrains.kotlinx:kotlinx-serialization-json:1.7.2")
+    implementation("org.jetbrains.kotlin:kotlin-reflect:2.0.20")
 
     // Use the Kotlin test library.
-    testImplementation("org.jetbrains.kotlin:kotlin-test:1.9.23")
+    testImplementation("org.jetbrains.kotlin:kotlin-test:2.0.20")
 
     // Use the Kotlin JUnit integration.
-    testImplementation("org.jetbrains.kotlin:kotlin-test-junit:1.9.23")
+    testImplementation("org.jetbrains.kotlin:kotlin-test-junit:2.0.20")
 
-    testImplementation("org.bouncycastle:bc-fips:1.0.2.4")
+    testImplementation("org.bouncycastle:bc-fips:2.0.0")
 //    testImplementation("org.bouncycastle:bcprov-jdk15on:1.70")
 }
 

diff --git a/sdk/java/core/gradle/wrapper/gradle-wrapper.properties b/sdk/java/core/gradle/wrapper/gradle-wrapper.properties
@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.6-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.1-bin.zip
 
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
diff --git a/sdk/java/core/settings.gradle.kts b/sdk/java/core/settings.gradle.kts
@@ -1,7 +1,7 @@
 rootProject.name = "core"
 
 plugins {
-    id("org.gradle.toolchains.foojay-resolver") version "0.7.0"
+    id("org.gradle.toolchains.foojay-resolver") version "0.8.0"
 }
 
 @Suppress("UnstableApiUsage")

diff --git a/sdk/java/core/src/main/kotlin/com/keepersecurity/secretsManager/core/CryptoUtils.kt b/sdk/java/core/src/main/kotlin/com/keepersecurity/secretsManager/core/CryptoUtils.kt
@@ -3,7 +3,7 @@
 package com.keepersecurity.secretsManager.core
 
 import java.math.BigInteger
-import java.net.URL
+import java.net.URI
 import java.net.URLDecoder
 import java.nio.ByteBuffer
 import java.security.*
@@ -16,6 +16,7 @@ import javax.crypto.Mac
 import javax.crypto.spec.GCMParameterSpec
 import javax.crypto.spec.IvParameterSpec
 import javax.crypto.spec.SecretKeySpec
+import kotlin.experimental.and
 import kotlin.math.pow
 import kotlin.math.abs
 
@@ -81,6 +82,20 @@ internal fun getRandomBytes(length: Int): ByteArray {
     return bytes
 }
 
+internal fun generateUid(): ByteArray {
+    val dash = 0b11111000.toByte()
+    var bytes = ByteArray(16)
+
+    for (i in 1..8) {
+        bytes = getRandomBytes(16)
+        if (dash.and(bytes[0]) != dash) break
+    }
+    if (dash.and(bytes[0]) == dash)
+        bytes[0] = bytes[0].and(0b01111111.toByte())
+
+    return bytes
+}
+
 internal fun generateKeyPair(): java.security.KeyPair {
     return KeeperCryptoParameters.keyGen.genKeyPair()
 }
@@ -235,7 +250,7 @@ data class TotpCode(val code: String, val timeLeft: Int, val period: Int) {
             if (protocol != "otpauth")
                 return null
 
-            val totpUrl = URL("http://" + url.substring(10))
+            val totpUrl = URI.create("http://" + url.substring(10)).toURL()
             val queryPairs = mutableMapOf<String, String>()
             val pairs: List<String> = totpUrl.query.split("&")
             for (pair in pairs) {