fix spotbugs configuration

pom.xml

@@ -305,6 +305,9 @@
                 <groupId>com.github.spotbugs</groupId>
                 <artifactId>spotbugs-maven-plugin</artifactId>
                 <version>4.5.3.0</version>
+                <configuration>
+                    <excludeFilterFile>spotbugs-exclude.xml</excludeFilterFile>
+                </configuration>
             </plugin>
 
             <!-- for publishing to Maven Central -->

spotbugs-exclude.xml

@@ -0,0 +1,15 @@
+<FindBugsFilter>
+    <Match>
+        <Or>
+            <Class name="~.*\.Test" />
+        </Or>
+    </Match>
+
+    <Match>
+        <Or>
+            <Bug pattern="EI_EXPOSE_REP"/>
+            <Bug pattern="EI_EXPOSE_REP2"/>
+        </Or>
+    </Match>
+
+</FindBugsFilter>

src/main/java/ee/sk/mid/MidAuthenticationHashToSign.java

@@ -32,6 +32,8 @@
 
 public class MidAuthenticationHashToSign extends MidHashToSign {
 
+    public static final SecureRandom SECURE_RANDOM = new SecureRandom();
+
     private MidAuthenticationHashToSign(MobileIdAuthenticationHashToSignBuilder builder) {
         super(builder);
     }
@@ -56,7 +58,7 @@ public static MobileIdAuthenticationHashToSignBuilder newBuilder() {
 
     private static byte[] getRandomBytes(int lengthInBytes) {
         byte[] randomBytes = new byte[lengthInBytes];
-        new SecureRandom().nextBytes(randomBytes);
+        SECURE_RANDOM.nextBytes(randomBytes);
         return randomBytes;
     }
 

src/main/java/ee/sk/mid/MidAuthenticationIdentity.java

@@ -26,7 +26,7 @@
  * #L%
  */
 
-public class MidAuthenticationIdentity {
+public class MidAuthenticationIdentity implements Cloneable {
 
     private String givenName;
     private String surName;
@@ -65,6 +65,16 @@ public void setCountry(String country) {
         this.country = country;
     }
 
+    @Override
+    public MidAuthenticationIdentity clone() {
+        try {
+            return (MidAuthenticationIdentity) super.clone();
+        }
+        catch (CloneNotSupportedException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
     @Override
     public String toString() {
         return "MidAuthenticationIdentity{" +

src/main/java/ee/sk/mid/MidAuthenticationResponseValidator.java

@@ -72,7 +72,7 @@ public MidAuthenticationResponseValidator(KeyStore trustStore) {
     }
 
     public MidAuthenticationResponseValidator(List<X509Certificate> trustedCACertificates) {
-        this.trustedCACertificates = trustedCACertificates;
+        this.trustedCACertificates = new ArrayList<>(trustedCACertificates);
     }
 
     public MidAuthenticationResult validate(MidAuthentication authentication) {

src/main/java/ee/sk/mid/MidAuthenticationResult.java

@@ -36,11 +36,11 @@ public class MidAuthenticationResult {
     private List<String> errors = new ArrayList<>();
 
     public MidAuthenticationIdentity getAuthenticationIdentity() {
-        return authenticationIdentity;
+        return authenticationIdentity.clone();
     }
 
     public void setAuthenticationIdentity(MidAuthenticationIdentity authenticationIdentity) {
-        this.authenticationIdentity = authenticationIdentity;
+        this.authenticationIdentity = authenticationIdentity.clone();
     }
 
     public boolean isValid() {
@@ -56,6 +56,6 @@ public void addError(MidAuthenticationError error) {
     }
 
     public List<String> getErrors() {
-        return errors;
+        return new ArrayList<>(errors);
     }
 }

src/main/java/ee/sk/mid/rest/dao/MidSessionSignature.java

@@ -32,7 +32,7 @@
 import org.apache.commons.lang3.builder.ToStringBuilder;
 
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class MidSessionSignature implements Serializable {
+public class MidSessionSignature implements Serializable, Cloneable {
 
     private static final Long serialVersionUID = 1L;
 
@@ -55,6 +55,16 @@ public void setValue(String value) {
         this.value = value;
     }
 
+    @Override
+    public MidSessionSignature clone() {
+        try {
+            return (MidSessionSignature) super.clone();
+        }
+        catch (CloneNotSupportedException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
     @Override
     public String toString() {
         return new ToStringBuilder(this)

src/main/java/ee/sk/mid/rest/dao/MidSessionStatus.java

@@ -58,7 +58,7 @@ public void setResult(String result) {
     }
 
     public MidSessionSignature getSignature() {
-        return signature;
+        return signature == null ?null :signature.clone();
     }
 
     public void setSignature(MidSessionSignature signature) {

src/test/java/ee/sk/mid/MobileIdAuthenticationHashTest.java

@@ -31,8 +31,6 @@
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.notNullValue;
 
-import java.security.SecureRandom;
-
 import ee.sk.mid.exception.MidMissingOrInvalidParameterException;
 import org.junit.Test;
 
@@ -87,7 +85,6 @@ public void authenticate_withHashInBase64_withoutHashType_shouldThrowException()
     @Test(expected = MidMissingOrInvalidParameterException.class)
     public void authenticate_withHash_withoutHashType_shouldThrowException() {
         byte[] randomBytes = new byte[MidHashType.SHA256.getLengthInBytes()];
-        new SecureRandom().nextBytes(randomBytes);
 
         MidAuthenticationHashToSign.newBuilder()
             .withHash(randomBytes)

src/test/java/ee/sk/mid/ReadmeTest.java

@@ -38,7 +38,6 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
-import java.util.List;
 
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManagerFactory;
@@ -100,11 +99,6 @@ public void setUp() throws Exception {
             .withTrustStore(trustStore)
             .build();
 
-        MidAuthenticationHashToSign authenticationHash = MidAuthenticationHashToSign.newBuilder()
-            .withHashType( MidHashType.SHA512)
-            .withHashInBase64("XXX")
-            .build();
-
         authentication = MidAuthentication.newBuilder()
             .withSignatureValueInBase64(VALID_SIGNATURE_IN_BASE64)
             .build();
@@ -213,6 +207,7 @@ public void documentCreateFromExistingData() {
             .build();
 
         String verificationCode = hashToSign.calculateVerificationCode();
+        System.out.println("Verification code is " + verificationCode);
 
         MidSignatureRequest request = MidSignatureRequest.newBuilder()
             .withPhoneNumber("+37200000766")
@@ -229,6 +224,7 @@ public void documentCreateFromExistingData() {
             "/signature/session/{sessionId}");
 
         MidSignature signature = client.createMobileIdSignature(sessionStatus);
+        System.out.println("Base64 value of created signature: " + signature.getValueInBase64());
     }
 
     @Test
@@ -246,6 +242,7 @@ public void documentGetAuthenticationResponse() {
         MidAuthenticationHashToSign authenticationHash = MidAuthenticationHashToSign.generateRandomHashOfDefaultType();
 
         String verificationCode = authenticationHash.calculateVerificationCode();
+        System.out.println("Verification code is " + verificationCode);
 
         MidAuthenticationRequest request = MidAuthenticationRequest.newBuilder()
             .withPhoneNumber("+37200000766")
@@ -280,17 +277,18 @@ public void documentHowToVerifyAuthenticationResult() throws KeyStoreException,
 
     @Test
     public void documentGettingErrors() {
-        List<String> errors = authenticationResult.getErrors();
-
+        System.out.println("Following errors occurred: " + authenticationResult.getErrors());
     }
 
     @Test(expected = NullPointerException.class)
     public void documentAuthenticationIdentityUsage() {
         MidAuthenticationIdentity authenticationIdentity = authenticationResult.getAuthenticationIdentity();
         String givenName = authenticationIdentity.getGivenName();
-        String surName = authenticationIdentity.getSurName();
+        String surname = authenticationIdentity.getSurName();
         String identityCode = authenticationIdentity.getIdentityCode();
         String country = authenticationIdentity.getCountry();
+
+        System.out.printf("Welcome %s %s (#%s) from %s" , givenName, surname, identityCode, country);
     }
 
     @SuppressWarnings("EmptyTryBlock")