From 1234a2ba2a712d2f66dd10349c99134584661b9a Mon Sep 17 00:00:00 2001 From: Rune Flobakk Date: Fri, 1 Nov 2024 13:05:01 +0100 Subject: [PATCH 1/3] Upgrade Maven plugins --- lib/pom.xml | 14 +++++++------- pom.xml | 10 +++++----- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/pom.xml b/lib/pom.xml index 54de9010..221c0c5a 100644 --- a/lib/pom.xml +++ b/lib/pom.xml @@ -183,12 +183,12 @@ maven-compiler-plugin - 3.11.0 + 3.13.0 com.github.siom79.japicmp japicmp-maven-plugin - 0.18.1 + 0.23.0 @@ -202,7 +202,7 @@ maven-shade-plugin - 3.5.1 + 3.6.0 true @@ -228,7 +228,7 @@ maven-surefire-plugin - 3.1.2 + 3.5.1 maven-resources-plugin @@ -236,15 +236,15 @@ maven-javadoc-plugin - 3.6.0 + 3.10.1 maven-jar-plugin - 3.3.0 + 3.4.2 maven-enforcer-plugin - 3.4.1 + 3.5.0 diff --git a/pom.xml b/pom.xml index eea5558e..1842cd00 100644 --- a/pom.xml +++ b/pom.xml @@ -50,11 +50,11 @@ maven-deploy-plugin - 3.1.1 + 3.1.3 maven-clean-plugin - 3.3.1 + 3.4.0 @@ -68,16 +68,16 @@ maven-dependency-plugin - 3.6.0 + 3.8.1 maven-install-plugin - 3.1.1 + 3.1.3 org.codehaus.mojo versions-maven-plugin - 2.16.1 + 2.17.1 From 2a3641f7c9ceb5540021ecc653da047add15fd26 Mon Sep 17 00:00:00 2001 From: Rune Flobakk Date: Fri, 1 Nov 2024 13:15:42 +0100 Subject: [PATCH 2/3] Upgrade dependencies Also migrate code to not use deprecated API of Apache HttpClient. --- NOTICE | 1 + lib/NOTICE | 1 + lib/pom.xml | 34 +++++++++---------- .../ApacheHttpClientSslConfigurer.java | 7 ++-- 4 files changed, 21 insertions(+), 22 deletions(-) diff --git a/NOTICE b/NOTICE index bf279266..e91348fe 100644 --- a/NOTICE +++ b/NOTICE @@ -23,5 +23,6 @@ This software includes third party software subject to the following licenses: Posten signering - Java API Client BOM under The Apache Software License, Version 2.0 Posten signering - Java API Client Library under The Apache Software License, Version 2.0 Posten signering - Java API Client Parent under The Apache Software License, Version 2.0 + SLF4J API Module under MIT License diff --git a/lib/NOTICE b/lib/NOTICE index 0d09fe10..07fd3d76 100644 --- a/lib/NOTICE +++ b/lib/NOTICE @@ -21,5 +21,6 @@ This software includes third party software subject to the following licenses: Posten signering - API JAXB Classes under The Apache Software License, Version 2.0 Posten signering - API Schema under The Apache Software License, Version 2.0 Posten signering - Java API Client Library under The Apache Software License, Version 2.0 + SLF4J API Module under MIT License diff --git a/lib/pom.xml b/lib/pom.xml index 221c0c5a..13a9f0f4 100644 --- a/lib/pom.xml +++ b/lib/pom.xml @@ -28,7 +28,7 @@ org.junit junit-bom - 5.10.0 + 5.11.3 pom import @@ -39,6 +39,13 @@ pom import + + org.slf4j + slf4j-bom + 2.0.16 + pom + import + @@ -55,7 +62,7 @@ no.digipost certificate-validator - 3.0.3 + 3.0.5 org.bouncycastle @@ -67,31 +74,24 @@ org.apache.httpcomponents.client5 httpclient5 - 5.2.1 + 5.4.1 org.apache.httpcomponents.core5 httpcore5 - 5.2.3 + 5.3.1 commons-io commons-io - 2.14.0 + 2.17.0 test - - org.slf4j - slf4j-api - 2.0.9 - test - org.slf4j slf4j-simple - 2.0.9 test @@ -108,7 +108,7 @@ org.hamcrest hamcrest - 2.2 + 3.0 test @@ -124,7 +124,7 @@ nl.jqno.equalsverifier equalsverifier - 3.15.2 + 3.17.1 test @@ -148,14 +148,14 @@ no.digipost digg - 0.33 + 0.36 test com.github.tomakehurst wiremock-jre8 - 2.35.1 + 2.35.2 test @@ -167,7 +167,7 @@ no.digipost jul-to-slf4j-junit-extension - 1.0 + 1.0.1 test diff --git a/lib/src/main/java/no/digipost/signature/client/core/internal/configuration/ApacheHttpClientSslConfigurer.java b/lib/src/main/java/no/digipost/signature/client/core/internal/configuration/ApacheHttpClientSslConfigurer.java index 6dc15626..02463bb5 100644 --- a/lib/src/main/java/no/digipost/signature/client/core/internal/configuration/ApacheHttpClientSslConfigurer.java +++ b/lib/src/main/java/no/digipost/signature/client/core/internal/configuration/ApacheHttpClientSslConfigurer.java @@ -8,8 +8,8 @@ import no.digipost.signature.client.security.KeyStoreConfig; import no.digipost.signature.client.security.OrganizationNumberValidation; import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; +import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy; import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; -import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder; import org.apache.hc.core5.ssl.SSLContexts; import javax.net.ssl.SSLContext; @@ -40,10 +40,7 @@ public ApacheHttpClientSslConfigurer certificatChainValidation(CertificateChainV @Override public void applyTo(PoolingHttpClientConnectionManagerBuilder connectionManager) { - connectionManager.setSSLSocketFactory(SSLConnectionSocketFactoryBuilder.create() - .setSslContext(sslContext()) - .setHostnameVerifier(NoopHostnameVerifier.INSTANCE) - .build()); + connectionManager.setTlsSocketStrategy(new DefaultClientTlsStrategy(sslContext(), NoopHostnameVerifier.INSTANCE)); } From 5a8774816c91e6e230d7e960b4efb427f5424604 Mon Sep 17 00:00:00 2001 From: Rune Flobakk Date: Tue, 5 Nov 2024 00:28:53 +0100 Subject: [PATCH 3/3] Update to latest version in readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 78e12955..a5c7ff13 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ The recommended way to declare dependency on the library is to utilize the [BOM] no.digipost.signature signature-api-client-bom - 7.0.1 + 7.0.4 pom import